From: Zac Bowling <zbowling@gmail.com>
To: zbowling@gmail.com
Cc: deren.wu@mediatek.com, kvalo@kernel.org,
linux-kernel@vger.kernel.org, linux-mediatek@lists.infradead.org,
linux-wireless@vger.kernel.org, lorenzo@kernel.org, nbd@nbd.name,
ryder.lee@mediatek.com, sean.wang@mediatek.com
Subject: [PATCH] wifi: mt76: mt7925: comprehensive stability fixes
Date: Fri, 2 Jan 2026 12:05:24 -0800 [thread overview]
Message-ID: <20260102200524.290779-1-zbowling@gmail.com> (raw)
In-Reply-To: <20260102200315.290015-1-zbowling@gmail.com>
From: Zac Bowling <zac@zacbowling.com>
This unified patch combines all MT7925 driver fixes for kernel stability:
1. NULL pointer dereference fixes in vif iteration, TX path, and MCU functions
2. Missing mutex protection in reset, ROC, PM, and resume paths
3. Error handling for MCU commands (AMPDU, BSS info, key setup)
4. lockdep assertions for debugging
5. MLO (Multi-Link Operation) improvements for roaming and AP mode
6. Firmware reload recovery after crashes
These fixes address kernel panics and system hangs that occur during:
- WiFi network switching and BSSID roaming
- Suspend/resume cycles
- MLO link state transitions
- Firmware recovery after crashes
Tested on Framework Desktop (AMD Ryzen AI Max 300) with MT7925 (RZ717).
Individual patches and detailed analysis available at:
https://github.com/zbowling/mt7925
Signed-off-by: Zac Bowling <zac@zacbowling.com>
---
diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/init.c b/drivers/net/wireless/mediatek/mt76/mt7925/init.c
index d7d5afe365ed..f800112ccaf7 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7925/init.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7925/init.c
@@ -162,10 +162,17 @@ void mt7925_regd_update(struct mt792x_dev *dev)
if (!dev->regd_change)
return;
- mt7925_mcu_set_clc(dev, mdev->alpha2, dev->country_ie_env);
+ if (mt7925_mcu_set_clc(dev, mdev->alpha2, dev->country_ie_env) < 0)
+ dev_warn(dev->mt76.dev, "Failed to set CLC\n");
+
mt7925_regd_channel_update(wiphy, dev);
- mt7925_mcu_set_channel_domain(hw->priv);
- mt7925_set_tx_sar_pwr(hw, NULL);
+
+ if (mt7925_mcu_set_channel_domain(hw->priv) < 0)
+ dev_warn(dev->mt76.dev, "Failed to set channel domain\n");
+
+ if (mt7925_set_tx_sar_pwr(hw, NULL) < 0)
+ dev_warn(dev->mt76.dev, "Failed to set TX SAR power\n");
+
dev->regd_change = false;
}
EXPORT_SYMBOL_GPL(mt7925_regd_update);
diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/mac.c b/drivers/net/wireless/mediatek/mt76/mt7925/mac.c
index 1e44e96f034e..a4109dc72163 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7925/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7925/mac.c
@@ -1270,6 +1270,12 @@ mt7925_vif_connect_iter(void *priv, u8 *mac,
bss_conf = mt792x_vif_to_bss_conf(vif, i);
mconf = mt792x_vif_to_link(mvif, i);
+ /* Skip links that don't have bss_conf set up yet in mac80211.
+ * This can happen during HW reset when link state is inconsistent.
+ */
+ if (!bss_conf)
+ continue;
+
mt76_connac_mcu_uni_add_dev(&dev->mphy, bss_conf, &mconf->mt76,
&mvif->sta.deflink.wcid, true);
mt7925_mcu_set_tx(dev, bss_conf);
@@ -1324,9 +1330,11 @@ void mt7925_mac_reset_work(struct work_struct *work)
dev->hw_full_reset = false;
pm->suspended = false;
ieee80211_wake_queues(hw);
+ mt792x_mutex_acquire(dev);
ieee80211_iterate_active_interfaces(hw,
IEEE80211_IFACE_ITER_RESUME_ALL,
mt7925_vif_connect_iter, NULL);
+ mt792x_mutex_release(dev);
mt76_connac_power_save_sched(&dev->mt76.phy, pm);
mt792x_mutex_acquire(dev);
diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/main.c b/drivers/net/wireless/mediatek/mt76/mt7925/main.c
index ac3d485a2f78..b6e3002faf41 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7925/main.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7925/main.c
@@ -596,6 +596,17 @@ static int mt7925_set_link_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
link_sta = sta ? mt792x_sta_to_link_sta(vif, sta, link_id) : NULL;
mconf = mt792x_vif_to_link(mvif, link_id);
mlink = mt792x_sta_to_link(msta, link_id);
+
+ if (!link_conf || !mconf || !mlink) {
+ /* During MLO roaming, link state may be torn down before
+ * mac80211 requests key removal. If removing a key and
+ * the link is already gone, consider it successfully removed.
