From 6ed13164450a916116cf7f0f38fe0da4679a45c9 Mon Sep 17 00:00:00 2001 From: Matti Gottlieb Date: Mon, 30 Mar 2015 16:50:07 +0300 Subject: [PATCH] iwlwifi: mvm: Fix wrongfully flushing frames in the roc/off channel queue Sending multiple action frames off channel, one after the other can create a race that will result in a timeout: 1. Start sending action frame off channel. 2. Once the frame is sent or the time event is over, the flow will eventually call ieee80211_start_next_roc to start the next roc frame & iwl_mvm_roc_finished schedules to schedule a work to flush the queue. 3. Start sending new roc frame and write it to the queue before the flush work has started. 4. The work is called and it flushes the new packet that was placed on the on the queue so the packet is lost. This causes the frame to be removed & not sent, that causes a timeout in userspace. Flush the work queue that flushes the roc/off channel queue before starting to send a new frame off channel, in order to avoid a race between the new frame that is transmitted off channel & the flushing of the queue. Signed-off-by: Matti Gottlieb Reviewed-by: Johannes Berg Signed-off-by: Emmanuel Grumbach --- drivers/net/wireless/iwlwifi/mvm/mac80211.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/wireless/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/iwlwifi/mvm/mac80211.c index 0dd999ceed36..0bd3373315ec 100644 --- a/drivers/net/wireless/iwlwifi/mvm/mac80211.c +++ b/drivers/net/wireless/iwlwifi/mvm/mac80211.c @@ -3080,6 +3080,8 @@ static int iwl_mvm_roc(struct ieee80211_hw *hw, IWL_DEBUG_MAC80211(mvm, "enter (%d, %d, %d)\n", channel->hw_value, duration, type); + flush_work(&mvm->roc_done_wk); + mutex_lock(&mvm->mutex); switch (vif->type) { -- 2.20.1