diff mbox series

[v2,19/21] wifi: rtl8xxxu: add hw crypto support for AP mode

Message ID 20231221164353.603258-20-martin.kaistra@linutronix.de
State Superseded
Headers show
Series wifi: rtl8xxxu: Add concurrent mode for 8188f | expand

Commit Message

Martin Kaistra Dec. 21, 2023, 4:43 p.m. UTC
Add a custom function for allocating entries in the sec cam. This allows
us to store multiple keys with the same keyidx.

The maximum number of sec cam entries for 8188f is 16 according to the
vendor driver. Add the number to rtl8xxxu_fileops, so that other chips
which might support more entries, can set a different number there.

Set the bssid as mac address for group keys instead of just using the
ethernet broadcast address and use BIT(6) in the sec cam ctrl entry
for differentiating them from pairwise keys like in the vendor driver.

Add the TXDESC_EN_DESC_ID bit and the hw_key_idx to tx
broadcast/multicast packets in AP mode.

Finally, allow the usage of rtl8xxxu_set_key() for AP mode.

Signed-off-by: Martin Kaistra <martin.kaistra@linutronix.de>
---
 .../net/wireless/realtek/rtl8xxxu/rtl8xxxu.h  |  5 ++
 .../realtek/rtl8xxxu/rtl8xxxu_8188f.c         |  1 +
 .../wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 48 +++++++++++++++----
 3 files changed, 44 insertions(+), 10 deletions(-)

Comments

Ping-Ke Shih Jan. 12, 2024, 6:52 a.m. UTC | #1
Hi Martin,

> -----Original Message-----
> From: Martin Kaistra <martin.kaistra@linutronix.de>
> Sent: Friday, December 22, 2023 12:44 AM
> To: linux-wireless@vger.kernel.org
> Cc: Jes Sorensen <Jes.Sorensen@gmail.com>; Kalle Valo <kvalo@kernel.org>; Ping-Ke Shih
> <pkshih@realtek.com>; Bitterblue Smith <rtl8821cerfe2@gmail.com>; Sebastian Andrzej Siewior
> <bigeasy@linutronix.de>
> Subject: [PATCH v2 19/21] wifi: rtl8xxxu: add hw crypto support for AP mode
> 

[...]

Zenm reported [1] his RTL8192EU and RTL8192FU don't work in station mode,
and cause is this patch. Please try if you can reproduce the symptom, and
apply my suggestion to see if help.

[1] https://lore.kernel.org/linux-wireless/20240112045104.12282-1-zenmchen@gmail.com/T/#me0940f522249becf49f25bc281f1992c523673f6

> 
> +static int rtl8xxxu_get_free_sec_cam(struct ieee80211_hw *hw)
> +{
> +       struct rtl8xxxu_priv *priv = hw->priv;

We need to reserve entries 0~3 for keys that aren't pairwise key. 

> +
> +       return find_first_zero_bit(priv->cam_map, priv->fops->max_sec_cam_num);
> +}
> +
>  static int rtl8xxxu_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
>                             struct ieee80211_vif *vif,
>                             struct ieee80211_sta *sta,
>                             struct ieee80211_key_conf *key)
>  {
> +       struct rtl8xxxu_vif *rtlvif = (struct rtl8xxxu_vif *)vif->drv_priv;
>         struct rtl8xxxu_priv *priv = hw->priv;
>         struct device *dev = &priv->udev->dev;
>         u8 mac_addr[ETH_ALEN];

[...]

