wifi: iwlwifi: mvm: put only a single IGTK into FW

The firmware only supports a single IGTK, and due to some
changes it really doesn't like to have multiple programmed
in later versions. Since only newer firmware cannot remove
a key that isn't present any more, adjust only the MLD API
code to keep track of the previous IGTK and remove it when
a new one is added.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230613155501.3fde1ef09270.I2e12a3b0bba4325c07dc8fcce39b711f158bd621@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
index f1c7d0b..8267ff0 100644 (file)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
@@ -1038,6 +1038,7 @@ static void iwl_mvm_cleanup_iterator(void *data, u8 *mac,
                mvmvif->link[link_id]->fw_link_id = IWL_MVM_FW_LINK_ID_INVALID;
                mvmvif->link[link_id]->phy_ctxt = NULL;
                mvmvif->link[link_id]->active = 0;
+               mvmvif->link[link_id]->igtk = NULL;
        }
 
        probe_data = rcu_dereference_protected(mvmvif->deflink.probe_resp_data,

diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c b/drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c
index 995c0e0..b27f6a7 100644 (file)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c
@@ -231,8 +231,49 @@ int iwl_mvm_sec_key_add(struct iwl_mvm *mvm,
 {
        u32 sta_mask = iwl_mvm_get_sec_sta_mask(mvm, vif, sta, keyconf);
        u32 key_flags = iwl_mvm_get_sec_flags(mvm, vif, sta, keyconf);
+       struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
+       struct iwl_mvm_vif_link_info *mvm_link = NULL;
+       int ret;
+
+       if (keyconf->keyidx == 4 || keyconf->keyidx == 5) {
+               unsigned int link_id = 0;
+
+               /* set to -1 for non-MLO right now */
+               if (keyconf->link_id >= 0)
+                       link_id = keyconf->link_id;
+
+               mvm_link = mvmvif->link[link_id];
+               if (WARN_ON(!mvm_link))
+                       return -EINVAL;
+
+               if (mvm_link->igtk) {
+                       IWL_DEBUG_MAC80211(mvm, "remove old IGTK %d\n",
+                                          mvm_link->igtk->keyidx);
+                       ret = iwl_mvm_sec_key_del(mvm, vif, sta,
+                                                 mvm_link->igtk);
+                       if (ret)
+                               IWL_ERR(mvm,
+                                       "failed to remove old IGTK (ret=%d)\n",
+                                       ret);
+               }
+
+               WARN_ON(mvm_link->igtk);
+       }
+
+       ret = iwl_mvm_mld_send_key(mvm, sta_mask, key_flags, keyconf);
+       if (ret)
+               return ret;
+
+       if (mvm_link)
+               mvm_link->igtk = keyconf;
 
-       return iwl_mvm_mld_send_key(mvm, sta_mask, key_flags, keyconf);
+       /* We don't really need this, but need it to be not invalid,
+        * and if we switch links multiple times it might go to be
+        * invalid when removed.
+        */
+       keyconf->hw_key_idx = 0;
+
+       return 0;
 }
 
 static int _iwl_mvm_sec_key_del(struct iwl_mvm *mvm,
@@ -243,11 +284,31 @@ static int _iwl_mvm_sec_key_del(struct iwl_mvm *mvm,
 {
        u32 sta_mask = iwl_mvm_get_sec_sta_mask(mvm, vif, sta, keyconf);
        u32 key_flags = iwl_mvm_get_sec_flags(mvm, vif, sta, keyconf);
+       struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
        int ret;
 
        if (WARN_ON(!sta_mask))
                return -EINVAL;
 
+       if (keyconf->keyidx == 4 || keyconf->keyidx == 5) {
+               struct iwl_mvm_vif_link_info *mvm_link;
+               unsigned int link_id = 0;
+
+               /* set to -1 for non-MLO right now */
+               if (keyconf->link_id >= 0)
+                       link_id = keyconf->link_id;
+
+               mvm_link = mvmvif->link[link_id];
+               if (WARN_ON(!mvm_link))
+                       return -EINVAL;
+
+               if (mvm_link->igtk == keyconf) {
+                       /* no longer in HW - mark for later */
+                       mvm_link->igtk->hw_key_idx = STA_KEY_IDX_INVALID;
+                       mvm_link->igtk = NULL;
+               }
+       }
+
        ret = __iwl_mvm_sec_key_del(mvm, sta_mask, key_flags, keyconf->keyidx,
                                    flags);
        if (ret)

diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h b/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h
index b046311..95efab5 100644 (file)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mvm.h
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause */
 /*
- * Copyright (C) 2012-2014, 2018-2022 Intel Corporation
+ * Copyright (C) 2012-2014, 2018-2023 Intel Corporation
  * Copyright (C) 2013-2015 Intel Mobile Communications GmbH
  * Copyright (C) 2016-2017 Intel Deutschland GmbH
  */
@@ -300,6 +300,7 @@ struct iwl_probe_resp_data {
  * @he_ru_2mhz_block: 26-tone RU OFDMA transmissions should be blocked
  * @queue_params: QoS params for this MAC
  * @mgmt_queue: queue number for unbufferable management frames
+ * @igtk: the current IGTK programmed into the firmware
  */
 struct iwl_mvm_vif_link_info {
        u8 bssid[ETH_ALEN];
@@ -317,6 +318,8 @@ struct iwl_mvm_vif_link_info {
        enum ieee80211_smps_mode smps_requests[NUM_IWL_MVM_SMPS_REQ];
        struct iwl_probe_resp_data __rcu *probe_resp_data;
 
+       struct ieee80211_key_conf *igtk;
+
        bool he_ru_2mhz_block;
        bool active;