Doing it by the caller is racy. Some callers neglected to do so. Fix
callers not to call try_module_get() after lib80211_get_crypto_ops().
When ops is copied, move lib80211_crypt_delayed_deinit() after
try_module_get() to avoid the risk that the module would be unloaded
between those calls.
Signed-off-by: Pavel Roskin <proski@xxxxxxx>
---
drivers/net/wireless/hostap/hostap_ioctl.c | 5 ++---
drivers/net/wireless/ipw2x00/libipw_wx.c | 6 +++---
net/wireless/lib80211.c | 3 +++
3 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/drivers/net/wireless/hostap/hostap_ioctl.c b/drivers/net/wireless/hostap/hostap_ioctl.c
index 12de464..af0516c 100644
--- a/drivers/net/wireless/hostap/hostap_ioctl.c
+++ b/drivers/net/wireless/hostap/hostap_ioctl.c
@@ -166,7 +166,7 @@ static int prism2_ioctl_siwencode(struct net_device *dev,
request_module("lib80211_crypt_wep");
new_crypt->ops = lib80211_get_crypto_ops("WEP");
}
- if (new_crypt->ops && try_module_get(new_crypt->ops->owner))
+ if (new_crypt->ops)
new_crypt->priv = new_crypt->ops->init(i);
if (!new_crypt->ops || !new_crypt->priv) {
kfree(new_crypt);
@@ -3293,8 +3293,6 @@ static int prism2_ioctl_siwencodeext(struct net_device *dev,
if (*crypt == NULL || (*crypt)->ops != ops) {
struct lib80211_crypt_data *new_crypt;
- lib80211_crypt_delayed_deinit(&local->crypt_info, crypt);
-
new_crypt = kzalloc(sizeof(struct lib80211_crypt_data),
GFP_KERNEL);
if (new_crypt == NULL) {
@@ -3310,6 +3308,7 @@ static int prism2_ioctl_siwencodeext(struct net_device *dev,
goto done;
}
+ lib80211_crypt_delayed_deinit(&local->crypt_info, crypt);
*crypt = new_crypt;
}
diff --git a/drivers/net/wireless/ipw2x00/libipw_wx.c b/drivers/net/wireless/ipw2x00/libipw_wx.c
index d7bd6cf0..04c4a60 100644
--- a/drivers/net/wireless/ipw2x00/libipw_wx.c
+++ b/drivers/net/wireless/ipw2x00/libipw_wx.c
@@ -395,7 +395,7 @@ int libipw_wx_set_encode(struct libipw_device *ieee,
new_crypt->ops = lib80211_get_crypto_ops("WEP");
}
- if (new_crypt->ops && try_module_get(new_crypt->ops->owner))
+ if (new_crypt->ops)
new_crypt->priv = new_crypt->ops->init(key);
if (!new_crypt->ops || !new_crypt->priv) {
@@ -629,8 +629,6 @@ int libipw_wx_set_encodeext(struct libipw_device *ieee,
if (*crypt == NULL || (*crypt)->ops != ops) {
struct lib80211_crypt_data *new_crypt;
- lib80211_crypt_delayed_deinit(&ieee->crypt_info, crypt);
-
new_crypt = kzalloc(sizeof(*new_crypt), GFP_KERNEL);
if (new_crypt == NULL) {
ret = -ENOMEM;
@@ -644,6 +642,8 @@ int libipw_wx_set_encodeext(struct libipw_device *ieee,
ret = -EINVAL;
goto done;
}
+
+ lib80211_crypt_delayed_deinit(&ieee->crypt_info, crypt);
*crypt = new_crypt;
}
diff --git a/net/wireless/lib80211.c b/net/wireless/lib80211.c
index a55c27b..123fa19 100644
--- a/net/wireless/lib80211.c
+++ b/net/wireless/lib80211.c
@@ -242,6 +242,7 @@ struct lib80211_crypto_ops *lib80211_get_crypto_ops(const char *name)
{
struct lib80211_crypto_alg *alg;
unsigned long flags;
+ struct lib80211_crypto_ops *ret = NULL;
spin_lock_irqsave(&lib80211_crypto_lock, flags);
list_for_each_entry(alg, &lib80211_crypto_algs, list) {
@@ -252,6 +253,8 @@ struct lib80211_crypto_ops *lib80211_get_crypto_ops(const char *name)
return NULL;
found:
+ if (try_module_get(alg->ops->owner))
+ ret = alg->ops;
spin_unlock_irqrestore(&lib80211_crypto_lock, flags);
return alg->ops;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
