| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Fixes: CVE-2022-41674
Fixes: CVE-2022-42719
Fixes: CVE-2022-42720
Fixes: CVE-2022-42721
Fixes: CVE-2022-42722
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes an invalid TX PA DC bias level on QCA9561, which
results in a very low output power and very low throughput as devices
are further away from the AP (compared to other 2.4GHz APs),
following a suggestion from nbd[1].
This patch has been submitted upstream[2].
[1] https://lore.kernel.org/all/91c58969-c60e-2f41-00ac-737786d435ae@nbd.name
[2] https://lore.kernel.org/linux-wireless/20220417145145.1847-1-hacks+kernel@slashdirt.org/
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry-picked from 7dc52a78ae2c2f748a0c0c4adcb13979260b3498)
|
|
|
|
|
|
|
|
|
|
|
| |
This updates mac80211 to version 5.10.110-1 which is based on kernel
5.10.110.
The removed patches were applied upstream.
This new release contains many fixes which were merged into the upstream
Linux kernel.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Based on: 1ac627024de9 ("kernel: ath10k-ct: provide a build variant for
small RAM devices")
Like described in the ath10k-ct-smallbuffers version, oom-killer gets
triggered frequently by devices with small RAM.
That change is necessary for many community mesh networks which use
ath10k based devices with too little RAM. The -ct driver has been
proven unstable if used with 11s meshing and only wave2 chipsets are
supporting 11s. Freifunk Berlin is nowadays assembling its
firmware-based completely of vanilla OpenWRT with some package additions
which are made through the imagebuilder. Therefore we cannot take the
approach other freifunk communities have taken to maintain that patch
downstream [1]. Other communities consider these devices as broken and
that change would pretty much give those devices a second life [2].
[1] - https://git.freifunk-franken.de/mirror/openwrt/commit/450b306e540bc0f2c8a8841bbe4d9612f2b8cdea
[2] - https://github.com/freifunk-gluon/gluon/issues/1988#issuecomment-619532909
Signed-off-by: Simon Polack <spolack+git@mailbox.org>
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 694757a08f620a9f24b70003542d9dcd0abeac46)
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 87def9efd8cee66da3bd3961671e580282427c2e)
|
|
|
|
|
|
|
|
|
| |
The following patches were backported from upstream before and are not
needed any more:
package/kernel/mac80211/patches/ath/980-ath10k-fix-max-antenna-gain-unit.patch
package/kernel/mac80211/patches/subsys/307-mac80211-do-not-access-the-IV-when-it-was-stripped.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit a1a71a71999001502fa86136dbf8925da8341098)
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 15d8c7aa74c202c530dbd53e53b00e418f0b64f4)
|
|
|
|
|
|
|
| |
This fixes potental rx drop issues
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 68189835ac81779f9cf21060dca0c54dcdb0c0a6)
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit d439c7d85a05c3548e5566bec292292a4f6b7ef5)
|
|
|
|
|
|
|
|
|
| |
Some drivers that do their own sequence number allocation (e.g. ath9k, mwlwifi) rely
on being able to modify params->ssn on starting tx ampdu sessions.
This was broken by a change that modified it to use sta->tid_seq[tid] instead.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit ddd977fcc5838eb6bfb6cb9dad99dfe09a8ff67e)
|
|
|
|
|
|
|
|
|
| |
for powersave clients
This showed up primarily on rt2x00
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit d1ea575baa1b53bb477a020974afcec1b1193edc)
|
|
|
|
|
|
|
|
|
| |
No functional changes, just some renames to make it easier to keep mt76 in
sync with upstream
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit e62c5504701c7a665c9cf89ddbcb062f5ade6e37)
(cherry-picked from commit a889dcd3f21e50dc3e7f827ff0e486020562a6f8)
|
|
|
|
|
|
|
|
| |
Required for an upcoming mt76 update
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 978e822db354daf974811f2717c6013fa3eb8079)
(cherry-picked from commit af9d31aacc286786a8765a44c2000d2eba02e61c)
|
|
|
|
|
|
|
|
|
| |
This is needed for an upcoming mt76 update
also sync iw nl80211 with kernel backports
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 2bfac61483db32f8bd1f5b38702b39f206256265)
(cherry-picked from commit 36019ed5893cd11c86a7dbedca1c6a055654a3c0)
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 0f6887972adc48449a1f5efaa143fa3f740a8c36)
(cherry-picked from commit 6f2044c2d74dd0ae2cee3b25b2ac084513c0536a)
|
|
|
|
|
|
|
| |
Needed for an upcoming mt76 update
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 890bf06cef20015e2cec0274c87a9a2232691b6b)
|
|
|
|
|
|
|
| |
Improves airtime fairness, especially for devices with larger firmware buffers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit a5888ad6b33840d913438ce664c0e7da7e7f53e6)
|
|
|
|
|
|
|
| |
Without this, beamforming is probably not working
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit e2c4998f6dca7d9b74a8b01762040ff2c5e38fd7)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On systems using brmcfmac (e.g. Raspberry Pi Zero W) without this fix,
the final setup-call:
iw dev wlan0 ibss join ...
fails with returncode 161 and message:
"command failed: Not supported (-95)"
So this patch calls an explicit:
iw dev wlan0 set type ibss
just prior to the 'ibss join' command.
