From nobody Wed Jun  4 22:23:54 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bCMYl0sgBz5xk9w;
	Wed, 04 Jun 2025 22:23:55 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4bCMYk1Z4nz44KK;
	Wed, 04 Jun 2025 22:23:54 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1749075834;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=4Yk7UzCU0uDVXykU8NQUcO1u5lxfnuU+xrze/0m8P9Q=;
	b=cw0YDtxv3jElMeZx3/tYqNx6/O3btiytZKlnB5hJ2b0BA33woZPx30UdMsk7oSQOYBBInq
	3lzi8QvmR/zcl6O2H0CNHVlp+dmcXPGagisK+JR7L+eM5TQJgdRhFtv6KY7YOpdHchyjT8
	uJDU9herjyy9c1ZKMHZCbVBDjDa9frHQ0FbEdv9nHJCRJ1QPaIIK5eHbaWjvhxW7wt9GX5
	Fz3e6z3ye9Y/oo83nA55WFw7+1n08yxZ+oP3HnAm5MtOVezOR6E4FY9HveMHjsg0tbojB7
	NYOLmrKbP37MxMY4Firi3oNBd5J2M9pE/Zh1XwicoB4hLQ74afOYmKj8BkiJnw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1749075834;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=4Yk7UzCU0uDVXykU8NQUcO1u5lxfnuU+xrze/0m8P9Q=;
	b=Se8ns4BTK2UJYoGjr86Ubdm8uU3Kg+LYnon6Kq+xi4H4OQwnTnde5fAe40B11Ms3+oGD/d
	OqVATVDjsM4bMl3N8gUjcavbcOA07Z07HcJgcGVsMC8F3svW77AEjRLs1AkC9hzwnDb2v0
	9Ijn8a8Wlnt/myCtsAkieD9iKJ6E0ePhi01w+VPpM0oHhlhLvZBm4wZFukH/tqYOYrzbIc
	4bVy0CBMYK7L8xoFXm1JuU2xSNkSaCLXVuf8fbQggmMkOoHeLh5fNlVjECo710Wh54jCxT
	e1ZOD/UrXI43GWs8xgtaf8Gr/MorIzL0DmROstaQGDs+GTDeD77B/i2q1ZmKeg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1749075834; a=rsa-sha256; cv=none;
	b=T/s8Mkbmb5hawCAV842Rnr+8upGeBPgIeLtMxZ0MhQfdwn2dYMhn+Qsau1KutW3f0ONHrl
	8PDPyxMNFEUJqGvJu2hw4y79Z9Tntt37TQin7g2Q93P1mVy0z2oWGekHOTHWtCSiPiJ78W
	HpDooP14wx0kOEP9itm7mDxMdizs3MjidPIxkNGacAoeK4wUxoholPwXt7PCpSK+fdMVrB
	UaWMNV+SWnE1W2EoQeLSXIqddJDIqQS+rtlj53UbYhKVjzVZZCUa5qaCT3nOHz84J97mAV
	5JFJ2czDbNP/VU+JCXawsVE7muTR1RtitXOh3nXygPekDY8TAoekfeIoUav7cw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bCMYk0xX5zjtG;
	Wed, 04 Jun 2025 22:23:54 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 554MNs05037744;
	Wed, 4 Jun 2025 22:23:54 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 554MNsSj037741;
	Wed, 4 Jun 2025 22:23:54 GMT
	(envelope-from git)
Date: Wed, 4 Jun 2025 22:23:54 GMT
Message-Id: <202506042223.554MNsSj037741@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Subject: git: 0a2e5ab96a7d - stable/14 - net80211: make sure to not
  start a BGSCAN if not enabled
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: bz
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 0a2e5ab96a7da51690f38d962305214e2973989d
Auto-Submitted: auto-generated

The branch stable/14 has been updated by bz:

URL: https://cgit.FreeBSD.org/src/commit/?id=0a2e5ab96a7da51690f38d962305214e2973989d

commit 0a2e5ab96a7da51690f38d962305214e2973989d
Author:     Bjoern A. Zeeb <bz@FreeBSD.org>
AuthorDate: 2025-05-24 17:01:59 +0000
Commit:     Bjoern A. Zeeb <bz@FreeBSD.org>
CommitDate: 2025-06-04 22:23:30 +0000

    net80211: make sure to not start a BGSCAN if not enabled
    
    On drivers not supporting background scanning (not having announced
    IEEE80211_C_BGSCAN) we repeatedly have seen scanning issues and
    BGSCAN was "on" according to, e.g., ddb show com /a.
    
    Turns out there are multiple problems:
    (a) the ioctl scanreq code can pass IEEE80211_[IOC_]SCAN_BGSCAN in
        (ifconfig wlanX scan will do so by default).  That flag ends up
        on flags in the scanning code which have no other checks, and
        we are doing a BGSCAN.
        So make sure BGSCAN is announced by the driver and enabled
        (and it's STA mode for the full check) or filter the BGSCAN out.
    
    (b) ieee80211_bg_scan() never checked if background scanning was
        available/enabled.  Do so now.
    
    (c) ieee80211_swscan_start_scan_locked() as a consequence of (a) would
        start the BGSCAN unconditionally.  Also check for BGSCAN to be
        available/enabled here.
    
    Lastly, we should no longer reach ieee80211_swscan_bg_scan() without
    background scanning being available/enabled, so document that fact
    by placing a KASSERT.  That will also help in case future changes
    will open a new hole or there are further which I have not noticed.
    
    Sponsored by:   The FreeBSD Foundation
    Reviewed by:    adrian
    Differential Revision: https://reviews.freebsd.org/D50513
    
    (cherry picked from commit 32af70fae827ecab34e995b49ea7656ea6e70608)
---
 sys/net80211/ieee80211_ioctl.c   | 12 ++++++++++++
 sys/net80211/ieee80211_scan.c    | 13 +++++++++++++
 sys/net80211/ieee80211_scan_sw.c |  8 +++++++-
 3 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/sys/net80211/ieee80211_ioctl.c b/sys/net80211/ieee80211_ioctl.c
index 7447e3a05ed3..63f61ede1d7a 100644
--- a/sys/net80211/ieee80211_ioctl.c
+++ b/sys/net80211/ieee80211_ioctl.c
@@ -2600,6 +2600,18 @@ ieee80211_scanreq(struct ieee80211vap *vap, struct ieee80211_scan_req *sr)
 			return EINVAL;
 	/* cleanse flags just in case, could reject if invalid flags */
 	sr->sr_flags &= IEEE80211_IOC_SCAN_FLAGS;
+
+	/*
+	 * If the driver does not support BGSCAN, or BGSCAN is disabled
+	 * do not allow the IEEE80211_SCAN_BGSCAN flag to go through
+	 * to avoid accidentally enabling BGSCANs.
+	 * Also if not STA mode [see ieee80211_vap_setup()].
+	 */
+	if ((vap->iv_caps & IEEE80211_C_BGSCAN) == 0 ||
+	    (vap->iv_flags & IEEE80211_F_BGSCAN) == 0 ||
+	    vap->iv_opmode != IEEE80211_M_STA)
+		sr->sr_flags &= ~IEEE80211_IOC_SCAN_BGSCAN;
+
 	/*
 	 * Add an implicit NOPICK if the vap is not marked UP.  This
 	 * allows applications to scan without joining a bss (or picking
diff --git a/sys/net80211/ieee80211_scan.c b/sys/net80211/ieee80211_scan.c
index 04fee33f48f1..e5bd8d76b260 100644
--- a/sys/net80211/ieee80211_scan.c
+++ b/sys/net80211/ieee80211_scan.c
@@ -428,6 +428,19 @@ ieee80211_bg_scan(struct ieee80211vap *vap, int flags)
 
 	// IEEE80211_UNLOCK_ASSERT(sc);
 
+	/*
+	 * If the driver has not announced BGSCAN capabilities
+	 * or BGSCAN is disabled do not attempt to start a bg_scan.
+	 * IEEE80211_F_BGSCAN only gets set if IEEE80211_C_BGSCAN
+	 * was set by the driver, so no need to check for both here.
+	 */
+	if ((vap->iv_flags & IEEE80211_F_BGSCAN) == 0) {
+		IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN,
+		    "%s: BGSCAN not enabled; not starting bg_scan\n",
+		    __func__);
+		return (0);
+	}
+
 	scan = ieee80211_scanner_get(vap->iv_opmode);
 	if (scan == NULL) {
 		IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN,
diff --git a/sys/net80211/ieee80211_scan_sw.c b/sys/net80211/ieee80211_scan_sw.c
index e1d6b2779cf0..c85bdcd5f78b 100644
--- a/sys/net80211/ieee80211_scan_sw.c
+++ b/sys/net80211/ieee80211_scan_sw.c
@@ -201,7 +201,9 @@ ieee80211_swscan_start_scan_locked(const struct ieee80211_scanner *scan,
 				vap->iv_stats.is_scan_passive++;
 			if (flags & IEEE80211_SCAN_FLUSH)
 				ss->ss_ops->scan_flush(ss);
-			if (flags & IEEE80211_SCAN_BGSCAN)
+			/* Only BGSCAN if enabled and requested. */
+			if ((vap->iv_flags & IEEE80211_F_BGSCAN) != 0 &&
+			    (flags & IEEE80211_SCAN_BGSCAN) != 0)
 				ic->ic_flags_ext |= IEEE80211_FEXT_BGSCAN;
 
 			/* Set duration for this particular scan */
@@ -339,6 +341,10 @@ ieee80211_swscan_bg_scan(const struct ieee80211_scanner *scan,
 	// IEEE80211_UNLOCK_ASSERT(ic);
 
 	IEEE80211_LOCK(ic);
+	KASSERT((vap->iv_flags & IEEE80211_F_BGSCAN) != 0,
+	    ("%s: vap %p iv_flags %#010x no IEEE80211_F_BGSCAN set",
+	    __func__, vap, vap->iv_flags));
+
 	scanning = ic->ic_flags & IEEE80211_F_SCAN;
 	if (!scanning) {
 		u_int duration;