* CVE-2020-3702: Firmware updates for ath9k and ath10k chips
@ 2020-08-10 9:01 ` Pali Rohár
0 siblings, 0 replies; 26+ messages in thread
From: Pali Rohár @ 2020-08-10 9:01 UTC (permalink / raw)
To: ath10k, ath9k-devel, linux-wireless, Kalle Valo
Hello!
ESET engineers on their blog published some information about new
security vulnerability CVE-2020-3702 in ath9k wifi cards:
https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
According to Qualcomm security bulletin this CVE-2020-3702 affects also
some Qualcomm IPQ chips which are handled by ath10k driver:
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin#_cve-2020-3702
Kalle, could you or other people from Qualcomm provide updated and fixed
version of ath9k and ath10k firmwares in linux-firmware git repository?
According to Qualcomm security bulletin this issue has Critical security
rating, so I think fixed firmware files should be updated also in stable
releases of linux distributions.
^ permalink raw reply [flat|nested] 26+ messages in thread
* CVE-2020-3702: Firmware updates for ath9k and ath10k chips
@ 2020-08-10 9:01 ` Pali Rohár
0 siblings, 0 replies; 26+ messages in thread
From: Pali Rohár @ 2020-08-10 9:01 UTC (permalink / raw)
To: ath10k, ath9k-devel, linux-wireless, Kalle Valo
Hello!
ESET engineers on their blog published some information about new
security vulnerability CVE-2020-3702 in ath9k wifi cards:
https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
According to Qualcomm security bulletin this CVE-2020-3702 affects also
some Qualcomm IPQ chips which are handled by ath10k driver:
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin#_cve-2020-3702
Kalle, could you or other people from Qualcomm provide updated and fixed
version of ath9k and ath10k firmwares in linux-firmware git repository?
According to Qualcomm security bulletin this issue has Critical security
rating, so I think fixed firmware files should be updated also in stable
releases of linux distributions.
_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
2020-08-10 9:01 ` Pali Rohár
@ 2020-08-12 8:36 ` Pali Rohár
-1 siblings, 0 replies; 26+ messages in thread
From: Pali Rohár @ 2020-08-12 8:36 UTC (permalink / raw)
To: ath10k, ath9k-devel, linux-wireless, Kalle Valo
On Monday 10 August 2020 11:01:26 Pali Rohár wrote:
> Hello!
>
> ESET engineers on their blog published some information about new
> security vulnerability CVE-2020-3702 in ath9k wifi cards:
> https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
>
> According to Qualcomm security bulletin this CVE-2020-3702 affects also
> some Qualcomm IPQ chips which are handled by ath10k driver:
> https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin#_cve-2020-3702
>
> Kalle, could you or other people from Qualcomm provide updated and fixed
> version of ath9k and ath10k firmwares in linux-firmware git repository?
>
> According to Qualcomm security bulletin this issue has Critical security
> rating, so I think fixed firmware files should be updated also in stable
> releases of linux distributions.
Hello!
Qualcomm has already sent following statement to media:
Qualcomm has already made mitigations available to OEMs in May 2020,
and we encourage end users to update their devices as patches have
become available from OEMs.
And based on information from ESET blog post, Qualcomm's proprietary
driver for these wifi cards is fixed since Qualcomm July release.
Could somebody react and provide some details when fixes would be
available for ath9k and ath10k Linux drivers? And what is current state
of this issue for Linux?
I'm looking at ath9k and ath10k git trees [1] [2] [3] and I do not see
there any change which could be related to CVE-2020-3702.
Based on ESET tests, wifi cards which use ath9k driver (opensource, not
that Qualcomm proprietary) are still vulnerable.
[1] - https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/log/ath10k
[2] - https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git/log/drivers/net/wireless/ath/ath10k?h=master-pending
[3] - https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git/log/drivers/net/wireless/ath/ath9k?h=master-pending
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
@ 2020-08-12 8:36 ` Pali Rohár
0 siblings, 0 replies; 26+ messages in thread
From: Pali Rohár @ 2020-08-12 8:36 UTC (permalink / raw)
To: ath10k, ath9k-devel, linux-wireless, Kalle Valo
On Monday 10 August 2020 11:01:26 Pali Rohár wrote:
> Hello!
>
> ESET engineers on their blog published some information about new
> security vulnerability CVE-2020-3702 in ath9k wifi cards:
> https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
>
> According to Qualcomm security bulletin this CVE-2020-3702 affects also
> some Qualcomm IPQ chips which are handled by ath10k driver:
> https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin#_cve-2020-3702
>
> Kalle, could you or other people from Qualcomm provide updated and fixed
> version of ath9k and ath10k firmwares in linux-firmware git repository?
>
> According to Qualcomm security bulletin this issue has Critical security
> rating, so I think fixed firmware files should be updated also in stable
> releases of linux distributions.
Hello!
Qualcomm has already sent following statement to media:
Qualcomm has already made mitigations available to OEMs in May 2020,
and we encourage end users to update their devices as patches have
become available from OEMs.
And based on information from ESET blog post, Qualcomm's proprietary
driver for these wifi cards is fixed since Qualcomm July release.
Could somebody react and provide some details when fixes would be
available for ath9k and ath10k Linux drivers? And what is current state
of this issue for Linux?