I have tested several ath9k and mt76xx devices
with different revisions: this patch does not harm.
please also apply to stable branch.
Signed-off-by: Bastian Bittorf <bb@npl.de>
(cherry-picked from commit ea5fce3f4616df3e4331e6b4e8e79767bded442c)
|
|
|
|
|
|
|
| |
In some cases, spurious failures might be cleared by teardown and retry
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 42dda0ed3e941bc36661e29b990e2ee2adf7f508)
|
|
|
|
|
|
|
| |
The channel offset used for VHT segment calculation was missing for HT
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit a0d81ba0d5e9d055c55b5e478cb913c217122317)
|
|
|
|
|
|
|
| |
Use the right argument to fix setting unsupported capabilities to 0
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 49ef4dbee519e006bb998de11e3bdf1c10c43e6a)
|
|
|
|
|
|
|
| |
Remove stray parenthesis
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 2cd1a108290f48fd35373f91056c05277c289687)
|
|
|
|
|
|
|
|
| |
Some drivers advertise it, but it's not supported at the moment
Reported-by: John Thomson <git@johnthomson.fastmail.com.au>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 42a99b18ff23fa768a6ae5f1076f15cbfa494f24)
|
|
|
|
|
|
|
|
| |
The colon does not directly follow the "VHT Capabilities" string
Reported-by: John Thomson <git@johnthomson.fastmail.com.au>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 3518b793a2f2293e7e9124b5beae7b09887c5e32)
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit fbd6f099f50e77d2bb95708c62e86a358779251a)
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 8d79915327b7b9ed221f513589281328e4fdc6ef)
|
|
|
|
|
|
|
| |
This is needed to disambiguate it from 5 GHz channels
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit c8bcdd561909034a14cbfd785e13848cbd5f5e50)
|
|
|
|
|
|
|
|
| |
Emit the new band option instead of hwmode
Support 6 GHz band and HE options
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 8504212f65865449dd6b9ed9daa0ba9781f8f287)
|
|
|
|
|
|
|
|
| |
Use it to look up frequencies only in the configured band to better deal
with channel number overlap
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 8b8c1cb09bf2259e647a15d0c881b5dea15330da)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refresh all patches.
The removed patches were integrated upstream.
This contains fixes for CVE-2020-3702
1. These patches (ath, ath9k, mac80211) were included in kernel
versions since 4.14.245 and 4.19.205. They fix security vulnerability
CVE-2020-3702 [1] similar to KrØØk, which was found by ESET [2].
Thank you Josef Schlehofer for reporting this problem.
[1] https://nvd.nist.gov/vuln/detail/CVE-2020-3702
[2] https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
| |
drv_mac80211_teardown fails silently if the device to be torn down is
not defined. This commit prints an error message.
branches affected: trunk, 21.02
Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
(cherry-picked from commit 3933e29d1b87c713167cf4730b68e5f18af4f140)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When wifi is turned off, drv_mac80211_teardown sometimes fails (silently)
because the device to be torn down is not defined.
This situation arises if drv_mac80211_setup was called twice when
wifi was turned on.
This commit ensures that the device to be torn down is always defined
in drv_mac80211_teardown.
Steps to reproduce:
1) Use /sbin/wifi to turn on wifi.
uci set wireless.@wifi-iface[0].disabled=0
uci set wireless.@wifi-device[0].disabled=0
uci commit
wifi
2) Use /sbin/wifi to turn off wifi.
uci set wireless.@wifi-device[0].disabled=1
uci commit
wifi
3) Observe that wifi is still up.
branches affected: trunk, 21.02
Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
(cherry-picked from commit d515f6b6cde357bf480d32a7387f07ea40e85e52)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If drv_mac80211_setup is called twice with the same wifi configuration,
then the second call returns early with error HOSTAPD_START_FAILED.
(wifi works nevertheless, despite the fact that setup is incomplete. But
"ubus call network.wireless status" erroneously reports that radio0 is down.)
The relevant part of drv_mac80211_setup is,
if [ "$no_reload" != "0" ]; then
add_ap=1
ubus wait_for hostapd
local hostapd_res="$(ubus call hostapd config_add "{\"iface\":\"$primary_ap\", \"config\":\"${hostapd_conf_file}\"}")"
ret="$?"
[ "$ret" != 0 -o -z "$hostapd_res" ] && {
wireless_setup_failed HOSTAPD_START_FAILED
return
}
wireless_add_process "$(jsonfilter -s "$hostapd_res" -l 1 -e @.pid)" "/usr/sbin/hostapd" 1 1
fi
This commit sets no_reload = 0 during the second call of drv_mac80211_setup.
It is perhaps worth providing a way to reproduce the situation
where drv_mac80211_setup is called twice.
