3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-23 14:12:47 +01:00
iwd/src
Denis Kenzior a0911ca778 station: Make sure roam_scan_id is always canceled
Under very rare circumstances the roaming scan triggered might not be
canceled properly.  This is because we issue the roam scan recursively
from within a scan callback and re-use the id of the scan for the
subsequent request.  The destroy callback is invoked right after the
callback and resets the id.  This leads to the scan not being canceled
properly in roam_state_clear().

src/netdev.c:netdev_mlme_notify() MLME notification Notify CQM(64)
src/station.c:station_roam_trigger_cb() 37
src/station.c:station_roam_scan() ifindex: 37
src/station.c:station_roam_trigger_cb() Using cached neighbor report for roam
...
src/scan.c:get_scan_done() get_scan_done
src/station.c:station_roam_failed() 37
src/station.c:station_roam_scan() ifindex: 37
src/scan.c:scan_request_triggered() Active scan triggered for wdev 22
^CTerminate
src/netdev.c:netdev_free() Freeing netdev wlan0[37]
src/device.c:device_free()
src/station.c:station_free()
...
Removing scan context for wdev 22
src/scan.c:scan_context_free() sc: 0x4a362a0
src/wiphy.c:wiphy_radio_work_done() Work item 14 done
==19542== Invalid write of size 4
==19542==    at 0x411500: station_roam_scan_destroy (station.c:2010)
==19542==    by 0x420B5B: scan_request_free (scan.c:156)
==19542==    by 0x410BAC: destroy_work (wiphy.c:294)
==19542==    by 0x410BAC: wiphy_radio_work_done (wiphy.c:1613)
==19542==    by 0x46C66E: l_queue_clear (queue.c:107)
==19542==    by 0x46C6B8: l_queue_destroy (queue.c:82)
==19542==    by 0x420BAE: scan_context_free (scan.c:205)
==19542==    by 0x424135: scan_wdev_remove (scan.c:2272)
==19542==    by 0x408754: netdev_free (netdev.c:847)
==19542==    by 0x40E18C: netdev_shutdown (netdev.c:5773)
==19542==    by 0x404756: iwd_shutdown (main.c:78)
==19542==    by 0x404756: iwd_shutdown (main.c:65)
==19542==    by 0x470E21: handle_callback (signal.c:78)
==19542==    by 0x470E21: signalfd_read_cb (signal.c:104)
==19542==    by 0x47166B: io_callback (io.c:120)
==19542==  Address 0x4d81f98 is 200 bytes inside a block of size 288 free'd
==19542==    at 0x48399CB: free (vg_replace_malloc.c:538)
==19542==    by 0x47F3E5: interface_instance_free (dbus-service.c:510)
==19542==    by 0x481DEA: _dbus_object_tree_remove_interface (dbus-service.c:1694)
==19542==    by 0x481F1C: _dbus_object_tree_object_destroy (dbus-service.c:795)
==19542==    by 0x40894F: netdev_free (netdev.c:844)
==19542==    by 0x40E18C: netdev_shutdown (netdev.c:5773)
==19542==    by 0x404756: iwd_shutdown (main.c:78)
==19542==    by 0x404756: iwd_shutdown (main.c:65)
==19542==    by 0x470E21: handle_callback (signal.c:78)
==19542==    by 0x470E21: signalfd_read_cb (signal.c:104)
==19542==    by 0x47166B: io_callback (io.c:120)
==19542==    by 0x47088C: l_main_iterate (main.c:478)
==19542==    by 0x47095B: l_main_run (main.c:525)
==19542==    by 0x47095B: l_main_run (main.c:507)
==19542==    by 0x470B6B: l_main_run_with_signal (main.c:647)
==19542==  Block was alloc'd at
==19542==    at 0x483879F: malloc (vg_replace_malloc.c:307)
==19542==    by 0x46AB2D: l_malloc (util.c:62)
==19542==    by 0x416599: station_create (station.c:3448)
==19542==    by 0x406D55: netdev_newlink_notify (netdev.c:5324)
==19542==    by 0x46D4BC: l_hashmap_foreach (hashmap.c:612)
==19542==    by 0x472F46: process_broadcast (netlink.c:158)
==19542==    by 0x472F46: can_read_data (netlink.c:279)
==19542==    by 0x47166B: io_callback (io.c:120)
==19542==    by 0x47088C: l_main_iterate (main.c:478)
==19542==    by 0x47095B: l_main_run (main.c:525)
==19542==    by 0x47095B: l_main_run (main.c:507)
==19542==    by 0x470B6B: l_main_run_with_signal (main.c:647)
==19542==    by 0x403EDB: main (main.c:490)
==19542==
2021-04-28 13:15:45 -05:00
..
