From: Kalle Valo <kvalo@codeaurora.org>
To: "Pali Rohár" <pali@kernel.org>
Cc: Jouni Malinen <jouni@codeaurora.org>,
ath9k-devel@qca.qualcomm.com, linux-wireless@vger.kernel.org
Subject: Re: [PATCH 1/5] ath: Use safer key clearing with key cache entries
Date: Mon, 11 Jan 2021 10:01:47 +0200 [thread overview]
Message-ID: <87o8hvlx5g.fsf@codeaurora.org> (raw)
In-Reply-To: <20201228213553.rsc5ahiiqrb5lel2@pali> ("Pali \=\?utf-8\?Q\?Roh\?\= \=\?utf-8\?Q\?\=C3\=A1r\=22's\?\= message of "Mon, 28 Dec 2020 22:35:53 +0100")
Pali Rohár <pali@kernel.org> writes:
> On Thursday 17 December 2020 18:06:27 Kalle Valo wrote:
>> Pali Rohár <pali@kernel.org> writes:
>>
>> > On Thursday 17 December 2020 06:51:48 Kalle Valo wrote:
>> >> Jouni Malinen <jouni@codeaurora.org> wrote:
>> >>
>> >> > It is possible for there to be pending frames in TXQs with a reference
>> >> > to the key cache entry that is being deleted. If such a key cache entry
>> >> > is cleared, those pending frame in TXQ might get transmitted without
>> >> > proper encryption. It is safer to leave the previously used key into the
>> >> > key cache in such cases. Instead, only clear the MAC address to prevent
>> >> > RX processing from using this key cache entry.
>> >> >
>> >> > This is needed in particularly in AP mode where the TXQs cannot be
>> >> > flushed on station disconnection. This change alone may not be able to
>> >> > address all cases where the key cache entry might get reused for other
>> >> > purposes immediately (the key cache entry should be released for reuse
>> >> > only once the TXQs do not have any remaining references to them), but
>> >> > this makes it less likely to get unprotected frames and the more
>> >> > complete changes may end up being significantly more complex.
>> >> >
>> >> > Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
>> >> > Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
>> >>
>> >> 5 patches applied to ath-next branch of ath.git, thanks.
>> >>
>> >> 56c5485c9e44 ath: Use safer key clearing with key cache entries
>> >> 73488cb2fa3b ath9k: Clear key cache explicitly on disabling hardware
>> >> d2d3e36498dd ath: Export ath_hw_keysetmac()
>> >> 144cd24dbc36 ath: Modify ath_key_delete() to not need full key entry
>> >> ca2848022c12 ath9k: Postpone key cache entry deletion for TXQ frames reference it
>> >
>> > Hello! Should not these patches be suitable for backporting into stable
>> > kernels (via CC: stable@ commit message line) as they are related to
>> > security issue CVE-2020-3702?
>>
>> Yeah, but you were just a little late as I already applied them.
>
> Ok, would you then send these patches to stable manually?
Sorry, I have too many patches in queue to do that. But I don't think I
need to submit them, my understanding is that anyone can submit patches
to stable.
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
next prev parent reply other threads:[~2021-01-11 8:03 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-14 17:21 [PATCH 0/5] ath9k: Safer key deletion to avoid unexpected behavior Jouni Malinen
2020-12-14 17:21 ` [PATCH 1/5] ath: Use safer key clearing with key cache entries Jouni Malinen
2020-12-17 6:51 ` Kalle Valo
2020-12-17 9:40 ` Pali Rohár
2020-12-17 16:06 ` Kalle Valo
2020-12-28 21:35 ` Pali Rohár
2021-01-11 8:01 ` Kalle Valo [this message]
2020-12-14 17:21 ` [PATCH 2/5] ath9k: Clear key cache explicitly on disabling hardware Jouni Malinen
2020-12-14 17:21 ` [PATCH 3/5] ath: Export ath_hw_keysetmac() Jouni Malinen
2020-12-14 17:21 ` [PATCH 4/5] ath: Modify ath_key_delete() to not need full key entry Jouni Malinen
2020-12-14 17:21 ` [PATCH 5/5] ath9k: Postpone key cache entry deletion for TXQ frames reference it Jouni Malinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87o8hvlx5g.fsf@codeaurora.org \
--to=kvalo@codeaurora.org \
--cc=ath9k-devel@qca.qualcomm.com \
--cc=jouni@codeaurora.org \
--cc=linux-wireless@vger.kernel.org \
--cc=pali@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).