From nobody Fri Jan 9 00:56:56 2026 Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 53B5C13B293 for ; Mon, 5 Jan 2026 00:26:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767572815; cv=none; b=B99HWQ0Xj7TTgPU5L4tVstB66Sj4EM2UCNgbUMDLNqyDDTBovRA1zEdK6M79bWnr/iM1AHF+bfB4stKFoeukqrPRCG0F86asP/ZB2UYN0LBQn5ktjgXWBSwZVc2IdcIjKminUqREpvlDexxW2OYUTFme623RhuuT7StM5ClIXXI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767572815; c=relaxed/simple; bh=ewxIszwEuo5ZkFcIxg7prkQR1SS9mN/+WvL9hST/bx0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=T3z6ZdEc0POsamykYwpPIgpqZoH5GfQasm1OTiPnkhiMZpKCwvRrAQ4Vnxnm9e0kfUMHBlxVsSDS7zTrcEudvzpKjMOhtNxYYF04Z3QYN3EJpptcQYkul6f3Adc6ydtjK6VO8vUxBY5Yj138B1eZGGIvtTb4Yixs6Sn0hUgWZtE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=MZd/WSEZ; arc=none smtp.client-ip=209.85.210.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="MZd/WSEZ" Received: by mail-pf1-f170.google.com with SMTP id d2e1a72fcca58-7acd9a03ba9so13871338b3a.1 for ; Sun, 04 Jan 2026 16:26:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767572813; x=1768177613; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=SKmv9Qie7cHueSzyzaZ+QRp9Y7zf25ySeMeR1g7IWf4=; b=MZd/WSEZ9I/R25CCoCQzrL4kw7XWM6VDRD9lkwpZGmGr4mogMVthuNi181CNusTVAr jqm7+2W+BXBgqF2xAvVDY1uhBD7p0AIcmhi5DHI6o3hGbL4FWbwC5TZBuTHnaVNEzIe8 YXbfL3os7TkskT+kDoONjRPqZEFmiXIA3d2mvi3vcy+FJzKR4AMhQ2U77+oGhz6ozlyR YjM22cri3IwVuWMsnqExCaKWMeB0B/M7JsEx9Pj1NPhdCRUpPJQ6nLjzqy2IZXJlKJRE NXXaSyIAuukIPK92tK5E78fpn3Fj/j+uClIbpwzkSQQELKo8n+lVwp0jAq30ECTAsOQ8 QZAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767572813; x=1768177613; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=SKmv9Qie7cHueSzyzaZ+QRp9Y7zf25ySeMeR1g7IWf4=; b=rJHqF2b1livSPbuJP2+BOQC5b/jqhRagcZc7+DrEC/QXYgJVVsEVNjpKtVM5gsgcpU IPQeD667VVZ6Ro1GV76y/moN9yEz9iegRL25enrCpYzijdRTS0EmuKonNkWFHZEPJ0d/ 77xcpSFKt2VYeztdmUjA3/hrQrfmmg0zBbxoFOWiogHPeLEvrmGdSyb2BelEosQWtL3G oI/hOWyF8ayoijZrGWdu0R/Ipu/EC8hPLrpsMsE5+eOFeqC3Kqhk9ubvyYkrJRCNMr3H 4XYLZzNDaF5Ynasz/grlBndyEyovBBWjNYa0sbrLyXZGBpWxzfFifAIOj1rQpZz75Ryk xHJw== X-Forwarded-Encrypted: i=1; AJvYcCUBxxpeEhp/67THDUdonDrn300HfAMtAkJFDVLi0QGhx5JQXgw1AAMAHUssp0R/BQOxJlsOUBotyO5IeNo=@vger.kernel.org X-Gm-Message-State: AOJu0YyUdZhQNbrp76zG235AvG0OvDrBD2EqxE7ZqnGIQjNFqVG/f9dc And9Vs5/iQ12gsPgboNyj2m7mwBXrzYvV8DSRlRPLeN+V3Gn6dq/IyTC X-Gm-Gg: AY/fxX7a7gIEb7FwwGfuoTTADVFF3ExwVkTFRz+7WP3Za9LqDscwdY2NyAXHCon4BRX oSLfDc1Kq+ujFV9WZKUXH9rDSbe0UOcnBJhXTir70pxK64t8NEaIyO0bS+nUpOQD1sHvmbj38MN 6VJoHZND0QRsyqFcDc/TC0BzPIFJlPpo7XFJrBTl2VNIvnABZeqbB9BCSH38o/aPcvhERyYsPyW Z/R5yjKrLwxlj2TDrCBQCkDqHpA7GlEszYEoYWF28ai5S9Q/BhYVOebaVMwHlKDyhreuWIAxn3Z 2/ce5FO2XGFGgFmAfC+I2tycV3wFdiMdhTYuvzckwJzkQsf/A1sq2gdGF/rzjVysebtrbg5phU/ krk4pqlyC1sJ13bLZBSsw1CnYKHhV+GapHm5VDc27U5EvY0VPBP0ufWjquGomrMLSiNXTVz/SAf EALZzq6A+LJc2mi1VXBfcbgwqVAcwdZKSgftyS1PUTkA7Q1cfnD0QdfAaveq9hAYc= X-Google-Smtp-Source: AGHT+IHPaxepL+KOGt5lEUs7jq6bBXnQPyHoe1Q+qdF+4qNFKzLPWnvGSkSBMjp0qzTTzzBqY19MxA== X-Received: by 2002:a05:7022:ef0b:b0:11b:8161:5cfc with SMTP id a92af1059eb24-12172306ccfmr47077126c88.36.1767572813355; Sun, 04 Jan 2026 16:26:53 -0800 (PST) Received: from zubuntu.bengal-mercat.ts.net ([2001:5a8:60d:bc9:9ebf:dff:fe00:f8f2]) by smtp.gmail.com with ESMTPSA id a92af1059eb24-121724de268sm133378109c88.8.2026.01.04.16.26.