wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice

In reconfig, in case the driver asks to disconnect during the reconfig,
all the keys of the interface are marked as tainted.
Then ieee80211_reenable_keys will loop over all the interface keys, and
for each one it will
a) increment crypto_tx_tailroom_needed_cnt
b) call ieee80211_key_enable_hw_accel, which in turn will detect that
this key is tainted, so it will mark it as "not in hardware", which is
paired with crypto_tx_tailroom_needed_cnt incrementation, so we get two
incrementations for each tainted key.
Then we get a warning in ieee80211_free_keys.

To fix it, don't increment the count in ieee80211_reenable_keys for
tainted keys

Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20260118092821.4ca111fddcda.Id6e554f4b1c83760aa02d5a9e4e3080edb197aa2@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/mac80211/key.c b/net/mac80211/key.c
index d5da7ccea66e0f53e7544124af4b9ed2abe0a8f1..04c8809173d7f564b8f4e02e564be16eca6e63bd 100644 (file)
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -987,7 +987,8 @@ void ieee80211_reenable_keys(struct ieee80211_sub_if_data *sdata)
 
        if (ieee80211_sdata_running(sdata)) {
                list_for_each_entry(key, &sdata->key_list, list) {
-                       increment_tailroom_need_count(sdata);
+                       if (!(key->flags & KEY_FLAG_TAINTED))
+                               increment_tailroom_need_count(sdata);
                        ieee80211_key_enable_hw_accel(key);
                }
        }