When /sbin/wifi is used to turn on wifi,
uci set wireless.@wifi-iface[0].disabled=0
uci set wireless.@wifi-device[0].disabled=0
uci commit
wifi
/sbin/wifi makes the following ubus calls,
ubus call network reload
ubus call network.wireless down
ubus call network.wireless up
The first and third ubus calls both call drv_mac80211_setup,
while the second ubus call triggers wireless_device_setup_cancel.
So the call sequence becomes,
drv_mac80211_setup
wireless_device_setup_cancel
drv_mac80211_setup
In contrast, when LuCI is used to turn on wifi only a single call
is made to drv_mac80211_setup.
branches affected: trunk, 21.02
Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
(cherry-picked from commit a29ab3b79affb62fda82e0825ed811eaf482dd3c)
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit de499573006ab4f32ded9fd66a62ec5e0c183e8a)
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit f2c6d892cacb5d884bdd638bc7574c1ee98514a5)
|
|
|
|
|
|
|
|
|
|
|
|
| |
Call rate control handler after intermediate queueuing
Includes follow-up fixes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
cherry-picked from commits:
- 7dd8829ef915f1c5fc728be8f8360c61ddaadf1b
- a603e82dd342680d584c4eb5f1b222e056379890
- 8bb4437c01ca35a5ac67e391630a1b24cb52dbb7
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 89c9ccc3b241d8f07c22a1c271211322c4703f7b)
|
|
|
|
|
|
|
|
| |
We need to skip sampling if the next sample time is after jiffies, not before.
This patch fixes an issue where in some cases only very little sampling (or none
at all) is performed, leading to really bad data rates
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
Fixes compatibility issues with the latest hostapd update
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 91abeebd3bd29a98de516e49260d61165096009a)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The removed patches were integrated upstream.
The brcmf_driver_work workqueue was removed in brcmfmac with kernel
5.10.42, the asynchronous call was covered to a synchronous call. There
is no need to wait any more.
This part was removed manually from this patch:
brcm/860-brcmfmac-register-wiphy-s-during-module_init.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 04a260911ca0f10a0e37c487c220e1aae3623dda)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From the patch series description:
Several security issues in the 802.11 implementations were found by
Mathy Vanhoef (New York University Abu Dhabi), who has published all
the details at
https://papers.mathyvanhoef.com/usenix2021.pdf
Specifically, the following CVEs were assigned:
* CVE-2020-24586 - Fragmentation cache not cleared on reconnection
* CVE-2020-24587 - Reassembling fragments encrypted under different
keys
* CVE-2020-24588 - Accepting non-SPP A-MSDU frames, which leads to
payload being parsed as an L2 frame under an
A-MSDU bit toggling attack
* CVE-2020-26139 - Forwarding EAPOL from unauthenticated sender
* CVE-2020-26140 - Accepting plaintext data frames in protected
networks
* CVE-2020-26141 - Not verifying TKIP MIC of fragmented frames
* CVE-2020-26142 - Processing fragmented frames as full frames
* CVE-2020-26143 - Accepting fragmented plaintext frames in
protected networks
* CVE-2020-26144 - Always accepting unencrypted A-MSDU frames that
start with RFC1042 header with EAPOL ethertype
* CVE-2020-26145 - Accepting plaintext broadcast fragments as full
frames
* CVE-2020-26146 - Reassembling encrypted fragments with non-consecutive
packet numbers
* CVE-2020-26147 - Reassembling mixed encrypted/plaintext fragments
In general, the scope of these attacks is that they may allow an
attacker to
* inject L2 frames that they can more or less control (depending on the
vulnerability and attack method) into an otherwise protected network;
* exfiltrate (some) network data under certain conditions, this is
specific to the fragmentation issues.
A subset of these issues is known to apply to the Linux IEEE 802.11
implementation (mac80211). Where it is affected, the attached patches
fix the issues, even if not all of them reference the exact CVE IDs.
In addition, driver and/or firmware updates may be necessary, as well
as potentially more fixes to mac80211, depending on how drivers are
using it.
Specifically, for Intel devices, firmware needs to be updated to the
most recently released versions (which was done without any reference
to the security issues) to address some of the vulnerabilities.
To have a single set of patches, I'm also including patches for the
ath10k and ath11k drivers here.
We currently don't have information about how other drivers are, if
at all, affected.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
| |
Running USB devices in AP mode is never a good idea. That said, fix the TIM
issue in rtl8192cu [1], allowing these devices to "work" in AP mode.
[1] https://patchwork.kernel.org/project/linux-wireless/patch/20210419065956.6085-1-pkshih@realtek.com/
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit eeda8652f1655d4f9c11e9c9f51ddcd3377d119a)
|
|
|
|
|
|
|
| |
The removed patches were applied upstream and are not needed anymore.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 17ac9849d3ff687c8c14d63e46f3e205adc22a3e)
|
|
|
|
|
|
|
|
| |
Missing braces in a macro were leading to badly working rates sometimes
getting a success probabilty of 1.0
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 12cb52bd0665da33cb5dc64697f1751a8b33fb05)
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit dfdb28c24aa60cf057ec45cbc11ab48ba2655f53)
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 7d8e14e44f76e18d1696565569ec50ccdce963b3)
|