wpa_supplicant: Update to Version 0.8.27 from BRCM

- Fix crash during TRUE pbc overlap
- Fix p2p_stop_find event
- Avoid race condition in GO-NEG process if both peers enter
  p2p_connect at the same time
- Retry assoc immediately on ASSOC-REJECT. Previously assoc was
  retried on authentication timeout (which occurs after 10secs).
  Now on assoc reject, we cancel the auth timer and then initiate
  a assoc scan.

BUG: 6543705, 6427094

Change-Id: I4489fb14b6cead069f0d14fcbb9e2224f790d77b
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

8 files changed, 67 insertions, 3 deletions

diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 721b73b6..77a6a35e 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -2190,6 +2190,9 @@ static int process_global_event(struct nl_msg *msg, void *arg)
 		if (ifidx == -1 || ifidx == drv->ifindex ||
 		    have_ifidx(drv, ifidx))
 			do_process_drv_event(drv, gnlh->cmd, tb);
+#ifdef ANDROID_P2P
+			break;
+#endif
 	}
 
 	return NL_SKIP;
diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
index 68dfb8dc..a010699e 100644
--- a/src/p2p/p2p.c
+++ b/src/p2p/p2p.c
@@ -60,6 +60,7 @@ int p2p_connection_in_progress(struct p2p_data *p2p)
 		case P2P_CONNECT_LISTEN:
 		case P2P_GO_NEG:
 		case P2P_WAIT_PEER_CONNECT:
+		case P2P_WAIT_PEER_IDLE:
 		case P2P_PROVISIONING:
 		case P2P_INVITE:
 		case P2P_INVITE_LISTEN:
@@ -67,6 +68,7 @@ int p2p_connection_in_progress(struct p2p_data *p2p)
 			break;
 
 		default:
+			wpa_printf(MSG_DEBUG, "p2p_connection_in_progress state %d", p2p->state);
 			ret = 0;
 	}
 
@@ -2283,6 +2285,11 @@ void p2p_flush(struct p2p_data *p2p)
 {
 	struct p2p_device *dev, *prev;
 	p2p_clear_timeout(p2p);
+#ifdef ANDROID_P2P
+	if (p2p->state == P2P_SEARCH)
+		wpa_msg(p2p->cfg->msg_ctx, MSG_INFO,
+						P2P_EVENT_FIND_STOPPED);
+#endif
 	p2p_set_state(p2p, P2P_IDLE);
 	p2p->start_after_scan = P2P_AFTER_SCAN_NOTHING;
 	p2p->go_neg_peer = NULL;
@@ -2683,12 +2690,19 @@ static void p2p_go_neg_req_cb(struct p2p_data *p2p, int success)
 	}
 
 	if (success) {
+#ifndef ANDROID_P2P
 		dev->go_neg_req_sent++;
+#endif
 		if (dev->flags & P2P_DEV_USER_REJECTED) {
 			p2p_set_state(p2p, P2P_IDLE);
 			return;
 		}
 	}
+#ifdef ANDROID_P2P
+	else {
+		dev->go_neg_req_sent--;
+	}
+#endif
 
 	if (!success &&
 	    (dev->info.dev_capab & P2P_DEV_CAPAB_CLIENT_DISCOVERABILITY) &&
diff --git a/src/p2p/p2p_go_neg.c b/src/p2p/p2p_go_neg.c
index 1a0c7d49..6e818c23 100644
--- a/src/p2p/p2p_go_neg.c
+++ b/src/p2p/p2p_go_neg.c
@@ -203,6 +203,9 @@ int p2p_connect_send(struct p2p_data *p2p, struct p2p_device *dev)
 	p2p->go_neg_peer = dev;
 	dev->flags |= P2P_DEV_WAIT_GO_NEG_RESPONSE;
 	dev->connect_reqs++;
+#ifdef ANDROID_P2P
+	dev->go_neg_req_sent++;
+#endif
 	if (p2p_send_action(p2p, freq, dev->info.p2p_device_addr,
 			    p2p->cfg->dev_addr, dev->info.p2p_device_addr,
 			    wpabuf_head(req), wpabuf_len(req), 200) < 0) {
diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index 85ec3172..5ed7ea4a 100644
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -312,8 +312,13 @@ static void wps_registrar_remove_pbc_session(struct wps_registrar *reg,
 	pbc = reg->pbc_sessions;
 	while (pbc) {
 		if (os_memcmp(pbc->uuid_e, uuid_e, WPS_UUID_LEN) == 0 ||
+#ifdef ANDROID_P2P
+		    (p2p_dev_addr && !is_zero_ether_addr(pbc->addr) &&
+		     os_memcmp(pbc->addr, p2p_dev_addr, ETH_ALEN) ==
+#else
 		    (p2p_dev_addr && !is_zero_ether_addr(reg->p2p_dev_addr) &&
 		     os_memcmp(reg->p2p_dev_addr, p2p_dev_addr, ETH_ALEN) ==
+#endif
 		     0)) {
 			if (prev)
 				prev->next = pbc->next;
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index c6d91e86..e729e825 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -2262,6 +2262,25 @@ void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
 				data->assoc_reject.status_code);
 		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
 			sme_event_assoc_reject(wpa_s, data);
+#ifdef ANDROID_P2P
+		/* If assoc reject is reported by the driver, then avoid
+		 * waiting for  the authentication timeout. Cancel the
+		 * authentication timeout and retry the assoc.
+		 */
+		if(wpa_s->assoc_retries++ < 5) {
+			wpa_printf(MSG_ERROR, "Retrying assoc "
+			"Iteration:%d", wpa_s->assoc_retries);
+			wpa_supplicant_cancel_auth_timeout(wpa_s);
+
+			/* Clear the states */
+			wpa_sm_notify_disassoc(wpa_s->wpa);
+			wpa_supplicant_disassociate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
+
+			wpa_s->reassociate = 1;
+			wpa_supplicant_req_scan(wpa_s, 1, 0);
+		} else
+			wpa_s->assoc_retries = 0;
+#endif /* ANDROID_P2P */
 		break;
 	case EVENT_AUTH_TIMED_OUT:
 		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
index f9317a8e..68b3c9b7 100644
--- a/wpa_supplicant/p2p_supplicant.c
+++ b/wpa_supplicant/p2p_supplicant.c
@@ -44,9 +44,16 @@
  * How many seconds to try to reconnect to the GO when connection in P2P client
  * role has been lost.
  */
+#ifdef ANDROID_P2P
+#define P2P_MAX_CLIENT_IDLE 20
+#else
 #define P2P_MAX_CLIENT_IDLE 10
+#endif /* ANDROID_P2P */
 #endif /* P2P_MAX_CLIENT_IDLE */
 
+#ifdef ANDROID_P2P
+static int wpas_global_scan_in_progress(struct wpa_supplicant *wpa_s);
+#endif
 static void wpas_p2p_long_listen_timeout(void *eloop_ctx, void *timeout_ctx);
 static struct wpa_supplicant *
 wpas_p2p_get_group_iface(struct wpa_supplicant *wpa_s, int addr_allocated,
@@ -3402,8 +3409,10 @@ static void wpas_p2p_idle_update(void *ctx, int idle)
 	if (!wpa_s->ap_iface)
 		return;
 	wpa_printf(MSG_DEBUG, "P2P: GO - group %sidle", idle ? "" : "not ");
-	if (idle)
+	if (idle) {
+		wpa_printf(MSG_DEBUG,"Calling set group idle time out from idle_update");
 		wpas_p2p_set_group_idle_timeout(wpa_s);
+	}
 	else
 		eloop_cancel_timeout(wpas_p2p_group_idle_timeout, wpa_s, NULL);
 }
@@ -3927,8 +3936,8 @@ static void wpas_p2p_group_idle_timeout(void *eloop_ctx, void *timeout_ctx)
 		return;
 	}
 
-	wpa_printf(MSG_DEBUG, "P2P: Group idle timeout reached - terminate "
-		   "group");
+	wpa_printf(MSG_DEBUG, "P2P: Group idle timeout reached - terminate %d"
+		   "group",wpa_s->conf->p2p_group_idle);
 	wpa_s->removal_reason = P2P_GROUP_REMOVAL_IDLE_TIMEOUT;
 	wpas_p2p_group_delete(wpa_s);
 }
@@ -4202,7 +4211,10 @@ void wpas_p2p_notif_disconnected(struct wpa_supplicant *wpa_s)
 	if (!wpa_s->ap_iface &&
 	    !eloop_is_timeout_registered(wpas_p2p_group_idle_timeout,
 					 wpa_s, NULL))
+	{
+		wpa_printf(MSG_DEBUG,"Calling set grouple idle_timeout from notif_disconnected");
 		wpas_p2p_set_group_idle_timeout(wpa_s);
+	}
 }
 
 
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 3b184fd7..cb5b42f3 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -581,6 +581,11 @@ void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
 		wpa_supplicant_state_txt(wpa_s->wpa_state),
 		wpa_supplicant_state_txt(state));
 
+#ifdef ANDROID_P2P
+	if(state == WPA_ASSOCIATED || (state <= WPA_INACTIVE))
+		wpa_s->assoc_retries = 0;
+#endif /* ANDROID_P2P */
+
 	if (state != WPA_SCANNING)
 		wpa_supplicant_notify_scanning(wpa_s, 0);
 
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index 21fe5cc4..33b62586 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -276,6 +276,9 @@ struct wpa_supplicant {
 	struct wpa_bss *current_bss;
 	int ap_ies_from_associnfo;
 	unsigned int assoc_freq;
+#ifdef ANDROID_P2P
+	unsigned int assoc_retries;
+#endif
 
 	/* Selected configuration (based on Beacon/ProbeResp WPA IE) */
 	int pairwise_cipher;