aboutsummaryrefslogtreecommitdiffstats
path: root/package
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@openwrt.org>2011-01-04 00:37:28 +0000
committerFelix Fietkau <nbd@openwrt.org>2011-01-04 00:37:28 +0000
commit8c7ea4384cbb171ec658177433831a64cdbe024c (patch)
treef1ddf5261480aa9fea4525e90711d84dfc153817 /package
parent4a177f01a2667d9a5412e34c08722f028a02a7ae (diff)
downloadupstream-8c7ea4384cbb171ec658177433831a64cdbe024c.tar.gz
upstream-8c7ea4384cbb171ec658177433831a64cdbe024c.tar.bz2
upstream-8c7ea4384cbb171ec658177433831a64cdbe024c.zip
mac80211: fix a race condition during key deletion
SVN-Revision: 24895
Diffstat (limited to 'package')
-rw-r--r--package/mac80211/patches/320-mac80211_fix_key_del_race.patch32
1 files changed, 32 insertions, 0 deletions
diff --git a/package/mac80211/patches/320-mac80211_fix_key_del_race.patch b/package/mac80211/patches/320-mac80211_fix_key_del_race.patch
new file mode 100644
index 0000000000..52803e1098
--- /dev/null
+++ b/package/mac80211/patches/320-mac80211_fix_key_del_race.patch
@@ -0,0 +1,32 @@
+From: Johannes Berg <johannes.berg@intel.com>
+
+commit ad0e2b5a00dbec303e4682b403bb6703d11dcdb2
+Author: Johannes Berg <johannes.berg@intel.com>
+Date: Tue Jun 1 10:19:19 2010 +0200
+
+ mac80211: simplify key locking
+
+removed the synchronization against RCU and thus
+opened a race window where we can use a key for
+TX while it is already freed. Put a synchronisation
+into the right place to close that window.
+
+Reported-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
+Cc: stable@kernel.org [2.6.36+]
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+--- a/net/mac80211/key.c
++++ b/net/mac80211/key.c
+@@ -382,6 +382,12 @@ static void __ieee80211_key_destroy(stru
+ if (!key)
+ return;
+
++ /*
++ * Synchronize so the TX path can no longer be using
++ * this key before we free/remove it.
++ */
++ synchronize_rcu();
++
+ if (key->local)
+ ieee80211_key_disable_hw_accel(key);
+