I'm looking at ath9k and ath10k git trees [1] [2] [3] and I do not see
there any change which could be related to CVE-2020-3702.
Based on ESET tests, wifi cards which use ath9k driver (opensource, not
that Qualcomm proprietary) are still vulnerable.
[1] - https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/log/ath10k
[2] - https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git/log/drivers/net/wireless/ath/ath10k?h=master-pending
[3] - https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git/log/drivers/net/wireless/ath/ath9k?h=master-pending
_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
2020-08-12 8:36 ` Pali Rohár
@ 2020-08-12 9:17 ` Toke Høiland-Jørgensen
-1 siblings, 0 replies; 26+ messages in thread
From: Toke Høiland-Jørgensen @ 2020-08-12 9:17 UTC (permalink / raw)
To: Pali Rohár, ath10k, ath9k-devel, linux-wireless, Kalle Valo
Pali Rohár <pali@kernel.org> writes:
> On Monday 10 August 2020 11:01:26 Pali Rohár wrote:
>> Hello!
>>
>> ESET engineers on their blog published some information about new
>> security vulnerability CVE-2020-3702 in ath9k wifi cards:
>> https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
>>
>> According to Qualcomm security bulletin this CVE-2020-3702 affects also
>> some Qualcomm IPQ chips which are handled by ath10k driver:
>> https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin#_cve-2020-3702
>>
>> Kalle, could you or other people from Qualcomm provide updated and fixed
>> version of ath9k and ath10k firmwares in linux-firmware git repository?
>>
>> According to Qualcomm security bulletin this issue has Critical security
>> rating, so I think fixed firmware files should be updated also in stable
>> releases of linux distributions.
>
> Hello!
>
> Qualcomm has already sent following statement to media:
>
> Qualcomm has already made mitigations available to OEMs in May 2020,
> and we encourage end users to update their devices as patches have
> become available from OEMs.
>
> And based on information from ESET blog post, Qualcomm's proprietary
> driver for these wifi cards is fixed since Qualcomm July release.
>
> Could somebody react and provide some details when fixes would be
> available for ath9k and ath10k Linux drivers? And what is current state
> of this issue for Linux?
>
> I'm looking at ath9k and ath10k git trees [1] [2] [3] and I do not see
> there any change which could be related to CVE-2020-3702.
How about these, from March:
a0761a301746 ("mac80211: drop data frames without key on encrypted links")
ce2e1ca70307 ("mac80211: Check port authorization in the ieee80211_tx_dequeue() case")
b16798f5b907 ("mac80211: mark station unauthorized before key removal")
-Toke
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
@ 2020-08-12 9:17 ` Toke Høiland-Jørgensen
0 siblings, 0 replies; 26+ messages in thread
From: Toke Høiland-Jørgensen @ 2020-08-12 9:17 UTC (permalink / raw)
To: Pali Rohár, ath10k, ath9k-devel, linux-wireless, Kalle Valo
Pali Rohár <pali@kernel.org> writes:
> On Monday 10 August 2020 11:01:26 Pali Rohár wrote:
>> Hello!
>>
>> ESET engineers on their blog published some information about new
>> security vulnerability CVE-2020-3702 in ath9k wifi cards:
>> https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
>>
>> According to Qualcomm security bulletin this CVE-2020-3702 affects also
>> some Qualcomm IPQ chips which are handled by ath10k driver:
>> https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin#_cve-2020-3702
>>
>> Kalle, could you or other people from Qualcomm provide updated and fixed
>> version of ath9k and ath10k firmwares in linux-firmware git repository?
>>
>> According to Qualcomm security bulletin this issue has Critical security
>> rating, so I think fixed firmware files should be updated also in stable
>> releases of linux distributions.
>
> Hello!
>
> Qualcomm has already sent following statement to media:
>
> Qualcomm has already made mitigations available to OEMs in May 2020,
> and we encourage end users to update their devices as patches have
> become available from OEMs.
>
> And based on information from ESET blog post, Qualcomm's proprietary
> driver for these wifi cards is fixed since Qualcomm July release.
>
> Could somebody react and provide some details when fixes would be
> available for ath9k and ath10k Linux drivers? And what is current state
> of this issue for Linux?
>
> I'm looking at ath9k and ath10k git trees [1] [2] [3] and I do not see
> there any change which could be related to CVE-2020-3702.
How about these, from March:
a0761a301746 ("mac80211: drop data frames without key on encrypted links")
ce2e1ca70307 ("mac80211: Check port authorization in the ieee80211_tx_dequeue() case")
b16798f5b907 ("mac80211: mark station unauthorized before key removal")
-Toke
_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
2020-08-12 9:17 ` Toke Høiland-Jørgensen
@ 2020-08-12 9:23 ` Jouni Malinen
-1 siblings, 0 replies; 26+ messages in thread
From: Jouni Malinen @ 2020-08-12 9:23 UTC (permalink / raw)
To: Toke Høiland-Jørgensen
Cc: Pali Rohár, ath10k, ath9k-devel, linux-wireless, Kalle Valo
On Wed, Aug 12, 2020 at 11:17:47AM +0200, Toke Høiland-Jørgensen wrote:
> Pali Rohár <pali@kernel.org> writes:
> > Could somebody react and provide some details when fixes would be
> > available for ath9k and ath10k Linux drivers? And what is current state
> > of this issue for Linux?
