From nobody Sat Feb  7 22:01:39 2026
Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com
 [209.85.128.47])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 45D8530F80D
	for <linux-kernel@vger.kernel.org>; Sun, 25 Jan 2026 23:33:44 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.47
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1769384025; cv=none;
 b=seCZ5GT1wMmZzdBtcwAwWhDTXt46/vdd5mZ1xr11foxZOW/Dt+TSvlEElmTjg+Ufbvg3tiohMZJf9BKR4bOswbijFYwA02LDEybW3i2qefNiKBcPOkybaPlTooQkBAcwZFEIZ7pHIYdWZl//meO96Rmkk4sNk8+SEvbV3X6RxBE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1769384025; c=relaxed/simple;
	bh=40HDaw8ntqkj11TLcXWCKMbTSTaBwFBrT4JI2rWl1Fg=;
	h=From:To:Cc:Subject:Date:Message-ID:MIME-Version;
 b=JCllqwPG7q7F7qHArsLeLpebhXqxjPVO4wd4FEFOqqBEnKXR3jkth1r3e4O1IMq8z/UCx00dlQyynswzrMLYimmodqH7uQXW4AWyrLhIS7KPyOcCF33qrAoGEAgOY9RgaAs50a5YQK5EqmXLlpwUR/NMF5MrbrI2Q9M2vgv1eI0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=UKAoNCpr; arc=none smtp.client-ip=209.85.128.47
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="UKAoNCpr"
Received: by mail-wm1-f47.google.com with SMTP id
 5b1f17b1804b1-47ee76e8656so58147975e9.0
        for <linux-kernel@vger.kernel.org>;
 Sun, 25 Jan 2026 15:33:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1769384023; x=1769988823;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=hxZFFubEOU7PGE71UzXJvLIW4o2EMn+DKQPsfeMWqfQ=;
        b=UKAoNCprplxnEp4hCh/uNyISdbtgB/t6NxpjElu9BAg7pxAM3ttZq/m3cwMPBebwYv
         kPxDdaHjHx7fE0O23J1wGNU4fqL4k6KCllPHmGLQ4Af/UMajhbF4yM1LpTa5eV0VU3oT
         mUaUfwkbKUmqiQVcJFFCnjYJK+1yX4Kcd13XJG6hQO4jZ7suFT+86D3qpPEvn64YLnC9
         ksigIWyxm2cYdUqr2/KDA55w6zR6ehsFUSDTyxoAJi9BrlM60r+5d1hBOZ6LMQLLRwQP
         XY3pJFILLhzVeE5kC2pi6NmpUTEZfZKO07hUGjEOT5q0AvOx7NjYsCRYJpIKuJvicYhr
         g40A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769384023; x=1769988823;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=hxZFFubEOU7PGE71UzXJvLIW4o2EMn+DKQPsfeMWqfQ=;
        b=xOMK0hqxR+uID/c7Ykm1aovfoEfa2P5Gcdu2xfgaIV0ugJeovctqA9lSQeySIUNA+k
         NtTuaD+KhbzOA1RmlsjbMfrSJ8UQl8qT3RWHuW9sljbmW7aCoJ1aMg2TF4b/aB7L7s6U
         KMRIdis2Pp76+B/yWiuAPV/NWa2cgd+vqg6IDoxWFORwpLkuBgKOOPZesiJ6q0Bq5q6l
         K7dBY0fYm2NJOGLfzxvKvHVlI5tBjhttzFgoKYUH17554L28eevNpijS0AZOnVm6yWLs
         b6UM1k2tHLKJQuB8ZN0FjAIJ9eLUuQoW0GJyJXB6ehHD5+VY1MJ3z18vSOaQgF54dOOU
         oXyw==
X-Forwarded-Encrypted: i=1;
 AJvYcCXjpFTqfa0S5vpCDVMv3o2VE1fUk9kTX/BHUbA/1JSphlvsAiQ5QCYSrgqDsg3g93y5WDeIK7Wn1Vczb0g=@vger.kernel.org
X-Gm-Message-State: AOJu0Yyfnt+GnEZHXGt0N5toJiGQVaf8aXLl1OniArfIrSwVOT6iA2vS
	GbiS3JtOsCVCbCnS02S652HoFPxCCNznn+ECiQGAxHglQyYeMzdyUylP
X-Gm-Gg: AZuq6aIPPV9Q5noBSVUnibTOyKeSHsD+gnlxO23YpZTNnQOf16xo59IB+vpu3DHgZIJ
	RRJqqz1qUgbyosYI+IbuN8eJH9JU3vEu7HA0iMhB162AVHHxHdOKE5MMT5veVqvsjJAyHWjd+P8
	FHDSOlTRQiRyuOFj6757cLrZESp6EQRwK7yuHGy73H/7P1jti5y5FA+aFE4cIHhRX2OzSTtQ3iw
	2h+04vAfe4yFewCIHoCgjbSvWfi2tTWM/RX6or8DnN2jLttmGDwTUPKXXcDdOysdRAddtifTGH6
	0Myo4fdWV/0Dk8H/elenuD/JLsFXZ8TrUTOBQnZjsBso/MKLRSqr8R5zCOZ2u3JAtVM/+n4UtyG
	z5P5YJ2T0ZaH+PzyQot/0yhlmyiJRUIEkCMEK23p6tq1vZB0NPBqKCXrv12v7Cotvu8H7oG3IyT
	HZHjDzO9lMT2/EnU7yrjbfaS+vhZI=
X-Received: by 2002:a05:600c:4f8e:b0:477:b642:9dc1 with SMTP id
 5b1f17b1804b1-4805cf669d1mr40697975e9.20.1769384022447;
        Sun, 25 Jan 2026 15:33:42 -0800 (PST)
Received: from debian.powerhub ([2a0a:ef40:e94:5d01:a218:5589:9f9c:4f52])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4804d84ef51sm209938985e9.5.2026.01.25.15.33.40
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 25 Jan 2026 15:33:42 -0800 (PST)
From: Chris Bainbridge <chris.bainbridge@gmail.com>
To: miriam.rachel.korenblit@intel.com,
	kvalo@kernel.org
Cc: johannes.berg@intel.com,
	benjamin@sipsolutions.net,
	gustavoars@kernel.org,
	linux-intel-wifi@intel.com,
	linux-wireless@vger.kernel.org,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	Chris Bainbridge <chris.bainbridge@gmail.com>,
	stable@vger.kernel.org
Subject: [PATCH] Revert "wifi: iwlwifi: trans: remove STATUS_SUSPENDED"
Date: Sun, 25 Jan 2026 23:33:34 +0000
Message-ID: <20260125233335.6875-1-chris.bainbridge@gmail.com>
X-Mailer: git-send-email 2.47.3
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

