kernel/linux.git/net/mac80211/key.c, branch v6.1.174

wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice

2026-02-11T12:37:24+00:00

[ Upstream commit 3f3d8ff31496874a69b131866f62474eb24ed20a ] In reconfig, in case the driver asks to disconnect during the reconfig, all the keys of the interface are marked as tainted. Then ieee80211_reenable_keys will loop over all the interface keys, and for each one it will a) increment crypto_tx_tailroom_needed_cnt b) call ieee80211_key_enable_hw_accel, which in turn will detect that this key is tainted, so it will mark it as "not in hardware", which is paired with crypto_tx_tailroom_needed_cnt incrementation, so we get two incrementations for each tainted key. Then we get a warning in ieee80211_free_keys. To fix it, don't increment the count in ieee80211_reenable_keys for tainted keys Reviewed-by: Johannes Berg Signed-off-by: Miri Korenblit Link: https://patch.msgid.link/20260118092821.4ca111fddcda.Id6e554f4b1c83760aa02d5a9e4e3080edb197aa2@changeid Signed-off-by: Johannes Berg Signed-off-by: Sasha Levin

wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys

2024-11-08T15:26:40+00:00

[ Upstream commit 52009b419355195912a628d0a9847922e90c348c ] Sync iterator conditions with ieee80211_iter_keys_rcu. Fixes: 830af02f24fb ("mac80211: allow driver to iterate keys") Signed-off-by: Felix Fietkau Link: https://patch.msgid.link/20241006153630.87885-1-nbd@nbd.name Signed-off-by: Johannes Berg Signed-off-by: Sasha Levin

wifi: mac80211: fix potential key use-after-free

2023-10-10T20:00:41+00:00

[ Upstream commit 31db78a4923ef5e2008f2eed321811ca79e7f71b ] When ieee80211_key_link() is called by ieee80211_gtk_rekey_add() but returns 0 due to KRACK protection (identical key reinstall), ieee80211_gtk_rekey_add() will still return a pointer into the key, in a potential use-after-free. This normally doesn't happen since it's only called by iwlwifi in case of WoWLAN rekey offload which has its own KRACK protection, but still better to fix, do that by returning an error code and converting that to success on the cfg80211 boundary only, leaving the error for bad callers of ieee80211_gtk_rekey_add(). Reported-by: Dan Carpenter Fixes: fdf7cb4185b6 ("mac80211: accept key reinstall without changing anything") Signed-off-by: Johannes Berg Signed-off-by: Sasha Levin

wifi: mac80211: implement link switching

2022-09-06T08:17:20+00:00

Implement an API function and debugfs file to switch active links. Also provide an async version of the API so drivers can call it in arbitrary contexts, e.g. while in the authorized callback. Signed-off-by: Johannes Berg

wifi: mac80211: isolate driver from inactive links

2022-09-06T08:12:44+00:00

In order to let the driver select active links and properly make multi-link connections, as a first step isolate the driver from inactive links, and set the active links to be only the association link for client-side interfaces. For AP side nothing changes since APs always have to have all their links active. To simplify things, update the for_each_sta_active_link() API to include the appropriate vif pointer. This also implies not allocating a chanctx for an inactive link, which requires a few more changes. Since we now no longer try to program multiple links to the driver, remove the check in the MLME code. Signed-off-by: Johannes Berg

wifi: mac80211: fix potential deadlock in ieee80211_key_link()

2022-08-29T09:48:59+00:00

Add the missing unlock before return in the error handling case. Fixes: ccdde7c74ffd ("wifi: mac80211: properly implement MLO key handling") Signed-off-by: Sun Ke Link: https://lore.kernel.org/r/20220827022452.823381-1-sunke32@huawei.com Signed-off-by: Johannes Berg

wifi: mac80211: properly implement MLO key handling

2022-08-25T08:41:07+00:00

Implement key installation and lookup (on TX and RX) for MLO, so we can use multiple GTKs/IGTKs/BIGTKs. Co-authored-by: Ilan Peer Signed-off-by: Ilan Peer Signed-off-by: Johannes Berg

wifi: mac80211: reorg some iface data structs for MLD

2022-06-20T10:55:06+00:00

Start reorganizing interface related data structures toward MLD. The most complex part here is for the keys, since we have to split the various kinds of GTKs off to the link but still need to use (for WEP) the other keys as a fallback even for multicast frames. Signed-off-by: Johannes Berg

wifi: mac80211: reject WEP or pairwise keys with key ID > 3

2022-06-20T10:54:48+00:00

We don't really care too much right now since our data structures are set up to not have a problem with this, but clearly it's wrong to accept WEP and pairwise keys with key ID > 3. However, with MLD we need to split into per-link (GTK, IGTK, BIGTK) and per interface/MLD (including WEP) keys so make sure this is not a problem. Signed-off-by: Johannes Berg

wifi: mac80211: remove cipher scheme support

2022-06-10T13:35:53+00:00

The only driver using this was iwlwifi, where we just removed the support because it was never really used. Remove the code from mac80211 as well. Change-Id: I1667417a5932315ee9d81f5c233c56a354923f09 Signed-off-by: Johannes Berg