mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-18 10:46:41 +00:00
97bc59a5c0
Refresh all patches. The removed patches were integrated upstream. This contains fixes for CVE-2020-3702 1. These patches (ath, ath9k, mac80211) were included in kernel versions since 4.14.245 and 4.19.205. They fix security vulnerability CVE-2020-3702 [1] similar to KrØØk, which was found by ESET [2]. Thank you Josef Schlehofer for reporting this problem. [1] https://nvd.nist.gov/vuln/detail/CVE-2020-3702 [2] https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/ Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
127 lines
3.6 KiB
Diff
127 lines
3.6 KiB
Diff
From: Felix Fietkau <nbd@nbd.name>
|
|
Date: Thu, 17 Jun 2021 17:56:54 +0200
|
|
Subject: [PATCH] mac80211: move A-MPDU session check from minstrel_ht to
|
|
mac80211
|
|
|
|
This avoids calling back into tx handlers from within the rate control module.
|
|
Preparation for deferring rate control until tx dequeue
|
|
|
|
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
---
|
|
|
|
--- a/include/net/mac80211.h
|
|
+++ b/include/net/mac80211.h
|
|
@@ -6160,6 +6160,11 @@ enum rate_control_capabilities {
|
|
* otherwise the NSS difference doesn't bother us.
|
|
*/
|
|
RATE_CTRL_CAPA_VHT_EXT_NSS_BW = BIT(0),
|
|
+ /**
|
|
+ * @RATE_CTRL_CAPA_AMPDU_TRIGGER:
|
|
+ * mac80211 should start A-MPDU sessions on tx
|
|
+ */
|
|
+ RATE_CTRL_CAPA_AMPDU_TRIGGER = BIT(1),
|
|
};
|
|
|
|
struct rate_control_ops {
|
|
--- a/net/mac80211/rc80211_minstrel_ht.c
|
|
+++ b/net/mac80211/rc80211_minstrel_ht.c
|
|
@@ -1144,29 +1144,6 @@ minstrel_downgrade_prob_rate(struct mins
|
|
}
|
|
|
|
static void
|
|
-minstrel_aggr_check(struct ieee80211_sta *pubsta, struct sk_buff *skb)
|
|
-{
|
|
- struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
|
|
- struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
|
|
- u16 tid;
|
|
-
|
|
- if (skb_get_queue_mapping(skb) == IEEE80211_AC_VO)
|
|
- return;
|
|
-
|
|
- if (unlikely(!ieee80211_is_data_qos(hdr->frame_control)))
|
|
- return;
|
|
-
|
|
- if (unlikely(skb->protocol == cpu_to_be16(ETH_P_PAE)))
|
|
- return;
|
|
-
|
|
- tid = ieee80211_get_tid(hdr);
|
|
- if (likely(sta->ampdu_mlme.tid_tx[tid]))
|
|
- return;
|
|
-
|
|
- ieee80211_start_tx_ba_session(pubsta, tid, 0);
|
|
-}
|
|
-
|
|
-static void
|
|
minstrel_ht_tx_status(void *priv, struct ieee80211_supported_band *sband,
|
|
void *priv_sta, struct ieee80211_tx_status *st)
|
|
{
|
|
@@ -1461,10 +1438,6 @@ minstrel_ht_get_rate(void *priv, struct
|
|
struct minstrel_priv *mp = priv;
|
|
u16 sample_idx;
|
|
|
|
- if (!(info->flags & IEEE80211_TX_CTL_AMPDU) &&
|
|
- !minstrel_ht_is_legacy_group(MI_RATE_GROUP(mi->max_prob_rate)))
|
|
- minstrel_aggr_check(sta, txrc->skb);
|
|
-
|
|
info->flags |= mi->tx_flags;
|
|
|
|
#ifdef CPTCFG_MAC80211_DEBUGFS
|
|
@@ -1870,6 +1843,7 @@ static u32 minstrel_ht_get_expected_thro
|
|
|
|
static const struct rate_control_ops mac80211_minstrel_ht = {
|
|
.name = "minstrel_ht",
|
|
+ .capa = RATE_CTRL_CAPA_AMPDU_TRIGGER,
|
|
.tx_status_ext = minstrel_ht_tx_status,
|
|
.get_rate = minstrel_ht_get_rate,
|
|
.rate_init = minstrel_ht_rate_init,
|
|
--- a/net/mac80211/tx.c
|
|
+++ b/net/mac80211/tx.c
|
|
@@ -3953,6 +3953,29 @@ void ieee80211_txq_schedule_start(struct
|
|
}
|
|
EXPORT_SYMBOL(ieee80211_txq_schedule_start);
|
|
|
|
+static void
|
|
+ieee80211_aggr_check(struct ieee80211_sub_if_data *sdata,
|
|
+ struct sta_info *sta,
|
|
+ struct sk_buff *skb)
|
|
+{
|
|
+ struct rate_control_ref *ref = sdata->local->rate_ctrl;
|
|
+ u16 tid;
|
|
+
|
|
+ if (!ref || !(ref->ops->capa & RATE_CTRL_CAPA_AMPDU_TRIGGER))
|
|
+ return;
|
|
+
|
|
+ if (!sta || !sta->sta.ht_cap.ht_supported ||
|
|
+ !sta->sta.wme || skb_get_queue_mapping(skb) == IEEE80211_AC_VO ||
|
|
+ skb->protocol == sdata->control_port_protocol)
|
|
+ return;
|
|
+
|
|
+ tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
|
|
+ if (likely(sta->ampdu_mlme.tid_tx[tid]))
|
|
+ return;
|
|
+
|
|
+ ieee80211_start_tx_ba_session(&sta->sta, tid, 0);
|
|
+}
|
|
+
|
|
void __ieee80211_subif_start_xmit(struct sk_buff *skb,
|
|
struct net_device *dev,
|
|
u32 info_flags,
|
|
@@ -3983,6 +4006,8 @@ void __ieee80211_subif_start_xmit(struct
|
|
skb_get_hash(skb);
|
|
}
|
|
|
|
+ ieee80211_aggr_check(sdata, sta, skb);
|
|
+
|
|
if (sta) {
|
|
struct ieee80211_fast_tx *fast_tx;
|
|
|
|
@@ -4246,6 +4271,8 @@ static void ieee80211_8023_xmit(struct i
|
|
|
|
memset(info, 0, sizeof(*info));
|
|
|
|
+ ieee80211_aggr_check(sdata, sta, skb);
|
|
+
|
|
tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
|
|
tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[tid]);
|
|
if (tid_tx) {
|