1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * MLO link handling
4 *
5 * Copyright (C) 2022-2025 Intel Corporation
6 */
7 #include <linux/slab.h>
8 #include <linux/kernel.h>
9 #include <net/mac80211.h>
10 #include "ieee80211_i.h"
11 #include "driver-ops.h"
12 #include "key.h"
13 #include "debugfs_netdev.h"
14
ieee80211_update_apvlan_links(struct ieee80211_sub_if_data * sdata)15 static void ieee80211_update_apvlan_links(struct ieee80211_sub_if_data *sdata)
16 {
17 struct ieee80211_sub_if_data *vlan;
18 struct ieee80211_link_data *link;
19 u16 ap_bss_links = sdata->vif.valid_links;
20 u16 new_links, vlan_links;
21 unsigned long add;
22
23 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) {
24 int link_id;
25
26 if (!vlan)
27 continue;
28
29 /* No support for 4addr with MLO yet */
30 if (vlan->wdev.use_4addr)
31 return;
32
33 vlan_links = vlan->vif.valid_links;
34
35 new_links = ap_bss_links;
36
37 add = new_links & ~vlan_links;
38 if (!add)
39 continue;
40
41 ieee80211_vif_set_links(vlan, add, 0);
42
43 for_each_set_bit(link_id, &add, IEEE80211_MLD_MAX_NUM_LINKS) {
44 link = sdata_dereference(vlan->link[link_id], vlan);
45 ieee80211_link_vlan_copy_chanctx(link);
46 }
47 }
48 }
49
ieee80211_apvlan_link_setup(struct ieee80211_sub_if_data * sdata)50 void ieee80211_apvlan_link_setup(struct ieee80211_sub_if_data *sdata)
51 {
52 struct ieee80211_sub_if_data *ap_bss = container_of(sdata->bss,
53 struct ieee80211_sub_if_data, u.ap);
54 u16 new_links = ap_bss->vif.valid_links;
55 unsigned long add;
56 int link_id;
57
58 if (!ap_bss->vif.valid_links)
59 return;
60
61 add = new_links;
62 for_each_set_bit(link_id, &add, IEEE80211_MLD_MAX_NUM_LINKS) {
63 sdata->wdev.valid_links |= BIT(link_id);
64 ether_addr_copy(sdata->wdev.links[link_id].addr,
65 ap_bss->wdev.links[link_id].addr);
66 }
67
68 ieee80211_vif_set_links(sdata, new_links, 0);
69 }
70
ieee80211_apvlan_link_clear(struct ieee80211_sub_if_data * sdata)71 void ieee80211_apvlan_link_clear(struct ieee80211_sub_if_data *sdata)
72 {
73 if (!sdata->wdev.valid_links)
74 return;
75
76 sdata->wdev.valid_links = 0;
77 ieee80211_vif_clear_links(sdata);
78 }
79
ieee80211_link_setup(struct ieee80211_link_data * link)80 void ieee80211_link_setup(struct ieee80211_link_data *link)
81 {
82 if (link->sdata->vif.type == NL80211_IFTYPE_STATION)
83 ieee80211_mgd_setup_link(link);
84 }
85
ieee80211_link_init(struct ieee80211_sub_if_data * sdata,int link_id,struct ieee80211_link_data * link,struct ieee80211_bss_conf * link_conf)86 void ieee80211_link_init(struct ieee80211_sub_if_data *sdata,
87 int link_id,
88 struct ieee80211_link_data *link,
89 struct ieee80211_bss_conf *link_conf)
90 {
91 bool deflink = link_id < 0;
92
93 if (link_id < 0)
94 link_id = 0;
95
96 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
97 struct ieee80211_sub_if_data *ap_bss;
98 struct ieee80211_bss_conf *ap_bss_conf;
99
100 ap_bss = container_of(sdata->bss,
101 struct ieee80211_sub_if_data, u.ap);
102 ap_bss_conf = sdata_dereference(ap_bss->vif.link_conf[link_id],
103 ap_bss);
104 memcpy(link_conf, ap_bss_conf, sizeof(*link_conf));
105 }
106
107 link->sdata = sdata;
108 link->link_id = link_id;
109 link->conf = link_conf;
110 link_conf->link_id = link_id;
111 link_conf->vif = &sdata->vif;
112
113 wiphy_work_init(&link->csa.finalize_work,
114 ieee80211_csa_finalize_work);
115 wiphy_work_init(&link->color_change_finalize_work,
116 ieee80211_color_change_finalize_work);
117 wiphy_delayed_work_init(&link->color_collision_detect_work,
118 ieee80211_color_collision_detection_work);
119 INIT_LIST_HEAD(&link->assigned_chanctx_list);
120 INIT_LIST_HEAD(&link->reserved_chanctx_list);
121 wiphy_delayed_work_init(&link->dfs_cac_timer_work,
122 ieee80211_dfs_cac_timer_work);
123
124 if (!deflink) {
125 switch (sdata->vif.type) {
126 case NL80211_IFTYPE_AP:
127 case NL80211_IFTYPE_AP_VLAN:
128 ether_addr_copy(link_conf->addr,
129 sdata->wdev.links[link_id].addr);
130 link_conf->bssid = link_conf->addr;
131 WARN_ON(!(sdata->wdev.valid_links & BIT(link_id)));
132 break;
133 case NL80211_IFTYPE_STATION:
134 /* station sets the bssid in ieee80211_mgd_setup_link */
135 break;
136 default:
137 WARN_ON(1);
138 }
139
140 ieee80211_link_debugfs_add(link);
141 }
142
143 rcu_assign_pointer(sdata->vif.link_conf[link_id], link_conf);
144 rcu_assign_pointer(sdata->link[link_id], link);
145 }
146
ieee80211_link_stop(struct ieee80211_link_data * link)147 void ieee80211_link_stop(struct ieee80211_link_data *link)
148 {
149 if (link->sdata->vif.type == NL80211_IFTYPE_STATION)
150 ieee80211_mgd_stop_link(link);
151
152 wiphy_delayed_work_cancel(link->sdata->local->hw.wiphy,
153 &link->color_collision_detect_work);
154 wiphy_work_cancel(link->sdata->local->hw.wiphy,
155 &link->color_change_finalize_work);
156 wiphy_work_cancel(link->sdata->local->hw.wiphy,
157 &link->csa.finalize_work);
158
159 if (link->sdata->wdev.links[link->link_id].cac_started) {
160 wiphy_delayed_work_cancel(link->sdata->local->hw.wiphy,
161 &link->dfs_cac_timer_work);
162 cfg80211_cac_event(link->sdata->dev,
163 &link->conf->chanreq.oper,
164 NL80211_RADAR_CAC_ABORTED,
165 GFP_KERNEL, link->link_id);
166 }
167
168 ieee80211_link_release_channel(link);
169 }
170
171 struct link_container {
172 struct ieee80211_link_data data;
173 struct ieee80211_bss_conf conf;
174 };
175
ieee80211_tear_down_links(struct ieee80211_sub_if_data * sdata,struct link_container ** links,u16 mask)176 static void ieee80211_tear_down_links(struct ieee80211_sub_if_data *sdata,
177 struct link_container **links, u16 mask)
178 {
179 struct ieee80211_link_data *link;
180 LIST_HEAD(keys);
181 unsigned int link_id;
182
183 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
184 if (!(mask & BIT(link_id)))
185 continue;
186 link = &links[link_id]->data;
187 if (link_id == 0 && !link)
188 link = &sdata->deflink;
189 if (WARN_ON(!link))
190 continue;
191 ieee80211_remove_link_keys(link, &keys);
192 ieee80211_link_debugfs_remove(link);
193 ieee80211_link_stop(link);
194 }
195
196 synchronize_rcu();
197
198 ieee80211_free_key_list(sdata->local, &keys);
199 }
200
ieee80211_free_links(struct ieee80211_sub_if_data * sdata,struct link_container ** links)201 static void ieee80211_free_links(struct ieee80211_sub_if_data *sdata,
202 struct link_container **links)
203 {
204 unsigned int link_id;
205
206 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++)
207 kfree(links[link_id]);
208 }
209
ieee80211_check_dup_link_addrs(struct ieee80211_sub_if_data * sdata)210 static int ieee80211_check_dup_link_addrs(struct ieee80211_sub_if_data *sdata)
