[PATCH v2] wifi: cfg80211: clear link ID from bitmap during link delete after clean up

Aditya Kumar Singh <quic_adisi@xxxxxxxxxxx> · Thu, 21 Nov 2024 09:45:30 +0530

Currently, during link deletion, the link ID is first removed from the
valid_links bitmap before performing any clean-up operations. However, some
functions require the link ID to remain in the valid_links bitmap. One
such example is cfg80211_cac_event(). The flow is -

nl80211_remove_link()
    cfg80211_remove_link()
        ieee80211_del_intf_link()
            ieee80211_vif_set_links()
                ieee80211_vif_update_links()
                    ieee80211_link_stop()
                        cfg80211_cac_event()

cfg80211_cac_event() requires link ID to be present but it is cleared
already in cfg80211_remove_link(). Ultimately, WARN_ON() is hit.

Therefore, clear the link ID from the bitmap only after completing the link
clean-up.

Signed-off-by: Aditya Kumar Singh <quic_adisi@xxxxxxxxxxx>
---
Changes in v2:
- Handled link ID removal properly instead of removing the WARN_ON()
- Renamed subject accordingly.
- Link to v1: https://lore.kernel.org/r/20241113-mlo_dfs_fix-v1-1-e4326736347b@xxxxxxxxxxx
---
 net/mac80211/cfg.c  | 8 +++++++-
 net/wireless/util.c | 3 +--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 61a824ec33da356a9d2c4c99a5507b340bbf909e..53dc76bde158b8ada4a504c793246b856c52c83a 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -5046,10 +5046,16 @@ static void ieee80211_del_intf_link(struct wiphy *wiphy,
 				    unsigned int link_id)
 {
 	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
+	u16 new_links = wdev->valid_links & ~BIT(link_id);
 
 	lockdep_assert_wiphy(sdata->local->hw.wiphy);
 
-	ieee80211_vif_set_links(sdata, wdev->valid_links, 0);
+	/* During the link teardown process, certain functions require the
+	 * link_id to remain in the valid_links bitmap. Therefore, instead
+	 * of removing the link_id from the bitmap, pass a masked value to
+	 * simulate as if link_id does not exist anymore.
+	 */
+	ieee80211_vif_set_links(sdata, new_links, 0);
 }
 
 static int
diff --git a/net/wireless/util.c b/net/wireless/util.c
index 040d62051eb96ea52ba301f0767d2e4e4ba51e0b..65c8e47246b7c3889e9c2faf0c0b508c426ee513 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -2843,10 +2843,9 @@ void cfg80211_remove_link(struct wireless_dev *wdev, unsigned int link_id)
 		break;
 	}
 
-	wdev->valid_links &= ~BIT(link_id);
-
 	rdev_del_intf_link(rdev, wdev, link_id);
 
+	wdev->valid_links &= ~BIT(link_id);
 	eth_zero_addr(wdev->links[link_id].addr);
 }
 

---
base-commit: dfc14664794a4706e0c2186a0c082386e6b14c4d
change-id: 20241113-mlo_dfs_fix-1123060109bc








