From: Sasha Levin <sashal@kernel.org>
To: patches@lists.linux.dev, stable@vger.kernel.org
Cc: Baochen Qiang <quic_bqiang@quicinc.com>,
Vasanthakumar Thiagarajan
<vasanthakumar.thiagarajan@oss.qualcomm.com>,
Jeff Johnson <jeff.johnson@oss.qualcomm.com>,
Sasha Levin <sashal@kernel.org>,
jjohnson@kernel.org, linux-wireless@vger.kernel.org,
ath12k@lists.infradead.org
Subject: [PATCH AUTOSEL 6.6 17/62] wifi: ath12k: fix a possible dead lock caused by ab->base_lock
Date: Tue, 3 Jun 2025 21:01:28 -0400 [thread overview]
Message-ID: <20250604010213.3462-17-sashal@kernel.org> (raw)
In-Reply-To: <20250604010213.3462-1-sashal@kernel.org>
From: Baochen Qiang <quic_bqiang@quicinc.com>
[ Upstream commit ef115c265a21e3c11deee7f73bd1061775a7bf20 ]
spin_lock/spin_unlock are used in ath12k_reg_chan_list_event
to acquire/release ab->base_lock. For now this is safe because
that function is only called in soft IRQ context.
But ath12k_reg_chan_list_event() will be called from process
context in an upcoming patch, and this can result in a deadlock
if ab->base_lock is acquired in process context and then soft
IRQ occurs on the same CPU and tries to acquire that lock.
Fix it by using spin_lock_bh and spin_unlock_bh instead.
Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3
Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com>
Reviewed-by: Vasanthakumar Thiagarajan <vasanthakumar.thiagarajan@oss.qualcomm.com>
Link: https://patch.msgid.link/20250418-ath12k-6g-lp-vlp-v1-1-c869c86cad60@quicinc.com
Signed-off-by: Jeff Johnson <jeff.johnson@oss.qualcomm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Perfect! Now I can see the exact commit that matches the one being
analyzed. This commit was indeed applied on April 18, 2025 (which is
future-dated - this indicates this is a development/integration commit).
Based on the analysis: **YES** This commit should be backported to
stable kernel trees for the following reasons: 1. **Critical Deadlock
Fix**: The commit fixes a potential deadlock scenario involving the
`ab->base_lock` spinlock, which is identical to several previously
backported commits (Similar Commits #1, #2, #3, and #5 were all marked
as "YES" for backporting). 2. **Consistent Pattern**: The fix follows
the exact same pattern as the ath11k deadlock fixes that were
successfully backported. The issue is that `spin_lock()` was being used
in a context where soft IRQs could still occur, creating a deadlock
possibility when the same lock is acquired from both process and soft
IRQ contexts. 3. **Minimal and Safe Change**: The fix involves only
changing `spin_lock(&ab->base_lock)` to `spin_lock_bh(&ab->base_lock)`
and `spin_unlock(&ab->base_lock)` to `spin_unlock_bh(&ab->base_lock)` in
the `ath12k_reg_chan_list_event()` function - just 2 lines changed,
making it very low risk. 4. **Well-Understood Issue**: The commit
message clearly explains the deadlock scenario: when `ab->base_lock` is
acquired in process context and then a soft IRQ tries to acquire the
same lock on the same CPU, a deadlock occurs. Using `_bh` variants
prevents soft IRQs from interrupting the critical section. 5.
