[24/31] iwlwifi: mvm: Fix wrongfully flushing frames in the roc/off channel queue

Message ID 1427956879-11725-24-git-send-email-emmanuel.grumbach@intel.com
State Accepted
Emmanuel Grumbach April 2, 2015, 6:41 a.m. UTC
From: Matti Gottlieb <matti.gottlieb@intel.com>

Sending multiple action frames off channel, one after the other can create
a race that will result in a timeout:

1. Start sending action frame off channel.
2. Once the frame is sent or the time event is over, the flow will
eventually call ieee80211_start_next_roc to start the next roc frame &
iwl_mvm_roc_finished schedules to schedule a work to flush the queue.
3. Start sending new roc frame and write it to the queue before the
flush work has started.
4. The work is called and it flushes the new packet that was placed on the
on the queue so the packet is lost.

This causes the frame to be removed & not sent, that causes a timeout in

Flush the work queue that flushes the roc/off channel queue before starting
to send a new frame off channel, in order to avoid a race between the new
frame that is transmitted off channel & the flushing of the queue.

Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
 drivers/net/wireless/iwlwifi/mvm/mac80211.c | 2 ++
 1 file changed, 2 insertions(+)
diff --git a/drivers/net/wireless/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/iwlwifi/mvm/mac80211.c
index 0dd999c..0bd3373 100644
--- a/drivers/net/wireless/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/iwlwifi/mvm/mac80211.c
@@ -3080,6 +3080,8 @@  static int iwl_mvm_roc(struct ieee80211_hw *hw,
 	IWL_DEBUG_MAC80211(mvm, "enter (%d, %d, %d)\n", channel->hw_value,
 			   duration, type);
+	flush_work(&mvm->roc_done_wk);
 	switch (vif->type) {