Re: [PATCH ath-current v2] wifi: ath10k: Fix connection after GTK rekeying - Linux-stable-mirror

9 Sep 2025

(add stable into c/c)
On Tue Sep 2, 2025 at 3:32 PM BST, Loic Poulain wrote:
...
It appears that not all hardware/firmware implementations support
group key deletion correctly, which can lead to connection hangs
and deauthentication following GTK rekeying (delete and install).
To avoid this issue, instead of attempting to delete the key using
the special WMI_CIPHER_NONE value, we now replace the key with an
invalid (random) value.
This behavior has been observed with WCN39xx chipsets.
Tested-on: WCN3990 hw1.0 WLAN.HL.3.3.7.c2-00931-QCAHLSWMTPLZ-1
Reported-by: "Alexey Klimov" alexey.klimov@linaro.org
Closes: https://lore.kernel.org/all/DAWJQ2NIKY28.1XOG35E4A682G@linaro.org
Signed-off-by: Loic Poulain loic.poulain@oss.qualcomm.com
The fix works great on RB1 board. Thank you.
Tested-by: Alexey Klimov alexey.klimov@linaro.org # QRB2210 RB1
Difficult to say when this issue appeared initially. I'd say that around 6.6
it worked fine probably.
But latest few kernel releases like 6.16, 6.15, 6.14 definetely had this issue.
Maybe makes sense to add something like that:
Cc: stable@vger.kernel.org # v6.14
...

v2: use random value instead of predictable zero value for key
     Add Tested-on tag
drivers/net/wireless/ath/ath10k/mac.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c
index 24dd794e31ea..154ac7a70982 100644
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
@@ -16,6 +16,7 @@
 #include <linux/acpi.h>
 #include <linux/of.h>
 #include <linux/bitfield.h>
+#include <linux/random.h>
 
 #include "hif.h"
 #include "core.h"
@@ -290,8 +291,15 @@ static int ath10k_send_key(struct ath10k_vif *arvif,
   	key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
 
   if (cmd == DISABLE_KEY) {

arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_NONE];


arg.key_data = NULL;




if (flags & WMI_KEY_GROUP) {


	/* Not all hardware handles group-key deletion operation


	 * correctly. Replace the key with a junk value to invalidate it.


	 */


	get_random_bytes(key->key, key->keylen);


} else {


	arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_NONE];


	arg.key_data = NULL;


}

}

return ath10k_wmi_vdev_install_key(arvif->ar, &arg);
Best regards,
Alexey

    