From: Johannes Berg Date: Mon, 3 Jan 2011 18:42:24 +0000 (+0100) Subject: mac80211: add missing synchronize_rcu X-Git-Tag: v2.6.38-rc1~476^2~14^2~3^2~3^2 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=d2460f4b2fa6dbdeec800414f9cf5b1fc8b71197;p=users%2Fhch%2Fdma-mapping.git mac80211: add missing synchronize_rcu commit ad0e2b5a00dbec303e4682b403bb6703d11dcdb2 Author: Johannes Berg Date: Tue Jun 1 10:19:19 2010 +0200 mac80211: simplify key locking removed the synchronization against RCU and thus opened a race window where we can use a key for TX while it is already freed. Put a synchronisation into the right place to close that window. Reported-by: Jussi Kivilinna Cc: stable@kernel.org [2.6.36+] Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- diff --git a/net/mac80211/key.c b/net/mac80211/key.c index ccd676b2f599..aa1b734a5e99 100644 --- a/net/mac80211/key.c +++ b/net/mac80211/key.c @@ -366,6 +366,12 @@ static void __ieee80211_key_destroy(struct ieee80211_key *key) if (!key) return; + /* + * Synchronize so the TX path can no longer be using + * this key before we free/remove it. + */ + synchronize_rcu(); + if (key->local) ieee80211_key_disable_hw_accel(key);