From 0d2f324d670404152e8d28303463ef9684c9f3f9 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 10 Feb 2015 00:41:27 +0200 Subject: [PATCH] P2P: Fix send_action_in_progress clearing in corner cases It is possible for an Action frame TX operation to be stopped in a way that results in the TX status callback function not being called. This could happen, e.g., when P2P_STOP_FIND was issued while waiting for PD Response TX status. This specific case ended in leaving p2p->send_action_in_progress set to 1 and that ending up stopping a future TX operation when p2p_send_action_cb() gets called with p2p->pending_action_state == P2P_NO_PENDING_ACTION. This could result in reception of a fragmented service discovery response failing due to the GAS sequence getting stopped when receiving TX callback for the first GAS comeback request. That sequence could be hit in mac80211_hwsim tests when p2p_listen_and_offchannel_tx was followed by p2p_service_discovery_fragmentation (even after a long time since this was on dev1 and there could be even 10 minutes between these test cases). Fix this issue by clearing send_action_in_progress whenever stopping pending P2P operation with p2p_stop_find (or P2P_FLUSH for that matter). Signed-off-by: Jouni Malinen --- src/p2p/p2p.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c index f050c4bae..d62874ec4 100644 --- a/src/p2p/p2p.c +++ b/src/p2p/p2p.c @@ -1279,6 +1279,7 @@ void p2p_stop_find_for_freq(struct p2p_data *p2p, int freq) p2p->sd_peer = NULL; p2p->invite_peer = NULL; p2p_stop_listen_for_freq(p2p, freq); + p2p->send_action_in_progress = 0; }