wpa_supplicant patch

[PATCH] bgscan_learn: Prevent infinte busy looping

In highly congested network (BSSes almost on every channel
within ESS) we have hit a bug when wpa_supplicant become
completly irresponsive, infinite looping on while loop.

When probe_idx was equal 0 and we are not able to probe
new frequency, following condition were never fulfill:
"if (!in_array(freqs, data->supp_freqs[idx]))"

Signed-hostap: Pawel Kulakowski <pawel.kulakowski <at> tieto.com>
---
 wpa_supplicant/bgscan_learn.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/wpa_supplicant/bgscan_learn.c b/wpa_supplicant/bgscan_learn.c
index adf82d8..07d31e4 100644
--- a/wpa_supplicant/bgscan_learn.c
+++ b/wpa_supplicant/bgscan_learn.c
@@ -242,8 +242,11 @@ static int * bgscan_learn_get_probe_freq(struct bgscan_learn_data *data,

 	idx = data->probe_idx + 1;
 	while (idx != data->probe_idx) {
-		if (data->supp_freqs[idx] == 0)
+		if (data->supp_freqs[idx] == 0) {
+			if (data->probe_idx == 0)
+				break;
 			idx = 0;
+		}
 		if (!in_array(freqs, data->supp_freqs[idx])) {
 			wpa_printf(MSG_DEBUG, "bgscan learn: Probe new freq "
 				   "%u", data->supp_freqs[idx]);

==================================================================================================================================

[PATCH] P2P: Fix duplicate handling of rx action frames

When using a separate group iface both p2p device iface
and the group iface are registered for action frames.
This causes duplicate handling of rx action frames.
One side effect of this is getting multiple responses for
requests sent over action frames while GO/CLI are up
like prov disc and dev disc.
Fix this by discarding the duplicate p2p action frames received
on the group iface. The code will handle all of these correctly
when coming on the p2p dev iface as it looks at the DA when
where relevant.

Signed-hostap: Eyal Shapira <eyal <at> wizery.com>
---
 wpa_supplicant/p2p_supplicant.c |    6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
index cf90fbd..8c54cb0 100644
--- a/wpa_supplicant/p2p_supplicant.c
+++ b/wpa_supplicant/p2p_supplicant.c
@@ -4497,6 +4497,12 @@ void wpas_p2p_rx_action(struct wpa_supplicant *wpa_s, const u8 *da,
 	if (wpa_s->global->p2p == NULL)
 		return;

+	if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE) {
+		wpa_printf(MSG_DEBUG, "Discard RX action event on P2P "
+			   "GO/CLI iface. P2P Device interface will handle it");
+		return;
+	}
+

===================================================================================================================================

[PATCH 1/3] wpa_supplicant: abort scan after removing all networks

From: David Spinadel <david.spinadel <at> intel.com>

Change-Id: I737848dabed49d961985845f2e86f717c2926f0c
Reviewed-on: http://git-mwg.jer.intel.com/gerrit/3585
Reviewed-by: Jenkins
Tested-by: Jenkins
Reviewed-by: Max Stepanov <Max.Stepanov <at> intel.com>
Tested-by: Max Stepanov <Max.Stepanov <at> intel.com>
Signed-off-by: David Spinadel <david.spinadel <at> intel.com>
---
 wpa_supplicant/ctrl_iface.c             |    7 +++++++
 wpa_supplicant/dbus/dbus_new_handlers.c |    8 ++++++++
 wpa_supplicant/dbus/dbus_old_handlers.c |    5 +++++
 wpa_supplicant/wps_supplicant.c         |    5 +++++
 4 files changed, 25 insertions(+), 0 deletions(-)

diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index 0351241..d1a5cf6 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -2224,6 +2224,8 @@ static int wpa_supplicant_ctrl_iface_remove_network(
 	/* cmd: "<network id>" or "all" */
 	if (os_strcmp(cmd, "all") == 0) {
 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: REMOVE_NETWORK all");
+		wpa_supplicant_cancel_sched_scan(wpa_s);
+		wpa_supplicant_cancel_scan(wpa_s);
 		ssid = wpa_s->conf->ssid;
 		while (ssid) {
 			struct wpa_ssid *remove_ssid = ssid;
@@ -2281,6 +2283,11 @@ static int wpa_supplicant_ctrl_iface_remove_network(
 		return -1;
 	}

+	if (!wpa_s->conf->ssid) {
+		wpa_supplicant_cancel_sched_scan(wpa_s);
+		wpa_supplicant_cancel_scan(wpa_s);
+	}
+
 	return 0;
 }

diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
index 00378be..b0f0d0e 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers.c
@@ -1525,6 +1525,11 @@ DBusMessage * wpas_dbus_handler_remove_network(DBusMessage *message,
 		wpa_supplicant_deauthenticate(wpa_s,
 					      WLAN_REASON_DEAUTH_LEAVING);

+	if (!wpa_s->conf->ssid) {
+		wpa_supplicant_cancel_sched_scan(wpa_s);
+		wpa_supplicant_cancel_scan(wpa_s);
+	}
+
 out:
 	os_free(iface);
 	os_free(net_id);
@@ -1562,6 +1567,9 @@ static void remove_network(void *arg, struct wpa_ssid *ssid)
 DBusMessage * wpas_dbus_handler_remove_all_networks(
 	DBusMessage *message, struct wpa_supplicant *wpa_s)
 {
+	wpa_supplicant_cancel_sched_scan(wpa_s);
+	wpa_supplicant_cancel_scan(wpa_s);
+
 	/* NB: could check for failure and return an error */
 	wpa_config_foreach_network(wpa_s->conf, remove_network, wpa_s);
 	return NULL;
diff --git a/wpa_supplicant/dbus/dbus_old_handlers.c b/wpa_supplicant/dbus/dbus_old_handlers.c
index e217a72..ff60f6e 100644
--- a/wpa_supplicant/dbus/dbus_old_handlers.c
+++ b/wpa_supplicant/dbus/dbus_old_handlers.c
@@ -870,6 +870,11 @@ DBusMessage * wpas_dbus_iface_remove_network(DBusMessage *message,
 					      WLAN_REASON_DEAUTH_LEAVING);
 	reply = wpas_dbus_new_success_reply(message);

+	if (!wpa_s->conf->ssid) {
+		wpa_supplicant_cancel_sched_scan(wpa_s);
+		wpa_supplicant_cancel_scan(wpa_s);
+	}
+
 out:
 	os_free(iface);
 	os_free(net_id);
diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c
index 41aa5db..87ea320 100644
--- a/wpa_supplicant/wps_supplicant.c
+++ b/wpa_supplicant/wps_supplicant.c
@@ -759,6 +759,11 @@ static void wpas_clear_wps(struct wpa_supplicant *wpa_s)
 	}

 	wpas_wps_clear_ap_info(wpa_s);
+
+	if (!wpa_s->conf->ssid) {
+		wpa_supplicant_cancel_sched_scan(wpa_s);
+		wpa_supplicant_cancel_scan(wpa_s);
+	}
 }