[PATCH v3] wifi: ath12k: use lockdep_assert_in_rcu_read_lock() for RCU assertions

[PATCH v3] wifi: ath12k: use lockdep_assert_in_rcu_read_lock() for RCU assertions

[Yu-Hsiang Tseng]

Two functions in ath12k assert that the caller holds an RCU read lock:
ath12k_mac_get_arvif() and ath12k_p2p_noa_update_vdev_iter(). Both use:

    WARN_ON(!rcu_read_lock_any_held());

On kernels using preemptible RCU (CONFIG_PREEMPT=y or CONFIG_PREEMPT_RT=y)
without CONFIG_DEBUG_LOCK_ALLOC, this produces a false positive splat
whenever these functions are invoked from paths that do hold the RCU
read lock (e.g. firmware stats processing or mac80211 interface
iteration).

Root cause:

  - Without CONFIG_DEBUG_LOCK_ALLOC, rcu_read_lock_any_held() is a
    static inline that returns !preemptible() as a proxy for "in an
    RCU read section".

  - With preemptible RCU, rcu_read_lock() does not disable preemption.
    A task can therefore be preemptible while legitimately holding an
    RCU read lock, making the proxy unreliable.

  - Callers such as ath12k_wmi_tlv_rssi_chain_parse() (via guard(rcu)())
    and ieee80211_iterate_active_interfaces_atomic() do hold the RCU
    read lock, so these warnings are incorrect.

Typical splat seen on a WCN7850 station with periodic fw stats
processing:

  WARNING: drivers/net/wireless/ath/ath12k/mac.c:791 at
    ath12k_mac_get_arvif+0x9e/0xd0 [ath12k]
  Tainted: G W O 6.19.13-rt #1 PREEMPT_RT
  Call Trace:
   ath12k_wmi_tlv_rssi_chain_parse+0x69/0x170 [ath12k]
   ath12k_wmi_tlv_iter+0x7f/0x120 [ath12k]
   ath12k_wmi_tlv_fw_stats_parse+0x342/0x6b0 [ath12k]
   ath12k_wmi_op_rx+0xe9e/0x3150 [ath12k]
   ath12k_htc_rx_completion_handler+0x3df/0x5b0 [ath12k]
   ath12k_ce_per_engine_service+0x325/0x3e0 [ath12k]
   ath12k_pci_ce_workqueue+0x20/0x40 [ath12k]

Replace WARN_ON(!rcu_read_lock_any_held()) with
lockdep_assert_in_rcu_read_lock(), which is gated on CONFIG_PROVE_RCU
and therefore compiles out entirely when PROVE_RCU is disabled.
PROVE_RCU kernels continue to get the full lockdep-based check, and
the new helper precisely checks for rcu_read_lock() rather than any
RCU variant, which better matches the callers' expectations.

Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.1.c5-00302-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.115823.3

Fixes: 3dd2c68f206e ("wifi: ath12k: prepare vif data structure for MLO handling")
Suggested-by: Baochen Qiang <baochen.qiang@oss.qualcomm.com>
Suggested-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Reviewed-by: Baochen Qiang <baochen.qiang@oss.qualcomm.com>
Reviewed-by: Rameshkumar Sundaram <rameshkumar.sundaram@oss.qualcomm.com>
Signed-off-by: Yu-Hsiang Tseng <asas1asas200@gmail.com>
---
Changes in v3:
  - Use lockdep_assert_in_rcu_read_lock() instead of RCU_LOCKDEP_WARN()
    for clearer intent and more precise semantics (suggested by
    Sebastian Andrzej Siewior)
  - Reword commit message: this affects preemptible RCU in general,
    not only PREEMPT_RT
  - Move Tested-on before the official tags per ath convention

Changes in v2:
  - Also fix the same WARN_ON() in ath12k_p2p_noa_update_vdev_iter()
    (suggested by Baochen Qiang)
  - Update commit message to cover both call sites

Link to v1: https://lore.kernel.org/ath12k/20260420161049.695518-1-asas1asas200@gmail.com/
Link to v2: https://lore.kernel.org/ath12k/20260421172500.1050754-1-asas1asas200@gmail.com/

 drivers/net/wireless/ath/ath12k/mac.c | 2 +-
 drivers/net/wireless/ath/ath12k/p2p.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/ath/ath12k/mac.c b/drivers/net/wireless/ath/ath12k/mac.c
index fbdfe6424fd7..df2334f3bad6 100644
--- a/drivers/net/wireless/ath/ath12k/mac.c
+++ b/drivers/net/wireless/ath/ath12k/mac.c
@@ -788,7 +788,7 @@ struct ath12k_link_vif *ath12k_mac_get_arvif(struct ath12k *ar, u32 vdev_id)
 