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 04 Jan 2026 16:26:52 -0800 (PST) From: Zac Bowling To: zbowling@gmail.com Cc: deren.wu@mediatek.com, kvalo@kernel.org, linux-kernel@vger.kernel.org, linux-mediatek@lists.infradead.org, linux-wireless@vger.kernel.org, lorenzo@kernel.org, nbd@nbd.name, ryder.lee@mediatek.com, sean.wang@mediatek.com Subject: [PATCH 03/17] wifi: mt76: mt7925: fix missing mutex protection in runtime PM and MLO PM Date: Sun, 4 Jan 2026 16:26:24 -0800 Message-ID: <20260105002638.668723-4-zbowling@gmail.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260105002638.668723-1-zbowling@gmail.com> References: <20260102200524.290779-1-zbowling@gmail.com> <20260105002638.668723-1-zbowling@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Two additional code paths iterate over active interfaces and call MCU functions without proper mutex protection: 1. mt7925_set_runtime_pm(): Called when runtime PM settings change. The callback mt7925_pm_interface_iter() calls mt7925_mcu_set_beacon_filt= er() which in turn calls mt7925_mcu_set_rxfilter(). These MCU functions requi= re the device mutex to be held. 2. mt7925_mlo_pm_work(): A workqueue function for MLO power management. The callback mt7925_mlo_pm_iter() was acquiring mutex internally, which is inconsistent with the rest of the driver where the caller holds the mutex during interface iteration. These bugs can cause deadlocks when: - Power management settings are changed while WiFi is active - MLO power save state transitions occur during roaming Move the mutex to the caller in mt7925_mlo_pm_work() for consistency with the rest of the driver, and add mutex protection in mt7925_set_runtime_pm(). Found through static analysis (clang-tidy) and comparison with the MT7615 driver which correctly acquires mutex before interface iteration. Fixes: c948b5da6bbe ("wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt= 7925 chips") Reported-by: Zac Bowling Tested-by: Zac Bowling Signed-off-by: Zac Bowling --- drivers/net/wireless/mediatek/mt76/mt7925/main.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/main.c b/drivers/net= /wireless/mediatek/mt76/mt7925/main.c index 3001a62a8b67..9f17b21aef1c 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/main.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/main.c @@ -751,9 +751,11 @@ void mt7925_set_runtime_pm(struct mt792x_dev *dev) bool monitor =3D !!(hw->conf.flags & IEEE80211_CONF_MONITOR); =20 pm->enable =3D pm->enable_user && !monitor; + mt792x_mutex_acquire(dev); ieee80211_iterate_active_interfaces(hw, IEEE80211_IFACE_ITER_RESUME_ALL, mt7925_pm_interface_iter, dev); + mt792x_mutex_release(dev); pm->ds_enable =3D pm->ds_enable_user && !monitor; mt7925_mcu_set_deep_sleep(dev, pm->ds_enable); } @@ -1301,14 +1303,12 @@ mt7925_mlo_pm_iter(void *priv, u8 *mac, struct ieee= 80211_vif *vif) if (mvif->mlo_pm_state !=3D MT792x_MLO_CHANGED_PS) return; =20 - mt792x_mutex_acquire(dev); for_each_set_bit(i, &valid, IEEE80211_MLD_MAX_NUM_LINKS) { bss_conf =3D mt792x_vif_to_bss_conf(vif, i); if (!bss_conf) continue; mt7925_mcu_uni_bss_ps(dev, bss_conf); } - mt792x_mutex_release(dev); } =20 void mt7925_mlo_pm_work(struct work_struct *work) @@ -1317,9 +1317,11 @@ void mt7925_mlo_pm_work(struct work_struct *work) mlo_pm_work.work); struct ieee80211_hw *hw =3D mt76_hw(dev); =20 + mt792x_mutex_acquire(dev); ieee80211_iterate_active_interfaces(hw, IEEE80211_IFACE_ITER_RESUME_ALL, mt7925_mlo_pm_iter, dev); + mt792x_mutex_release(dev); } =20 void mt7925_scan_work(struct work_struct *work) --=20 2.51.0