[PATCH] wifi: mac80211: disallow AP interface from getting BIGTK in RX path
Johannes Berg
johannes at sipsolutions.net
Tue Jul 8 01:26:43 PDT 2025
On Wed, 2025-07-02 at 18:45 +0800, Michael-CY Lee wrote:
> The problem was that when the AP interface with BIGTK set received
> beacons with MMIE from other BSSes, it tried to verify the MIC using its
> BIGTK, which must fail and be notified to the upper layer by
> cfg80211_rx_unprot_mlme_mgmt().
>
> The solution is to prevent the AP interface from getting BIGTK in
> the RX path, as the AP should only use the BIGTK to calculate the
> beacon's MIC value.
>
> Signed-off-by: Michael-CY Lee <michael-cy.lee at mediatek.com>
> Reviewed-by: Money Wang <money.wang at mediatek.com>
> ---
> net/mac80211/rx.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
> index 7671fd39a60e..f2d63a7cc642 100644
> --- a/net/mac80211/rx.c
> +++ b/net/mac80211/rx.c
> @@ -1888,6 +1888,10 @@ ieee80211_rx_get_bigtk(struct ieee80211_rx_data *rx, int idx)
> * index (i.e., a key that we do not have).
> */
>
> + /* AP interface sould not use BIGTK to decrypt */
> + if (rx->sdata->vif.type == NL80211_IFTYPE_AP)
> + return NULL;
Could this apply to other interface types (AP_VLAN? mesh?) as well?
Maybe this validation should instead be restricted to where it matters?
Or maybe it should only limit the rx->link->gtk[] lookups, not the per-
STA ones?
(Also, what about wireless/wireless-next? please add a tag)
johannes
More information about the Linux-mediatek
mailing list