Commit Graph

818 Commits

Author SHA1 Message Date
Felix Fietkau
fa9a932fdb mac80211: backport security fix and disable MBSSID support
Fixes: CVE-2022-41674
Fixes: CVE-2022-42719
Fixes: CVE-2022-42720
Fixes: CVE-2022-42721
Fixes: CVE-2022-42722
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-10-13 21:16:38 +02:00
Thibaut VARÈNE
39f1815b3e mac80211: fix QCA9561 PA bias
This patch fixes an invalid TX PA DC bias level on QCA9561, which
results in a very low output power and very low throughput as devices
are further away from the AP (compared to other 2.4GHz APs),
following a suggestion from nbd[1].

This patch has been submitted upstream[2].

[1] https://lore.kernel.org/all/91c58969-c60e-2f41-00ac-737786d435ae@nbd.name
[2] https://lore.kernel.org/linux-wireless/20220417145145.1847-1-hacks+kernel@slashdirt.org/

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry-picked from 7dc52a78ae)
2022-04-19 14:56:49 +02:00
Hauke Mehrtens
99b00edf35 mac80211: Update to version 5.10.110-1
This updates mac80211 to version 5.10.110-1 which is based on kernel
5.10.110.
The removed patches were applied upstream.

This new release contains many fixes which were merged into the upstream
Linux kernel.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-04-11 22:51:57 +02:00
Nick Hainke
27225e3538 kernel: ath10k: provide a build variant for small RAM devices
Based on: 1ac627024d ("kernel: ath10k-ct: provide a build variant for
small RAM devices")

Like described in the ath10k-ct-smallbuffers version, oom-killer gets
triggered frequently by devices with small RAM.

That change is necessary for many community mesh networks which use
ath10k based devices with too little RAM. The -ct driver has been
proven unstable if used with 11s meshing and only wave2 chipsets are
supporting 11s. Freifunk Berlin is nowadays assembling its
firmware-based completely of vanilla OpenWRT with some package additions
which are made through the imagebuilder. Therefore we cannot take the
approach other freifunk communities have taken to maintain that patch
downstream [1]. Other communities consider these devices as broken and
that change would pretty much give those devices a second life [2].
[1] - 450b306e54
[2] - https://github.com/freifunk-gluon/gluon/issues/1988#issuecomment-619532909

Signed-off-by: Simon Polack <spolack+git@mailbox.org>
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 694757a08f)
2022-01-02 12:35:21 +01:00
Felix Fietkau
e1b79b1dc3 mac80211: optimize airtime fairness code to reduce cpu usage
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 87def9efd8)
2021-12-21 12:58:22 +01:00
Hauke Mehrtens
4b52d89531 mac80211: Update toversion 5.10.85
The following patches were backported from upstream before and are not
needed any more:
  package/kernel/mac80211/patches/ath/980-ath10k-fix-max-antenna-gain-unit.patch
  package/kernel/mac80211/patches/subsys/307-mac80211-do-not-access-the-IV-when-it-was-stripped.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-12-14 23:12:22 +01:00
Felix Fietkau
1276ef9c1c mac80211: fix tx aggregation locking issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit a1a71a7199)
2021-12-02 14:14:39 +01:00
Felix Fietkau
b1e684fa88 mac80211: fix queue assignment of aggregation start requests
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 15d8c7aa74)
2021-12-02 14:13:33 +01:00
Felix Fietkau
0e0192098a mac80211: backport fix for dealing with stripped IV on rx
This fixes potental rx drop issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 68189835ac)
2021-11-26 08:55:04 +01:00
Felix Fietkau
36c3103cba mac80211: add a fix for kernel warnings when forwarding packets in mesh mode
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit d439c7d85a)
2021-11-24 15:42:20 +01:00
Felix Fietkau
ea91ebedce mac80211: fix regression in SSN handling of addba tx
Some drivers that do their own sequence number allocation (e.g. ath9k, mwlwifi) rely
on being able to modify params->ssn on starting tx ampdu sessions.
This was broken by a change that modified it to use sta->tid_seq[tid] instead.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit ddd977fcc5)
2021-11-24 15:41:34 +01:00
Felix Fietkau
ee5b593435 mac80211: fix crash in drivers relying on mac80211 retransmitting packets for powersave clients
This showed up primarily on rt2x00

