wpa_supplicant crashes if driver configuration for AP mode interface
configuration fails after group negotiation. This is because of a
regression from commit
1075b2957169d8f9d6dddd7679339c751dc9515b that
ends up freeing the wpa_s instance from within
wpa_supplicant_create_ap() without the caller knowing.
Fix this by using an eloop timeout to free remove the P2P group so that
wpa_supplicant_create_ap() and especially wpa_supplicant_associate()
callers do not need to know about interface getting possibly removed. In
addition, move the P2P specific code into p2p_supplicant.c where it
really belongs. This allows the already existing group formation timeout
to be used by reducing the timeout to zero.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
if (wpa_drv_associate(wpa_s, ¶ms) < 0) {
wpa_msg(wpa_s, MSG_INFO, "Failed to start AP functionality");
-#ifdef CONFIG_P2P
- if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION &&
- wpa_s->global->p2p_group_formation == wpa_s)
- wpas_p2p_group_formation_failed(wpa_s->parent);
-#endif /* CONFIG_P2P */
return -1;
}
}
+void wpas_p2p_ap_setup_failed(struct wpa_supplicant *wpa_s)
+{
+ if (wpa_s->global->p2p_group_formation != wpa_s)
+ return;
+ /* Speed up group formation timeout since this cannot succeed */
+ eloop_cancel_timeout(wpas_p2p_group_formation_timeout,
+ wpa_s->parent, NULL);
+ eloop_register_timeout(0, 0, wpas_p2p_group_formation_timeout,
+ wpa_s->parent, NULL);
+}
+
+
void wpas_go_neg_completed(void *ctx, struct p2p_go_neg_results *res)
{
struct wpa_supplicant *wpa_s = ctx;
#ifdef CONFIG_P2P
void wpas_p2p_continue_after_scan(struct wpa_supplicant *wpa_s);
int wpas_p2p_4way_hs_failed(struct wpa_supplicant *wpa_s);
+void wpas_p2p_ap_setup_failed(struct wpa_supplicant *wpa_s);
#else /* CONFIG_P2P */
static inline void wpas_p2p_continue_after_scan(struct wpa_supplicant *wpa_s)
{
{
return 0;
}
+
+static inline void wpas_p2p_ap_setup_failed(struct wpa_supplicant *wpa_s)
+{
+}
#endif /* CONFIG_P2P */
#endif /* P2P_SUPPLICANT_H */
}
if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
+ if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
+ wpas_p2p_ap_setup_failed(wpa_s);
return;
}
wpa_s->current_bss = bss;