**Preventive Fix**: While the commit mentions "this will be called from
process context in an upcoming patch," the fix is preventive and
eliminates a race condition that could theoretically occur even in
current code paths. 6. **Critical Subsystem**: This affects the ath12k
wireless driver's regulatory channel list handling, which is a critical
path for wireless functionality. 7. **Established Precedent**: Similar
commits (#1, #2, #3, #5) with identical locking issues in ath11k,
ath12k, and mac80211 were all marked for backporting, establishing a
clear precedent that such deadlock fixes are appropriate for stable
trees. The change is contained, low-risk, fixes a critical locking
issue, and follows the stable tree guidelines for important bugfixes
with minimal regression risk.
drivers/net/wireless/ath/ath12k/wmi.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/ath/ath12k/wmi.c b/drivers/net/wireless/ath/ath12k/wmi.c
index c977dfbae0a46..11632b572bd38 100644
--- a/drivers/net/wireless/ath/ath12k/wmi.c
+++ b/drivers/net/wireless/ath/ath12k/wmi.c
@@ -5502,7 +5502,7 @@ static int ath12k_reg_chan_list_event(struct ath12k_base *ab, struct sk_buff *sk
goto fallback;
}
- spin_lock(&ab->base_lock);
+ spin_lock_bh(&ab->base_lock);
if (test_bit(ATH12K_FLAG_REGISTERED, &ab->dev_flags)) {
/* Once mac is registered, ar is valid and all CC events from
* fw is considered to be received due to user requests
@@ -5526,7 +5526,7 @@ static int ath12k_reg_chan_list_event(struct ath12k_base *ab, struct sk_buff *sk
ab->default_regd[pdev_idx] = regd;
}
ab->dfs_region = reg_info->dfs_region;
- spin_unlock(&ab->base_lock);
+ spin_unlock_bh(&ab->base_lock);
goto mem_free;
--
2.39.5
next prev parent reply other threads:[~2025-06-04 2:39 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-04 1:01 [PATCH AUTOSEL 6.6 01/62] net: macb: Check return value of dma_set_mask_and_coherent() Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 02/62] net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 03/62] tipc: use kfree_sensitive() for aead cleanup Sasha Levin
2025-06-04 1:01 ` [f2fs-dev] [PATCH AUTOSEL 6.6 04/62] f2fs: use vmalloc instead of kvmalloc in .init_{, de}compress_ctx Sasha Levin via Linux-f2fs-devel
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 04/62] f2fs: use vmalloc instead of kvmalloc in .init_{,de}compress_ctx Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 05/62] bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 06/62] i2c: designware: Invoke runtime suspend on quick slave re-registration Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 07/62] wifi: mt76: mt7996: drop fragments with multicast or broadcast RA Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 08/62] emulex/benet: correct command version selection in be_cmd_get_stats() Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 09/62] wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 10/62] wifi: mt76: mt7921: add 160 MHz AP for mt7922 device Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 11/62] sctp: Do not wake readers in __sctp_write_space() Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 12/62] cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 13/62] i2c: tegra: check msg length in SMBUS block read Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 14/62] i2c: npcm: Add clock toggle recovery Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 15/62] net: dlink: add synchronization for stats update Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 16/62] wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET Sasha Levin
2025-06-04 1:01 ` Sasha Levin [this message]
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 18/62] wifi: ath11k: Fix QMI memory reuse logic Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 19/62] wifi: rtw89: leave idle mode when setting WEP encryption for AP mode Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 20/62] tcp: always seek for minimal rtt in tcp_rcv_rtt_update() Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 21/62] tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 22/62] x86/sgx: Prevent attempts to reclaim poisoned pages Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 23/62] ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 24/62] openvswitch: Stricter validation for the userspace action Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 25/62] net: atlantic: generate software timestamp just before the doorbell Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 