diff options
| author | Johannes Berg <johannes.berg@intel.com> | 2011-05-12 08:31:49 -0400 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2011-05-12 14:10:53 -0400 |
| commit | 5c0c36412b2dc6b1e243c7e9115306fe286583b7 (patch) | |
| tree | a189957b3a8e939d19da304541ba087f1264085a /net/mac80211 | |
| parent | dea4096bc41a9642039840ced91e585d04883a16 (diff) | |
mac80211: make key locking clearer
The code in ieee80211_del_key() doesn't acquire the
key_mtx properly when it dereferences the keys. It
turns out that isn't actually necessary since the
key_mtx itself seems to be redundant since all key
manipulations are done under the RTNL, but as long
as we have the key_mtx we should use it the right
way too.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/mac80211')
| -rw-r--r-- | net/mac80211/cfg.c | 38 | ||||
| -rw-r--r-- | net/mac80211/key.c | 8 | ||||
| -rw-r--r-- | net/mac80211/key.h | 1 |
3 files changed, 20 insertions, 27 deletions
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index ed3400cd7a5a..94690366321c 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c | |||
| @@ -160,13 +160,14 @@ static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev, | |||
| 160 | static int ieee80211_del_key(struct wiphy *wiphy, struct net_device *dev, | 160 | static int ieee80211_del_key(struct wiphy *wiphy, struct net_device *dev, |
| 161 | u8 key_idx, bool pairwise, const u8 *mac_addr) | 161 | u8 key_idx, bool pairwise, const u8 *mac_addr) |
| 162 | { | 162 | { |
| 163 | struct ieee80211_sub_if_data *sdata; | 163 | struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); |
| 164 | struct ieee80211_local *local = sdata->local; | ||
| 164 | struct sta_info *sta; | 165 | struct sta_info *sta; |
| 166 | struct ieee80211_key *key = NULL; | ||
| 165 | int ret; | 167 | int ret; |
| 166 | 168 | ||
| 167 | sdata = IEEE80211_DEV_TO_SUB_IF(dev); | 169 | mutex_lock(&local->sta_mtx); |
| 168 | 170 | mutex_lock(&local->key_mtx); | |
| 169 | mutex_lock(&sdata->local->sta_mtx); | ||
| 170 | 171 | ||
| 171 | if (mac_addr) { | 172 | if (mac_addr) { |
| 172 | ret = -ENOENT; | 173 | ret = -ENOENT; |
| @@ -175,33 +176,24 @@ static int ieee80211_del_key(struct wiphy *wiphy, struct net_device *dev, | |||
| 175 | if (!sta) | 176 | if (!sta) |
| 176 | goto out_unlock; | 177 | goto out_unlock; |
| 177 | 178 | ||
| 178 | if (pairwise) { | 179 | if (pairwise) |
| 179 | if (sta->ptk) { | 180 | key = sta->ptk; |
| 180 | ieee80211_key_free(sdata->local, sta->ptk); | 181 | else |
| 181 | ret = 0; | 182 | key = sta->gtk[key_idx]; |
| 182 | } | 183 | } else |
| 183 | } else { | 184 | key = sdata->keys[key_idx]; |
| 184 | if (sta->gtk[key_idx]) { | ||
| 185 | ieee80211_key_free(sdata->local, | ||
| 186 | sta->gtk[key_idx]); | ||
| 187 | ret = 0; | ||
| 188 | } | ||
| 189 | } | ||
| 190 | |||
| 191 | goto out_unlock; | ||
| 192 | } | ||
| 193 | 185 | ||
| 194 | if (!sdata->keys[key_idx]) { | 186 | if (!key) { |
| 195 | ret = -ENOENT; | 187 | ret = -ENOENT; |
| 196 | goto out_unlock; | 188 | goto out_unlock; |
| 197 | } | 189 | } |
| 198 | 190 | ||
| 199 | ieee80211_key_free(sdata->local, sdata->keys[key_idx]); | 191 | __ieee80211_key_free(key); |
| 200 | WARN_ON(sdata->keys[key_idx]); | ||
| 201 | 192 | ||
| 202 | ret = 0; | 193 | ret = 0; |
| 203 | out_unlock: | 194 | out_unlock: |
| 204 | mutex_unlock(&sdata->local->sta_mtx); | 195 | mutex_unlock(&local->key_mtx); |
| 196 | mutex_unlock(&local->sta_mtx); | ||
| 205 | 197 | ||
| 206 | return ret; | 198 | return ret; |
| 207 | } | 199 | } |
diff --git a/net/mac80211/key.c b/net/mac80211/key.c index b510721e3b3d..958832dd4f0a 100644 --- a/net/mac80211/key.c +++ b/net/mac80211/key.c | |||
| @@ -471,8 +471,11 @@ int ieee80211_key_link(struct ieee80211_key *key, | |||
| 471 | return ret; | 471 | return ret; |
| 472 | } | 472 | } |
| 473 | 473 | ||
| 474 | static void __ieee80211_key_free(struct ieee80211_key *key) | 474 | void __ieee80211_key_free(struct ieee80211_key *key) |
| 475 | { | 475 | { |
| 476 | if (!key) | ||
| 477 | return; | ||
| 478 | |||
| 476 | /* | 479 | /* |
| 477 | * Replace key with nothingness if it was ever used. | 480 | * Replace key with nothingness if it was ever used. |
| 478 | */ | 481 | */ |
| @@ -486,9 +489,6 @@ static void __ieee80211_key_free(struct ieee80211_key *key) | |||
| 486 | void ieee80211_key_free(struct ieee80211_local *local, | 489 | void ieee80211_key_free(struct ieee80211_local *local, |
| 487 | struct ieee80211_key *key) | 490 | struct ieee80211_key *key) |
| 488 | { | 491 | { |
| 489 | if (!key) | ||
| 490 | return; | ||
| 491 | |||
| 492 | mutex_lock(&local->key_mtx); | 492 | mutex_lock(&local->key_mtx); |
| 493 | __ieee80211_key_free(key); | 493 | __ieee80211_key_free(key); |
| 494 | mutex_unlock(&local->key_mtx); | 494 | mutex_unlock(&local->key_mtx); |
diff --git a/net/mac80211/key.h b/net/mac80211/key.h index 4ddbe27eb570..e5432ef8b203 100644 --- a/net/mac80211/key.h +++ b/net/mac80211/key.h | |||
| @@ -135,6 +135,7 @@ struct ieee80211_key *ieee80211_key_alloc(u32 cipher, int idx, size_t key_len, | |||
| 135 | int __must_check ieee80211_key_link(struct ieee80211_key *key, | 135 | int __must_check ieee80211_key_link(struct ieee80211_key *key, |
| 136 | struct ieee80211_sub_if_data *sdata, | 136 | struct ieee80211_sub_if_data *sdata, |
| 137 | struct sta_info *sta); | 137 | struct sta_info *sta); |
| 138 | void __ieee80211_key_free(struct ieee80211_key *key); | ||
| 138 | void ieee80211_key_free(struct ieee80211_local *local, | 139 | void ieee80211_key_free(struct ieee80211_local *local, |
| 139 | struct ieee80211_key *key); | 140 | struct ieee80211_key *key); |
| 140 | void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx, | 141 | void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx, |