Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp566255imm;
        Wed, 20 Jun 2018 03:03:18 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKLYZyupBA5eZjJuF4ZW1J9sGr6cp5MV18DUchDWb7dA1VgE2v83g1NsmI1eEcIGJOPKBYfK
X-Received: by 2002:a17:902:b40f:: with SMTP id x15-v6mr23157272plr.270.1529488998282;
        Wed, 20 Jun 2018 03:03:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1529488998; cv=none;
        d=google.com; s=arc-20160816;
        b=MxVb+d6npvVh8W4catgNdT65hlUWKWxccrDVj3Kq+m6S/IaPdiF1fgF6WRvuY9ZlA0
         ybbGwKlGCR6GpsVqtIOtfNijygRTT7Skdhxzpyv4Vze4KxuCR+o6wO+6d0UKdFGxyZnZ
         JJYh8XibkliUQSsC6Yu2RVIbpVeFYM57zgLak7GCgwi+5tJqqM+z73zYenksjYHYx8R8
         D5zi2YeOOoDBkNHF727mf/LNfTetpbNUe5gKTeFsNBVuoXzZnTGxJpvAI7YefmRLKfg2
         V3g48ZNMqy2NHVCvgj8PMrL7h5WCWha+S8hqYsgHKH0PkX/bg7MsxE5HfpmqhiaU8E92
         XEuQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from
         :dkim-signature:arc-authentication-results;
        bh=vTtXx9xvfYNAHzkc+ZWtqRbDljTl+RwzTlpylAuw6TU=;
        b=T64iB/ZgcDJ4Bj1jPuufQKJvPVOps7dHmPAtu6jW4Px01TteYtVv8T5ypViKY8dOmQ
         gwKQ620+UwSZtVSz7/7iM0hHCVVJAcN70GNGbxKeBd4vFeehJSdbhwvLZKJuef8vtBg+
         3+Cz1MSrY/p37QJkwZiBPquGpBnmlGP93/mEEEPY933EhtIvh2sViWd/bBrcm5Jwy0eM
         30QDH0i++AaFLumupHF1q0bwg0Fnwg28FROw+fCjvJxzwmftvbptEasrgf1FNr3NXxOQ
         4VbhGLdZ5ryS8vY12QRJB/LvqdV98iqs5RXQk1O06VMT8MKk/VmdU14CWy9Sz/jA8OGg
         HECg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=ZQeiWrWP;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f3-v6si2021799plr.214.2018.06.20.03.03.03;
        Wed, 20 Jun 2018 03:03:18 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=ZQeiWrWP;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753945AbeFTKBd (ORCPT <rfc822;luizmacielfranco@gmail.com>
        + 99 others); Wed, 20 Jun 2018 06:01:33 -0400
Received: from mail-pl0-f67.google.com ([209.85.160.67]:35168 "EHLO
        mail-pl0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752133AbeFTKBc (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 20 Jun 2018 06:01:32 -0400
Received: by mail-pl0-f67.google.com with SMTP id k1-v6so1496493plt.2
        for <linux-kernel@vger.kernel.org>; Wed, 20 Jun 2018 03:01:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id;
        bh=vTtXx9xvfYNAHzkc+ZWtqRbDljTl+RwzTlpylAuw6TU=;
        b=ZQeiWrWPrU+tI2vS1vUXBZtokxrUeoZVUIWg1VSL5MXy4BjfzAmvMm7N9VGFUScckJ
         zyiaHXXL+mR1St/K1baRFRZnHcMvAEPEpUaA+TNYWi97yZ5HCh5eyQBIFJiaq3MvZzYi
         WNHwjnEx3JApi90gGZGO35aymw2m3w9SsQH7YLdS2Kr1V8Y9l2WjRhkzTewyplerXotf
         9yc8KtgY4NggxQGDyrrF13uDaMSIWWp6JouTvGp5wHHs9rQAXzLZrbLUIDx+nIix+fyU
         K9ooWN45uFE+UQBkwOviEb8ErHBKyYsxPSh4j3ECQMJnUcQej6Z1mSvj1h9XqpKvoYWL
         zSDA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=vTtXx9xvfYNAHzkc+ZWtqRbDljTl+RwzTlpylAuw6TU=;
        b=GPPiSLwMa2G887qP8gSbtYRh4Z9U8n0stCLjYKc8V1CygsaYjalBGCSL+V14Wq/nAM
         tnd96kB7BIlHx+R3fb4CkxMQWpzlDFAQVipOmq0zLoyLNQxwSQx/hmqAjAxLPrk/gqfW
         yAlk3FI3W8pDYG9vXxH0lowzTVdl2/NqnLYLliBxe/vmR3sYcg1PtvqzZkmoaAH8DNrZ
         jveqtSLQ4JXGbXKjzngP48udvzvBc8RQxHmGHXuqobVWJGjTijw7DfL60h7ukbxBRoi9
         bbcAkvGM7i68ratsml1dmjaWZ21OqfPQmbZY9I3nAtJd2NpM23MM1u3eqGw6+waGKea2
         R09w==
X-Gm-Message-State: APt69E1GTuvn49vWXFY9Fg4futulqw14tz9D6dI0y7WMXxelb4uTXdKf
        0T7nd5vaBrYfb9MFghVLAcM=
X-Received: by 2002:a17:902:7891:: with SMTP id q17-v6mr23365145pll.186.1529488892288;
        Wed, 20 Jun 2018 03:01:32 -0700 (PDT)
Received: from oslab.tsinghua.edu.cn ([2402:f000:1:4413:35c0:9e91:c7fc:672])
        by smtp.gmail.com with ESMTPSA id y17-v6sm3174901pfe.33.2018.06.20.03.01.29
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 20 Jun 2018 03:01:31 -0700 (PDT)
From:   Jia-Ju Bai <baijiaju1990@gmail.com>
To:     gregkh@linuxfoundation.org, dan.carpenter@oracle.com,
        jananis37@gmail.com
Cc:     devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org,
        Jia-Ju Bai <baijiaju1990@gmail.com>
Subject: [PATCH] staging: rtl8188eu: Fix a possible sleep-in-atomic-context bug in rtw_disassoc_cmd()
Date:   Wed, 20 Jun 2018 18:01:19 +0800
Message-Id: <20180620100119.8740-1-baijiaju1990@gmail.com>
X-Mailer: git-send-email 2.17.0
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The driver may sleep with holding a spinlock.
The function call paths (from bottom to top) in Linux-4.16.7 are:

[FUNC] kzalloc(GFP_KERNEL)
drivers/staging/rtl8188eu/core/rtw_cmd.c, 502: 
		kzalloc in rtw_disassoc_cmd
drivers/staging/rtl8188eu/core/rtw_ioctl_set.c, 256: 
		rtw_disassoc_cmd in rtw_set_802_11_ssid
drivers/staging/rtl8188eu/core/rtw_ioctl_set.c, 235: 
		spin_lock_bh in rtw_set_802_11_ssid

[FUNC] kzalloc(GFP_KERNEL)
drivers/staging/rtl8188eu/core/rtw_cmd.c, 502: 
		kzalloc in rtw_disassoc_cmd
drivers/staging/rtl8188eu/core/rtw_ioctl_set.c, 352: 
		rtw_disassoc_cmd in rtw_set_802_11_infrastructure_mode
drivers/staging/rtl8188eu/core/rtw_ioctl_set.c, 336: 
		spin_lock_bh in rtw_set_802_11_infrastructure_mode

To fix this bug, GFP_KERNEL is replaced with GFP_ATOMIC.

This bug is found by my static analysis tool (DSAC-2) and checked by
my code review.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
---
 drivers/staging/rtl8188eu/core/rtw_cmd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/rtl8188eu/core/rtw_cmd.c b/drivers/staging/rtl8188eu/core/rtw_cmd.c
index be8542676adf..f664fc935455 100644
--- a/drivers/staging/rtl8188eu/core/rtw_cmd.c
+++ b/drivers/staging/rtl8188eu/core/rtw_cmd.c
@@ -499,7 +499,7 @@ u8 rtw_disassoc_cmd(struct adapter *padapter, u32 deauth_timeout_ms, bool enqueu
 	RT_TRACE(_module_rtl871x_cmd_c_, _drv_notice_, ("+%s\n", __func__));
 
 	/* prepare cmd parameter */
-	param = kzalloc(sizeof(*param), GFP_KERNEL);
+	param = kzalloc(sizeof(*param), GFP_ATOMIC);
 	if (!param) {
 		res = _FAIL;
 		goto exit;
-- 
2.17.0