mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-10 06:52:53 +00:00
65835e0d5f
Refresh all patches. The removed patches were integrated upstream. This contains fixes for CVE-2020-3702 1. These patches (ath, ath9k, mac80211) were included in kernel versions since 4.14.245 and 4.19.205. They fix security vulnerability CVE-2020-3702 [1] similar to KrØØk, which was found by ESET [2]. Thank you Josef Schlehofer for reporting this problem. [1] https://nvd.nist.gov/vuln/detail/CVE-2020-3702 [2] https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/ Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
61 lines
2.0 KiB
Diff
61 lines
2.0 KiB
Diff
From: Johannes Berg <johannes.berg@intel.com>
|
|
Date: Fri, 19 Mar 2021 23:28:01 +0100
|
|
Subject: [PATCH] mac80211: don't apply flow control on management frames
|
|
|
|
In some cases (depending on the driver, but it's true e.g. for
|
|
iwlwifi) we're using an internal TXQ for management packets,
|
|
mostly to simplify the code and to have a place to queue them.
|
|
However, it appears that in certain cases we can confuse the
|
|
code and management frames are dropped, which is certainly not
|
|
what we want.
|
|
|
|
Short-circuit the processing of management frames. To keep the
|
|
impact minimal, only put them on the frags queue and check the
|
|
tid == management only for doing that and to skip the airtime
|
|
fairness checks, if applicable.
|
|
|
|
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
---
|
|
|
|
--- a/net/mac80211/tx.c
|
|
+++ b/net/mac80211/tx.c
|
|
@@ -5,7 +5,7 @@
|
|
* Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
|
|
* Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
|
|
* Copyright 2013-2014 Intel Mobile Communications GmbH
|
|
- * Copyright (C) 2018-2020 Intel Corporation
|
|
+ * Copyright (C) 2018-2021 Intel Corporation
|
|
*
|
|
* Transmit and frame generation functions.
|
|
*/
|
|
@@ -1401,8 +1401,17 @@ static void ieee80211_txq_enqueue(struct
|
|
ieee80211_set_skb_enqueue_time(skb);
|
|
|
|
spin_lock_bh(&fq->lock);
|
|
- fq_tin_enqueue(fq, tin, flow_idx, skb,
|
|
- fq_skb_free_func);
|
|
+ /*
|
|
+ * For management frames, don't really apply codel etc.,
|
|
+ * we don't want to apply any shaping or anything we just
|
|
+ * want to simplify the driver API by having them on the
|
|
+ * txqi.
|
|
+ */
|
|
+ if (unlikely(txqi->txq.tid == IEEE80211_NUM_TIDS))
|
|
+ __skb_queue_tail(&txqi->frags, skb);
|
|
+ else
|
|
+ fq_tin_enqueue(fq, tin, flow_idx, skb,
|
|
+ fq_skb_free_func);
|
|
spin_unlock_bh(&fq->lock);
|
|
}
|
|
|
|
@@ -3866,6 +3875,9 @@ bool ieee80211_txq_airtime_check(struct
|
|
if (!txq->sta)
|
|
return true;
|
|
|
|
+ if (unlikely(txq->tid == IEEE80211_NUM_TIDS))
|
|
+ return true;
|
|
+
|
|
sta = container_of(txq->sta, struct sta_info, sta);
|
|
if (atomic_read(&sta->airtime[txq->ac].aql_tx_pending) <
|
|
sta->airtime[txq->ac].aql_limit_low)
|