kernel_optimize_test/net/mac80211
Wen Gong 6abcc01e8b mac80211: extend protection against mixed key and fragment cache attacks
commit 3edc6b0d6c061a70d8ca3c3c72eb1f58ce29bfb1 upstream.

For some chips/drivers, e.g., QCA6174 with ath10k, the decryption is
done by the hardware, and the Protected bit in the Frame Control field
is cleared in the lower level driver before the frame is passed to
mac80211. In such cases, the condition for ieee80211_has_protected() is
not met in ieee80211_rx_h_defragment() of mac80211 and the new security
validation steps are not executed.

Extend mac80211 to cover the case where the Protected bit has been
cleared, but the frame is indicated as having been decrypted by the
hardware. This extends protection against mixed key and fragment cache
attack for additional drivers/chips. This fixes CVE-2020-24586 and
CVE-2020-24587 for such cases.

Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00110-QCARMSWP-1

Cc: stable@vger.kernel.org
Signed-off-by: Wen Gong <wgong@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Link: https://lore.kernel.org/r/20210511200110.037aa5ca0390.I7bb888e2965a0db02a67075fcb5deb50eb7408aa@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-06-03 09:00:29 +02:00
..
aead_api.c mac80211: Check crypto_aead_encrypt for errors 2021-04-10 13:36:08 +02:00
aead_api.h
aes_ccm.h
aes_cmac.c
aes_cmac.h
aes_gcm.h
aes_gmac.c mac80211: Check crypto_aead_encrypt for errors 2021-04-10 13:36:08 +02:00
aes_gmac.h
agg-rx.c net: mac80211: agg-rx.c: fix duplicated words 2020-08-27 11:23:08 +02:00
agg-tx.c
airtime.c mac80211: add AQL support for VHT160 tx rates 2020-09-18 11:36:03 +02:00
cfg.c mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN 2021-04-21 13:00:54 +02:00
chan.c mac80211: get correct default channel width for S1G 2020-09-28 13:53:05 +02:00
debug.h
debugfs_key.c
debugfs_key.h
debugfs_netdev.c cfg80211/mac80211: add connected to auth server to meshconf 2020-07-31 09:24:24 +02:00
debugfs_netdev.h
debugfs_sta.c
debugfs_sta.h
debugfs.c mac80211: fix incorrect strlen of .write in debugfs 2021-02-07 15:37:15 +01:00
debugfs.h
driver-ops.c mac80211: fix station rate table updates on assoc 2021-02-10 09:29:16 +01:00
driver-ops.h mac80211: notify the driver when a sta uses 4-address mode 2020-09-18 12:16:16 +02:00
ethtool.c
fils_aead.c
fils_aead.h
he.c
ht.c mac80211: Use fallthrough pseudo-keyword 2020-07-31 09:24:23 +02:00
ibss.c mac80211: fix double free in ibss_leave 2021-03-30 14:32:08 +02:00
ieee80211_i.h mac80211: check defrag PN against current frame 2021-06-03 09:00:29 +02:00
iface.c mac80211: add fragment cache to sta_info 2021-06-03 09:00:29 +02:00
Kconfig ath9k: fix build error with LEDS_CLASS=m 2021-02-17 11:02:25 +01:00
key.c mac80211: prevent mixed key and fragment cache attacks 2021-06-03 09:00:29 +02:00
key.h mac80211: prevent mixed key and fragment cache attacks 2021-06-03 09:00:29 +02:00
led.c
led.h
main.c mac80211: bail out if cipher schemes are invalid 2021-05-14 09:50:34 +02:00
Makefile mac80211: initialize last_rate for S1G STAs 2020-10-08 10:40:57 +02:00
mesh_hwmp.c mac80211: fix potential overflow when multiplying to u32 integers 2021-03-04 11:37:32 +01:00
mesh_pathtbl.c mac80211: mesh: fix mesh_pathtbl_init() error path 2020-12-04 17:34:25 -08:00
mesh_plink.c mac80211: fix some more kernel-doc in mesh 2020-09-28 14:36:53 +02:00
mesh_ps.c mac80211: fix some more kernel-doc in mesh 2020-09-28 14:36:53 +02:00
mesh_sync.c
mesh.c mac80211: rename csa counters to countdown counters 2020-08-27 14:12:15 +02:00
mesh.h
michael.c
michael.h
mlme.c mac80211: clear the beacon's CRC after channel switch 2021-05-19 10:12:55 +02:00
ocb.c
offchannel.c mac80211: Inform AP when returning operating channel 2020-09-28 13:18:53 +02:00
pm.c
rate.c mac80211: fix station rate table updates on assoc 2021-02-10 09:29:16 +01:00
rate.h
rc80211_minstrel_debugfs.c
rc80211_minstrel_ht_debugfs.c
rc80211_minstrel_ht.c
rc80211_minstrel_ht.h
rc80211_minstrel.c mac80211: minstrel: fix tx status processing corner case 2020-11-12 11:25:09 +01:00
rc80211_minstrel.h mac80211: minstrel: remove deferred sampling code 2020-11-12 11:24:43 +01:00
rx.c mac80211: extend protection against mixed key and fragment cache attacks 2021-06-03 09:00:29 +02:00
s1g.c mac80211: initialize last_rate for S1G STAs 2020-10-08 10:40:57 +02:00
scan.c mac80211: convert S1G beacon to scan results 2020-09-28 13:53:25 +02:00
spectmgmt.c mac80211: 160MHz with extended NSS BW in CSA 2021-02-13 13:55:04 +01:00
sta_info.c mac80211: add fragment cache to sta_info 2021-06-03 09:00:29 +02:00
sta_info.h mac80211: prevent attacks on TKIP/WEP as well 2021-06-03 09:00:29 +02:00
status.c mac80211: fix memory leak on filtered powersave frames 2020-11-12 11:23:58 +01:00
tdls.c mac80211: Use fallthrough pseudo-keyword 2020-07-31 09:24:23 +02:00
tkip.c
tkip.h
trace_msg.h
trace.c
trace.h mac80211: notify the driver when a sta uses 4-address mode 2020-09-18 12:16:16 +02:00
tx.c mac80211: fix TXQ AC confusion 2021-04-14 08:42:02 +02:00
util.c mac80211: Allow HE operation to be longer than expected. 2021-03-30 14:32:00 +02:00
vht.c mac80211: don't set set TDLS STA bandwidth wider than possible 2020-12-30 11:53:50 +01:00
wep.c
wep.h
wme.c mac80211: Use fallthrough pseudo-keyword 2020-07-31 09:24:23 +02:00
wme.h
wpa.c mac80211: check defrag PN against current frame 2021-06-03 09:00:29 +02:00
wpa.h