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit d1ea575baa)
2021-11-23 18:30:04 +01:00
Felix Fietkau
fb98c8a610 mac80211: backport a few trivial patches
No functional changes, just some renames to make it easier to keep mt76 in
sync with upstream

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit e62c550470)
(cherry-picked from commit a889dcd3f2)
2021-11-23 18:30:04 +01:00
Felix Fietkau
2007d4e208 mac80211: backport AP mode TWT support
Required for an upcoming mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 978e822db3)
(cherry-picked from commit af9d31aacc)
2021-11-23 18:30:04 +01:00
Felix Fietkau
c5ef1cee8a mac80211: backport support for BSS color changes
This is needed for an upcoming mt76 update
also sync iw nl80211 with kernel backports

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 2bfac61483)
(cherry-picked from commit 36019ed589)
2021-11-23 18:30:04 +01:00
Felix Fietkau
bb5da058db mac80211: add missing change for encap offload on devices with sw rate control
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 0f6887972a)
(cherry-picked from commit 6f2044c2d7)
2021-11-23 18:30:04 +01:00
Felix Fietkau
52300733cd mac80211: backport SAR power limit support
Needed for an upcoming mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 890bf06cef)
2021-11-23 18:30:04 +01:00
Felix Fietkau
68886f3018 mac80211: merge the virtual time based airtime scheduler
Improves airtime fairness, especially for devices with larger firmware buffers

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit a5888ad6b3)
2021-11-23 18:30:04 +01:00
Hauke Mehrtens
65835e0d5f mac80211: Update to backports-5.10.68
Refresh all patches.
The removed patches were integrated upstream.

This contains fixes for CVE-2020-3702

1. These patches (ath, ath9k, mac80211)  were included in kernel
versions since 4.14.245 and 4.19.205. They fix security vulnerability
CVE-2020-3702 [1] similar to KrØØk, which was found by ESET [2].

Thank you Josef Schlehofer for reporting this problem.

[1] https://nvd.nist.gov/vuln/detail/CVE-2020-3702
[2] https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-09-22 22:36:15 +02:00
Felix Fietkau
ccbe535604 mac80211: backport fix for nl80211 control port tx (fixes FS#3857)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit de49957300)
2021-06-30 19:24:55 +02:00
Felix Fietkau
4c29ff7cb8 mac80211: add support for 802.3 encap offload with software rate control
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit f2c6d892ca)
2021-06-30 19:24:55 +02:00
Felix Fietkau
a078037ace mac80211: improve rate control performance
Call rate control handler after intermediate queueuing
Includes follow-up fixes

Signed-off-by: Felix Fietkau <nbd@nbd.name>

cherry-picked from commits:
- 7dd8829ef9
- a603e82dd3
- 8bb4437c01
2021-06-30 19:12:20 +02:00
Felix Fietkau
3d0ed7d763 mac80211: fix an issue with wds links on 802.11ax devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 89c9ccc3b2)
2021-06-19 12:17:54 +02:00
Felix Fietkau
3839a4c7e9 mac80211: fix minstrel sample time check
We need to skip sampling if the next sample time is after jiffies, not before.
This patch fixes an issue where in some cases only very little sampling (or none
at all) is performed, leading to really bad data rates

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-17 12:45:08 +02:00
Felix Fietkau
05a8bf04ec mac80211: sync nl80211.h with upstream and backport a WPA3 related commit
Fixes compatibility issues with the latest hostapd update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 91abeebd3b)
2021-06-17 12:44:57 +02:00
Hauke Mehrtens
00d7a459f3 mac80211: Update to backports-5.10.42
The removed patches were integrated upstream.

