From patchwork Mon Aug 6 16:30:02 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Williams X-Patchwork-Id: 175422 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from maxx.maxx.shmoo.com (maxx.shmoo.com [205.134.188.171]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "maxx.shmoo.com", Issuer "CA Cert Signing Authority" (not verified)) by ozlabs.org (Postfix) with ESMTPS id 1869E2C0082 for ; Tue, 7 Aug 2012 04:44:05 +1000 (EST) Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 252A39C156; Mon, 6 Aug 2012 14:44:02 -0400 (EDT) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YP4pbifcYsIu; Mon, 6 Aug 2012 14:44:01 -0400 (EDT) Received: from maxx.shmoo.com (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 032EF9C197; Mon, 6 Aug 2012 14:43:58 -0400 (EDT) X-Original-To: mailman-post+hostap@maxx.shmoo.com Delivered-To: mailman-post+hostap@maxx.shmoo.com Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id EC8269C197 for ; Mon, 6 Aug 2012 14:43:56 -0400 (EDT) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BwO1ppYIE2In for ; Mon, 6 Aug 2012 14:43:51 -0400 (EDT) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 9683E9C156 for ; Mon, 6 Aug 2012 14:43:51 -0400 (EDT) Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id q76IhZU4020395 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 6 Aug 2012 14:43:50 -0400 Received: from [10.3.237.248] (vpn-237-248.phx2.redhat.com [10.3.237.248]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id q76GSPcI000721; Mon, 6 Aug 2012 12:28:26 -0400 Message-ID: <1344270602.11053.9.camel@dcbw.foobar.com> Subject: [RFC PATCH] pmksa: don't evict active entry when adding new ones From: Dan Williams To: hostap@lists.shmoo.com Date: Mon, 06 Aug 2012 11:30:02 -0500 Mime-Version: 1.0 X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 Cc: j@w1.fi X-BeenThere: hostap@lists.shmoo.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: HostAP Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: hostap-bounces@lists.shmoo.com Errors-To: hostap-bounces@lists.shmoo.com If the PMKSA cache is full (ie, 32 candidates have been seen in scan results and have not yet expired) then any additional entries can potentially evict the current/active entry (if it is the first entry), which triggers a pointless local deauthentication. The supplicant shouldn't replace the current/active entry if it is still valid, but instead the oldest entry that is *not* the current/active one. 1343242112.312194: New scan results available 1343242112.312282: bgscan simple: scan result notification 1343242112.312343: RSN: Consider 00:xx:xx:xx:xx:40 for OKC 1343242112.312408: RSN: removed the oldest PMKSA cache entry (for 00:xx:xx:xx:xx:90) to make room for new one 1343242112.312454: RSN: removed current PMKSA entry 1343242112.312490: wpa_driver_nl80211_deauthenticate 1343242112.336808: State: COMPLETED -> DISCONNECTED (oops...) This is a bug at least as far back as 0.7, so the patch is desired for 0.7 (if you're ever updating that again), 1.0, and git master. Signed-hostap: Dan Williams --- Does this patch look correct? I haven't runtime tested it yet, but that's in the process of being done. Somebody double-check my linked-list logic, please :) diff -up wpa_supplicant-0.7.3/src/rsn_supp/pmksa_cache.c.foo wpa_supplicant-0.7.3/src/rsn_supp/pmksa_cache.c --- wpa_supplicant-0.7.3/src/rsn_supp/pmksa_cache.c.foo 2012-08-05 23:34:38.230809262 -0500 +++ wpa_supplicant-0.7.3/src/rsn_supp/pmksa_cache.c 2012-08-05 23:41:10.862900686 -0500 @@ -203,11 +203,23 @@ pmksa_cache_add(struct rsn_pmksa_cache * if (pmksa->pmksa_count >= pmksa_cache_max_entries && pmksa->pmksa) { /* Remove the oldest entry to make room for the new entry */ pos = pmksa->pmksa; - pmksa->pmksa = pos->next; - wpa_printf(MSG_DEBUG, "RSN: removed the oldest PMKSA cache " - "entry (for " MACSTR ") to make room for new one", - MAC2STR(pos->aa)); - pmksa_cache_free_entry(pmksa, pos, 0); + + /* Never remove the current PMKSA cache entry, since it's + * in use, and removing it triggers a needless deauthentication. + */ + if (pos == pmksa->sm->cur_pmksa) { + pos = pos->next; + pmksa->pmksa->next = pos ? pos->next : NULL; + } else + pmksa->pmksa = pos->next; + + if (pos) { + wpa_printf(MSG_DEBUG, "RSN: removed the oldest idle " + "PMKSA cache entry (for " MACSTR ") to make " + "room for new one", + MAC2STR(pos->aa)); + pmksa_cache_free_entry(pmksa, pos, 0); + } } /* Add the new entry; order by expiration time */