iwlwifi: mvm: Fix wrongfully flushing frames in the roc/off channel queue

Sending multiple action frames off channel, one after the other can create
a race that will result in a timeout:

1. Start sending action frame off channel.
2. Once the frame is sent or the time event is over, the flow will
eventually call ieee80211_start_next_roc to start the next roc frame &
iwl_mvm_roc_finished schedules to schedule a work to flush the queue.
3. Start sending new roc frame and write it to the queue before the
flush work has started.
4. The work is called and it flushes the new packet that was placed on the
on the queue so the packet is lost.

This causes the frame to be removed & not sent, that causes a timeout in
userspace.

Flush the work queue that flushes the roc/off channel queue before starting
to send a new frame off channel, in order to avoid a race between the new
frame that is transmitted off channel & the flushing of the queue.

Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
This commit is contained in:
Matti Gottlieb 2015-03-30 16:50:07 +03:00 committed by Emmanuel Grumbach
parent b6e160ab15
commit 6ed1316445
1 changed files with 2 additions and 0 deletions

View File

@ -3080,6 +3080,8 @@ static int iwl_mvm_roc(struct ieee80211_hw *hw,
IWL_DEBUG_MAC80211(mvm, "enter (%d, %d, %d)\n", channel->hw_value,
duration, type);
flush_work(&mvm->roc_done_wk);
mutex_lock(&mvm->mutex);
switch (vif->type) {