Today I hit one of my new WARN_ONs in the mac80211 code because
a key wasn't being freed correctly. After wondering for a while
I finally tracked it to the fact that STA keys aren't added to
the per-sdata key list correctly, they are supposed to always be
on that list, not just for default keys. This patch fixes that.
Signed-off-by: Johannes Berg <johannes@xxxxxxxxxxxxxxxx>
---
John, please merge soon, the ultimate consequence of this bug is that
when trying to delete everything mac80211 segfaults with an access to
already freed memory because the key is freed but still thought to
belong to a STA.
net/mac80211/key.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- everything.orig/net/mac80211/key.c 2008-03-01 19:28:56.000000000 +0100
+++ everything/net/mac80211/key.c 2008-03-01 19:29:00.000000000 +0100
@@ -174,6 +174,9 @@ static void __ieee80211_key_replace(stru
{
int idx, defkey;
+ if (new)
+ list_add(&new->list, &sdata->key_list);
+
if (sta) {
rcu_assign_pointer(sta->key, new);
} else {
@@ -190,9 +193,6 @@ static void __ieee80211_key_replace(stru
ieee80211_set_default_key(sdata, -1);
rcu_assign_pointer(sdata->keys[idx], new);
- if (new)
- list_add(&new->list, &sdata->key_list);
-
if (defkey && new)
ieee80211_set_default_key(sdata, new->conf.keyidx);
}
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
