aboutsummaryrefslogtreecommitdiffstats
path: root/package/kernel/mt76/patches/120-wifi-mt76-ignore-key-disable-commands.patch
diff options
context:
space:
mode:
Diffstat (limited to 'package/kernel/mt76/patches/120-wifi-mt76-ignore-key-disable-commands.patch')
-rw-r--r--package/kernel/mt76/patches/120-wifi-mt76-ignore-key-disable-commands.patch301
1 files changed, 301 insertions, 0 deletions
diff --git a/package/kernel/mt76/patches/120-wifi-mt76-ignore-key-disable-commands.patch b/package/kernel/mt76/patches/120-wifi-mt76-ignore-key-disable-commands.patch
new file mode 100644
index 0000000000..3f97de916e
--- /dev/null
+++ b/package/kernel/mt76/patches/120-wifi-mt76-ignore-key-disable-commands.patch
@@ -0,0 +1,301 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Wed, 22 Mar 2023 10:17:49 +0100
+Subject: [PATCH] wifi: mt76: ignore key disable commands
+
+This helps avoid cleartext leakage of already queued or powersave buffered
+packets, when a reassoc triggers the key deletion.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/mt7603/main.c
++++ b/mt7603/main.c
+@@ -512,15 +512,15 @@ mt7603_set_key(struct ieee80211_hw *hw,
+ !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
+ return -EOPNOTSUPP;
+
+- if (cmd == SET_KEY) {
+- key->hw_key_idx = wcid->idx;
+- wcid->hw_key_idx = idx;
+- } else {
++ if (cmd != SET_KEY) {
+ if (idx == wcid->hw_key_idx)
+ wcid->hw_key_idx = -1;
+
+- key = NULL;
++ return 0;
+ }
++
++ key->hw_key_idx = wcid->idx;
++ wcid->hw_key_idx = idx;
+ mt76_wcid_key_setup(&dev->mt76, wcid, key);
+
+ return mt7603_wtbl_set_key(dev, wcid->idx, key);
+--- a/mt7615/mac.c
++++ b/mt7615/mac.c
+@@ -1231,8 +1231,7 @@ EXPORT_SYMBOL_GPL(mt7615_mac_set_rates);
+ static int
+ mt7615_mac_wtbl_update_key(struct mt7615_dev *dev, struct mt76_wcid *wcid,
+ struct ieee80211_key_conf *key,
+- enum mt76_cipher_type cipher, u16 cipher_mask,
+- enum set_key_cmd cmd)
++ enum mt76_cipher_type cipher, u16 cipher_mask)
+ {
+ u32 addr = mt7615_mac_wtbl_addr(dev, wcid->idx) + 30 * 4;
+ u8 data[32] = {};
+@@ -1241,27 +1240,18 @@ mt7615_mac_wtbl_update_key(struct mt7615
+ return -EINVAL;
+
+ mt76_rr_copy(dev, addr, data, sizeof(data));
+- if (cmd == SET_KEY) {
+- if (cipher == MT_CIPHER_TKIP) {
+- /* Rx/Tx MIC keys are swapped */
+- memcpy(data, key->key, 16);
+- memcpy(data + 16, key->key + 24, 8);
+- memcpy(data + 24, key->key + 16, 8);
+- } else {
+- if (cipher_mask == BIT(cipher))
+- memcpy(data, key->key, key->keylen);
+- else if (cipher != MT_CIPHER_BIP_CMAC_128)
+- memcpy(data, key->key, 16);
+- if (cipher == MT_CIPHER_BIP_CMAC_128)
+- memcpy(data + 16, key->key, 16);
+- }
++ if (cipher == MT_CIPHER_TKIP) {
++ /* Rx/Tx MIC keys are swapped */
++ memcpy(data, key->key, 16);
++ memcpy(data + 16, key->key + 24, 8);
++ memcpy(data + 24, key->key + 16, 8);
+ } else {
++ if (cipher_mask == BIT(cipher))
++ memcpy(data, key->key, key->keylen);
++ else if (cipher != MT_CIPHER_BIP_CMAC_128)
++ memcpy(data, key->key, 16);
+ if (cipher == MT_CIPHER_BIP_CMAC_128)
+- memset(data + 16, 0, 16);
+- else if (cipher_mask)
+- memset(data, 0, 16);
+- if (!cipher_mask)
