+++ /dev/null
-From 2b8a1fee3488c602aca8bea004a087e60806a5cf Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-Date: Tue, 11 May 2021 20:02:45 +0200
-Subject: cfg80211: mitigate A-MSDU aggregation attacks
-
-From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-
-commit 2b8a1fee3488c602aca8bea004a087e60806a5cf upstream.
-
-Mitigate A-MSDU injection attacks (CVE-2020-24588) by detecting if the
-destination address of a subframe equals an RFC1042 (i.e., LLC/SNAP)
-header, and if so dropping the complete A-MSDU frame. This mitigates
-known attacks, although new (unknown) aggregation-based attacks may
-remain possible.
-
-This defense works because in A-MSDU aggregation injection attacks, a
-normal encrypted Wi-Fi frame is turned into an A-MSDU frame. This means
-the first 6 bytes of the first A-MSDU subframe correspond to an RFC1042
-header. In other words, the destination MAC address of the first A-MSDU
-subframe contains the start of an RFC1042 header during an aggregation
-attack. We can detect this and thereby prevent this specific attack.
-For details, see Section 7.2 of "Fragment and Forge: Breaking Wi-Fi
-Through Frame Aggregation and Fragmentation".
-
-Note that for kernel 4.9 and above this patch depends on "mac80211:
-properly handle A-MSDUs that start with a rfc1042 header". Otherwise
-this patch has no impact and attacks will remain possible.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-Link: https://lore.kernel.org/r/20210511200110.25d93176ddaf.I9e265b597f2cd23eb44573f35b625947b386a9de@changeid
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/wireless/util.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/net/wireless/util.c
-+++ b/net/wireless/util.c
-@@ -768,6 +768,9 @@ void ieee80211_amsdu_to_8023s(struct sk_
- remaining = skb->len - offset;
- if (subframe_len > remaining)
- goto purge;
-+ /* mitigate A-MSDU aggregation injection attacks */
-+ if (ether_addr_equal(eth.h_dest, rfc1042_header))
-+ goto purge;
-
- offset += sizeof(struct ethhdr);
- last = remaining <= subframe_len + padding;
+++ /dev/null
-From 965a7d72e798eb7af0aa67210e37cf7ecd1c9cad Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-Date: Tue, 11 May 2021 20:02:42 +0200
-Subject: mac80211: assure all fragments are encrypted
-
-From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-
-commit 965a7d72e798eb7af0aa67210e37cf7ecd1c9cad upstream.
-
-Do not mix plaintext and encrypted fragments in protected Wi-Fi
-networks. This fixes CVE-2020-26147.
-
-Previously, an attacker was able to first forward a legitimate encrypted
-fragment towards a victim, followed by a plaintext fragment. The
-encrypted and plaintext fragment would then be reassembled. For further
-details see Section 6.3 and Appendix D in the paper "Fragment and Forge:
-Breaking Wi-Fi Through Frame Aggregation and Fragmentation".
-
-Because of this change there are now two equivalent conditions in the
-code to determine if a received fragment requires sequential PNs, so we
-also move this test to a separate function to make the code easier to
-maintain.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-Link: https://lore.kernel.org/r/20210511200110.30c4394bb835.I5acfdb552cc1d20c339c262315950b3eac491397@changeid
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/mac80211/rx.c | 23 ++++++++++++-----------
- 1 file changed, 12 insertions(+), 11 deletions(-)
-
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -1942,6 +1942,16 @@ ieee80211_reassemble_find(struct ieee802
- return NULL;
- }
-
-+static bool requires_sequential_pn(struct ieee80211_rx_data *rx, __le16 fc)
-+{
-+ return rx->key &&
-+ (rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP ||
-+ rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP_256 ||
-+ rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP ||
-+ rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP_256) &&
-+ ieee80211_has_protected(fc);
-+}
-+
- static ieee80211_rx_result debug_noinline
- ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
- {
-@@ -1987,12 +1997,7 @@ ieee80211_rx_h_defragment(struct ieee802
- /* This is the first fragment of a new frame. */
- entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
- rx->seqno_idx, &(rx->skb));
-- if (rx->key &&
-- (rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP ||
-- rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP_256 ||
-- rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP ||
-- rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP_256) &&
-- ieee80211_has_protected(fc)) {
-+ if (requires_sequential_pn(rx, fc)) {
- int queue = rx->security_idx;
-
- /* Store CCMP/GCMP PN so that we can verify that the
-@@ -2034,11 +2039,7 @@ ieee80211_rx_h_defragment(struct ieee802
- u8 pn[IEEE80211_CCMP_PN_LEN], *rpn;
- int queue;
-
-- if (!rx->key ||
-- (rx->key->conf.cipher != WLAN_CIPHER_SUITE_CCMP &&
-- rx->key->conf.cipher != WLAN_CIPHER_SUITE_CCMP_256 &&
-- rx->key->conf.cipher != WLAN_CIPHER_SUITE_GCMP &&
-- rx->key->conf.cipher != WLAN_CIPHER_SUITE_GCMP_256))
-+ if (!requires_sequential_pn(rx, fc))
- return RX_DROP_UNUSABLE;
- memcpy(pn, entry->last_pn, IEEE80211_CCMP_PN_LEN);
- for (i = IEEE80211_CCMP_PN_LEN - 1; i >= 0; i--) {
+++ /dev/null
-From bf30ca922a0c0176007e074b0acc77ed345e9990 Mon Sep 17 00:00:00 2001
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Tue, 11 May 2021 20:02:48 +0200
-Subject: mac80211: check defrag PN against current frame
-
-From: Johannes Berg <johannes.berg@intel.com>
-
-commit bf30ca922a0c0176007e074b0acc77ed345e9990 upstream.
-
-As pointed out by Mathy Vanhoef, we implement the RX PN check
-on fragmented frames incorrectly - we check against the last
-received PN prior to the new frame, rather than to the one in
-this frame itself.
-
-Prior patches addressed the security issue here, but in order
-to be able to reason better about the code, fix it to really
-compare against the current frame's PN, not the last stored
-one.
-
-Cc: stable@vger.kernel.org
-Link: https://lore.kernel.org/r/20210511200110.bfbc340ff071.Id0b690e581da7d03d76df90bb0e3fd55930bc8a0@changeid
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/mac80211/ieee80211_i.h | 11 +++++++++--
- net/mac80211/rx.c | 5 ++---
- net/mac80211/wpa.c | 13 +++++++++----
- 3 files changed, 20 insertions(+), 9 deletions(-)
-
---- a/net/mac80211/ieee80211_i.h
-+++ b/net/mac80211/ieee80211_i.h
-@@ -240,8 +240,15 @@ struct ieee80211_rx_data {
- */
- int security_idx;
-
-- u32 tkip_iv32;
-- u16 tkip_iv16;
-+ union {
-+ struct {
-+ u32 iv32;
-+ u16 iv16;
-+ } tkip;
-+ struct {
-+ u8 pn[IEEE80211_CCMP_PN_LEN];
-+ } ccm_gcm;
-+ };
- };
-
- struct ieee80211_csa_settings {
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -2038,7 +2038,6 @@ ieee80211_rx_h_defragment(struct ieee802
- if (entry->check_sequential_pn) {
- int i;
- u8 pn[IEEE80211_CCMP_PN_LEN], *rpn;
-- int queue;
-
- if (!requires_sequential_pn(rx, fc))
- return RX_DROP_UNUSABLE;
-@@ -2053,8 +2052,8 @@ ieee80211_rx_h_defragment(struct ieee802
- if (pn[i])
- break;
- }
-- queue = rx->security_idx;
-- rpn = rx->key->u.ccmp.rx_pn[queue];
-+
-+ rpn = rx->ccm_gcm.pn;
- if (memcmp(pn, rpn, IEEE80211_CCMP_PN_LEN))
- return RX_DROP_UNUSABLE;
- memcpy(entry->last_pn, pn, IEEE80211_CCMP_PN_LEN);
---- a/net/mac80211/wpa.c
-+++ b/net/mac80211/wpa.c
-@@ -2,6 +2,7 @@
- * Copyright 2002-2004, Instant802 Networks, Inc.
- * Copyright 2008, Jouni Malinen <j@w1.fi>
- * Copyright (C) 2016 Intel Deutschland GmbH
-+ * Copyright (C) 2020-2021 Intel Corporation
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
-@@ -162,8 +163,8 @@ ieee80211_rx_h_michael_mic_verify(struct
-
- update_iv:
- /* update IV in key information to be able to detect replays */
-- rx->key->u.tkip.rx[rx->security_idx].iv32 = rx->tkip_iv32;
-- rx->key->u.tkip.rx[rx->security_idx].iv16 = rx->tkip_iv16;
-+ rx->key->u.tkip.rx[rx->security_idx].iv32 = rx->tkip.iv32;
-+ rx->key->u.tkip.rx[rx->security_idx].iv16 = rx->tkip.iv16;
-
- return RX_CONTINUE;
-
-@@ -289,8 +290,8 @@ ieee80211_crypto_tkip_decrypt(struct iee
- key, skb->data + hdrlen,
- skb->len - hdrlen, rx->sta->sta.addr,
- hdr->addr1, hwaccel, rx->security_idx,
-- &rx->tkip_iv32,
-- &rx->tkip_iv16);
-+ &rx->tkip.iv32,
-+ &rx->tkip.iv16);
- if (res != TKIP_DECRYPT_OK)
- return RX_DROP_UNUSABLE;
-
-@@ -548,6 +549,8 @@ ieee80211_crypto_ccmp_decrypt(struct iee
- }
-
- memcpy(key->u.ccmp.rx_pn[queue], pn, IEEE80211_CCMP_PN_LEN);
-+ if (unlikely(ieee80211_is_frag(hdr)))
-+ memcpy(rx->ccm_gcm.pn, pn, IEEE80211_CCMP_PN_LEN);
- }
-
- /* Remove CCMP header and MIC */
-@@ -777,6 +780,8 @@ ieee80211_crypto_gcmp_decrypt(struct iee
- }
-
- memcpy(key->u.gcmp.rx_pn[queue], pn, IEEE80211_GCMP_PN_LEN);
-+ if (unlikely(ieee80211_is_frag(hdr)))
-+ memcpy(rx->ccm_gcm.pn, pn, IEEE80211_CCMP_PN_LEN);
- }
-
- /* Remove GCMP header and MIC */
+++ /dev/null
-From 94034c40ab4a3fcf581fbc7f8fdf4e29943c4a24 Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-Date: Tue, 11 May 2021 20:02:43 +0200
-Subject: mac80211: prevent mixed key and fragment cache attacks
-
-From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-
-commit 94034c40ab4a3fcf581fbc7f8fdf4e29943c4a24 upstream.
