wl12xx: fix potential race condition with TX queue watermark
authorArik Nemtsov <arik@wizery.com>
Tue, 22 Feb 2011 22:22:24 +0000 (00:22 +0200)
committerLuciano Coelho <coelho@ti.com>
Wed, 23 Feb 2011 09:14:55 +0000 (11:14 +0200)
Check the conditions for the high/low TX queue watermarks when the
spin-lock is taken. This prevents race conditions as tx_queue_count and
the flag checked are only modified when the spin-lock is taken.

The following race was in mind:
- Queues are almost full and wl1271_op_tx() will stop the queues, but it
  doesn't get the spin-lock yet.
- (on another CPU) tx_work_locked() dequeues 15 skbs from this queue and
  tx_queue_count is updated to reflect this
- wl1271_op_tx() does not check tx_queue_count after taking the
  spin-lock and incorrectly stops the queue.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Luciano Coelho <coelho@ti.com>
drivers/net/wireless/wl12xx/main.c

index 13c7102f9864d6ae589eabd48d47acdee69044fc..9bb9ad31c2f5e591e836a9bedd0f95cd6f400fc7 100644 (file)
@@ -987,6 +987,17 @@ static int wl1271_op_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
 
        spin_lock_irqsave(&wl->wl_lock, flags);
        wl->tx_queue_count++;
+
+       /*
+        * The workqueue is slow to process the tx_queue and we need stop
+        * the queue here, otherwise the queue will get too long.
+        */
+       if (wl->tx_queue_count >= WL1271_TX_QUEUE_HIGH_WATERMARK) {
+               wl1271_debug(DEBUG_TX, "op_tx: stopping queues");
+               ieee80211_stop_queues(wl->hw);
+               set_bit(WL1271_FLAG_TX_QUEUE_STOPPED, &wl->flags);
+       }
+
        spin_unlock_irqrestore(&wl->wl_lock, flags);
 
        /* queue the packet */
@@ -1001,19 +1012,6 @@ static int wl1271_op_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
        if (!test_bit(WL1271_FLAG_FW_TX_BUSY, &wl->flags))
                ieee80211_queue_work(wl->hw, &wl->tx_work);
 
-       /*
-        * The workqueue is slow to process the tx_queue and we need stop
-        * the queue here, otherwise the queue will get too long.
-        */
-       if (wl->tx_queue_count >= WL1271_TX_QUEUE_HIGH_WATERMARK) {
-               wl1271_debug(DEBUG_TX, "op_tx: stopping queues");
-
-               spin_lock_irqsave(&wl->wl_lock, flags);
-               ieee80211_stop_queues(wl->hw);
-               set_bit(WL1271_FLAG_TX_QUEUE_STOPPED, &wl->flags);
-               spin_unlock_irqrestore(&wl->wl_lock, flags);
-       }
-
        return NETDEV_TX_OK;
 }