mac80211: Fix race in checking AP status by sending null frame

mac80211 tries to verify the existence of the current AP by
probing or sending a NULL frame in function
ieee80211_mgd_probe_ap_send. It 1st sends a null frame to the AP,
increments probe_send_count and waits for the ACK to the NULL
frame for a finite duration of time. At times, it happens that by
the time mac80211 gets to increment probe_send_count, the ACK for
the NULL frame transmitted has already been processed. This leads
to a race condition where mac80211 times out waiting for the ACK
for the NULL frame causing unnecessary disconnection with the AP.

Signed-off-by: Soumik Das <soumik.das@stericsson.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

1 files changed, 2 insertions, 1 deletions

diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index b3b3c264ff66..04c306308987 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1522,6 +1522,8 @@ static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
          * anymore. The timeout will be reset if the frame is ACKed by
          * the AP.
          */
+        ifmgd->probe_send_count++;
+
         if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
                 ifmgd->nullfunc_failed = false;
                 ieee80211_send_nullfunc(sdata->local, sdata, 0);
@@ -1538,7 +1540,6 @@ static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
                                          0, (u32) -1, true, false);
         }
 
-        ifmgd->probe_send_count++;
         ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
         run_again(ifmgd, ifmgd->probe_timeout);
         if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)