+ */
+ if (cmd != SET_KEY)
+ return 0;
+ return -EINVAL;
+ }
+
wcid = &mlink->wcid;
wcid_keyidx = &wcid->hw_key_idx;
@@ -625,8 +636,10 @@ static int mt7925_set_link_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
struct mt792x_phy *phy = mt792x_hw_phy(hw);
mconf->mt76.cipher = mt7925_mcu_get_cipher(key->cipher);
- mt7925_mcu_add_bss_info(phy, mconf->mt76.ctx, link_conf,
- link_sta, true);
+ err = mt7925_mcu_add_bss_info(phy, mconf->mt76.ctx, link_conf,
+ link_sta, true);
+ if (err)
+ goto out;
}
if (cmd == SET_KEY)
@@ -743,9 +756,11 @@ void mt7925_set_runtime_pm(struct mt792x_dev *dev)
bool monitor = !!(hw->conf.flags & IEEE80211_CONF_MONITOR);
pm->enable = pm->enable_user && !monitor;
+ mt792x_mutex_acquire(dev);
ieee80211_iterate_active_interfaces(hw,
IEEE80211_IFACE_ITER_RESUME_ALL,
mt7925_pm_interface_iter, dev);
+ mt792x_mutex_release(dev);
pm->ds_enable = pm->ds_enable_user && !monitor;
mt7925_mcu_set_deep_sleep(dev, pm->ds_enable);
}
@@ -848,12 +863,17 @@ static int mt7925_mac_link_sta_add(struct mt76_dev *mdev,
msta = (struct mt792x_sta *)link_sta->sta->drv_priv;
mlink = mt792x_sta_to_link(msta, link_id);
+ if (!mlink)
+ return -EINVAL;
idx = mt76_wcid_alloc(dev->mt76.wcid_mask, MT792x_WTBL_STA - 1);
if (idx < 0)
return -ENOSPC;
mconf = mt792x_vif_to_link(mvif, link_id);
+ if (!mconf)
+ return -EINVAL;
+
mt76_wcid_init(&mlink->wcid, 0);
mlink->wcid.sta = 1;
mlink->wcid.idx = idx;
@@ -879,15 +899,20 @@ static int mt7925_mac_link_sta_add(struct mt76_dev *mdev,
MT_WTBL_UPDATE_ADM_COUNT_CLEAR);
link_conf = mt792x_vif_to_bss_conf(vif, link_id);
+ if (!link_conf)
+ return -EINVAL;
/* should update bss info before STA add */
if (vif->type == NL80211_IFTYPE_STATION && !link_sta->sta->tdls) {
if (ieee80211_vif_is_mld(vif))
- mt7925_mcu_add_bss_info(&dev->phy, mconf->mt76.ctx,
- link_conf, link_sta, link_sta != mlink->pri_link);
+ ret = mt7925_mcu_add_bss_info(&dev->phy, mconf->mt76.ctx,
+ link_conf, link_sta,
+ link_sta != mlink->pri_link);
else
- mt7925_mcu_add_bss_info(&dev->phy, mconf->mt76.ctx,
- link_conf, link_sta, false);
+ ret = mt7925_mcu_add_bss_info(&dev->phy, mconf->mt76.ctx,
+ link_conf, link_sta, false);
+ if (ret)
+ return ret;
}
if (ieee80211_vif_is_mld(vif) &&
@@ -985,18 +1010,29 @@ mt7925_mac_set_links(struct mt76_dev *mdev, struct ieee80211_vif *vif)
{
struct mt792x_dev *dev = container_of(mdev, struct mt792x_dev, mt76);
struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
- struct ieee80211_bss_conf *link_conf =
- mt792x_vif_to_bss_conf(vif, mvif->deflink_id);
- struct cfg80211_chan_def *chandef = &link_conf->chanreq.oper;
- enum nl80211_band band = chandef->chan->band, secondary_band;
+ struct ieee80211_bss_conf *link_conf;
+ struct cfg80211_chan_def *chandef;
+ enum nl80211_band band, secondary_band;
+ u16 sel_links;
+ u8 secondary_link_id;
+
+ link_conf = mt792x_vif_to_bss_conf(vif, mvif->deflink_id);
+ if (!link_conf)
+ return;
+
+ chandef = &link_conf->chanreq.oper;
+ band = chandef->chan->band;
- u16 sel_links = mt76_select_links(vif, 2);
- u8 secondary_link_id = __ffs(~BIT(mvif->deflink_id) & sel_links);
+ sel_links = mt76_select_links(vif, 2);
+ secondary_link_id = __ffs(~BIT(mvif->deflink_id) & sel_links);
if (!ieee80211_vif_is_mld(vif) || hweight16(sel_links) < 2)
return;
link_conf = mt792x_vif_to_bss_conf(vif, secondary_link_id);
+ if (!link_conf)
+ return;
+
secondary_band = link_conf->chanreq.oper.chan->band;
if (band == NL80211_BAND_2GHZ ||
@@ -1024,6 +1060,8 @@ static void mt7925_mac_link_sta_assoc(struct mt76_dev *mdev,
msta = (struct mt792x_sta *)link_sta->sta->drv_priv;
mlink = mt792x_sta_to_link(msta, link_sta->link_id);
+ if (!mlink)
+ return;
mt792x_mutex_acquire(dev);
@@ -1033,12 +1071,13 @@ static void mt7925_mac_link_sta_assoc(struct mt76_dev *mdev,
link_conf = mt792x_vif_to_bss_conf(vif, vif->bss_conf.link_id);
}
- if (vif->type == NL80211_IFTYPE_STATION && !link_sta->sta->tdls) {
+ if (link_conf && vif->type == NL80211_IFTYPE_STATION && !link_sta->sta->tdls) {
struct mt792x_bss_conf *mconf;
mconf = mt792x_link_conf_to_mconf(link_conf);
- mt7925_mcu_add_bss_info(&dev->phy, mconf->mt76.ctx,
- link_conf, link_sta, true);
+ if (mconf)
+ mt7925_mcu_add_bss_info(&dev->phy, mconf->mt76.ctx,
+ link_conf, link_sta, true);
}
ewma_avg_signal_init(&mlink->avg_ack_signal);
@@ -1085,6 +1124,8 @@ static void mt7925_mac_link_sta_remove(struct mt76_dev *mdev,
msta = (struct mt792x_sta *)link_sta->sta->drv_priv;
mlink = mt792x_sta_to_link(msta, link_id);
+ if (!mlink)
+ return;
mt7925_roc_abort_sync(dev);
@@ -1098,10 +1139,12 @@ static void mt7925_mac_link_sta_remove(struct mt76_dev *mdev,
link_conf = mt792x_vif_to_bss_conf(vif, link_id);
- if (vif->type == NL80211_IFTYPE_STATION && !link_sta->sta->tdls) {
+ if (link_conf && vif->type == NL80211_IFTYPE_STATION && !link_sta->sta->tdls) {
struct mt792x_bss_conf *mconf;
mconf = mt792x_link_conf_to_mconf(link_conf);
+ if (!mconf)
+ goto out;
if (ieee80211_vif_is_mld(vif))
mt792x_mac_link_bss_remove(dev, mconf, mlink);
@@ -1109,6 +1152,7 @@ static void mt7925_mac_link_sta_remove(struct mt76_dev *mdev,
mt7925_mcu_add_bss_info(&dev->phy, mconf->mt76.ctx, link_conf,
link_sta, false);
}
+out:
spin_lock_bh(&mdev->sta_poll_lock);
if (!list_empty(&mlink->wcid.poll_list))
@@ -1247,22 +1291,22 @@ mt7925_ampdu_action(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
case IEEE80211_AMPDU_RX_START:
mt76_rx_aggr_start(&dev->mt76, &msta->deflink.wcid, tid, ssn,
params->buf_size);
- mt7925_mcu_uni_rx_ba(dev, params, true);
+ ret = mt7925_mcu_uni_rx_ba(dev, params, true);
break;
case IEEE80211_AMPDU_RX_STOP:
mt76_rx_aggr_stop(&dev->mt76, &msta->deflink.wcid, tid);
- mt7925_mcu_uni_rx_ba(dev, params, false);
+ ret = mt7925_mcu_uni_rx_ba(dev, params, false);
break;
case IEEE80211_AMPDU_TX_OPERATIONAL:
mtxq->aggr = true;
mtxq->send_bar = false;
- mt7925_mcu_uni_tx_ba(dev, params, true);
+ ret = mt7925_mcu_uni_tx_ba(dev, params, true);
break;
case IEEE80211_AMPDU_TX_STOP_FLUSH:
case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT:
mtxq->aggr = false;
clear_bit(tid, &msta->deflink.wcid.ampdu_state);
- mt7925_mcu_uni_tx_ba(dev, params, false);
+ ret = mt7925_mcu_uni_tx_ba(dev, params, false);
break;
case IEEE80211_AMPDU_TX_START:
set_bit(tid, &msta->deflink.wcid.ampdu_state);
@@ -1271,8 +1315,9 @@ mt7925_ampdu_action(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
case IEEE80211_AMPDU_TX_STOP_CONT:
mtxq->aggr = false;
clear_bit(tid, &msta->deflink.wcid.ampdu_state);
- mt7925_mcu_uni_tx_ba(dev, params, false);
- ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid);
+ ret = mt7925_mcu_uni_tx_ba(dev, params, false);
+ if (!ret)
+ ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid);
break;
}
mt792x_mutex_release(dev);
@@ -1293,12 +1338,12 @@ mt7925_mlo_pm_iter(void *priv, u8 *mac, struct ieee80211_vif *vif)
if (mvif->mlo_pm_state != MT792x_MLO_CHANGED_PS)
