Fixed race condition between disassociation event and group key handshake

This avoids getting stuck in state where wpa_supplicant has canceled scans,
but the driver is actually in disassociated state. The previously used code
that controlled scan timeout from WPA module is not really needed anymore
(and has not been needed for past four years since authentication timeout
was separated from scan request timeout), so this can simply be removed to
resolved the race condition. As an extra bonus, this simplifies the
interface to WPA module.
[Bug 261]

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index cb511e0096e09a0e0e04cebdd0fc4b32e0709d55..d1b93eb06bd73a0f51c94bd21915ac9efbe5444a 100644 (file)
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -450,7 +450,6 @@ static void wpa_supplicant_key_neg_complete(struct wpa_sm *sm,
                MACSTR " [PTK=%s GTK=%s]", MAC2STR(addr),
                wpa_cipher_txt(sm->pairwise_cipher),
                wpa_cipher_txt(sm->group_cipher));
-       wpa_sm_cancel_scan(sm);
        wpa_sm_cancel_auth_timeout(sm);
        wpa_sm_set_state(sm, WPA_COMPLETED);
 
@@ -782,7 +781,6 @@ static void wpa_report_ie_mismatch(struct wpa_sm *sm,
        }
 
        wpa_sm_disassociate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS);
-       wpa_sm_req_scan(sm, 0, 0);
 }
 
 
@@ -1790,7 +1788,6 @@ static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
 
                os_memset(sm->pmk, 0, sizeof(sm->pmk));
                wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
-               wpa_sm_req_scan(sm, 0, 0);
        }
 }
 

diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h
index 60a3fa03bf6ab21675acd10aff1e97ef41dca899..650e75f2c68bf0f1d3be496454be318fc677c585 100644 (file)
--- a/src/rsn_supp/wpa.h
+++ b/src/rsn_supp/wpa.h
@@ -36,8 +36,6 @@ struct wpa_sm_ctx {
 
        void (*set_state)(void *ctx, wpa_states state);
        wpa_states (*get_state)(void *ctx);
-       void (*req_scan)(void *ctx, int sec, int usec);
-       void (*cancel_scan)(void *ctx);
        void (*deauthenticate)(void * ctx, int reason_code); 
        void (*disassociate)(void *ctx, int reason_code);
        int (*set_key)(void *ctx, wpa_alg alg,

diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index c4cd07c3c7ca68a001b7f6eb0b3f127a3e279730..150515541a8188a05f722a0a30ee5fc80c830000 100644 (file)
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -120,18 +120,6 @@ static inline wpa_states wpa_sm_get_state(struct wpa_sm *sm)
        return sm->ctx->get_state(sm->ctx->ctx);
 }
 
-static inline void wpa_sm_req_scan(struct wpa_sm *sm, int sec, int usec)
-{
-       WPA_ASSERT(sm->ctx->req_scan);
-       sm->ctx->req_scan(sm->ctx->ctx, sec, usec);
-}
-
-static inline void wpa_sm_cancel_scan(struct wpa_sm *sm)
-{
-       WPA_ASSERT(sm->ctx->cancel_scan);
-       sm->ctx->cancel_scan(sm->ctx->ctx);
-}
-
 static inline void wpa_sm_deauthenticate(struct wpa_sm *sm, int reason_code)
 {
        WPA_ASSERT(sm->ctx->deauthenticate);

diff --git a/wpa_supplicant/ChangeLog b/wpa_supplicant/ChangeLog
index 15bf6c0c75428ec6552f78383c8148a0d7494e76..56fe042673d4f58afa7b269135ee9fa740f47110 100644 (file)
--- a/wpa_supplicant/ChangeLog
+++ b/wpa_supplicant/ChangeLog
@@ -14,6 +14,8 @@ ChangeLog for wpa_supplicant
        * added option of using faster, but larger, routines in the internal
          LibTomMath (for internal TLS implementation) to speed up DH and RSA
          calculations (CONFIG_INTERNAL_LIBTOMMATH_FAST=y)
+       * fixed race condition between disassociation event and group key
+         handshake to avoid getting stuck in incorrect state [Bug 261]
 
