From: Dan Carpenter <dan.carpenter@linaro.org>
To: Rameshkumar Sundaram <rameshkumar.sundaram@oss.qualcomm.com>
Cc: linux-wireless@vger.kernel.org, ath11k@lists.infradead.org
Subject: [bug report] wifi: ath11k: fix group data packet drops during rekey
Date: Thu, 4 Sep 2025 12:23:06 +0300 [thread overview]
Message-ID: <aLlaetkalDvWcB7b@stanley.mountain> (raw)
Hello Rameshkumar Sundaram,
Commit 97acb0259cc9 ("wifi: ath11k: fix group data packet drops
during rekey") from Aug 10, 2025 (linux-next), leads to the following
Smatch static checker warning:
drivers/net/wireless/ath/ath11k/mac.c:4459 ath11k_mac_op_set_key()
warn: bitwise AND condition is false here
drivers/net/wireless/ath/ath11k/mac.c
4428
4429 /* Allow group key clearing only in AP mode when no stations are
4430 * associated. There is a known race condition in firmware where
4431 * group addressed packets may be dropped if the key is cleared
4432 * and immediately set again during rekey.
4433 *
4434 * During GTK rekey, mac80211 issues a clear key (if the old key
4435 * exists) followed by an install key operation for same key
4436 * index. This causes ath11k to send two WMI commands in quick
4437 * succession: one to clear the old key and another to install the
4438 * new key in the same slot.
4439 *
4440 * Under certain conditions—especially under high load or time
4441 * sensitive scenarios, firmware may process these commands
4442 * asynchronously in a way that firmware assumes the key is
4443 * cleared whereas hardware has a valid key. This inconsistency
4444 * between hardware and firmware leads to group addressed packet
4445 * drops after rekey.
4446 * Only setting the same key again can restore a valid key in
4447 * firmware and allow packets to be transmitted.
4448 *
4449 * There is a use case where an AP can transition from Secure mode
4450 * to open mode without a vdev restart by just deleting all
4451 * associated peers and clearing key, Hence allow clear key for
4452 * that case alone. Mark arvif->reinstall_group_keys in such cases
4453 * and reinstall the same key when the first peer is added,
4454 * allowing firmware to recover from the race if it had occurred.
4455 */
4456
4457 is_ap_with_no_sta = (vif->type == NL80211_IFTYPE_AP &&
4458 !arvif->num_stations);
--> 4459 if ((flags & WMI_KEY_PAIRWISE) || cmd == SET_KEY || is_ap_with_no_sta) {
^^^^^^^^^^^^^^^^
WMI_KEY_PAIRWISE is zero so this is false.
I should probably write a static checker warning for code that does:
flags |= WMI_KEY_PAIRWISE;
4460 ret = ath11k_install_key(arvif, key, cmd, peer_addr, flags);
4461 if (ret) {
4462 ath11k_warn(ab, "ath11k_install_key failed (%d)\n", ret);
regards,
dan carpenter
next reply other threads:[~2025-09-04 10:31 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-04 9:23 Dan Carpenter [this message]
2025-09-18 16:07 ` [bug report] wifi: ath11k: fix group data packet drops during rekey Rameshkumar Sundaram
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aLlaetkalDvWcB7b@stanley.mountain \
--to=dan.carpenter@linaro.org \
--cc=ath11k@lists.infradead.org \
--cc=linux-wireless@vger.kernel.org \
--cc=rameshkumar.sundaram@oss.qualcomm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.