git: 6e5d01124fd4 - main - wpa/hostapd: Fix 100% CPU when USB wlan NIC removed

From: Cy Schubert <cy_at_FreeBSD.org>
Date: Mon, 04 Apr 2022 13:12:13 UTC
The branch main has been updated by cy:

URL: https://cgit.FreeBSD.org/src/commit/?id=6e5d01124fd4dd57899ddd9260c76dbb43543aa7

commit 6e5d01124fd4dd57899ddd9260c76dbb43543aa7
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2022-04-03 03:54:50 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2022-04-04 13:11:28 +0000

    wpa/hostapd: Fix 100% CPU when USB wlan NIC removed
    
    hostapd calls pcap_next(3) to read the next packet off the wlan interface.
    pcap_next() returns a pointer to the packet header but does not indicate
    success or failure. Unfortunately this results in an infinite loop (100%
    CPU) when the wlan device disappears, i.e. when a USB wlan device is
    manually removed or a USB error results in the device removal. However
    pcap_next_ex(3) does return success or failure. To resolve this we use
    pcap_next_ex(), forcing hostapd to exit when the error is encountered.
    
    An error message is printed to syslog or stderr when debugging (-d flag)
    is enabled. Unfortunately wpa_printf() only works when debugging is enabled.
    
    PR:             253608
    Reported by:    Damjan Jovanovic <damjan.jov@gmail.com>,
                    bz (privately)
    MFC after:      3 days
---
 contrib/wpa/src/l2_packet/l2_packet_freebsd.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/contrib/wpa/src/l2_packet/l2_packet_freebsd.c b/contrib/wpa/src/l2_packet/l2_packet_freebsd.c
index 48e18fffba57..da742f432120 100644
--- a/contrib/wpa/src/l2_packet/l2_packet_freebsd.c
+++ b/contrib/wpa/src/l2_packet/l2_packet_freebsd.c
@@ -83,7 +83,10 @@ static void l2_packet_receive(int sock, void *eloop_ctx, void *sock_ctx)
 	unsigned char *buf;
 	size_t len;
 
-	packet = pcap_next(pcap, &hdr);
+	if (pcap_next_ex(pcap, &hdr, &packet) == -1) {
+		wpa_printf(MSG_ERROR, "Error reading packet, has device disappeared?");
+		eloop_terminate();
+	}
 
 	if (!l2->rx_callback || !packet || hdr.caplen < sizeof(*ethhdr))
 		return;