[PATCH] ath11k: fix potential wmi_mgmt_tx_queue race condition

[Miaoqing Pan]

There is a potential race condition between skb_queue_len()
and skb_queue_tail(), the former may get old value before
updated by the latter.

So use skb_queue_len_lockless() instead. And also use '>=',
in case we queue a few SKBs simultaneously.

Found while discussing a similar fix for ath10k:
https://patchwork.kernel.org/project/linux-wireless/patch/1608515579-1066-1-git-send-email-miaoqing@codeaurora.org/

No functional changes, compile tested only.

Signed-off-by: Miaoqing Pan <miaoqing at codeaurora.org>
---
 drivers/net/wireless/ath/ath11k/mac.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireless/ath/ath11k/mac.c b/drivers/net/wireless/ath/ath11k/mac.c
index 335d49a..3c1f35a 100644
--- a/drivers/net/wireless/ath/ath11k/mac.c
+++ b/drivers/net/wireless/ath/ath11k/mac.c
@@ -4211,7 +4211,7 @@ static int ath11k_mac_mgmt_tx(struct ath11k *ar, struct sk_buff *skb,
 		return -ENOSPC;
 	}
 
-	if (skb_queue_len(q) == ATH11K_TX_MGMT_NUM_PENDING_MAX) {
+	if (skb_queue_len_lockless(q) >= ATH11K_TX_MGMT_NUM_PENDING_MAX) {
 		ath11k_warn(ar->ab, "mgmt tx queue is full\n");
 		return -ENOSPC;
 	}
-- 
2.7.4