mac80211: fix another key non-race The code here is only not racy because all the places that assign the pointers it uses are holding the sta_mtx as well as the key_mtx and so can't race against this because this code holds the sta_mtx. But that's not intuitive, so fix it to hold the key_mtx. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>

commit: 8cb231530f03961b55aa4e84e6ead5590bcde04d [log] [tgz]
author: Johannes Berg <johannes.berg@intel.com> Thu May 12 15:07:15 2011 +0200
committer: John W. Linville <linville@tuxdriver.com> Thu May 12 14:10:54 2011 -0400
tree: 62e94c7423bbb073640fe4fe8454ba5135b0ebc8
parent: 5c0c36412b2dc6b1e243c7e9115306fe286583b7 [diff] [blame]
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index f05244d..cba8309 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c

@@ -652,10 +652,12 @@
 	if (ret)
 		return ret;
 
+	mutex_lock(&local->key_mtx);
 	for (i = 0; i < NUM_DEFAULT_KEYS; i++)
-		ieee80211_key_free(local, sta->gtk[i]);
+		__ieee80211_key_free(sta->gtk[i]);
 	if (sta->ptk)
-		ieee80211_key_free(local, sta->ptk);
+		__ieee80211_key_free(sta->ptk);
+	mutex_unlock(&local->key_mtx);
 
 	sta->dead = true;
commit	8cb231530f03961b55aa4e84e6ead5590bcde04d	[log] [tgz]
author	Johannes Berg <johannes.berg@intel.com>	Thu May 12 15:07:15 2011 +0200
committer	John W. Linville <linville@tuxdriver.com>	Thu May 12 14:10:54 2011 -0400
tree	62e94c7423bbb073640fe4fe8454ba5135b0ebc8
parent	5c0c36412b2dc6b1e243c7e9115306fe286583b7 [diff] [blame]