mac80211: add missing synchronize_rcu

commit ad0e2b5a00dbec303e4682b403bb6703d11dcdb2
Author: Johannes Berg <johannes.berg@intel.com>
Date:   Tue Jun 1 10:19:19 2010 +0200

    mac80211: simplify key locking

removed the synchronization against RCU and thus
opened a race window where we can use a key for
TX while it is already freed. Put a synchronisation
into the right place to close that window.

Reported-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Cc: stable@kernel.org [2.6.36+]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

diff --git a/net/mac80211/key.c b/net/mac80211/key.c
index ccd676b..aa1b734 100644 (file)
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -366,6 +366,12 @@ static void __ieee80211_key_destroy(struct ieee80211_key *key)
        if (!key)
                return;
 
+       /*
+        * Synchronize so the TX path can no longer be using
+        * this key before we free/remove it.
+        */
+       synchronize_rcu();
+
        if (key->local)
                ieee80211_key_disable_hw_accel(key);