> >
> > I'm looking at ath9k and ath10k git trees [1] [2] [3] and I do not see
> > there any change which could be related to CVE-2020-3702.
>
> How about these, from March:
>
> a0761a301746 ("mac80211: drop data frames without key on encrypted links")
> ce2e1ca70307 ("mac80211: Check port authorization in the ieee80211_tx_dequeue() case")
> b16798f5b907 ("mac80211: mark station unauthorized before key removal")
Those cover most of the identified issues for drivers using mac80211
(e.g., ath9k and ath10k; though, I don't remember whether I actually
ever managed to reproduce this with ath10k in practice). I have couple
of additional ath9k-specific patches that cover additional lower layer
paths for this. I hope to get those out after confirming they work with
the current kernel tree snapshot.
--
Jouni Malinen PGP id EFC895FA
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
@ 2020-08-12 9:23 ` Jouni Malinen
0 siblings, 0 replies; 26+ messages in thread
From: Jouni Malinen @ 2020-08-12 9:23 UTC (permalink / raw)
To: Toke Høiland-Jørgensen
Cc: Kalle Valo, linux-wireless, Pali Rohár, ath9k-devel, ath10k
On Wed, Aug 12, 2020 at 11:17:47AM +0200, Toke Høiland-Jørgensen wrote:
> Pali Rohár <pali@kernel.org> writes:
> > Could somebody react and provide some details when fixes would be
> > available for ath9k and ath10k Linux drivers? And what is current state
> > of this issue for Linux?
> >
> > I'm looking at ath9k and ath10k git trees [1] [2] [3] and I do not see
> > there any change which could be related to CVE-2020-3702.
>
> How about these, from March:
>
> a0761a301746 ("mac80211: drop data frames without key on encrypted links")
> ce2e1ca70307 ("mac80211: Check port authorization in the ieee80211_tx_dequeue() case")
> b16798f5b907 ("mac80211: mark station unauthorized before key removal")
Those cover most of the identified issues for drivers using mac80211
(e.g., ath9k and ath10k; though, I don't remember whether I actually
ever managed to reproduce this with ath10k in practice). I have couple
of additional ath9k-specific patches that cover additional lower layer
paths for this. I hope to get those out after confirming they work with
the current kernel tree snapshot.
--
Jouni Malinen PGP id EFC895FA
_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
2020-08-12 9:17 ` Toke Høiland-Jørgensen
@ 2020-08-12 9:31 ` Pali Rohár
-1 siblings, 0 replies; 26+ messages in thread
From: Pali Rohár @ 2020-08-12 9:31 UTC (permalink / raw)
To: Toke Høiland-Jørgensen
Cc: ath10k, ath9k-devel, linux-wireless, Kalle Valo
On Wednesday 12 August 2020 11:17:47 Toke Høiland-Jørgensen wrote:
> Pali Rohár <pali@kernel.org> writes:
>
> > On Monday 10 August 2020 11:01:26 Pali Rohár wrote:
> >> Hello!
> >>
> >> ESET engineers on their blog published some information about new
> >> security vulnerability CVE-2020-3702 in ath9k wifi cards:
> >> https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
> >>
> >> According to Qualcomm security bulletin this CVE-2020-3702 affects also
> >> some Qualcomm IPQ chips which are handled by ath10k driver:
> >> https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin#_cve-2020-3702
> >>
> >> Kalle, could you or other people from Qualcomm provide updated and fixed
> >> version of ath9k and ath10k firmwares in linux-firmware git repository?
> >>
> >> According to Qualcomm security bulletin this issue has Critical security
> >> rating, so I think fixed firmware files should be updated also in stable
> >> releases of linux distributions.
> >
> > Hello!
> >
> > Qualcomm has already sent following statement to media:
> >
> > Qualcomm has already made mitigations available to OEMs in May 2020,
> > and we encourage end users to update their devices as patches have
> > become available from OEMs.
> >
> > And based on information from ESET blog post, Qualcomm's proprietary
> > driver for these wifi cards is fixed since Qualcomm July release.
> >
> > Could somebody react and provide some details when fixes would be
> > available for ath9k and ath10k Linux drivers? And what is current state
> > of this issue for Linux?
> >
> > I'm looking at ath9k and ath10k git trees [1] [2] [3] and I do not see
> > there any change which could be related to CVE-2020-3702.
>
> How about these, from March:
>
> a0761a301746 ("mac80211: drop data frames without key on encrypted links")
> ce2e1ca70307 ("mac80211: Check port authorization in the ieee80211_tx_dequeue() case")
> b16798f5b907 ("mac80211: mark station unauthorized before key removal")
Thank you for update! I will look at these commits if they are relevant.
Because ESET wrote that problem is in ath9k driver I have not looked at
mac80211 layer code.
> -Toke
>
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
@ 2020-08-12 9:31 ` Pali Rohár
0 siblings, 0 replies; 26+ messages in thread
From: Pali Rohár @ 2020-08-12 9:31 UTC (permalink / raw)
To: Toke Høiland-Jørgensen
Cc: Kalle Valo, linux-wireless, ath9k-devel, ath10k
On Wednesday 12 August 2020 11:17:47 Toke Høiland-Jørgensen wrote:
> Pali Rohár <pali@kernel.org> writes:
>
> > On Monday 10 August 2020 11:01:26 Pali Rohár wrote:
> >> Hello!
