From: Michael Buesch <mb@bu3sch.de>
To: Jiri Benc <jbenc@suse.cz>
Cc: John Linville <linville@tuxdriver.com>, linux-wireless@vger.kernel.org
Subject: Re: [PATCH] mac80211: Allow sleeping in set_key op
Date: Mon, 14 May 2007 19:47:17 +0200 [thread overview]
Message-ID: <200705141947.17927.mb@bu3sch.de> (raw)
In-Reply-To: <20070514193715.4fffabda@griffin.suse.cz>
On Monday 14 May 2007 19:37:15 Jiri Benc wrote:
> On Mon, 7 May 2007 22:44:23 +0200, Michael Buesch wrote:
> > On Monday 07 May 2007 18:52:24 Jiri Benc wrote:
> > > There is a race here. You already removed the sta from sta_hash list
> > > and you're not protected by any lock. Thus, it is possible to add a new
> > > station with the same address before finish_sta_info_free is called.
> > > When this happens, you call the set_key handler for the new key and
> > > after that you call it again with DISABLE_KEY.
> > >
> > > It's not easy to get this right. I remember also problems with
> > > dereferencing already freed key when I thought about possible ways to
> > > solve exactly this problem.
> >
> > I'm not sure this race exists.
> > You assume that when a new key is added with the same mac as before
> > it overrides the old key.
>
> Yes.
I think that's an invalid assumption.
The key is per-bss and not per bssid-address; although that is
mostly the same, except for such cornercases like this race.
> > I think that's a bug in the driver then.
> > IMO the driver _must_ keep track of used key "slots" and don't
> > re-allocate them for new keys until disable-key is called.
>
> How the hardware will act if you supply two different keys for the same
> MAC address? And later, how do you recognize which of these two keys is
> being disabled?
That's what hw_key_idx is for.
> > And that's exactly what bcm43xx does.
> >
> > IMO it's a bug in the driver, when it overrides a key that's not
> > DISABLEd.
> >
> > Short: I don't think there is a race, and if, then it's a driver bug.
>
> I must admit I don't know how exactly keys are handled in all possible
> hardware. So I just want to be sure and keep exact serialization here.
> If there is a consensus that serialization is not needed here, well,
> it's easier then.
>
> Do you know how other drivers work regarding this?
I'm sorry, no.
--
Greetings Michael.
next prev parent reply other threads:[~2007-05-14 17:47 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-05-06 18:37 [PATCH] mac80211: Allow sleeping in set_key op Michael Buesch
2007-05-07 16:52 ` Jiri Benc
2007-05-07 20:44 ` Michael Buesch
2007-05-14 17:37 ` Jiri Benc
2007-05-14 17:47 ` Michael Buesch [this message]
2007-05-07 19:17 ` Michael Wu
2007-05-07 20:50 ` Michael Buesch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200705141947.17927.mb@bu3sch.de \
--to=mb@bu3sch.de \
--cc=jbenc@suse.cz \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).