Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755413AbdLLNGD (ORCPT ); Tue, 12 Dec 2017 08:06:03 -0500 Received: from mail-pf0-f193.google.com ([209.85.192.193]:33916 "EHLO mail-pf0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755000AbdLLNFy (ORCPT ); Tue, 12 Dec 2017 08:05:54 -0500 X-Google-Smtp-Source: ACJfBos5aKb5Cqcx+EZvIqOjH8Ok5tku/EePMiO5Rmn95hSvI8qIftXNkor2XH3n5R+znK7LwAr2dA== From: Jia-Ju Bai To: gregkh@linuxfoundation.org, aishpant@gmail.com, insafonov@gmail.com, luca@lucaceresoli.net, goudapatilk@gmail.com, armetallica@gmail.com, keescook@chromium.org, mihaela.muraru21@gmail.com Cc: devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org, Jia-Ju Bai Subject: [PATCH] rtl8188eu: Fix a possible sleep-in-atomic bug in set_tx_beacon_cmd Date: Tue, 12 Dec 2017 21:08:06 +0800 Message-Id: <1513084086-28056-1-git-send-email-baijiaju1990@gmail.com> X-Mailer: git-send-email 1.7.9.5 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1238 Lines: 40 The driver may sleep under a spinlock. The function call path is: update_beacon (acquire the spinlock) update_BCNTIM set_tx_beacon_cmd kzalloc(GFP_KERNEL) --> may sleep kmemdup(GFP_KERNEL) --> may sleep To fix it, GFP_KERNEL is replaced with GFP_ATOMIC. This bug is found by my static analysis tool(DSAC) and checked by my code review. Signed-off-by: Jia-Ju Bai --- drivers/staging/rtl8188eu/core/rtw_mlme_ext.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c b/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c index d73e9bd..bcb6919 100644 --- a/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c +++ b/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c @@ -5395,14 +5395,14 @@ u8 set_tx_beacon_cmd(struct adapter *padapter) int len_diff = 0; - ph2c = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL); + ph2c = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC); if (!ph2c) { res = _FAIL; goto exit; } ptxBeacon_parm = kmemdup(&(pmlmeinfo->network), - sizeof(struct wlan_bssid_ex), GFP_KERNEL); + sizeof(struct wlan_bssid_ex), GFP_ATOMIC); if (ptxBeacon_parm == NULL) { kfree(ph2c); res = _FAIL; -- 1.7.9.5