1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * MLO link handling 4 * 5 * Copyright (C) 2022-2025 Intel Corporation 6 */ 7 #include <linux/slab.h> 8 #include <linux/kernel.h> 9 #include <net/mac80211.h> 10 #include "ieee80211_i.h" 11 #include "driver-ops.h" 12 #include "key.h" 13 #include "debugfs_netdev.h" 14 15 static void ieee80211_update_apvlan_links(struct ieee80211_sub_if_data *sdata) 16 { 17 struct ieee80211_sub_if_data *vlan; 18 struct ieee80211_link_data *link; 19 u16 ap_bss_links = sdata->vif.valid_links; 20 u16 new_links, vlan_links; 21 unsigned long add; 22 23 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) { 24 int link_id; 25 26 /* No support for 4addr with MLO yet */ 27 if (vlan->wdev.use_4addr) 28 return; 29 30 vlan_links = vlan->vif.valid_links; 31 32 new_links = ap_bss_links; 33 34 add = new_links & ~vlan_links; 35 if (!add) 36 continue; 37 38 ieee80211_vif_set_links(vlan, add, 0); 39 40 for_each_set_bit(link_id, &add, IEEE80211_MLD_MAX_NUM_LINKS) { 41 link = sdata_dereference(vlan->link[link_id], vlan); 42 ieee80211_link_vlan_copy_chanctx(link); 43 } 44 } 45 } 46 47 void ieee80211_apvlan_link_setup(struct ieee80211_sub_if_data *sdata) 48 { 49 struct ieee80211_sub_if_data *ap_bss = container_of(sdata->bss, 50 struct ieee80211_sub_if_data, u.ap); 51 u16 new_links = ap_bss->vif.valid_links; 52 unsigned long add; 53 int link_id; 54 55 if (!ap_bss->vif.valid_links) 56 return; 57 58 add = new_links; 59 for_each_set_bit(link_id, &add, IEEE80211_MLD_MAX_NUM_LINKS) { 60 sdata->wdev.valid_links |= BIT(link_id); 61 ether_addr_copy(sdata->wdev.links[link_id].addr, 62 ap_bss->wdev.links[link_id].addr); 63 } 64 65 ieee80211_vif_set_links(sdata, new_links, 0); 66 } 67 68 void ieee80211_apvlan_link_clear(struct ieee80211_sub_if_data *sdata) 69 { 70 if (!sdata->wdev.valid_links) 71 return; 72 73 sdata->wdev.valid_links = 0; 74 ieee80211_vif_clear_links(sdata); 75 } 76 77 void ieee80211_link_setup(struct ieee80211_link_data *link) 78 { 79 if (link->sdata->vif.type == NL80211_IFTYPE_STATION) 80 ieee80211_mgd_setup_link(link); 81 } 82 83 void ieee80211_link_init(struct ieee80211_sub_if_data *sdata, 84 int link_id, 85 struct ieee80211_link_data *link, 86 struct ieee80211_bss_conf *link_conf) 87 { 88 bool deflink = link_id < 0; 89 90 if (link_id < 0) 91 link_id = 0; 92 93 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) { 94 struct ieee80211_sub_if_data *ap_bss; 95 struct ieee80211_bss_conf *ap_bss_conf; 96 97 ap_bss = container_of(sdata->bss, 98 struct ieee80211_sub_if_data, u.ap); 99 ap_bss_conf = sdata_dereference(ap_bss->vif.link_conf[link_id], 100 ap_bss); 101 memcpy(link_conf, ap_bss_conf, sizeof(*link_conf)); 102 } 103 104 link->sdata = sdata; 105 link->link_id = link_id; 106 link->conf = link_conf; 107 link_conf->link_id = link_id; 108 link_conf->vif = &sdata->vif; 109 link->ap_power_level = IEEE80211_UNSET_POWER_LEVEL; 110 link->user_power_level = sdata->local->user_power_level; 111 link_conf->txpower = INT_MIN; 112 113 wiphy_work_init(&link->csa.finalize_work, 114 ieee80211_csa_finalize_work); 115 wiphy_work_init(&link->color_change_finalize_work, 116 ieee80211_color_change_finalize_work); 117 wiphy_delayed_work_init(&link->color_collision_detect_work, 118 ieee80211_color_collision_detection_work); 119 wiphy_hrtimer_work_init(&link->dfs_cac_timer_work, 120 ieee80211_dfs_cac_timer_work); 121 122 if (!deflink) { 123 switch (sdata->vif.type) { 124 case NL80211_IFTYPE_AP: 125 case NL80211_IFTYPE_AP_VLAN: 126 ether_addr_copy(link_conf->addr, 127 sdata->wdev.links[link_id].addr); 128 link_conf->bssid = link_conf->addr; 129 WARN_ON(!(sdata->wdev.valid_links & BIT(link_id))); 130 break; 131 case NL80211_IFTYPE_STATION: 132 /* station sets the bssid in ieee80211_mgd_setup_link */ 133 break; 134 default: 135 WARN_ON(1); 136 } 137 138 ieee80211_link_debugfs_add(link); 139 } 140 141 rcu_assign_pointer(sdata->vif.link_conf[link_id], link_conf); 142 rcu_assign_pointer(sdata->link[link_id], link); 143 } 144 145 void ieee80211_link_stop(struct ieee80211_link_data *link) 146 { 147 if (link->sdata->vif.type == NL80211_IFTYPE_STATION) 148 ieee80211_mgd_stop_link(link); 149 150 wiphy_delayed_work_cancel(link->sdata->local->hw.wiphy, 151 &link->color_collision_detect_work); 152 wiphy_work_cancel(link->sdata->local->hw.wiphy, 153 &link->color_change_finalize_work); 154 wiphy_work_cancel(link->sdata->local->hw.wiphy, 155 &link->csa.finalize_work); 156 157 if (link->sdata->wdev.links[link->link_id].cac_started) { 158 wiphy_hrtimer_work_cancel(link->sdata->local->hw.wiphy, 159 &link->dfs_cac_timer_work); 160 cfg80211_cac_event(link->sdata->dev, 161 &link->conf->chanreq.oper, 162 NL80211_RADAR_CAC_ABORTED, 163 GFP_KERNEL, link->link_id); 164 } 165 166 ieee80211_link_release_channel(link); 167 } 168 169 struct link_container { 170 struct ieee80211_link_data data; 171 struct ieee80211_bss_conf conf; 172 }; 173 174 static void ieee80211_tear_down_links(struct ieee80211_sub_if_data *sdata, 175 struct link_container **links, u16 mask) 176 { 177 struct ieee80211_link_data *link; 178 LIST_HEAD(keys); 179 unsigned int link_id; 180 181 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) { 182 if (!(mask & BIT(link_id))) 183 continue; 184 link = &links[link_id]->data; 185 if (link_id == 0 && !link) 186 link = &sdata->deflink; 187 if (WARN_ON(!link)) 188 continue; 189 ieee80211_remove_link_keys(link, &keys); 190 ieee80211_link_debugfs_remove(link); 191 ieee80211_link_stop(link); 192 } 193 194 synchronize_rcu(); 195 196 ieee80211_free_key_list(sdata->local, &keys); 197 } 198 199 static void ieee80211_free_links(struct ieee80211_sub_if_data *sdata, 200 struct link_container **links) 201 { 202 unsigned int link_id; 203 204 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) 205 kfree(links[link_id]); 206 } 207 208 static int ieee80211_check_dup_link_addrs(struct ieee80211_sub_if_data *sdata) 209 { 210 unsigned int i, j; 211 212 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++) { 213 struct ieee80211_link_data *link1; 214 215 link1 = sdata_dereference(sdata->link[i], sdata); 216 if (!link1) 217 continue; 218 for (j = i + 1; j < IEEE80211_MLD_MAX_NUM_LINKS; j++) { 219 struct ieee80211_link_data *link2; 220 221 link2 = sdata_dereference(sdata->link[j], sdata); 222 if (!link2) 223 continue; 224 225 if (ether_addr_equal(link1->conf->addr, 226 link2->conf->addr)) 227 return -EALREADY; 228 } 229 } 230 231 return 0; 232 } 233 234 static void ieee80211_set_vif_links_bitmaps(struct ieee80211_sub_if_data *sdata, 235 u16 valid_links, u16 dormant_links) 236 { 237 sdata->vif.valid_links = valid_links; 238 sdata->vif.dormant_links = dormant_links; 239 240 if (!valid_links || 241 WARN((~valid_links & dormant_links) || 242 !(valid_links & ~dormant_links), 243 "Invalid links: valid=0x%x, dormant=0x%x", 244 valid_links, dormant_links)) { 245 sdata->vif.active_links = 0; 246 sdata->vif.dormant_links = 0; 247 return; 248 } 249 250 switch (sdata->vif.type) { 251 case NL80211_IFTYPE_AP: 252 case NL80211_IFTYPE_AP_VLAN: 253 /* in an AP all links are always active */ 254 sdata->vif.active_links = valid_links; 255 256 /* AP links are not expected to be disabled */ 257 WARN_ON(dormant_links); 258 break; 259 case NL80211_IFTYPE_STATION: 260 if (sdata->vif.active_links) 261 break; 262 sdata->vif.active_links = valid_links & ~dormant_links; 263 WARN_ON(hweight16(sdata->vif.active_links) > 1); 264 break; 265 default: 266 WARN_ON(1); 267 } 268 } 269 270 static int ieee80211_vif_update_links(struct ieee80211_sub_if_data *sdata, 271 struct link_container **to_free, 272 u16 new_links, u16 dormant_links) 273 { 274 u16 old_links = sdata->vif.valid_links; 275 u16 old_active = sdata->vif.active_links; 276 unsigned long add = new_links & ~old_links; 277 unsigned long rem = old_links & ~new_links; 278 unsigned int link_id; 279 int ret; 280 struct link_container *links[IEEE80211_MLD_MAX_NUM_LINKS] = {}, *link; 281 struct ieee80211_bss_conf *old[IEEE80211_MLD_MAX_NUM_LINKS]; 282 struct ieee80211_link_data *old_data[IEEE80211_MLD_MAX_NUM_LINKS]; 283 bool use_deflink = old_links == 0; /* set for error case */ 284 bool non_sta = sdata->vif.type != NL80211_IFTYPE_STATION; 285 286 lockdep_assert_wiphy(sdata->local->hw.wiphy); 287 288 memset(to_free, 0, sizeof(links)); 289 290 if (old_links == new_links && dormant_links == sdata->vif.dormant_links) 291 return 0; 292 293 /* if there were no old links, need to clear the pointers to deflink */ 294 if (!old_links) 295 rem |= BIT(0); 296 297 /* allocate new link structures first */ 298 for_each_set_bit(link_id, &add, IEEE80211_MLD_MAX_NUM_LINKS) { 299 link = kzalloc_obj(*link); 300 if (!link) { 301 ret = -ENOMEM; 302 goto free; 303 } 304 links[link_id] = link; 305 } 306 307 /* keep track of the old pointers for the driver */ 308 BUILD_BUG_ON(sizeof(old) != sizeof(sdata->vif.link_conf)); 309 memcpy(old, sdata->vif.link_conf, sizeof(old)); 310 /* and for us in error cases */ 311 BUILD_BUG_ON(sizeof(old_data) != sizeof(sdata->link)); 312 memcpy(old_data, sdata->link, sizeof(old_data)); 313 314 /* grab old links to free later */ 315 for_each_set_bit(link_id, &rem, IEEE80211_MLD_MAX_NUM_LINKS) { 316 if (rcu_access_pointer(sdata->link[link_id]) != &sdata->deflink) { 317 /* 318 * we must have allocated the data through this path so 319 * we know we can free both at the same time 320 */ 321 to_free[link_id] = container_of(rcu_access_pointer(sdata->link[link_id]), 322 typeof(*links[link_id]), 323 data); 324 } 325 326 RCU_INIT_POINTER(sdata->link[link_id], NULL); 327 RCU_INIT_POINTER(sdata->vif.link_conf[link_id], NULL); 328 } 329 330 if (!old_links) 331 ieee80211_debugfs_recreate_netdev(sdata, true); 332 333 /* link them into data structures */ 334 for_each_set_bit(link_id, &add, IEEE80211_MLD_MAX_NUM_LINKS) { 335 WARN_ON(!use_deflink && 336 rcu_access_pointer(sdata->link[link_id]) == &sdata->deflink); 337 338 link = links[link_id]; 339 ieee80211_link_init(sdata, link_id, &link->data, &link->conf); 340 ieee80211_link_setup(&link->data); 341 ieee80211_set_wmm_default(&link->data, true, non_sta); 342 } 343 344 if (new_links == 0) 345 ieee80211_link_init(sdata, -1, &sdata->deflink, 346 &sdata->vif.bss_conf); 347 348 ret = ieee80211_check_dup_link_addrs(sdata); 349 if (!ret) { 350 /* for keys we will not be able to undo this */ 351 ieee80211_tear_down_links(sdata, to_free, rem); 352 353 ieee80211_set_vif_links_bitmaps(sdata, new_links, dormant_links); 354 355 /* tell the driver */ 356 if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN) 357 ret = drv_change_vif_links(sdata->local, sdata, 358 old_links & old_active, 359 new_links & sdata->vif.active_links, 360 old); 361 if (!new_links) 362 ieee80211_debugfs_recreate_netdev(sdata, false); 363 364 if (sdata->vif.type == NL80211_IFTYPE_AP) 365 ieee80211_update_apvlan_links(sdata); 366 } 367 368 /* 369 * Ignore errors if we are only removing links as removal should 370 * always succeed 371 */ 372 if (!new_links) 373 ret = 0; 374 375 if (ret) { 376 /* restore config */ 377 memcpy(sdata->link, old_data, sizeof(old_data)); 378 memcpy(sdata->vif.link_conf, old, sizeof(old)); 379 ieee80211_set_vif_links_bitmaps(sdata, old_links, dormant_links); 380 /* and free (only) the newly allocated links */ 381 memset(to_free, 0, sizeof(links)); 382 goto free; 383 } 384 385 /* use deflink/bss_conf again if and only if there are no more links */ 386 use_deflink = new_links == 0; 387 388 goto deinit; 389 free: 390 /* if we failed during allocation, only free all */ 391 for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) { 392 kfree(links[link_id]); 393 links[link_id] = NULL; 394 } 395 deinit: 396 if (use_deflink) 397 ieee80211_link_init(sdata, -1, &sdata->deflink, 398 &sdata->vif.bss_conf); 399 return ret; 400 } 401 402 int ieee80211_vif_set_links(struct ieee80211_sub_if_data *sdata, 403 u16 new_links, u16 dormant_links) 404 { 405 struct link_container *links[IEEE80211_MLD_MAX_NUM_LINKS]; 406 int ret; 407 408 ret = ieee80211_vif_update_links(sdata, links, new_links, 409 dormant_links); 410 ieee80211_free_links(sdata, links); 411 412 return ret; 413 } 414 415 static int _ieee80211_set_active_links(struct ieee80211_sub_if_data *sdata, 416 u16 active_links) 417 { 418 struct ieee80211_bss_conf *link_confs[IEEE80211_MLD_MAX_NUM_LINKS]; 419 struct ieee80211_local *local = sdata->local; 420 u16 old_active = sdata->vif.active_links; 421 unsigned long rem = old_active & ~active_links; 422 unsigned long add = active_links & ~old_active; 423 struct sta_info *sta; 424 unsigned int link_id; 425 int ret, i; 426 427 if (!ieee80211_sdata_running(sdata)) 428 return -ENETDOWN; 429 430 if (sdata->vif.type != NL80211_IFTYPE_STATION) 431 return -EINVAL; 432 433 if (active_links & ~ieee80211_vif_usable_links(&sdata->vif)) 434 return -EINVAL; 435 436 /* nothing to do */ 437 if (old_active == active_links) 438 return 0; 439 440 for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++) 441 link_confs[i] = sdata_dereference(sdata->vif.link_conf[i], 442 sdata); 443 444 if (add) { 445 sdata->vif.active_links |= active_links; 446 ret = drv_change_vif_links(local, sdata, 447 old_active, 448 sdata->vif.active_links, 449 link_confs); 450 if (ret) { 451 sdata->vif.active_links = old_active; 452 return ret; 453 } 454 } 455 456 for_each_set_bit(link_id, &rem, IEEE80211_MLD_MAX_NUM_LINKS) { 457 struct ieee80211_link_data *link; 458 459 link = sdata_dereference(sdata->link[link_id], sdata); 460 461 ieee80211_teardown_tdls_peers(link); 462 463 __ieee80211_link_release_channel(link, true); 464 465 /* 466 * If CSA is (still) active while the link is deactivated, 467 * just schedule the channel switch work for the time we 468 * had previously calculated, and we'll take the process 469 * from there. 470 */ 471 if (link->conf->csa_active) 472 wiphy_hrtimer_work_queue(local->hw.wiphy, 473 &link->u.mgd.csa.switch_work, 474 link->u.mgd.csa.time - 475 ktime_get_boottime()); 476 } 477 478 for_each_set_bit(link_id, &add, IEEE80211_MLD_MAX_NUM_LINKS) { 479 struct ieee80211_link_data *link; 480 481 link = sdata_dereference(sdata->link[link_id], sdata); 482 483 /* 484 * This call really should not fail. Unfortunately, it appears 485 * that this may happen occasionally with some drivers. Should 486 * it happen, we are stuck in a bad place as going backwards is 487 * not really feasible. 488 * 489 * So lets just tell link_use_channel that it must not fail to 490 * assign the channel context (from mac80211's perspective) and 491 * assume the driver is going to trigger a recovery flow if it 492 * had a failure. 493 * That really is not great nor guaranteed to work. But at least 494 * the internal mac80211 state remains consistent and there is 495 * a chance that we can recover. 496 */ 497 ret = _ieee80211_link_use_channel(link, 498 &link->conf->chanreq, 499 IEEE80211_CHANCTX_SHARED, 500 true); 501 WARN_ON_ONCE(ret); 502 503 /* 504 * inform about the link info changed parameters after all 505 * stations are also added 506 */ 507 } 508 509 list_for_each_entry(sta, &local->sta_list, list) { 510 if (sdata != sta->sdata) 511 continue; 512 513 /* this is very temporary, but do it anyway */ 514 __ieee80211_sta_recalc_aggregates(sta, 515 old_active | active_links); 516 517 ret = drv_change_sta_links(local, sdata, &sta->sta, 518 old_active, 519 old_active | active_links); 520 WARN_ON_ONCE(ret); 521 } 522 523 ret = ieee80211_key_switch_links(sdata, rem, add); 524 WARN_ON_ONCE(ret); 525 526 list_for_each_entry(sta, &local->sta_list, list) { 527 if (sdata != sta->sdata) 528 continue; 529 530 __ieee80211_sta_recalc_aggregates(sta, active_links); 531 532 ret = drv_change_sta_links(local, sdata, &sta->sta, 533 old_active | active_links, 534 active_links); 535 WARN_ON_ONCE(ret); 536 537 /* 538 * Do it again, just in case - the driver might very 539 * well have called ieee80211_sta_recalc_aggregates() 540 * from there when filling in the new links, which 541 * would set it wrong since the vif's active links are 542 * not switched yet... 543 */ 544 __ieee80211_sta_recalc_aggregates(sta, active_links); 545 } 546 547 for_each_set_bit(link_id, &add, IEEE80211_MLD_MAX_NUM_LINKS) { 548 struct ieee80211_link_data *link; 549 550 link = sdata_dereference(sdata->link[link_id], sdata); 551 552 ieee80211_mgd_set_link_qos_params(link); 553 ieee80211_link_info_change_notify(sdata, link, 554 BSS_CHANGED_ERP_CTS_PROT | 555 BSS_CHANGED_ERP_PREAMBLE | 556 BSS_CHANGED_ERP_SLOT | 557 BSS_CHANGED_HT | 558 BSS_CHANGED_BASIC_RATES | 559 BSS_CHANGED_BSSID | 560 BSS_CHANGED_CQM | 561 BSS_CHANGED_QOS | 562 BSS_CHANGED_TXPOWER | 563 BSS_CHANGED_BANDWIDTH | 564 BSS_CHANGED_TWT | 565 BSS_CHANGED_HE_OBSS_PD | 566 BSS_CHANGED_HE_BSS_COLOR); 567 } 568 569 old_active = sdata->vif.active_links; 570 sdata->vif.active_links = active_links; 571 572 if (rem) { 573 ret = drv_change_vif_links(local, sdata, old_active, 574 active_links, link_confs); 575 WARN_ON_ONCE(ret); 576 } 577 578 return 0; 579 } 580 581 int ieee80211_set_active_links(struct ieee80211_vif *vif, u16 active_links) 582 { 583 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 584 struct ieee80211_local *local = sdata->local; 585 u16 old_active; 586 int ret; 587 588 lockdep_assert_wiphy(local->hw.wiphy); 589 590 if (WARN_ON(!active_links)) 591 return -EINVAL; 592 593 old_active = sdata->vif.active_links; 594 if (old_active == active_links) 595 return 0; 596 597 if (!drv_can_activate_links(local, sdata, active_links)) 598 return -EINVAL; 599 600 if (old_active & active_links) { 601 /* 602 * if there's at least one link that stays active across 603 * the change then switch to it (to those) first, and 604 * then enable the additional links 605 */ 606 ret = _ieee80211_set_active_links(sdata, 607 old_active & active_links); 608 if (!ret) 609 ret = _ieee80211_set_active_links(sdata, active_links); 610 } else { 611 /* otherwise switch directly */ 612 ret = _ieee80211_set_active_links(sdata, active_links); 613 } 614 615 return ret; 616 } 617 EXPORT_SYMBOL_GPL(ieee80211_set_active_links); 618 619 void ieee80211_set_active_links_async(struct ieee80211_vif *vif, 620 u16 active_links) 621 { 622 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 623 624 if (WARN_ON(!active_links)) 625 return; 626 627 if (!ieee80211_sdata_running(sdata)) 628 return; 629 630 if (sdata->vif.type != NL80211_IFTYPE_STATION) 631 return; 632 633 if (active_links & ~ieee80211_vif_usable_links(&sdata->vif)) 634 return; 635 636 /* nothing to do */ 637 if (sdata->vif.active_links == active_links) 638 return; 639 640 sdata->desired_active_links = active_links; 641 wiphy_work_queue(sdata->local->hw.wiphy, &sdata->activate_links_work); 642 } 643 EXPORT_SYMBOL_GPL(ieee80211_set_active_links_async); 644