-
-Simultaneously prevent mixed key attacks (CVE-2020-24587) and fragment
-cache attacks (CVE-2020-24586). This is accomplished by assigning a
-unique color to every key (per interface) and using this to track which
-key was used to decrypt a fragment. When reassembling frames, it is
-now checked whether all fragments were decrypted using the same key.
-
-To assure that fragment cache attacks are also prevented, the ID that is
-assigned to keys is unique even over (re)associations and (re)connects.
-This means fragments separated by a (re)association or (re)connect will
-not be reassembled. Because mac80211 now also prevents the reassembly of
-mixed encrypted and plaintext fragments, all cache attacks are prevented.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-Link: https://lore.kernel.org/r/20210511200110.3f8290e59823.I622a67769ed39257327a362cfc09c812320eb979@changeid
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/mac80211/ieee80211_i.h | 1 +
- net/mac80211/key.c | 7 +++++++
- net/mac80211/key.h | 2 ++
- net/mac80211/rx.c | 6 ++++++
- 4 files changed, 16 insertions(+)
-
---- a/net/mac80211/ieee80211_i.h
-+++ b/net/mac80211/ieee80211_i.h
-@@ -97,6 +97,7 @@ struct ieee80211_fragment_entry {
- u8 rx_queue;
- bool check_sequential_pn; /* needed for CCMP/GCMP */
- u8 last_pn[6]; /* PN of the last fragment if CCMP was used */
-+ unsigned int key_color;
- };
-
-
---- a/net/mac80211/key.c
-+++ b/net/mac80211/key.c
-@@ -646,6 +646,7 @@ int ieee80211_key_link(struct ieee80211_
- struct ieee80211_sub_if_data *sdata,
- struct sta_info *sta)
- {
-+ static atomic_t key_color = ATOMIC_INIT(0);
- struct ieee80211_local *local = sdata->local;
- struct ieee80211_key *old_key;
- int idx = key->conf.keyidx;
-@@ -681,6 +682,12 @@ int ieee80211_key_link(struct ieee80211_
- key->sdata = sdata;
- key->sta = sta;
-
-+ /*
-+ * Assign a unique ID to every key so we can easily prevent mixed
-+ * key and fragment cache attacks.
-+ */
-+ key->color = atomic_inc_return(&key_color);
-+
- increment_tailroom_need_count(sdata);
-
- ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
---- a/net/mac80211/key.h
-+++ b/net/mac80211/key.h
-@@ -127,6 +127,8 @@ struct ieee80211_key {
- } debugfs;
- #endif
-
-+ unsigned int color;
-+
- /*
- * key config, must be last because it contains key
- * material as variable length member
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -2004,6 +2004,7 @@ ieee80211_rx_h_defragment(struct ieee802
- * next fragment has a sequential PN value.
- */
- entry->check_sequential_pn = true;
-+ entry->key_color = rx->key->color;
- memcpy(entry->last_pn,
- rx->key->u.ccmp.rx_pn[queue],
- IEEE80211_CCMP_PN_LEN);
-@@ -2041,6 +2042,11 @@ ieee80211_rx_h_defragment(struct ieee802
-
- if (!requires_sequential_pn(rx, fc))
- return RX_DROP_UNUSABLE;
-+
-+ /* Prevent mixed key and fragment cache attacks */
-+ if (entry->key_color != rx->key->color)
-+ return RX_DROP_UNUSABLE;
-+
- memcpy(pn, entry->last_pn, IEEE80211_CCMP_PN_LEN);
- for (i = IEEE80211_CCMP_PN_LEN - 1; i >= 0; i--) {
- pn[i]++;
nfsv4-fix-a-null-pointer-dereference-in-pnfs_mark_matching_lsegs_return.patch
proc-check-proc-pid-attr-writes-against-file-opener.patch
net-hso-fix-control-request-directions.patch
-mac80211-assure-all-fragments-are-encrypted.patch
-mac80211-prevent-mixed-key-and-fragment-cache-attacks.patch
-cfg80211-mitigate-a-msdu-aggregation-attacks.patch
-mac80211-check-defrag-pn-against-current-frame.patch
ath10k-validate-first-subframe-of-a-msdu-before-processing-the-list.patch
dm-snapshot-properly-fix-a-crash-when-an-origin-has-no-snapshots.patch
kgdb-fix-gcc-11-warnings-harder.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
