git: 96a57fc4bf4e - main - LinuxKPI: 802.11: adjust assoc check before key deletion
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 25 Feb 2026 04:25:07 UTC
The branch main has been updated by bz:
URL: https://cgit.FreeBSD.org/src/commit/?id=96a57fc4bf4edca9a579cc47f9058253c11f8313
commit 96a57fc4bf4edca9a579cc47f9058253c11f8313
Author: Bjoern A. Zeeb <bz@FreeBSD.org>
AuthorDate: 2026-02-24 23:51:43 +0000
Commit: Bjoern A. Zeeb <bz@FreeBSD.org>
CommitDate: 2026-02-25 04:24:50 +0000
LinuxKPI: 802.11: adjust assoc check before key deletion
There is a discrepancy between the vif assoc state and the sta state
(see comment in lkpi_sta_run_to_init()).
Adjust the check in lkpi_iv_key_delete() and add it to
lkpi_sta_del_keys() so that we can take way the keys after whatever
comes first: the sta went away from AUTHORIZED (RUN) or if the vif is
no longer marked assoc.
This is needed as we may only take the sta down partially back to
State 2 (cf. 802.11-2024, Figure 11-23) and key material is no longer
valid before the vif gets cleaned up and the sta is removed entirely.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
---
sys/compat/linuxkpi/common/src/linux_80211.c | 30 +++++++++++++++++++---------
1 file changed, 21 insertions(+), 9 deletions(-)
diff --git a/sys/compat/linuxkpi/common/src/linux_80211.c b/sys/compat/linuxkpi/common/src/linux_80211.c
index e80cf9436b3a..550bd417c529 100644
--- a/sys/compat/linuxkpi/common/src/linux_80211.c
+++ b/sys/compat/linuxkpi/common/src/linux_80211.c
@@ -1373,6 +1373,15 @@ lkpi_sta_del_keys(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
return (0);
lockdep_assert_wiphy(hw->wiphy);
+
+ if (vif->cfg.assoc && lsta->state == IEEE80211_STA_AUTHORIZED) {
+ if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
+ ic_printf(lsta->ni->ni_ic,
+ "%d %lu %s: vif still assoc; not deleting keys\n",
+ curthread->td_tid, jiffies, __func__);
+ return (0);
+ }
+
ieee80211_ref_node(lsta->ni);
error = 0;
@@ -1452,6 +1461,15 @@ lkpi_iv_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k)
*/
lockdep_assert_wiphy(hw->wiphy);
+ ni = ieee80211_ref_node(vap->iv_bss);
+ lsta = ni->ni_drv_data;
+ if (lsta == NULL) {
+ ic_printf(ic, "%s: ni %p (%6D) with lsta NULL\n",
+ __func__, ni, ni->ni_bssid, ":");
+ ieee80211_free_node(ni);
+ return (0);
+ }
+
/*
* While we are assoc we may still send packets. We cannot delete the
* keys as otherwise packets could go out unencrypted. Some firmware
@@ -1462,30 +1480,24 @@ lkpi_iv_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k)
* How to test: run 800Mbit/s UDP traffic and during that restart your
* supplicant. You want to survive that.
*/
- if (vif->cfg.assoc) {
+ if (vif->cfg.assoc && lsta->state == IEEE80211_STA_AUTHORIZED) {
if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
ic_printf(ic, "%d %lu %s: vif still assoc; not deleting keys\n",
curthread->td_tid, jiffies, __func__);
+ ieee80211_free_node(ni);
return (0);
}
if (IEEE80211_KEY_UNDEFINED(k)) {
ic_printf(ic, "%s: vap %p key %p is undefined: %p %u\n",
__func__, vap, k, k->wk_cipher, k->wk_keyix);
+ ieee80211_free_node(ni);
return (0);
}
if (vap->iv_bss == NULL) {
ic_printf(ic, "%s: iv_bss %p for vap %p is NULL\n",
__func__, vap->iv_bss, vap);
- return (0);
- }
-
- ni = ieee80211_ref_node(vap->iv_bss);
- lsta = ni->ni_drv_data;
- if (lsta == NULL) {
- ic_printf(ic, "%s: ni %p (%6D) with lsta NULL\n",
- __func__, ni, ni->ni_bssid, ":");
ieee80211_free_node(ni);
return (0);
}