wifi: mt76: mt7925: fix key removal failure during MLO roaming#1037
Open
zbowling wants to merge 1 commit intoopenwrt:masterfrom
Open
wifi: mt76: mt7925: fix key removal failure during MLO roaming#1037zbowling wants to merge 1 commit intoopenwrt:masterfrom
zbowling wants to merge 1 commit intoopenwrt:masterfrom
Conversation
During MLO roaming, mac80211 may request key removal after the link state has already been torn down. The current code dereferences mlink->wcid without checking if mlink is NULL, causing crashes or -EINVAL errors. This is a race condition where: 1. MLO link teardown begins, cleaning up driver state 2. mac80211 requests group key removal for the old link 3. mt792x_vif_to_bss_conf() or related functions return NULL 4. Driver either crashes or returns -EINVAL, confusing upper layers The fix adds NULL checks for link_conf, mconf, and mlink. When removing a key (cmd != SET_KEY), if the link state is already gone, return success (0) instead of error - the key is effectively removed when the link was torn down. This prevents the following errors during roaming: wlp192s0: failed to remove key (1, ff:ff:ff:ff:ff:ff) from hardware (-22) wlp192s0: failed to remove key (4, ff:ff:ff:ff:ff:ff) from hardware (-22) And the associated wpa_supplicant warnings: nl80211: kernel reports: link ID must for MLO group key Link: openwrt#1036 Signed-off-by: Zac Bowling <zac@zacbowling.com>
This was referenced Jan 1, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
During MLO roaming, mac80211 may request key removal after the link state
has already been torn down. The current code dereferences
mlink->wcidwithout checking if mlink is NULL, causing crashes or -EINVAL errors.
This is a race condition where:
mt792x_vif_to_bss_conf()or related functions return NULLThe fix adds NULL checks for
link_conf,mconf, andmlink. When removinga key (
cmd != SET_KEY), if the link state is already gone, return success(0) instead of error - the key is effectively removed when the link was
torn down.
This prevents the following errors during roaming:
And the associated wpa_supplicant warnings:
Related: #1036
Testing: Tested on Framework Desktop with MT7925 WiFi during overnight roaming stress test.