On Thursday 17 December 2020 18:06:27 Kalle Valo wrote: > Pali Rohár <pali@xxxxxxxxxx> writes: > > > On Thursday 17 December 2020 06:51:48 Kalle Valo wrote: > >> Jouni Malinen <jouni@xxxxxxxxxxxxxx> wrote: > >> > >> > It is possible for there to be pending frames in TXQs with a reference > >> > to the key cache entry that is being deleted. If such a key cache entry > >> > is cleared, those pending frame in TXQ might get transmitted without > >> > proper encryption. It is safer to leave the previously used key into the > >> > key cache in such cases. Instead, only clear the MAC address to prevent > >> > RX processing from using this key cache entry. > >> > > >> > This is needed in particularly in AP mode where the TXQs cannot be > >> > flushed on station disconnection. This change alone may not be able to > >> > address all cases where the key cache entry might get reused for other > >> > purposes immediately (the key cache entry should be released for reuse > >> > only once the TXQs do not have any remaining references to them), but > >> > this makes it less likely to get unprotected frames and the more > >> > complete changes may end up being significantly more complex. > >> > > >> > Signed-off-by: Jouni Malinen <jouni@xxxxxxxxxxxxxx> > >> > Signed-off-by: Kalle Valo <kvalo@xxxxxxxxxxxxxx> > >> > >> 5 patches applied to ath-next branch of ath.git, thanks. > >> > >> 56c5485c9e44 ath: Use safer key clearing with key cache entries > >> 73488cb2fa3b ath9k: Clear key cache explicitly on disabling hardware > >> d2d3e36498dd ath: Export ath_hw_keysetmac() > >> 144cd24dbc36 ath: Modify ath_key_delete() to not need full key entry > >> ca2848022c12 ath9k: Postpone key cache entry deletion for TXQ frames reference it > > > > Hello! Should not these patches be suitable for backporting into stable > > kernels (via CC: stable@ commit message line) as they are related to > > security issue CVE-2020-3702? > > Yeah, but you were just a little late as I already applied them. Ok, would you then send these patches to stable manually? > -- > https://patchwork.kernel.org/project/linux-wireless/list/ > > https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
