mac80211: flush keys when stopping AP

Since hostapd will remove keys this isn't usually
an issue, but we shouldn't leak keys to the next
BSS started on the same interface. For VLANs this
also fixes a bug, keys that aren't removed would
otherwise be leaked.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 8baa561c8f5b00042180fdb2551a1ca66d854b20..9d708f9e246e025d7a337f6d3fe0f9a808ebbf7e 100644 (file)
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -1035,9 +1035,12 @@ static int ieee80211_stop_ap(struct wiphy *wiphy, struct net_device *dev)
                sta_info_flush_defer(vlan);
        sta_info_flush_defer(sdata);
        rcu_barrier();
-       list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
+       list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) {
                sta_info_flush_cleanup(vlan);
+               ieee80211_free_keys(vlan);
+       }
        sta_info_flush_cleanup(sdata);
+       ieee80211_free_keys(sdata);
 
        sdata->vif.bss_conf.enable_beacon = false;
        clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, &sdata->state);

diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 8e0bf34f3f689aaed833a844ce12a731c917768d..290de4d99697d8b1eccd4f0c798c3c8cc7313ddf 100644 (file)
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -840,7 +840,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
 
                /*
                 * Free all remaining keys, there shouldn't be any,
-                * except maybe group keys in AP more or WDS?
+                * except maybe in WDS mode?
                 */
                ieee80211_free_keys(sdata);