[PATCH wireless v2 2/2] wifi: mt76: mt7996: clear cipher state on key removal for WED offload
From: Joshua Klinesmith
Date: Mon Apr 06 2026 - 20:16:47 EST
Same issue as mt7915: link->mt76.cipher is set on key installation
but never cleared on removal. The WA firmware retains the stale
cipher in BSS_INFO, sets the protection bit on WED-offloaded
frames, and drops all plaintext traffic when encryption is
switched to open/none.
Reset link->mt76.cipher to zero and call mt7996_mcu_add_bss_info()
when the last group key is removed.
Fixes: 98686cd21624 ("wifi: mt76: mt7996: add driver for MediaTek Wi-Fi 7 (802.11be) devices")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Joshua Klinesmith <joshuaklinesmith@xxxxxxxxx>
---
drivers/net/wireless/mediatek/mt76/mt7996/main.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7996/main.c b/drivers/net/wireless/mediatek/mt76/mt7996/main.c
index f16135f0b7..d464fc3d90 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7996/main.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7996/main.c
@@ -249,6 +249,13 @@ mt7996_set_hw_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
else if (idx == *wcid_keyidx)
*wcid_keyidx = -1;
+ if (cmd != SET_KEY && !sta && link->mt76.cipher) {
+ link->mt76.cipher = 0;
+ if (link->phy)
+ mt7996_mcu_add_bss_info(link->phy, vif, link_conf,
+ &link->mt76, msta_link, true);
+ }
+
/* only do remove key for BIGTK */
if (cmd != SET_KEY && !is_bigtk)
return 0;
--
2.43.0