 	/* To use the arvif returned, caller must have held rcu read lock.
 	 */
-	WARN_ON(!rcu_read_lock_any_held());
+	lockdep_assert_in_rcu_read_lock();
 	arvif_iter.vdev_id = vdev_id;
 	arvif_iter.ar = ar;
 
diff --git a/drivers/net/wireless/ath/ath12k/p2p.c b/drivers/net/wireless/ath/ath12k/p2p.c
index 59589748f1a8..19ebcd1d8eb2 100644
--- a/drivers/net/wireless/ath/ath12k/p2p.c
+++ b/drivers/net/wireless/ath/ath12k/p2p.c
@@ -123,7 +123,7 @@ static void ath12k_p2p_noa_update_vdev_iter(void *data, u8 *mac,
 	struct ath12k_p2p_noa_arg *arg = data;
 	struct ath12k_link_vif *arvif;
 
-	WARN_ON(!rcu_read_lock_any_held());
+	lockdep_assert_in_rcu_read_lock();
 	arvif = &ahvif->deflink;
 	if (!arvif->is_created || arvif->ar != arg->ar || arvif->vdev_id != arg->vdev_id)
 		return;
-- 
2.53.0

Re: [PATCH v3] wifi: ath12k: use lockdep_assert_in_rcu_read_lock() for RCU assertions

[Sebastian Andrzej Siewior]

On 2026-04-23 02:08:14 [+0800], Yu-Hsiang Tseng wrote:
> Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.1.c5-00302-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.115823.3

This could written in plain english as in "Tested on …". Not sure what
this "convention" is but anyway.

The change is okay.
Reviewed-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>

> Changes in v3:
>   - Use lockdep_assert_in_rcu_read_lock() instead of RCU_LOCKDEP_WARN()
>     for clearer intent and more precise semantics (suggested by
>     Sebastian Andrzej Siewior)
>   - Reword commit message: this affects preemptible RCU in general,
>     not only PREEMPT_RT
>   - Move Tested-on before the official tags per ath convention

Sebastian

Re: [PATCH v3] wifi: ath12k: use lockdep_assert_in_rcu_read_lock() for RCU assertions

[Jeff Johnson]

On 4/22/2026 11:30 PM, Sebastian Andrzej Siewior wrote:
> On 2026-04-23 02:08:14 [+0800], Yu-Hsiang Tseng wrote:
>> Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.1.c5-00302-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.115823.3
> 
> This could written in plain english as in "Tested on …". Not sure what
> this "convention" is but anyway.

FYI this is a long-standing convention for the ath family of wifi drivers,
dating back to at least ath10k:

https://wireless.docs.kernel.org/en/latest/en/users/drivers/ath10k/submittingpatches.html#tested-on-tag
https://wireless.docs.kernel.org/en/latest/en/users/drivers/ath11k/submittingpatches.html#tested-on-tag
https://wireless.docs.kernel.org/en/latest/en/users/drivers/ath12k/submittingpatches.html#tested-on-tag

> 
> The change is okay.
> Reviewed-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>

Thanks for your review!
/jeff

Re: [PATCH v3] wifi: ath12k: use lockdep_assert_in_rcu_read_lock() for RCU assertions

[Sebastian Andrzej Siewior]

On 2026-04-23 08:24:46 [-0700], Jeff Johnson wrote:
> On 4/22/2026 11:30 PM, Sebastian Andrzej Siewior wrote:
> > On 2026-04-23 02:08:14 [+0800], Yu-Hsiang Tseng wrote:
> >> Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.1.c5-00302-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.115823.3
> > 
> > This could written in plain english as in "Tested on …". Not sure what
> > this "convention" is but anyway.
> 
> FYI this is a long-standing convention for the ath family of wifi drivers,
> dating back to at least ath10k:

I see. Never mind then. The previous comment read like "don't use
non-standard tags" and the change was to use a blank line.
Anyway, not my department.

Sebastian

Re: [PATCH v3] wifi: ath12k: use lockdep_assert_in_rcu_read_lock() for RCU assertions

[Jeff Johnson]

On Thu, 23 Apr 2026 02:08:14 +0800, Yu-Hsiang Tseng wrote:
> Two functions in ath12k assert that the caller holds an RCU read lock:
> ath12k_mac_get_arvif() and ath12k_p2p_noa_update_vdev_iter(). Both use:
> 
>     WARN_ON(!rcu_read_lock_any_held());
> 
> On kernels using preemptible RCU (CONFIG_PREEMPT=y or CONFIG_PREEMPT_RT=y)
> without CONFIG_DEBUG_LOCK_ALLOC, this produces a false positive splat
> whenever these functions are invoked from paths that do hold the RCU
> read lock (e.g. firmware stats processing or mac80211 interface
> iteration).
> 
> [...]

Applied, thanks!

[1/1] wifi: ath12k: use lockdep_assert_in_rcu_read_lock() for RCU assertions
      commit: 4498664e2d5888efabb96428196a926acdaa25ed

Best regards,
-- 
Jeff Johnson <jeff.johnson@oss.qualcomm.com>