 2008-02-22 - v0.6.3
        * removed 'nai' and 'eappsk' network configuration variables that were

diff --git a/wpa_supplicant/preauth_test.c b/wpa_supplicant/preauth_test.c
index e21cd57babd8b8da58015f95915b07a783bc3b36..86307a883cf79441400c45dc11be9a67ae81dc70 100644 (file)
--- a/wpa_supplicant/preauth_test.c
+++ b/wpa_supplicant/preauth_test.c
@@ -43,18 +43,6 @@ struct preauth_test_data {
 };
 
 
-static void _wpa_supplicant_req_scan(void *wpa_s, int sec, int usec)
-{
-       wpa_supplicant_req_scan(wpa_s, sec, usec);
-}
-
-
-static void _wpa_supplicant_cancel_scan(void *wpa_s)
-{
-       wpa_supplicant_cancel_scan(wpa_s);
-}
-
-
 static void _wpa_supplicant_disassociate(void *wpa_s, int reason_code)
 {
        wpa_supplicant_disassociate(wpa_s, reason_code);
@@ -253,8 +241,6 @@ static void wpa_init_conf(struct wpa_supplicant *wpa_s, const char *ifname)
        ctx->ctx = wpa_s;
        ctx->set_state = _wpa_supplicant_set_state;
        ctx->get_state = _wpa_supplicant_get_state;
-       ctx->req_scan = _wpa_supplicant_req_scan;
-       ctx->cancel_scan = _wpa_supplicant_cancel_scan;
        ctx->deauthenticate = _wpa_supplicant_deauthenticate;
        ctx->disassociate = _wpa_supplicant_disassociate;
        ctx->set_key = wpa_supplicant_set_key;

diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
index eb422cbcc7fabcafec93563e2d97d344d5cf8781..913de2ceaa9f33b09f8ebfa23e4c20b084fe653f 100644 (file)
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@@ -269,7 +269,6 @@ static void wpa_supplicant_notify_eapol_done(void *ctx)
            wpa_s->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) {
                wpa_supplicant_set_state(wpa_s, WPA_4WAY_HANDSHAKE);
        } else {
-               wpa_supplicant_cancel_scan(wpa_s);
                wpa_supplicant_cancel_auth_timeout(wpa_s);
                wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
        }
@@ -353,18 +352,6 @@ static int _wpa_ether_send(void *wpa_s, const u8 *dest, u16 proto,
 }
 
 
-static void _wpa_supplicant_req_scan(void *wpa_s, int sec, int usec)
-{
-       wpa_supplicant_req_scan(wpa_s, sec, usec);
-}
-
-
-static void _wpa_supplicant_cancel_scan(void *wpa_s)
-{
-       wpa_supplicant_cancel_scan(wpa_s);
-}
-
-
 static void _wpa_supplicant_cancel_auth_timeout(void *wpa_s)
 {
        wpa_supplicant_cancel_auth_timeout(wpa_s);
@@ -397,12 +384,16 @@ static wpa_states _wpa_supplicant_get_state(void *wpa_s)
 static void _wpa_supplicant_disassociate(void *wpa_s, int reason_code)
 {
        wpa_supplicant_disassociate(wpa_s, reason_code);
+       /* Schedule a scan to make sure we continue looking for networks */
+       wpa_supplicant_req_scan(wpa_s, 0, 0);
 }
 
 
 static void _wpa_supplicant_deauthenticate(void *wpa_s, int reason_code)
 {
        wpa_supplicant_deauthenticate(wpa_s, reason_code);
+       /* Schedule a scan to make sure we continue looking for networks */
+       wpa_supplicant_req_scan(wpa_s, 0, 0);
 }
 
 
@@ -574,8 +565,6 @@ int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s)
        ctx->ctx = wpa_s;
        ctx->set_state = _wpa_supplicant_set_state;
        ctx->get_state = _wpa_supplicant_get_state;
-       ctx->req_scan = _wpa_supplicant_req_scan;
-       ctx->cancel_scan = _wpa_supplicant_cancel_scan;
        ctx->deauthenticate = _wpa_supplicant_deauthenticate;
        ctx->disassociate = _wpa_supplicant_disassociate;
        ctx->set_key = wpa_supplicant_set_key;