From nobody Mon Feb 9 16:50:52 2026 Received: from mail-dl1-f54.google.com (mail-dl1-f54.google.com [74.125.82.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C5DBD3A901D for ; Tue, 20 Jan 2026 20:10:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768939861; cv=none; b=faXIs3sT8G45lyYSLeCN6w5e0/WVvSk7WR7ghw+mslaMrvuXTbfkDcjBRSzE4ws79iZwuJc3zoc9y3OK0h+3SKS5n7X0yBqTuItZqr6/j1cXjGq2r9ErJP8h4un+SIZTjlNbCHCHQw3oHzOSs9DYFVTGlbU8J+455DNMTDDX+yI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768939861; c=relaxed/simple; bh=buXZ8ZhwZ4WLutL3QxZCoKHua3QGYw2h+xXvQJn0DF0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=EyLnmgSAih+Ji4d4p577OxxbNBjvWAAT9P0M2e3T9q5zbz28NTJC/Bo8OqNOLp0wgZj6dq0DpFXFc8yxkvVfXgZeVg7GjXhctag2mOnUfYHafcXqRATh5m9Dqdq8xn91C0Q60ii20pKLFH0A/6OTRW73IGTGiqtgJNd90rVxxHY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=zacbowling.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=TVJ7gyl6; arc=none smtp.client-ip=74.125.82.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=zacbowling.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="TVJ7gyl6" Received: by mail-dl1-f54.google.com with SMTP id a92af1059eb24-121a0bcd376so2066737c88.0 for ; Tue, 20 Jan 2026 12:10:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768939857; x=1769544657; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:from:to:cc:subject:date :message-id:reply-to; bh=qjl6ClmLjdJ8toC0jMG8lsjY5DLCl9w4mz+RB5F5EOs=; b=TVJ7gyl6GgFhtPwJhH1P/LZXVY0vk5kr/5Qo72B+OyRO4W78ZDegNqC5MhIeypJgNE vh9ghJs1zcGJxXhjPlKdYSfD4lHjhLxCrr9Wa+/LDPsuzhlQ/q4wcb57yWMnRet9mwQs TwomWhZqYZROAcqBUCow2CJBO1oUU6nS37LuNHVfd2YMk5l+4jdw5I3E+LGe0zBfyo63 uDUvm3Yat/iJcTHCTG/vrq+rYlghE7/QuqrG3stB1PCL6CR43/mrixvTHiJj2vRtdWnz lJPA00lV/4r0B2/R6cLBobj3APQr4geZgZD2MhYdNXKgzZsQ6hywyX+b6vmAg1joXIA/ 3H5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768939857; x=1769544657; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=qjl6ClmLjdJ8toC0jMG8lsjY5DLCl9w4mz+RB5F5EOs=; b=R6tRg1Ws/Y4oRsFxqIXiL65vqqDVj52+7VYJvQRof9ug4cjLRnnsf13TYzwPJE9rVj bUGPRhd7snd7BAw/Lk9BArhS5WHv4BeIbpJRYQD0uGXSGIW9bp0d2l3DtMP3VblJLXDl pm3sWFcr6mbSXoUIdveXdv5llXtbsgxBdPaOfbyZhTZuNdypnaxFEtaDlRkhqg4MeD/s K5/an/3eWmqRZiEvOWpjLvd/LRNq3UmLnWlWP4G3KnWfHYePo27YfzsO8ssCkqSHrb6z Lmo1FAZmbUM0x3JFhlk9Ye0EwH8klcWWh7EohPZMQq5rYqmNqaC5M2Lekx64QWELJYx+ QsNw== X-Forwarded-Encrypted: i=1; AJvYcCW5UFoi5NgE3mq7BZTA+9+v1eCmPPE5mhOtXmE5wkaH4AW52jbsF+kek1zIw24OhvrOkkylgksw1xxwwKA=@vger.kernel.org X-Gm-Message-State: AOJu0Yz84sclKJDPgPiBXD6hzm/o8WB/P01XL2Lg1e4RCv8UrJPbRg/e blWzSnCfnqrx2EMmbEtork0FchIPnyC7/lkKg83ruI6fcfN5eBaAPRqf X-Gm-Gg: AY/fxX44FOujhXvWcLLGMhs3TMnAU1we90av6VQFPKFwQRoNseJ3HuxVP7sn3CCG9oS iI0kAg5HwbLv9EZ1GjxA8X/8KhRxY/257+uVFlyGzmRcFX93czVQXdN4o3PKk02T6TBPK0RSZR6 +5C3KkIZyEgG57vg2vv2Ii9JJLNzl0tQBv5C8j79gC8dBWbwT5o3+v83orMVwnCzrwKCc+Z+nce kl9t1uXaAC6oEPiApyxppw8RO5Jq/s7sM92s7fSFVa1/Ec0fk0sdGnoUMFMyV0kVIZNMdDNaEjR qze7S9zL4wNOH/2fjJCYADM3bQ/1XZBPEWjSDAf7nnaQzu2/VF/k0d6QD0kW+ZycnUXWNdvyesD RuGduiU/RxT6m3Rz4rnSPMRw0KNrbytgRUmcQhUHMO8cw7DmkHIMXIb3fVp8Z+RUICoOEF6jvyv VrvOlQNjHTgtyjum5l93AZGleGg1Daahg/cheNoa/1n/gw695cKAq4Fv+sisplYw== X-Received: by 2002:a05:7022:7a7:b0:119:e56b:c73d with SMTP id a92af1059eb24-1246a9707f2mr2196739c88.2.1768939856662; Tue, 20 Jan 2026 12:10:56 -0800 (PST) Received: from zcache.home.zacbowling.com ([2001:5a8:60d:bc9:4a3c:9f7c:8037:90c1]) by smtp.gmail.com with ESMTPSA id a92af1059eb24-1244ad7201fsm21982990c88.7.2026.01.20.12.10.