lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Tue, 07 Mar 2023 00:14:30 +0100
From:   Toke Høiland-Jørgensen <toke@...e.dk>
To:     Aleksander Bajkowski <olek2@...pl>, linux-wireless@...r.kernel.org,
        Felix Fietkau <nbd@....name>
Cc:     netdev@...r.kernel.org
Subject: Re: ath9k: HE capabilities are incorrectly parsed on big endian
 platforms

Aleksander Bajkowski <olek2@...pl> writes:
> Hi,
>
> During a scan of the WiFi network, I discovered that HE capabilities 
> (WiFi 6)
> are incorrectly displayed. This problem exists on OpenWRT running stable
> versions of the kernel (5.10 and 5.15). I verified later that the problem
> is present on other devices. I found that it only affects devices with
> Atheros radio (ath9k and ath10k-ct) running on the big endian platforms.
> On little endian platforms, everything looks OK.
>
> I suspect that the problem is in the ath9k driver because the mt76 driver
> on the big endian platform shows the correct capabilities.
>
> Most interesting is the comparison of raw data. The order of bytes in the
> words is reversed:
>
> |HE MAC Capabilities (0x010008120010): ||HE MAC Capabilities (0x000112081000):|
>
> Below you can see a summary of the tested routers, and the good and bad
> logs. The WiFI networks were scanned using the 'iw dev wlanX scan' command.
>
> Device                Driver Endianess      HE Capabilities
>
> TL-WDR4300            ath9k big            Bad
> BT Home Hub 5A        ath10k-ct       big            Bad
> Xiaomi AX3200         mt76            little         Good
> AVM 7530              ath10k-ct       little         Good
> Netgear R6220         mt76            big            Good
>
>
> Bad:
>
> |HE capabilities: HE MAC Capabilities (0x010008120010): Minimum Payload 
> size of 128 bytes: 1 All Ack Broadcast TWT Maximum A-MPDU Length 
> Exponent: 1 NDP Feedback Report HE PHY Capabilities: 
> (0x4c2002c06f5b951800cc00): HE160/HE80+80/5GHz Punctured Preamble RX: 2 
> Doppler Rx DCM Max Constellation: 3 DCM Max NSS Tx: 1 DCM Max 
> Constellation Rx: 1 DCM Max NSS Rx: 1 Rx HE MU PPDU from Non-AP STA 
> Beamformee STS > 80Mhz: 6 Sounding Dimensions <= 80Mhz: 5 Sounding 
> Dimensions > 80Mhz: 2 Ng = 16 MU Feedback Codebook Size SU Feedback 
> Codebook Size MU Feedback Triggered MU Beamforming Feedback Triggered 
> CQI Feedback Partial Bandwidth DL MU-MIMO 80MHz in 160/80+80MHz HE PPDU 
> HE ER SU PPDU 1x HE-LTF 0.8us GI HE RX MCS and NSS set 80+80 MHz 1 
> streams: MCS 0-7 2 streams: not supported 3 streams: MCS 0-9 4 streams: 
> MCS 0-7 5 streams: not supported 6 streams: MCS 0-11 7 streams: not 
> supported 8 streams: MCS 0-9 HE TX MCS and NSS set 80+80 MHz 1 streams: 
> MCS 0-9 2 streams: MCS 0-7 3 streams: not supported 4 streams: MCS 0-9 5 
> streams: not supported 6 streams: MCS 0-9 7 streams: MCS 0-7 8 streams: 
> not supported|
>
>
> Good:
>
> |HE capabilities: HE MAC Capabilities (0x000112081000): +HTC HE 
> Supported BSR OM Control Maximum A-MPDU Length Exponent: 2 OM Control UL 
> MU Data Disable RX HE PHY Capabilities: (0x4c2002c06f5b951800cc00): 
> HE40/HE80/5GHz HE160/5GHz 242 tone RUs/5GHz LDPC Coding in Payload NDP 
> with 4x HE-LTF and 3.2us GI Rx HE MU PPDU from Non-AP STA SU Beamformer 
> SU Beamformee MU Beamformer Beamformee STS <= 80Mhz: 3 Beamformee STS > 
> 80Mhz: 3 Sounding Dimensions <= 80Mhz: 3 Sounding Dimensions > 80Mhz: 3 
> Ng = 16 SU Feedback Codebook Size SU Feedback Triggered SU Beamforming 
> Feedback Triggered CQI Feedback PPE Threshold Present Max NC: 3 TX 
> 1024-QAM RX 1024-QAM HE RX MCS and NSS set <= 80 MHz 1 streams: MCS 0-11 
> 2 streams: MCS 0-11 3 streams: MCS 0-11 4 streams: MCS 0-11 5 streams: 
> not supported 6 streams: not supported 7 streams: not supported 8 
> streams: not supported HE TX MCS and NSS set <= 80 MHz 1 streams: MCS 
> 0-11 2 streams: MCS 0-11 3 streams: MCS 0-11 4 streams: MCS 0-11 5 
> streams: not supported 6 streams: not supported 7 streams: not supported 
> 8 streams: not supported HE RX MCS and NSS set 160 MHz 1 streams: MCS 
> 0-11 2 streams: MCS 0-11 3 streams: MCS 0-11 4 streams: MCS 0-11 5 
> streams: not supported 6 streams: not supported 7 streams: not supported 
> 8 streams: not supported HE TX MCS and NSS set 160 MHz 1 streams: MCS 
> 0-11 2 streams: MCS 0-11 3 streams: MCS 0-11 4 streams: MCS 0-11 5 
> streams: not supported 6 streams: not supported 7 streams: not supported 
> 8 streams: not supported PPE Threshold 0x7b 0x1c 0xc7 0x71 0x1c 0xc7 
> 0x71 0x1c 0xc7 0x71 0x1c 0xc7 0x71|

+Felix, in the hope he has an idea of where to go looking for the cause
of this...

-Toke

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