Linux wireless drivers development
 help / color / mirror / Atom feed
From: Kavita Kavita <kavita.kavita@oss.qualcomm.com>
To: Carlos Llamas <cmllamas@google.com>
Cc: johannes@sipsolutions.net, linux-wireless@vger.kernel.org
Subject: Re: [PATCH wireless-next] wifi: cfg80211: fix regulatory.db async firmware request blocking __usermodehelper_disable()
Date: Mon, 29 Jun 2026 12:03:31 +0530	[thread overview]
Message-ID: <fee56590-36e3-475b-b6dd-118fffcf3d02@oss.qualcomm.com> (raw)
In-Reply-To: <aj6QvBdf3hGzDQig@google.com>



On 6/26/2026 8:16 PM, Carlos Llamas wrote:
> On Thu, Jun 25, 2026 at 02:59:04PM +0530, Kavita Kavita wrote:
>> cfg80211 schedules an asynchronous request_firmware() work item for
>> regulatory.db via request_firmware_work_func(). When the direct
>> firmware load fails, _request_firmware() falls back to the sysfs
>> fallback path via firmware_fallback_sysfs(), which blocks indefinitely
>> in wait_for_completion_killable_timeout() waiting for userspace to
>> supply the firmware through the sysfs interface.
>>
>> While this work item is pending, any caller of
>> __usermodehelper_disable() will deadlock attempting to acquire the
>> usermodehelper rwsem for writing, since the sysfs firmware fallback
>> path holds the rwsem for reading and is blocked waiting for userspace
>> response that can never arrive while usermode helpers are being
>> disabled.
>>
>> Observed call traces where system suspend blocked due to regulatory.db
>> async firmware request:
>>
>>   kworker/6:3 (pid 194) holding usermodehelper rwsem read lock, blocked
>>    waiting for userspace firmware response:
>>      wait_for_completion_killable_timeout+0x48
>>      firmware_fallback_sysfs+0x270
>>      _request_firmware+0x790
>>      request_firmware_work_func+0x44
>>      process_one_work[jt]+0x59c
>>      worker_thread+0x260
>>      kthread+0x150
>>      ret_from_fork+0x10
>>
>>   Caller blocked in __usermodehelper_disable() during system suspend:
>>      rwsem_down_write_slowpath+0x768
>>      down_write+0x98
>>      __usermodehelper_disable+0x3c
>>      freeze_processes+0x18
>>      pm_suspend+0x320
>>      state_store+0x104
>>      kernfs_fop_write_iter[jt]+0x168
>>      vfs_write+0x270
>>      ksys_write+0x78
>>
>> Any service or kernel subsystem invoking __usermodehelper_disable() is
>> susceptible to this hang as long as the regulatory.db sysfs fallback
>> request remains outstanding.
>>
>> Fix this by replacing the unconditional uevent-based load with a
>> two-step approach. First, attempt a synchronous load via
>> request_firmware_direct() at init time. This is fast and
>> non-blocking, if the file is present in standard paths it is loaded
>> immediately with no delay. If not found, the load is deferred to
>> wiphy_regulatory_register() and triggered via
>> firmware_request_nowait_nowarn() only when the first non-self-managed
>> wiphy registers.
>>
>> For self-managed drivers (REGULATORY_WIPHY_SELF_MANAGED), the hang is
>> avoided because wiphy_regulatory_register() handles them separately
>> and the deferred load path is never reached, so the file load is not
>> attempted at all. For this case, regulatory information is obtained
>> from driver/firmware during wiphy registration. For non-self-managed
>> drivers, the file is required and is expected to be present. The
>> deferred load via firmware_request_nowait_nowarn() is triggered only
>> when the first such wiphy registers. This ensures the database is
>> loaded only when it is actually needed, avoiding the sysfs fallback
>> path on systems where the file is absent at init time.
>>
>> Also refactor regdb_fw_cb() into two functions: regdb_load() which
>> validates and stores the firmware image, and regdb_fw_cb_restore()
>> which is the async callback that calls restore_regulatory_settings()
>> to replay all pending regulatory requests (country hints from core,
>> user, driver and country IE) that arrived while the database was not
>> yet available.
>>
>> NOTE:
>> This issue was observed on Android platforms where regulatory.db is
>> absent.
>> Steps to reproduce on Android platforms:
>>   1. Power off the device completely.
>>   2. Connect the charger; the device enters off-mode charging.
>>   3. While in off-mode charging, short press the power key.
>>
>> Signed-off-by: Kavita Kavita <kavita.kavita@oss.qualcomm.com>
> 
> Are you missing a `Fixes:` tag for this?
> 


I have included Fixes Tag in v2 version. Thanks.



      reply	other threads:[~2026-06-29  6:33 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-25  9:29 [PATCH wireless-next] wifi: cfg80211: fix regulatory.db async firmware request blocking __usermodehelper_disable() Kavita Kavita
2026-06-26 14:46 ` Carlos Llamas
2026-06-29  6:33   ` Kavita Kavita [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=fee56590-36e3-475b-b6dd-118fffcf3d02@oss.qualcomm.com \
    --to=kavita.kavita@oss.qualcomm.com \
    --cc=cmllamas@google.com \
    --cc=johannes@sipsolutions.net \
    --cc=linux-wireless@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox