Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp264751imm;
        Sat, 1 Sep 2018 02:00:03 -0700 (PDT)
X-Google-Smtp-Source: ANB0VdblUQwQvlAts0Z5HXZiw6TD6smWHo5u0L9Nzi37z7KjGzJQ9rTbxYlcKDFgCEJ1+/KOOafo
X-Received: by 2002:a62:411a:: with SMTP id o26-v6mr20063578pfa.111.1535792403890;
        Sat, 01 Sep 2018 02:00:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1535792403; cv=none;
        d=google.com; s=arc-20160816;
        b=qYrY4cbOTeQfc0FYiTp2zwNj/l3hZPpxEHSR35TLtn8j4J5xmmnzqL3dtUBjjl6wQl
         iRxLlTyZPZEoLRvXUTt+yPqAElO6+hrwyBD6vlu8E57sywBcVCZLgzKDwRVXVX2KRVir
         0zL11FjJ37k/Tp0ikTr9kzscvhDamXhTtXKpBRFdvINcvzDY62Sg9EawpVyk7ILN7R7F
         OpZDTrJlpaQpx3C69RbZpbYrXc5nMs/MGXaBzTTMP9n5RuKJcf94aGkRKOTY3dDqNKD7
         UPoAc+rrs1rJA7t/Fpn4yYlHojQxaiLVlYdqQkFkLIejJu2Roc7UjpiNjHJo9eJ+uO+H
         YL1g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from
         :dkim-signature:arc-authentication-results;
        bh=NT3LU3Vg6CeTQDEFsVzzJLvbD+A14oYYE+DXe0Oh854=;
        b=N1HDrvJ2S+kcccuhYdqLbPu6Qj+OI2BTMRRfkryBEQv1oQMMbEAhGh4neExYARXstH
         iQ5xbeLASOApW/g7b0PSvCExfHcCnWpd1jlG9wI0/646r0SBtl/KhzKtqy97/WhGRlUo
         m79nxlTyLtkRjw5t1ymAGAS9N6BhvP7ttW8DzdA/w+AKnX/Eyvx4HNxH2lw82qU2US91
         P1lLKn2N5DQ7YPkA8rknK+Wojp+rTUG9R8vwiLCI1lR+IZ4bePGSt4hyS8Zg+fDwLELc
         MTWmwQjs+mExKUGk4S1LSzBSpVrDiyp/hy9HmsiqViWiW2AFgDVuDZR5CeVYNubc7cAd
         uurw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=dB7u6uc5;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id c2-v6si12448257pgm.236.2018.09.01.01.59.46;
        Sat, 01 Sep 2018 02:00:03 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=dB7u6uc5;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727278AbeIANJz (ORCPT <rfc822;linuxbirdgao@gmail.com>
        + 99 others); Sat, 1 Sep 2018 09:09:55 -0400
Received: from mail-pg1-f195.google.com ([209.85.215.195]:33024 "EHLO
        mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725964AbeIANJz (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 1 Sep 2018 09:09:55 -0400
Received: by mail-pg1-f195.google.com with SMTP id y3-v6so5264629pgv.0
        for <linux-kernel@vger.kernel.org>; Sat, 01 Sep 2018 01:58:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id;
        bh=NT3LU3Vg6CeTQDEFsVzzJLvbD+A14oYYE+DXe0Oh854=;
        b=dB7u6uc5jf/rEvDsRvcNmdTayQj3EQNa/I+/s2qyBqS7/TwhUWP+DdYuwTzHnKj0Op
         BpIxcvORNJSD52eIL5GMTkGu+iDRLUi0TCF+Ou8XoWokVuRhrp5+f7ZhUXc9P7OiNg+3
         qxwkgMJCA9ZhYUrqrSrGpgeNm+V3J4eMuQKIDFu0wc1oLzeh1ejMD0iZ0Ia3UBZV0ZNy
         Wxeh6WMEpBFBp0I1+IoV+gjB9O3a+M/GeP9OWaxEnPn/rWI2YwA3dHGIMKKSaPmd3pRy
         40sPM8mwrvr7/GNtzPlU4SueKaxEEpK4P7I8ZfwztgIrl4I7MGFF7iMY27T25ix3PDc3
         qXdg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=NT3LU3Vg6CeTQDEFsVzzJLvbD+A14oYYE+DXe0Oh854=;
        b=V4bN9xyZuHG7EhUBrx/pzbfMtGeEHv3HJ8tKePVtz3BTvUc8XKrP6yK/ioKa0Uo+kJ
         titmzIh2nNy6sVowjpvX+SXeZTTZyz0dB0w5gaT/OVdi14E0z0OUejz8X9Dk158A7noM
         n7AerGa1unZWsCZLuIUTiIkCh4Y0yYKAChv8zDBz7PJmTl9Wn/L+Pxf8HeLWaKioMTA7
         zdGmYjzPSScnroBut+RM9TvfpI0bw7AsF6Z7DbVYncIyDkRQPZto1FJ67XmMFyNhPnlo
         h5/CCUMRvp1qFMUViC0nDCRxbdcVZNHLMugkoCbkWAJwEbjqCKadUUj8aSRxBDmDvcf2
         Fl6w==
X-Gm-Message-State: APzg51DJt5iqOs34xEIvkMuyqBL+cqmDnm4G93UZxsT5w7huv2azm/g1
        FfdLBX4d7kaiMmfO/VEufkE=
X-Received: by 2002:a62:5543:: with SMTP id j64-v6mr19635637pfb.188.1535792317791;
        Sat, 01 Sep 2018 01:58:37 -0700 (PDT)
Received: from localhost.localdomain ([2402:f000:1:4414:2913:cd09:aee0:380])
        by smtp.gmail.com with ESMTPSA id g15-v6sm25933019pfg.98.2018.09.01.01.58.35
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sat, 01 Sep 2018 01:58:37 -0700 (PDT)
From:   Jia-Ju Bai <baijiaju1990@gmail.com>
To:     gregkh@linuxfoundation.org, jananis37@gmail.com
Cc:     devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org,
        Jia-Ju Bai <baijiaju1990@gmail.com>
Subject: [PATCH] staging: rtl8188eu: Fix two sleep-in-atomic-context bugs in rtw_chk_hi_queue_cmd()
Date:   Sat,  1 Sep 2018 16:58:29 +0800
Message-Id: <20180901085829.8246-1-baijiaju1990@gmail.com>
X-Mailer: git-send-email 2.17.0
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

