P2P: Deinitialize global P2P context on P2P mgmt interface removal

The P2P implementation assumes that the first wpa_s interface instance
is used to manage P2P operations and the P2P module maintains a pointer
to this interface in msg_ctx. This can result in issues (e.g., use of
freed memory) when the management interface is removed. Fix this by
deinitializing global P2P data if the interface that created it is
removed. This will disable P2P until the next interface is added.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1

wpa_supplicant/p2p_supplicant.c

@@ -2482,6 +2482,7 @@ int wpas_p2p_init(struct wpa_global *global, struct wpa_supplicant *wpa_s)
 	global->p2p = p2p_init(&p2p);
 	if (global->p2p == NULL)
 		return -1;
+	global->p2p_init_wpa_s = wpa_s;
 
 	for (i = 0; i < MAX_WPS_VENDOR_EXT; i++) {
 		if (wpa_s->conf->wps_vendor_ext[i] == NULL)
@@ -2570,6 +2571,7 @@ void wpas_p2p_deinit_global(struct wpa_global *global)
 
 	p2p_deinit(global->p2p);
 	global->p2p = NULL;
+	global->p2p_init_wpa_s = NULL;
 }
 
 

wpa_supplicant/wpa_supplicant.c

@@ -2702,6 +2702,14 @@ static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
 
 	wpa_supplicant_cleanup(wpa_s);
 
+#ifdef CONFIG_P2P
+	if (wpa_s == wpa_s->global->p2p_init_wpa_s && wpa_s->global->p2p) {
+		wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Disable P2P since removing "
+			"the management interface is being removed");
+		wpas_p2p_deinit_global(wpa_s->global);
+	}
+#endif /* CONFIG_P2P */
+
 	if (wpa_s->drv_priv)
 		wpa_drv_deinit(wpa_s);
 

wpa_supplicant/wpa_supplicant_i.h

@@ -225,6 +225,7 @@ struct wpa_global {
 	size_t drv_count;
 	struct os_time suspend_time;
 	struct p2p_data *p2p;
+	struct wpa_supplicant *p2p_init_wpa_s;
 	struct wpa_supplicant *p2p_group_formation;
 	u8 p2p_dev_addr[ETH_ALEN];
 	struct dl_list p2p_srv_bonjour; /* struct p2p_srv_bonjour */