The ath9k driver was so far only able to rekey PTK0 keys correctly due to the best effort queue flush added with commit 62872a9b9a10 ("mac80211: Fix PTK rekey freezes and clear text leak"). Add the needed queue flush and set NL80211_EXT_FEATURE_CAN_REPLACE_PTK0 to tell mac80211 that the driver can now rekey PTK0 keys correctly and no longer needs the best effort flush. Effectively this prevents mac80211 to warn when rekeying a PTK0 key only. Signed-off-by: Alexander Wetzel <alexander@xxxxxxxxxxxxxx> --- To keep the patch readable I did not move functions around. By moving functions we can avoid the extra declaration of ath9k_flush(). Ath9k was totally unable to rekey PTK0 under even light load till commit 62872a9b9a10 ("mac80211: Fix PTK rekey freezes and clear text leak") was merged in linux 4.20. This is just moving the needed queue flush into the driver and sets NL80211_EXT_FEATURE_CAN_REPLACE_PTK0 to suppress the for ath9k known to be bogus warning the kernel throws currently on rekey. >From usability and security perspective at least commit 62872a9b9a10 ("mac80211: Fix PTK rekey freezes and clear text leak") should be back ported to all stable versions. Chances are the same patch works for the all ath cards < ath10k. I can prepare corresponding patches but can't test those. drivers/net/wireless/ath/ath9k/init.c | 1 + drivers/net/wireless/ath/ath9k/main.c | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/drivers/net/wireless/ath/ath9k/init.c b/drivers/net/wireless/ath/ath9k/init.c index 289a2444d534..ea1d17a265a7 100644 --- a/drivers/net/wireless/ath/ath9k/init.c +++ b/drivers/net/wireless/ath/ath9k/init.c @@ -1014,6 +1014,7 @@ static void ath9k_set_hw_capab(struct ath_softc *sc, struct ieee80211_hw *hw) wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_AIRTIME_FAIRNESS); wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_MULTICAST_REGISTRATIONS); + wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_CAN_REPLACE_PTK0); } int ath9k_init_device(u16 devid, struct ath_softc *sc, diff --git a/drivers/net/wireless/ath/ath9k/main.c b/drivers/net/wireless/ath/ath9k/main.c index a47f6e978095..7d96414741da 100644 --- a/drivers/net/wireless/ath/ath9k/main.c +++ b/drivers/net/wireless/ath/ath9k/main.c @@ -19,6 +19,9 @@ #include "ath9k.h" #include "btcoex.h" +static void ath9k_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif, + u32 queues, bool drop); + u8 ath9k_parse_mpdudensity(u8 mpdudensity) { /* @@ -1701,6 +1704,15 @@ static int ath9k_set_key(struct ieee80211_hw *hw, return -EOPNOTSUPP; } + /* There may be MPDUs queued for the outgoing PTK key. Flush queues to + * make sure these are not send unencrypted or with a wrong (new) key + */ + if (cmd == DISABLE_KEY && key->flags & IEEE80211_KEY_FLAG_PAIRWISE) { + ieee80211_stop_queues(hw); + ath9k_flush(hw, vif, 0, true); + ieee80211_wake_queues(hw); + } + mutex_lock(&sc->mutex); ath9k_ps_wakeup(sc); ath_dbg(common, CONFIG, "Set HW Key %d\n", cmd); -- 2.28.0