mac80211: allow transmitting deauth with tainted key

When we had a connection for WoWLAN and after resume it needed to be disconnected, the previous commit enabled sending a deauth frame to the AP. This frame would not go through on MFP-enabled networks as the key for it is marked tainted before the frame is transmitted. Allow a tainted key to be used for deauth frames. Worst case, we'll use a wrong key because the PTK was rekeyed while suspended, but more likely the PTK is still fine and the taint flag really only applies to the GTK(s). Signed-off-by: Johannes Berg <johannes.berg@intel.com>

mac80211: allow transmitting deauth with tainted key
When we had a connection for WoWLAN and after resume it needed to be disconnected, the previous commit enabled sending a deauth frame to the AP. This frame would not go through on MFP-enabled networks as the key for it is marked tainted before the frame is transmitted. Allow a tainted key to be used for deauth frames. Worst case, we'll use a wrong key because the PTK was rekeyed while suspended, but more likely the PTK is still fine and the taint flag really only applies to the GTK(s). Signed-off-by: Johannes Berg <johannes.berg@intel.com>
e54faf29 · Johannes Berg · 2ca813ad · e54faf29
Commit e54faf29 authored Jan 29, 2013 by Johannes Berg
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

net/mac80211/tx.c net/mac80211/tx.c +2 -1

No files found.
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -594,7 +594,8 @@ ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
 			break;
 		}

-		if (unlikely(tx->key && tx->key->flags & KEY_FLAG_TAINTED))
+		if (unlikely(tx->key && tx->key->flags & KEY_FLAG_TAINTED &&
+			     !ieee80211_is_deauth(hdr->frame_control)))
 			return TX_DROP;

 		if (!skip_hw && tx->key &&