> >>
> >> ESET engineers on their blog published some information about new
> >> security vulnerability CVE-2020-3702 in ath9k wifi cards:
> >> https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
> >>
> >> According to Qualcomm security bulletin this CVE-2020-3702 affects also
> >> some Qualcomm IPQ chips which are handled by ath10k driver:
> >> https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin#_cve-2020-3702
> >>
> >> Kalle, could you or other people from Qualcomm provide updated and fixed
> >> version of ath9k and ath10k firmwares in linux-firmware git repository?
> >>
> >> According to Qualcomm security bulletin this issue has Critical security
> >> rating, so I think fixed firmware files should be updated also in stable
> >> releases of linux distributions.
> >
> > Hello!
> >
> > Qualcomm has already sent following statement to media:
> >
> > Qualcomm has already made mitigations available to OEMs in May 2020,
> > and we encourage end users to update their devices as patches have
> > become available from OEMs.
> >
> > And based on information from ESET blog post, Qualcomm's proprietary
> > driver for these wifi cards is fixed since Qualcomm July release.
> >
> > Could somebody react and provide some details when fixes would be
> > available for ath9k and ath10k Linux drivers? And what is current state
> > of this issue for Linux?
> >
> > I'm looking at ath9k and ath10k git trees [1] [2] [3] and I do not see
> > there any change which could be related to CVE-2020-3702.
>
> How about these, from March:
>
> a0761a301746 ("mac80211: drop data frames without key on encrypted links")
> ce2e1ca70307 ("mac80211: Check port authorization in the ieee80211_tx_dequeue() case")
> b16798f5b907 ("mac80211: mark station unauthorized before key removal")
Thank you for update! I will look at these commits if they are relevant.
Because ESET wrote that problem is in ath9k driver I have not looked at
mac80211 layer code.
> -Toke
>
_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
2020-08-12 9:23 ` Jouni Malinen
@ 2020-08-12 9:32 ` Michał Kazior
-1 siblings, 0 replies; 26+ messages in thread
From: Michał Kazior @ 2020-08-12 9:32 UTC (permalink / raw)
To: Jouni Malinen
Cc: Toke Høiland-Jørgensen, Pali Rohár, ath10k,
ath9k-devel, linux-wireless, Kalle Valo
On Wed, 12 Aug 2020 at 11:26, Jouni Malinen <j@w1.fi> wrote:
>
> On Wed, Aug 12, 2020 at 11:17:47AM +0200, Toke Høiland-Jørgensen wrote:
> > Pali Rohár <pali@kernel.org> writes:
> > > Could somebody react and provide some details when fixes would be
> > > available for ath9k and ath10k Linux drivers? And what is current state
> > > of this issue for Linux?
> > >
> > > I'm looking at ath9k and ath10k git trees [1] [2] [3] and I do not see
> > > there any change which could be related to CVE-2020-3702.
> >
> > How about these, from March:
> >
> > a0761a301746 ("mac80211: drop data frames without key on encrypted links")
> > ce2e1ca70307 ("mac80211: Check port authorization in the ieee80211_tx_dequeue() case")
> > b16798f5b907 ("mac80211: mark station unauthorized before key removal")
>
> Those cover most of the identified issues for drivers using mac80211
> (e.g., ath9k and ath10k; though, I don't remember whether I actually
> ever managed to reproduce this with ath10k in practice). I have couple
> of additional ath9k-specific patches that cover additional lower layer
> paths for this. I hope to get those out after confirming they work with
> the current kernel tree snapshot.
As far as I understand the problem can manifest on partial in-hw ampdu
retransmits if a key was removed in between. Not exactly an easy thing
to reproduce. The actual drivers (ath9k, ath10k) or their microcodes
may need to be fixed as well since mac80211 can only do so much.
Michal
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
@ 2020-08-12 9:32 ` Michał Kazior
0 siblings, 0 replies; 26+ messages in thread
From: Michał Kazior @ 2020-08-12 9:32 UTC (permalink / raw)
To: Jouni Malinen
Cc: Toke Høiland-Jørgensen, linux-wireless, ath9k-devel,
ath10k, Pali Rohár, Kalle Valo
On Wed, 12 Aug 2020 at 11:26, Jouni Malinen <j@w1.fi> wrote:
>
> On Wed, Aug 12, 2020 at 11:17:47AM +0200, Toke Høiland-Jørgensen wrote:
> > Pali Rohár <pali@kernel.org> writes:
> > > Could somebody react and provide some details when fixes would be
> > > available for ath9k and ath10k Linux drivers? And what is current state
> > > of this issue for Linux?
> > >
> > > I'm looking at ath9k and ath10k git trees [1] [2] [3] and I do not see
> > > there any change which could be related to CVE-2020-3702.
> >
> > How about these, from March:
> >
> > a0761a301746 ("mac80211: drop data frames without key on encrypted links")
> > ce2e1ca70307 ("mac80211: Check port authorization in the ieee80211_tx_dequeue() case")
> > b16798f5b907 ("mac80211: mark station unauthorized before key removal")
>
> Those cover most of the identified issues for drivers using mac80211
> (e.g., ath9k and ath10k; though, I don't remember whether I actually
> ever managed to reproduce this with ath10k in practice). I have couple
> of additional ath9k-specific patches that cover additional lower layer
> paths for this. I hope to get those out after confirming they work with
> the current kernel tree snapshot.
