Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp305367pxa;
        Wed, 12 Aug 2020 02:26:30 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyGIgfGfVmWRT2L+h3uWSP5LQ53PgfmUDcPtWEdgi8gNCAZZhoIdiTVQ8A1Fzfl0hVUwhJA
X-Received: by 2002:aa7:c34d:: with SMTP id j13mr29883635edr.209.1597224390598;
        Wed, 12 Aug 2020 02:26:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1597224390; cv=none;
        d=google.com; s=arc-20160816;
        b=CAO6OeR9Zrgvs7NXxYhGR26SFJ3qfawaO2GmWioDMIr1+h0fqMD+Z7LdVMvdQc1tsV
         YLzSibAhPWop0lVQJmlCoxuqlvIpphxgG5gXJqwlRafSddZ+whKx0aBgaxmPlMhBWzxf
         usItcT+2FLzoXM4ADtzS5ukwjrI6LNvkMr4CD9Sf1RpTSBMycwbGwR8N/zMKXzgvFQ92
         A6rdIxsXdwklJEvqPwahhsbfblPs450GXf31PgB/+eDEJtychnwexq8lCqDHueg4zoOz
         eVIj6hPvEf2OCeGDOFmch0L7DSbJNgsjlioB5q8oZJideVSiYCUFdFadm8fVMI4/hoYT
         mtzw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:in-reply-to:content-transfer-encoding
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=zSxUkKN48ReDQfPmlw5ue/J1B8YpSkRu4JnGE2P8BFY=;
        b=mH0Nu7FPv1GPMm471ANvr7a78L3RKWrhCiQB+UQ/fwOF55MHEpVERZCJBsYYrlv0jW
         0nRv9yvuFcco6/x5VGhde4iXS5eSG12+DlNUiCnWM9KkTju8gpEmAb3X+nSK0ycH6dOR
         QpacuvRBYJn87FEU4rHo/mws0AhidXBX57KoCm7/kaAidSs1Rd1eqhU0vCxlEQVqhM9p
         twfPnnGf23AoX/rXIXKxGchuA0oJaEMDYfKPF9A0paHt7cJZD1zf0lz2IN/WI92pL1aZ
         73hws6VOSe64O1Cifif50K8qcQR0U2J1E1iUVYNPy/xcOmo1i+VVg439mjxHgm2LPSpE
         lABQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org
Return-Path: <linux-wireless-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id u7si779107ejn.161.2020.08.12.02.26.06;
        Wed, 12 Aug 2020 02:26:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727061AbgHLJZw (ORCPT <rfc822;yuvalsteuer11@gmail.com>
        + 99 others); Wed, 12 Aug 2020 05:25:52 -0400
Received: from mail.w1.fi ([212.71.239.96]:51338 "EHLO
        li674-96.members.linode.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1726409AbgHLJZv (ORCPT
        <rfc822;linux-wireless@vger.kernel.org>);
        Wed, 12 Aug 2020 05:25:51 -0400
Received: from localhost (localhost [127.0.0.1])
        by li674-96.members.linode.com (Postfix) with ESMTP id 546EA119DD;
        Wed, 12 Aug 2020 09:25:50 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at w1.fi
Received: from li674-96.members.linode.com ([127.0.0.1])
        by localhost (mail.w1.fi [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id umUOe7D2X-bP; Wed, 12 Aug 2020 09:25:48 +0000 (UTC)
Received: by jm (sSMTP sendmail emulation); Wed, 12 Aug 2020 12:23:34 +0300
Date:   Wed, 12 Aug 2020 12:23:34 +0300
From:   Jouni Malinen <j@w1.fi>
To:     Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= <toke@redhat.com>
Cc:     Pali =?utf-8?B?Um9ow6Fy?= <pali@kernel.org>,
        ath10k@lists.infradead.org, ath9k-devel@qca.qualcomm.com,
        linux-wireless@vger.kernel.org, Kalle Valo <kvalo@codeaurora.org>
Subject: Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
Message-ID: <20200812092334.GA17878@w1.fi>
References: <20200810090126.mtu3uocpcjg5se5e@pali>
 <20200812083600.6zxdf5pfktdzggd6@pali>
 <87lfik1av8.fsf@toke.dk>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <87lfik1av8.fsf@toke.dk>
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org

On Wed, Aug 12, 2020 at 11:17:47AM +0200, Toke Høiland-Jørgensen wrote:
> Pali Rohár <pali@kernel.org> writes:
> > Could somebody react and provide some details when fixes would be
> > available for ath9k and ath10k Linux drivers? And what is current state
> > of this issue for Linux?
> >
> > I'm looking at ath9k and ath10k git trees [1] [2] [3] and I do not see
> > there any change which could be related to CVE-2020-3702.
> 
> How about these, from March:
> 
> a0761a301746 ("mac80211: drop data frames without key on encrypted links")
> ce2e1ca70307 ("mac80211: Check port authorization in the ieee80211_tx_dequeue() case")
> b16798f5b907 ("mac80211: mark station unauthorized before key removal")

Those cover most of the identified issues for drivers using mac80211
(e.g., ath9k and ath10k; though, I don't remember whether I actually
ever managed to reproduce this with ath10k in practice). I have couple
of additional ath9k-specific patches that cover additional lower layer
paths for this. I hope to get those out after confirming they work with
the current kernel tree snapshot.

-- 
Jouni Malinen                                            PGP id EFC895FA