Commit ad176934 authored Dec 12, 2017 by Jia-Ju Bai Committed by Greg Kroah-Hartman Mar 03, 2018

mac80211_hwsim: Fix a possible sleep-in-atomic bug in hwsim_get_radio_nl




[ Upstream commit 162bd5e5fd921785077b5862d8f2ffabe2fe11e5 ]

The driver may sleep under a spinlock.
The function call path is:
hwsim_get_radio_nl (acquire the spinlock)
  nlmsg_new(GFP_KERNEL) --> may sleep

To fix it, GFP_KERNEL is replaced with GFP_ATOMIC.

This bug is found by my static analysis tool(DSAC) and checked by my code review.

Signed-off-by: Jia-Ju Bai <baijiaju1990@163.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 5330add6

drivers/net/wireless/mac80211_hwsim.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -3154,7 +3154,7 @@ static int hwsim_get_radio_nl(struct sk_buff msg, struct genl_info info)
		if (!net_eq(wiphy_net(data->hw->wiphy), genl_info_net(info)))
		continue;

		skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
		skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
		if (!skb) {
		res = -ENOMEM;
		goto out_err;