return;
- mt792x_mutex_acquire(dev);
for_each_set_bit(i, &valid, IEEE80211_MLD_MAX_NUM_LINKS) {
bss_conf = mt792x_vif_to_bss_conf(vif, i);
+ if (!bss_conf)
+ continue;
mt7925_mcu_uni_bss_ps(dev, bss_conf);
}
- mt792x_mutex_release(dev);
}
void mt7925_mlo_pm_work(struct work_struct *work)
@@ -1307,9 +1352,11 @@ void mt7925_mlo_pm_work(struct work_struct *work)
mlo_pm_work.work);
struct ieee80211_hw *hw = mt76_hw(dev);
+ mt792x_mutex_acquire(dev);
ieee80211_iterate_active_interfaces(hw,
IEEE80211_IFACE_ITER_RESUME_ALL,
mt7925_mlo_pm_iter, dev);
+ mt792x_mutex_release(dev);
}
static bool is_valid_alpha2(const char *alpha2)
@@ -1645,6 +1692,8 @@ static void mt7925_ipv6_addr_change(struct ieee80211_hw *hw,
for_each_set_bit(i, &valid, IEEE80211_MLD_MAX_NUM_LINKS) {
bss_conf = mt792x_vif_to_bss_conf(vif, i);
+ if (!bss_conf)
+ continue;
__mt7925_ipv6_addr_change(hw, bss_conf, idev);
}
}
@@ -1706,6 +1755,9 @@ mt7925_conf_tx(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
[IEEE80211_AC_BK] = 1,
};
+ if (!mconf)
+ return -EINVAL;
+
/* firmware uses access class index */
mconf->queue_params[mq_to_aci[queue]] = *params;
@@ -1876,6 +1928,8 @@ static void mt7925_vif_cfg_changed(struct ieee80211_hw *hw,
if (changed & BSS_CHANGED_ARP_FILTER) {
for_each_set_bit(i, &valid, IEEE80211_MLD_MAX_NUM_LINKS) {
bss_conf = mt792x_vif_to_bss_conf(vif, i);
+ if (!bss_conf)
+ continue;
mt7925_mcu_update_arp_filter(&dev->mt76, bss_conf);
}
}
@@ -1891,6 +1945,8 @@ static void mt7925_vif_cfg_changed(struct ieee80211_hw *hw,
} else if (mvif->mlo_pm_state == MT792x_MLO_CHANGED_PS) {
for_each_set_bit(i, &valid, IEEE80211_MLD_MAX_NUM_LINKS) {
bss_conf = mt792x_vif_to_bss_conf(vif, i);
+ if (!bss_conf)
+ continue;
mt7925_mcu_uni_bss_ps(dev, bss_conf);
}
}
@@ -1912,7 +1968,12 @@ static void mt7925_link_info_changed(struct ieee80211_hw *hw,
struct ieee80211_bss_conf *link_conf;
mconf = mt792x_vif_to_link(mvif, info->link_id);
+ if (!mconf)
+ return;
+
link_conf = mt792x_vif_to_bss_conf(vif, mconf->link_id);
+ if (!link_conf)
+ return;
mt792x_mutex_acquire(dev);
@@ -2033,6 +2094,11 @@ mt7925_change_vif_links(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
mlink = mlinks[link_id];
link_conf = mt792x_vif_to_bss_conf(vif, link_id);
+ if (!link_conf) {
+ err = -EINVAL;
+ goto free;
+ }
+
rcu_assign_pointer(mvif->link_conf[link_id], mconf);
rcu_assign_pointer(mvif->sta.link[link_id], mlink);
@@ -2113,9 +2179,14 @@ static int mt7925_assign_vif_chanctx(struct ieee80211_hw *hw,
if (ieee80211_vif_is_mld(vif)) {
mconf = mt792x_vif_to_link(mvif, link_conf->link_id);
+ if (!mconf) {
+ mutex_unlock(&dev->mt76.mutex);
+ return -EINVAL;
+ }
+
pri_link_conf = mt792x_vif_to_bss_conf(vif, mvif->deflink_id);
- if (vif->type == NL80211_IFTYPE_STATION &&
+ if (pri_link_conf && vif->type == NL80211_IFTYPE_STATION &&
mconf == &mvif->bss_conf)
mt7925_mcu_add_bss_info(&dev->phy, NULL, pri_link_conf,
NULL, true);
@@ -2144,6 +2215,10 @@ static void mt7925_unassign_vif_chanctx(struct ieee80211_hw *hw,
if (ieee80211_vif_is_mld(vif)) {
mconf = mt792x_vif_to_link(mvif, link_conf->link_id);
+ if (!mconf) {
+ mutex_unlock(&dev->mt76.mutex);
+ return;
+ }
if (vif->type == NL80211_IFTYPE_STATION &&
mconf == &mvif->bss_conf)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c
index 8eda407e4135..cf38e36790e7 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c
@@ -1722,6 +1722,10 @@ mt7925_mcu_sta_phy_tlv(struct sk_buff *skb,
