From nobody Mon Feb 9 04:14:32 2026 Received: from mail-dy1-f178.google.com (mail-dy1-f178.google.com [74.125.82.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AF1532F261C for ; Fri, 16 Jan 2026 01:05:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768525535; cv=none; b=ozs/zlEiWTbVG7i7lJvLvUmqzd+jTRml6H1KdMnBI+7kOEr2RsamVeUId/E2WAeN70Scrzw8it50VPJbwWOMa0XDaXTO+80fwAztN3/oCNNQXvb2GeaeNOdtkY2oKFjKH0Pt+IHfz1dn3oCiqgE8CV6+zVbW5+iFsRDxjfKp7Qw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768525535; c=relaxed/simple; bh=bTBkoR/HGMUKUB0iBrEP++9Evouf7Ac6pUXzKhtf6hY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ekeCIXxxMaTRaCShTJRctmfpwN0vQSZ/TXzDbaPAkIdxG5R1CwDl4AwEW9eLlQRydWcePCAtnm5BG50Fx0riSf+fZlfBaxUoUudWvi42b7IwCN9mqA5Jm4lZZjcE1wfQIbwR3CSfS+KEofr8AiDFBcztifcfBQhlL4Vj97BRY3s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=zacbowling.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=m9uvqedC; arc=none smtp.client-ip=74.125.82.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=zacbowling.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="m9uvqedC" Received: by mail-dy1-f178.google.com with SMTP id 5a478bee46e88-2ae61424095so1666475eec.1 for ; Thu, 15 Jan 2026 17:05:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768525528; x=1769130328; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:from:to:cc:subject:date :message-id:reply-to; bh=y9d/7gkP0dehSO2kv5Bs0x2eBF89HHL2x635aV3XfFw=; b=m9uvqedCAl6WqnsmwzDThrZAG4kUMsuLpebC4Dt5ndhqYkitrWyyC17lnP6i5mw+Fk 02nN66gwNFMTzgxXlUzNyZySEJ9mKgbjJZcWiTMVo4ZrpvcOZa/MiQNnFRejTE8K4Rcd Cc3QgWOT9gCd8Gwx4i/pHMJPmZMGpP0+eiEgsFGhLiMFk6ARUubHWP9HtOk++RsO0yYT eC1epEImNxkw6MlSP/4KbVJVvz1n+zeTl2IpQLb/ln9iyoAlO37wdDrPI0d+AUnqWRzu KHq4ZQ1avSSxDyZWtkeDIj9w4iz9bbUM51m+7yDoPGjCq65HQZUmepQYhmEe8kSudX9q sDUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768525528; x=1769130328; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=y9d/7gkP0dehSO2kv5Bs0x2eBF89HHL2x635aV3XfFw=; b=GYFzvtLMKHBF8pkKep+Fg91kJrlSmgeGFmKelOaHj4z/ilVG2ZG9UjjDbNtZHLLOeD jyQ1ZjQOqVPWkMXAgUFz1lS3bFLRsbS9Yw7bml58dApbDq7jz4UagSjj12q4ZfMCbQCT rPm2GHfF+eIt/gjbXoy2rD6nXfZrCd3lnDtudEPcH5sxK7LIg5dDFZ7H9IyTb+bX6tJO t2Ri4/sspgoWaFA/VuJAxGgyj/jQQk4IwNyPKIW1JjkU+OqcY1kcL1IhEO2dttf1bgHb 0cToVsWKrY1WjPRJL/KidJzQf/M4iBMirl5haWV5FZ4+xDjXi6j7kCWGLtaNmOVSqFr1 gopA== X-Forwarded-Encrypted: i=1; AJvYcCWLsLhgY9QGmzeONSyZPketJZ8StvzAhUWbnoAmjYSRxKoccPOjr0irzjSLqDfiSNOT6q/+C8ZSRm77ppQ=@vger.kernel.org X-Gm-Message-State: AOJu0YyU2omw8dqMPXlKSaXW8dm7VWUMTG2zs9rwlhYa7j3JYYQxa1Uy id0fYaBTK+KabdnEgnm0q/0bpWIWu08NxzZXGOkhezxZfKdKgvkGfMb6 X-Gm-Gg: AY/fxX7QcujIKkzVvPxVRSgq32yfF1GYw/Mb7l02YtZdSsAsQGTy6n85cM2S//xCbZ6 cRWEUPehNaWmIo7P2WPM76db5IfxUOln/MRSzuFYYl/QvLDqAVv9WIipCjh++PklmitLQ+i/wbl 9McR4Cnw4ry8f5/wNhmkbz6dvSnFVT9cuCxse5xPuVYbVSsuuQWS/Zx9xLDAR/qonnrFtRMCtdi se5C7uSGSdJUQ1JNUlaS9MClG+dE0VbVekgzSOIeI0cXzbtQYc7KgW7yHlWiEt1tCFbtyw0kBFs BiZNQpmfW6EyQ65YBU3xP1et7MfutYKO6K5IdtZFQuPArG+3FErOVQXP2Eqzfvh3uhsnDQtrPDM k3gLyDRSZwNDsOfZQSE09jyi6aAHEGexPhvf/kGtrqB5ZHaRriEPcOEsydyLKoDnQCzG61xkl7A EKezTMNsDF8aqC/DdXu4+D5K3V19EOjzpnNCnnbEAQd3qyxPZpWd5J+Yry16rZ7g== X-Received: by 2002:a05:7301:290a:b0:2ae:60fd:6f18 with SMTP id 5a478bee46e88-2b6b4e8a496mr1565789eec.22.1768525527714; Thu, 15 Jan 2026 17:05:27 -0800 (PST) Received: from zcache.home.zacbowling.com ([2001:5a8:60d:bc9:f1d2:502c:a6ff:5556]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-2b6b367cbc9sm1019884eec.32.2026.01.15.17.05.