From 8c7ea4384cbb171ec658177433831a64cdbe024c Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Tue, 4 Jan 2011 00:37:28 +0000 Subject: [PATCH] mac80211: fix a race condition during key deletion SVN-Revision: 24895 --- .../320-mac80211_fix_key_del_race.patch | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 package/mac80211/patches/320-mac80211_fix_key_del_race.patch diff --git a/package/mac80211/patches/320-mac80211_fix_key_del_race.patch b/package/mac80211/patches/320-mac80211_fix_key_del_race.patch new file mode 100644 index 0000000000..52803e1098 --- /dev/null +++ b/package/mac80211/patches/320-mac80211_fix_key_del_race.patch @@ -0,0 +1,32 @@ +From: Johannes Berg + +commit ad0e2b5a00dbec303e4682b403bb6703d11dcdb2 +Author: Johannes Berg +Date: Tue Jun 1 10:19:19 2010 +0200 + + mac80211: simplify key locking + +removed the synchronization against RCU and thus +opened a race window where we can use a key for +TX while it is already freed. Put a synchronisation +into the right place to close that window. + +Reported-by: Jussi Kivilinna +Cc: stable@kernel.org [2.6.36+] +Signed-off-by: Johannes Berg + +--- a/net/mac80211/key.c ++++ b/net/mac80211/key.c +@@ -382,6 +382,12 @@ static void __ieee80211_key_destroy(stru + if (!key) + return; + ++ /* ++ * Synchronize so the TX path can no longer be using ++ * this key before we free/remove it. ++ */ ++ synchronize_rcu(); ++ + if (key->local) + ieee80211_key_disable_hw_accel(key); + -- 2.30.2