From nobody Mon Feb 9 16:51:07 2026 Received: from mail-dl1-f41.google.com (mail-dl1-f41.google.com [74.125.82.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B3C4137BE6A for ; Thu, 29 Jan 2026 08:18:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769674729; cv=none; b=o//uoUhA2gvaHmCcAg7Qmdzxrbj324hqUZbZEn1DDMnhyTS9G+W9uSpjrifrEMgMLq2m2G0kD9MR/V2w3yputfJgayAeMf8vTnQwUlbW78fn/uy/2MUtZf7ucI+BZGG/QKPQJB2NNGWDZ4FDpQZpH2ezSpP7h9un1QZDhZp5qms= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769674729; c=relaxed/simple; bh=I9vCOKJG6Meo57LJasxm1sA13EPisDbw02n/q9hTrF0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=RMJfEGlFrIjzUV/8VAtwxQuHduI5OrkAm7LasUsVpyBmQzekJaGPOTVontxrgKCRugajnuuhuUx+85LgQOmJm0WorUv4wQjeRTNT2x4kgaL6u+oPZbb4qO1W8ogPP8gbDHTVFqK28xm0en3AveSl9VlCSm15HdDeP0m6lx9nNWs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=zacbowling.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=l7vg5oTm; arc=none smtp.client-ip=74.125.82.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=zacbowling.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="l7vg5oTm" Received: by mail-dl1-f41.google.com with SMTP id a92af1059eb24-11f1fb91996so1371314c88.1 for ; Thu, 29 Jan 2026 00:18:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769674727; x=1770279527; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:from:to:cc:subject:date :message-id:reply-to; bh=wH0KX/wkF+O7L7rR2/DvCIQEVEq5fxSeUKic9d804ME=; b=l7vg5oTmGEQ016/xAZsIWXxGVThONHWcciSMBaEabfMiLzuRcNewq+J169DOGgujaf +s2fHb3lRcr544/CDibbSo5r3S/HfddkyZI/OblINWrQc2g7i8V6YtU2jM/e5uiMfmCq TcP0npRz8goCr+ulz6yyIsyyl0k6/29v4xs3sOPhfSN66Km9eUbIP5ZYnQf/E3b0IQP4 qPNp9EAH62ALM03pX689y+usmP8e6QsLOfv5goGKLnrLItoQNqE68iCF2nHvJ7bDKog2 bz9DeH+Dg/XTzvWzH4oV8P9soF6KI+DzaWU0WFgL3V+ygm2ktIzo5v31iYGKGf3dlp0y jlUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769674727; x=1770279527; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=wH0KX/wkF+O7L7rR2/DvCIQEVEq5fxSeUKic9d804ME=; b=Ujcll3sJ/Ub2WQxzNoI1//U//+8Y0WXBZk4gUmf2/M6iPKm5COOQ6z7JM3/1UxT6iH /derOoPrYfiLKjRlQiVwKOIdCb5XVGCngguizWAffPNoYbRiR6L+GyGUPmt4q2KZWxy+ QMCeJM7WmET6RWx9NjWulA1TYV62EI+hc4AnEEbHy7eh3SRSv2iTD0LHsXNp0rUWOJ/r Cx1ymJH0ZhqoHpYvpOjwO3wH7ESpWRtQ6sC47P1cptBQRdDeFC44olnwg1tojz2ibJ/8 oJ2MzGIa6zB2jPfbQ2gIglae7rGXYOO3ADVtpfk0ezAVXPfiW+BBB7z2AezMVr/JtFse 4q+Q== X-Forwarded-Encrypted: i=1; AJvYcCUG1Th/WpBkCaA8GB0JSd4IsSx41ghVJmAhXhLTQhvhFPjtZpqcSGx9XqIRMbbY5OkofxfqRWsDyJrtfcA=@vger.kernel.org X-Gm-Message-State: AOJu0Ywc9Uy8ljIX9aPC3sm47KzWSk3M2yum9yaPulciP5rslyzvM9wu MXhMof8HMa595PjYCHO8C/mtuKY1fX0SbUj5WLfQLizXyt3U22ftp0gZ X-Gm-Gg: AZuq6aKe5LaPN9R1lU1V6Ba9nC6niwlVJw3I2mwMnuogtWfYGV3ZPk3eFqNyI06aFCX jEV0bFGm5H4XpmEXcknokb8b74KTxiB1x4rw7BVy2CsrNXlrqt765++0amI2q63qi6tXBWLTxn+ 