This reverts commit e769f6f27ffe41331e00b69a33aa8a34db4dd830.

The removal of STATUS_SUSPENDED (which tracks suspend/resume state)
resulted in an intermittent race condition on resume. The fault can be
reproduced by carrying out repeated suspend/resume cycles while passing
traffic through the NIC. A typical failure looks like:

[  141.093986] iwlwifi 0000:01:00.0: Error sending SCAN_CFG_CMD: time out a=
fter 2000ms.
[  141.094057] iwlwifi 0000:01:00.0: Current CMD queue read_ptr 441 write_p=
tr 442
[  141.094864] iwlwifi 0000:01:00.0: Start IWL Error Log Dump:
[  141.094866] iwlwifi 0000:01:00.0: Transport status: 0x00000042, valid: 6
[  141.094870] iwlwifi 0000:01:00.0: Loaded firmware version: 89.7f71c7f4.0=
 ty-a0-gf-a0-89.ucode
[  141.094873] iwlwifi 0000:01:00.0: 0x01000071 | ADVANCED_SYSASSERT
...
[  141.098401] iwlwifi 0000:01:00.0: iwl_mvm_check_rt_status failed, device=
 is gone during suspend

The kernel then oops due to a null pointer dereference in
iwl_mvm_realloc_queues_after_restart().