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Jan 2026 17:05:27 -0800 (PST) Sender: Zac Bowling From: Zac To: sean.wang@kernel.org Cc: deren.wu@mediatek.com, kvalo@kernel.org, linux-kernel@vger.kernel.org, linux-mediatek@lists.infradead.org, linux-wireless@vger.kernel.org, lorenzo@kernel.org, nbd@nbd.name, linux@frame.work, ryder.lee@mediatek.com, sean.wang@mediatek.com, Zac Bowling , Zac Bowling Subject: [PATCH v4 03/21] wifi: mt76: mt7925: fix missing mutex protection in runtime PM and MLO PM Date: Thu, 15 Jan 2026 17:05:01 -0800 Message-ID: <20260116010519.37001-4-zac@zacbowling.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260116010519.37001-1-zac@zacbowling.com> References: <20260116010519.37001-1-zac@zacbowling.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Zac Bowling Two additional code paths iterate over active interfaces and call MCU functions without proper mutex protection: 1. mt7925_set_runtime_pm(): Called when runtime PM settings change. The callback mt7925_pm_interface_iter() calls mt7925_mcu_set_beacon_filt= er() which in turn calls mt7925_mcu_set_rxfilter(). These MCU functions requi= re the device mutex to be held. 2. mt7925_mlo_pm_work(): A workqueue function for MLO power management. The callback mt7925_mlo_pm_iter() was acquiring mutex internally, which is inconsistent with the rest of the driver where the caller holds the mutex during interface iteration. These bugs can cause deadlocks when: - Power management settings are changed while WiFi is active - MLO power save state transitions occur during roaming Move the mutex to the caller in mt7925_mlo_pm_work() for consistency with the rest of the driver, and add mutex protection in mt7925_set_runtime_pm(). Found through static analysis (clang-tidy) and comparison with the MT7615 driver which correctly acquires mutex before interface iteration. Fixes: c948b5da6bbe ("wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt= 7925 chips") Reported-by: Zac Bowling Tested-by: Zac Bowling Signed-off-by: Zac Bowling --- drivers/net/wireless/mediatek/mt76/mt7925/main.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/main.c b/drivers/net= /wireless/mediatek/mt76/mt7925/main.c index 3001a62a8b..9f17b21aef 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/main.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/main.c @@ -751,9 +751,11 @@ void mt7925_set_runtime_pm(struct mt792x_dev *dev) bool monitor =3D !!(hw->conf.flags & IEEE80211_CONF_MONITOR); =20 pm->enable =3D pm->enable_user && !monitor; + mt792x_mutex_acquire(dev); ieee80211_iterate_active_interfaces(hw, IEEE80211_IFACE_ITER_RESUME_ALL, mt7925_pm_interface_iter, dev); + mt792x_mutex_release(dev); pm->ds_enable =3D pm->ds_enable_user && !monitor; mt7925_mcu_set_deep_sleep(dev, pm->ds_enable); } @@ -1301,14 +1303,12 @@ mt7925_mlo_pm_iter(void *priv, u8 *mac, struct ieee= 80211_vif *vif) if (mvif->mlo_pm_state !=3D MT792x_MLO_CHANGED_PS) return; =20 - mt792x_mutex_acquire(dev); for_each_set_bit(i, &valid, IEEE80211_MLD_MAX_NUM_LINKS) { bss_conf =3D mt792x_vif_to_bss_conf(vif, i); if (!bss_conf) continue; mt7925_mcu_uni_bss_ps(dev, bss_conf); } - mt792x_mutex_release(dev); } =20 void mt7925_mlo_pm_work(struct work_struct *work) @@ -1317,9 +1317,11 @@ void mt7925_mlo_pm_work(struct work_struct *work) mlo_pm_work.work); struct ieee80211_hw *hw =3D mt76_hw(dev); =20 + mt792x_mutex_acquire(dev); ieee80211_iterate_active_interfaces(hw, IEEE80211_IFACE_ITER_RESUME_ALL, mt7925_mlo_pm_iter, dev); + mt792x_mutex_release(dev); } =20 void mt7925_scan_work(struct work_struct *work) --=20 2.52.0