From de88430311d6abbbcd32f792c42a9c73c1386667 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 27 May 2014 18:16:58 +0300 Subject: [PATCH] nl80211: Fix del_ifidx() with mixed parent interface cases It is possible for a virtual interface to be added and removed by different parent interfaces. This can happen, e.g., with P2P group interfaces if the P2P parent interface does not happen to be the first entry in the wpa_supplicant global interface list. That first entry is used to remove the group interface while the addition would have happened with the dedicated P2P management interface. This can result in the interface that added a new virtual interface getting stuck with an obsolete ifindex value in the drv->if_indeces list and as such, deliver some extra events to incorrect destination wpa_s instance. In particular, this can result in INTERFACE_DISABLED event from deletion of a P2P group interface getting delivered incorrectly to the parent wpa_s instance which would disable that interface even though the interface remains in enabled state. Fix this by clearing the removed interface from all if_indeces lists instead of just the one that was used to delete the interface. This is the simplest approach since the ifindex is unique and there is no need to track which interface added the new virtual interface to always hit the same one when removing the interface. Signed-off-by: Jouni Malinen --- src/drivers/driver_nl80211.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index 709e13a..fe8e908 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -7693,11 +7693,14 @@ static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv, int ifidx) { struct nl_msg *msg; + struct wpa_driver_nl80211_data *drv2; wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx); /* stop listening for EAPOL on this interface */ - del_ifidx(drv, ifidx); + dl_list_for_each(drv2, &drv->global->interfaces, + struct wpa_driver_nl80211_data, list) + del_ifidx(drv2, ifidx); msg = nlmsg_alloc(); if (!msg) @@ -10179,8 +10182,12 @@ static int wpa_driver_nl80211_if_remove(struct i802_bss *bss, __func__, type, ifname, ifindex, bss->added_if); if (ifindex > 0 && (bss->added_if || bss->ifindex != ifindex)) nl80211_remove_iface(drv, ifindex); - else if (ifindex > 0 && !bss->added_if) - del_ifidx(drv, ifindex); + else if (ifindex > 0 && !bss->added_if) { + struct wpa_driver_nl80211_data *drv2; + dl_list_for_each(drv2, &drv->global->interfaces, + struct wpa_driver_nl80211_data, list) + del_ifidx(drv2, ifindex); + } if (type != WPA_IF_AP_BSS) return 0; -- 2.1.4