link_conf = mt792x_vif_to_bss_conf(vif, link_sta->link_id);
mconf = mt792x_vif_to_link(mvif, link_sta->link_id);
+
+ if (!link_conf || !mconf)
+ return;
+
chandef = mconf->mt76.ctx ? &mconf->mt76.ctx->def :
&link_conf->chanreq.oper;
@@ -1800,6 +1804,10 @@ mt7925_mcu_sta_rate_ctrl_tlv(struct sk_buff *skb,
link_conf = mt792x_vif_to_bss_conf(vif, link_sta->link_id);
mconf = mt792x_vif_to_link(mvif, link_sta->link_id);
+
+ if (!link_conf || !mconf)
+ return;
+
chandef = mconf->mt76.ctx ? &mconf->mt76.ctx->def :
&link_conf->chanreq.oper;
band = chandef->chan->band;
diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/pci.c b/drivers/net/wireless/mediatek/mt76/mt7925/pci.c
index 8eb1fe1082d1..b6c90c5f7e91 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7925/pci.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7925/pci.c
@@ -454,7 +454,9 @@ static int mt7925_pci_suspend(struct device *device)
cancel_delayed_work_sync(&pm->ps_work);
cancel_work_sync(&pm->wake_work);
+ mt792x_mutex_acquire(dev);
mt7925_roc_abort_sync(dev);
+ mt792x_mutex_release(dev);
err = mt792x_mcu_drv_pmctrl(dev);
if (err < 0)
@@ -581,10 +583,12 @@ static int _mt7925_pci_resume(struct device *device, bool restore)
}
/* restore previous ds setting */
+ mt792x_mutex_acquire(dev);
if (!pm->ds_enable)
mt7925_mcu_set_deep_sleep(dev, false);
mt7925_regd_update(dev);
+ mt792x_mutex_release(dev);
failed:
pm->suspended = false;
diff --git a/drivers/net/wireless/mediatek/mt76/mt792x_core.c b/drivers/net/wireless/mediatek/mt76/mt792x_core.c
index 9cad572c34a3..0170a23b0529 100644
--- a/drivers/net/wireless/mediatek/mt76/mt792x_core.c
+++ b/drivers/net/wireless/mediatek/mt76/mt792x_core.c
@@ -95,6 +95,8 @@ void mt792x_tx(struct ieee80211_hw *hw, struct ieee80211_tx_control *control,
IEEE80211_TX_CTRL_MLO_LINK);
sta = (struct mt792x_sta *)control->sta->drv_priv;
mlink = mt792x_sta_to_link(sta, link_id);
+ if (!mlink)
+ goto free_skb;
wcid = &mlink->wcid;
}
@@ -113,9 +115,12 @@ void mt792x_tx(struct ieee80211_hw *hw, struct ieee80211_tx_control *control,
link_id = wcid->link_id;
rcu_read_lock();
conf = rcu_dereference(vif->link_conf[link_id]);
- memcpy(hdr->addr2, conf->addr, ETH_ALEN);
-
link_sta = rcu_dereference(control->sta->link[link_id]);
+ if (!conf || !link_sta) {
+ rcu_read_unlock();
+ goto free_skb;
+ }
+ memcpy(hdr->addr2, conf->addr, ETH_ALEN);
memcpy(hdr->addr1, link_sta->addr, ETH_ALEN);
if (vif->type == NL80211_IFTYPE_STATION)
@@ -136,6 +141,10 @@ void mt792x_tx(struct ieee80211_hw *hw, struct ieee80211_tx_control *control,
}
mt76_connac_pm_queue_skb(hw, &dev->pm, wcid, skb);
+ return;
+
+free_skb:
+ ieee80211_free_txskb(hw, skb);
}
EXPORT_SYMBOL_GPL(mt792x_tx);
next prev parent reply other threads:[~2026-01-02 20:05 UTC|newest]
Thread overview: 113+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-31 5:29 [PATCH] wifi: mt76: mt7925: fix NULL pointer dereference in vif iteration loops Zac Bowling
2025-12-31 22:37 ` [PATCH] wifi: mt76: mt7925: fix missing mutex protection in reset and ROC abort paths Zac Bowling
2026-01-01 0:22 ` [PATCH 2/3] wifi: mt76: mt7925: fix missing mutex protection in reset and ROC abort Zac Bowling
2026-01-01 0:23 ` [PATCH 3/3] wifi: mt76: mt7925: fix missing mutex protection in runtime PM and MLO PM Zac Bowling
2026-01-01 0:41 ` Zac Bowling
2026-01-01 6:25 ` [PATCH] wifi: mt76: mt7925: add NULL checks in MCU STA TLV functions Zac Bowling
