diff options
author | Emmanuel Grumbach <emmanuel.grumbach@intel.com> | 2018-12-03 21:13:27 +0300 |
---|---|---|
committer | Luca Coelho <luciano.coelho@intel.com> | 2019-02-04 13:27:20 +0300 |
commit | 28916a165aa7e0ceddedabf722808881ba6a3b03 (patch) | |
tree | 6dbb0fb66a6fe6e2643615952a5adab74fd7683c /drivers/net/wireless/intel/iwlwifi/mvm/sta.h | |
parent | 244726ec9e1965c3263807c7c22bcdd1f6870e96 (diff) | |
download | linux-28916a165aa7e0ceddedabf722808881ba6a3b03.tar.xz |
iwlwifi: mvm: fix AP mode in WEP
Recently we started to send the WEP keys to the firmware so
that we could use hardware Tx encryption also on newer
devices that require the keys to be installed in the firmware
for encryption (as opposed to older devices that can get
the key in the Tx command for each Tx).
When we implemented that, we forgot to remove the key when
we remove a station leading to a situation where a station
that connects and disconnects a lot of times exhausts the
key database inside the firmware.
A fix was made for that, but we always removed the same
key: mvmvif->ap_wep_key which means that we removed the
same key entry in the firmware. This can make sense since
in WEP, the key is the same for all the stations, but the
internal implementation of iwl_mvm_set_sta_key and
iwl_mvm_remove_sta_key assumes that each station uses a
different key in the firmware's key database.
So now we got to the situation where we have a single
ieee80211_key_conf instance that means, a single
ieee80211_key_conf.hw_key_idx index for several stations
and hence for several keys.
ieee80211_key_conf.hw_key_idx is set to 0 when the first
station associates, and then it is overwritten to 1 when
the second station associates which is a buggy of course.
This led to the following message upon the removal of the
second station:
iwlwifi 0000:00:03.0: offset 1 not used in fw key table.
WARNING: CPU: 2 PID: 27883 at net/mac80211/sta_info.c:1122 __sta_info_destroy_part2+0x16b/0x180 [mac80211]
RIP: 0010:__sta_info_destroy_part2+0x16b/0x180 [mac80211]
Call Trace:
__sta_info_destroy+0x2a/0x40 [mac80211]
sta_info_destroy_addr_bss+0x38/0x60 [mac80211]
ieee80211_del_station+0x1d/0x30 [mac80211]
nl80211_del_station+0xe0/0x1f0 [cfg80211]
Fix this by copying the ieee80211_key_conf structure for
each and every station. This is the easiest way to properly
remove the keys with the right index. Another solution
would have been to allow several stations to use the same
key offset in the firmware. That would require to change
the way we track keys in iwlmvm and not really worth it.
Also, maintain correctly fw_key_table when we add a key
for the multicast station.
Remove the key when we remove the multicast station.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Fixes: 337bfc9881a2 ("iwlwifi: mvm: set wep key for all stations in soft ap mode")
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Diffstat (limited to 'drivers/net/wireless/intel/iwlwifi/mvm/sta.h')
-rw-r--r-- | drivers/net/wireless/intel/iwlwifi/mvm/sta.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/sta.h b/drivers/net/wireless/intel/iwlwifi/mvm/sta.h index 0614296244b3..79700c7310a1 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.h +++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.h @@ -394,6 +394,7 @@ struct iwl_mvm_rxq_dup_data { * the BA window. To be used for UAPSD only. * @ptk_pn: per-queue PTK PN data structures * @dup_data: per queue duplicate packet detection data + * @wep_key: used in AP mode. Is a duplicate of the WEP key. * @deferred_traffic_tid_map: indication bitmap of deferred traffic per-TID * @tx_ant: the index of the antenna to use for data tx to this station. Only * used during connection establishment (e.g. for the 4 way handshake @@ -425,6 +426,8 @@ struct iwl_mvm_sta { struct iwl_mvm_key_pn __rcu *ptk_pn[4]; struct iwl_mvm_rxq_dup_data *dup_data; + struct ieee80211_key_conf *wep_key; + u8 reserved_queue; /* Temporary, until the new TLC will control the Tx protection */ |