Commit Graph

1186 Commits

Author SHA1 Message Date
Hauke Mehrtens
b96c2569ac mac80211: Update to version 5.12.19-1
The removed patches were applied upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-10-23 23:17:28 +02:00
Hauke Mehrtens
e185080c87 mac80211: Update to version 5.11.22-1
The removed patches were applied upstream.
This backports version 5.11.22 and later does not support kernel
versions < 4.4, this allows us to remove some patches too.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-10-23 23:17:23 +02:00
Felix Fietkau
a889dcd3f2 mac80211: add missing patch chunk for mac80211_hwsim
Fixes build error

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-20 14:04:40 +02:00
Felix Fietkau
e62c550470 mac80211: backport a few trivial patches
No functional changes, just some renames to make it easier to keep mt76 in
sync with upstream

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-20 11:35:34 +02:00
Felix Fietkau
af9d31aacc mac80211: remove kcov bits from TWT backport patch
Our backports version does not have support for kcov in mac80211
Fixes build errors on some platforms

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-11 17:19:53 +02:00
Felix Fietkau
978e822db3 mac80211: backport AP mode TWT support
Required for an upcoming mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-11 13:27:19 +02:00
Felix Fietkau
42dda0ed3e mac80211: allow retry of wifi setup if an iw interface add command fails
In some cases, spurious failures might be cleared by teardown and retry

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-09-30 11:33:37 +02:00
Felix Fietkau
2bfac61483 mac80211: backport support for BSS color changes
This is needed for an upcoming mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-09-25 09:38:37 +02:00
Hauke Mehrtens
97bc59a5c0 mac80211: Update to backports-5.10.68
Refresh all patches.
The removed patches were integrated upstream.

This contains fixes for CVE-2020-3702

1. These patches (ath, ath9k, mac80211)  were included in kernel
versions since 4.14.245 and 4.19.205. They fix security vulnerability
CVE-2020-3702 [1] similar to KrØØk, which was found by ESET [2].

Thank you Josef Schlehofer for reporting this problem.

[1] https://nvd.nist.gov/vuln/detail/CVE-2020-3702
[2] https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-09-22 22:24:00 +02:00
Felix Fietkau
6f2044c2d7 mac80211: revert faulty change that was breaking broadcast tx
Fixes: 0f6887972a ("mac80211: add missing change for encap offload on devices with sw rate control")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-09-06 12:01:42 +02:00
Christian Lamparter
d24efa92e1 ath9k: owl-loader: remove obsolete AR71XX patch
this is no longer necessary as the AR71XX target
was superseded by ath79.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-08-26 21:37:19 +02:00
Felix Fietkau
0f6887972a mac80211: add missing change for encap offload on devices with sw rate control
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-08-24 17:35:45 +02:00
Felix Fietkau
f04c0ead33 mac80211: refresh patch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-08-24 17:35:45 +02:00
Felix Fietkau
a0d81ba0d5 mac80211: fix HT40 mode for 6G band
The channel offset used for VHT segment calculation was missing for HT

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-08-24 17:35:45 +02:00
Ansuel Smith
91a52f22a1 treewide: backport support for nvmem on non platform devices
In the current state, nvmem cells are only detected on platform device.
To quickly fix the problem, we register the affected problematic driver
with the of_platform but that is more an hack than a real solution.
Backport from net-next the required patch so that nvmem can work also
with non-platform devices and rework our current patch.
Drop the mediatek and dsa workaround and rework the ath10k patches.
Rework every driver that use the of_get_mac_address api.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2021-08-05 01:46:26 +02:00
Ansuel Smith
853e8465a7 ath10k: fix compilation error with CONFIG_OF not available
of_platform_device_create require CONFIG_OF selected.
Add an ifdef and register to the of platform only if of is available.

