Date: Sun, 14 Jun 2026 22:32:26 +0000 From: Bjoern A. Zeeb <bz@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: ff6c95d2c2df - main - LinuxKPI: 802.11: improve hw_crypto key operations Message-ID: <6a2f2bfa.42996.7720a0f4@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by bz: URL: https://cgit.FreeBSD.org/src/commit/?id=ff6c95d2c2dffbb024ad19ed306334a7993d964f commit ff6c95d2c2dffbb024ad19ed306334a7993d964f Author: Bjoern A. Zeeb <bz@FreeBSD.org> AuthorDate: 2026-06-13 11:14:11 +0000 Commit: Bjoern A. Zeeb <bz@FreeBSD.org> CommitDate: 2026-06-14 22:31:37 +0000 LinuxKPI: 802.11: improve hw_crypto key operations mt7921 would happily receive traffic (MC/BC) and decrypt it correctly when hw_crypto was used but TX would only have garbled data in frames. The problem came from the fact with keys for which we do not have an address the driver will pick the "sta" information from different places (driver view of sta or vif). In the downcall this is signalled by the sta argument being NULL as the linux keyconf has no address field. Us passing the sta for first the pairwise key and then also for the group key likely overwrote the pairwise key on the sta and allowed the MC/BC RX operations to succeed anyway (the observed behaviour). Software crypto was fully fine for mt7921 and showed no problems. Looking some other drivers: - iwlwifi/mld picks the ap_sta if the sta argument is NULL; thus it always worked with our previous logic and this went unnoticed. - rtw88 in rtw_sec_write_cam() decides whether to use the sta address or a broadcast address. - rtw89 in rtw89_cam_attach_sec_cam() picks the rtwsta_link if sta is not NULL and has follow-up logic checking on that. It is yet unclear if some of the MC problems observed on rtw8x stem from the same problem. Sponsored by: The FreeBSD Foundation MFC after: 3 days --- sys/compat/linuxkpi/common/src/linux_80211_macops.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/sys/compat/linuxkpi/common/src/linux_80211_macops.c b/sys/compat/linuxkpi/common/src/linux_80211_macops.c index caee1e0db563..b2e88719e103 100644 --- a/sys/compat/linuxkpi/common/src/linux_80211_macops.c +++ b/sys/compat/linuxkpi/common/src/linux_80211_macops.c @@ -801,6 +801,22 @@ lkpi_80211_mo_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd, goto out; } + /* + * Drivers will apply different logic depending on sta being set + * here or not and that depends on whether we have an address or + * not. wpa_spplucoant::driver_bsd::bsd_set_key() will set a + * broadcast address if we do not have one; further up in + * wpa_supplicant something presumably sets the broadcast address + * for group keys as well. + * We have to "undo" this here and set sta to NULL to avoid + * problems with hw_crypto in various drivers. + * We do this here so all set_key calls for (SET_KEY and DISABLE_KEY) + * are covered. + */ + MPASS(kc->_k != NULL); + if (is_broadcast_ether_addr(kc->_k->wk_macaddr)) + sta = NULL; + LKPI_80211_TRACE_MO("hw %p cmd %d vif %p sta %p kc %p", hw, cmd, vif, sta, kc); error = lhw->ops->set_key(hw, cmd, vif, sta, kc);home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a2f2bfa.42996.7720a0f4>