> @@ -6899,16 +6915,28 @@ static int rtl8xxxu_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
> 
>         switch (cmd) {
>         case SET_KEY:
> -               key->hw_key_idx = key->keyidx;
> +
> +               retval = rtl8xxxu_get_free_sec_cam(hw);
> +               if (retval < 0)
> +                       return -EOPNOTSUPP;
> +

if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
	key->hw_key_idx = retval;
else
	key->hw_key_idx = key->keyidx;

> +               key->hw_key_idx = retval;
> +
> +               if (vif->type == NL80211_IFTYPE_AP && !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
> +                       rtlvif->hw_key_idx = key->hw_key_idx;
> +
>                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
>                 rtl8xxxu_cam_write(priv, key, mac_addr);
> +               set_bit(key->hw_key_idx, priv->cam_map);
>                 retval = 0;
>                 break;
>         case DISABLE_KEY:
>                 rtl8xxxu_write32(priv, REG_CAM_WRITE, 0x00000000);
>                 val32 = CAM_CMD_POLLING | CAM_CMD_WRITE |
> -                       key->keyidx << CAM_CMD_KEY_SHIFT;
> +                       key->hw_key_idx << CAM_CMD_KEY_SHIFT;
>                 rtl8xxxu_write32(priv, REG_CAM_CMD, val32);
> +               rtlvif->hw_key_idx = 0xff;
> +               clear_bit(key->hw_key_idx, priv->cam_map);

Shouldn't swap these two statements? I missed that during reviewing.


>                 retval = 0;
>                 break;
>         default:
> --
> 2.39.2
Martin Kaistra Jan. 15, 2024, 1:12 p.m. UTC | #2
Hi Ping-Ke,

Am 12.01.24 um 07:52 schrieb Ping-Ke Shih:
> Hi Martin,
> 
>> -----Original Message-----
>> From: Martin Kaistra <martin.kaistra@linutronix.de>
>> Sent: Friday, December 22, 2023 12:44 AM
>> To: linux-wireless@vger.kernel.org
>> Cc: Jes Sorensen <Jes.Sorensen@gmail.com>; Kalle Valo <kvalo@kernel.org>; Ping-Ke Shih
>> <pkshih@realtek.com>; Bitterblue Smith <rtl8821cerfe2@gmail.com>; Sebastian Andrzej Siewior
>> <bigeasy@linutronix.de>
>> Subject: [PATCH v2 19/21] wifi: rtl8xxxu: add hw crypto support for AP mode
>>
> 
> [...]
> 
> Zenm reported [1] his RTL8192EU and RTL8192FU don't work in station mode,
> and cause is this patch. Please try if you can reproduce the symptom, and
> apply my suggestion to see if help.
> 
> [1] https://lore.kernel.org/linux-wireless/20240112045104.12282-1-zenmchen@gmail.com/T/#me0940f522249becf49f25bc281f1992c523673f6

I managed to find two other Realtek USB Wifi devices that are supported by the 
rtl8xxxu driver (RTL8188EU and RTL8192CU) and I can reproduce the issue with 
both of them.

I also tried creating a patch with your suggestions and this seems to help.

Looking at it more closely however, I think the main problem is, that 
fops->max_sec_cam_num is not set for the other variants. Without the additional 
patch, this causes rtl8xxxu_get_free_sec_cam() to return 0 for pairwise and 
group key and so using the same spot for both key entries.

I then created a patch using the numbers suggested by Bitterblue Smith in [1] 
and using 32 for RTL8723AU and RTL8192CU like the rtlwifi driver seems to do. 
This also seems to solve the issue reported, even without reserving the first 4 
slots for group keys.

Do you think we need both patches?

[1] 
https://lore.kernel.org/linux-wireless/f73b5afc-d69f-4a7c-8bf0-877a45327e0b@gmail.com/

