diff options
| author | Johannes Berg <johannes@sipsolutions.net> | 2008-04-09 16:45:37 +0200 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2008-04-16 14:53:22 -0400 |
| commit | 3a245766901a9dfdc3f53457a7954b369b50f281 (patch) | |
| tree | 33bc4ef4dfb1bdf0eec46d320fd4333f55dffaf8 /net/mac80211/key.c | |
| parent | 51e8b885902fc8cc2ded48322ad9402bbcff23fe (diff) | |
| download | kernel_samsung_smdk4412-3a245766901a9dfdc3f53457a7954b369b50f281.zip kernel_samsung_smdk4412-3a245766901a9dfdc3f53457a7954b369b50f281.tar.gz kernel_samsung_smdk4412-3a245766901a9dfdc3f53457a7954b369b50f281.tar.bz2 | |
mac80211: fix key hwaccel race
The previous key locking patch left a small race: it would be possible
to add a key and take the interface down before the key todo is run so
that hwaccel for that key is enabled on an interface that is down. Avoid
this by running the todo list when an interface is brought up or down.
This patch also fixes a small bug: before this change, a few functions
used the key list without the lock that protects it.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/mac80211/key.c')
| -rw-r--r-- | net/mac80211/key.c | 84 |
1 files changed, 52 insertions, 32 deletions
diff --git a/net/mac80211/key.c b/net/mac80211/key.c index 711e36e..acf8d03 100644 --- a/net/mac80211/key.c +++ b/net/mac80211/key.c @@ -355,61 +355,74 @@ void ieee80211_key_link(struct ieee80211_key *key, add_todo(key, KEY_FLAG_TODO_ADD_DEBUGFS); if (netif_running(sdata->dev)) - add_todo(key, KEY_FLAG_TODO_HWACCEL); + add_todo(key, KEY_FLAG_TODO_HWACCEL_ADD); } -void ieee80211_key_free(struct ieee80211_key *key) +static void __ieee80211_key_free(struct ieee80211_key *key) { - unsigned long flags; - - if (!key) - return; - /* * Replace key with nothingness if it was ever used. */ - if (key->sdata) { - spin_lock_irqsave(&key->sdata->local->sta_lock, flags); + if (key->sdata) __ieee80211_key_replace(key->sdata, key->sta, key, NULL); - spin_unlock_irqrestore(&key->sdata->local->sta_lock, flags); - } add_todo(key, KEY_FLAG_TODO_DELETE); } -void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata) +void ieee80211_key_free(struct ieee80211_key *key) { - struct ieee80211_key *key; - - might_sleep(); + unsigned long flags; - if (WARN_ON(!netif_running(sdata->dev))) + if (!key) return; - ieee80211_key_lock(); + spin_lock_irqsave(&key->sdata->local->sta_lock, flags); + __ieee80211_key_free(key); + spin_unlock_irqrestore(&key->sdata->local->sta_lock, flags); +} + +/* + * To be safe against concurrent manipulations of the list (which shouldn't + * actually happen) we need to hold the spinlock. But under the spinlock we + * can't actually do much, so we defer processing to the todo list. Then run + * the todo list to be sure the operation and possibly previously pending + * operations are completed. + */ +static void ieee80211_todo_for_each_key(struct ieee80211_sub_if_data *sdata, + u32 todo_flags) +{ + struct ieee80211_key *key; + unsigned long flags; + might_sleep(); + + spin_lock_irqsave(&sdata->local->sta_lock, flags); list_for_each_entry(key, &sdata->key_list, list) - ieee80211_key_enable_hw_accel(key); + add_todo(key, todo_flags); + spin_unlock_irqrestore(&sdata->local->sta_lock, flags); - ieee80211_key_unlock(); + ieee80211_key_todo(); } -void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata) +void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata) { - struct ieee80211_key *key; + ASSERT_RTNL(); - might_sleep(); + if (WARN_ON(!netif_running(sdata->dev))) + return; - ieee80211_key_lock(); + ieee80211_todo_for_each_key(sdata, KEY_FLAG_TODO_HWACCEL_ADD); +} - list_for_each_entry(key, &sdata->key_list, list) - ieee80211_key_disable_hw_accel(key); +void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata) +{ + ASSERT_RTNL(); - ieee80211_key_unlock(); + ieee80211_todo_for_each_key(sdata, KEY_FLAG_TODO_HWACCEL_REMOVE); } -static void __ieee80211_key_free(struct ieee80211_key *key) +static void __ieee80211_key_destroy(struct ieee80211_key *key) { if (!key) return; @@ -440,7 +453,8 @@ static void __ieee80211_key_todo(void) list_del_init(&key->todo); todoflags = key->flags & (KEY_FLAG_TODO_ADD_DEBUGFS | KEY_FLAG_TODO_DEFKEY | - KEY_FLAG_TODO_HWACCEL | + KEY_FLAG_TODO_HWACCEL_ADD | + KEY_FLAG_TODO_HWACCEL_REMOVE | KEY_FLAG_TODO_DELETE); key->flags &= ~todoflags; spin_unlock(&todo_lock); @@ -456,12 +470,16 @@ static void __ieee80211_key_todo(void) ieee80211_debugfs_key_add_default(key->sdata); work_done = true; } - if (todoflags & KEY_FLAG_TODO_HWACCEL) { + if (todoflags & KEY_FLAG_TODO_HWACCEL_ADD) { ieee80211_key_enable_hw_accel(key); work_done = true; } + if (todoflags & KEY_FLAG_TODO_HWACCEL_REMOVE) { + ieee80211_key_disable_hw_accel(key); + work_done = true; + } if (todoflags & KEY_FLAG_TODO_DELETE) { - __ieee80211_key_free(key); + __ieee80211_key_destroy(key); work_done = true; } @@ -482,14 +500,16 @@ void ieee80211_key_todo(void) void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata) { struct ieee80211_key *key, *tmp; - LIST_HEAD(tmp_list); + unsigned long flags; ieee80211_key_lock(); ieee80211_debugfs_key_remove_default(sdata); + spin_lock_irqsave(&sdata->local->sta_lock, flags); list_for_each_entry_safe(key, tmp, &sdata->key_list, list) - ieee80211_key_free(key); + __ieee80211_key_free(key); + spin_unlock_irqrestore(&sdata->local->sta_lock, flags); __ieee80211_key_todo(); |