Fixes: e769f6f27ffe ("wifi: iwlwifi: trans: remove STATUS_SUSPENDED")
Closes: https://yhbt.net/lore/linux-wireless/aTDoDiD55qlUZ0pn@debian.local/
Cc: <stable@vger.kernel.org>
Signed-off-by: Chris Bainbridge <chris.bainbridge@gmail.com>
---
 .../net/wireless/intel/iwlwifi/iwl-trans.c    | 22 +++++++++++++++++--
 .../net/wireless/intel/iwlwifi/iwl-trans.h    |  3 +++
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/intel/iwlwifi/iwl-trans.c b/drivers/net/w=
ireless/intel/iwlwifi/iwl-trans.c
index cc8a84018f70..f5c4aa165c5b 100644
--- a/drivers/net/wireless/intel/iwlwifi/iwl-trans.c
+++ b/drivers/net/wireless/intel/iwlwifi/iwl-trans.c
@@ -306,6 +306,9 @@ int iwl_trans_send_cmd(struct iwl_trans *trans, struct =
iwl_host_cmd *cmd)
 		     test_bit(STATUS_RFKILL_OPMODE, &trans->status)))
 		return -ERFKILL;
=20
+	if (unlikely(test_bit(STATUS_SUSPENDED, &trans->status)))
+		return -EHOSTDOWN;
+
 	if (unlikely(test_bit(STATUS_FW_ERROR, &trans->status)))
 		return -EIO;
=20
@@ -406,6 +409,8 @@ int iwl_trans_start_hw(struct iwl_trans *trans)
 	might_sleep();
=20
 	clear_bit(STATUS_TRANS_RESET_IN_PROGRESS, &trans->status);
+	/* opmode may not resume if it detects errors */
+	clear_bit(STATUS_SUSPENDED, &trans->status);
=20
 	return iwl_trans_pcie_start_hw(trans);
 }
@@ -505,17 +510,30 @@ iwl_trans_dump_data(struct iwl_trans *trans, u32 dump=
_mask,
=20
 int iwl_trans_d3_suspend(struct iwl_trans *trans, bool reset)
 {
+	int err;
+
 	might_sleep();
=20
-	return iwl_trans_pcie_d3_suspend(trans, reset);
+	err =3D iwl_trans_pcie_d3_suspend(trans, reset);
+
+	if (!err)
+		set_bit(STATUS_SUSPENDED, &trans->status);
+
+	return err;
 }
 IWL_EXPORT_SYMBOL(iwl_trans_d3_suspend);
=20
 int iwl_trans_d3_resume(struct iwl_trans *trans, bool reset)
 {
+	int err;
+
 	might_sleep();
=20
-	return iwl_trans_pcie_d3_resume(trans, reset);
+	err =3D iwl_trans_pcie_d3_resume(trans, reset);
+
+	clear_bit(STATUS_SUSPENDED, &trans->status);
+
+	return err;
 }
 IWL_EXPORT_SYMBOL(iwl_trans_d3_resume);
=20
diff --git a/drivers/net/wireless/intel/iwlwifi/iwl-trans.h b/drivers/net/w=
ireless/intel/iwlwifi/iwl-trans.h
index a552669db6e2..c4d06a323f9b 100644
--- a/drivers/net/wireless/intel/iwlwifi/iwl-trans.h
+++ b/drivers/net/wireless/intel/iwlwifi/iwl-trans.h
@@ -290,6 +290,8 @@ static inline void iwl_free_rxb(struct iwl_rx_cmd_buffe=
r *r)
  *	the firmware state yet
  * @STATUS_TRANS_RESET_IN_PROGRESS: reset is still in progress, don't
  *	attempt another reset yet
+ * @STATUS_SUSPENDED: device is suspended, don't send commands that
+ *	aren't marked accordingly
  */
 enum iwl_trans_status {
 	STATUS_SYNC_HCMD_ACTIVE,
@@ -303,6 +305,7 @@ enum iwl_trans_status {
 	STATUS_IN_SW_RESET,
 	STATUS_RESET_PENDING,
 	STATUS_TRANS_RESET_IN_PROGRESS,
+	STATUS_SUSPENDED,
 };
=20
 static inline int
--=20
2.47.3