> 
>>
>> +static int rtl8xxxu_get_free_sec_cam(struct ieee80211_hw *hw)
>> +{
>> +       struct rtl8xxxu_priv *priv = hw->priv;
> 
> We need to reserve entries 0~3 for keys that aren't pairwise key.
> 
>> +
>> +       return find_first_zero_bit(priv->cam_map, priv->fops->max_sec_cam_num);
>> +}
>> +
>>   static int rtl8xxxu_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
>>                              struct ieee80211_vif *vif,
>>                              struct ieee80211_sta *sta,
>>                              struct ieee80211_key_conf *key)
>>   {
>> +       struct rtl8xxxu_vif *rtlvif = (struct rtl8xxxu_vif *)vif->drv_priv;
>>          struct rtl8xxxu_priv *priv = hw->priv;
>>          struct device *dev = &priv->udev->dev;
>>          u8 mac_addr[ETH_ALEN];
> 
> [...]
> 
>> @@ -6899,16 +6915,28 @@ static int rtl8xxxu_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
>>
>>          switch (cmd) {
>>          case SET_KEY:
>> -               key->hw_key_idx = key->keyidx;
>> +
>> +               retval = rtl8xxxu_get_free_sec_cam(hw);
>> +               if (retval < 0)
>> +                       return -EOPNOTSUPP;
>> +
> 
> if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
> 	key->hw_key_idx = retval;
> else
> 	key->hw_key_idx = key->keyidx;
> 
>> +               key->hw_key_idx = retval;
>> +
>> +               if (vif->type == NL80211_IFTYPE_AP && !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
>> +                       rtlvif->hw_key_idx = key->hw_key_idx;
>> +
>>                  key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
>>                  rtl8xxxu_cam_write(priv, key, mac_addr);
>> +               set_bit(key->hw_key_idx, priv->cam_map);
>>                  retval = 0;
>>                  break;
>>          case DISABLE_KEY:
>>                  rtl8xxxu_write32(priv, REG_CAM_WRITE, 0x00000000);
>>                  val32 = CAM_CMD_POLLING | CAM_CMD_WRITE |
>> -                       key->keyidx << CAM_CMD_KEY_SHIFT;
>> +                       key->hw_key_idx << CAM_CMD_KEY_SHIFT;
>>                  rtl8xxxu_write32(priv, REG_CAM_CMD, val32);
>> +               rtlvif->hw_key_idx = 0xff;
>> +               clear_bit(key->hw_key_idx, priv->cam_map);
> 
> Shouldn't swap these two statements? I missed that during reviewing.

I don't think that would make a difference. rtlvif->hw_key_idx is set for use in 
rtl8xxxu_tx() and the second line uses key->hw_key_idx to clear the map entry.

> 
> 
>>                  retval = 0;
>>                  break;
>>          default:
>> --
>> 2.39.2
>
Ping-Ke Shih Jan. 16, 2024, 1:25 a.m. UTC | #3
> -----Original Message-----
> From: Martin Kaistra <martin.kaistra@linutronix.de>
> Sent: Monday, January 15, 2024 9:13 PM
> To: Ping-Ke Shih <pkshih@realtek.com>; linux-wireless@vger.kernel.org
> Cc: Jes Sorensen <Jes.Sorensen@gmail.com>; Kalle Valo <kvalo@kernel.org>; Bitterblue Smith
> <rtl8821cerfe2@gmail.com>; Sebastian Andrzej Siewior <bigeasy@linutronix.de>; Zenm Chen
> <zenmchen@gmail.com>
> Subject: Re: [PATCH v2 19/21] wifi: rtl8xxxu: add hw crypto support for AP mode
> 
> Hi Ping-Ke,
> 
> Am 12.01.24 um 07:52 schrieb Ping-Ke Shih:
> > Hi Martin,
> >
> >> -----Original Message-----
> >> From: Martin Kaistra <martin.kaistra@linutronix.de>
> >> Sent: Friday, December 22, 2023 12:44 AM
> >> To: linux-wireless@vger.kernel.org
> >> Cc: Jes Sorensen <Jes.Sorensen@gmail.com>; Kalle Valo <kvalo@kernel.org>; Ping-Ke Shih
> >> <pkshih@realtek.com>; Bitterblue Smith <rtl8821cerfe2@gmail.com>; Sebastian Andrzej Siewior
> >> <bigeasy@linutronix.de>
> >> Subject: [PATCH v2 19/21] wifi: rtl8xxxu: add hw crypto support for AP mode
> >>
> >
> > [...]
> >
> > Zenm reported [1] his RTL8192EU and RTL8192FU don't work in station mode,
> > and cause is this patch. Please try if you can reproduce the symptom, and
> > apply my suggestion to see if help.
> >
> > [1]
> https://lore.kernel.org/linux-wireless/20240112045104.12282-1-zenmchen@gmail.com/T/#me0940f522249becf4
> 9f25bc281f1992c523673f6
> 
> I managed to find two other Realtek USB Wifi devices that are supported by the
> rtl8xxxu driver (RTL8188EU and RTL8192CU) and I can reproduce the issue with
> both of them.
> 
> I also tried creating a patch with your suggestions and this seems to help.
> 
> Looking at it more closely however, I think the main problem is, that
> fops->max_sec_cam_num is not set for the other variants. Without the additional
> patch, this causes rtl8xxxu_get_free_sec_cam() to return 0 for pairwise and
> group key and so using the same spot for both key entries.
> 
> I then created a patch using the numbers suggested by Bitterblue Smith in [1]
> and using 32 for RTL8723AU and RTL8192CU like the rtlwifi driver seems to do.
> This also seems to solve the issue reported, even without reserving the first 4
> slots for group keys.
> 
> Do you think we need both patches?