80-iwd.link build: Move 50-iwd.link up to 80-iwd.link for less confusion 2019-10-25 01:08:56 +02:00
adhoc.c adhoc: fix missing call to va_end 2021-02-08 15:16:39 -06:00
agent.c agent: call back even if agent disconnects 2021-04-09 11:36:08 -05:00
agent.h treewide: Move the Intel copyright forward to 2019 2019-10-25 00:43:08 +02:00
anqp.c anqp: refactor to use frame-xchg 2020-07-09 09:58:21 -05:00
anqp.h anqp: refactor to use frame-xchg 2020-07-09 09:58:21 -05:00
anqputil.c iwd: Use test_bit from ell 2021-03-12 13:49:23 -06:00
anqputil.h anqp: move ANQP parsers into anqputil 2019-07-15 14:53:44 -05:00
ap.c ap: set link/operstate on AP start/stop 2021-04-28 11:29:51 -05:00
ap.h ap: Drop struct ap_config in favor of l_settings 2021-04-28 11:25:46 -05:00
auth-proto.h auth-proto: introduce auth-proto concept 2019-05-03 13:53:50 -05:00
backtrace.c backtrace: Avoid null-dereferencing strchr result 2021-02-09 10:30:48 -06:00
backtrace.h treewide: Move the Intel copyright forward to 2019 2019-10-25 00:43:08 +02:00
blacklist.c module: Move declarations into separate header file 2019-11-07 23:40:13 +01:00
blacklist.h blacklist: Convert to use IWD_MODULE 2019-05-22 09:58:04 -05:00
common.c common: Remove duplicate AKM 2020-08-13 13:43:31 -05:00
common.h treewide: Move the Intel copyright forward to 2019 2019-10-25 00:43:08 +02:00
crypto.c crypto: Check for l_cipher_decrypt error 2021-02-10 11:56:24 -06:00
crypto.h crypto: Add support for PRF+ SHA1 2019-12-09 01:47:11 -06:00
dbus.c netdev: Move iftype_to_string utility 2021-04-20 09:37:48 -05:00
dbus.h netdev: Move iftype_to_string utility 2021-04-20 09:37:48 -05:00
device.c station: Move AP directed roam watch to station 2021-04-23 09:51:46 -05:00
diagnostic.c diagnostic: Fix crash with Open networks 2021-04-28 11:19:38 -05:00
diagnostic.h diagnostic: add diagnostic_akm_suite_to_security 2021-03-29 13:17:36 -05:00
eap-aka.c eap: Simplify sending EAP method responses 2020-08-13 10:36:43 -05:00
eap-gtc.c eap: Simplify sending EAP method responses 2020-08-13 10:36:43 -05:00
eap-md5.c eap: Simplify sending EAP method responses 2020-08-13 10:36:43 -05:00
eap-mschapv2.c treewide: Use l_settings_{set,get}_bytes 2020-09-16 16:46:02 -05:00
eap-mschapv2.h cleanup: Remove extra empty lines 2020-03-17 15:35:22 -05:00
eap-peap.c peap: Fail auth. if invalid compound MAC is received 2020-02-06 15:18:04 -06:00
eap-private.h eap: Add authenticator method logic and API 2020-08-17 09:28:49 -05:00
eap-pwd.c iwd: Use test_bit from ell 2021-03-12 13:49:23 -06:00
eap-sim.c eap: Simplify sending EAP method responses 2020-08-13 10:36:43 -05:00
eap-tls-common.c eap-tls: Make use of l_cert_load_container_file 2021-01-25 14:01:58 -06:00
eap-tls-common.h eap-tls: Make use of l_cert_load_container_file 2021-01-25 14:01:58 -06:00
eap-tls.c eap-tls: Fix potential memory leak 2021-02-08 15:56:30 -06:00
eap-ttls.c treewide: Move the Intel copyright forward to 2019 2019-10-25 00:43:08 +02:00
eap-wsc.c wscutil: Move DeviceType parsing from p2p & eap-wsc to a function 2021-04-26 10:48:03 -05:00
eap-wsc.h eap-wsc: Registrar mode message processing 2020-08-17 09:40:25 -05:00
eap.c eap: Print a hint if Identity is likely wrong 2021-04-28 11:27:14 -05:00
eap.h eap: Add authenticator method logic and API 2020-08-17 09:28:49 -05:00
eapol.c eapol: add PMK installer support 2021-04-09 11:32:21 -05:00
