[PATCH ath-current 0/7] wifi: ath12k: Fix Issues in REO RX Queue Updates

Baochen Qiang baochen.qiang at oss.qualcomm.com
Sun Sep 21 22:14:23 PDT 2025 


On 8/6/2025 7:17 PM, Nithyanantham Paramasivam wrote:
> During stress test scenarios, when the REO command ring becomes full,
> the RX queue update command issued during peer deletion fails due to
> insufficient space. In response, the host performs a dma_unmap and
> frees the associated memory. However, the hardware still retains a
> reference to the same memory address. If the kernel later reallocates
> this address, unaware that the hardware is still using it, it can
> lead to memory corruption-since the host might access or modify
> memory that is still actively referenced by the hardware.
> 
> Implement a retry mechanism for the HAL_REO_CMD_UPDATE_RX_QUEUE
> command during TID deletion to prevent memory corruption. Introduce
> a new list, reo_cmd_update_rx_queue_list, in the dp structure to
> track pending RX queue updates. Protect this list with
> reo_rxq_flush_lock, which also ensures synchronized access to
> reo_cmd_cache_flush_list. Defer memory release until hardware
> confirms the virtual address is no longer in use, avoiding immediate
> deallocation on command failure. Release memory for pending RX queue
> updates via ath12k_dp_rx_reo_cmd_list_cleanup() on system reset
> if hardware confirmation is not received.
> 
> Additionally, increase DP_REO_CMD_RING_SIZE to 256 to reduce the
> likelihood of ring exhaustion. Use a 1KB cache flush command for
> QoS TID descriptors to improve efficiency.
> 
> Manish Dharanenthiran (2):
>   wifi: ath12k: Add Retry Mechanism for REO RX Queue Update Failures
>   wifi: ath12k: Use 1KB Cache Flush Command for QoS TID Descriptors
> 
> Nithyanantham Paramasivam (5):
>   wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256
>   wifi: ath12k: Refactor RX TID deletion handling into helper function
>   wifi: ath12k: Refactor RX TID buffer cleanup into helper function
>   wifi: ath12k: Refactor REO command to use ath12k_dp_rx_tid_rxq
>   wifi: ath12k: Fix flush cache failure during RX queue update
> 
>  drivers/net/wireless/ath/ath12k/dp.c       |   2 +
>  drivers/net/wireless/ath/ath12k/dp.h       |  12 +-
>  drivers/net/wireless/ath/ath12k/dp_rx.c    | 336 ++++++++++++++-------
>  drivers/net/wireless/ath/ath12k/dp_rx.h    |  18 +-
>  drivers/net/wireless/ath/ath12k/hal.h      |   1 +
>  drivers/net/wireless/ath/ath12k/hal_desc.h |   1 +
>  drivers/net/wireless/ath/ath12k/hal_rx.c   |   3 +
>  7 files changed, 251 insertions(+), 122 deletions(-)
> 
> 
> base-commit: 95bf875b89b48a95a82aca922eeaf19d52543028

Reviewed-by: Baochen Qiang <baochen.qiang at oss.qualcomm.com>

More information about the ath12k mailing list