[PATCH AUTOSEL 6.6 17/62] wifi: ath12k: fix a possible dead lock caused by ab->base_lock

public inbox for ath12k@lists.infradead.org
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: patches@lists.linux.dev, stable@vger.kernel.org
Cc: Baochen Qiang <quic_bqiang@quicinc.com>,
	Vasanthakumar Thiagarajan
	<vasanthakumar.thiagarajan@oss.qualcomm.com>,
	Jeff Johnson <jeff.johnson@oss.qualcomm.com>,
	Sasha Levin <sashal@kernel.org>,
	jjohnson@kernel.org, linux-wireless@vger.kernel.org,
	ath12k@lists.infradead.org
Subject: [PATCH AUTOSEL 6.6 17/62] wifi: ath12k: fix a possible dead lock caused by ab->base_lock
Date: Tue,  3 Jun 2025 21:01:28 -0400	[thread overview]
Message-ID: <20250604010213.3462-17-sashal@kernel.org> (raw)
In-Reply-To: <20250604010213.3462-1-sashal@kernel.org>

From: Baochen Qiang <quic_bqiang@quicinc.com>

[ Upstream commit ef115c265a21e3c11deee7f73bd1061775a7bf20 ]

spin_lock/spin_unlock are used in ath12k_reg_chan_list_event
to acquire/release ab->base_lock. For now this is safe because
that function is only called in soft IRQ context.

But ath12k_reg_chan_list_event() will be called from process
context in an upcoming patch, and this can result in a deadlock
if ab->base_lock is acquired in process context and then soft
IRQ occurs on the same CPU and tries to acquire that lock.

Fix it by using spin_lock_bh and spin_unlock_bh instead.

Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3

Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com>
Reviewed-by: Vasanthakumar Thiagarajan <vasanthakumar.thiagarajan@oss.qualcomm.com>
Link: https://patch.msgid.link/20250418-ath12k-6g-lp-vlp-v1-1-c869c86cad60@quicinc.com
Signed-off-by: Jeff Johnson <jeff.johnson@oss.qualcomm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

Perfect! Now I can see the exact commit that matches the one being
analyzed. This commit was indeed applied on April 18, 2025 (which is
future-dated - this indicates this is a development/integration commit).
Based on the analysis: **YES** This commit should be backported to
stable kernel trees for the following reasons: 1. **Critical Deadlock
Fix**: The commit fixes a potential deadlock scenario involving the
`ab->base_lock` spinlock, which is identical to several previously
backported commits (Similar Commits #1, #2, #3, and #5 were all marked
as "YES" for backporting). 2. **Consistent Pattern**: The fix follows
the exact same pattern as the ath11k deadlock fixes that were
successfully backported. The issue is that `spin_lock()` was being used
in a context where soft IRQs could still occur, creating a deadlock
possibility when the same lock is acquired from both process and soft
IRQ contexts. 3. **Minimal and Safe Change**: The fix involves only
changing `spin_lock(&ab->base_lock)` to `spin_lock_bh(&ab->base_lock)`
and `spin_unlock(&ab->base_lock)` to `spin_unlock_bh(&ab->base_lock)` in
the `ath12k_reg_chan_list_event()` function - just 2 lines changed,
making it very low risk. 4. **Well-Understood Issue**: The commit
message clearly explains the deadlock scenario: when `ab->base_lock` is
acquired in process context and then a soft IRQ tries to acquire the
same lock on the same CPU, a deadlock occurs. Using `_bh` variants
prevents soft IRQs from interrupting the critical section. 5.
**Preventive Fix**: While the commit mentions "this will be called from
process context in an upcoming patch," the fix is preventive and
eliminates a race condition that could theoretically occur even in
current code paths. 6. **Critical Subsystem**: This affects the ath12k
wireless driver's regulatory channel list handling, which is a critical
path for wireless functionality. 7. **Established Precedent**: Similar
commits (#1, #2, #3, #5) with identical locking issues in ath11k,
ath12k, and mac80211 were all marked for backporting, establishing a
clear precedent that such deadlock fixes are appropriate for stable
trees. The change is contained, low-risk, fixes a critical locking
issue, and follows the stable tree guidelines for important bugfixes
with minimal regression risk.

 drivers/net/wireless/ath/ath12k/wmi.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/ath/ath12k/wmi.c b/drivers/net/wireless/ath/ath12k/wmi.c
index c977dfbae0a46..11632b572bd38 100644
--- a/drivers/net/wireless/ath/ath12k/wmi.c
+++ b/drivers/net/wireless/ath/ath12k/wmi.c
@@ -5502,7 +5502,7 @@ static int ath12k_reg_chan_list_event(struct ath12k_base *ab, struct sk_buff *sk
 		goto fallback;
 	}

-	spin_lock(&ab->base_lock);
+	spin_lock_bh(&ab->base_lock);
 	if (test_bit(ATH12K_FLAG_REGISTERED, &ab->dev_flags)) {
 		/* Once mac is registered, ar is valid and all CC events from
 		 * fw is considered to be received due to user requests
@@ -5526,7 +5526,7 @@ static int ath12k_reg_chan_list_event(struct ath12k_base *ab, struct sk_buff *sk
 		ab->default_regd[pdev_idx] = regd;
 	}
 	ab->dfs_region = reg_info->dfs_region;
-	spin_unlock(&ab->base_lock);
+	spin_unlock_bh(&ab->base_lock);

 	goto mem_free;

-- 
2.39.5

next prev parent reply	other threads:[~2025-06-04  2:39 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20250604010213.3462-1-sashal@kernel.org>
2025-06-04  1:01 ` [PATCH AUTOSEL 6.6 16/62] wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET Sasha Levin
2025-06-04  1:01 ` Sasha Levin [this message]
2025-06-04  1:02 ` [PATCH AUTOSEL 6.6 49/62] wifi: ath12k: fix failed to set mhi state error during reboot with hardware grouping Sasha Levin
2025-06-04  1:02 ` [PATCH AUTOSEL 6.6 60/62] wifi: ath12k: fix link valid field initialization in the monitor Rx Sasha Levin
2025-06-04  1:02 ` [PATCH AUTOSEL 6.6 61/62] wifi: ath12k: fix incorrect CE addresses Sasha Levin
2025-06-04  1:02 ` [PATCH AUTOSEL 6.6 62/62] wifi: ath12k: Pass correct values of center freq1 and center freq2 for 160 MHz Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:c977dfbae0a4 dfblob:11632b572bd3 )
 OR (
bs:"[PATCH AUTOSEL 6.6 17/62] wifi: ath12k: fix a possible dead lock caused by ab->base_lock" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250604010213.3462-17-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=ath12k@lists.infradead.org \
    --cc=jeff.johnson@oss.qualcomm.com \
    --cc=jjohnson@kernel.org \
    --cc=linux-wireless@vger.kernel.org \
    --cc=patches@lists.linux.dev \
    --cc=quic_bqiang@quicinc.com \
    --cc=stable@vger.kernel.org \
    --cc=vasanthakumar.thiagarajan@oss.qualcomm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox