mt76: fix corrupted software generated tx CCMP PN

commit 906d2d3f874a54183df5a609fda180adf0462428 upstream.

Since ccmp_pn is u8 *, the second half needs to start at array index 4
instead of 0. Fixes a connection stall after a certain amount of traffic

Fixes: 23405236460b9 ("mt76: fix transmission of encrypted management frames")
Cc: stable@vger.kernel.org
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/net/wireless/mediatek/mt76/mt76x02_mac.c b/drivers/net/wireless/mediatek/mt76/mt76x02_mac.c
index c08bf371e527f0f57ea8e45cc662e7ee686c1ccf..7c9dfa54fee86bf9f45875b8cdfb01d771e1c471 100644 (file)
--- a/drivers/net/wireless/mediatek/mt76/mt76x02_mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt76x02_mac.c
@@ -309,7 +309,7 @@ void mt76x02_mac_write_txwi(struct mt76x02_dev *dev, struct mt76x02_txwi *txwi,
                ccmp_pn[6] = pn >> 32;
                ccmp_pn[7] = pn >> 40;
                txwi->iv = *((__le32 *)&ccmp_pn[0]);
-               txwi->eiv = *((__le32 *)&ccmp_pn[1]);
+               txwi->eiv = *((__le32 *)&ccmp_pn[4]);
        }
 
        spin_lock_bh(&dev->mt76.lock);