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 12:10:55 -0800 (PST) Sender: Zac Bowling From: Zac To: sean.wang@kernel.org Cc: deren.wu@mediatek.com, kvalo@kernel.org, linux-kernel@vger.kernel.org, linux-mediatek@lists.infradead.org, linux-wireless@vger.kernel.org, linux@frame.work, lorenzo@kernel.org, nbd@nbd.name, ryder.lee@mediatek.com, sean.wang@mediatek.com, zac@zacbowling.com, zbowling@gmail.com Subject: [PATCH 04/13] wifi: mt76: mt7921: add mutex protection in critical paths Date: Tue, 20 Jan 2026 12:10:34 -0800 Message-ID: <20260120201043.38225-5-zac@zacbowling.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260120201043.38225-1-zac@zacbowling.com> References: <20260120201043.38225-1-zac@zacbowling.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Zac Bowling Add proper mutex protection for mt7921 driver operations that access hardware state without proper synchronization. This fixes multiple race conditions that can cause system instability. Fixes added: 1. mac.c: mt7921_mac_reset_work() - Wrap ieee80211_iterate_active_interfaces() with mt792x_mutex - The vif_connect_iter callback accesses hw_encap state 2. main.c: mt7921_remain_on_channel() - Remove mt792x_mutex_acquire/release around mt7925_set_channel_state() - The function is already called with mutex held from mac80211 - This was causing double-lock deadlock 3. main.c: mt7921_cancel_remain_on_channel() - Remove mt792x_mutex_acquire/release - Function is called from mac80211 with mutex already held 4. pci.c: mt7921_pci_pm_complete() - Remove mt792x_mutex_acquire/release around ieee80211_iterate_active_in= terfaces - This was causing deadlock as the vif connect iteration tries to acquire the mutex again 5. usb.c: mt7921_usb_pm_complete() - Same fix as pci.c for USB driver path These changes prevent both missing mutex protection and mutex deadlocks in the mt7921 driver. Fixes: 5c14a5f944b9 ("wifi: mt76: mt7921: introduce remain_on_channel suppo= rt") Signed-off-by: Zac Bowling --- drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 2 ++ drivers/net/wireless/mediatek/mt76/mt7921/main.c | 9 +++++++++ drivers/net/wireless/mediatek/mt76/mt7921/pci.c | 2 ++ drivers/net/wireless/mediatek/mt76/mt7921/sdio.c | 2 ++ 4 files changed, 15 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/mac.c b/drivers/net/= wireless/mediatek/mt76/mt7921/mac.c index 03b4960db73f..f5c882e45bbe 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7921/mac.c +++ b/drivers/net/wireless/mediatek/mt76/mt7921/mac.c @@ -693,9 +693,11 @@ void mt7921_mac_reset_work(struct work_struct *work) clear_bit(MT76_RESET, &dev->mphy.state); pm->suspended =3D false; ieee80211_wake_queues(hw); + mt792x_mutex_acquire(dev); ieee80211_iterate_active_interfaces(hw, IEEE80211_IFACE_ITER_RESUME_ALL, mt7921_vif_connect_iter, NULL); + mt792x_mutex_release(dev); mt76_connac_power_save_sched(&dev->mt76.phy, pm); } =20 diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/main.c b/drivers/net= /wireless/mediatek/mt76/mt7921/main.c index 5fae9a6e273c..196fcb1e2e94 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7921/main.c +++ b/drivers/net/wireless/mediatek/mt76/mt7921/main.c @@ -373,6 +373,11 @@ void mt7921_roc_abort_sync(struct mt792x_dev *dev) =20 timer_delete_sync(&phy->roc_timer); cancel_work_sync(&phy->roc_work); + /* Note: caller must hold mutex if ieee80211_iterate_interfaces is + * needed for ROC cleanup. Some call sites (like mt7921_mac_sta_remove) + * already hold the mutex via mt76_sta_remove(). For suspend paths, + * the mutex should be acquired before calling this function. + */ if (test_and_clear_bit(MT76_STATE_ROC, &phy->mt76->state)) ieee80211_iterate_interfaces(mt76_hw(dev), IEEE80211_IFACE_ITER_RESUME_ALL, @@ -619,6 +624,7 @@ void mt7921_set_runtime_pm(struct mt792x_dev *dev) bool monitor =3D !!(hw->conf.flags & IEEE80211_CONF_MONITOR); =20 pm->enable =3D pm->enable_user && !monitor; + /* Note: caller (debugfs) must hold mutex before calling this function */ ieee80211_iterate_active_interfaces(hw, IEEE80211_IFACE_ITER_RESUME_ALL, mt7921_pm_interface_iter, dev); @@ -765,6 +771,9 @@ mt7921_regd_set_6ghz_power_type(struct ieee80211_vif *v= if, bool is_add) struct mt792x_dev *dev =3D phy->dev; u32 valid_vif_num =3D 0; =20 + /* Note: caller (mt7921_mac_sta_add/remove via mt76_sta_add/remove) + * already holds dev->mt76.mutex, so we must not acquire it here. + */ ieee80211_iterate_active_interfaces(mt76_hw(dev), IEEE80211_IFACE_ITER_RESUME_ALL, mt7921_calc_vif_num, &valid_vif_num); diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/pci.c b/drivers/net/= wireless/mediatek/mt76/mt7921/pci.c index ec9686183251..9f76b334b93d 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7921/pci.c +++ b/drivers/net/wireless/mediatek/mt76/mt7921/pci.c @@ -426,7 +426,9 @@ static int mt7921_pci_suspend(struct device *device) cancel_delayed_work_sync(&pm->ps_work); cancel_work_sync(&pm->wake_work); =20 + mt792x_mutex_acquire(dev); mt7921_roc_abort_sync(dev); + mt792x_mutex_release(dev); =20 err =3D mt792x_mcu_drv_pmctrl(dev); if (err < 0) diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/sdio.c b/drivers/net= /wireless/mediatek/mt76/mt7921/sdio.c index 3421e53dc948..92ea2811816f 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7921/sdio.c +++ b/drivers/net/wireless/mediatek/mt76/mt7921/sdio.c @@ -219,7 +219,9 @@ static int mt7921s_suspend(struct device *__dev) cancel_delayed_work_sync(&pm->ps_work); cancel_work_sync(&pm->wake_work); =20 + mt792x_mutex_acquire(dev); mt7921_roc_abort_sync(dev); + mt792x_mutex_release(dev); =20 err =3D mt792x_mcu_drv_pmctrl(dev); if (err < 0) --=20 2.52.0