From patchwork Thu Jul  2 08:24:33 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Michal Kazior <michal.kazior@tieto.com>
X-Patchwork-Id: 490506
Return-Path: <hostap-bounces@lists.shmoo.com>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from maxx.maxx.shmoo.com (maxx.shmoo.com [205.134.188.171])
	by ozlabs.org (Postfix) with ESMTP id 1A9D514029E
	for <patchwork-incoming@ozlabs.org>;
	Thu,  2 Jul 2015 18:24:49 +1000 (AEST)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=tieto.com header.i=@tieto.com header.b=KaHTaY5K;
	dkim-atps=neutral
Received: from localhost (localhost [127.0.0.1])
	by maxx.maxx.shmoo.com (Postfix) with ESMTP id D1AB217C5AB;
	Thu,  2 Jul 2015 04:24:46 -0400 (EDT)
X-Virus-Scanned: amavisd-new at maxx.shmoo.com
Received: from maxx.maxx.shmoo.com ([127.0.0.1])
	by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id GBK-vE1U8TpR; Thu,  2 Jul 2015 04:24:46 -0400 (EDT)
Received: from maxx.shmoo.com (localhost [127.0.0.1])
	by maxx.maxx.shmoo.com (Postfix) with ESMTP id 9CA3917C5BF;
	Thu,  2 Jul 2015 04:24:41 -0400 (EDT)
X-Original-To: mailman-post+hostap@maxx.shmoo.com
Delivered-To: mailman-post+hostap@maxx.shmoo.com
Received: from localhost (localhost [127.0.0.1])
	by maxx.maxx.shmoo.com (Postfix) with ESMTP id A4AE017C5BF
	for <mailman-post+hostap@maxx.shmoo.com>;
	Thu,  2 Jul 2015 04:24:40 -0400 (EDT)
X-Virus-Scanned: amavisd-new at maxx.shmoo.com
Received: from maxx.maxx.shmoo.com ([127.0.0.1])
	by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id zc3MVw1TUxWu for <mailman-post+hostap@maxx.shmoo.com>;
	Thu,  2 Jul 2015 04:24:35 -0400 (EDT)
Received: from mail-wg0-f43.google.com (mail-wg0-f43.google.com
	[74.125.82.43]) (using TLSv1 with cipher RC4-SHA (128/128 bits))
	(Client CN "smtp.gmail.com",
	Issuer "Google Internet Authority G2" (not verified))
	by maxx.maxx.shmoo.com (Postfix) with ESMTPS id 167ED17C5AB
	for <hostap@lists.shmoo.com>; Thu,  2 Jul 2015 04:24:34 -0400 (EDT)
Received: by wguu7 with SMTP id u7so56402639wgu.3
	for <hostap@lists.shmoo.com>; Thu, 02 Jul 2015 01:24:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tieto.com; s=google;
	h=mime-version:date:message-id:subject:from:to:content-type;
	bh=KpDxhXwKScV0mSd9HkF8bGUz1di0eLyND+9CTS0AdAk=;
	b=KaHTaY5KiQa2JyMaoAiJPi53q84I6XNv18XQveRNssyTIacxgkZUxQZjB1XvzFc86F
	a0Uv8ZdHvG+yJMsMk3bwQaXEp9rVOu1twmtayyerG7MbKblJ+nRTCk83BJ0Wio8JDNa9
	reANg/d8DqPeJeuzaobFgZx085o5PAmYZ2bgU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:mime-version:date:message-id:subject:from:to
	:content-type;
	bh=KpDxhXwKScV0mSd9HkF8bGUz1di0eLyND+9CTS0AdAk=;
	b=cn39TSBarOlVlhJ0haXNav4j8qQA6wp2XXOpGDiexm829iLOiPRtJuOSNYJVdydAKy
	Mqzl+soMA+errPjZBBzKtdmXZ8lao8mHaPhaqNv1FxUAPCKtSScSxPINt3vSARYANpa3
	6Z36ArN49l2Ck3qHRNo+qWAmIMPaLSggnV0GlhybY99tJZL+mlyv4R6HIC2Belfx9fcU
	+KpzW2FeGDWOaabaYTkZ/Kr9ORXtjQCjJm+wuCs5pqxSciFDvAGsE4udmrCAcaVg/jJM
	uiMYtl2kGrr+MLuGnuEFErfvoIi86SHbJWydsgvpmeZojzJ8N+OokLnjwViTmvSN1UvT
	XAMA==
X-Gm-Message-State: 
 ALoCoQnh74A+I1n9ulmZOVQ8X4KXt/kfcTo3PvW0DurczNFMPHvLlOcFvipWMDJUvGXlvIEO7eO5f+0WcApDSpTh3ReLCCuqxYZYIZ6zJYX4DvoICs2BYKXnceMxuQR7WhWcAiCnleOt
MIME-Version: 1.0
X-Received: by 10.194.86.161 with SMTP id q1mr35332157wjz.18.1435825473686;
	Thu, 02 Jul 2015 01:24:33 -0700 (PDT)
Received: by 10.194.221.67 with HTTP; Thu, 2 Jul 2015 01:24:33 -0700 (PDT)
Date: Thu, 2 Jul 2015 10:24:33 +0200
Message-ID: 
 <CA+BoTQm==AM3F2Fxq6T_+uY+jq0yXc9JHFT0iwpe2XJrmxkSsg@mail.gmail.com>
Subject: Association race when acting as AP?
From: Michal Kazior <michal.kazior@tieto.com>
To: linux-wireless <linux-wireless@vger.kernel.org>,
	"hostap@lists.shmoo.com" <hostap@lists.shmoo.com>
X-DomainID: tieto.com
X-BeenThere: hostap@lists.shmoo.com
X-Mailman-Version: 2.1.11
Precedence: list
List-Id: HostAP Project <hostap.lists.shmoo.com>
List-Unsubscribe: <http://lists.shmoo.com/mailman/options/hostap>,
	<mailto:hostap-request@lists.shmoo.com?subject=unsubscribe>
List-Archive: <http://lists.shmoo.com/pipermail/hostap>
List-Post: <mailto:hostap@lists.shmoo.com>
List-Help: <mailto:hostap-request@lists.shmoo.com?subject=help>
List-Subscribe: <http://lists.shmoo.com/mailman/listinfo/hostap>,
	<mailto:hostap-request@lists.shmoo.com?subject=subscribe>
Sender: hostap-bounces@lists.shmoo.com
Errors-To: hostap-bounces@lists.shmoo.com

