| From 21c388b28802a37a45f7497119d8af2339dfa137 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Sun, 7 Feb 2021 16:09:17 +0100 |
| Subject: mt76: mt76x0: disable GTK offloading |
| |
| From: David Bauer <mail@david-bauer.net> |
| |
| [ Upstream commit 4b36cc6b390f18dbc59a45fb4141f90d7dfe2b23 ] |
| |
| When operating two VAP on a MT7610 with encryption (PSK2, SAE, OWE), |
| only the first one to be created will transmit properly encrypteded |
| frames. |
| |
| All subsequently created VAPs will sent out frames with the payload left |
| unencrypted, breaking multicast traffic (ICMP6 NDP) and potentially |
| disclosing information to a third party. |
| |
| Disable GTK offloading and encrypt these frames in software to |
| circumvent this issue. THis only seems to be necessary on MT7610 chips, |
| as MT7612 is not affected from our testing. |
| |
| Signed-off-by: David Bauer <mail@david-bauer.net> |
| Signed-off-by: Felix Fietkau <nbd@nbd.name> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| drivers/net/wireless/mediatek/mt76/mt76x02_util.c | 4 ++++ |
| 1 file changed, 4 insertions(+) |
| |
| diff --git a/drivers/net/wireless/mediatek/mt76/mt76x02_util.c b/drivers/net/wireless/mediatek/mt76/mt76x02_util.c |
| index 11b769af2f8f..0f191bd28417 100644 |
| --- a/drivers/net/wireless/mediatek/mt76/mt76x02_util.c |
| +++ b/drivers/net/wireless/mediatek/mt76/mt76x02_util.c |
| @@ -446,6 +446,10 @@ int mt76x02_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd, |
| !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) |
| return -EOPNOTSUPP; |
| |
| + /* MT76x0 GTK offloading does not work with more than one VIF */ |
| + if (is_mt76x0(dev) && !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) |
| + return -EOPNOTSUPP; |
| + |
| msta = sta ? (struct mt76x02_sta *)sta->drv_priv : NULL; |
| wcid = msta ? &msta->wcid : &mvif->group_wcid; |
| |
| -- |
| 2.30.2 |
| |