The brcmf_driver_work workqueue was removed in brcmfmac with kernel
5.10.42, the asynchronous call was covered to a synchronous call. There
is no need to wait any more.
This part was removed manually from this patch:
brcm/860-brcmfmac-register-wiphy-s-during-module_init.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 04a260911c)
2021-06-06 17:54:58 +02:00
Felix Fietkau
5869423d21 mac80211: backport upstream fixes for FragAttacks
From the patch series description:

Several security issues in the 802.11 implementations were found by
Mathy Vanhoef (New York University Abu Dhabi), who has published all
the details at

	https://papers.mathyvanhoef.com/usenix2021.pdf

Specifically, the following CVEs were assigned:

 * CVE-2020-24586 - Fragmentation cache not cleared on reconnection
 * CVE-2020-24587 - Reassembling fragments encrypted under different
                    keys
 * CVE-2020-24588 - Accepting non-SPP A-MSDU frames, which leads to
                    payload being parsed as an L2 frame under an
                    A-MSDU bit toggling attack
 * CVE-2020-26139 - Forwarding EAPOL from unauthenticated sender
 * CVE-2020-26140 - Accepting plaintext data frames in protected
                    networks
 * CVE-2020-26141 - Not verifying TKIP MIC of fragmented frames
 * CVE-2020-26142 - Processing fragmented frames as full frames
 * CVE-2020-26143 - Accepting fragmented plaintext frames in
                    protected networks
 * CVE-2020-26144 - Always accepting unencrypted A-MSDU frames that
                    start with RFC1042 header with EAPOL ethertype
 * CVE-2020-26145 - Accepting plaintext broadcast fragments as full
                    frames
 * CVE-2020-26146 - Reassembling encrypted fragments with non-consecutive
                    packet numbers
 * CVE-2020-26147 - Reassembling mixed encrypted/plaintext fragments

In general, the scope of these attacks is that they may allow an
attacker to
 * inject L2 frames that they can more or less control (depending on the
   vulnerability and attack method) into an otherwise protected network;
 * exfiltrate (some) network data under certain conditions, this is
   specific to the fragmentation issues.

A subset of these issues is known to apply to the Linux IEEE 802.11
implementation (mac80211). Where it is affected, the attached patches
fix the issues, even if not all of them reference the exact CVE IDs.

In addition, driver and/or firmware updates may be necessary, as well
as potentially more fixes to mac80211, depending on how drivers are
using it.

Specifically, for Intel devices, firmware needs to be updated to the
most recently released versions (which was done without any reference
to the security issues) to address some of the vulnerabilities.

To have a single set of patches, I'm also including patches for the
ath10k and ath11k drivers here.

We currently don't have information about how other drivers are, if
at all, affected.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-16 08:48:22 +02:00
Rui Salvaterra
c99f037493 mac80211/rtl: backport a rtl8192cu AP mode fix
Running USB devices in AP mode is never a good idea. That said, fix the TIM
issue in rtl8192cu [1], allowing these devices to "work" in AP mode.

[1] https://patchwork.kernel.org/project/linux-wireless/patch/20210419065956.6085-1-pkshih@realtek.com/

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit eeda8652f1)
2021-05-14 23:32:22 +02:00
Hauke Mehrtens
ce41fc38ba mac80211: Update to version 5.10.34-1
The removed patches were applied upstream and are not needed anymore.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 17ac9849d3)
2021-05-04 22:29:34 +02:00
Felix Fietkau
f066ee2ad5 mac80211: minstrel_ht: fix issue in calculating success probability
Missing braces in a macro were leading to badly working rates sometimes
getting a success probabilty of 1.0

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 12cb52bd06)
2021-04-28 21:11:15 +02:00
Felix Fietkau
4ad1957eee mac80211: add client mode connection monitor fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit dfdb28c24a)
2021-04-11 19:45:26 +02:00
Felix Fietkau
de00033bbb mac80211: support rx timestamps for HE rates
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 7d8e14e44f)
2021-04-11 19:45:26 +02:00
Felix Fietkau
64ddac2c1c mac80211: merge a few pending tx related fixes
Improve performance and fix potential mgmt tx hangs/warnings

