[PATCH ath-current 0/7] wifi: ath12k: Fix Issues in REO RX Queue Updates

Vasanthakumar Thiagarajan vasanthakumar.thiagarajan at oss.qualcomm.com
Sat Sep 20 12:46:24 PDT 2025 


On 8/6/2025 4:47 PM, Nithyanantham Paramasivam wrote:
> During stress test scenarios, when the REO command ring becomes full,
> the RX queue update command issued during peer deletion fails due to
> insufficient space. In response, the host performs a dma_unmap and
> frees the associated memory. However, the hardware still retains a
> reference to the same memory address. If the kernel later reallocates
> this address, unaware that the hardware is still using it, it can
> lead to memory corruption-since the host might access or modify
> memory that is still actively referenced by the hardware.
> 
> Implement a retry mechanism for the HAL_REO_CMD_UPDATE_RX_QUEUE
> command during TID deletion to prevent memory corruption. Introduce
> a new list, reo_cmd_update_rx_queue_list, in the dp structure to
> track pending RX queue updates. Protect this list with
> reo_rxq_flush_lock, which also ensures synchronized access to
> reo_cmd_cache_flush_list. Defer memory release until hardware
> confirms the virtual address is no longer in use, avoiding immediate
> deallocation on command failure. Release memory for pending RX queue
> updates via ath12k_dp_rx_reo_cmd_list_cleanup() on system reset
> if hardware confirmation is not received.
> 
> Additionally, increase DP_REO_CMD_RING_SIZE to 256 to reduce the
> likelihood of ring exhaustion. Use a 1KB cache flush command for
> QoS TID descriptors to improve efficiency.
> 
> Manish Dharanenthiran (2):
>    wifi: ath12k: Add Retry Mechanism for REO RX Queue Update Failures
>    wifi: ath12k: Use 1KB Cache Flush Command for QoS TID Descriptors
> 
> Nithyanantham Paramasivam (5):
>    wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256
>    wifi: ath12k: Refactor RX TID deletion handling into helper function
>    wifi: ath12k: Refactor RX TID buffer cleanup into helper function
>    wifi: ath12k: Refactor REO command to use ath12k_dp_rx_tid_rxq
>    wifi: ath12k: Fix flush cache failure during RX queue update
> 
>   drivers/net/wireless/ath/ath12k/dp.c       |   2 +
>   drivers/net/wireless/ath/ath12k/dp.h       |  12 +-
>   drivers/net/wireless/ath/ath12k/dp_rx.c    | 336 ++++++++++++++-------
>   drivers/net/wireless/ath/ath12k/dp_rx.h    |  18 +-
>   drivers/net/wireless/ath/ath12k/hal.h      |   1 +
>   drivers/net/wireless/ath/ath12k/hal_desc.h |   1 +
>   drivers/net/wireless/ath/ath12k/hal_rx.c   |   3 +
>   7 files changed, 251 insertions(+), 122 deletions(-)
> 

Reviewed-by: Vasanthakumar Thiagarajan <vasanthakumar.thiagarajan at oss.qualcomm.com>

More information about the ath12k mailing list