eapol.h eapol: add PMK installer support 2021-04-09 11:32:21 -05:00
eapolutil.c eapol: Don't ignore EAPoL protocol version 2010 2021-03-22 17:47:53 -05:00
eapolutil.h treewide: Move the Intel copyright forward to 2019 2019-10-25 00:43:08 +02:00
erp.c iwd: Use test_bit from ell 2021-03-12 13:49:23 -06:00
erp.h erp: Convert to using IWD_MODULE 2019-05-19 13:07:13 -05:00
fils.c fils: Use bit_field from ell 2021-03-11 22:34:26 -06:00
fils.h fils: netdev: update to use auth_proto concepts 2019-05-03 14:37:11 -05:00
frame-xchg.c frame-xchg: iftype changes to be managed by netdev 2021-04-23 09:51:46 -05:00
frame-xchg.h frame-xchg: Re-add frame_xchg_stop 2020-07-31 10:38:59 -05:00
ft.c ft: separate ft_sm from ft_process_ies 2021-04-16 11:13:46 -05:00
ft.h treewide: Move the Intel copyright forward to 2019 2019-10-25 00:43:08 +02:00
genbuiltin make: plugin system for build 2017-11-28 13:20:33 -06:00
handshake.c eapol,ap: Remove assumption of single cipher in authenticator IE 2021-02-01 10:06:21 -06:00
handshake.h station: Do not set or use the offload bit 2021-03-31 11:27:10 -05:00
hotspot.c treewide: replace util_mem_is_zero with l_memeqzero 2021-03-09 15:40:35 -06:00
ie.c iwd: Use test_bit from ell 2021-03-12 13:49:23 -06:00
ie.h ie: Fix IE_AKM_IS_FILS macro 2021-04-20 09:37:48 -05:00
iwd-dbus.conf tools: Add configure option and D-Bus policy file for hwsim utility 2018-09-14 15:24:15 +02:00
iwd.ap.rst doc: Update iwd.ap(5) man page 2021-04-28 11:25:46 -05:00
iwd.config.rst doc: describe InitialPeriodicScanInterval setting 2021-02-12 09:57:10 -06:00
iwd.debug.rst man iwd.debug: Document IWD_GENL_DEBUG 2020-07-13 14:14:41 -05:00
iwd.h iwd: remove uninitialized_var 2021-03-10 12:05:43 -06:00
iwd.network.rst doc: Specify the DNS format as string lists 2021-01-25 14:01:58 -06:00
iwd.rst doc: Add manual page for debugging information 2019-11-05 22:14:09 +01:00
iwd.service.in build: add After=network-pre.target to service files 2021-01-22 14:17:16 -06:00
knownnetworks.c treewide: Use ell's useful.h header 2021-03-11 21:46:09 -06:00
knownnetworks.h knownneetworks: React to mtime updates 2020-01-27 14:28:08 -06:00
main.c plugins: remove dependency on ELL plugins 2020-09-16 14:30:14 -05:00
manager.c manager: If driver is not provided, then use default interfaces 2021-02-18 21:43:56 +01:00
missing.h build: Support missing rawmemchr 2020-02-03 11:54:28 -06:00
module.c module: Declare functions as foo(void) instead of just foo() 2019-11-24 19:44:06 +01:00
module.h module: add void to empty argument functions 2020-04-08 21:03:13 -05:00
mpdu.c treewide: Move the Intel copyright forward to 2019 2019-10-25 00:43:08 +02:00
mpdu.h treewide: Move the Intel copyright forward to 2019 2019-10-25 00:43:08 +02:00
mschaputil.c treewide: Move the Intel copyright forward to 2019 2019-10-25 00:43:08 +02:00
mschaputil.h treewide: Move the Intel copyright forward to 2019 2019-10-25 00:43:08 +02:00
net.connman.iwd.service net.connman.iwd.service: Change SystemdService name to iwd.service 2018-08-09 10:45:16 -05:00
netconfig.c netconfig: Cancel outstanding rtnl commands 2021-04-28 11:19:34 -05:00
netconfig.h netconfig: Implement netconfig_get_dhcp_server_ipv4 2020-07-13 14:52:02 -05:00
netdev.c netdev: only call connect_ok in station/p2p_client mode 2021-04-28 11:29:43 -05:00
netdev.h p2p,netdev: Fix event name typo in comments 2021-04-26 10:47:59 -05:00