+- memset(data, 0, sizeof(data));
++ memcpy(data + 16, key->key, 16);
+ }
+
+ mt76_wr_copy(dev, addr, data, sizeof(data));
+@@ -1272,7 +1262,7 @@ mt7615_mac_wtbl_update_key(struct mt7615
+ static int
+ mt7615_mac_wtbl_update_pk(struct mt7615_dev *dev, struct mt76_wcid *wcid,
+ enum mt76_cipher_type cipher, u16 cipher_mask,
+- int keyidx, enum set_key_cmd cmd)
++ int keyidx)
+ {
+ u32 addr = mt7615_mac_wtbl_addr(dev, wcid->idx), w0, w1;
+
+@@ -1291,9 +1281,7 @@ mt7615_mac_wtbl_update_pk(struct mt7615_
+ else
+ w0 &= ~MT_WTBL_W0_RX_IK_VALID;
+
+- if (cmd == SET_KEY &&
+- (cipher != MT_CIPHER_BIP_CMAC_128 ||
+- cipher_mask == BIT(cipher))) {
++ if (cipher != MT_CIPHER_BIP_CMAC_128 || cipher_mask == BIT(cipher)) {
+ w0 &= ~MT_WTBL_W0_KEY_IDX;
+ w0 |= FIELD_PREP(MT_WTBL_W0_KEY_IDX, keyidx);
+ }
+@@ -1310,19 +1298,10 @@ mt7615_mac_wtbl_update_pk(struct mt7615_
+
+ static void
+ mt7615_mac_wtbl_update_cipher(struct mt7615_dev *dev, struct mt76_wcid *wcid,
+- enum mt76_cipher_type cipher, u16 cipher_mask,
+- enum set_key_cmd cmd)
++ enum mt76_cipher_type cipher, u16 cipher_mask)
+ {
+ u32 addr = mt7615_mac_wtbl_addr(dev, wcid->idx);
+
+- if (!cipher_mask) {
+- mt76_clear(dev, addr + 2 * 4, MT_WTBL_W2_KEY_TYPE);
+- return;
+- }
+-
+- if (cmd != SET_KEY)
+- return;
+-
+ if (cipher == MT_CIPHER_BIP_CMAC_128 &&
+ cipher_mask & ~BIT(MT_CIPHER_BIP_CMAC_128))
+ return;
+@@ -1333,8 +1312,7 @@ mt7615_mac_wtbl_update_cipher(struct mt7
+
+ int __mt7615_mac_wtbl_set_key(struct mt7615_dev *dev,
+ struct mt76_wcid *wcid,
+- struct ieee80211_key_conf *key,
+- enum set_key_cmd cmd)
++ struct ieee80211_key_conf *key)
+ {
+ enum mt76_cipher_type cipher;
+ u16 cipher_mask = wcid->cipher;
+@@ -1344,19 +1322,14 @@ int __mt7615_mac_wtbl_set_key(struct mt7
+ if (cipher == MT_CIPHER_NONE)
+ return -EOPNOTSUPP;
+
+- if (cmd == SET_KEY)
+- cipher_mask |= BIT(cipher);
+- else
+- cipher_mask &= ~BIT(cipher);
+-
+- mt7615_mac_wtbl_update_cipher(dev, wcid, cipher, cipher_mask, cmd);
+- err = mt7615_mac_wtbl_update_key(dev, wcid, key, cipher, cipher_mask,
+- cmd);
++ cipher_mask |= BIT(cipher);
++ mt7615_mac_wtbl_update_cipher(dev, wcid, cipher, cipher_mask);
++ err = mt7615_mac_wtbl_update_key(dev, wcid, key, cipher, cipher_mask);
+ if (err < 0)
+ return err;
+
+ err = mt7615_mac_wtbl_update_pk(dev, wcid, cipher, cipher_mask,
+- key->keyidx, cmd);
++ key->keyidx);
+ if (err < 0)
+ return err;
+
+@@ -1367,13 +1340,12 @@ int __mt7615_mac_wtbl_set_key(struct mt7
+
+ int mt7615_mac_wtbl_set_key(struct mt7615_dev *dev,
+ struct mt76_wcid *wcid,
+- struct ieee80211_key_conf *key,
+- enum set_key_cmd cmd)
++ struct ieee80211_key_conf *key)
+ {
+ int err;
+
+ spin_lock_bh(&dev->mt76.lock);
+- err = __mt7615_mac_wtbl_set_key(dev, wcid, key, cmd);
++ err = __mt7615_mac_wtbl_set_key(dev, wcid, key);
+ spin_unlock_bh(&dev->mt76.lock);
+
+ return err;
+--- a/mt7615/main.c
++++ b/mt7615/main.c
+@@ -405,18 +405,17 @@ static int mt7615_set_key(struct ieee802
+
+ if (cmd == SET_KEY)
+ *wcid_keyidx = idx;
+- else if (idx == *wcid_keyidx)
+- *wcid_keyidx = -1;
+- else
++ else {
++ if (idx == *wcid_keyidx)
