summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch8
-rw-r--r--0002-i2c-core-Restore-acpi_walk_dep_device_list-getting-called.patch70
-rw-r--r--0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch53
-rw-r--r--PKGBUILD12
4 files changed, 63 insertions, 80 deletions
diff --git a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
index d881572..3d9af57 100644
--- a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
+++ b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
@@ -1,4 +1,4 @@
-From 56c7f1acc778e6e90ea7777c0d3d217ccf3e470e Mon Sep 17 00:00:00 2001
+From 9dda33cd8d3d2feb086a5cb7f7392cda483939ee Mon Sep 17 00:00:00 2001
From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
Date: Mon, 16 Sep 2019 04:53:20 +0200
Subject: ZEN: Add sysctl and CONFIG to disallow unprivileged CLONE_NEWUSER
@@ -62,7 +62,7 @@ index d6a0b31b13dc..2420d38cbfb9 100644
bool "PID Namespaces"
default y
diff --git a/kernel/fork.c b/kernel/fork.c
-index da8d360fb032..e1a347df77ac 100644
+index a9ce750578ca..0da8704c3d91 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -96,6 +96,10 @@
@@ -76,7 +76,7 @@ index da8d360fb032..e1a347df77ac 100644
#include <asm/pgalloc.h>
#include <linux/uaccess.h>
#include <asm/mmu_context.h>
-@@ -1841,6 +1845,10 @@ static __latent_entropy struct task_struct *copy_process(
+@@ -1860,6 +1864,10 @@ static __latent_entropy struct task_struct *copy_process(
if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
return ERR_PTR(-EINVAL);
@@ -87,7 +87,7 @@ index da8d360fb032..e1a347df77ac 100644
/*
* Thread groups must share signals as well, and detached threads
* can only be started up within the thread group.
-@@ -2900,6 +2908,12 @@ int ksys_unshare(unsigned long unshare_flags)
+@@ -2921,6 +2929,12 @@ int ksys_unshare(unsigned long unshare_flags)
if (unshare_flags & CLONE_NEWNS)
unshare_flags |= CLONE_FS;
diff --git a/0002-i2c-core-Restore-acpi_walk_dep_device_list-getting-called.patch b/0002-i2c-core-Restore-acpi_walk_dep_device_list-getting-called.patch
deleted file mode 100644
index 076844f..0000000
--- a/0002-i2c-core-Restore-acpi_walk_dep_device_list-getting-called.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 94d41d2b670111855a361a35806ebac8d2444042 Mon Sep 17 00:00:00 2001
-From: Hans de Goede <hdegoede@redhat.com>
-Date: Wed, 14 Oct 2020 16:41:58 +0200
-Subject: i2c: core: Restore acpi_walk_dep_device_list() getting called after
- registering the ACPI i2c devs
-
-Commit 21653a4181ff ("i2c: core: Call i2c_acpi_install_space_handler()
-before i2c_acpi_register_devices()")'s intention was to only move the
-acpi_install_address_space_handler() call to the point before where
-the ACPI declared i2c-children of the adapter where instantiated by
-i2c_acpi_register_devices().
-
-But i2c_acpi_install_space_handler() had a call to
-acpi_walk_dep_device_list() hidden (that is I missed it) at the end
-of it, so as an unwanted side-effect now acpi_walk_dep_device_list()
-was also being called before i2c_acpi_register_devices().
-
-Move the acpi_walk_dep_device_list() call to the end of
-i2c_acpi_register_devices(), so that it is once again called *after*
-the i2c_client-s hanging of the adapter have been created.
-
-This fixes the Microsoft Surface Go 2 hanging at boot.
-
-Fixes: 21653a4181ff ("i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices()")
-Suggested-by: Maximilian Luz <luzmaximilian@gmail.com>
-Reported-and-tested-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
-Signed-off-by: Hans de Goede <hdegoede@redhat.com>
----
- drivers/i2c/i2c-core-acpi.c | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/drivers/i2c/i2c-core-acpi.c b/drivers/i2c/i2c-core-acpi.c
-index e627d7b2790f..37c510d9347a 100644
---- a/drivers/i2c/i2c-core-acpi.c
-+++ b/drivers/i2c/i2c-core-acpi.c
-@@ -264,6 +264,7 @@ static acpi_status i2c_acpi_add_device(acpi_handle handle, u32 level,
- void i2c_acpi_register_devices(struct i2c_adapter *adap)
- {
- acpi_status status;
-+ acpi_handle handle;
-
- if (!has_acpi_companion(&adap->dev))
- return;
-@@ -274,6 +275,15 @@ void i2c_acpi_register_devices(struct i2c_adapter *adap)
- adap, NULL);
- if (ACPI_FAILURE(status))
- dev_warn(&adap->dev, "failed to enumerate I2C slaves\n");
-+
-+ if (!adap->dev.parent)
-+ return;
-+
-+ handle = ACPI_HANDLE(adap->dev.parent);
-+ if (!handle)
-+ return;
-+
-+ acpi_walk_dep_device_list(handle);
- }
-
- static const struct acpi_device_id i2c_acpi_force_400khz_device_ids[] = {
-@@ -719,7 +729,6 @@ int i2c_acpi_install_space_handler(struct i2c_adapter *adapter)
- return -ENOMEM;
- }
-
-- acpi_walk_dep_device_list(handle);
- return 0;
- }
-
---
-cgit v1.2.3-1-gf6bb5
-
diff --git a/0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch b/0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch
new file mode 100644
index 0000000..d4c5e1a
--- /dev/null
+++ b/0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch
@@ -0,0 +1,53 @@
+From 5fbf98ceb5b2218ec764dd0d187953393732a5ef Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
+Date: Sat, 17 Oct 2020 23:08:18 +0400
+Subject: mac80211: fix regression where EAPOL frames were sent in plaintext
+
+I've managed to reproduce the issue, or at least a related issue. Can
+you try the draft patch below and see if that fixes it?
+
+When sending EAPOL frames via NL80211 they are treated as injected
+frames in mac80211. Due to commit 1df2bdba528b ("mac80211: never drop
+injected frames even if normally not allowed") these injected frames
+were not assigned a sta context in the function ieee80211_tx_dequeue,
+causing certain wireless network cards to always send EAPOL frames in
+plaintext. This may cause compatibility issues with some clients or
+APs, which for instance can cause the group key handshake to fail and
+in turn would cause the station to get disconnected.
+
+This commit fixes this regression by assigning a sta context in
+ieee80211_tx_dequeue to injected frames as well.
+
+Note that sending EAPOL frames in plaintext is not a security issue
+since they contain their own encryption and authentication protection.
+
+Fixes: 1df2bdba528b ("mac80211: never drop injected frames even if normally not allowed")
+---
+ net/mac80211/tx.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
+index dca01d7e6e3e..2a0725b548f6 100644
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -3613,13 +3613,14 @@ begin:
+ tx.skb = skb;
+ tx.sdata = vif_to_sdata(info->control.vif);
+
+- if (txq->sta && !(info->flags & IEEE80211_TX_CTL_INJECTED)) {
++ if (txq->sta) {
+ tx.sta = container_of(txq->sta, struct sta_info, sta);
+ /*
+ * Drop unicast frames to unauthorised stations unless they are
+- * EAPOL frames from the local station.
++ * injected frames or EAPOL frames from the local station.
+ */
+- if (unlikely(ieee80211_is_data(hdr->frame_control) &&
++ if (unlikely(!(info->flags & IEEE80211_TX_CTL_INJECTED) &&
++ ieee80211_is_data(hdr->frame_control) &&
+ !ieee80211_vif_is_mesh(&tx.sdata->vif) &&
+ tx.sdata->vif.type != NL80211_IFTYPE_OCB &&
+ !is_multicast_ether_addr(hdr->addr1) &&
+--
+cgit v1.2.3-1-gf6bb5
+
diff --git a/PKGBUILD b/PKGBUILD
index 6bc9bbc..c96f0da 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -21,7 +21,7 @@ _custom=1
pkgbase=linux-ck
_supver=5
_majver=9
-_minver=1
+_minver=2
_gccpatchver='20200615'
_gccpatchger='10.1'
_gccpatchker='5.8'
@@ -47,7 +47,7 @@ _srcname=linux-${pkgver}
source=(
https://www.kernel.org/pub/linux/kernel/v${_supver}.x/${_srcname}.tar.{xz,sign}
0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
- 0002-i2c-core-Restore-acpi_walk_dep_device_list-getting-called.patch
+ 0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch
linux-ck-patch-${_supver}.${_majver}-${_ckpatchversion}.xz::http://ck.kolivas.org/patches/${_supver}.0/${_supver}.${_majver}/${_supver}.${_majver}-${_ckpatchversion}/patch-${_supver}.${_majver}-${_ckpatchversion}.xz
kernel_gcc_patch-${_gccpatchver}.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/${_gccpatchver}.tar.gz
ath9k-regdom-hack.patch
@@ -60,10 +60,10 @@ validpgpkeys=(
'647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman
)
# https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc
-b2sums=('65eeccf077194ce03d5dbc1e8ea8f6022d709bc930945a49880fb87d71992e0614cf5ee92eb1b60fe2e3ed41fe17f0c176bbbad5f2cf0a2a349e1b08e6236558'
+b2sums=('22ba992df3a1d73fa16efb31bb0d62eacd106fb6f4d6dd1ebe522dc09b94c8df689cdb594ed105076ab5e1be4bd00eb834019dc19b6f58f6bee04f53e5de961e'
'SKIP'
- '27ba59acd154834db44166a2d4ed5e4edc335a74785bf5e4cffd30ca5f39a995dcbef960f574de48f197d77cf8d9fa2ae57c61712e494852b5c14ee6ed22d956'
- '217c14db67cf20073d9aa2f60bb9c30497ff36f6d608d22ccd5e74338bba16858f0c81862bd92bda45384d06133c3540ad8703af7decb5afb0d5feda076af33e'
+ 'c1e9177debee553e03873dff9293e7a21a53297fc4b3df8b9f54a8839cf1c7d6803945fc7d64676fe8c04cb54ef331b59c4348fbc9915060162177be503d9e96'
+ '3006fa726027b57c421c959c4e6c2230cfa871df7a234d4b2061ed1db4784d0c296d90785a2c48f5c059f6e15ad58007773376440054ce6e60a00fc448b939b3'
'c19099ad66168db4608dee44e1913c07c035bc002a91267abc2e1eadf1788ddb5be3b17e3fdfeddcba96526dfa2b9fcc43a5dd0f8236d94c864e6477924a6718'
'c8d0697f99fe6105815217b8ec059d8f587415ea8dd2b88a65e1087feedf697341a64cd56810fde9e7aeada79125fc8235faccc7e7b06492c099e27a8abbe99c'
'b6ef77035611139fa9a6d5b8d30570e2781bb4da483bb569884b0bd0129b62e0b82a5a6776fefe43fee801c70d39de1ea4d4c177f7cedd5ac135e3c64f7b895a'
@@ -88,7 +88,7 @@ prepare() {
# Hotfixes
echo "Applying hotfixes"
patch -p1 -i ../0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
- patch -p1 -i ../0002-i2c-core-Restore-acpi_walk_dep_device_list-getting-called.patch
+ patch -p1 -i ../0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch
patch -p1 -i ../sphinx-workaround.patch