From: Zac Bowling Fix deadlock scenarios in mt7921 ROC (Remain On Channel) abort paths: 1. Suspend path deadlock (pci.c, sdio.c): - Previous fix (b74d48c46f) added mutex around mt7921_roc_abort_sync - But roc_work acquires mutex, so cancel_work_sync can deadlock - Fix: Remove mutex wrappers since mt7921_roc_abort_sync doesn't actually need them (it only calls timer_delete_sync, cancel_work_sync, and ieee80211_iterate_interfaces which handles its own locking) 2. sta_remove path deadlock: - mt7921_mac_sta_remove is called from mt76_sta_remove which holds mutex - Calling mt7921_roc_abort_sync → cancel_work_sync can deadlock if roc_work is waiting for the mutex - Fix: Add mt7921_roc_abort_async (matching mt7925 pattern) that sets abort flag and schedules work instead of blocking - Add abort flag checking in mt7921_roc_work to handle async abort The fix mirrors the mt7925 implementation which already handles these scenarios correctly. Fixes: b74d48c46f ("wifi: mt76: mt7921: fix mutex handling in multiple paths") Signed-off-by: Zac Bowling --- .../net/wireless/mediatek/mt76/mt7921/main.c | 29 +++++++++++++++---- .../net/wireless/mediatek/mt76/mt7921/pci.c | 2 -- .../net/wireless/mediatek/mt76/mt7921/sdio.c | 2 -- 3 files changed, 23 insertions(+), 10 deletions(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/main.c b/drivers/net/wireless/mediatek/mt76/mt7921/main.c index 9315dbdf8880..07d1d0d497f1 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7921/main.c +++ b/drivers/net/wireless/mediatek/mt76/mt7921/main.c @@ -367,17 +367,24 @@ static void mt7921_roc_iter(void *priv, u8 *mac, mt7921_mcu_abort_roc(phy, mvif, phy->roc_token_id); } +/* Async ROC abort - safe to call while holding mutex. + * Sets abort flag and schedules roc_work for cleanup. + */ +static void mt7921_roc_abort_async(struct mt792x_dev *dev) +{ + struct mt792x_phy *phy = &dev->phy; + + set_bit(MT76_STATE_ROC_ABORT, &phy->mt76->state); + timer_delete(&phy->roc_timer); + ieee80211_queue_work(phy->mt76->hw, &phy->roc_work); +} + void mt7921_roc_abort_sync(struct mt792x_dev *dev) { struct mt792x_phy *phy = &dev->phy; timer_delete_sync(&phy->roc_timer); cancel_work_sync(&phy->roc_work); - /* Note: caller must hold mutex if ieee80211_iterate_interfaces is - * needed for ROC cleanup. Some call sites (like mt7921_mac_sta_remove) - * already hold the mutex via mt76_sta_remove(). For suspend paths, - * the mutex should be acquired before calling this function. - */ if (test_and_clear_bit(MT76_STATE_ROC, &phy->mt76->state)) ieee80211_iterate_interfaces(mt76_hw(dev), IEEE80211_IFACE_ITER_RESUME_ALL, @@ -392,6 +399,15 @@ void mt7921_roc_work(struct work_struct *work) phy = (struct mt792x_phy *)container_of(work, struct mt792x_phy, roc_work); + /* Check abort flag before acquiring mutex to prevent deadlock. + * Only send expired callback if ROC was actually active. + */ + if (test_and_clear_bit(MT76_STATE_ROC_ABORT, &phy->mt76->state)) { + if (test_and_clear_bit(MT76_STATE_ROC, &phy->mt76->state)) + ieee80211_remain_on_channel_expired(phy->mt76->hw); + return; + } + if (!test_and_clear_bit(MT76_STATE_ROC, &phy->mt76->state)) return; @@ -887,7 +903,8 @@ void mt7921_mac_sta_remove(struct mt76_dev *mdev, struct ieee80211_vif *vif, struct mt792x_dev *dev = container_of(mdev, struct mt792x_dev, mt76); struct mt792x_sta *msta = (struct mt792x_sta *)sta->drv_priv; - mt7921_roc_abort_sync(dev); + /* Async abort - caller already holds mutex */ + mt7921_roc_abort_async(dev); mt76_connac_free_pending_tx_skbs(&dev->pm, &msta->deflink.wcid); mt76_connac_pm_wake(&dev->mphy, &dev->pm); diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/pci.c b/drivers/net/wireless/mediatek/mt76/mt7921/pci.c index 9f76b334b93d..ec9686183251 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7921/pci.c +++ b/drivers/net/wireless/mediatek/mt76/mt7921/pci.c @@ -426,9 +426,7 @@ static int mt7921_pci_suspend(struct device *device) cancel_delayed_work_sync(&pm->ps_work); cancel_work_sync(&pm->wake_work); - mt792x_mutex_acquire(dev); mt7921_roc_abort_sync(dev); - mt792x_mutex_release(dev); err = mt792x_mcu_drv_pmctrl(dev); if (err < 0) diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/sdio.c b/drivers/net/wireless/mediatek/mt76/mt7921/sdio.c index 92ea2811816f..3421e53dc948 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7921/sdio.c +++ b/drivers/net/wireless/mediatek/mt76/mt7921/sdio.c @@ -219,9 +219,7 @@ static int mt7921s_suspend(struct device *__dev) cancel_delayed_work_sync(&pm->ps_work); cancel_work_sync(&pm->wake_work); - mt792x_mutex_acquire(dev); mt7921_roc_abort_sync(dev); - mt792x_mutex_release(dev); err = mt792x_mcu_drv_pmctrl(dev); if (err < 0) -- 2.52.0