++ *wcid_keyidx = -1;
+ goto out;
++ }
+
+- mt76_wcid_key_setup(&dev->mt76, wcid,
+- cmd == SET_KEY ? key : NULL);
+-
++ mt76_wcid_key_setup(&dev->mt76, wcid, key);
+ if (mt76_is_mmio(&dev->mt76))
+- err = mt7615_mac_wtbl_set_key(dev, wcid, key, cmd);
++ err = mt7615_mac_wtbl_set_key(dev, wcid, key);
+ else
+- err = __mt7615_mac_wtbl_set_key(dev, wcid, key, cmd);
++ err = __mt7615_mac_wtbl_set_key(dev, wcid, key);
+
+ out:
+ mt7615_mutex_release(dev);
+--- a/mt7615/mt7615.h
++++ b/mt7615/mt7615.h
+@@ -502,11 +502,9 @@ int mt7615_mac_write_txwi(struct mt7615_
+ void mt7615_mac_set_timing(struct mt7615_phy *phy);
+ int __mt7615_mac_wtbl_set_key(struct mt7615_dev *dev,
+ struct mt76_wcid *wcid,
+- struct ieee80211_key_conf *key,
+- enum set_key_cmd cmd);
++ struct ieee80211_key_conf *key);
+ int mt7615_mac_wtbl_set_key(struct mt7615_dev *dev, struct mt76_wcid *wcid,
+- struct ieee80211_key_conf *key,
+- enum set_key_cmd cmd);
++ struct ieee80211_key_conf *key);
+ void mt7615_mac_reset_work(struct work_struct *work);
+ u32 mt7615_mac_get_sta_tid_sn(struct mt7615_dev *dev, int wcid, u8 tid);
+
+--- a/mt76x02_util.c
++++ b/mt76x02_util.c
+@@ -453,20 +453,20 @@ int mt76x02_set_key(struct ieee80211_hw
+ msta = sta ? (struct mt76x02_sta *)sta->drv_priv : NULL;
+ wcid = msta ? &msta->wcid : &mvif->group_wcid;
+
+- if (cmd == SET_KEY) {
+- key->hw_key_idx = wcid->idx;
+- wcid->hw_key_idx = idx;
+- if (key->flags & IEEE80211_KEY_FLAG_RX_MGMT) {
+- key->flags |= IEEE80211_KEY_FLAG_SW_MGMT_TX;
+- wcid->sw_iv = true;
+- }
+- } else {
++ if (cmd != SET_KEY) {
+ if (idx == wcid->hw_key_idx) {
+ wcid->hw_key_idx = -1;
+ wcid->sw_iv = false;
+ }
+
+- key = NULL;
++ return 0;
++ }
++
++ key->hw_key_idx = wcid->idx;
++ wcid->hw_key_idx = idx;
++ if (key->flags & IEEE80211_KEY_FLAG_RX_MGMT) {
++ key->flags |= IEEE80211_KEY_FLAG_SW_MGMT_TX;
++ wcid->sw_iv = true;
+ }
+ mt76_wcid_key_setup(&dev->mt76, wcid, key);
+
+--- a/mt7915/main.c
++++ b/mt7915/main.c
+@@ -405,16 +405,15 @@ static int mt7915_set_key(struct ieee802
+
+ mutex_lock(&dev->mt76.mutex);
+
+- if (cmd == SET_KEY)
++ if (cmd == SET_KEY) {
+ *wcid_keyidx = idx;
+- else if (idx == *wcid_keyidx)
+- *wcid_keyidx = -1;
+- else
++ } else {
++ if (idx == *wcid_keyidx)
++ *wcid_keyidx = -1;
+ goto out;
++ }
+
+- mt76_wcid_key_setup(&dev->mt76, wcid,
+- cmd == SET_KEY ? key : NULL);
+-
++ mt76_wcid_key_setup(&dev->mt76, wcid, key);
+ err = mt7915_mcu_add_key(dev, vif, msta, key, cmd);
+
+ out:
+--- a/mt7921/main.c
++++ b/mt7921/main.c
+@@ -441,16 +441,15 @@ static int mt7921_set_key(struct ieee802
+
+ mt7921_mutex_acquire(dev);
+
+- if (cmd == SET_KEY)
++ if (cmd == SET_KEY) {
+ *wcid_keyidx = idx;
+- else if (idx == *wcid_keyidx)
+- *wcid_keyidx = -1;
+- else
++ } else {
++ if (idx == *wcid_keyidx)
++ *wcid_keyidx = -1;
+ goto out;
++ }
+
+- mt76_wcid_key_setup(&dev->mt76, wcid,
+- cmd == SET_KEY ? key : NULL);
+-
++ mt76_wcid_key_setup(&dev->mt76, wcid, key);
+ err = mt7921_mcu_add_key(dev, vif, msta, key, cmd);
+ if (err)
+ goto out;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-21 20:17:48 +0000