As far as I understand the problem can manifest on partial in-hw ampdu
retransmits if a key was removed in between. Not exactly an easy thing
to reproduce. The actual drivers (ath9k, ath10k) or their microcodes
may need to be fixed as well since mac80211 can only do so much.
Michal
_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
2020-08-10 9:01 ` Pali Rohár
@ 2020-08-17 9:58 ` Kalle Valo
-1 siblings, 0 replies; 26+ messages in thread
From: Kalle Valo @ 2020-08-17 9:58 UTC (permalink / raw)
To: Pali Rohár; +Cc: ath10k, ath9k-devel, linux-wireless
Pali Rohár <pali@kernel.org> writes:
> ESET engineers on their blog published some information about new
> security vulnerability CVE-2020-3702 in ath9k wifi cards:
> https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
>
> According to Qualcomm security bulletin this CVE-2020-3702 affects also
> some Qualcomm IPQ chips which are handled by ath10k driver:
> https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin#_cve-2020-3702
I can't find any refererences to ath10k, or hardware with ath10k
chipsets, in the links above. Where did you see it?
--
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
@ 2020-08-17 9:58 ` Kalle Valo
0 siblings, 0 replies; 26+ messages in thread
From: Kalle Valo @ 2020-08-17 9:58 UTC (permalink / raw)
To: Pali Rohár; +Cc: linux-wireless, ath9k-devel, ath10k
Pali Rohár <pali@kernel.org> writes:
> ESET engineers on their blog published some information about new
> security vulnerability CVE-2020-3702 in ath9k wifi cards:
> https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
>
> According to Qualcomm security bulletin this CVE-2020-3702 affects also
> some Qualcomm IPQ chips which are handled by ath10k driver:
> https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin#_cve-2020-3702
I can't find any refererences to ath10k, or hardware with ath10k
chipsets, in the links above. Where did you see it?
--
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
2020-08-17 9:58 ` Kalle Valo
@ 2020-08-17 10:36 ` Pali Rohár
-1 siblings, 0 replies; 26+ messages in thread
From: Pali Rohár @ 2020-08-17 10:36 UTC (permalink / raw)
To: Kalle Valo; +Cc: ath10k, ath9k-devel, linux-wireless
On Monday 17 August 2020 12:58:52 Kalle Valo wrote:
> Pali Rohár <pali@kernel.org> writes:
>
> > ESET engineers on their blog published some information about new
> > security vulnerability CVE-2020-3702 in ath9k wifi cards:
> > https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
> >
> > According to Qualcomm security bulletin this CVE-2020-3702 affects also
> > some Qualcomm IPQ chips which are handled by ath10k driver:
> > https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin#_cve-2020-3702
>
> I can't find any refererences to ath10k, or hardware with ath10k
> chipsets, in the links above. Where did you see it?
Now I'm looking at that security bulletin for CVE-2020-3702 and it
contains different list of affected chipset as at time when I wrote
previous email. Previously there were IPQ ath10k chipsets and no AR
chipsets. Now there are lot of ath9k AR9xxx and none of IPQ.
So meanwhile Qualcomm changed vulnerability list.
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
@ 2020-08-17 10:36 ` Pali Rohár
0 siblings, 0 replies; 26+ messages in thread
From: Pali Rohár @ 2020-08-17 10:36 UTC (permalink / raw)
To: Kalle Valo; +Cc: linux-wireless, ath9k-devel, ath10k
On Monday 17 August 2020 12:58:52 Kalle Valo wrote:
> Pali Rohár <pali@kernel.org> writes:
>
> > ESET engineers on their blog published some information about new
> > security vulnerability CVE-2020-3702 in ath9k wifi cards:
> > https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
> >
> > According to Qualcomm security bulletin this CVE-2020-3702 affects also
> > some Qualcomm IPQ chips which are handled by ath10k driver:
> > https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin#_cve-2020-3702
>
> I can't find any refererences to ath10k, or hardware with ath10k
> chipsets, in the links above. Where did you see it?
Now I'm looking at that security bulletin for CVE-2020-3702 and it
contains different list of affected chipset as at time when I wrote
previous email. Previously there were IPQ ath10k chipsets and no AR
chipsets. Now there are lot of ath9k AR9xxx and none of IPQ.
So meanwhile Qualcomm changed vulnerability list.
_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
2020-08-12 9:23 ` Jouni Malinen
(?)
(?)
@ 2020-08-29 11:48 ` Baptiste Jonglez
2020-09-07 15:46 ` Kalle Valo
-1 siblings, 1 reply; 26+ messages in thread
From: Baptiste Jonglez @ 2020-08-29 11:48 UTC (permalink / raw)
To: ath10k; +Cc: openwrt-devel
[-- Attachment #1.1: Type: text/plain, Size: 1679 bytes --]
Hi,
Cross-posting to openwrt-devel because we are backporting the necessary fixes.
On 12-08-20, Jouni Malinen wrote:
> On Wed, Aug 12, 2020 at 11:17:47AM +0200, Toke H?iland-J?rgensen wrote:
> > Pali Roh?r <pali at kernel.org> writes:
> > > Could somebody react and provide some details when fixes would be
> > > available for ath9k and ath10k Linux drivers? And what is current state
> > > of this issue for Linux?