26/62] pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 27/62] pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 28/62] pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 29/62] pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 30/62] net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 31/62] net: vertexcom: mse102x: Return code for mse102x_rx_pkt_spi Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 32/62] wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 33/62] wifi: mac80211: do not offer a mesh path if forwarding is disabled Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 34/62] bpftool: Fix cgroup command to only show cgroup bpf programs Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 35/62] clk: rockchip: rk3036: mark ddrphy as critical Sasha Levin
2025-06-04 1:01 ` Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 36/62] libbpf: Add identical pointer detection to btf_dedup_is_equiv() Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 37/62] scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 38/62] iommu/amd: Ensure GA log notifier callbacks finish running before module unload Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 39/62] wifi: iwlwifi: pcie: make sure to lock rxq->read Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 40/62] wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 41/62] wifi: mac80211: VLAN traffic in multicast path Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 42/62] wifi: iwlwifi: Add missing MODULE_FIRMWARE for Qu-c0-jf-b0 Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 43/62] net: bridge: mcast: update multicast contex when vlan state is changed Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 44/62] net: bridge: mcast: re-implement br_multicast_{enable, disable}_port functions Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 45/62] vxlan: Do not treat dst cache initialization errors as fatal Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 46/62] net: ethernet: ti: am65-cpsw: handle -EPROBE_DEFER Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 47/62] software node: Correct a OOB check in software_node_get_reference_args() Sasha Levin
2025-06-04 1:01 ` [PATCH AUTOSEL 6.6 48/62] pinctrl: mcp23s08: Reset all pins to input at probe Sasha Levin
2025-06-04 1:02 ` [PATCH AUTOSEL 6.6 49/62] wifi: ath12k: fix failed to set mhi state error during reboot with hardware grouping Sasha Levin
2025-06-04 1:02 ` [PATCH AUTOSEL 6.6 50/62] scsi: lpfc: Use memcpy() for BIOS version Sasha Levin
2025-06-04 1:02 ` [PATCH AUTOSEL 6.6 51/62] sock: Correct error checking condition for (assign|release)_proto_idx() Sasha Levin
2025-06-04 1:02 ` [Intel-wired-lan] [PATCH AUTOSEL 6.6 52/62] i40e: fix MMIO write access to an invalid page in i40e_clear_hw Sasha Levin
2025-06-04 1:02 ` Sasha Levin
2025-06-04 1:02 ` [Intel-wired-lan] [PATCH AUTOSEL 6.6 53/62] ice: fix check for existing switch rule Sasha Levin
2025-06-04 1:02 ` Sasha Levin
2025-06-04 1:02 ` [PATCH AUTOSEL 6.6 54/62] usbnet: asix AX88772: leave the carrier control to phylink Sasha Levin
2025-06-04 1:02 ` [f2fs-dev] [PATCH AUTOSEL 6.6 55/62] f2fs: fix to set atomic write status more clear Sasha Levin via Linux-f2fs-devel
2025-06-04 1:02 ` Sasha Levin
2025-06-04 1:02 ` [PATCH AUTOSEL 6.6 56/62] bpf, sockmap: Fix data lost during EAGAIN retries Sasha Levin
2025-06-04 1:02 ` [PATCH AUTOSEL 6.6 57/62] net: ethernet: cortina: Use TOE/TSO on all TCP Sasha Levin
2025-06-04 1:02 ` [PATCH AUTOSEL 6.6 58/62] octeontx2-pf: Add error log forcn10k_map_unmap_rq_policer() Sasha Levin
2025-06-04 1:02 ` [PATCH AUTOSEL 6.6 59/62] wifi: ath11k: determine PM policy based on machine model Sasha Levin
2025-06-04 1:02 ` [PATCH AUTOSEL 6.6 60/62] wifi: ath12k: fix link valid field initialization in the monitor Rx Sasha Levin
2025-06-04 1:02 ` [PATCH AUTOSEL 6.6 61/62] wifi: ath12k: fix incorrect CE addresses Sasha Levin
2025-06-04 1:02 ` [PATCH AUTOSEL 6.6 62/62] wifi: ath12k: Pass correct values of center freq1 and center freq2 for 160 MHz Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250604010213.3462-17-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=ath12k@lists.infradead.org \
--cc=jeff.johnson@oss.qualcomm.com \
--cc=jjohnson@kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=patches@lists.linux.dev \
--cc=quic_bqiang@quicinc.com \
--cc=stable@vger.kernel.org \
--cc=vasanthakumar.thiagarajan@oss.qualcomm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.