Jouni Malinen <jouni@xxxxxxxxxxxxxx> wrote: > It is possible for there to be pending frames in TXQs with a reference > to the key cache entry that is being deleted. If such a key cache entry > is cleared, those pending frame in TXQ might get transmitted without > proper encryption. It is safer to leave the previously used key into the > key cache in such cases. Instead, only clear the MAC address to prevent > RX processing from using this key cache entry. > > This is needed in particularly in AP mode where the TXQs cannot be > flushed on station disconnection. This change alone may not be able to > address all cases where the key cache entry might get reused for other > purposes immediately (the key cache entry should be released for reuse > only once the TXQs do not have any remaining references to them), but > this makes it less likely to get unprotected frames and the more > complete changes may end up being significantly more complex. > > Signed-off-by: Jouni Malinen <jouni@xxxxxxxxxxxxxx> > Signed-off-by: Kalle Valo <kvalo@xxxxxxxxxxxxxx> 5 patches applied to ath-next branch of ath.git, thanks. 56c5485c9e44 ath: Use safer key clearing with key cache entries 73488cb2fa3b ath9k: Clear key cache explicitly on disabling hardware d2d3e36498dd ath: Export ath_hw_keysetmac() 144cd24dbc36 ath: Modify ath_key_delete() to not need full key entry ca2848022c12 ath9k: Postpone key cache entry deletion for TXQ frames reference it -- https://patchwork.kernel.org/project/linux-wireless/patch/20201214172118.18100-2-jouni@xxxxxxxxxxxxxx/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
