Search Linux Wireless

[PATCH] lib80211: call try_module_get() in lib80211_get_crypto_ops()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Doing it by the caller is racy.  Some callers neglected to do so.  Fix
callers not to call try_module_get() after lib80211_get_crypto_ops().

When ops is copied, move lib80211_crypt_delayed_deinit() after
try_module_get() to avoid the risk that the module would be unloaded
between those calls.

Signed-off-by: Pavel Roskin <proski@xxxxxxx>
---
 drivers/net/wireless/hostap/hostap_ioctl.c |    5 ++---
 drivers/net/wireless/ipw2x00/libipw_wx.c   |    6 +++---
 net/wireless/lib80211.c                    |    3 +++
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/drivers/net/wireless/hostap/hostap_ioctl.c b/drivers/net/wireless/hostap/hostap_ioctl.c
index 12de464..af0516c 100644
--- a/drivers/net/wireless/hostap/hostap_ioctl.c
+++ b/drivers/net/wireless/hostap/hostap_ioctl.c
@@ -166,7 +166,7 @@ static int prism2_ioctl_siwencode(struct net_device *dev,
 			request_module("lib80211_crypt_wep");
 			new_crypt->ops = lib80211_get_crypto_ops("WEP");
 		}
-		if (new_crypt->ops && try_module_get(new_crypt->ops->owner))
+		if (new_crypt->ops)
 			new_crypt->priv = new_crypt->ops->init(i);
 		if (!new_crypt->ops || !new_crypt->priv) {
 			kfree(new_crypt);
@@ -3293,8 +3293,6 @@ static int prism2_ioctl_siwencodeext(struct net_device *dev,
 	if (*crypt == NULL || (*crypt)->ops != ops) {
 		struct lib80211_crypt_data *new_crypt;
 
-		lib80211_crypt_delayed_deinit(&local->crypt_info, crypt);
-
 		new_crypt = kzalloc(sizeof(struct lib80211_crypt_data),
 				GFP_KERNEL);
 		if (new_crypt == NULL) {
@@ -3310,6 +3308,7 @@ static int prism2_ioctl_siwencodeext(struct net_device *dev,
 			goto done;
 		}
 
+		lib80211_crypt_delayed_deinit(&local->crypt_info, crypt);
 		*crypt = new_crypt;
 	}
 
diff --git a/drivers/net/wireless/ipw2x00/libipw_wx.c b/drivers/net/wireless/ipw2x00/libipw_wx.c
index d7bd6cf0..04c4a60 100644
--- a/drivers/net/wireless/ipw2x00/libipw_wx.c
+++ b/drivers/net/wireless/ipw2x00/libipw_wx.c
@@ -395,7 +395,7 @@ int libipw_wx_set_encode(struct libipw_device *ieee,
 			new_crypt->ops = lib80211_get_crypto_ops("WEP");
 		}
 
-		if (new_crypt->ops && try_module_get(new_crypt->ops->owner))
+		if (new_crypt->ops)
 			new_crypt->priv = new_crypt->ops->init(key);
 
 		if (!new_crypt->ops || !new_crypt->priv) {
@@ -629,8 +629,6 @@ int libipw_wx_set_encodeext(struct libipw_device *ieee,
 	if (*crypt == NULL || (*crypt)->ops != ops) {
 		struct lib80211_crypt_data *new_crypt;
 
-		lib80211_crypt_delayed_deinit(&ieee->crypt_info, crypt);
-
 		new_crypt = kzalloc(sizeof(*new_crypt), GFP_KERNEL);
 		if (new_crypt == NULL) {
 			ret = -ENOMEM;
@@ -644,6 +642,8 @@ int libipw_wx_set_encodeext(struct libipw_device *ieee,
 			ret = -EINVAL;
 			goto done;
 		}
+
+		lib80211_crypt_delayed_deinit(&ieee->crypt_info, crypt);
 		*crypt = new_crypt;
 	}
 
diff --git a/net/wireless/lib80211.c b/net/wireless/lib80211.c
index a55c27b..123fa19 100644
--- a/net/wireless/lib80211.c
+++ b/net/wireless/lib80211.c
@@ -242,6 +242,7 @@ struct lib80211_crypto_ops *lib80211_get_crypto_ops(const char *name)
 {
 	struct lib80211_crypto_alg *alg;
 	unsigned long flags;
+	struct lib80211_crypto_ops *ret = NULL;
 
 	spin_lock_irqsave(&lib80211_crypto_lock, flags);
 	list_for_each_entry(alg, &lib80211_crypto_algs, list) {
@@ -252,6 +253,8 @@ struct lib80211_crypto_ops *lib80211_get_crypto_ops(const char *name)
 	return NULL;
 
       found:
+	if (try_module_get(alg->ops->owner))
+		ret = alg->ops;
 	spin_unlock_irqrestore(&lib80211_crypto_lock, flags);
 	return alg->ops;
 }
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux