[PATCH] nl80211: Remove probe_req registration before changing interface type

[Jouni Malinen]

On Mon, Aug 29, 2022 at 03:10:10AM +0000, Hector Jiang wrote:
> Changing interface type with the probe request registered will result
> in a failure to register it again on the new interface. So we need to
> unregister it before changing interface type.

Would you be able to provide more details on this and ideally also a
debug log showing the exact sequence of operations that results in the
issue?

> diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
> @@ -6804,6 +6804,9 @@ void nl80211_restore_ap_mode(struct i802_bss *bss)
>  int wpa_driver_nl80211_set_mode(struct i802_bss *bss,
>  				enum nl80211_iftype nlmode)
>  {
> +	if (bss->nl_preq)
> +		wpa_driver_nl80211_probe_req_report(bss, 0);
> +
>  	return wpa_driver_nl80211_set_mode_impl(bss, nlmode, NULL);
>  }

This feels problematic since there can be cases where
wpa_driver_nl80211_set_mode() is used to temporarily change the mode to
STA mode and then restore AP mode without re-registering operation. That
would not call wpa_driver_nl80211_probe_req_report(bss, 1) and as such,
this clearing of the functionality would remain in place. For example,
wpa_driver_nl80211_scan() has this type of a sequence to avoid a
mac80211 constraint for scanning in AP mode. This is probably not much
of an issue on its own since drv->device_ap_sme == 0 for mac80211 and
wpa_driver_nl80211_probe_req_report() is not used for it in AP mode
setup. However, it was not obvious that there could not be some other
cases that could impacted in the mode setting and Probe Request frame
setting are independent operations and they are used in quite a few
different cases.
 
-- 
Jouni Malinen                                            PGP id EFC895FA