ACK/cmnt: [SRU Hirsute, Groovy, Focal/linux-oem-5.10, Focal/linux-oem-5.6, Focal 00/16] Fragattacks mitigations
Kleber Souza
kleber.souza at canonical.com
Thu May 27 13:10:31 UTC 2021
On 25.05.21 19:46, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> Paraphrasing from https://fragattacks.com/:
>
> Fragmentation and aggretation attacks are new security vulnerabilities that
> affect wifi devices. An adversary within range can abuse them to steal user
> information or attack devices.
>
> [Fixes]
> Fixes have been provided to mac80211 layer on Linux and ath10k and ath11k drivers.
> They are almost clean cherry pickes for the kernels I am sending them for.
> Bionic was skipped for now because it will require further work.
>
> The EAPOL fix did cherry pick cleanly, but the formatted patch did not apply without
> further context options, so is provived in two versions here.
>
> Two other commits did not apply cleanly on 5.6 and 5.4, because of context on file
> headers containing copyright notices. Those are the only conflicts when cherry picking
> on those kernels.
>
> Finally, ath11k is not present on 5.4, so its only fix was skipped for that kernel.
>
> [Testing]
> I built all backport versions and booted 5.11 on a system with rtl8192ce driver, which
> uses mac80211 layer. Also booted and tested 5.4 on a system with ath5k, that also
> uses mac80211 layer.
>
> [Potential regression]
> Wifi connection issues might happen, including dropped packets.
>
> Johannes Berg (5):
> mac80211: add fragment cache to sta_info
> mac80211: check defrag PN against current frame
> mac80211: prevent attacks on TKIP/WEP as well
> mac80211: drop A-MSDUs on old ciphers
> mac80211: do not accept/forward invalid EAPOL frames
>
> Mathy Vanhoef (4):
> mac80211: assure all fragments are encrypted
> mac80211: prevent mixed key and fragment cache attacks
> mac80211: properly handle A-MSDUs that start with an RFC 1042 header
> cfg80211: mitigate A-MSDU aggregation attacks
>
> Sriram R (1):
> ath11k: Clear the fragment cache during key install
>
> Wen Gong (6):
> mac80211: extend protection against mixed key and fragment cache
> attacks
> ath10k: drop MPDU which has discard flag set by firmware for SDIO
> ath10k: Fix TKIP Michael MIC verification for PCIe
> ath10k: drop fragments with multicast DA for SDIO
> ath10k: add CCMP PN replay protection for fragmented frames for PCIe
> ath10k: drop fragments with multicast DA for PCIe
>
> drivers/net/wireless/ath/ath10k/htt.h | 1 +
> drivers/net/wireless/ath/ath10k/htt_rx.c | 140 +++++++++++++++++++-
> drivers/net/wireless/ath/ath10k/rx_desc.h | 14 +-
> drivers/net/wireless/ath/ath11k/dp_rx.c | 18 +++
> drivers/net/wireless/ath/ath11k/dp_rx.h | 1 +
> drivers/net/wireless/ath/ath11k/mac.c | 6 +
> include/net/cfg80211.h | 4 +-
> net/mac80211/ieee80211_i.h | 36 ++----
> net/mac80211/iface.c | 11 +-
> net/mac80211/key.c | 7 +
> net/mac80211/key.h | 2 +
> net/mac80211/rx.c | 150 +++++++++++++++++-----
> net/mac80211/sta_info.c | 6 +-
> net/mac80211/sta_info.h | 33 ++++-
> net/mac80211/wpa.c | 13 +-
> net/wireless/util.c | 7 +-
> 16 files changed, 368 insertions(+), 81 deletions(-)
>
Hard to review, I guess we'll need to rely on your tests and Certification
on supported platforms.
Acked-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
Thanks
More information about the kernel-team
mailing list