> > >
> > > I'm looking at ath9k and ath10k git trees [1] [2] [3] and I do not see
> > > there any change which could be related to CVE-2020-3702.
> >
> > How about these, from March:
> >
> > a0761a301746 ("mac80211: drop data frames without key on encrypted links")
> > ce2e1ca70307 ("mac80211: Check port authorization in the ieee80211_tx_dequeue() case")
> > b16798f5b907 ("mac80211: mark station unauthorized before key removal")
>
> Those cover most of the identified issues for drivers using mac80211
> (e.g., ath9k and ath10k; though, I don't remember whether I actually
> ever managed to reproduce this with ath10k in practice). I have couple
> of additional ath9k-specific patches that cover additional lower layer
> paths for this. I hope to get those out after confirming they work with
> the current kernel tree snapshot.
I could find linux-stable backports for ce2e1ca70307 and b16798f5b907, but
not for a0761a301746. Is it intended? From the commit message, it looks
like it does fix an important issue.
Also, for the sake of completeness, this subsequent commit is also related
to CVE-2020-3702 (and already backported):
5981fe5b0529 ("mac80211: fix misplaced while instead of if")
Thanks,
Baptiste
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
[-- Attachment #2: Type: text/plain, Size: 146 bytes --]
_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
2020-08-29 11:48 ` Baptiste Jonglez
@ 2020-09-07 15:46 ` Kalle Valo
0 siblings, 0 replies; 26+ messages in thread
From: Kalle Valo @ 2020-09-07 15:46 UTC (permalink / raw)
To: Baptiste Jonglez; +Cc: openwrt-devel, ath10k
Baptiste Jonglez <baptiste@bitsofnetworks.org> writes:
> Hi,
>
> Cross-posting to openwrt-devel because we are backporting the necessary fixes.
>
> On 12-08-20, Jouni Malinen wrote:
>> On Wed, Aug 12, 2020 at 11:17:47AM +0200, Toke H?iland-J?rgensen wrote:
>> > Pali Roh?r <pali at kernel.org> writes:
>> > > Could somebody react and provide some details when fixes would be
>> > > available for ath9k and ath10k Linux drivers? And what is current state
>> > > of this issue for Linux?
>> > >
>> > > I'm looking at ath9k and ath10k git trees [1] [2] [3] and I do not see
>> > > there any change which could be related to CVE-2020-3702.
>> >
>> > How about these, from March:
>> >
>> > a0761a301746 ("mac80211: drop data frames without key on encrypted links")
>> > ce2e1ca70307 ("mac80211: Check port authorization in the
>> > ieee80211_tx_dequeue() case")
>> > b16798f5b907 ("mac80211: mark station unauthorized before key removal")
>>
>> Those cover most of the identified issues for drivers using mac80211
>> (e.g., ath9k and ath10k; though, I don't remember whether I actually
>> ever managed to reproduce this with ath10k in practice). I have couple
>> of additional ath9k-specific patches that cover additional lower layer
>> paths for this. I hope to get those out after confirming they work with
>> the current kernel tree snapshot.
>
> I could find linux-stable backports for ce2e1ca70307 and b16798f5b907, but
> not for a0761a301746. Is it intended? From the commit message, it looks
> like it does fix an important issue.
>
> Also, for the sake of completeness, this subsequent commit is also related
> to CVE-2020-3702 (and already backported):
>
> 5981fe5b0529 ("mac80211: fix misplaced while instead of if")
I think you should ask the stable to also take commit a0761a301746, most
likely they just missed it by accident.
--
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
2020-08-12 9:23 ` Jouni Malinen
@ 2020-10-07 8:25 ` Pali Rohár
-1 siblings, 0 replies; 26+ messages in thread
From: Pali Rohár @ 2020-10-07 8:25 UTC (permalink / raw)
To: Jouni Malinen
Cc: Toke Høiland-Jørgensen, ath10k, ath9k-devel,
linux-wireless, Kalle Valo
On Wednesday 12 August 2020 12:23:34 Jouni Malinen wrote:
> On Wed, Aug 12, 2020 at 11:17:47AM +0200, Toke Høiland-Jørgensen wrote:
> > Pali Rohár <pali@kernel.org> writes:
> > > Could somebody react and provide some details when fixes would be
> > > available for ath9k and ath10k Linux drivers? And what is current state
> > > of this issue for Linux?
> > >
> > > I'm looking at ath9k and ath10k git trees [1] [2] [3] and I do not see
> > > there any change which could be related to CVE-2020-3702.
> >
> > How about these, from March:
> >
> > a0761a301746 ("mac80211: drop data frames without key on encrypted links")
> > ce2e1ca70307 ("mac80211: Check port authorization in the ieee80211_tx_dequeue() case")
> > b16798f5b907 ("mac80211: mark station unauthorized before key removal")
>
> Those cover most of the identified issues for drivers using mac80211
> (e.g., ath9k and ath10k; though, I don't remember whether I actually
> ever managed to reproduce this with ath10k in practice). I have couple
> of additional ath9k-specific patches that cover additional lower layer
> paths for this. I hope to get those out after confirming they work with
> the current kernel tree snapshot.
Hello! Could you please share your ath9k patches which address this issue?
