From: Ziyi Guo Date: Sat, 31 Jan 2026 03:52:10 +0000 (+0000) Subject: wifi: mt76: add missing lock protection in mt76_sta_state for sta_event callback X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f0168f2f9a1eca55d3ae09d8250b94e82b67cac3;p=thirdparty%2Flinux.git wifi: mt76: add missing lock protection in mt76_sta_state for sta_event callback mt76_sta_state() calls the sta_event callback without holding dev->mutex. However, mt7915_mac_sta_event() (MT7915 implementation of this callback) calls mt7915_mac_twt_teardown_flow() which has lockdep_assert_held(&dev->mt76.mutex) indicating that callers must hold this lock. The locking pattern in mt76_sta_state() is inconsistent: - mt76_sta_add() acquires dev->mutex before calling dev->drv->sta_add - mt76_sta_remove() acquires dev->mutex before calling __mt76_sta_remove - But sta_event callback is called without acquiring the lock Add mutex_lock()/mutex_unlock() around the mt7915_mac_twt_teardown_flow invocation to fix the missing lock protection and maintain consistency with the existing locking pattern. Signed-off-by: Ziyi Guo Link: https://patch.msgid.link/20260131035210.2198259-1-n7l8m4@u.northwestern.edu Signed-off-by: Felix Fietkau --- diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/main.c b/drivers/net/wireless/mediatek/mt76/mt7915/main.c index 0892291616ead..e1d83052aa6dd 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7915/main.c +++ b/drivers/net/wireless/mediatek/mt76/mt7915/main.c @@ -852,8 +852,10 @@ int mt7915_mac_sta_event(struct mt76_dev *mdev, struct ieee80211_vif *vif, return mt7915_mcu_add_sta(dev, vif, sta, CONN_STATE_PORT_SECURE, false); case MT76_STA_EVENT_DISASSOC: + mutex_lock(&dev->mt76.mutex); for (i = 0; i < ARRAY_SIZE(msta->twt.flow); i++) mt7915_mac_twt_teardown_flow(dev, msta, i); + mutex_unlock(&dev->mt76.mutex); mt7915_mcu_add_sta(dev, vif, sta, CONN_STATE_DISCONNECT, false); msta->wcid.sta_disabled = 1;