On Wed, Feb 22, 2023 at 12:17:21PM +0800, Zheng Hacker wrote: > Could you please provide some advice about the fix? This entire driver's locking patterns (or lack thereof) need rewritten. This driver was probably written by someone that doesn't really understand concurrent programming. It really only works because the bulk of normal operation is sequentialized into the main loop (mwifiex_main_process()). Any time you get outside that, you're likely to find bugs. But now that I've looked a little further, I'm not confident you pointed out a real bug. How does mwifiex_sdio_card_reset_work() get past mwifiex_shutdown_sw() -> wait_for_completion(adapter->fw_done) ? That should ensure that _mwifiex_fw_dpc() is finished, and so we can't hit the race you point out. Note to self: ignore most "static analysis" reports of race conditions, unless they have thorough analysis or a runtime reproduction. Brian
