From: Ilan Peer <ilan.peer@intel.com>
Date: Fri, 15 May 2026 12:09:41 +0000 (+0300)
Subject: wifi: iwlwifi: mld: Disallow using a per-STA GTK for Tx
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=7b32710111214bcbb2fd0da0fd73b5c806c2d96c;p=thirdparty%2Flinux.git

wifi: iwlwifi: mld: Disallow using a per-STA GTK for Tx

When a GTK is configured for a station, it can only be used for Rx
and never for Tx. In such a case, set the IWL_SEC_KEY_FLAG_NO_TX
flag when the key is installed, so the FW will not use it for Tx.

Specifically, this is needed for per-station GTK installed on NAN
NDI stations associated with NAN Data interfaces.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Link: https://patch.msgid.link/20260515150751.b004744087cb.I25fb83f9e3dc563d122a160da150d793155513fa@changeid
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
---

diff --git a/drivers/net/wireless/intel/iwlwifi/mld/key.c b/drivers/net/wireless/intel/iwlwifi/mld/key.c
index a6454d90d0e3..bf80b4770b5a 100644
--- a/drivers/net/wireless/intel/iwlwifi/mld/key.c
+++ b/drivers/net/wireless/intel/iwlwifi/mld/key.c
@@ -49,6 +49,12 @@ static u32 iwl_mld_get_key_flags(struct iwl_mld *mld,
 	if (key->flags & IEEE80211_KEY_FLAG_SPP_AMSDU)
 		flags |= IWL_SEC_KEY_FLAG_SPP_AMSDU;
 
+	/* When a GTK is configured for a station, it can only be
+	 * used for Rx and never for Tx. Thus, set the NO TX flag.
+	 */
+	if (!pairwise && sta)
+		flags |= IWL_SEC_KEY_FLAG_NO_TX;
+
 	return flags;
 }