This is a note to let you know that I've just added the patch titled wifi: nl80211: fix deadlock in nl80211_set_cqm_rssi (6.6.x) to the 6.6-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: wifi-nl80211-fix-deadlock-in-nl80211_set_cqm_rssi-6.6.x.patch and it can be found in the queue-6.6 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From stable+bounces-6868-greg=kroah.com@xxxxxxxxxxxxxxx Sat Dec 16 06:57:02 2023 From: "Léo Lam" <leo@xxxxxxxxx> Date: Sat, 16 Dec 2023 05:47:17 +0000 Subject: wifi: nl80211: fix deadlock in nl80211_set_cqm_rssi (6.6.x) To: stable@xxxxxxxxxxxxxxx Cc: "Léo Lam" <leo@xxxxxxxxx>, "Philip Müller" <philm@xxxxxxxxxxx>, "Johannes Berg" <johannes.berg@xxxxxxxxx> Message-ID: <20231216054715.7729-4-leo@xxxxxxxxx> From: "Léo Lam" <leo@xxxxxxxxx> Commit 008afb9f3d57 ("wifi: cfg80211: fix CQM for non-range use" backported to 6.6.x) causes nl80211_set_cqm_rssi not to release the wdev lock in some of the error paths. Of course, the ensuing deadlock causes userland network managers to break pretty badly, and on typical systems this also causes lockups on on suspend, poweroff and reboot. See [1], [2], [3] for example reports. The upstream commit 7e7efdda6adb ("wifi: cfg80211: fix CQM for non-range use"), committed in November 2023, is completely fine because there was another commit in August 2023 that removed the wdev lock: see commit 076fc8775daf ("wifi: cfg80211: remove wdev mutex"). The reason things broke in 6.6.5 is that commit 4338058f6009 was applied without also applying 076fc8775daf. Commit 076fc8775daf ("wifi: cfg80211: remove wdev mutex") is a rather large commit; adjusting the error handling (which is what this commit does) yields a much simpler patch and was tested to work properly. Fix the deadlock by releasing the lock before returning. [1] https://bugzilla.kernel.org/show_bug.cgi?id=218247 [2] https://bbs.archlinux.org/viewtopic.php?id=290976 [3] https://lore.kernel.org/all/87sf4belmm.fsf@xxxxxxxxxxxxx/ Link: https://lore.kernel.org/stable/e374bb16-5b13-44cc-b11a-2f4eefb1ecf5@xxxxxxxxxxx/ Fixes: 008afb9f3d57 ("wifi: cfg80211: fix CQM for non-range use") Tested-by: "Léo Lam" <leo@xxxxxxxxx> Tested-by: Philip Müller <philm@xxxxxxxxxxx> Cc: stable@xxxxxxxxxxxxxxx Cc: Johannes Berg <johannes.berg@xxxxxxxxx> Signed-off-by: "Léo Lam" <leo@xxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- net/wireless/nl80211.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -12906,17 +12906,23 @@ static int nl80211_set_cqm_rssi(struct g lockdep_is_held(&wdev->mtx)); /* if already disabled just succeed */ - if (!n_thresholds && !old) - return 0; + if (!n_thresholds && !old) { + err = 0; + goto unlock; + } if (n_thresholds > 1) { if (!wiphy_ext_feature_isset(&rdev->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST) || - !rdev->ops->set_cqm_rssi_range_config) - return -EOPNOTSUPP; + !rdev->ops->set_cqm_rssi_range_config) { + err = -EOPNOTSUPP; + goto unlock; + } } else { - if (!rdev->ops->set_cqm_rssi_config) - return -EOPNOTSUPP; + if (!rdev->ops->set_cqm_rssi_config) { + err = -EOPNOTSUPP; + goto unlock; + } } if (n_thresholds) { Patches currently in stable-queue which might be from kroah.com@xxxxxxxxxxxxxxx are queue-6.6/wifi-nl80211-fix-deadlock-in-nl80211_set_cqm_rssi-6.6.x.patch