211 {
212 unsigned int i, j;
213
214 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++) {
215 struct ieee80211_link_data *link1;
216
217 link1 = sdata_dereference(sdata->link[i], sdata);
218 if (!link1)
219 continue;
220 for (j = i + 1; j < IEEE80211_MLD_MAX_NUM_LINKS; j++) {
221 struct ieee80211_link_data *link2;
222
223 link2 = sdata_dereference(sdata->link[j], sdata);
224 if (!link2)
225 continue;
226
227 if (ether_addr_equal(link1->conf->addr,
228 link2->conf->addr))
229 return -EALREADY;
230 }
231 }
232
233 return 0;
234 }
235
ieee80211_set_vif_links_bitmaps(struct ieee80211_sub_if_data * sdata,u16 valid_links,u16 dormant_links)236 static void ieee80211_set_vif_links_bitmaps(struct ieee80211_sub_if_data *sdata,
237 u16 valid_links, u16 dormant_links)
238 {
239 sdata->vif.valid_links = valid_links;
240 sdata->vif.dormant_links = dormant_links;
241
242 if (!valid_links ||
243 WARN((~valid_links & dormant_links) ||
244 !(valid_links & ~dormant_links),
245 "Invalid links: valid=0x%x, dormant=0x%x",
246 valid_links, dormant_links)) {
247 sdata->vif.active_links = 0;
248 sdata->vif.dormant_links = 0;
249 return;
250 }
251
252 switch (sdata->vif.type) {
253 case NL80211_IFTYPE_AP:
254 case NL80211_IFTYPE_AP_VLAN:
255 /* in an AP all links are always active */
256 sdata->vif.active_links = valid_links;
257
258 /* AP links are not expected to be disabled */
259 WARN_ON(dormant_links);
260 break;
261 case NL80211_IFTYPE_STATION:
262 if (sdata->vif.active_links)
263 break;
264 sdata->vif.active_links = valid_links & ~dormant_links;
265 WARN_ON(hweight16(sdata->vif.active_links) > 1);
266 break;
267 default:
268 WARN_ON(1);
269 }
270 }
271
ieee80211_vif_update_links(struct ieee80211_sub_if_data * sdata,struct link_container ** to_free,u16 new_links,u16 dormant_links)272 static int ieee80211_vif_update_links(struct ieee80211_sub_if_data *sdata,
273 struct link_container **to_free,
274 u16 new_links, u16 dormant_links)
275 {
276 u16 old_links = sdata->vif.valid_links;
277 u16 old_active = sdata->vif.active_links;
278 unsigned long add = new_links & ~old_links;
279 unsigned long rem = old_links & ~new_links;
280 unsigned int link_id;
281 int ret;
282 struct link_container *links[IEEE80211_MLD_MAX_NUM_LINKS] = {}, *link;
283 struct ieee80211_bss_conf *old[IEEE80211_MLD_MAX_NUM_LINKS];
284 struct ieee80211_link_data *old_data[IEEE80211_MLD_MAX_NUM_LINKS];
285 bool use_deflink = old_links == 0; /* set for error case */
286
287 lockdep_assert_wiphy(sdata->local->hw.wiphy);
288
289 memset(to_free, 0, sizeof(links));
290
291 if (old_links == new_links && dormant_links == sdata->vif.dormant_links)
292 return 0;
293
294 /* if there were no old links, need to clear the pointers to deflink */
295 if (!old_links)
296 rem |= BIT(0);
297
298 /* allocate new link structures first */
299 for_each_set_bit(link_id, &add, IEEE80211_MLD_MAX_NUM_LINKS) {
300 link = kzalloc(sizeof(*link), GFP_KERNEL);
301 if (!link) {
302 ret = -ENOMEM;
303 goto free;
304 }
305 links[link_id] = link;
306 }
307
308 /* keep track of the old pointers for the driver */
309 BUILD_BUG_ON(sizeof(old) != sizeof(sdata->vif.link_conf));
310 memcpy(old, sdata->vif.link_conf, sizeof(old));
311 /* and for us in error cases */
312 BUILD_BUG_ON(sizeof(old_data) != sizeof(sdata->link));
313 memcpy(old_data, sdata->link, sizeof(old_data));
314
315 /* grab old links to free later */
316 for_each_set_bit(link_id, &rem, IEEE80211_MLD_MAX_NUM_LINKS) {
317 if (rcu_access_pointer(sdata->link[link_id]) != &sdata->deflink) {
318 /*
319 * we must have allocated the data through this path so
320 * we know we can free both at the same time
321 */
322 to_free[link_id] = container_of(rcu_access_pointer(sdata->link[link_id]),
323 typeof(*links[link_id]),
324 data);
325 }
326
327 RCU_INIT_POINTER(sdata->link[link_id], NULL);
328 RCU_INIT_POINTER(sdata->vif.link_conf[link_id], NULL);
329 }
330
331 if (!old_links)
332 ieee80211_debugfs_recreate_netdev(sdata, true);
333
334 /* link them into data structures */
335 for_each_set_bit(link_id, &add, IEEE80211_MLD_MAX_NUM_LINKS) {
336 WARN_ON(!use_deflink &&
337 rcu_access_pointer(sdata->link[link_id]) == &sdata->deflink);
338
339 link = links[link_id];
340 ieee80211_link_init(sdata, link_id, &link->data, &link->conf);
341 ieee80211_link_setup(&link->data);
342 }
343
344 if (new_links == 0)
345 ieee80211_link_init(sdata, -1, &sdata->deflink,
346 &sdata->vif.bss_conf);
347
348 ret = ieee80211_check_dup_link_addrs(sdata);
349 if (!ret) {
350 /* for keys we will not be able to undo this */
351 ieee80211_tear_down_links(sdata, to_free, rem);
352
353 ieee80211_set_vif_links_bitmaps(sdata, new_links, dormant_links);
354
355 /* tell the driver */
356 if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN)
357 ret = drv_change_vif_links(sdata->local, sdata,
358 old_links & old_active,
359 new_links & sdata->vif.active_links,
360 old);
361 if (!new_links)
362 ieee80211_debugfs_recreate_netdev(sdata, false);
363
364 if (sdata->vif.type == NL80211_IFTYPE_AP)
365 ieee80211_update_apvlan_links(sdata);
366 }
367
368 /*
369 * Ignore errors if we are only removing links as removal should
370 * always succeed
371 */
372 if (!new_links)
373 ret = 0;
374
375 if (ret) {
376 /* restore config */
377 memcpy(sdata->link, old_data, sizeof(old_data));
378 memcpy(sdata->vif.link_conf, old, sizeof(old));
379 ieee80211_set_vif_links_bitmaps(sdata, old_links, dormant_links);
380 /* and free (only) the newly allocated links */
381 memset(to_free, 0, sizeof(links));
382 goto free;
383 }
384
385 /* use deflink/bss_conf again if and only if there are no more links */
386 use_deflink = new_links == 0;
387
388 goto deinit;
389 free:
390 /* if we failed during allocation, only free all */
391 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
392 kfree(links[link_id]);
393 links[link_id] = NULL;
394 }
395 deinit:
396 if (use_deflink)
397 ieee80211_link_init(sdata, -1, &sdata->deflink,
398 &sdata->vif.bss_conf);
399 return ret;
400 }
401
ieee80211_vif_set_links(struct ieee80211_sub_if_data * sdata,u16 new_links,u16 dormant_links)402 int ieee80211_vif_set_links(struct ieee80211_sub_if_data *sdata,
403 u16 new_links, u16 dormant_links)
404 {
405 struct link_container *links[IEEE80211_MLD_MAX_NUM_LINKS];
406 int ret;
407
408 ret = ieee80211_vif_update_links(sdata, links, new_links,
409 dormant_links);
410 ieee80211_free_links(sdata, links);
411
412 return ret;
413 }
414
_ieee80211_set_active_links(struct ieee80211_sub_if_data * sdata,u16 active_links)415 static int _ieee80211_set_active_links(struct ieee80211_sub_if_data *sdata,
416 u16 active_links)
417 {
418 struct ieee80211_bss_conf *link_confs[IEEE80211_MLD_MAX_NUM_LINKS];
419 struct ieee80211_local *local = sdata->local;
420 u16 old_active = sdata->vif.active_links;
421 unsigned long rem = old_active & ~active_links;
422 unsigned long add = active_links & ~old_active;
423 struct sta_info *sta;
424 unsigned int link_id;
425 int ret, i;
426
427 if (!ieee80211_sdata_running(sdata))
428 return -ENETDOWN;
429
430 if (sdata->vif.type != NL80211_IFTYPE_STATION)
431 return -EINVAL;
432
433 if (active_links & ~ieee80211_vif_usable_links(&sdata->vif))
434 return -EINVAL;
435
436 /* nothing to do */
437 if (old_active == active_links)
438 return 0;
439
440 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++)
441 link_confs[i] = sdata_dereference(sdata->vif.link_conf[i],
442 sdata);
443
444 if (add) {
445 sdata->vif.active_links |= active_links;
446 ret = drv_change_vif_links(local, sdata,
447 old_active,
448 sdata->vif.active_links,
449 link_confs);
450 if (ret) {
451 sdata->vif.active_links = old_active;
452 return ret;
453 }
454 }
455
456 for_each_set_bit(link_id, &rem, IEEE80211_MLD_MAX_NUM_LINKS) {
457 struct ieee80211_link_data *link;
458
459 link = sdata_dereference(sdata->link[link_id], sdata);
460
461 ieee80211_teardown_tdls_peers(link);
462
463 __ieee80211_link_release_channel(link, true);
464
465 /*
466 * If CSA is (still) active while the link is deactivated,
467 * just schedule the channel switch work for the time we
468 * had previously calculated, and we'll take the process
469 * from there.
470 */
471 if (link->conf->csa_active)
472 wiphy_delayed_work_queue(local->hw.wiphy,
473 &link->u.mgd.csa.switch_work,
474 link->u.mgd.csa.time -
475 jiffies);
476 }
477
478 list_for_each_entry(sta, &local->sta_list, list) {
479 if (sdata != sta->sdata)
480 continue;
481
482 /* this is very temporary, but do it anyway */
483 __ieee80211_sta_recalc_aggregates(sta,
484 old_active | active_links);
485
486 ret = drv_change_sta_links(local, sdata, &sta->sta,
487 old_active,
488 old_active | active_links);
489 WARN_ON_ONCE(ret);
490 }
491
492 ret = ieee80211_key_switch_links(sdata, rem, add);
493 WARN_ON_ONCE(ret);
494
495 list_for_each_entry(sta, &local->sta_list, list) {
496 if (sdata != sta->sdata)
497 continue;
498
499 __ieee80211_sta_recalc_aggregates(sta, active_links);
500
501 ret = drv_change_sta_links(local, sdata, &sta->sta,
502 old_active | active_links,
503 active_links);
504 WARN_ON_ONCE(ret);
505
506 /*
507 * Do it again, just in case - the driver might very
508 * well have called ieee80211_sta_recalc_aggregates()
509 * from there when filling in the new links, which
510 * would set it wrong since the vif's active links are
511 * not switched yet...
512 */
513 __ieee80211_sta_recalc_aggregates(sta, active_links);
514 }
515
516 for_each_set_bit(link_id, &add, IEEE80211_MLD_MAX_NUM_LINKS) {
517 struct ieee80211_link_data *link;
518
519 link = sdata_dereference(sdata->link[link_id], sdata);
520
521 /*
522 * This call really should not fail. Unfortunately, it appears
523 * that this may happen occasionally with some drivers. Should
524 * it happen, we are stuck in a bad place as going backwards is
525 * not really feasible.