I think you only need the one that fills fops->max_sec_cam_num.

The search rule of hardware security CAM is to find an entry that matches address
and key_idx, and then use it to encrypt/decrypt packets. If no entry found, it
select entry by key_idx (i.e. key_idx=0/1/2/3 use entry=0/1/2/3). As I can
remember, WEP needs to reserve 4 entries, but I believe no one uses it now.

> 
> [1]
> https://lore.kernel.org/linux-wireless/f73b5afc-d69f-4a7c-8bf0-877a45327e0b@gmail.com/
> 
> >>          case DISABLE_KEY:
> >>                  rtl8xxxu_write32(priv, REG_CAM_WRITE, 0x00000000);
> >>                  val32 = CAM_CMD_POLLING | CAM_CMD_WRITE |
> >> -                       key->keyidx << CAM_CMD_KEY_SHIFT;
> >> +                       key->hw_key_idx << CAM_CMD_KEY_SHIFT;
> >>                  rtl8xxxu_write32(priv, REG_CAM_CMD, val32);
> >> +               rtlvif->hw_key_idx = 0xff;
> >> +               clear_bit(key->hw_key_idx, priv->cam_map);
> >
> > Shouldn't swap these two statements? I missed that during reviewing.
> 
> I don't think that would make a difference. rtlvif->hw_key_idx is set for use in
> rtl8xxxu_tx() and the second line uses key->hw_key_idx to clear the map entry.
> 

Sorry, I misread the "rtlvif->..." and "key->..." that are different.
diff mbox series

Patch

diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h
index c5e6d8f7d26bd..62e6318bc0924 100644
--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h
+++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h
@@ -498,6 +498,7 @@  struct rtl8xxxu_txdesc40 {
 #define DESC_RATE_ID_SHIFT		16
 #define DESC_RATE_ID_MASK		0xf
 #define TXDESC_NAVUSEHDR		BIT(20)
+#define TXDESC_EN_DESC_ID		BIT(21)
 #define TXDESC_SEC_RC4			0x00400000
 #define TXDESC_SEC_AES			0x00c00000
 #define TXDESC_PKT_OFFSET_SHIFT		26
@@ -1775,6 +1776,7 @@  struct rtl8xxxu_cfo_tracking {
 #define RTL8XXXU_MAX_MAC_ID_NUM	128
 #define RTL8XXXU_BC_MC_MACID	0
 #define RTL8XXXU_BC_MC_MACID1	1
+#define RTL8XXXU_MAX_SEC_CAM_NUM	64
 
 struct rtl8xxxu_priv {
 	struct ieee80211_hw *hw;
@@ -1908,6 +1910,7 @@  struct rtl8xxxu_priv {
 	char led_name[32];
 	struct led_classdev led_cdev;
 	DECLARE_BITMAP(mac_id_map, RTL8XXXU_MAX_MAC_ID_NUM);
+	DECLARE_BITMAP(cam_map, RTL8XXXU_MAX_SEC_CAM_NUM);
 };
 
 struct rtl8xxxu_sta_info {
@@ -1919,6 +1922,7 @@  struct rtl8xxxu_sta_info {
 
 struct rtl8xxxu_vif {
 	int port_num;
+	u8 hw_key_idx;
 };
 
