1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * MLO link handling
4 *
5 * Copyright (C) 2022-2025 Intel Corporation
6 */
7 #include <linux/slab.h>
8 #include <linux/kernel.h>
9 #include <net/mac80211.h>
10 #include "ieee80211_i.h"
11 #include "driver-ops.h"
12 #include "key.h"
13 #include "debugfs_netdev.h"
14
ieee80211_update_apvlan_links(struct ieee80211_sub_if_data * sdata)15 static void ieee80211_update_apvlan_links(struct ieee80211_sub_if_data *sdata)
16 {
17 struct ieee80211_sub_if_data *vlan;
18 struct ieee80211_link_data *link;
19 u16 ap_bss_links = sdata->vif.valid_links;
20 u16 new_links, vlan_links;
21 unsigned long add;
22
23 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) {
24 int link_id;
25
26 if (!vlan)
27 continue;
28
29 /* No support for 4addr with MLO yet */
30 if (vlan->wdev.use_4addr)
31 return;
32
33 vlan_links = vlan->vif.valid_links;
34
35 new_links = ap_bss_links;
36
37 add = new_links & ~vlan_links;
38 if (!add)
39 continue;
40
41 ieee80211_vif_set_links(vlan, add, 0);
42
43 for_each_set_bit(link_id, &add, IEEE80211_MLD_MAX_NUM_LINKS) {
44 link = sdata_dereference(vlan->link[link_id], vlan);
45 ieee80211_link_vlan_copy_chanctx(link);
46 }
47 }
48 }
49
ieee80211_apvlan_link_setup(struct ieee80211_sub_if_data * sdata)50 void ieee80211_apvlan_link_setup(struct ieee80211_sub_if_data *sdata)
51 {
52 struct ieee80211_sub_if_data *ap_bss = container_of(sdata->bss,
53 struct ieee80211_sub_if_data, u.ap);
54 u16 new_links = ap_bss->vif.valid_links;
55 unsigned long add;
56 int link_id;
57
58 if (!ap_bss->vif.valid_links)
59 return;
60
61 add = new_links;
62 for_each_set_bit(link_id, &add, IEEE80211_MLD_MAX_NUM_LINKS) {
63 sdata->wdev.valid_links |= BIT(link_id);
64 ether_addr_copy(sdata->wdev.links[link_id].addr,
65 ap_bss->wdev.links[link_id].addr);
66 }
67
68 ieee80211_vif_set_links(sdata, new_links, 0);
69 }
70
ieee80211_apvlan_link_clear(struct ieee80211_sub_if_data * sdata)71 void ieee80211_apvlan_link_clear(struct ieee80211_sub_if_data *sdata)
72 {
73 if (!sdata->wdev.valid_links)
74 return;
75
76 sdata->wdev.valid_links = 0;
77 ieee80211_vif_clear_links(sdata);
78 }
79
ieee80211_link_setup(struct ieee80211_link_data * link)80 void ieee80211_link_setup(struct ieee80211_link_data *link)
81 {
82 if (link->sdata->vif.type == NL80211_IFTYPE_STATION)
83 ieee80211_mgd_setup_link(link);
84 }
85
ieee80211_link_init(struct ieee80211_sub_if_data * sdata,int link_id,struct ieee80211_link_data * link,struct ieee80211_bss_conf * link_conf)86 void ieee80211_link_init(struct ieee80211_sub_if_data *sdata,
87 int link_id,
88 struct ieee80211_link_data *link,
89 struct ieee80211_bss_conf *link_conf)
90 {
91 bool deflink = link_id < 0;
92
93 if (link_id < 0)
94 link_id = 0;
95
96 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
97 struct ieee80211_sub_if_data *ap_bss;
98 struct ieee80211_bss_conf *ap_bss_conf;
99
100 ap_bss = container_of(sdata->bss,
101 struct ieee80211_sub_if_data, u.ap);
102 ap_bss_conf = sdata_dereference(ap_bss->vif.link_conf[link_id],
103 ap_bss);
104 memcpy(link_conf, ap_bss_conf, sizeof(*link_conf));
105 }
106
107 link->sdata = sdata;
108 link->link_id = link_id;
109 link->conf = link_conf;
110 link_conf->link_id = link_id;
111 link_conf->vif = &sdata->vif;
112 link->ap_power_level = IEEE80211_UNSET_POWER_LEVEL;
113 link->user_power_level = sdata->local->user_power_level;
114 link_conf->txpower = INT_MIN;
115
116 wiphy_work_init(&link->csa.finalize_work,
117 ieee80211_csa_finalize_work);
118 wiphy_work_init(&link->color_change_finalize_work,
119 ieee80211_color_change_finalize_work);
120 wiphy_delayed_work_init(&link->color_collision_detect_work,
121 ieee80211_color_collision_detection_work);
122 INIT_LIST_HEAD(&link->assigned_chanctx_list);
123 INIT_LIST_HEAD(&link->reserved_chanctx_list);
124 wiphy_delayed_work_init(&link->dfs_cac_timer_work,
125 ieee80211_dfs_cac_timer_work);
126
127 if (!deflink) {
128 switch (sdata->vif.type) {
129 case NL80211_IFTYPE_AP:
130 case NL80211_IFTYPE_AP_VLAN:
131 ether_addr_copy(link_conf->addr,
132 sdata->wdev.links[link_id].addr);
133 link_conf->bssid = link_conf->addr;
134 WARN_ON(!(sdata->wdev.valid_links & BIT(link_id)));
135 break;
136 case NL80211_IFTYPE_STATION:
137 /* station sets the bssid in ieee80211_mgd_setup_link */
138 break;
139 default:
140 WARN_ON(1);
141 }
142
143 ieee80211_link_debugfs_add(link);
144 }
145
146 rcu_assign_pointer(sdata->vif.link_conf[link_id], link_conf);
147 rcu_assign_pointer(sdata->link[link_id], link);
148 }
149
ieee80211_link_stop(struct ieee80211_link_data * link)150 void ieee80211_link_stop(struct ieee80211_link_data *link)
151 {
152 if (link->sdata->vif.type == NL80211_IFTYPE_STATION)
153 ieee80211_mgd_stop_link(link);
154
155 wiphy_delayed_work_cancel(link->sdata->local->hw.wiphy,
156 &link->color_collision_detect_work);
157 wiphy_work_cancel(link->sdata->local->hw.wiphy,
158 &link->color_change_finalize_work);
159 wiphy_work_cancel(link->sdata->local->hw.wiphy,
160 &link->csa.finalize_work);
161
162 if (link->sdata->wdev.links[link->link_id].cac_started) {
163 wiphy_delayed_work_cancel(link->sdata->local->hw.wiphy,
164 &link->dfs_cac_timer_work);
165 cfg80211_cac_event(link->sdata->dev,
166 &link->conf->chanreq.oper,
167 NL80211_RADAR_CAC_ABORTED,
168 GFP_KERNEL, link->link_id);
169 }
170
171 ieee80211_link_release_channel(link);
172 }
173
174 struct link_container {
175 struct ieee80211_link_data data;
176 struct ieee80211_bss_conf conf;
177 };
178
ieee80211_tear_down_links(struct ieee80211_sub_if_data * sdata,struct link_container ** links,u16 mask)179 static void ieee80211_tear_down_links(struct ieee80211_sub_if_data *sdata,
180 struct link_container **links, u16 mask)
181 {
182 struct ieee80211_link_data *link;
183 LIST_HEAD(keys);
184 unsigned int link_id;
185
186 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
187 if (!(mask & BIT(link_id)))
188 continue;
189 link = &links[link_id]->data;
190 if (link_id == 0 && !link)
191 link = &sdata->deflink;
192 if (WARN_ON(!link))
193 continue;
194 ieee80211_remove_link_keys(link, &keys);
195 ieee80211_link_debugfs_remove(link);
196 ieee80211_link_stop(link);
197 }
198
199 synchronize_rcu();
200
201 ieee80211_free_key_list(sdata->local, &keys);
202 }
203
ieee80211_free_links(struct ieee80211_sub_if_data * sdata,struct link_container ** links)204 static void ieee80211_free_links(struct ieee80211_sub_if_data *sdata,
205 struct link_container **links)
206 {
207 unsigned int link_id;
208
209 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++)
210 kfree(links[link_id]);
211 }
212
ieee80211_check_dup_link_addrs(struct ieee80211_sub_if_data * sdata)213 static int ieee80211_check_dup_link_addrs(struct ieee80211_sub_if_data *sdata)
214 {
215 unsigned int i, j;
216
217 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++) {
218 struct ieee80211_link_data *link1;
219
220 link1 = sdata_dereference(sdata->link[i], sdata);
221 if (!link1)
222 continue;
223 for (j = i + 1; j < IEEE80211_MLD_MAX_NUM_LINKS; j++) {
224 struct ieee80211_link_data *link2;
225
226 link2 = sdata_dereference(sdata->link[j], sdata);
227 if (!link2)
228 continue;
229
230 if (ether_addr_equal(link1->conf->addr,
231 link2->conf->addr))
232 return -EALREADY;
233 }
234 }
235
236 return 0;
237 }
238
ieee80211_set_vif_links_bitmaps(struct ieee80211_sub_if_data * sdata,u16 valid_links,u16 dormant_links)239 static void ieee80211_set_vif_links_bitmaps(struct ieee80211_sub_if_data *sdata,
240 u16 valid_links, u16 dormant_links)
241 {
242 sdata->vif.valid_links = valid_links;
243 sdata->vif.dormant_links = dormant_links;
244
245 if (!valid_links ||
246 WARN((~valid_links & dormant_links) ||
247 !(valid_links & ~dormant_links),
248 "Invalid links: valid=0x%x, dormant=0x%x",
249 valid_links, dormant_links)) {
250 sdata->vif.active_links = 0;
251 sdata->vif.dormant_links = 0;
252 return;
253 }
254
255 switch (sdata->vif.type) {
256 case NL80211_IFTYPE_AP:
257 case NL80211_IFTYPE_AP_VLAN:
258 /* in an AP all links are always active */
259 sdata->vif.active_links = valid_links;
260
261 /* AP links are not expected to be disabled */
262 WARN_ON(dormant_links);
263 break;
264 case NL80211_IFTYPE_STATION:
265 if (sdata->vif.active_links)
266 break;
267 sdata->vif.active_links = valid_links & ~dormant_links;
268 WARN_ON(hweight16(sdata->vif.active_links) > 1);
269 break;
270 default:
271 WARN_ON(1);
272 }
273 }
274
ieee80211_vif_update_links(struct ieee80211_sub_if_data * sdata,struct link_container ** to_free,u16 new_links,u16 dormant_links)275 static int ieee80211_vif_update_links(struct ieee80211_sub_if_data *sdata,
276 struct link_container **to_free,
277 u16 new_links, u16 dormant_links)
278 {
279 u16 old_links = sdata->vif.valid_links;
280 u16 old_active = sdata->vif.active_links;
281 unsigned long add = new_links & ~old_links;
282 unsigned long rem = old_links & ~new_links;
283 unsigned int link_id;
284 int ret;
285 struct link_container *links[IEEE80211_MLD_MAX_NUM_LINKS] = {}, *link;
286 struct ieee80211_bss_conf *old[IEEE80211_MLD_MAX_NUM_LINKS];
287 struct ieee80211_link_data *old_data[IEEE80211_MLD_MAX_NUM_LINKS];
288 bool use_deflink = old_links == 0; /* set for error case */
289
290 lockdep_assert_wiphy(sdata->local->hw.wiphy);
291
292 memset(to_free, 0, sizeof(links));
293
294 if (old_links == new_links && dormant_links == sdata->vif.dormant_links)
295 return 0;
296
297 /* if there were no old links, need to clear the pointers to deflink */
298 if (!old_links)
299 rem |= BIT(0);
300
301 /* allocate new link structures first */
302 for_each_set_bit(link_id, &add, IEEE80211_MLD_MAX_NUM_LINKS) {
303 link = kzalloc(sizeof(*link), GFP_KERNEL);
304 if (!link) {
305 ret = -ENOMEM;
306 goto free;
307 }
308 links[link_id] = link;
309 }
310
311 /* keep track of the old pointers for the driver */
312 BUILD_BUG_ON(sizeof(old) != sizeof(sdata->vif.link_conf));
313 memcpy(old, sdata->vif.link_conf, sizeof(old));
314 /* and for us in error cases */
315 BUILD_BUG_ON(sizeof(old_data) != sizeof(sdata->link));
316 memcpy(old_data, sdata->link, sizeof(old_data));
317
318 /* grab old links to free later */
319 for_each_set_bit(link_id, &rem, IEEE80211_MLD_MAX_NUM_LINKS) {
320 if (rcu_access_pointer(sdata->link[link_id]) != &sdata->deflink) {
321 /*
322 * we must have allocated the data through this path so
323 * we know we can free both at the same time
324 */
325 to_free[link_id] = container_of(rcu_access_pointer(sdata->link[link_id]),
326 typeof(*links[link_id]),
327 data);
328 }
329
330 RCU_INIT_POINTER(sdata->link[link_id], NULL);
331 RCU_INIT_POINTER(sdata->vif.link_conf[link_id], NULL);
332 }
333
334 if (!old_links)
335 ieee80211_debugfs_recreate_netdev(sdata, true);
336
337 /* link them into data structures */
338 for_each_set_bit(link_id, &add, IEEE80211_MLD_MAX_NUM_LINKS) {
339 WARN_ON(!use_deflink &&
340 rcu_access_pointer(sdata->link[link_id]) == &sdata->deflink);
341
342 link = links[link_id];
343 ieee80211_link_init(sdata, link_id, &link->data, &link->conf);
344 ieee80211_link_setup(&link->data);
345 }
346
347 if (new_links == 0)
348 ieee80211_link_init(sdata, -1, &sdata->deflink,
349 &sdata->vif.bss_conf);
350
351 ret = ieee80211_check_dup_link_addrs(sdata);
352 if (!ret) {
353 /* for keys we will not be able to undo this */
354 ieee80211_tear_down_links(sdata, to_free, rem);
355
356 ieee80211_set_vif_links_bitmaps(sdata, new_links, dormant_links);
357
358 /* tell the driver */
359 if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN)
360 ret = drv_change_vif_links(sdata->local, sdata,
361 old_links & old_active,
362 new_links & sdata->vif.active_links,
363 old);
364 if (!new_links)
365 ieee80211_debugfs_recreate_netdev(sdata, false);
366
367 if (sdata->vif.type == NL80211_IFTYPE_AP)
368 ieee80211_update_apvlan_links(sdata);
369 }
370
371 /*
372 * Ignore errors if we are only removing links as removal should
373 * always succeed
374 */
375 if (!new_links)
376 ret = 0;
377
378 if (ret) {
379 /* restore config */
380 memcpy(sdata->link, old_data, sizeof(old_data));
381 memcpy(sdata->vif.link_conf, old, sizeof(old));
382 ieee80211_set_vif_links_bitmaps(sdata, old_links, dormant_links);
383 /* and free (only) the newly allocated links */
384 memset(to_free, 0, sizeof(links));
385 goto free;
386 }
387
388 /* use deflink/bss_conf again if and only if there are no more links */
389 use_deflink = new_links == 0;
390
391 goto deinit;
392 free:
393 /* if we failed during allocation, only free all */
394 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
395 kfree(links[link_id]);
396 links[link_id] = NULL;
397 }
398 deinit:
399 if (use_deflink)
400 ieee80211_link_init(sdata, -1, &sdata->deflink,
401 &sdata->vif.bss_conf);
402 return ret;
403 }
404
ieee80211_vif_set_links(struct ieee80211_sub_if_data * sdata,u16 new_links,u16 dormant_links)405 int ieee80211_vif_set_links(struct ieee80211_sub_if_data *sdata,
406 u16 new_links, u16 dormant_links)
407 {
408 struct link_container *links[IEEE80211_MLD_MAX_NUM_LINKS];
409 int ret;
410
411 ret = ieee80211_vif_update_links(sdata, links, new_links,
412 dormant_links);
413 ieee80211_free_links(sdata, links);
414
415 return ret;
416 }
417
_ieee80211_set_active_links(struct ieee80211_sub_if_data * sdata,u16 active_links)418 static int _ieee80211_set_active_links(struct ieee80211_sub_if_data *sdata,
419 u16 active_links)
420 {
421 struct ieee80211_bss_conf *link_confs[IEEE80211_MLD_MAX_NUM_LINKS];
422 struct ieee80211_local *local = sdata->local;
423 u16 old_active = sdata->vif.active_links;
424 unsigned long rem = old_active & ~active_links;
425 unsigned long add = active_links & ~old_active;
426 struct sta_info *sta;
427 unsigned int link_id;
428 int ret, i;
429
430 if (!ieee80211_sdata_running(sdata))
431 return -ENETDOWN;
432
433 if (sdata->vif.type != NL80211_IFTYPE_STATION)
434 return -EINVAL;
435
436 if (active_links & ~ieee80211_vif_usable_links(&sdata->vif))
437 return -EINVAL;
438
439 /* nothing to do */
440 if (old_active == active_links)
441 return 0;
442
443 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++)
444 link_confs[i] = sdata_dereference(sdata->vif.link_conf[i],
445 sdata);
446
447 if (add) {
448 sdata->vif.active_links |= active_links;
449 ret = drv_change_vif_links(local, sdata,
450 old_active,
451 sdata->vif.active_links,
452 link_confs);
453 if (ret) {
454 sdata->vif.active_links = old_active;
455 return ret;
456 }
457 }
458
459 for_each_set_bit(link_id, &rem, IEEE80211_MLD_MAX_NUM_LINKS) {
460 struct ieee80211_link_data *link;
461
462 link = sdata_dereference(sdata->link[link_id], sdata);
463
464 ieee80211_teardown_tdls_peers(link);
465
466 __ieee80211_link_release_channel(link, true);
467
468 /*
469 * If CSA is (still) active while the link is deactivated,
470 * just schedule the channel switch work for the time we
471 * had previously calculated, and we'll take the process
472 * from there.
473 */
474 if (link->conf->csa_active)
475 wiphy_delayed_work_queue(local->hw.wiphy,
476 &link->u.mgd.csa.switch_work,
477 link->u.mgd.csa.time -
478 jiffies);
479 }
480
481 for_each_set_bit(link_id, &add, IEEE80211_MLD_MAX_NUM_LINKS) {
482 struct ieee80211_link_data *link;
483
484 link = sdata_dereference(sdata->link[link_id], sdata);
485
486 /*
487 * This call really should not fail. Unfortunately, it appears
488 * that this may happen occasionally with some drivers. Should
489 * it happen, we are stuck in a bad place as going backwards is
490 * not really feasible.
491 *
492 * So lets just tell link_use_channel that it must not fail to
493 * assign the channel context (from mac80211's perspective) and
494 * assume the driver is going to trigger a recovery flow if it
495 * had a failure.
496 * That really is not great nor guaranteed to work. But at least
497 * the internal mac80211 state remains consistent and there is
498 * a chance that we can recover.
499 */
500 ret = _ieee80211_link_use_channel(link,
501 &link->conf->chanreq,
502 IEEE80211_CHANCTX_SHARED,
503 true);
504 WARN_ON_ONCE(ret);
505
506 /*
507 * inform about the link info changed parameters after all
508 * stations are also added
509 */
510 }
511
512 list_for_each_entry(sta, &local->sta_list, list) {
513 if (sdata != sta->sdata)
514 continue;
515
516 /* this is very temporary, but do it anyway */
517 __ieee80211_sta_recalc_aggregates(sta,
518 old_active | active_links);
519
520 ret = drv_change_sta_links(local, sdata, &sta->sta,
521 old_active,
522 old_active | active_links);
523 WARN_ON_ONCE(ret);
524 }
525
526 ret = ieee80211_key_switch_links(sdata, rem, add);
527 WARN_ON_ONCE(ret);
528
529 list_for_each_entry(sta, &local->sta_list, list) {
530 if (sdata != sta->sdata)
531 continue;
532
533 __ieee80211_sta_recalc_aggregates(sta, active_links);
534
535 ret = drv_change_sta_links(local, sdata, &sta->sta,
536 old_active | active_links,
537 active_links);
538 WARN_ON_ONCE(ret);
539
540 /*
541 * Do it again, just in case - the driver might very
542 * well have called ieee80211_sta_recalc_aggregates()
543 * from there when filling in the new links, which
544 * would set it wrong since the vif's active links are
545 * not switched yet...
546 */
547 __ieee80211_sta_recalc_aggregates(sta, active_links);
548 }
549
550 for_each_set_bit(link_id, &add, IEEE80211_MLD_MAX_NUM_LINKS) {
551 struct ieee80211_link_data *link;
552
553 link = sdata_dereference(sdata->link[link_id], sdata);
554
555 ieee80211_mgd_set_link_qos_params(link);
556 ieee80211_link_info_change_notify(sdata, link,
557 BSS_CHANGED_ERP_CTS_PROT |
558 BSS_CHANGED_ERP_PREAMBLE |
559 BSS_CHANGED_ERP_SLOT |
560 BSS_CHANGED_HT |
561 BSS_CHANGED_BASIC_RATES |
562 BSS_CHANGED_BSSID |
563 BSS_CHANGED_CQM |
564 BSS_CHANGED_QOS |
565 BSS_CHANGED_TXPOWER |
566 BSS_CHANGED_BANDWIDTH |
567 BSS_CHANGED_TWT |
568 BSS_CHANGED_HE_OBSS_PD |
569 BSS_CHANGED_HE_BSS_COLOR);
570 }
571
572 old_active = sdata->vif.active_links;
573 sdata->vif.active_links = active_links;
574
575 if (rem) {
576 ret = drv_change_vif_links(local, sdata, old_active,
577 active_links, link_confs);
578 WARN_ON_ONCE(ret);
579 }
580
581 return 0;
582 }
583
ieee80211_set_active_links(struct ieee80211_vif * vif,u16 active_links)584 int ieee80211_set_active_links(struct ieee80211_vif *vif, u16 active_links)
585 {
586 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
587 struct ieee80211_local *local = sdata->local;
588 u16 old_active;
589 int ret;
590
591 lockdep_assert_wiphy(local->hw.wiphy);
592
593 if (WARN_ON(!active_links))
594 return -EINVAL;
595
596 old_active = sdata->vif.active_links;
597 if (old_active == active_links)
598 return 0;
599
600 if (!drv_can_activate_links(local, sdata, active_links))
601 return -EINVAL;
602
603 if (old_active & active_links) {
604 /*
605 * if there's at least one link that stays active across
606 * the change then switch to it (to those) first, and
607 * then enable the additional links
608 */
609 ret = _ieee80211_set_active_links(sdata,
610 old_active & active_links);
611 if (!ret)
612 ret = _ieee80211_set_active_links(sdata, active_links);
613 } else {
614 /* otherwise switch directly */
615 ret = _ieee80211_set_active_links(sdata, active_links);
616 }
617
618 return ret;
619 }
620 EXPORT_SYMBOL_GPL(ieee80211_set_active_links);
621
ieee80211_set_active_links_async(struct ieee80211_vif * vif,u16 active_links)622 void ieee80211_set_active_links_async(struct ieee80211_vif *vif,
623 u16 active_links)
624 {
625 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
626
627 if (WARN_ON(!active_links))
628 return;
629
630 if (!ieee80211_sdata_running(sdata))
631 return;
632
633 if (sdata->vif.type != NL80211_IFTYPE_STATION)
634 return;
635
636 if (active_links & ~ieee80211_vif_usable_links(&sdata->vif))
637 return;
638
639 /* nothing to do */
640 if (sdata->vif.active_links == active_links)
641 return;
642
643 sdata->desired_active_links = active_links;
644 wiphy_work_queue(sdata->local->hw.wiphy, &sdata->activate_links_work);
645 }
646 EXPORT_SYMBOL_GPL(ieee80211_set_active_links_async);
647