Date: Wed, 4 Jun 2025 22:23:54 GMT From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 0a2e5ab96a7d - stable/14 - net80211: make sure to not start a BGSCAN if not enabled Message-ID: <202506042223.554MNsSj037741@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/14 has been updated by bz: URL: https://cgit.FreeBSD.org/src/commit/?id=0a2e5ab96a7da51690f38d962305214e2973989d commit 0a2e5ab96a7da51690f38d962305214e2973989d Author: Bjoern A. Zeeb <bz@FreeBSD.org> AuthorDate: 2025-05-24 17:01:59 +0000 Commit: Bjoern A. Zeeb <bz@FreeBSD.org> CommitDate: 2025-06-04 22:23:30 +0000 net80211: make sure to not start a BGSCAN if not enabled On drivers not supporting background scanning (not having announced IEEE80211_C_BGSCAN) we repeatedly have seen scanning issues and BGSCAN was "on" according to, e.g., ddb show com /a. Turns out there are multiple problems: (a) the ioctl scanreq code can pass IEEE80211_[IOC_]SCAN_BGSCAN in (ifconfig wlanX scan will do so by default). That flag ends up on flags in the scanning code which have no other checks, and we are doing a BGSCAN. So make sure BGSCAN is announced by the driver and enabled (and it's STA mode for the full check) or filter the BGSCAN out. (b) ieee80211_bg_scan() never checked if background scanning was available/enabled. Do so now. (c) ieee80211_swscan_start_scan_locked() as a consequence of (a) would start the BGSCAN unconditionally. Also check for BGSCAN to be available/enabled here. Lastly, we should no longer reach ieee80211_swscan_bg_scan() without background scanning being available/enabled, so document that fact by placing a KASSERT. That will also help in case future changes will open a new hole or there are further which I have not noticed. Sponsored by: The FreeBSD Foundation Reviewed by: adrian Differential Revision: https://reviews.freebsd.org/D50513 (cherry picked from commit 32af70fae827ecab34e995b49ea7656ea6e70608) --- sys/net80211/ieee80211_ioctl.c | 12 ++++++++++++ sys/net80211/ieee80211_scan.c | 13 +++++++++++++ sys/net80211/ieee80211_scan_sw.c | 8 +++++++- 3 files changed, 32 insertions(+), 1 deletion(-) diff --git a/sys/net80211/ieee80211_ioctl.c b/sys/net80211/ieee80211_ioctl.c index 7447e3a05ed3..63f61ede1d7a 100644 --- a/sys/net80211/ieee80211_ioctl.c +++ b/sys/net80211/ieee80211_ioctl.c @@ -2600,6 +2600,18 @@ ieee80211_scanreq(struct ieee80211vap *vap, struct ieee80211_scan_req *sr) return EINVAL; /* cleanse flags just in case, could reject if invalid flags */ sr->sr_flags &= IEEE80211_IOC_SCAN_FLAGS; + + /* + * If the driver does not support BGSCAN, or BGSCAN is disabled + * do not allow the IEEE80211_SCAN_BGSCAN flag to go through + * to avoid accidentally enabling BGSCANs. + * Also if not STA mode [see ieee80211_vap_setup()]. + */ + if ((vap->iv_caps & IEEE80211_C_BGSCAN) == 0 || + (vap->iv_flags & IEEE80211_F_BGSCAN) == 0 || + vap->iv_opmode != IEEE80211_M_STA) + sr->sr_flags &= ~IEEE80211_IOC_SCAN_BGSCAN; + /* * Add an implicit NOPICK if the vap is not marked UP. This * allows applications to scan without joining a bss (or picking diff --git a/sys/net80211/ieee80211_scan.c b/sys/net80211/ieee80211_scan.c index 04fee33f48f1..e5bd8d76b260 100644 --- a/sys/net80211/ieee80211_scan.c +++ b/sys/net80211/ieee80211_scan.c @@ -428,6 +428,19 @@ ieee80211_bg_scan(struct ieee80211vap *vap, int flags) // IEEE80211_UNLOCK_ASSERT(sc); + /* + * If the driver has not announced BGSCAN capabilities + * or BGSCAN is disabled do not attempt to start a bg_scan. + * IEEE80211_F_BGSCAN only gets set if IEEE80211_C_BGSCAN + * was set by the driver, so no need to check for both here. + */ + if ((vap->iv_flags & IEEE80211_F_BGSCAN) == 0) { + IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN, + "%s: BGSCAN not enabled; not starting bg_scan\n", + __func__); + return (0); + } + scan = ieee80211_scanner_get(vap->iv_opmode); if (scan == NULL) { IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN, diff --git a/sys/net80211/ieee80211_scan_sw.c b/sys/net80211/ieee80211_scan_sw.c index e1d6b2779cf0..c85bdcd5f78b 100644 --- a/sys/net80211/ieee80211_scan_sw.c +++ b/sys/net80211/ieee80211_scan_sw.c @@ -201,7 +201,9 @@ ieee80211_swscan_start_scan_locked(const struct ieee80211_scanner *scan, vap->iv_stats.is_scan_passive++; if (flags & IEEE80211_SCAN_FLUSH) ss->ss_ops->scan_flush(ss); - if (flags & IEEE80211_SCAN_BGSCAN) + /* Only BGSCAN if enabled and requested. */ + if ((vap->iv_flags & IEEE80211_F_BGSCAN) != 0 && + (flags & IEEE80211_SCAN_BGSCAN) != 0) ic->ic_flags_ext |= IEEE80211_FEXT_BGSCAN; /* Set duration for this particular scan */ @@ -339,6 +341,10 @@ ieee80211_swscan_bg_scan(const struct ieee80211_scanner *scan, // IEEE80211_UNLOCK_ASSERT(ic); IEEE80211_LOCK(ic); + KASSERT((vap->iv_flags & IEEE80211_F_BGSCAN) != 0, + ("%s: vap %p iv_flags %#010x no IEEE80211_F_BGSCAN set", + __func__, vap, vap->iv_flags)); + scanning = ic->ic_flags & IEEE80211_F_SCAN; if (!scanning) { u_int duration;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202506042223.554MNsSj037741>