usb_write_port_complete() in usb_ops_linux.c is a completion handler
function for the USB driver. So it should not sleep, but it is can sleep 
according to the function call paths (from bottom to top) in Linux-4.16:

[FUNC] kzalloc(GFP_KERNEL)
drivers/staging/rtl8188eu/core/rtw_cmd.c, 1081: 
	kzalloc in rtw_chk_hi_queue_cmd
drivers/staging/rtl8188eu/os_dep/usb_ops_linux.c, 604: 
	rtw_chk_hi_queue_cmd in usb_write_port_complete

[FUNC] kzalloc(GFP_KERNEL)
drivers/staging/rtl8188eu/core/rtw_cmd.c, 1075: 
	kzalloc in rtw_chk_hi_queue_cmd
drivers/staging/rtl8188eu/os_dep/usb_ops_linux.c, 604: 
	rtw_chk_hi_queue_cmd in usb_write_port_complete

To fix these bugs, GFP_KERNEL is replaced with GFP_ATOMIC.

These bugs are found by my static analysis tool DSAC.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
---
 drivers/staging/rtl8188eu/core/rtw_cmd.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/staging/rtl8188eu/core/rtw_cmd.c b/drivers/staging/rtl8188eu/core/rtw_cmd.c
index 72099f5d6915..526baa699a57 100644
--- a/drivers/staging/rtl8188eu/core/rtw_cmd.c
+++ b/drivers/staging/rtl8188eu/core/rtw_cmd.c
@@ -1072,13 +1072,13 @@ u8 rtw_chk_hi_queue_cmd(struct adapter *padapter)
 	struct cmd_priv	*pcmdpriv = &padapter->cmdpriv;
 	u8	res = _SUCCESS;
 
-	ph2c = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL);
+	ph2c = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC);
 	if (!ph2c) {
 		res = _FAIL;
 		goto exit;
 	}
 
-	pdrvextra_cmd_parm = kzalloc(sizeof(struct drvextra_cmd_parm), GFP_KERNEL);
+	pdrvextra_cmd_parm = kzalloc(sizeof(struct drvextra_cmd_parm), GFP_ATOMIC);
 	if (!pdrvextra_cmd_parm) {
 		kfree(ph2c);
 		res = _FAIL;
-- 
2.17.0