From: Johannes Berg <[email protected]>
The firmware only supports a single IGTK, and due to some
changes it really doesn't like to have multiple programmed
in later versions. Since only newer firmware cannot remove
a key that isn't present any more, adjust only the MLD API
code to keep track of the previous IGTK and remove it when
a new one is added.
Signed-off-by: Johannes Berg <[email protected]>
Signed-off-by: Gregory Greenman <[email protected]>
---
.../net/wireless/intel/iwlwifi/mvm/mac80211.c | 1 +
.../net/wireless/intel/iwlwifi/mvm/mld-key.c | 63 ++++++++++++++++++-
drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 5 +-
3 files changed, 67 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
index f1c7d0bef609..8267ff08e38d 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
@@ -1038,6 +1038,7 @@ static void iwl_mvm_cleanup_iterator(void *data, u8 *mac,
mvmvif->link[link_id]->fw_link_id = IWL_MVM_FW_LINK_ID_INVALID;
mvmvif->link[link_id]->phy_ctxt = NULL;
mvmvif->link[link_id]->active = 0;
+ mvmvif->link[link_id]->igtk = NULL;
}
probe_data = rcu_dereference_protected(mvmvif->deflink.probe_resp_data,
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c b/drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c
index 995c0e01b331..b27f6a70f8d1 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c
@@ -231,8 +231,49 @@ int iwl_mvm_sec_key_add(struct iwl_mvm *mvm,
{
u32 sta_mask = iwl_mvm_get_sec_sta_mask(mvm, vif, sta, keyconf);
u32 key_flags = iwl_mvm_get_sec_flags(mvm, vif, sta, keyconf);
+ struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
+ struct iwl_mvm_vif_link_info *mvm_link = NULL;
+ int ret;
+
+ if (keyconf->keyidx == 4 || keyconf->keyidx == 5) {
+ unsigned int link_id = 0;
+
+ /* set to -1 for non-MLO right now */
+ if (keyconf->link_id >= 0)
+ link_id = keyconf->link_id;
+
+ mvm_link = mvmvif->link[link_id];
+ if (WARN_ON(!mvm_link))
+ return -EINVAL;
+
+ if (mvm_link->igtk) {
+ IWL_DEBUG_MAC80211(mvm, "remove old IGTK %d\n",
+ mvm_link->igtk->keyidx);
+ ret = iwl_mvm_sec_key_del(mvm, vif, sta,
+ mvm_link->igtk);
+ if (ret)
+ IWL_ERR(mvm,
+ "failed to remove old IGTK (ret=%d)\n",
+ ret);
+ }
+
+ WARN_ON(mvm_link->igtk);
+ }
+
+ ret = iwl_mvm_mld_send_key(mvm, sta_mask, key_flags, keyconf);
+ if (ret)
+ return ret;
+
+ if (mvm_link)
+ mvm_link->igtk = keyconf;
- return iwl_mvm_mld_send_key(mvm, sta_mask, key_flags, keyconf);
+ /* We don't really need this, but need it to be not invalid,
+ * and if we switch links multiple times it might go to be
+ * invalid when removed.
+ */
+ keyconf->hw_key_idx = 0;
+
+ return 0;
}
static int _iwl_mvm_sec_key_del(struct iwl_mvm *mvm,
@@ -243,11 +284,31 @@ static int _iwl_mvm_sec_key_del(struct iwl_mvm *mvm,
{
u32 sta_mask = iwl_mvm_get_sec_sta_mask(mvm, vif, sta, keyconf);
u32 key_flags = iwl_mvm_get_sec_flags(mvm, vif, sta, keyconf);
+ struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
int ret;
if (WARN_ON(!sta_mask))
return -EINVAL;
+ if (keyconf->keyidx == 4 || keyconf->keyidx == 5) {
+ struct iwl_mvm_vif_link_info *mvm_link;
+ unsigned int link_id = 0;
+
+ /* set to -1 for non-MLO right now */
+ if (keyconf->link_id >= 0)
+ link_id = keyconf->link_id;
+
+ mvm_link = mvmvif->link[link_id];
+ if (WARN_ON(!mvm_link))
+ return -EINVAL;
+
+ if (mvm_link->igtk == keyconf) {
+ /* no longer in HW - mark for later */
+ mvm_link->igtk->hw_key_idx = STA_KEY_IDX_INVALID;
+ mvm_link->igtk = NULL;
+ }
+ }
+
ret = __iwl_mvm_sec_key_del(mvm, sta_mask, key_flags, keyconf->keyidx,
flags);
if (ret)
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h b/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h
index b1b46a50f764..8043f5fd26c7 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h
@@ -1,6 +1,6 @@
/* SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause */
/*
- * Copyright (C) 2012-2014, 2018-2022 Intel Corporation
+ * Copyright (C) 2012-2014, 2018-2023 Intel Corporation
* Copyright (C) 2013-2015 Intel Mobile Communications GmbH
* Copyright (C) 2016-2017 Intel Deutschland GmbH
*/
@@ -300,6 +300,7 @@ struct iwl_probe_resp_data {
* @he_ru_2mhz_block: 26-tone RU OFDMA transmissions should be blocked
* @queue_params: QoS params for this MAC
* @mgmt_queue: queue number for unbufferable management frames
+ * @igtk: the current IGTK programmed into the firmware
*/
struct iwl_mvm_vif_link_info {
u8 bssid[ETH_ALEN];
@@ -317,6 +318,8 @@ struct iwl_mvm_vif_link_info {
enum ieee80211_smps_mode smps_requests[NUM_IWL_MVM_SMPS_REQ];
struct iwl_probe_resp_data __rcu *probe_resp_data;
+ struct ieee80211_key_conf *igtk;
+
bool he_ru_2mhz_block;
bool active;
--
2.38.1