2021-07-27 23:01:41

by Sean Wang

[permalink] [raw]
Subject: [PATCH 1/2] mt76: connac: fix GTK rekey offload failure on WPA mixed mode

From: Leon Yen <[email protected]>

Update the proper firmware programming sequence to fix GTK rekey
offload failure on WPA mixed mode.

In the mt76_connac_mcu_key_iter,
gtk_tlv->proto should be only set up on pairwise key
and gtk_tlk->group_cipher should be only set up on the group key.

Otherwise, those parameters required by firmware would be set
incorrectly to cause GTK rekey offload failure on WPA mixed mode
and then disconnection follows.

Fixes: b47e21e75c80 ("mt76: mt7615: add gtk rekey offload support")
Co-developed-by: Sean Wang <[email protected]>
Signed-off-by: Sean Wang <[email protected]>
Signed-off-by: Leon Yen <[email protected]>
---
.../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c b/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c
index a2555dc0f003..d71393b1c5e6 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c
@@ -1957,19 +1957,22 @@ mt76_connac_mcu_key_iter(struct ieee80211_hw *hw,
key->cipher != WLAN_CIPHER_SUITE_TKIP)
return;

- if (key->cipher == WLAN_CIPHER_SUITE_TKIP) {
- gtk_tlv->proto = cpu_to_le32(NL80211_WPA_VERSION_1);
+ if (key->cipher == WLAN_CIPHER_SUITE_TKIP)
cipher = BIT(3);
- } else {
- gtk_tlv->proto = cpu_to_le32(NL80211_WPA_VERSION_2);
+ else
cipher = BIT(4);
- }

/* we are assuming here to have a single pairwise key */
if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
+ if (key->cipher == WLAN_CIPHER_SUITE_TKIP)
+ gtk_tlv->proto = cpu_to_le32(NL80211_WPA_VERSION_1);
+ else
+ gtk_tlv->proto = cpu_to_le32(NL80211_WPA_VERSION_2);
+
gtk_tlv->pairwise_cipher = cpu_to_le32(cipher);
- gtk_tlv->group_cipher = cpu_to_le32(cipher);
gtk_tlv->keyid = key->keyidx;
+ } else {
+ gtk_tlv->group_cipher = cpu_to_le32(cipher);
}
}

--
2.25.1



2021-08-13 11:42:12

by Felix Fietkau

[permalink] [raw]
Subject: Re: [PATCH 1/2] mt76: connac: fix GTK rekey offload failure on WPA mixed mode

On 2021-07-28 00:59, [email protected] wrote:
> From: Leon Yen <[email protected]>
>
> Update the proper firmware programming sequence to fix GTK rekey
> offload failure on WPA mixed mode.
>
> In the mt76_connac_mcu_key_iter,
> gtk_tlv->proto should be only set up on pairwise key
> and gtk_tlk->group_cipher should be only set up on the group key.
>
> Otherwise, those parameters required by firmware would be set
> incorrectly to cause GTK rekey offload failure on WPA mixed mode
> and then disconnection follows.
>
> Fixes: b47e21e75c80 ("mt76: mt7615: add gtk rekey offload support")
> Co-developed-by: Sean Wang <[email protected]>
> Signed-off-by: Sean Wang <[email protected]>
> Signed-off-by: Leon Yen <[email protected]>
> ---
> .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 15 +++++++++------
> 1 file changed, 9 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c b/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c
> index a2555dc0f003..d71393b1c5e6 100644
> --- a/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c
> +++ b/drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c
> @@ -1957,19 +1957,22 @@ mt76_connac_mcu_key_iter(struct ieee80211_hw *hw,
> key->cipher != WLAN_CIPHER_SUITE_TKIP)
> return;
>
> - if (key->cipher == WLAN_CIPHER_SUITE_TKIP) {
> - gtk_tlv->proto = cpu_to_le32(NL80211_WPA_VERSION_1);
> + if (key->cipher == WLAN_CIPHER_SUITE_TKIP)
> cipher = BIT(3);
> - } else {
> - gtk_tlv->proto = cpu_to_le32(NL80211_WPA_VERSION_2);
> + else
> cipher = BIT(4);
> - }
>
> /* we are assuming here to have a single pairwise key */
> if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
> + if (key->cipher == WLAN_CIPHER_SUITE_TKIP)
> + gtk_tlv->proto = cpu_to_le32(NL80211_WPA_VERSION_1);
> + else
> + gtk_tlv->proto = cpu_to_le32(NL80211_WPA_VERSION_2);
Why is gtk_tlv->proto set to WPA version values based on the cipher
suite? That doesn't make much sense to me, since TKIP is supported by
WPA2 as well. I will apply this patch anyway, since this check is there
already, but this does look suspicious to me and should probably be
revisited.

- Felix