summaryrefslogtreecommitdiff
path: root/net/mac80211/cfg.c
diff options
context:
space:
mode:
authorJohannes Berg <johannes.berg@intel.com>2011-05-12 14:31:49 +0200
committerJohn W. Linville <linville@tuxdriver.com>2011-05-12 14:10:53 -0400
commit5c0c36412b2dc6b1e243c7e9115306fe286583b7 (patch)
treea189957b3a8e939d19da304541ba087f1264085a /net/mac80211/cfg.c
parentdea4096bc41a9642039840ced91e585d04883a16 (diff)
downloadlwn-5c0c36412b2dc6b1e243c7e9115306fe286583b7.tar.gz
lwn-5c0c36412b2dc6b1e243c7e9115306fe286583b7.zip
mac80211: make key locking clearer
The code in ieee80211_del_key() doesn't acquire the key_mtx properly when it dereferences the keys. It turns out that isn't actually necessary since the key_mtx itself seems to be redundant since all key manipulations are done under the RTNL, but as long as we have the key_mtx we should use it the right way too. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/mac80211/cfg.c')
-rw-r--r--net/mac80211/cfg.c38
1 files changed, 15 insertions, 23 deletions
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index ed3400cd7a5a..94690366321c 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -160,13 +160,14 @@ static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev,
static int ieee80211_del_key(struct wiphy *wiphy, struct net_device *dev,
u8 key_idx, bool pairwise, const u8 *mac_addr)
{
- struct ieee80211_sub_if_data *sdata;
+ struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+ struct ieee80211_local *local = sdata->local;
struct sta_info *sta;
+ struct ieee80211_key *key = NULL;
int ret;
- sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-
- mutex_lock(&sdata->local->sta_mtx);
+ mutex_lock(&local->sta_mtx);
+ mutex_lock(&local->key_mtx);
if (mac_addr) {
ret = -ENOENT;
@@ -175,33 +176,24 @@ static int ieee80211_del_key(struct wiphy *wiphy, struct net_device *dev,
if (!sta)
goto out_unlock;
- if (pairwise) {
- if (sta->ptk) {
- ieee80211_key_free(sdata->local, sta->ptk);
- ret = 0;
- }
- } else {
- if (sta->gtk[key_idx]) {
- ieee80211_key_free(sdata->local,
- sta->gtk[key_idx]);
- ret = 0;
- }
- }
-
- goto out_unlock;
- }
+ if (pairwise)
+ key = sta->ptk;
+ else
+ key = sta->gtk[key_idx];
+ } else
+ key = sdata->keys[key_idx];
- if (!sdata->keys[key_idx]) {
+ if (!key) {
ret = -ENOENT;
goto out_unlock;
}
- ieee80211_key_free(sdata->local, sdata->keys[key_idx]);
- WARN_ON(sdata->keys[key_idx]);
+ __ieee80211_key_free(key);
ret = 0;
out_unlock:
- mutex_unlock(&sdata->local->sta_mtx);
+ mutex_unlock(&local->key_mtx);
+ mutex_unlock(&local->sta_mtx);
return ret;
}