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 571aedbc6c)
2021-04-04 11:39:51 +02:00
Felix Fietkau
69794908b6 mac80211: backport upstream patches for driver disconnect
Needed for an mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 5dc5015072)
2021-04-04 11:39:51 +02:00
Hauke Mehrtens
1132340a22 mac80211: Update to version 5.10.16-1
The removed patches were applied upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-15 22:29:42 +01:00
Hauke Mehrtens
0cde9a0a65 mac80211: Refresh patches again
A wrong quilt configuration was used last time.

Fixes: ed1e234d87 ("mac80211: refresh patches")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-15 22:29:42 +01:00
Felix Fietkau
f118be0712 ath9k: fix transmitting to stations in dynamic SMPS mode
When transmitting to a receiver in dynamic SMPS mode, all transmissions that
use multiple spatial streams need to be sent using CTS-to-self or RTS/CTS to
give the receiver's extra chains some time to wake up.
This fixes the tx rate getting stuck at <= MCS7 for some clients, especially
Intel ones, which make aggressive use of SMPS.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:55:45 +01:00
Felix Fietkau
9cb63f5360 mac80211: fix a regression in processing rx stats
A logic error caused rx rate update to be missed for any driver not using
fast-rx

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:41:07 +01:00
Felix Fietkau
ed1e234d87 mac80211: refresh patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:41:07 +01:00
Felix Fietkau
072bfe2113 mac80211: add minstrel performance improvements
Reduce fluctuations in rate selection / statistics

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:41:07 +01:00
Felix Fietkau
b6066846ad mac80211: add decapsulation offload support
On hardware that supports this, this will improve performance by passing
802.3 frames from the hardware to the stack

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:41:07 +01:00
Felix Fietkau
8fc2cfea87 mac80211: fix a corner case in encapsulation offload support
Fix encryption key selection with WEP

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:41:07 +01:00
Felix Fietkau
268210cec8 mac80211: add fq performace improvements
Improves performance under load

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:41:07 +01:00
Hauke Mehrtens
12424edff5 mac80211: Update to version 5.10-rc6-1
The removed patches were applied upstream.

This adapts ath10k-ct and mt76 to changed APIs.
nl80211.h in iw is updated to match the version from backports.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-14 15:15:29 +01:00
Hauke Mehrtens
bf6f7cf29b mac80211: Update to version 5.9.12-1
The removed patches were applied upstream.

Remove the 300-mac80211-optimize-skb-resizing.patch.
This patch was not applied upstream, but it conflicts with upstream
changes and needs bigger changes. It was applied with Felix to remove
this patch for now. It should be reworked and then send upstream later.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-14 15:13:40 +01:00
Felix Fietkau
84fa59b5a8 mac80211: fix station rate table updates on assoc
If the driver uses .sta_add, station entries are only uploaded after the sta
is in assoc state. Fix early station rate table updates by deferring them
until the sta has been uploaded

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-01 10:00:23 +01:00
David Bauer
0c499f6068 mac80211: convert UniFi Outdoor+ HSR support to OF
Enable support for the Ubiquiti UniFi Outdoor+ RF filter via
device-tree. The old way of using platform data is not required anymore,
as it was only used on the now removed ar71xx target.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-01 00:47:36 +01:00
Felix Fietkau
7ca75a2d01 mac80211: fix an uninitialized variable warning
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-01-26 20:00:03 +01:00
Felix Fietkau
56c20f0a5a mac80211: minstrel_ht: fix regression in the max_prob_rate fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-01-26 16:46:45 +01:00
Felix Fietkau
1fdbb8779a mac80211: remove accidentally duplicated line in minstrel_ht patch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-01-26 16:46:45 +01:00