[PATCH ath-current v2] wifi: ath10k: Fix connection after GTK rekeying

Alexey Klimov alexey.klimov at linaro.org
Tue Sep 9 14:17:31 PDT 2025 

(add stable into c/c)


On Tue Sep 2, 2025 at 3:32 PM BST, Loic Poulain wrote:
> It appears that not all hardware/firmware implementations support
> group key deletion correctly, which can lead to connection hangs
> and deauthentication following GTK rekeying (delete and install).
>
> To avoid this issue, instead of attempting to delete the key using
> the special WMI_CIPHER_NONE value, we now replace the key with an
> invalid (random) value.
>
> This behavior has been observed with WCN39xx chipsets.
>
> Tested-on: WCN3990 hw1.0 WLAN.HL.3.3.7.c2-00931-QCAHLSWMTPLZ-1
> Reported-by: "Alexey Klimov" <alexey.klimov at linaro.org>
> Closes: https://lore.kernel.org/all/DAWJQ2NIKY28.1XOG35E4A682G@linaro.org
> Signed-off-by: Loic Poulain <loic.poulain at oss.qualcomm.com>

The fix works great on RB1 board. Thank you.

Tested-by: Alexey Klimov <alexey.klimov at linaro.org> # QRB2210 RB1

Difficult to say when this issue appeared initially. I'd say that around 6.6
it worked fine probably.
But latest few kernel releases like 6.16, 6.15, 6.14 definetely had this issue.
Maybe makes sense to add something like that:

Cc: stable at vger.kernel.org # v6.14

> ---
>  v2: use random value instead of predictable zero value for key
>      Add Tested-on tag
>
>  drivers/net/wireless/ath/ath10k/mac.c | 12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c
> index 24dd794e31ea..154ac7a70982 100644
> --- a/drivers/net/wireless/ath/ath10k/mac.c
> +++ b/drivers/net/wireless/ath/ath10k/mac.c
> @@ -16,6 +16,7 @@
>  #include <linux/acpi.h>
>  #include <linux/of.h>
>  #include <linux/bitfield.h>
> +#include <linux/random.h>
>  
>  #include "hif.h"
>  #include "core.h"
> @@ -290,8 +291,15 @@ static int ath10k_send_key(struct ath10k_vif *arvif,
>  		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
>  
>  	if (cmd == DISABLE_KEY) {
> -		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_NONE];
> -		arg.key_data = NULL;
> +		if (flags & WMI_KEY_GROUP) {
> +			/* Not all hardware handles group-key deletion operation
> +			 * correctly. Replace the key with a junk value to invalidate it.
> +			 */
> +			get_random_bytes(key->key, key->keylen);
> +		} else {
> +			arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_NONE];
> +			arg.key_data = NULL;
> +		}
>  	}
>  
>  	return ath10k_wmi_vdev_install_key(arvif->ar, &arg);


Best regards,
Alexey

More information about the ath10k mailing list