wifi: mac80211: avoid weird state in error path

If we get to the error path of ieee80211_prep_connection, for example
because of a FW issue, then ieee80211_vif_set_links is called
with 0.
But the call to drv_change_vif_links from ieee80211_vif_update_links
will probably fail as well, for the same reason.
In this case, the valid_links and active_links bitmaps will be reverted
to the value of the failing connection.
Then, in the next connection, due to the logic of
ieee80211_set_vif_links_bitmaps, valid_links will be set to the ID of
the new connection assoc link, but the active_links will remain with the
ID of the old connection's assoc link.
If those IDs are different, we get into a weird state of valid_links and
active_links being different. One of the consequences of this state is
to call drv_change_vif_links with new_links as 0, since the & operation
between the bitmaps will be 0.

Since a removal of a link should always succeed, ignore the return value
of drv_change_vif_links if it was called to only remove links, which is
the case for the ieee80211_prep_connection's error path.
That way, the bitmaps will not be reverted to have the value from the
failing connection and will have 0, so the next connection will have a
good state.

Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Link: https://patch.msgid.link/20250609213231.ba2011fb435f.Id87ff6dab5e1cf757b54094ac2d714c656165059@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index dcd5969bb559ba8cd21d6ac9bcf8cf9aa709a871..a61ffdbf99be882b248ef4f6dc69132848e6d2ee 100644 (file)
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -4477,6 +4477,8 @@ struct ieee80211_prep_tx_info {
  *     new links bitmaps may be 0 if going from/to a non-MLO situation.
  *     The @old array contains pointers to the old bss_conf structures
  *     that were already removed, in case they're needed.
+ *     Note that removal of link should always succeed, so the return value
+ *     will be ignored in a removal only case.
  *     This callback can sleep.
  * @change_sta_links: Change the valid links of a station, similar to
  *     @change_vif_links. This callback can sleep.

diff --git a/net/mac80211/link.c b/net/mac80211/link.c
index 4f7b7d0f64f24b760026bb55c16119ea2c9066d1..d71eabe5abf8d8c6a061de9cc564c1e4d760b52f 100644 (file)
--- a/net/mac80211/link.c
+++ b/net/mac80211/link.c
@@ -2,7 +2,7 @@
 /*
  * MLO link handling
  *
- * Copyright (C) 2022-2024 Intel Corporation
+ * Copyright (C) 2022-2025 Intel Corporation
  */
 #include <linux/slab.h>
 #include <linux/kernel.h>
@@ -368,6 +368,13 @@ static int ieee80211_vif_update_links(struct ieee80211_sub_if_data *sdata,
                        ieee80211_update_apvlan_links(sdata);
        }
 
+       /*
+        * Ignore errors if we are only removing links as removal should
+        * always succeed
+        */
+       if (!new_links)
+               ret = 0;
+
        if (ret) {
                /* restore config */
                memcpy(sdata->link, old_data, sizeof(old_data));