From 264c844abb29530b3e16d255f1eb2ccb06316b1f Mon Sep 17 00:00:00 2001 From: Miri Korenblit Date: Wed, 4 Jun 2025 06:13:18 +0300 Subject: [PATCH 1/4] wifi: iwlwifi: mvm: fix assert on suspend After using DEFINE_RAW_FLEX, cmd is a pointer to iwl_rxq_sync_cmd, and not a variable containing both the command and notification. Adjust hcmd->data and hcmd->len assignment as well. Fixes: 7438843df8cf ("wifi: iwlwifi: mvm: Avoid -Wflex-array-member-not-at-end warning") Signed-off-by: Miri Korenblit Link: https://patch.msgid.link/20250604031321.2277481-2-miriam.rachel.korenblit@intel.com Signed-off-by: Miri Korenblit --- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c index 0f056a6641bd..956b491ae5a4 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c @@ -6360,8 +6360,8 @@ void iwl_mvm_sync_rx_queues_internal(struct iwl_mvm *mvm, (struct iwl_mvm_internal_rxq_notif *)cmd->payload; struct iwl_host_cmd hcmd = { .id = WIDE_ID(DATA_PATH_GROUP, TRIGGER_RX_QUEUES_NOTIF_CMD), - .data[0] = &cmd, - .len[0] = sizeof(cmd), + .data[0] = cmd, + .len[0] = __struct_size(cmd), .data[1] = data, .len[1] = size, .flags = CMD_SEND_IN_RFKILL | (sync ? 0 : CMD_ASYNC), From 960c7e6d388034d219dafffa6da0a5c2ccd5ff30 Mon Sep 17 00:00:00 2001 From: Miri Korenblit Date: Wed, 4 Jun 2025 06:13:19 +0300 Subject: [PATCH 2/4] wifi: iwlwifi: mld: avoid panic on init failure In case of an error during init, in_hw_restart will be set, but it will never get cleared. Instead, we will retry to init again, and then we will act like we are in a restart when we are actually not. This causes (among others) to a NULL pointer dereference when canceling rx_omi::finished_work, that was not even initialized, because we thought that we are in hw_restart. Set in_hw_restart to true only if the fw is running, then we know that FW was loaded successfully and we are not going to the retry loop. Fixes: 7391b2a4f7db ("wifi: iwlwifi: rework firmware error handling") Reviewed-by: Johannes Berg Signed-off-by: Miri Korenblit Link: https://patch.msgid.link/20250604061200.e0040e0a4b09.Iae469a0abe6bfa3c26d8a88c066bad75c2e8f121@changeid Signed-off-by: Miri Korenblit --- drivers/net/wireless/intel/iwlwifi/mld/mld.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/intel/iwlwifi/mld/mld.c b/drivers/net/wireless/intel/iwlwifi/mld/mld.c index 8cdd960c5245..e8820e7cf8fa 100644 --- a/drivers/net/wireless/intel/iwlwifi/mld/mld.c +++ b/drivers/net/wireless/intel/iwlwifi/mld/mld.c @@ -653,7 +653,8 @@ iwl_mld_nic_error(struct iwl_op_mode *op_mode, * It might not actually be true that we'll restart, but the * setting doesn't matter if we're going to be unbound either. */ - if (type != IWL_ERR_TYPE_RESET_HS_TIMEOUT) + if (type != IWL_ERR_TYPE_RESET_HS_TIMEOUT && + mld->fw_status.running) mld->fw_status.in_hw_restart = true; } From 847a4bf1b4bdcc224196d77714f71e36822fed70 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Wed, 4 Jun 2025 06:13:20 +0300 Subject: [PATCH 3/4] wifi: iwlwifi: pcie: fix non-MSIX handshake register When reading the interrupt status after a FW reset handshake timeout, read the actual value not the mask for the non-MSIX case. Fixes: ab606dea80c4 ("wifi: iwlwifi: pcie: add support for the reset handshake in MSI") Signed-off-by: Johannes Berg Reviewed-by: Emmanuel Grumbach Signed-off-by: Miri Korenblit Link: https://patch.msgid.link/20250604061200.87a849a55086.I2f8571aafa55aa3b936a30b938de9d260592a584@changeid Signed-off-by: Miri Korenblit --- drivers/net/wireless/intel/iwlwifi/pcie/trans-gen2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/trans-gen2.c b/drivers/net/wireless/intel/iwlwifi/pcie/trans-gen2.c index 38ad719161e6..c8f4f3a1d2eb 100644 --- a/drivers/net/wireless/intel/iwlwifi/pcie/trans-gen2.c +++ b/drivers/net/wireless/intel/iwlwifi/pcie/trans-gen2.c @@ -125,7 +125,7 @@ void iwl_trans_pcie_fw_reset_handshake(struct iwl_trans *trans) reset_done = inta_hw & MSIX_HW_INT_CAUSES_REG_RESET_DONE; } else { - inta_hw = iwl_read32(trans, CSR_INT_MASK); + inta_hw = iwl_read32(trans, CSR_INT); reset_done = inta_hw & CSR_INT_BIT_RESET_DONE; } From f81aa834bfa91c827f290b62a245e23c5ad2813c Mon Sep 17 00:00:00 2001 From: Ilan Peer Date: Wed, 4 Jun 2025 06:13:21 +0300 Subject: [PATCH 4/4] wifi: iwlwifi: mld: Move regulatory domain initialization The regulatory domain information was initialized every time the FW was loaded and the device was restarted. This was unnecessary and useless as at this stage the wiphy channels information was not setup yet so while the regulatory domain was set to the wiphy, the channel information was not updated. In case that a specific MCC was configured during FW initialization then following updates with this MCC are ignored, and thus the wiphy channels information is left with information not matching the regulatory domain. This commit moves the regulatory domain initialization to after the operational firmware is started, i.e., after the wiphy channels were configured and the regulatory information is needed. Signed-off-by: Ilan Peer Reviewed-by: Johannes Berg Signed-off-by: Miri Korenblit Link: https://patch.msgid.link/20250604061200.f138a7382093.I2fd8b3e99be13c2687da483e2cb1311ffb4fbfce@changeid Signed-off-by: Miri Korenblit --- drivers/net/wireless/intel/iwlwifi/mld/fw.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/wireless/intel/iwlwifi/mld/fw.c b/drivers/net/wireless/intel/iwlwifi/mld/fw.c index 73ed8d5cab43..9d2c087360e7 100644 --- a/drivers/net/wireless/intel/iwlwifi/mld/fw.c +++ b/drivers/net/wireless/intel/iwlwifi/mld/fw.c @@ -349,10 +349,6 @@ int iwl_mld_load_fw(struct iwl_mld *mld) if (ret) goto err; - ret = iwl_mld_init_mcc(mld); - if (ret) - goto err; - mld->fw_status.running = true; return 0; @@ -546,6 +542,10 @@ int iwl_mld_start_fw(struct iwl_mld *mld) if (ret) goto error; + ret = iwl_mld_init_mcc(mld); + if (ret) + goto error; + return 0; error: