[1/5] ath: Use safer key clearing with key cache entries
[2/5] ath9k: Clear key cache explicitly on disabling hardware
[3/5] ath: Export ath_hw_keysetmac()
[4/5] ath: Modify ath_key_delete() to not need full key entry
[5/5] ath9k: Postpone key cache entry deletion for TXQ frames reference it
Backport of 6bf77c5803
BugzId: 74370
Remark: MESH is broken in FW version 8.9.0.0.88.
This is a WAR until TI fixes the MESH with a newer FW again
BugzId: 72769
(cherry picked from commit 4cadd6d717)
FIX: [mac80211] prevent mixed key and fragment cache attacks (CVE-2020-24586, CVE-2020-24587)
FIX: [mac80211] properly handle A-MSDUs that start with an RFC 1042 header
FIX: [mac80211] Mitigate A-MSDU injection attacks (CVE-2020-24588)
FIX: [mac80211] drop A-MSDUs completely with old ciphers. (CVE-2020-24588)
FIX: [mac80211] add fragment cache to sta_info
FIX: [mac80211] check defrag PN against current frame
FIX: [mac80211] prevent attacks on TKIP/WEP as well
FIX: [mac80211] do not accept/forward invalid EAPOL frames
FIX: [mac80211] extend protection against mixed key and fragment cache attacks (CVE-2020-24586, CVE-2020-24587)
FIX: [mac80211] ath10k: add CCMP PN replay protection for fragmented frames for PCIe
FIX: [mac80211] ath10k: drop fragments with multicast DA for PCIe (CVE-2020-26145)
FIX: [mac80211] ath10k: drop fragments with multicast DA for SDIO (CVE-2020-26145)
FIX: [mac80211] ath10k: drop MPDU which has discard flag set by firmware for SDIO (CVE-2020-24588)
FIX: [mac80211] ath10k: Fix TKIP Michael MIC verification for PCIe (CVE-2020-26141)
FIX: [mac80211] ath10k: Validate first subframe of A-MSDU before processing the list
FIX: [wl18xx] firmware: updated to version 8.9.0.0.88 (Fixes related to Wi-Fi FragAttacks - FRagmentation and AGgregation Attacks)
BugzId: 72727
(cherry picked from commit 4fb2e1d93b)
Patrick Walther
Moritz Rosenthal