[PATCH wireless 2/2] wifi: mt76: mt7996: clear cipher state on key removal for WED offload

Next message: Dmitry Baryshkov: "Re: [PATCH] drm/msm/adreno: fix userspace-triggered crash on a2xx-a4xx"
Previous message: Joshua Klinesmith: "[PATCH wireless 1/2] wifi: mt76: mt7915: clear cipher state on key removal for WED offload"
In reply to: Joshua Klinesmith: "[PATCH wireless 1/2] wifi: mt76: mt7915: clear cipher state on key removal for WED offload"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Joshua Klinesmith

Date: Mon Apr 06 2026 - 19:45:45 EST

Same issue as mt7915: link->mt76.cipher is set on key installation
but never cleared on removal. The WA firmware retains the stale
cipher in BSS_INFO, sets the protection bit on WED-offloaded
frames, and drops all plaintext traffic when encryption is
switched to open/none.

Reset link->mt76.cipher to zero and call mt7996_mcu_add_bss_info()
when the last group key is removed.

Fixes: 98686cd21624 ("wifi: mt76: mt7996: add driver for MediaTek Wi-Fi 7 (802.11be) devices")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Joshua Klinesmith <joshuaklinesmith@xxxxxxxxx>
---
drivers/net/wireless/mediatek/mt76/mt7996/main.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)

diff --git a/drivers/net/wireless/mediatek/mt76/mt7996/main.c b/drivers/net/wireless/mediatek/mt76/mt7996/main.c
index 84f731b387..bf5fda6925 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7996/main.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7996/main.c
@@ -235,6 +235,21 @@ mt7996_set_hw_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
} else {
if (idx == *wcid_keyidx)
*wcid_keyidx = -1;
+
+ if (!sta && link->mt76.cipher) {
+ struct ieee80211_bss_conf *lc;
+
+ lc = link_conf_dereference_protected(vif,
+ link_id);
+ if (!lc)
+ lc = &vif->bss_conf;
+
+ link->mt76.cipher = 0;
+ mt7996_mcu_add_bss_info(link->phy, vif, lc,
+ &link->mt76,
+ msta_link, true);
+ }
+
continue;
}

--
2.43.0