Fixes: 985954ccbd ("kernel: add ath10k support for of_get_mac_address")
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2021-07-19 19:10:18 +02:00
Ansuel Smith
985954ccbd kernel: add ath10k support for of_get_mac_address
ath10k doesn't currently support the standard function to get mac-address from the dts.
Add this for both ath10k and ath10k-ct

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2021-07-19 14:51:22 +02:00
Felix Fietkau
890bf06cef mac80211: backport SAR power limit support
Needed for an upcoming mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-07-14 18:09:23 +02:00
Felix Fietkau
19228c4562 mac80211: merge a 4-addr client mode fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-07-14 18:09:23 +02:00
Felix Fietkau
a5888ad6b3 mac80211: merge the virtual time based airtime scheduler
Improves airtime fairness, especially for devices with larger firmware buffers

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-07-14 15:48:57 +02:00
Felix Fietkau
de49957300 mac80211: backport fix for nl80211 control port tx (fixes FS#3857)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-30 19:09:31 +02:00
Felix Fietkau
8bb4437c01 mac80211: fix a regression in starting aggregation sessions on mesh interfaces
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-29 13:32:50 +02:00
Bob Cantor
3933e29d1b mac80211: print an error if wifi teardown fails
drv_mac80211_teardown fails silently if the device to be torn down is
not defined.  This commit prints an error message.

branches affected: trunk, 21.02

Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
2021-06-28 17:24:11 +02:00
Bob Cantor
d515f6b6cd mac80211: always call wireless_set_data (FS#3784)
When wifi is turned off, drv_mac80211_teardown sometimes fails (silently)
because the device to be torn down is not defined.

This situation arises if drv_mac80211_setup was called twice when
wifi was turned on.

This commit ensures that the device to be torn down is always defined
in drv_mac80211_teardown.

Steps to reproduce:

1) Use /sbin/wifi to turn on wifi.
   uci set wireless.@wifi-iface[0].disabled=0
   uci set wireless.@wifi-device[0].disabled=0
   uci commit
   wifi

2) Use /sbin/wifi to turn off wifi.
   uci set wireless.@wifi-device[0].disabled=1
   uci commit
   wifi

3) Observe that wifi is still up.

branches affected: trunk, 21.02

Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
2021-06-28 17:24:11 +02:00
Bob Cantor
a29ab3b79a mac80211: fix no_reload logic (FS#3902)
If drv_mac80211_setup is called twice with the same wifi configuration,
then the second call returns early with error HOSTAPD_START_FAILED.
(wifi works nevertheless, despite the fact that setup is incomplete.  But
"ubus call network.wireless status" erroneously reports that radio0 is down.)

The relevant part of drv_mac80211_setup is,

if [ "$no_reload" != "0" ]; then
        add_ap=1
        ubus wait_for hostapd
        local hostapd_res="$(ubus call hostapd config_add "{\"iface\":\"$primary_ap\", \"config\":\"${hostapd_conf_file}\"}")"
        ret="$?"
        [ "$ret" != 0 -o -z "$hostapd_res" ] && {
                wireless_setup_failed HOSTAPD_START_FAILED
                return
        }
        wireless_add_process "$(jsonfilter -s "$hostapd_res" -l 1 -e @.pid)" "/usr/sbin/hostapd" 1 1
fi

This commit sets no_reload = 0 during the second call of drv_mac80211_setup.

It is perhaps worth providing a way to reproduce the situation
where drv_mac80211_setup is called twice.