2026-01-01 6:25 ` [PATCH] wifi: mt76: mt7925: add NULL checks for link_conf and mlink in main.c Zac Bowling
2026-01-01 6:25 ` [PATCH] wifi: mt76: mt7925: add NULL checks in MLO link and chanctx functions Zac Bowling
2026-01-01 6:25 ` [PATCH] wifi: mt76: mt7925: add error handling for AMPDU MCU commands Zac Bowling
2026-01-01 6:25 ` [PATCH] wifi: mt76: mt7925: add error handling for BSS info MCU command in sta_add Zac Bowling
2026-01-01 6:25 ` [PATCH] wifi: mt76: mt7925: add error handling for BSS info in key setup Zac Bowling
2026-01-01 6:25 ` [PATCH] wifi: mt76: mt7921: fix missing mutex protection in multiple paths Zac Bowling
2026-01-01 6:25 ` [PATCH] wifi: mt76: mt7925: add lockdep assertions for mutex verification Zac Bowling
2026-01-02 20:03 ` [PATCH v2 0/6] wifi: mt76: mt7925/mt792x: additional stability fixes Zac Bowling
2026-01-02 20:03 ` [PATCH] wifi: mt76: mt7925: fix key removal failure during MLO roaming Zac Bowling
2026-01-02 20:03 ` [PATCH] wifi: mt76: mt7925: fix kernel warning in MLO ROC setup when channel not configured Zac Bowling
2026-01-02 20:03 ` [PATCH] wifi: mt76: mt7925: add NULL checks for MLO link pointers in MCU functions Zac Bowling
2026-01-02 20:03 ` [PATCH] wifi: mt76: mt792x: fix firmware reload failure after previous load crash Zac Bowling
2026-01-03 6:46 ` Sean Wang
2026-01-03 18:42 ` Zac Bowling
2026-01-15 7:19 ` Zac Bowling
2026-01-02 20:03 ` [PATCH] wifi: mt76: mt7925: add mutex protection in resume path Zac Bowling
2026-01-02 20:03 ` [PATCH] wifi: mt76: mt7925: add NULL checks and error handling for MCU calls Zac Bowling
2026-01-02 20:05 ` Zac Bowling [this message]
2026-01-03 6:25 ` [PATCH] wifi: mt76: mt7925: comprehensive stability fixes Sean Wang
2026-01-03 19:11 ` Zac Bowling
2026-01-05 0:26 ` [PATCH v3 00/17] wifi: mt76: mt7925/mt792x: " Zac Bowling
2026-01-05 0:26 ` [PATCH 01/17] wifi: mt76: mt7925: fix NULL pointer dereference in vif iteration Zac Bowling
2026-01-05 0:26 ` [PATCH 02/17] wifi: mt76: mt7925: fix missing mutex protection in reset and ROC abort Zac Bowling
2026-01-05 0:26 ` [PATCH 03/17] wifi: mt76: mt7925: fix missing mutex protection in runtime PM and MLO PM Zac Bowling
2026-01-05 0:26 ` [PATCH 04/17] wifi: mt76: mt7925: add NULL checks in MCU STA TLV functions Zac Bowling
2026-01-05 0:26 ` [PATCH 05/17] wifi: mt76: mt7925: add NULL checks for link_conf and mlink in main.c Zac Bowling
2026-01-05 0:26 ` [PATCH 06/17] wifi: mt76: mt7925: add error handling for AMPDU MCU commands Zac Bowling
2026-01-05 0:26 ` [PATCH 07/17] wifi: mt76: mt7925: add error handling for BSS info MCU command in sta_add Zac Bowling
2026-01-05 0:26 ` [PATCH 08/17] wifi: mt76: mt7925: add error handling for BSS info in key setup Zac Bowling
2026-01-05 0:26 ` [PATCH 09/17] wifi: mt76: mt7925: add NULL checks in MLO link and chanctx functions Zac Bowling
2026-01-05 0:26 ` [PATCH 10/17] wifi: mt76: mt792x: fix NULL pointer dereference in TX path Zac Bowling
2026-01-05 0:26 ` [PATCH 11/17] wifi: mt76: mt7925: add lockdep assertions for mutex verification Zac Bowling
2026-01-05 0:26 ` [PATCH 12/17] wifi: mt76: mt7925: fix key removal failure during MLO roaming Zac Bowling
2026-01-05 0:26 ` [PATCH 13/17] wifi: mt76: mt7925: fix kernel warning in MLO ROC setup Zac Bowling
2026-01-05 0:26 ` [PATCH 14/17] wifi: mt76: mt7925: add NULL checks for MLO link pointers in MCU functions Zac Bowling
2026-01-05 0:26 ` [PATCH 15/17] wifi: mt76: mt792x: fix firmware reload failure after previous load crash Zac Bowling
