From 7b8517d1974fa728e07dabcbd788c6ef6a8a96dd Mon Sep 17 00:00:00 2001 From: Nicolas Escande Date: Fri, 26 Apr 2024 14:35:53 +0200 Subject: [PATCH] nl80211: Fix AP scan with STA fallback error path I've run into a case where I can bring a 2.4 GHz AP up without it being in a bridge while I used the 'bridge=' config option. This happens when the HT scan needed for 40 MHz operation failed to start from the get go because another dev on the same phy was already in a scan. At the end the AP is up and running but not added into any bridge. Upon looking at the code, it seems that some hardware fails to issue a scan while in AP and thus we have a fallback that switches the interface from AP to STA before retrying another scan (it will change it back to AP later on when finished). As we cannot have a (non-WDS) STA in a bridge, during that procedure, we also remove/add the AP/STA from/to the bridge as needed. However, in wpa_driver_nl80211_scan() we do not set drv->ap_scan_as_station until the end of the switch-to-sta & retry-scan-start block. This means that when the recursive call to wpa_driver_nl80211_scan() fails (the hardware is busy in my case) we restore the interface to AP with wpa_driver_nl80211_set_mode() but that will not add it back to the bridge. Problem. To fix this lets always set drv->ap_scan_as_station before calling wpa_driver_nl80211_set_mode(). In case wpa_driver_nl80211_set_mode() or wpa_driver_nl80211_scan() fails lets call nl80211_restore_ap_mode() that will set the mode back to AP but also handle the bridge thing as needed. Signed-off-by: Nicolas Escande --- src/drivers/driver_nl80211_scan.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/src/drivers/driver_nl80211_scan.c b/src/drivers/driver_nl80211_scan.c index 1eb437405..b055e684a 100644 --- a/src/drivers/driver_nl80211_scan.c +++ b/src/drivers/driver_nl80211_scan.c @@ -402,23 +402,18 @@ int wpa_driver_nl80211_scan(struct i802_bss *bss, wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d " "(%s)", ret, strerror(-ret)); if (drv->hostapd && is_ap_interface(drv->nlmode)) { - enum nl80211_iftype old_mode = drv->nlmode; - /* * mac80211 does not allow scan requests in AP mode, so * try to do this in station mode. */ + drv->ap_scan_as_station = drv->nlmode; if (wpa_driver_nl80211_set_mode( - bss, NL80211_IFTYPE_STATION)) - goto fail; - - if (wpa_driver_nl80211_scan(bss, params)) { - wpa_driver_nl80211_set_mode(bss, old_mode); + bss, NL80211_IFTYPE_STATION) || + wpa_driver_nl80211_scan(bss, params)) { + nl80211_restore_ap_mode(bss); goto fail; } - /* Restore AP mode when processing scan results */ - drv->ap_scan_as_station = old_mode; ret = 0; } else goto fail;