When /sbin/wifi is used to turn on wifi,
   uci set wireless.@wifi-iface[0].disabled=0
   uci set wireless.@wifi-device[0].disabled=0
   uci commit
   wifi

/sbin/wifi makes the following ubus calls,
   ubus call network reload
   ubus call network.wireless down
   ubus call network.wireless up

The first and third ubus calls both call drv_mac80211_setup,
while the second ubus call triggers wireless_device_setup_cancel.
So the call sequence becomes,

   drv_mac80211_setup
   wireless_device_setup_cancel
   drv_mac80211_setup

In contrast, when LuCI is used to turn on wifi only a single call
is made to drv_mac80211_setup.

branches affected: trunk, 21.02

Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
2021-06-28 17:24:11 +02:00
Felix Fietkau
89c9ccc3b2 mac80211: fix an issue with wds links on 802.11ax devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-19 12:17:09 +02:00
Felix Fietkau
165a026364 mac80211: remove extra patch accidentally added during rebase
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-18 09:55:51 +02:00
Felix Fietkau
53b6783907 mac80211: remove patches stripping down crypto support
Use of WPA3 and things like FILS is getting much more common, and platforms
that can't affort the extra kilobytes for this code are fading away.
Let's not hold back modern authentication methods any longer

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-18 09:52:35 +02:00
Felix Fietkau
a603e82dd3 mac80211: system hang caused by deferring calls into minstrel to dequeue
Move the aggregation check to mac80211

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-17 18:25:35 +02:00
Felix Fietkau
db9784bedd mac80211: fix minstrel sample time check
We need to skip sampling if the next sample time is after jiffies, not before.
This patch fixes an issue where in some cases only very little sampling (or none
at all) is performed, leading to really bad data rates

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-17 12:41:06 +02:00
Felix Fietkau
a0f97d8f9c mac80211: select iwinfo
Since iwinfo is now used in the core scripts, it needs to be present on the system

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-17 12:40:43 +02:00
Felix Fietkau
49ef4dbee5 mac80211: fix processing HE capabilities (FS#3871)
Use the right argument to fix setting unsupported capabilities to 0

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-17 12:40:43 +02:00
Felix Fietkau
f2c6d892ca mac80211: add support for 802.3 encap offload with software rate control
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-12 10:46:39 +02:00
Felix Fietkau
7dd8829ef9 mac80211: improve rate control performance
Call rate control handler after intermediate queueuing

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-12 10:46:39 +02:00
Felix Fietkau
e1d57d4d43 mac80211: rely on iwinfo for phy->path and path->phy lookups
This avoids inconsistencies from having multiple implementations do the same thing

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-10 10:15:39 +02:00
Hauke Mehrtens
04a260911c mac80211: Update to backports-5.10.42
The removed patches were integrated upstream.

The brcmf_driver_work workqueue was removed in brcmfmac with kernel
5.10.42, the asynchronous call was covered to a synchronous call. There
is no need to wait any more.
This part was removed manually from this patch:
brcm/860-brcmfmac-register-wiphy-s-during-module_init.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-06-06 17:49:40 +02:00
Ansuel Smith
3394af677c mac80211: split ath patch in dedicated subdir
The ath patch number is already large and adding other patch for ath11k
will add more confusion with the patch numbering.
Since the support of ath11k based device is imminent, prepare the mac80211
ath patch dir and split it in the dedicated ath5k, ath9k, ath10k and ath11k
(empty for now).

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2021-06-04 22:44:40 +02:00
Felix Fietkau
2cd1a10829 mac80211: fix typo
Remove stray parenthesis

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-03 05:38:59 +02:00
Felix Fietkau
42a99b18ff mac80211: do not enable VHT in the default config on 2.4 GHz
Some drivers advertise it, but it's not supported at the moment

Reported-by: John Thomson <git@johnthomson.fastmail.com.au>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-02 07:46:21 +02:00
Felix Fietkau
3518b793a2 mac80211: fix detecting VHT capabilities when generating the default config
The colon does not directly follow the "VHT Capabilities" string

Reported-by: John Thomson <git@johnthomson.fastmail.com.au>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-02 07:46:21 +02:00
Felix Fietkau
91abeebd3b mac80211: sync nl80211.h with upstream and backport a WPA3 related commit
Fixes compatibility issues with the latest hostapd update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-26 20:08:25 +02:00
Felix Fietkau
fbd6f099f5 mac80211: add more HE capabilities
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-26 11:48:15 +02:00
Felix Fietkau
8d79915327 mac80211: fix center freq selection for 6 GHz
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-26 11:48:14 +02:00
Felix Fietkau
c8bcdd5619 mac80211: set hostapd op_class for 6 GHz
This is needed to disambiguate it from 5 GHz channels

