ACK/Cmnt: [SRU Hirsute, Groovy, Focal/linux-oem-5.10, Focal/linux-oem-5.6, Focal 00/16] Fragattacks mitigations
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Wed May 26 17:19:20 UTC 2021
On Wed, May 26, 2021 at 11:12:34AM -0600, Tim Gardner wrote:
> Acked-by: Tim Gardner <tim.gardner at canonical.com>
>
> Patch 4 has some weird changes (net/mac80211/wpa.c) in that I can see no
> difference in the result. Is it just white space ? At any rate, they exist
> in the upstream commit.
>
Are you refering to the change from a '_' to a '.', because of the struct
change to a union? I would think so, because that's easy to miss.
Cascardo.
> On 5/25/21 11:46 AM, Thadeu Lima de Souza Cascardo wrote:
> > [Impact]
> > Paraphrasing from https://fragattacks.com/:
> >
> > Fragmentation and aggretation attacks are new security vulnerabilities that
> > affect wifi devices. An adversary within range can abuse them to steal user
> > information or attack devices.
> >
> > [Fixes]
> > Fixes have been provided to mac80211 layer on Linux and ath10k and ath11k drivers.
> > They are almost clean cherry pickes for the kernels I am sending them for.
> > Bionic was skipped for now because it will require further work.
> >
> > The EAPOL fix did cherry pick cleanly, but the formatted patch did not apply without
> > further context options, so is provived in two versions here.
> >
> > Two other commits did not apply cleanly on 5.6 and 5.4, because of context on file
> > headers containing copyright notices. Those are the only conflicts when cherry picking
> > on those kernels.
> >
> > Finally, ath11k is not present on 5.4, so its only fix was skipped for that kernel.
> >
> > [Testing]
> > I built all backport versions and booted 5.11 on a system with rtl8192ce driver, which
> > uses mac80211 layer. Also booted and tested 5.4 on a system with ath5k, that also
> > uses mac80211 layer.
> >
> > [Potential regression]
> > Wifi connection issues might happen, including dropped packets.
> >
> > Johannes Berg (5):
> > mac80211: add fragment cache to sta_info
> > mac80211: check defrag PN against current frame
> > mac80211: prevent attacks on TKIP/WEP as well
> > mac80211: drop A-MSDUs on old ciphers
> > mac80211: do not accept/forward invalid EAPOL frames
> >
> > Mathy Vanhoef (4):
> > mac80211: assure all fragments are encrypted
> > mac80211: prevent mixed key and fragment cache attacks
> > mac80211: properly handle A-MSDUs that start with an RFC 1042 header
> > cfg80211: mitigate A-MSDU aggregation attacks
> >
> > Sriram R (1):
> > ath11k: Clear the fragment cache during key install
> >
> > Wen Gong (6):
> > mac80211: extend protection against mixed key and fragment cache
> > attacks
> > ath10k: drop MPDU which has discard flag set by firmware for SDIO
> > ath10k: Fix TKIP Michael MIC verification for PCIe
> > ath10k: drop fragments with multicast DA for SDIO
> > ath10k: add CCMP PN replay protection for fragmented frames for PCIe
> > ath10k: drop fragments with multicast DA for PCIe
> >
> > drivers/net/wireless/ath/ath10k/htt.h | 1 +
> > drivers/net/wireless/ath/ath10k/htt_rx.c | 140 +++++++++++++++++++-
> > drivers/net/wireless/ath/ath10k/rx_desc.h | 14 +-
> > drivers/net/wireless/ath/ath11k/dp_rx.c | 18 +++
> > drivers/net/wireless/ath/ath11k/dp_rx.h | 1 +
> > drivers/net/wireless/ath/ath11k/mac.c | 6 +
> > include/net/cfg80211.h | 4 +-
> > net/mac80211/ieee80211_i.h | 36 ++----
> > net/mac80211/iface.c | 11 +-
> > net/mac80211/key.c | 7 +
> > net/mac80211/key.h | 2 +
> > net/mac80211/rx.c | 150 +++++++++++++++++-----
> > net/mac80211/sta_info.c | 6 +-
> > net/mac80211/sta_info.h | 33 ++++-
> > net/mac80211/wpa.c | 13 +-
> > net/wireless/util.c | 7 +-
> > 16 files changed, 368 insertions(+), 81 deletions(-)
> >
>
> --
> -----------
> Tim Gardner
> Canonical, Inc
More information about the kernel-team
mailing list