74OTUijsUNlnSDNuOsB3AzkVytBTI2SdX2cfdiQhAyxvCExp2tBeKGILLZo+MUaG++NCV4pbF9N Ul9Z9h6nQCdzfIBykZ/x9wbc0AIPHvxhH2vPSGNZeobUx08Rj6ON+5aTZLootxrvoKMkS4zBeSV gEXac5NN/GPmjUEmq8vIvIrWDUf8lHjh/zk2/FUEsoMQLltwWich8D+F163MrwrzGlj/ptxG3it K2ZPZXXECFrSi8wavYZBKlIY+/BQdkfecKZ1aXCovA87XH1OsgfFnZ8fHvfmDhwP73iH6b++RX1 lIziBrJWtqbhmdQ5T7QIfdXV4+VjsHvrrJp4ZA2vUxtDGErcL4uL5D4spMZ4iy X-Received: by 2002:a05:7022:4a3:b0:11b:65e:f40 with SMTP id a92af1059eb24-124a008e6a0mr4875096c88.5.1769674726799; Thu, 29 Jan 2026 00:18:46 -0800 (PST) Received: from zcache.home.zacbowling.com ([2001:5a8:60d:bc9:f31e:1cb:296a:cc2a]) by smtp.gmail.com with ESMTPSA id a92af1059eb24-124a9efb4casm5483508c88.16.2026.01.29.00.18.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Jan 2026 00:18:46 -0800 (PST) Sender: Zac Bowling From: Zac To: nbd@nbd.name Cc: deren.wu@mediatek.com, kvalo@kernel.org, linux-kernel@vger.kernel.org, linux-mediatek@lists.infradead.org, linux-wireless@vger.kernel.org, linux@frame.work, lorenzo@kernel.org, ryder.lee@mediatek.com, sean.wang@kernel.org, sean.wang@mediatek.com, zac@zacbowling.com, zbowling@gmail.com Subject: [PATCH v7 1/6] wifi: mt76: mt7925: fix double wcid initialization race condition Date: Thu, 29 Jan 2026 00:18:34 -0800 Message-ID: <20260129081839.179709-2-zac@zacbowling.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260129081839.179709-1-zac@zacbowling.com> References: <20260129081839.179709-1-zac@zacbowling.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Remove duplicate mt76_wcid_init() call in mt7925_mac_link_sta_add that occurs after the wcid is already published via rcu_assign_pointer(). The wcid is correctly initialized at line 873 after allocation. However, a second mt76_wcid_init() call at line 885 reinitializes the wcid after it has been published to RCU readers, which can cause: - List head corruption (tx_list, poll_list) if concurrent code is already using the wcid - Memory leaks from reinitializing the pktid IDR - Race conditions where readers see partially initialized state Fixes: c948b5da6bbe ("wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt= 7925 device") Signed-off-by: Zac Bowling --- drivers/net/wireless/mediatek/mt76/mt7925/main.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/main.c b/drivers/net= /wireless/mediatek/mt76/mt7925/main.c index afcc0fa4aa35..fad3b1505f67 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/main.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/main.c @@ -882,7 +882,6 @@ static int mt7925_mac_link_sta_add(struct mt76_dev *mde= v, wcid =3D &mlink->wcid; ewma_signal_init(&wcid->rssi); rcu_assign_pointer(dev->mt76.wcid[wcid->idx], wcid); - mt76_wcid_init(wcid, 0); ewma_avg_signal_init(&mlink->avg_ack_signal); memset(mlink->airtime_ac, 0, sizeof(msta->deflink.airtime_ac)); --=20 2.52.0