Search Linux Wireless

Re: [PATCH] mac80211: Allow sleeping in set_key op

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 6 May 2007 20:37:34 +0200 Michael Buesch wrote:
> [...]
>  static void finish_sta_info_free(struct ieee80211_local *local,
>  				 struct sta_info *sta)
>  {
> +	sta_info_key_disable(local, sta);
> +
>  #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
>  	printk(KERN_DEBUG "%s: Removed STA " MAC_FMT "\n",
>  	       local->mdev->name, MAC_ARG(sta->addr));
> @@ -213,6 +246,16 @@ static void finish_sta_info_free(struct 
>  	sta_info_put(sta);
>  }

There is a race here. You already removed the sta from sta_hash list
and you're not protected by any lock. Thus, it is possible to add a new
station with the same address before finish_sta_info_free is called.
When this happens, you call the set_key handler for the new key and
after that you call it again with DISABLE_KEY.

It's not easy to get this right. I remember also problems with
dereferencing already freed key when I thought about possible ways to
solve exactly this problem.

Thanks,

 Jiri

-- 
Jiri Benc
SUSE Labs
-
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux