On Wed, 2025-07-02 at 18:45 +0800, Michael-CY Lee wrote: > The problem was that when the AP interface with BIGTK set received > beacons with MMIE from other BSSes, it tried to verify the MIC using its > BIGTK, which must fail and be notified to the upper layer by > cfg80211_rx_unprot_mlme_mgmt(). > > The solution is to prevent the AP interface from getting BIGTK in > the RX path, as the AP should only use the BIGTK to calculate the > beacon's MIC value. > > Signed-off-by: Michael-CY Lee <michael-cy.lee@xxxxxxxxxxxx> > Reviewed-by: Money Wang <money.wang@xxxxxxxxxxxx> > --- > net/mac80211/rx.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c > index 7671fd39a60e..f2d63a7cc642 100644 > --- a/net/mac80211/rx.c > +++ b/net/mac80211/rx.c > @@ -1888,6 +1888,10 @@ ieee80211_rx_get_bigtk(struct ieee80211_rx_data *rx, int idx) > * index (i.e., a key that we do not have). > */ > > + /* AP interface sould not use BIGTK to decrypt */ > + if (rx->sdata->vif.type == NL80211_IFTYPE_AP) > + return NULL; Could this apply to other interface types (AP_VLAN? mesh?) as well? Maybe this validation should instead be restricted to where it matters? Or maybe it should only limit the rx->link->gtk[] lookups, not the per- STA ones? (Also, what about wireless/wireless-next? please add a tag) johannes