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-26 11:48:14 +02:00
Felix Fietkau
8504212f65 mac80211: rework default config script
Emit the new band option instead of hwmode
Support 6 GHz band and HE options

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-26 11:48:14 +02:00
Felix Fietkau
8b8c1cb09b mac80211: make use of the new 'band' option
Use it to look up frequencies only in the configured band to better deal
with channel number overlap

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-26 11:48:14 +02:00
Felix Fietkau
db072fdc9e mac80211: add 6 GHz support to mac80211_hwsim
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-26 11:48:14 +02:00
Robert Marko
b054009854 mac80211: fix ATH_REG_DYNAMIC_USER_REG_HINTS
ATH_REG_DYNAMIC_USER_REG_HINTS is currently not being set as mac80211
tries to set it as m which is not possible as its boolean only.

Since its used alongside user regulatory, move it to USER_REGD.

This is required for ath11k to accept regulatory changes, otherwise
it wont accept any changes and will simply force US.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2021-05-23 15:11:38 +02:00
Felix Fietkau
025bd93f36 mac80211: backport upstream fixes for FragAttacks
From the patch series description:

Several security issues in the 802.11 implementations were found by
Mathy Vanhoef (New York University Abu Dhabi), who has published all
the details at

	https://papers.mathyvanhoef.com/usenix2021.pdf

Specifically, the following CVEs were assigned:

 * CVE-2020-24586 - Fragmentation cache not cleared on reconnection
 * CVE-2020-24587 - Reassembling fragments encrypted under different
                    keys
 * CVE-2020-24588 - Accepting non-SPP A-MSDU frames, which leads to
                    payload being parsed as an L2 frame under an
                    A-MSDU bit toggling attack
 * CVE-2020-26139 - Forwarding EAPOL from unauthenticated sender
 * CVE-2020-26140 - Accepting plaintext data frames in protected
                    networks
 * CVE-2020-26141 - Not verifying TKIP MIC of fragmented frames
 * CVE-2020-26142 - Processing fragmented frames as full frames
 * CVE-2020-26143 - Accepting fragmented plaintext frames in
                    protected networks
 * CVE-2020-26144 - Always accepting unencrypted A-MSDU frames that
                    start with RFC1042 header with EAPOL ethertype
 * CVE-2020-26145 - Accepting plaintext broadcast fragments as full
                    frames
 * CVE-2020-26146 - Reassembling encrypted fragments with non-consecutive
                    packet numbers
 * CVE-2020-26147 - Reassembling mixed encrypted/plaintext fragments

In general, the scope of these attacks is that they may allow an
attacker to
 * inject L2 frames that they can more or less control (depending on the
   vulnerability and attack method) into an otherwise protected network;
 * exfiltrate (some) network data under certain conditions, this is
   specific to the fragmentation issues.

A subset of these issues is known to apply to the Linux IEEE 802.11
implementation (mac80211). Where it is affected, the attached patches
fix the issues, even if not all of them reference the exact CVE IDs.

In addition, driver and/or firmware updates may be necessary, as well
as potentially more fixes to mac80211, depending on how drivers are
using it.

Specifically, for Intel devices, firmware needs to be updated to the
most recently released versions (which was done without any reference
to the security issues) to address some of the vulnerabilities.

To have a single set of patches, I'm also including patches for the
ath10k and ath11k drivers here.

We currently don't have information about how other drivers are, if
at all, affected.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-12 17:51:59 +02:00
Hauke Mehrtens
17ac9849d3 mac80211: Update to version 5.10.34-1
The removed patches were applied upstream and are not needed anymore.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-05-04 22:25:43 +02:00