CVE-2025-38291

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: Prevent sending WMI commands to firmware during firmware crash

Currently, we encounter the following kernel call trace when a firmware crash occurs. This happens because the host sends WMI commands to the firmware while it is in recovery, causing the commands to fail and resulting in the kernel call trace.

Set the ATH12KFLAGCRASHFLUSH and ATH12KFLAG_RECOVERY flags when the host driver receives the firmware crash notification from MHI. This prevents sending WMI commands to the firmware during recovery.

Call Trace: <TASK> dumpstacklvl+0x75/0xc0 registerlockclass+0x6be/0x7a0 ? lockacquire+0x644/0x19a0 _lockacquire+0x95/0x19a0 lockacquire+0x265/0x310 ? ath12kcesend+0xa2/0x210 [ath12k] ? findheldlock+0x34/0xa0 ? ath12kcesend+0x56/0x210 [ath12k] rawspinlockbh+0x33/0x70 ? ath12kcesend+0xa2/0x210 [ath12k] ath12kcesend+0xa2/0x210 [ath12k] ath12khtcsend+0x178/0x390 [ath12k] ath12kwmicmdsendnowait+0x76/0xa0 [ath12k] ath12kwmicmdsend+0x62/0x190 [ath12k] ath12kwmipdevbsschaninforequest+0x62/0xc0 [ath1 ath12kmacopgetsurvey+0x2be/0x310 [ath12k] ieee80211dumpsurvey+0x99/0x240 [mac80211] nl80211dumpsurvey+0xe7/0x470 [cfg80211] ? kmallocreserve+0x59/0xf0 genldumpit+0x24/0x70 netlinkdump+0x177/0x360 _netlinkdumpstart+0x206/0x280 genlfamilyrcvmsgdumpit.isra.22+0x8a/0xe0 ? genlfamilyrcvmsgattrsparse.isra.23+0xe0/0xe0 ? genloplock.part.12+0x10/0x10 ? genldumpit+0x70/0x70 genlrcvmsg+0x1d0/0x290 ? nl80211delstation+0x330/0x330 [cfg80211] ? genlgetcmdboth+0x50/0x50 netlinkrcvskb+0x4f/0x100 genlrcv+0x1f/0x30 netlinkunicast+0x1b6/0x260 netlinksendmsg+0x31a/0x450 _socksendmsg+0xa8/0xb0 _syssendmsg+0x1e4/0x260 _syssendmsg+0x89/0xe0 ? localclocknoinstr+0xb/0xc0 ? rcuiswatching+0xd/0x40 ? kfree+0x1de/0x370 ? _syssendmsg+0x7a/0xc0

Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1