526 *
527 * So lets just tell link_use_channel that it must not fail to
528 * assign the channel context (from mac80211's perspective) and
529 * assume the driver is going to trigger a recovery flow if it
530 * had a failure.
531 * That really is not great nor guaranteed to work. But at least
532 * the internal mac80211 state remains consistent and there is
533 * a chance that we can recover.
534 */
535 ret = _ieee80211_link_use_channel(link,
536 &link->conf->chanreq,
537 IEEE80211_CHANCTX_SHARED,
538 true);
539 WARN_ON_ONCE(ret);
540
541 ieee80211_mgd_set_link_qos_params(link);
542 ieee80211_link_info_change_notify(sdata, link,
543 BSS_CHANGED_ERP_CTS_PROT |
544 BSS_CHANGED_ERP_PREAMBLE |
545 BSS_CHANGED_ERP_SLOT |
546 BSS_CHANGED_HT |
547 BSS_CHANGED_BASIC_RATES |
548 BSS_CHANGED_BSSID |
549 BSS_CHANGED_CQM |
550 BSS_CHANGED_QOS |
551 BSS_CHANGED_TXPOWER |
552 BSS_CHANGED_BANDWIDTH |
553 BSS_CHANGED_TWT |
554 BSS_CHANGED_HE_OBSS_PD |
555 BSS_CHANGED_HE_BSS_COLOR);
556 }
557
558 old_active = sdata->vif.active_links;
559 sdata->vif.active_links = active_links;
560
561 if (rem) {
562 ret = drv_change_vif_links(local, sdata, old_active,
563 active_links, link_confs);
564 WARN_ON_ONCE(ret);
565 }
566
567 return 0;
568 }
569
ieee80211_set_active_links(struct ieee80211_vif * vif,u16 active_links)570 int ieee80211_set_active_links(struct ieee80211_vif *vif, u16 active_links)
571 {
572 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
573 struct ieee80211_local *local = sdata->local;
574 u16 old_active;
575 int ret;
576
577 lockdep_assert_wiphy(local->hw.wiphy);
578
579 if (WARN_ON(!active_links))
580 return -EINVAL;
581
582 old_active = sdata->vif.active_links;
583 if (old_active == active_links)
584 return 0;
585
586 if (!drv_can_activate_links(local, sdata, active_links))
587 return -EINVAL;
588
589 if (old_active & active_links) {
590 /*
591 * if there's at least one link that stays active across
592 * the change then switch to it (to those) first, and
593 * then enable the additional links
594 */
595 ret = _ieee80211_set_active_links(sdata,
596 old_active & active_links);
597 if (!ret)
598 ret = _ieee80211_set_active_links(sdata, active_links);
599 } else {
600 /* otherwise switch directly */
601 ret = _ieee80211_set_active_links(sdata, active_links);
602 }
603
604 return ret;
605 }
606 EXPORT_SYMBOL_GPL(ieee80211_set_active_links);
607
ieee80211_set_active_links_async(struct ieee80211_vif * vif,u16 active_links)608 void ieee80211_set_active_links_async(struct ieee80211_vif *vif,
609 u16 active_links)
610 {
611 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
612
613 if (WARN_ON(!active_links))
614 return;
615
616 if (!ieee80211_sdata_running(sdata))
617 return;
618
619 if (sdata->vif.type != NL80211_IFTYPE_STATION)
620 return;
621
622 if (active_links & ~ieee80211_vif_usable_links(&sdata->vif))
623 return;
624
625 /* nothing to do */
626 if (sdata->vif.active_links == active_links)
627 return;
628
629 sdata->desired_active_links = active_links;
630 wiphy_work_queue(sdata->local->hw.wiphy, &sdata->activate_links_work);
631 }
632 EXPORT_SYMBOL_GPL(ieee80211_set_active_links_async);
633