2026-01-05 0:26 ` [PATCH 16/17] wifi: mt76: mt7925: add mutex protection in resume path Zac Bowling
2026-01-05 0:26 ` [PATCH 17/17] wifi: mt76: mt7925: add NULL checks in link station and TX queue setup Zac Bowling
2026-01-11 3:13 ` Zac Bowling
2026-01-11 3:36 ` Zac Bowling
2026-01-16 0:15 ` [PATCH v3 00/17] wifi: mt76: mt7925/mt792x: comprehensive stability fixes Sean Wang
2026-01-16 0:43 ` Zac Bowling
2026-01-16 1:04 ` [PATCH v4 00/21] wifi: mt76: mt7925/mt7921: stability and MLO fixes Zac
2026-01-16 1:04 ` [PATCH v4 01/21] wifi: mt76: mt7925: fix NULL pointer dereference in vif iteration Zac
2026-01-16 1:05 ` [PATCH v4 02/21] wifi: mt76: mt7925: fix missing mutex protection in reset and ROC abort Zac
2026-01-16 1:05 ` [PATCH v4 03/21] wifi: mt76: mt7925: fix missing mutex protection in runtime PM and MLO PM Zac
2026-01-16 1:05 ` [PATCH v4 04/21] wifi: mt76: mt7925: add NULL checks in MCU STA TLV functions Zac
2026-01-16 1:05 ` [PATCH v4 05/21] wifi: mt76: mt7925: add NULL checks for link_conf and mlink in main.c Zac
2026-01-16 1:05 ` [PATCH v4 06/21] wifi: mt76: mt7925: add error handling for AMPDU MCU commands Zac
2026-01-16 1:05 ` [PATCH v4 07/21] wifi: mt76: mt7925: add error handling for BSS info MCU command in sta_add Zac
2026-01-16 1:05 ` [PATCH v4 08/21] wifi: mt76: mt7925: add error handling for BSS info in key setup Zac
2026-01-16 1:05 ` [PATCH v4 09/21] wifi: mt76: mt7925: add NULL checks in MLO link and chanctx functions Zac
2026-01-16 1:05 ` [PATCH v4 10/21] wifi: mt76: mt792x: fix NULL pointer dereference in TX path Zac
2026-01-16 1:05 ` [PATCH v4 11/21] wifi: mt76: mt7925: add lockdep assertions for mutex verification Zac
2026-01-16 1:05 ` [PATCH v4 12/21] wifi: mt76: mt7925: fix key removal failure during MLO roaming Zac
2026-01-16 1:05 ` [PATCH v4 13/21] wifi: mt76: mt7925: fix kernel warning in MLO ROC setup Zac
2026-01-16 1:05 ` [PATCH v4 14/21] wifi: mt76: mt7925: add NULL checks for MLO link pointers in MCU functions Zac
2026-01-16 1:05 ` [PATCH v4 15/21] wifi: mt76: mt792x: fix firmware reload failure after previous load crash Zac
2026-01-16 1:05 ` [PATCH v4 16/21] wifi: mt76: mt7925: add mutex protection in resume path Zac
2026-01-16 1:05 ` [PATCH v4 17/21] wifi: mt76: mt7925: add NULL checks in link station and TX queue setup Zac
2026-01-16 1:05 ` [PATCH v4 18/21] wifi: mt76: mt7921: fix missing mutex protection in multiple paths Zac
2026-01-16 1:05 ` [PATCH v4 19/21] wifi: mt76: mt7921: fix mutex deadlocks " Zac
2026-01-16 1:05 ` [PATCH v4 20/21] wifi: mt76: fix list corruption in mt76_wcid_cleanup Zac
2026-01-16 1:05 ` [PATCH v4 21/21] wifi: mt76: mt7925: fix BA session teardown during beacon loss Zac
2026-01-20 6:28 ` [PATCH v5 00/11] wifi: mt76: mt7925/mt7921 stability fixes Zac
2026-01-20 6:28 ` [PATCH 01/11] wifi: mt76: fix list corruption in mt76_wcid_cleanup Zac
2026-01-20 6:28 ` [PATCH 02/11] wifi: mt76: mt792x: fix NULL pointer and firmware reload issues Zac
2026-01-20 7:04 ` Greg KH
2026-01-20 6:28 ` [PATCH 03/11] wifi: mt76: mt7921: add mutex protection in critical paths Zac
2026-01-20 6:28 ` [PATCH 04/11] wifi: mt76: mt7921: fix deadlock in sta removal and suspend ROC abort Zac
2026-01-20 6:28 ` [PATCH 05/11] wifi: mt76: mt7925: add comprehensive NULL pointer protection for MLO Zac
2026-01-20 6:28 ` [PATCH 06/11] wifi: mt76: mt7925: add mutex protection in critical paths Zac
