On Thu, 2008-06-26 at 12:13 +0300, Tomas Winkler wrote:
> From: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
>
> This patch fixes an oops in several failure paths in key allocation. This
> Oops occurs when freeing a key that has not been linked yet, so the
> key->sdata is not set.
>
> Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
> Signed-off-by: Tomas Winkler <tomas.winkler@xxxxxxxxx>
Acked-by: Johannes Berg <johannes@xxxxxxxxxxxxxxxx>
> ---
> net/mac80211/key.c | 9 +++++++++
> 1 files changed, 9 insertions(+), 0 deletions(-)
>
> diff --git a/net/mac80211/key.c b/net/mac80211/key.c
> index d4893bd..6597c77 100644
> --- a/net/mac80211/key.c
> +++ b/net/mac80211/key.c
> @@ -387,6 +387,15 @@ void ieee80211_key_free(struct ieee80211_key *key)
> if (!key)
> return;
>
> + if (!key->sdata) {
> + /* The key has not been linked yet, simply free it
> + * and don't Oops */
> + if (key->conf.alg == ALG_CCMP)
> + ieee80211_aes_key_free(key->u.ccmp.tfm);
> + kfree(key);
> + return;
> + }
> +
> spin_lock_irqsave(&key->sdata->local->key_lock, flags);
> __ieee80211_key_free(key);
> spin_unlock_irqrestore(&key->sdata->local->key_lock, flags);
Attachment:
signature.asc
Description: This is a digitally signed message part
