ACK/Cmnt: [SRU Hirsute, Groovy, Focal/linux-oem-5.10, Focal/linux-oem-5.6, Focal 00/16] Fragattacks mitigations

Tim Gardner tim.gardner at canonical.com
Wed May 26 17:12:34 UTC 2021


Acked-by: Tim Gardner <tim.gardner at canonical.com>

Patch 4 has some weird changes (net/mac80211/wpa.c) in that I can see no 
difference in the result. Is it just white space ? At any rate, they 
exist in the upstream commit.

On 5/25/21 11:46 AM, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> Paraphrasing from https://fragattacks.com/:
> 
> Fragmentation and aggretation attacks are new security vulnerabilities that
> affect wifi devices. An adversary within range can abuse them to steal user
> information or attack devices.
> 
> [Fixes]
> Fixes have been provided to mac80211 layer on Linux and ath10k and ath11k drivers.
> They are almost clean cherry pickes for the kernels I am sending them for.
> Bionic was skipped for now because it will require further work.
> 
> The EAPOL fix did cherry pick cleanly, but the formatted patch did not apply without
> further context options, so is provived in two versions here.
> 
> Two other commits did not apply cleanly on 5.6 and 5.4, because of context on file
> headers containing copyright notices. Those are the only conflicts when cherry picking
> on those kernels.
> 
> Finally, ath11k is not present on 5.4, so its only fix was skipped for that kernel.
> 
> [Testing]
> I built all backport versions and booted 5.11 on a system with rtl8192ce driver, which
> uses mac80211 layer. Also booted and tested 5.4 on a system with ath5k, that also
> uses mac80211 layer.
> 
> [Potential regression]
> Wifi connection issues might happen, including dropped packets.
> 
> Johannes Berg (5):
>    mac80211: add fragment cache to sta_info
>    mac80211: check defrag PN against current frame
>    mac80211: prevent attacks on TKIP/WEP as well
>    mac80211: drop A-MSDUs on old ciphers
>    mac80211: do not accept/forward invalid EAPOL frames
> 
> Mathy Vanhoef (4):
>    mac80211: assure all fragments are encrypted
>    mac80211: prevent mixed key and fragment cache attacks
>    mac80211: properly handle A-MSDUs that start with an RFC 1042 header
>    cfg80211: mitigate A-MSDU aggregation attacks
> 
> Sriram R (1):
>    ath11k: Clear the fragment cache during key install
> 
> Wen Gong (6):
>    mac80211: extend protection against mixed key and fragment cache
>      attacks
>    ath10k: drop MPDU which has discard flag set by firmware for SDIO
>    ath10k: Fix TKIP Michael MIC verification for PCIe
>    ath10k: drop fragments with multicast DA for SDIO
>    ath10k: add CCMP PN replay protection for fragmented frames for PCIe
>    ath10k: drop fragments with multicast DA for PCIe
> 
>   drivers/net/wireless/ath/ath10k/htt.h     |   1 +
>   drivers/net/wireless/ath/ath10k/htt_rx.c  | 140 +++++++++++++++++++-
>   drivers/net/wireless/ath/ath10k/rx_desc.h |  14 +-
>   drivers/net/wireless/ath/ath11k/dp_rx.c   |  18 +++
>   drivers/net/wireless/ath/ath11k/dp_rx.h   |   1 +
>   drivers/net/wireless/ath/ath11k/mac.c     |   6 +
>   include/net/cfg80211.h                    |   4 +-
>   net/mac80211/ieee80211_i.h                |  36 ++----
>   net/mac80211/iface.c                      |  11 +-
>   net/mac80211/key.c                        |   7 +
>   net/mac80211/key.h                        |   2 +
>   net/mac80211/rx.c                         | 150 +++++++++++++++++-----
>   net/mac80211/sta_info.c                   |   6 +-
>   net/mac80211/sta_info.h                   |  33 ++++-
>   net/mac80211/wpa.c                        |  13 +-
>   net/wireless/util.c                       |   7 +-
>   16 files changed, 368 insertions(+), 81 deletions(-)
> 

-- 
-----------
Tim Gardner
Canonical, Inc



More information about the kernel-team mailing list