There is a potential race condition between skb_queue_len() and skb_queue_tail(), the former may get old value before updated by the latter. So use skb_queue_len_lockless() instead. And also use '>=', in case we queue a few SKBs simultaneously. Found while discussing a similar fix for ath10k: https://patchwork.kernel.org/project/linux-wireless/patch/1608515579-1066-1-git-send-email-miaoqing@xxxxxxxxxxxxxx/ No functional changes, compile tested only. Signed-off-by: Miaoqing Pan <miaoqing@xxxxxxxxxxxxxx> --- drivers/net/wireless/ath/ath11k/mac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c index 335d49a..3c1f35a 100644 --- a/drivers/net/wireless/ath/ath11k/mac.c +++ b/drivers/net/wireless/ath/ath11k/mac.c @@ -4211,7 +4211,7 @@ static int ath11k_mac_mgmt_tx(struct ath11k *ar, struct sk_buff *skb, return -ENOSPC; } - if (skb_queue_len(q) == ATH11K_TX_MGMT_NUM_PENDING_MAX) { + if (skb_queue_len_lockless(q) >= ATH11K_TX_MGMT_NUM_PENDING_MAX) { ath11k_warn(ar->ab, "mgmt tx queue is full\n"); return -ENOSPC; } -- 2.7.4