Hello,

I've been recently trying to figure out why I'm seeing messages like the
following in dmesg:

 [  135.866308] p2p-wlan1-0: authenticate with 02:03:7f:91:53:51
 [  135.869745] p2p-wlan1-0: send auth to 02:03:7f:91:53:51 (try 1/3)
 [  135.877538] p2p-wlan1-0: authenticated
 [  135.888029] p2p-wlan1-0: associate with 02:03:7f:91:53:51 (try 1/3)
 [  135.912461] p2p-wlan1-0: RX AssocResp from 02:03:7f:91:53:51
(capab=0x411 status=0 aid=1)
 [  135.916226] p2p-wlan1-0: associated
 [  135.918038] p2p-wlan1-0: deauthenticated from 02:03:7f:91:53:51
(Reason: 7=CLASS3_FRAME_FROM_NONASSOC_STA)

This gets repeated a few times. Sometimes the connection succeeds after a
few cycles, sometimes it doesn't. I've seen this mostly while testing P2P.

After looking into hostapd code I noticed something strange and I wonder if
anyone else is already aware of this problem:

 1. AP starts
 2. STA->AP auth OTA
 3. AP->STA auth OTA
 4. STA->AP assoc req OTA
 5. AP->STA assoc resp OTA
 6. STA sends NullFunc with "STA will go to sleep" bit set
 7. AP driver/device sees a frame from with unknown TA/SA and issues Deauth
w/ Reason 7
   (this Deauth doesn't originate from hostapd; it comes from the device FW
in my case)
 8. AP sees TX_STATUS for (5) so it just now installs station entry to
device/driver
 9. AP attempts to send EAPOL but STA is no longer there

I'm able to reproduce this quite easily with QCA6174 (ath10k) acting as P2P
GO and Intel 7260 (iwlmvm) as P2P Client.

This also suggests it's not P2P specific.

To me this looks like a race in hostapd. The station should be installed to
driver _before_ sending Assoc Resp frame, not after. My quick-n-dirty hack
seems to help:

                           strerror(errno));
@@ -2561,7 +2568,6 @@ void ieee802_11_mgmt_cb(struct hostapd_data *hapd,
const u8 *buf, size_t len,
                break;
        case WLAN_FC_STYPE_ASSOC_RESP:
                wpa_printf(MSG_DEBUG, "mgmt::assoc_resp cb");
-               handle_assoc_cb(hapd, mgmt, len, 0, ok);
                break;
        case WLAN_FC_STYPE_REASSOC_RESP:
                wpa_printf(MSG_DEBUG, "mgmt::reassoc_resp cb");


Obviously this is whitespace damaged and incomplete as it doesn't cover all
the possible fail cases. It's just a proof-of-concept for the purpose of
discussion.

Is anyone aware of this problem already? Anyone working on it? Any gotchas
I should be aware of before I go into fixing this in a proper way? Or am I
missing something and this isn't actually a problem?


Michał

--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -42,6 +42,11 @@
 #include "dfs.h"


+static void handle_assoc_cb(struct hostapd_data *hapd,
+                           const struct ieee80211_mgmt *mgmt,
+                           size_t len, int reassoc, int ok);
+
+
 u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
 {
        u8 *pos = eid;
@@ -1675,6 +1680,8 @@ static void send_assoc_resp(struct hostapd_data
*hapd, struct sta_info *sta,

        send_len += p - reply->u.assoc_resp.variable;

+       handle_assoc_cb(hapd, reply, send_len, 0, 1);
+
        if (hostapd_drv_send_mlme(hapd, reply, send_len, 0) < 0)
                wpa_printf(MSG_INFO, "Failed to send assoc resp: %s",