From 3e2ad1b932d827ddb038a5f9163bca766803811a Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 9 Jun 2008 16:26:47 +0300 Subject: [PATCH] Fixed race condition between disassociation event and group key handshake This avoids getting stuck in state where wpa_supplicant has canceled scans, but the driver is actually in disassociated state. The previously used code that controlled scan timeout from WPA module is not really needed anymore (and has not been needed for past four years since authentication timeout was separated from scan request timeout), so this can simply be removed to resolved the race condition. As an extra bonus, this simplifies the interface to WPA module. [Bug 261] --- src/rsn_supp/wpa.c | 3 --- src/rsn_supp/wpa.h | 2 -- src/rsn_supp/wpa_i.h | 12 ------------ wpa_supplicant/ChangeLog | 2 ++ wpa_supplicant/preauth_test.c | 14 -------------- wpa_supplicant/wpas_glue.c | 19 ++++--------------- 6 files changed, 6 insertions(+), 46 deletions(-) diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index cb511e009..d1b93eb06 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -450,7 +450,6 @@ static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm, MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr), wpa_cipher_txt(sm->pairwise_cipher), wpa_cipher_txt(sm->group_cipher)); - wpa_sm_cancel_scan(sm); wpa_sm_cancel_auth_timeout(sm); wpa_sm_set_state(sm, WPA_COMPLETED); @@ -782,7 +781,6 @@ static void wpa_report_ie_mismatch(struct wpa_sm *sm, } wpa_sm_disassociate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS); - wpa_sm_req_scan(sm, 0, 0); } @@ -1790,7 +1788,6 @@ static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry, os_memset(sm->pmk, 0, sizeof(sm->pmk)); wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); - wpa_sm_req_scan(sm, 0, 0); } } diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h index 60a3fa03b..650e75f2c 100644 --- a/src/rsn_supp/wpa.h +++ b/src/rsn_supp/wpa.h @@ -36,8 +36,6 @@ struct wpa_sm_ctx { void (*set_state)(void *ctx, wpa_states state); wpa_states (*get_state)(void *ctx); - void (*req_scan)(void *ctx, int sec, int usec); - void (*cancel_scan)(void *ctx); void (*deauthenticate)(void * ctx, int reason_code); void (*disassociate)(void *ctx, int reason_code); int (*set_key)(void *ctx, wpa_alg alg, diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h index c4cd07c3c..150515541 100644 --- a/src/rsn_supp/wpa_i.h +++ b/src/rsn_supp/wpa_i.h @@ -120,18 +120,6 @@ static inline wpa_states wpa_sm_get_state(struct wpa_sm *sm) return sm->ctx->get_state(sm->ctx->ctx); } -static inline void wpa_sm_req_scan(struct wpa_sm *sm, int sec, int usec) -{ - WPA_ASSERT(sm->ctx->req_scan); - sm->ctx->req_scan(sm->ctx->ctx, sec, usec); -} - -static inline void wpa_sm_cancel_scan(struct wpa_sm *sm) -{ - WPA_ASSERT(sm->ctx->cancel_scan); - sm->ctx->cancel_scan(sm->ctx->ctx); -} - static inline void wpa_sm_deauthenticate(struct wpa_sm *sm, int reason_code) { WPA_ASSERT(sm->ctx->deauthenticate); diff --git a/wpa_supplicant/ChangeLog b/wpa_supplicant/ChangeLog index 15bf6c0c7..56fe04267 100644 --- a/wpa_supplicant/ChangeLog +++ b/wpa_supplicant/ChangeLog @@ -14,6 +14,8 @@ ChangeLog for wpa_supplicant * added option of using faster, but larger, routines in the internal LibTomMath (for internal TLS implementation) to speed up DH and RSA calculations (CONFIG_INTERNAL_LIBTOMMATH_FAST=y) + * fixed race condition between disassociation event and group key + handshake to avoid getting stuck in incorrect state [Bug 261] 2008-02-22 - v0.6.3 * removed 'nai' and 'eappsk' network configuration variables that were diff --git a/wpa_supplicant/preauth_test.c b/wpa_supplicant/preauth_test.c index e21cd57ba..86307a883 100644 --- a/wpa_supplicant/preauth_test.c +++ b/wpa_supplicant/preauth_test.c @@ -43,18 +43,6 @@ struct preauth_test_data { }; -static void _wpa_supplicant_req_scan(void *wpa_s, int sec, int usec) -{ - wpa_supplicant_req_scan(wpa_s, sec, usec); -} - - -static void _wpa_supplicant_cancel_scan(void *wpa_s) -{ - wpa_supplicant_cancel_scan(wpa_s); -} - - static void _wpa_supplicant_disassociate(void *wpa_s, int reason_code) { wpa_supplicant_disassociate(wpa_s, reason_code); @@ -253,8 +241,6 @@ static void wpa_init_conf(struct wpa_supplicant *wpa_s, const char *ifname) ctx->ctx = wpa_s; ctx->set_state = _wpa_supplicant_set_state; ctx->get_state = _wpa_supplicant_get_state; - ctx->req_scan = _wpa_supplicant_req_scan; - ctx->cancel_scan = _wpa_supplicant_cancel_scan; ctx->deauthenticate = _wpa_supplicant_deauthenticate; ctx->disassociate = _wpa_supplicant_disassociate; ctx->set_key = wpa_supplicant_set_key; diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c index eb422cbcc..913de2cea 100644 --- a/wpa_supplicant/wpas_glue.c +++ b/wpa_supplicant/wpas_glue.c @@ -269,7 +269,6 @@ static void wpa_supplicant_notify_eapol_done(void *ctx) wpa_s->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) { wpa_supplicant_set_state(wpa_s, WPA_4WAY_HANDSHAKE); } else { - wpa_supplicant_cancel_scan(wpa_s); wpa_supplicant_cancel_auth_timeout(wpa_s); wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); } @@ -353,18 +352,6 @@ static int _wpa_ether_send(void *wpa_s, const u8 *dest, u16 proto, } -static void _wpa_supplicant_req_scan(void *wpa_s, int sec, int usec) -{ - wpa_supplicant_req_scan(wpa_s, sec, usec); -} - - -static void _wpa_supplicant_cancel_scan(void *wpa_s) -{ - wpa_supplicant_cancel_scan(wpa_s); -} - - static void _wpa_supplicant_cancel_auth_timeout(void *wpa_s) { wpa_supplicant_cancel_auth_timeout(wpa_s); @@ -397,12 +384,16 @@ static wpa_states _wpa_supplicant_get_state(void *wpa_s) static void _wpa_supplicant_disassociate(void *wpa_s, int reason_code) { wpa_supplicant_disassociate(wpa_s, reason_code); + /* Schedule a scan to make sure we continue looking for networks */ + wpa_supplicant_req_scan(wpa_s, 0, 0); } static void _wpa_supplicant_deauthenticate(void *wpa_s, int reason_code) { wpa_supplicant_deauthenticate(wpa_s, reason_code); + /* Schedule a scan to make sure we continue looking for networks */ + wpa_supplicant_req_scan(wpa_s, 0, 0); } @@ -574,8 +565,6 @@ int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s) ctx->ctx = wpa_s; ctx->set_state = _wpa_supplicant_set_state; ctx->get_state = _wpa_supplicant_get_state; - ctx->req_scan = _wpa_supplicant_req_scan; - ctx->cancel_scan = _wpa_supplicant_cancel_scan; ctx->deauthenticate = _wpa_supplicant_deauthenticate; ctx->disassociate = _wpa_supplicant_disassociate; ctx->set_key = wpa_supplicant_set_key;