 struct rtl8xxxu_rx_urb {
@@ -1993,6 +1997,7 @@  struct rtl8xxxu_fileops {
 	u16 max_aggr_num;
 	u8 supports_ap:1;
 	u16 max_macid_num;
+	u16 max_sec_cam_num;
 	u32 adda_1t_init;
 	u32 adda_1t_path_on;
 	u32 adda_2t_path_on_a;
diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8188f.c b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8188f.c
index 1e1c8fa194cb8..574a5fe951543 100644
--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8188f.c
+++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8188f.c
@@ -1751,6 +1751,7 @@  struct rtl8xxxu_fileops rtl8188fu_fops = {
 	.max_aggr_num = 0x0c14,
 	.supports_ap = 1,
 	.max_macid_num = 16,
+	.max_sec_cam_num = 16,
 	.adda_1t_init = 0x03c00014,
 	.adda_1t_path_on = 0x03c00014,
 	.trxff_boundary = 0x3f7f,
diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
index ecf54eb8dba61..7aafae9fe76b8 100644
--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
+++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
@@ -4559,8 +4559,10 @@  static void rtl8xxxu_cam_write(struct rtl8xxxu_priv *priv,
 	 * This is a bit of a hack - the lower bits of the cipher
 	 * suite selector happens to match the cipher index in the CAM
 	 */
-	addr = key->keyidx << CAM_CMD_KEY_SHIFT;
+	addr = key->hw_key_idx << CAM_CMD_KEY_SHIFT;
 	ctrl = (key->cipher & 0x0f) << 2 | key->keyidx | CAM_WRITE_VALID;
+	if (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
+		ctrl |= BIT(6);
 
 	for (j = 5; j >= 0; j--) {
 		switch (j) {
@@ -5546,13 +5548,14 @@  static void rtl8xxxu_tx(struct ieee80211_hw *hw,
 	struct rtl8xxxu_tx_urb *tx_urb;
 	struct ieee80211_sta *sta = NULL;
 	struct ieee80211_vif *vif = tx_info->control.vif;
+	struct rtl8xxxu_vif *rtlvif = (struct rtl8xxxu_vif *)vif->drv_priv;
 	struct device *dev = &priv->udev->dev;
 	u32 queue, rts_rate;
 	u16 pktlen = skb->len;
 	int tx_desc_size = priv->fops->tx_desc_size;
 	u8 macid;
 	int ret;
-	bool ampdu_enable, sgi = false, short_preamble = false;
+	bool ampdu_enable, sgi = false, short_preamble = false, bmc = false;
 
 	if (skb_headroom(skb) < tx_desc_size) {
 		dev_warn(dev,
@@ -5594,10 +5597,14 @@  static void rtl8xxxu_tx(struct ieee80211_hw *hw,
 		tx_desc->txdw0 =
 			TXDESC_OWN | TXDESC_FIRST_SEGMENT | TXDESC_LAST_SEGMENT;
 	if (is_multicast_ether_addr(ieee80211_get_DA(hdr)) ||
-	    is_broadcast_ether_addr(ieee80211_get_DA(hdr)))
+	    is_broadcast_ether_addr(ieee80211_get_DA(hdr))) {
 		tx_desc->txdw0 |= TXDESC_BROADMULTICAST;
+		bmc = true;
+	}
+
 
 	tx_desc->txdw1 = cpu_to_le32(queue << TXDESC_QUEUE_SHIFT);
+	macid = rtl8xxxu_get_macid(priv, sta);
 
 	if (tx_info->control.hw_key) {
 		switch (tx_info->control.hw_key->cipher) {
@@ -5612,6 +5619,10 @@  static void rtl8xxxu_tx(struct ieee80211_hw *hw,
 		default:
 			break;
 		}
+		if (bmc && rtlvif->hw_key_idx != 0xff) {
+			tx_desc->txdw1 |= TXDESC_EN_DESC_ID;
+			macid = rtlvif->hw_key_idx;
+		}
 	}
 
 	/* (tx_info->flags & IEEE80211_TX_CTL_AMPDU) && */
@@ -5655,7 +5666,6 @@  static void rtl8xxxu_tx(struct ieee80211_hw *hw,
 	else
 		rts_rate = 0;
 
-	macid = rtl8xxxu_get_macid(priv, sta);
 	priv->fops->fill_txdesc(hw, hdr, tx_info, tx_desc, sgi, short_preamble,
 				ampdu_enable, rts_rate, macid);
 
@@ -6667,6 +6677,7 @@  static int rtl8xxxu_add_interface(struct ieee80211_hw *hw,
 
 	priv->vifs[port_num] = vif;
 	rtlvif->port_num = port_num;
+	rtlvif->hw_key_idx = 0xff;
 
 	rtl8xxxu_set_linktype(priv, vif->type, port_num);
 	ether_addr_copy(priv->mac_addr, vif->addr);
@@ -6843,11 +6854,19 @@  static int rtl8xxxu_set_rts_threshold(struct ieee80211_hw *hw, u32 rts)
 	return 0;
 }
 
+static int rtl8xxxu_get_free_sec_cam(struct ieee80211_hw *hw)
+{
+	struct rtl8xxxu_priv *priv = hw->priv;
+
+	return find_first_zero_bit(priv->cam_map, priv->fops->max_sec_cam_num);
+}
+
 static int rtl8xxxu_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
 			    struct ieee80211_vif *vif,
 			    struct ieee80211_sta *sta,
 			    struct ieee80211_key_conf *key)
 {
+	struct rtl8xxxu_vif *rtlvif = (struct rtl8xxxu_vif *)vif->drv_priv;
 	struct rtl8xxxu_priv *priv = hw->priv;
 	struct device *dev = &priv->udev->dev;
 	u8 mac_addr[ETH_ALEN];
@@ -6859,9 +6878,6 @@  static int rtl8xxxu_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
 	dev_dbg(dev, "%s: cmd %02x, cipher %08x, index %i\n",
 		__func__, cmd, key->cipher, key->keyidx);
 
-	if (vif->type != NL80211_IFTYPE_STATION)
-		return -EOPNOTSUPP;
-
 	if (key->keyidx > 3)
 		return -EOPNOTSUPP;
 
@@ -6885,7 +6901,7 @@  static int rtl8xxxu_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
 		ether_addr_copy(mac_addr, sta->addr);
 	} else {
 		dev_dbg(dev, "%s: group key\n", __func__);
-		eth_broadcast_addr(mac_addr);
+		ether_addr_copy(mac_addr, vif->bss_conf.bssid);
 	}
 
 	val16 = rtl8xxxu_read16(priv, REG_CR);
@@ -6899,16 +6915,28 @@  static int rtl8xxxu_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
 
 	switch (cmd) {
 	case SET_KEY:
-		key->hw_key_idx = key->keyidx;
+
+		retval = rtl8xxxu_get_free_sec_cam(hw);
+		if (retval < 0)
+			return -EOPNOTSUPP;
+
+		key->hw_key_idx = retval;
+
+		if (vif->type == NL80211_IFTYPE_AP && !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
+			rtlvif->hw_key_idx = key->hw_key_idx;
+
 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
 		rtl8xxxu_cam_write(priv, key, mac_addr);
+		set_bit(key->hw_key_idx, priv->cam_map);
 		retval = 0;
 		break;
 	case DISABLE_KEY:
 		rtl8xxxu_write32(priv, REG_CAM_WRITE, 0x00000000);
 		val32 = CAM_CMD_POLLING | CAM_CMD_WRITE |
-			key->keyidx << CAM_CMD_KEY_SHIFT;
+			key->hw_key_idx << CAM_CMD_KEY_SHIFT;
 		rtl8xxxu_write32(priv, REG_CAM_CMD, val32);
+		rtlvif->hw_key_idx = 0xff;
+		clear_bit(key->hw_key_idx, priv->cam_map);
 		retval = 0;
 		break;
 	default: