From nobody Sun Feb 8 17:37:41 2026 Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com [209.85.215.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 252B92206B1 for ; Thu, 1 Jan 2026 06:25:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.171 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767248739; cv=none; b=n50zSjSF1xdlCSXxW0pJfc+6BulsFfZz5c/C+k6QPZFZxURDpU/j6K1FcZLt1CVP/ymxLQfyHPC08HxWFNMyQakWqIs4AG5a59QYXJPRtszrhYYdQqPsyv3xWfxYDWS1JAxe8CEnJAPFcxTj05AwQyFJ1E1fXHSMFEbNu8B0qvo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767248739; c=relaxed/simple; bh=tv3bK65QWcl41s5TVoukR//z4Y8ewL18OId+NapDtKA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=F6alLAqoWA5S0klZ6gwzNUITusHdLkMldydcxFlwbGhpslv/x7vm55OO74g9OwrxYJEiVDEJj/imoqULotJRo3HrP9hjTUIBkvdoYZ/HAqU4Fhzgwfy9e9Stv5CQD1HxTKCoEjot7kVzFCmRJ8pEBW01g5OyzH2qzPL9HTgAFjw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=PtxOvd6p; arc=none smtp.client-ip=209.85.215.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="PtxOvd6p" Received: by mail-pg1-f171.google.com with SMTP id 41be03b00d2f7-c2dc870e194so3970858a12.2 for ; Wed, 31 Dec 2025 22:25:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767248737; x=1767853537; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KyMHOUL6PX8gGCpJKqxA4osFrTSq3zeh+kkY++bT1Ho=; b=PtxOvd6pMd8TCfglB0ApGtYAEzmf1YUj9tz6ky3KQG9d3mFyG9YZC18qFHbcURfKZR txF+LItYFIsuKhJnDJ5u2fWlAo2g/3LrqsOsqD6a/G5tbwzy82vJ3ATctQkfnytqOrK+ lvbNQ3MhG9sso3Fkxekbzc/fpB4J4BagCc+mIqSUvC/uD9ZE99FXOgbHlxlZHfhDjz3L GtGFvkgrfh1jmNraJ0iQ7s8tTVY88AL4+1+/vYY8qVMAdAgwIioY5SBWaFSrL5UEQRR7 T84BYumfywSLSfCr/DsSGc6GeMM5waGSyT6eimn+gGjklGUtY/aXvo2tBjAcbT9GOikm Wdqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767248737; x=1767853537; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=KyMHOUL6PX8gGCpJKqxA4osFrTSq3zeh+kkY++bT1Ho=; b=fAwoNXv3XgEsBf5B336WUXjOPSIeOOpdodu7y6zztRn92W+J8oaBRW/o2eKNV/A304 awbzxbsysstCeHXHXIYqqs0ugPuAR8tfxVpgf9xzoYrhTa2/G33sX6bSrdHUbVP3y+fP dZjY651tStbEAL88/dZSrGvxhz5Q0pNDLmLA0xxlS7L623HoO+20Dh5QLlfgG4VO/D2m Zx1srlxyxchKiYEYqqMrllGhL9zWP6lp/Y5F4W/Ci9FJnjwxCv9Zkr2UeoTx0MzKqygG aRS55fWnaVpvetm++wWUx+CjXpq6Ybbh7ECPKXO2Cfd1URatvaAHGbxJDqamCaOtOZeZ a4dw== X-Forwarded-Encrypted: i=1; AJvYcCVe3Q/7JXkQUnRatnhhGJDS6ODqVSpYcgaTX5CVQsJgPqaiakukoEcdOfSCNXppUd0IGW6PFV56V9tANLM=@vger.kernel.org X-Gm-Message-State: AOJu0YyrqDrDuF2fPQKxIAcb2Y2pq62bHFUMBY7H8qOQpZ/WnpR0jeeu o70qt+u7WwcfjNKwtPR7FejwiBIhjCgZwrU/1pcBsRWo/zT7wtbsroQo X-Gm-Gg: AY/fxX4fvME2ijL20ikFaYG/X+552bv7//iIRtI3eFj6Rdvk8ghF6yxZU14YqpgwPnb Uxk3heIzqtKvjJNim2g/Apq7gJ0ef0twvgS174ZL58QTHhe5Ya/ap4pM3eJdorxm9qv7PNzaViE X1GLXMF9/A5wI6y4oEj56scm6aZyjdP3qssuRvU//oPah/xlMF82997TJ+pfVaTfwzd6j6EdLuc NoohEDHu5HyAVoHk7CHyFA5MIGlYuoSdifZbgX53pRSi4jZoBOdAMzDCX0oVJyt75drrsqxTcif