network.c wiphy: add fils_hint to wiphy_can_connect 2021-04-27 14:48:23 -05:00
network.h network: copy station_has_erp_identity 2021-04-27 14:47:16 -05:00
nl80211cmd.c nl80211cmd: Add additional commands 2019-08-15 15:06:59 -05:00
nl80211cmd.h nl80211cmd: Introduce new utility 2019-07-15 14:06:26 -05:00
nl80211util.c nl80211util: add WIPHY_FREQ to parse_attrs support 2021-03-10 15:08:19 -06:00
nl80211util.h treewide: Move the Intel copyright forward to 2019 2019-10-25 00:43:08 +02:00
ofono.c ofono: convert to module 2020-09-16 14:31:07 -05:00
owe.c treewide: Move the Intel copyright forward to 2019 2019-10-25 00:43:08 +02:00
owe.h treewide: Move the Intel copyright forward to 2019 2019-10-25 00:43:08 +02:00
p2p.c ap: Drop struct ap_config in favor of l_settings 2021-04-28 11:25:46 -05:00
p2p.h Add minimal p2p.c and p2p.h 2020-04-10 06:31:19 -05:00
p2putil.c p2putil: Add p2p_get_random_string 2020-09-14 11:39:25 -05:00
p2putil.h p2putil: Add p2p_get_random_string 2020-09-14 11:39:25 -05:00
pkcs8.conf build: Provide modules-load.d for loading pkcs8_key_parser module 2019-01-23 18:22:11 +01:00
resolve.c resolve: configure systemd-resolved's MulticastDNS= setting 2021-02-11 15:06:01 -06:00
resolve.h resolve: configure systemd-resolved's MulticastDNS= setting 2021-02-11 15:06:01 -06:00
rfkill.c module: Move declarations into separate header file 2019-11-07 23:40:13 +01:00
rfkill.h treewide: Move the Intel copyright forward to 2019 2019-10-25 00:43:08 +02:00
rrm.c rrm: React to IFTYPE_CHANGE events 2021-04-23 09:51:46 -05:00
sae.c sae: remove authenticate timeout handler 2021-04-05 17:47:42 -05:00
sae.h cleanup: Remove extra empty lines 2020-03-17 15:35:22 -05:00
scan.c scan: add scan_get_firmware_scan 2021-03-15 13:14:16 -05:00
scan.h scan: add scan_get_firmware_scan 2021-03-15 13:14:16 -05:00
simauth.c simauth: check driver for NULL before canceling request 2020-11-16 17:04:30 -06:00
simauth.h treewide: Move the Intel copyright forward to 2019 2019-10-25 00:43:08 +02:00
simutil.c eap: Simplify sending EAP method responses 2020-08-13 10:36:43 -05:00
simutil.h treewide: Move the Intel copyright forward to 2019 2019-10-25 00:43:08 +02:00
station.c station: Make sure roam_scan_id is always canceled 2021-04-28 13:15:45 -05:00
station.h station: Move AP directed roam watch to station 2021-04-23 09:51:46 -05:00
storage.c storage: Refactor dirs creation logic to cleanup on failure 2020-04-08 16:18:04 -05:00
storage.h storage: Add ability to preserve times 2020-01-22 11:15:19 -06:00
util.c iwd: Use test_bit from ell 2021-03-12 13:49:23 -06:00
util.h iwd: Use test_bit from ell 2021-03-12 13:49:23 -06:00
watchlist.c watchlist: Remove '__' prefix from static functions 2021-03-09 15:28:36 -06:00
watchlist.h watchlist: Save the watchlist pointer in WATCHLIST_NOTIFY_* 2020-05-01 11:38:57 -05:00
wiphy.c wiphy: add fils_hint to wiphy_can_connect 2021-04-27 14:48:23 -05:00
wiphy.h wiphy: add fils_hint to wiphy_can_connect 2021-04-27 14:48:23 -05:00
wsc.c treewide: replace util_mem_is_zero with l_memeqzero 2021-03-09 15:40:35 -06:00
wsc.h wsc: Rework wsc_enrollee_destroy 2020-01-17 12:50:23 -06:00
wscutil.c wscutil: Move DeviceType parsing from p2p & eap-wsc to a function 2021-04-26 10:48:03 -05:00
wscutil.h wscutil: Move DeviceType parsing from p2p & eap-wsc to a function 2021-04-26 10:48:03 -05:00