Today I hit one of my new WARN_ONs in the mac80211 code because a key wasn't being freed correctly. After wondering for a while I finally tracked it to the fact that STA keys aren't added to the per-sdata key list correctly, they are supposed to always be on that list, not just for default keys. This patch fixes that. Signed-off-by: Johannes Berg <johannes@xxxxxxxxxxxxxxxx> --- John, please merge soon, the ultimate consequence of this bug is that when trying to delete everything mac80211 segfaults with an access to already freed memory because the key is freed but still thought to belong to a STA. net/mac80211/key.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- everything.orig/net/mac80211/key.c 2008-03-01 19:28:56.000000000 +0100 +++ everything/net/mac80211/key.c 2008-03-01 19:29:00.000000000 +0100 @@ -174,6 +174,9 @@ static void __ieee80211_key_replace(stru { int idx, defkey; + if (new) + list_add(&new->list, &sdata->key_list); + if (sta) { rcu_assign_pointer(sta->key, new); } else { @@ -190,9 +193,6 @@ static void __ieee80211_key_replace(stru ieee80211_set_default_key(sdata, -1); rcu_assign_pointer(sdata->keys[idx], new); - if (new) - list_add(&new->list, &sdata->key_list); - if (defkey && new) ieee80211_set_default_key(sdata, new->conf.keyidx); } -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html