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
@ 2020-10-07 8:25 ` Pali Rohár
0 siblings, 0 replies; 26+ messages in thread
From: Pali Rohár @ 2020-10-07 8:25 UTC (permalink / raw)
To: Jouni Malinen
Cc: Kalle Valo, Toke Høiland-Jørgensen, linux-wireless,
ath9k-devel, ath10k
On Wednesday 12 August 2020 12:23:34 Jouni Malinen wrote:
> On Wed, Aug 12, 2020 at 11:17:47AM +0200, Toke Høiland-Jørgensen wrote:
> > Pali Rohár <pali@kernel.org> writes:
> > > Could somebody react and provide some details when fixes would be
> > > available for ath9k and ath10k Linux drivers? And what is current state
> > > of this issue for Linux?
> > >
> > > I'm looking at ath9k and ath10k git trees [1] [2] [3] and I do not see
> > > there any change which could be related to CVE-2020-3702.
> >
> > How about these, from March:
> >
> > a0761a301746 ("mac80211: drop data frames without key on encrypted links")
> > ce2e1ca70307 ("mac80211: Check port authorization in the ieee80211_tx_dequeue() case")
> > b16798f5b907 ("mac80211: mark station unauthorized before key removal")
>
> Those cover most of the identified issues for drivers using mac80211
> (e.g., ath9k and ath10k; though, I don't remember whether I actually
> ever managed to reproduce this with ath10k in practice). I have couple
> of additional ath9k-specific patches that cover additional lower layer
> paths for this. I hope to get those out after confirming they work with
> the current kernel tree snapshot.
Hello! Could you please share your ath9k patches which address this issue?
_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
2020-10-07 8:25 ` Pali Rohár
@ 2020-12-07 14:04 ` Pali Rohár
-1 siblings, 0 replies; 26+ messages in thread
From: Pali Rohár @ 2020-12-07 14:04 UTC (permalink / raw)
To: Jouni Malinen
Cc: Toke Høiland-Jørgensen, ath10k, ath9k-devel,
linux-wireless, Kalle Valo
On Wednesday 07 October 2020 10:25:02 Pali Rohár wrote:
> On Wednesday 12 August 2020 12:23:34 Jouni Malinen wrote:
> > On Wed, Aug 12, 2020 at 11:17:47AM +0200, Toke Høiland-Jørgensen wrote:
> > > Pali Rohár <pali@kernel.org> writes:
> > > > Could somebody react and provide some details when fixes would be
> > > > available for ath9k and ath10k Linux drivers? And what is current state
> > > > of this issue for Linux?
> > > >
> > > > I'm looking at ath9k and ath10k git trees [1] [2] [3] and I do not see
> > > > there any change which could be related to CVE-2020-3702.
> > >
> > > How about these, from March:
> > >
> > > a0761a301746 ("mac80211: drop data frames without key on encrypted links")
> > > ce2e1ca70307 ("mac80211: Check port authorization in the ieee80211_tx_dequeue() case")
> > > b16798f5b907 ("mac80211: mark station unauthorized before key removal")
> >
> > Those cover most of the identified issues for drivers using mac80211
> > (e.g., ath9k and ath10k; though, I don't remember whether I actually
> > ever managed to reproduce this with ath10k in practice). I have couple
> > of additional ath9k-specific patches that cover additional lower layer
> > paths for this. I hope to get those out after confirming they work with
> > the current kernel tree snapshot.
>
> Hello! Could you please share your ath9k patches which address this issue?
Hello! Has somebody fixes this security issue in ath9k driver? About
4 months passed and if this issue is not fixed, could you please share
at least incomplete / WIP patches? I would like to look at it and have
this issue finally fixed.
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
@ 2020-12-07 14:04 ` Pali Rohár
0 siblings, 0 replies; 26+ messages in thread
From: Pali Rohár @ 2020-12-07 14:04 UTC (permalink / raw)
To: Jouni Malinen
Cc: Kalle Valo, Toke Høiland-Jørgensen, linux-wireless,
ath9k-devel, ath10k
On Wednesday 07 October 2020 10:25:02 Pali Rohár wrote:
> On Wednesday 12 August 2020 12:23:34 Jouni Malinen wrote:
> > On Wed, Aug 12, 2020 at 11:17:47AM +0200, Toke Høiland-Jørgensen wrote:
> > > Pali Rohár <pali@kernel.org> writes:
> > > > Could somebody react and provide some details when fixes would be
> > > > available for ath9k and ath10k Linux drivers? And what is current state
> > > > of this issue for Linux?
> > > >
> > > > I'm looking at ath9k and ath10k git trees [1] [2] [3] and I do not see
> > > > there any change which could be related to CVE-2020-3702.
> > >
> > > How about these, from March:
> > >
> > > a0761a301746 ("mac80211: drop data frames without key on encrypted links")
> > > ce2e1ca70307 ("mac80211: Check port authorization in the ieee80211_tx_dequeue() case")
> > > b16798f5b907 ("mac80211: mark station unauthorized before key removal")
> >
> > Those cover most of the identified issues for drivers using mac80211
> > (e.g., ath9k and ath10k; though, I don't remember whether I actually
> > ever managed to reproduce this with ath10k in practice). I have couple
> > of additional ath9k-specific patches that cover additional lower layer
> > paths for this. I hope to get those out after confirming they work with
> > the current kernel tree snapshot.
>
> Hello! Could you please share your ath9k patches which address this issue?
Hello! Has somebody fixes this security issue in ath9k driver? About
4 months passed and if this issue is not fixed, could you please share
at least incomplete / WIP patches? I would like to look at it and have
this issue finally fixed.
_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
2020-12-07 14:04 ` Pali Rohár
@ 2020-12-14 17:41 ` Jouni Malinen
-1 siblings, 0 replies; 26+ messages in thread
From: Jouni Malinen @ 2020-12-14 17:41 UTC (permalink / raw)
To: Pali Rohár
Cc: Toke Høiland-Jørgensen, ath10k, ath9k-devel,
linux-wireless, Kalle Valo
On Mon, Dec 07, 2020 at 03:04:38PM +0100, Pali Rohár wrote:
> Hello! Has somebody fixes this security issue in ath9k driver? About
> 4 months passed and if this issue is not fixed, could you please share
> at least incomplete / WIP patches? I would like to look at it and have
> this issue finally fixed.
https://patchwork.kernel.org/project/linux-wireless/list/?series=401685
--
Jouni Malinen PGP id EFC895FA
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
@ 2020-12-14 17:41 ` Jouni Malinen
0 siblings, 0 replies; 26+ messages in thread
From: Jouni Malinen @ 2020-12-14 17:41 UTC (permalink / raw)
To: Pali Rohár
Cc: Kalle Valo, Toke Høiland-Jørgensen, linux-wireless,
ath9k-devel, ath10k
On Mon, Dec 07, 2020 at 03:04:38PM +0100, Pali Rohár wrote:
> Hello! Has somebody fixes this security issue in ath9k driver? About
> 4 months passed and if this issue is not fixed, could you please share
> at least incomplete / WIP patches? I would like to look at it and have
> this issue finally fixed.
https://patchwork.kernel.org/project/linux-wireless/list/?series=401685
--
Jouni Malinen PGP id EFC895FA
_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
2020-12-14 17:41 ` Jouni Malinen
@ 2020-12-17 9:35 ` Pali Rohár
-1 siblings, 0 replies; 26+ messages in thread
From: Pali Rohár @ 2020-12-17 9:35 UTC (permalink / raw)
To: Jouni Malinen
Cc: Toke Høiland-Jørgensen, ath10k, ath9k-devel,
linux-wireless, Kalle Valo
On Monday 14 December 2020 19:41:49 Jouni Malinen wrote:
> On Mon, Dec 07, 2020 at 03:04:38PM +0100, Pali Rohár wrote:
> > Hello! Has somebody fixes this security issue in ath9k driver? About
> > 4 months passed and if this issue is not fixed, could you please share
> > at least incomplete / WIP patches? I would like to look at it and have
> > this issue finally fixed.
>
> https://patchwork.kernel.org/project/linux-wireless/list/?series=401685
Thank you! I will look at it.
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
@ 2020-12-17 9:35 ` Pali Rohár
0 siblings, 0 replies; 26+ messages in thread
From: Pali Rohár @ 2020-12-17 9:35 UTC (permalink / raw)
To: Jouni Malinen
Cc: Kalle Valo, Toke Høiland-Jørgensen, linux-wireless,
ath9k-devel, ath10k
On Monday 14 December 2020 19:41:49 Jouni Malinen wrote:
> On Mon, Dec 07, 2020 at 03:04:38PM +0100, Pali Rohár wrote:
> > Hello! Has somebody fixes this security issue in ath9k driver? About
> > 4 months passed and if this issue is not fixed, could you please share
> > at least incomplete / WIP patches? I would like to look at it and have
> > this issue finally fixed.
>
> https://patchwork.kernel.org/project/linux-wireless/list/?series=401685
Thank you! I will look at it.
_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k
^ permalink raw reply [flat|nested] 26+ messages in thread
end of thread, other threads:[~2020-12-17 9:36 UTC | newest]
Thread overview: 26+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-10 9:01 CVE-2020-3702: Firmware updates for ath9k and ath10k chips Pali Rohár
2020-08-10 9:01 ` Pali Rohár
2020-08-12 8:36 ` Pali Rohár
2020-08-12 8:36 ` Pali Rohár
2020-08-12 9:17 ` Toke Høiland-Jørgensen
2020-08-12 9:17 ` Toke Høiland-Jørgensen
2020-08-12 9:23 ` Jouni Malinen
2020-08-12 9:23 ` Jouni Malinen
2020-08-12 9:32 ` Michał Kazior
2020-08-12 9:32 ` Michał Kazior
2020-08-29 11:48 ` Baptiste Jonglez
2020-09-07 15:46 ` Kalle Valo
2020-10-07 8:25 ` Pali Rohár
2020-10-07 8:25 ` Pali Rohár
2020-12-07 14:04 ` Pali Rohár
2020-12-07 14:04 ` Pali Rohár
2020-12-14 17:41 ` Jouni Malinen
2020-12-14 17:41 ` Jouni Malinen
2020-12-17 9:35 ` Pali Rohár
2020-12-17 9:35 ` Pali Rohár
2020-08-12 9:31 ` Pali Rohár
2020-08-12 9:31 ` Pali Rohár
2020-08-17 9:58 ` Kalle Valo
2020-08-17 9:58 ` Kalle Valo
2020-08-17 10:36 ` Pali Rohár
2020-08-17 10:36 ` Pali Rohár
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.