On Mon, Aug 16, 2021 at 03:44:24PM +0200, Pali Rohár wrote: > From: Johannes Berg <johannes.berg@xxxxxxxxx> > > commit a0761a301746ec2d92d7fcb82af69c0a6a4339aa upstream. > > If we know that we have an encrypted link (based on having had > a key configured for TX in the past) then drop all data frames > in the key selection handler if there's no key anymore. > > This fixes an issue with mac80211 internal TXQs - there we can > buffer frames for an encrypted link, but then if the key is no > longer there when they're dequeued, the frames are sent without > encryption. This happens if a station is disconnected while the > frames are still on the TXQ. > > Detecting that a link should be encrypted based on a first key > having been configured for TX is fine as there are no use cases > for a connection going from with encryption to no encryption. > With extended key IDs, however, there is a case of having a key > configured for only decryption, so we can't just trigger this > behaviour on a key being configured. > > Cc: stable@xxxxxxxxxxxxxxx > Reported-by: Jouni Malinen <j@xxxxx> > Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx> > Signed-off-by: Luca Coelho <luciano.coelho@xxxxxxxxx> > Link: https://lore.kernel.org/r/iwlwifi.20200326150855.6865c7f28a14.I9fb1d911b064262d33e33dfba730cdeef83926ca@changeid > Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx> > [pali: Backported to 4.19 and older versions] > Signed-off-by: Pali Rohár <pali@xxxxxxxxxx> Now queued up, thanks! Did not apply to 4.4.y, don't know if you want it there or not... thanks, greg k-h
