From f03962eeeb507b0466706c7f0f60a8d397579359 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 3 Feb 2014 13:24:50 +0200 Subject: Fix hostapd segfault on beacon hint event Commit 795baf773f6d53bae3cfae4df6edda63e5022344 ('hostapd: Filter channel list updated events after country code change') uses the EVENT_CHANNEL_LIST_CHANGED data pointer, but it updated only one of the callers to provide that data. NL80211_CMD_REG_BEACON_HINT event was still sending the event without the initiator data and resulted in NULL pointer dereference, e.g., if a scan was run while hostapd was running and the driver was in world roaming state and enabled a channel for active scans. CRs-Fixed: 662554 Git-commit: 8597ebdbd44dd4dfb680a17a1d71c183377a0223 Git-repo : git://w1.fi/srv/git/hostap.git Signed-hostap: Jouni Malinen Change-Id: I947dc781166a627c8f80b08d43c094fe34a49279 --- src/drivers/driver.h | 1 + src/drivers/driver_nl80211.c | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/drivers/driver.h b/src/drivers/driver.h index ccbcab6e..c48339d6 100644 --- a/src/drivers/driver.h +++ b/src/drivers/driver.h @@ -42,6 +42,7 @@ enum reg_change_initiator { REGDOM_SET_BY_USER, REGDOM_SET_BY_DRIVER, REGDOM_SET_BY_COUNTRY_IE, + REGDOM_BEACON_HINT, }; /** diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index a98a3cd4..e221f657 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -2850,8 +2850,10 @@ static void do_process_drv_event(struct i802_bss *bss, int cmd, break; case NL80211_CMD_REG_BEACON_HINT: wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint"); + os_memset(&data, 0, sizeof(data)); + data.channel_list_changed.initiator = REGDOM_BEACON_HINT; wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, - NULL); + &data); break; case NL80211_CMD_NEW_STATION: nl80211_new_station_event(drv, tb); -- cgit v1.2.3 From e0a8146744cd0f4a55d0f95d961c8e2bd9dbaf09 Mon Sep 17 00:00:00 2001 From: Sunil Dutt Date: Tue, 6 May 2014 22:04:37 +0530 Subject: P2P: Refrain from performing extended listen during P2P connection. Do not perform extended listen period operations when either a P2P connection is in progress. This makes the connection more robust should an extended listen timer trigger during such an operation. CRs-Fixed: 661586 Git-commit: 0f1034e3889e7b8f54ed59317f1234db8167d12e Git-repo : git://w1.fi/srv/git/hostap.git Signed-off-by: Jouni Malinen Change-Id: I1f51d34e956fa2d6529c15c6b6dcb6cea1b3de41 --- src/p2p/p2p.c | 7 +++++++ src/p2p/p2p.h | 8 ++++++++ wpa_supplicant/p2p_supplicant.c | 8 ++++++++ 3 files changed, 23 insertions(+) diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c index 3e5dc8c2..b0da1d13 100644 --- a/src/p2p/p2p.c +++ b/src/p2p/p2p.c @@ -3875,6 +3875,13 @@ static void p2p_ext_listen_timeout(void *eloop_ctx, void *timeout_ctx) p2p_ext_listen_timeout, p2p, NULL); } + if (p2p->cfg->is_p2p_in_progress && + p2p->cfg->is_p2p_in_progress(p2p->cfg->cb_ctx)) { + p2p_dbg(p2p, "Operation in progress - skip Extended Listen timeout (%s)", + p2p_state_txt(p2p->state)); + return; + } + if (p2p->state == P2P_LISTEN_ONLY && p2p->ext_listen_only) { /* * This should not really happen, but it looks like the Listen diff --git a/src/p2p/p2p.h b/src/p2p/p2p.h index 5e729fbd..4461ed65 100644 --- a/src/p2p/p2p.h +++ b/src/p2p/p2p.h @@ -773,6 +773,14 @@ struct p2p_config { * or 0 if not. */ int (*is_concurrent_session_active)(void *ctx); + + /** + * is_p2p_in_progress - Check whether P2P operation is in progress + * @ctx: Callback context from cb_ctx + * Returns: 1 if P2P operation (e.g., group formation) is in progress + * or 0 if not. + */ + int (*is_p2p_in_progress)(void *ctx); }; diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c index 9a4e42f9..e339d0e6 100644 --- a/wpa_supplicant/p2p_supplicant.c +++ b/wpa_supplicant/p2p_supplicant.c @@ -3304,6 +3304,13 @@ int wpas_p2p_add_p2pdev_interface(struct wpa_supplicant *wpa_s) } +static int _wpas_p2p_in_progress(void *ctx) +{ + struct wpa_supplicant *wpa_s = ctx; + return wpas_p2p_in_progress(wpa_s); +} + + /** * wpas_p2p_init - Initialize P2P module for %wpa_supplicant * @global: Pointer to global data from wpa_supplicant_init() @@ -3369,6 +3376,7 @@ int wpas_p2p_init(struct wpa_global *global, struct wpa_supplicant *wpa_s) p2p.get_noa = wpas_get_noa; p2p.go_connected = wpas_go_connected; p2p.is_concurrent_session_active = wpas_is_concurrent_session_active; + p2p.is_p2p_in_progress = _wpas_p2p_in_progress; os_memcpy(wpa_s->global->p2p_dev_addr, wpa_s->own_addr, ETH_ALEN); os_memcpy(p2p.dev_addr, wpa_s->global->p2p_dev_addr, ETH_ALEN); -- cgit v1.2.3 From 298f5b84159a2334bb31fd1af9a6d887346c130d Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 20 May 2014 12:39:21 +0530 Subject: P2P: Refrain from performing extended listen during PD Extend the previous commit 0f1034e3889e7b8f54ed59317f1234db8167d12e to skip extended listen also based on ongoing provision discovery operation (which does not show up as a separate P2P module state and as such, was not coveraged by the previous commit). CRs-Fixed: 661586 Git-commit: 7e68be38e46d8f6cc7d5bc8083fe470d0418fb4f Git-repo : git://w1.fi/srv/git/hostap.git Signed-off-by: Jouni Malinen Change-Id: Icdf4aac5b4b7c5600459f07a680f1171f8191dd0 --- src/p2p/p2p.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c index b0da1d13..1126f2d1 100644 --- a/src/p2p/p2p.c +++ b/src/p2p/p2p.c @@ -3875,8 +3875,10 @@ static void p2p_ext_listen_timeout(void *eloop_ctx, void *timeout_ctx) p2p_ext_listen_timeout, p2p, NULL); } - if (p2p->cfg->is_p2p_in_progress && - p2p->cfg->is_p2p_in_progress(p2p->cfg->cb_ctx)) { + if ((p2p->cfg->is_p2p_in_progress && + p2p->cfg->is_p2p_in_progress(p2p->cfg->cb_ctx)) || + (p2p->pending_action_state == P2P_PENDING_PD && + p2p->pd_retries > 0)) { p2p_dbg(p2p, "Operation in progress - skip Extended Listen timeout (%s)", p2p_state_txt(p2p->state)); return; -- cgit v1.2.3 From 3cc49706dd4c4909a1ace4bae222696655663143 Mon Sep 17 00:00:00 2001 From: Sudha Daram Date: Wed, 18 Dec 2013 12:02:44 +0530 Subject: WNM: Add debug logs to get the RSSI from the scan results This commit adds few more debug prints to log the RSSI information from the scanned BSSIDs and the current connected BSSID when comparing neighbor results during WNM Transition Management Request processing. CRs-Fixed: 684325 Change-Id: Id67bd7d898540d029ea7c67f992834dde140358f Git-commit: 3c1060ff8fec3d5f8b14ccfd9b37ed6b682434e6 Git-repo : git://w1.fi/srv/git/hostap.git Signed-hostap: Jouni Malinen --- wpa_supplicant/wnm_sta.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c index 95e2dfff..8875d63c 100644 --- a/wpa_supplicant/wnm_sta.c +++ b/wpa_supplicant/wnm_sta.c @@ -489,6 +489,10 @@ static int compare_scan_neighbor_results(struct wpa_supplicant *wpa_s, if (scan_res == NULL || num_neigh_rep == 0) return 0; + wpa_printf(MSG_DEBUG, "WNM: Current BSS " MACSTR " RSSI %d", + MAC2STR(wpa_s->bssid), + wpa_s->current_bss ? wpa_s->current_bss->level : 0); + for (i = 0; i < num_neigh_rep; i++) { for (j = 0; j < scan_res->num; j++) { /* Check for a better RSSI AP */ @@ -499,8 +503,16 @@ static int compare_scan_neighbor_results(struct wpa_supplicant *wpa_s, /* Got a BSSID with better RSSI value */ os_memcpy(bssid_to_connect, neigh_rep[i].bssid, ETH_ALEN); + wpa_printf(MSG_DEBUG, "Found a BSS " MACSTR + " with better scan RSSI %d", + MAC2STR(scan_res->res[j]->bssid), + scan_res->res[j]->level); return 1; } + wpa_printf(MSG_DEBUG, "scan_res[%d] " MACSTR + " RSSI %d", j, + MAC2STR(scan_res->res[j]->bssid), + scan_res->res[j]->level); } } -- cgit v1.2.3 From e6350606274342c9d85beedfe775bc9ea5379352 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 2 Mar 2014 15:21:59 +0200 Subject: WNM: Check wpa_s->current_bss more consistently The scan result comparison routine would not make much sense without current BSS level known, so return from the function without going through the iteration that could have dereferenced the pointer if wpa_s->current_bss == NULL. CRs-Fixed: 684325 Change-Id: Ifb12fb53f5ca193e0d1c23c3115e3507108cbf00 Git-commit: 67adcd266c4ef3f9356190ef2c0727303f9532cb Git-repo : git://w1.fi/srv/git/hostap.git Signed-off-by: Jouni Malinen --- wpa_supplicant/wnm_sta.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c index 8875d63c..810bf296 100644 --- a/wpa_supplicant/wnm_sta.c +++ b/wpa_supplicant/wnm_sta.c @@ -486,12 +486,11 @@ static int compare_scan_neighbor_results(struct wpa_supplicant *wpa_s, u8 i, j; - if (scan_res == NULL || num_neigh_rep == 0) + if (scan_res == NULL || num_neigh_rep == 0 || !wpa_s->current_bss) return 0; wpa_printf(MSG_DEBUG, "WNM: Current BSS " MACSTR " RSSI %d", - MAC2STR(wpa_s->bssid), - wpa_s->current_bss ? wpa_s->current_bss->level : 0); + MAC2STR(wpa_s->bssid), wpa_s->current_bss->level); for (i = 0; i < num_neigh_rep; i++) { for (j = 0; j < scan_res->num; j++) { -- cgit v1.2.3