wifi: iwlwifi: mvm: offload IGTK in AP if BIGTK is supported

We can't really know easily if a BIGTK will be used, but
in case firmware supports BIGTK it also supports the very
easy IGTK use (nothing to do on the host), and requires
that we program both IGTK and BIGTK to be able to use the
BIGTK. Thus, change the condition here to set the keys in
firmware (both IGTK/BIGTK) if BIGTK is supported.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230926110319.425ebc1ce484.If485ec962636c23d463b678e7da86e11b6fa86c9@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
index f9a4168e3e1a0f5eee16fee26c987a217202a260..d342a53a8c460dea0989171350b305cdc80a4ac6 100644 (file)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
@@ -4185,12 +4185,21 @@ static int __iwl_mvm_mac_set_key(struct ieee80211_hw *hw,
                         * GTK on AP interface is a TX-only key, return 0;
                         * on IBSS they're per-station and because we're lazy
                         * we don't support them for RX, so do the same.
-                        * CMAC/GMAC in AP/IBSS modes must be done in software.
+                        * CMAC/GMAC in AP/IBSS modes must be done in software
+                        * on older NICs.
                         *
                         * Except, of course, beacon protection - it must be
-                        * offloaded since we just set a beacon template.
+                        * offloaded since we just set a beacon template, and
+                        * then we must also offload the IGTK (not just BIGTK)
+                        * for firmware reasons.
+                        *
+                        * So just check for beacon protection - if we don't
+                        * have it we cannot get here with keyidx >= 6, and
+                        * if we do have it we need to send the key to FW in
+                        * all cases (CMAC/GMAC).
                         */
-                       if (keyidx < 6 &&
+                       if (!wiphy_ext_feature_isset(hw->wiphy,
+                                                    NL80211_EXT_FEATURE_BEACON_PROTECTION) &&
                            (key->cipher == WLAN_CIPHER_SUITE_AES_CMAC ||
                             key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_128 ||
                             key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256)) {