PA00ciqzdNo9J9525lcd/u3qGCnLHWv+AY5LuKBha5NUggK/3z6i/314a56w0Zt0NfG1ExkXBol UBak3p2hmtFxJWegJyFPZ6Cwfl50DKVub3TZf6GSvMfr2XSigykxincVATZgdMqjZMLeNE72ach XBLYtRNNmiO5ldtnjG1V2JOLNehou07biIVbxGkQ/br/DhxTMpkogExVfRXjea5A== X-Google-Smtp-Source: AGHT+IFruK2Ksd+NMZVj9cqCTMex7QiD3OzwH2E6Y1/xPBTS9H6EF+Ig7Y/w2ekYn4a7Be44BpO66Q== X-Received: by 2002:a05:7300:3e95:b0:2a4:3593:4668 with SMTP id 5a478bee46e88-2b05ebdd53bmr24110747eec.4.1767248737183; Wed, 31 Dec 2025 22:25:37 -0800 (PST) Received: from zubuntu.home.zacbowling.com ([2001:5a8:60d:bc9:9ebf:dff:fe00:f8f2]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-2b05fcfc1b7sm85698912eec.0.2025.12.31.22.25.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Dec 2025 22:25:36 -0800 (PST) From: Zac Bowling To: linux-wireless@vger.kernel.org Cc: linux-mediatek@lists.infradead.org, linux-kernel@vger.kernel.org, kvalo@kernel.org, lorenzo@kernel.org, nbd@nbd.name, sean.wang@mediatek.com, deren.wu@mediatek.com, ryder.lee@mediatek.com Subject: [PATCH] wifi: mt76: mt7921: fix missing mutex protection in multiple paths Date: Wed, 31 Dec 2025 22:25:35 -0800 Message-ID: <20260101062535.186356-1-zbowling@gmail.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Zac Bowling The MT7921 driver has the same mutex protection bugs as MT7925 - they were inherited when MT7925 was forked from MT7921. Several code paths iterate over active interfaces and call MCU functions without proper mutex protecti= on. Add mutex protection in the following locations: 1. mt7921_set_runtime_pm() in main.c: Called when runtime PM settings change. The callback mt7921_pm_interface_iter() calls MCU functions that require the device mutex to be held. 2. mt7921_regd_set_6ghz_power_type() in main.c: Called during VIF add/remove for 6GHz power type determination. Uses ieee80211_iterate_active_interfaces() without mutex. 3. mt7921_mac_reset_work() in mac.c: After firmware recovery, iterates interfaces to reconnect them. The mt7921_vif_connect_iter() callback calls MCU functions. 4. PCI/SDIO suspend paths (pci.c, sdio.c): The mt7921_roc_abort_sync() call iterates interfaces without mutex protection. These bugs can cause system hangs during: - Power management state transitions - WiFi reset/recovery - Suspend/resume cycles - 6GHz regulatory power type changes The fix follows the same pattern used in the MT7925 patches. Signed-off-by: Zac Bowling --- drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 2 ++ drivers/net/wireless/mediatek/mt76/mt7921/main.c | 4 ++++ drivers/net/wireless/mediatek/mt76/mt7921/pci.c | 2 ++ drivers/net/wireless/mediatek/mt76/mt7921/sdio.c | 2 ++ 4 files changed, 10 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/mac.c b/drivers/net/= wireless/mediatek/mt76/mt7921/mac.c index 03b4960db73f..f5c882e45bbe 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7921/mac.c +++ b/drivers/net/wireless/mediatek/mt76/mt7921/mac.c @@ -693,9 +693,11 @@ void mt7921_mac_reset_work(struct work_struct *work) clear_bit(MT76_RESET, &dev->mphy.state); pm->suspended =3D false; ieee80211_wake_queues(hw); + mt792x_mutex_acquire(dev); ieee80211_iterate_active_interfaces(hw, IEEE80211_IFACE_ITER_RESUME_ALL, mt7921_vif_connect_iter, NULL); + mt792x_mutex_release(dev); mt76_connac_power_save_sched(&dev->mt76.phy, pm); } =20 diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/main.c b/drivers/net= /wireless/mediatek/mt76/mt7921/main.c index 5fae9a6e273c..05793a786644 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7921/main.c +++ b/drivers/net/wireless/mediatek/mt76/mt7921/main.c @@ -619,9 +619,11 @@ void mt7921_set_runtime_pm(struct mt792x_dev *dev) bool monitor =3D !!(hw->conf.flags & IEEE80211_CONF_MONITOR); =20 pm->enable =3D pm->enable_user && !monitor; + mt792x_mutex_acquire(dev); ieee80211_iterate_active_interfaces(hw, IEEE80211_IFACE_ITER_RESUME_ALL, mt7921_pm_interface_iter, dev); + mt792x_mutex_release(dev); pm->ds_enable =3D pm->ds_enable_user && !monitor; mt76_connac_mcu_set_deep_sleep(&dev->mt76, pm->ds_enable); } @@ -765,9 +767,11 @@ mt7921_regd_set_6ghz_power_type(struct ieee80211_vif *= vif, bool is_add) struct mt792x_dev *dev =3D phy->dev; u32 valid_vif_num =3D 0; =20 + mt792x_mutex_acquire(dev); ieee80211_iterate_active_interfaces(mt76_hw(dev), IEEE80211_IFACE_ITER_RESUME_ALL, mt7921_calc_vif_num, &valid_vif_num); + mt792x_mutex_release(dev); =20 if (valid_vif_num > 1) { phy->power_type =3D MT_AP_DEFAULT; diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/pci.c b/drivers/net/= wireless/mediatek/mt76/mt7921/pci.c index ec9686183251..9f76b334b93d 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7921/pci.c +++ b/drivers/net/wireless/mediatek/mt76/mt7921/pci.c @@ -426,7 +426,9 @@ static int mt7921_pci_suspend(struct device *device) cancel_delayed_work_sync(&pm->ps_work); cancel_work_sync(&pm->wake_work); =20 + mt792x_mutex_acquire(dev); mt7921_roc_abort_sync(dev); + mt792x_mutex_release(dev); =20 err =3D mt792x_mcu_drv_pmctrl(dev); if (err < 0) diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/sdio.c b/drivers/net= /wireless/mediatek/mt76/mt7921/sdio.c index 3421e53dc948..92ea2811816f 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7921/sdio.c +++ b/drivers/net/wireless/mediatek/mt76/mt7921/sdio.c @@ -219,7 +219,9 @@ static int mt7921s_suspend(struct device *__dev) cancel_delayed_work_sync(&pm->ps_work); cancel_work_sync(&pm->wake_work); =20 + mt792x_mutex_acquire(dev); mt7921_roc_abort_sync(dev); + mt792x_mutex_release(dev); =20 err =3D mt792x_mcu_drv_pmctrl(dev); if (err < 0) --=20 2.51.0