git: 2010c5e3a379 - stable/12 - wpa/hostapd: Fix 100% CPU when USB wlan NIC removed

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Cy Schubert <cy_at_FreeBSD.org>
Date: Thu, 07 Apr 2022 21:20:47 UTC

The branch stable/12 has been updated by cy:

URL: https://cgit.FreeBSD.org/src/commit/?id=2010c5e3a379c55d188909dcc6c0edb12272983b

commit 2010c5e3a379c55d188909dcc6c0edb12272983b
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2022-04-03 03:54:50 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2022-04-07 21:20:35 +0000

    wpa/hostapd: Fix 100% CPU when USB wlan NIC removed
    
    hostapd calls pcap_next(3) to read the next packet off the wlan interface.
    pcap_next() returns a pointer to the packet header but does not indicate
    success or failure. Unfortunately this results in an infinite loop (100%
    CPU) when the wlan device disappears, i.e. when a USB wlan device is
    manually removed or a USB error results in the device removal. However
    pcap_next_ex(3) does return success or failure. To resolve this we use
    pcap_next_ex(), forcing hostapd to exit when the error is encountered.
    
    An error message is printed to syslog or stderr when debugging (-d flag)
    is enabled. Unfortunately wpa_printf() only works when debugging is enabled.
    
    PR:             253608
    Reported by:    Damjan Jovanovic <damjan.jov@gmail.com>,
                    bz (privately)
    
    (cherry picked from commit 6e5d01124fd4dd57899ddd9260c76dbb43543aa7)
---
 contrib/wpa/src/l2_packet/l2_packet_freebsd.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/contrib/wpa/src/l2_packet/l2_packet_freebsd.c b/contrib/wpa/src/l2_packet/l2_packet_freebsd.c
index 48e18fffba57..da742f432120 100644
--- a/contrib/wpa/src/l2_packet/l2_packet_freebsd.c
+++ b/contrib/wpa/src/l2_packet/l2_packet_freebsd.c
@@ -83,7 +83,10 @@ static void l2_packet_receive(int sock, void *eloop_ctx, void *sock_ctx)
 	unsigned char *buf;
 	size_t len;
 
-	packet = pcap_next(pcap, &hdr);
+	if (pcap_next_ex(pcap, &hdr, &packet) == -1) {
+		wpa_printf(MSG_ERROR, "Error reading packet, has device disappeared?");
+		eloop_terminate();
+	}
 
 	if (!l2->rx_callback || !packet || hdr.caplen < sizeof(*ethhdr))
 		return;