6.13-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aditya Kumar Singh quic_adisi@quicinc.com
[ Upstream commit 336097d74c284a7c928b723ce8690f28912da03d ]
Currently, an interface is created in the driver during channel assignment. If mac80211 attempts to set a key for an interface before this assignment, the driver caches the key. Once the interface is created, the driver installs the cached key to the hardware. This sequence is exemplified in mesh mode operation where the group key is set before channel assignment.
However, in ath12k_mac_update_key_cache(), after caching the key, due to incorrect logic, it is deleted from the cache during the subsequent loop iteration. As a result, after the interface is created, the driver does not find any cached key, and the key is not installed to the hardware which is wrong. This leads to issue in mesh, where broadcast traffic is not encrypted over the air.
Fix this issue by adjusting the logic of ath12k_mac_update_key_cache() properly.
Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1 Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3-03253.1-QCAHKSWPL_SILICONZ-29 # Nicolas Escande nico.escande@gmail.com Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1 # Nicolas Escande nico.escande@gmail.com
Fixes: 25e18b9d6b4b ("wifi: ath12k: modify ath12k_mac_op_set_key() for MLO") Signed-off-by: Aditya Kumar Singh quic_adisi@quicinc.com Acked-by: Kalle Valo kvalo@kernel.org Tested-by: Nicolas Escande nico.escande@gmail.com Link: https://patch.msgid.link/20250112-fix_key_cache_handling-v2-1-70e142c6153e@q... Signed-off-by: Jeff Johnson jeff.johnson@oss.qualcomm.com Signed-off-by: Sasha Levin sashal@kernel.org --- drivers/net/wireless/ath/ath12k/mac.c | 30 ++++++++++++++++----------- 1 file changed, 18 insertions(+), 12 deletions(-)
diff --git a/drivers/net/wireless/ath/ath12k/mac.c b/drivers/net/wireless/ath/ath12k/mac.c index fd2919f84d6f7..ef2736fb5f53f 100644 --- a/drivers/net/wireless/ath/ath12k/mac.c +++ b/drivers/net/wireless/ath/ath12k/mac.c @@ -4316,7 +4316,23 @@ static int ath12k_mac_update_key_cache(struct ath12k_vif_cache *cache, struct ieee80211_sta *sta, struct ieee80211_key_conf *key) { - struct ath12k_key_conf *key_conf = NULL, *tmp; + struct ath12k_key_conf *key_conf, *tmp; + + list_for_each_entry_safe(key_conf, tmp, &cache->key_conf.list, list) { + if (key_conf->key != key) + continue; + + /* If SET key entry is already present in cache, nothing to do, + * just return + */ + if (cmd == SET_KEY) + return 0; + + /* DEL key for an old SET key which driver hasn't flushed yet. + */ + list_del(&key_conf->list); + kfree(key_conf); + }
if (cmd == SET_KEY) { key_conf = kzalloc(sizeof(*key_conf), GFP_KERNEL); @@ -4330,17 +4346,7 @@ static int ath12k_mac_update_key_cache(struct ath12k_vif_cache *cache, list_add_tail(&key_conf->list, &cache->key_conf.list); } - if (list_empty(&cache->key_conf.list)) - return 0; - list_for_each_entry_safe(key_conf, tmp, &cache->key_conf.list, list) { - if (key_conf->key == key) { - /* DEL key for an old SET key which driver hasn't flushed yet. - */ - list_del(&key_conf->list); - kfree(key_conf); - break; - } - } + return 0; }