wifi: iwlwifi: mld: Disallow using a per-STA GTK for Tx

When a GTK is configured for a station, it can only be used for Rx
and never for Tx. In such a case, set the IWL_SEC_KEY_FLAG_NO_TX
flag when the key is installed, so the FW will not use it for Tx.

Specifically, this is needed for per-station GTK installed on NAN
NDI stations associated with NAN Data interfaces.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Link: https://patch.msgid.link/20260515150751.b004744087cb.I25fb83f9e3dc563d122a160da150d793155513fa@changeid
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>

diff --git a/drivers/net/wireless/intel/iwlwifi/mld/key.c b/drivers/net/wireless/intel/iwlwifi/mld/key.c
index a6454d90d0e31f0a22ead4d3236b88d0a7fd2d87..bf80b4770b5af1ebc06c9d0cd58e137b0236bb95 100644 (file)
--- a/drivers/net/wireless/intel/iwlwifi/mld/key.c
+++ b/drivers/net/wireless/intel/iwlwifi/mld/key.c
@@ -49,6 +49,12 @@ static u32 iwl_mld_get_key_flags(struct iwl_mld *mld,
        if (key->flags & IEEE80211_KEY_FLAG_SPP_AMSDU)
                flags |= IWL_SEC_KEY_FLAG_SPP_AMSDU;
 
+       /* When a GTK is configured for a station, it can only be
+        * used for Rx and never for Tx. Thus, set the NO TX flag.
+        */
+       if (!pairwise && sta)
+               flags |= IWL_SEC_KEY_FLAG_NO_TX;
+
        return flags;
 }