2026-01-20 6:28 ` [PATCH 07/11] wifi: mt76: mt7925: add MCU command error handling Zac
2026-01-20 6:28 ` [PATCH 08/11] wifi: mt76: mt7925: add lockdep assertions for mutex verification Zac
2026-01-20 6:28 ` [PATCH 09/11] wifi: mt76: mt7925: fix MLO roaming and ROC setup issues Zac
2026-01-20 6:28 ` [PATCH 10/11] wifi: mt76: mt7925: fix BA session teardown during beacon loss Zac
2026-01-20 6:28 ` [PATCH 11/11] wifi: mt76: mt7925: fix ROC deadlocks and race conditions Zac
2026-01-20 8:25 ` Sean Wang
2026-01-20 17:59 ` Zac Bowling
2026-01-20 20:10 ` [PATCH v6 00/13] wifi: mt76: stability fixes for deadlocks, NULL derefs, " Zac
2026-01-20 20:10 ` [PATCH 01/13] wifi: mt76: mt7925: fix potential deadlock in mt7925_roc_abort_sync Zac
2026-01-20 20:10 ` [PATCH 02/13] wifi: mt76: fix list corruption in mt76_wcid_cleanup Zac
2026-01-20 20:10 ` [PATCH 03/13] wifi: mt76: mt792x: fix NULL pointer and firmware reload issues Zac
2026-01-20 20:10 ` [PATCH 04/13] wifi: mt76: mt7921: add mutex protection in critical paths Zac
2026-01-27 10:59 ` Felix Fietkau
2026-01-29 6:19 ` Zac Bowling
2026-01-20 20:10 ` [PATCH 05/13] wifi: mt76: mt7921: fix deadlock in sta removal and suspend ROC abort Zac
2026-01-20 20:10 ` [PATCH 06/13] wifi: mt76: mt7925: add comprehensive NULL pointer protection for MLO Zac
2026-01-20 20:10 ` [PATCH 08/13] wifi: mt76: mt7925: add MCU command error handling Zac
2026-01-20 20:10 ` [PATCH 09/13] wifi: mt76: mt7925: add lockdep assertions for mutex verification Zac
2026-01-20 20:10 ` [PATCH 10/13] wifi: mt76: mt7925: fix MLO roaming and ROC setup issues Zac
2026-01-20 20:10 ` [PATCH 11/13] wifi: mt76: mt7925: fix BA session teardown during beacon loss Zac
2026-01-20 20:10 ` [PATCH 12/13] wifi: mt76: mt7925: fix ROC deadlocks and race conditions Zac
2026-01-27 11:06 ` Felix Fietkau
2026-01-20 20:10 ` [PATCH 13/13] wifi: mt76: mt7925: fix double wcid initialization race condition Zac
2026-01-27 10:58 ` [PATCH v6 00/13] wifi: mt76: stability fixes for deadlocks, NULL derefs, and race conditions Felix Fietkau
2026-01-29 8:18 ` [PATCH v7 0/6] wifi: mt76: mt7925: MLO stability fixes Zac
2026-01-29 8:18 ` [PATCH v7 1/6] wifi: mt76: mt7925: fix double wcid initialization race condition Zac
2026-01-29 8:18 ` [PATCH v7 2/6] wifi: mt76: mt7925: add NULL pointer protection for MLO state transitions Zac
2026-01-29 8:18 ` [PATCH v7 3/6] wifi: mt76: mt7925: add mutex protection in critical paths Zac
2026-01-29 8:18 ` [PATCH v7 4/6] wifi: mt76: mt7925: add MCU command error handling in ampdu_action Zac
2026-01-29 8:18 ` [PATCH v7 5/6] wifi: mt76: mt7925: add lockdep assertions for mutex verification Zac
2026-01-29 8:18 ` [PATCH v7 6/6] wifi: mt76: mt7925: fix MLO ROC setup error handling Zac
2026-01-29 8:46 ` [PATCH 2/6] wifi: mt76: mt7925: add NULL pointer protection for MLO state transitions Zac
2026-01-29 9:05 ` [v7 PATCH 7/7] wifi: mt76: mt7925: add error logging for MLO ROC setup in set_links Zac
2026-01-20 11:42 ` [PATCH 11/11] wifi: mt76: mt7925: fix ROC deadlocks and race conditions kernel test robot
2026-01-20 13:26 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260102200524.290779-1-zbowling@gmail.com \
--to=zbowling@gmail.com \
--cc=deren.wu@mediatek.com \
--cc=kvalo@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=linux-wireless@vger.kernel.org \
--cc=lorenzo@kernel.org \
--cc=nbd@nbd.name \
--cc=ryder.lee@mediatek.com \
--cc=sean.wang@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox