wlan: fix for IBSS open security crash due to IBSS join timer
The issue is caused due to IBSS join timer which was added
to track the connection/join time in IBSS mode. This timer
is not required any more.
Change-Id: I3434c34bade5f737dce18730eb10942db4811918
CRs-Fixed: 554271e
diff --git a/CORE/SME/inc/csrInternal.h b/CORE/SME/inc/csrInternal.h
index 274ef34..69a1ad4 100644
--- a/CORE/SME/inc/csrInternal.h
+++ b/CORE/SME/inc/csrInternal.h
@@ -905,9 +905,6 @@
eCsrRoamingReason roamingReason;
tANI_BOOLEAN fCancelRoaming;
vos_timer_t hTimerRoaming;
- vos_timer_t hTimerIbssJoining;
- tCsrTimerInfo ibssJoinTimerInfo;
- tANI_BOOLEAN ibss_join_pending;
eCsrRoamResult roamResult; //the roamResult that is used when the roaming timer fires
tCsrRoamJoinStatus joinFailStatusCode; //This is the reason code for join(assoc) failure
//The status code returned from PE for deauth or disassoc (in case of lostlink), or our own dynamic roaming
diff --git a/CORE/SME/src/csr/csrApiRoam.c b/CORE/SME/src/csr/csrApiRoam.c
index 2f36029..ab38548 100644
--- a/CORE/SME/src/csr/csrApiRoam.c
+++ b/CORE/SME/src/csr/csrApiRoam.c
@@ -88,7 +88,6 @@
#define CSR_NUM_IBSS_START_CHANNELS_24 3
#define CSR_DEF_IBSS_START_CHANNEL_50 36
#define CSR_DEF_IBSS_START_CHANNEL_24 1
-#define CSR_IBSS_JOIN_TIMEOUT_PERIOD ( 1 * PAL_TIMER_TO_SEC_UNIT ) // 1 second
#define CSR_WAIT_FOR_KEY_TIMEOUT_PERIOD ( 5 * PAL_TIMER_TO_SEC_UNIT ) // 5 seconds, for WPA, WPA2, CCKM
#define CSR_WAIT_FOR_WPS_KEY_TIMEOUT_PERIOD ( 120 * PAL_TIMER_TO_SEC_UNIT ) // 120 seconds, for WPS
/*---------------------------------------------------------------------------
@@ -215,13 +214,9 @@
static eHalStatus csrRoamStartRoamingTimer(tpAniSirGlobal pMac, tANI_U32 sessionId, tANI_U32 interval);
static eHalStatus csrRoamStopRoamingTimer(tpAniSirGlobal pMac, tANI_U32 sessionId);
static void csrRoamRoamingTimerHandler(void *pv);
-eHalStatus csrRoamStartIbssJoinTimer(tpAniSirGlobal pMac, tANI_U32 sessionId, tANI_U32 interval);
-eHalStatus csrRoamStopIbssJoinTimer(tpAniSirGlobal pMac, tANI_U32 sessionId);
-static void csrRoamIbssJoinTimerHandler(void *pv);
eHalStatus csrRoamStartWaitForKeyTimer(tpAniSirGlobal pMac, tANI_U32 interval);
eHalStatus csrRoamStopWaitForKeyTimer(tpAniSirGlobal pMac);
static void csrRoamWaitForKeyTimeOutHandler(void *pv);
-
static eHalStatus CsrInit11dInfo(tpAniSirGlobal pMac, tCsr11dinfo *ps11dinfo);
static eHalStatus csrInitChannelPowerList( tpAniSirGlobal pMac, tCsr11dinfo *ps11dinfo);
static eHalStatus csrRoamFreeConnectedInfo( tpAniSirGlobal pMac, tCsrRoamConnectedInfo *pConnectedInfo );
@@ -5417,19 +5412,8 @@
}
csrScanCancelIdleScan(pMac);
- //Only use this timer for ibss. BAP has its own timer for WDS
- if( CSR_IS_IBSS( pProfile) && CSR_INVALID_SCANRESULT_HANDLE != pCommand->u.roamCmd.hBSSList)
- {
- //start the join IBSS timer
- csrRoamStartIbssJoinTimer(pMac, sessionId, CSR_IBSS_JOIN_TIMEOUT_PERIOD); //interval
- pSession->ibss_join_pending = TRUE;
- }
- if( HAL_STATUS_SUCCESS( status ) )
- {
- //Already sent join_req for the WDS station
- fReleaseCommand = eANI_BOOLEAN_FALSE;
- }
- else if( CSR_IS_WDS_STA( pProfile ) )
+
+ if( CSR_IS_WDS_STA( pProfile ) )
{
//need to send stop BSS because we fail to send join_req
csrRoamIssueDisassociateCmd( pMac, sessionId, eCSR_DISCONNECT_REASON_UNSPECIFIED );
@@ -6750,8 +6734,6 @@
}
csrRoamCancelRoaming(pMac, sessionId);
- pSession->ibss_join_pending = FALSE;
- csrRoamStopIbssJoinTimer(pMac, sessionId);
csrRoamRemoveDuplicateCommand(pMac, sessionId, NULL, eCsrForcedDisassoc);
return (csrRoamDisconnectInternal(pMac, sessionId, reason));
@@ -9178,14 +9160,6 @@
{
palCopyMemory(pMac->hHdd, pSession->pConnectBssDesc->bssId, &pNewBss->bssId, sizeof(tCsrBssid));
}
- // Stop the join IBSS timer in case of join, for
- // genuine merge do nothing
- if(pSession->ibss_join_pending)
- {
- pSession->ibss_join_pending = FALSE;
- csrRoamStopIbssJoinTimer(pMac, sessionId);
- result = eCSR_ROAM_RESULT_IBSS_JOIN_SUCCESS;
- }
}
smsLog(pMac, LOGW, "CSR: eSIR_SME_JOINED_NEW_BSS received from PE");
break;
@@ -9888,47 +9862,6 @@
return (vos_timer_stop(&pMac->roam.hTimerWaitForKey));
}
-void csrRoamIbssJoinTimerHandler(void *pv)
-{
- tCsrTimerInfo *pInfo = (tCsrTimerInfo *)pv;
- tpAniSirGlobal pMac = pInfo->pMac;
- eCsrRoamDisconnectReason reason = eCSR_DISCONNECT_REASON_IBSS_JOIN_FAILURE;
- tANI_U32 sessionId = pInfo->sessionId;
- tCsrRoamSession *pSession = CSR_GET_SESSION( pMac, sessionId );
-
- if(!pSession)
- {
- smsLog(pMac, LOGE, FL(" session %d not found "), sessionId);
- return;
- }
-
- pSession->ibss_join_pending = FALSE;
- // JEZ100225: As of main/latest "tip", we are no longer doing this. Check on this.
- //csrRoamCallCallback(pMac, sessionId, NULL, 0, eCSR_ROAM_IBS_IND, eCSR_ROAM_RESULT_IBSS_JOIN_FAILED);
- // Send an IBSS stop request to PE
- csrRoamDisconnectInternal(pMac, sessionId, reason);
-}
-eHalStatus csrRoamStartIbssJoinTimer(tpAniSirGlobal pMac, tANI_U32 sessionId, tANI_U32 interval)
-{
- eHalStatus status;
- tCsrRoamSession *pSession = CSR_GET_SESSION( pMac, sessionId );
-
- if(!pSession)
- {
- smsLog(pMac, LOGE, FL(" session %d not found "), sessionId);
- return eHAL_STATUS_FAILURE;
- }
-
- smsLog(pMac, LOG1, " csrRoamStartIbssJoinTimer");
- pSession->ibssJoinTimerInfo.sessionId = (tANI_U8)sessionId;
- status = vos_timer_start(&pSession->hTimerIbssJoining, interval/PAL_TIMER_TO_MS_UNIT);
-
- return (status);
-}
-eHalStatus csrRoamStopIbssJoinTimer(tpAniSirGlobal pMac, tANI_U32 sessionId)
-{
- return (vos_timer_stop(&pMac->roam.roamSession[sessionId].hTimerIbssJoining));
-}
void csrRoamCompletion(tpAniSirGlobal pMac, tANI_U32 sessionId, tCsrRoamInfo *pRoamInfo, tSmeCmd *pCommand,
eCsrRoamResult roamResult, tANI_BOOLEAN fSuccess)
{
@@ -10454,8 +10387,6 @@
}
}
#endif //FEATURE_WLAN_DIAG_SUPPORT_CSR
- pSession->ibss_join_pending = FALSE;
- csrRoamStopIbssJoinTimer(pMac, sessionId );
// Set the roaming substate to 'stop Bss request'...
csrRoamSubstateChange( pMac, NewSubstate, sessionId );
@@ -13412,16 +13343,6 @@
break;
}
#endif
- pSession->ibssJoinTimerInfo.pMac = pMac;
- pSession->ibssJoinTimerInfo.sessionId = CSR_SESSION_ID_INVALID;
- status = vos_timer_init(&pSession->hTimerIbssJoining, VOS_TIMER_TYPE_SW,
- csrRoamIbssJoinTimerHandler,
- &pSession->ibssJoinTimerInfo);
- if (!HAL_STATUS_SUCCESS(status))
- {
- smsLog(pMac, LOGE, FL("cannot allocate memory for IbssJoining timer"));
- break;
- }
status = csrIssueAddStaForSessionReq (pMac, i, pSelfMacAddr);
break;
}
@@ -13608,7 +13529,6 @@
#ifdef FEATURE_WLAN_BTAMP_UT_RF
vos_timer_destroy(&pSession->hTimerJoinRetry);
#endif
- vos_timer_destroy(&pSession->hTimerIbssJoining);
purgeSmeSessionCmdList(pMac, sessionId, &pMac->sme.smeCmdPendingList);
if (pMac->fScanOffload)
{
@@ -13669,7 +13589,6 @@
pSession->sessionId = CSR_SESSION_ID_INVALID;
pSession->callback = NULL;
pSession->pContext = NULL;
- pSession->ibss_join_pending = FALSE;
pSession->connectState = eCSR_ASSOC_STATE_TYPE_NOT_CONNECTED;
// TODO : Confirm pMac->roam.fReadyForPowerSave = eANI_BOOLEAN_FALSE;
csrFreeRoamProfile( pMac, sessionId );