Commit 705f3858 authored Dec 12, 2017 by Jia-Ju Bai Committed by Greg Kroah-Hartman Dec 13, 2017

rtl8188eu: Fix a possible sleep-in-atomic bug in set_tx_beacon_cmd



The driver may sleep under a spinlock.
The function call path is:
update_beacon (acquire the spinlock)
  update_BCNTIM
    set_tx_beacon_cmd
      kzalloc(GFP_KERNEL) --> may sleep
      kmemdup(GFP_KERNEL) --> may sleep

To fix it, GFP_KERNEL is replaced with GFP_ATOMIC.

This bug is found by my static analysis tool(DSAC) and checked by my code review.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent d6a5eee8

drivers/staging/rtl8188eu/core/rtw_mlme_ext.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -5395,14 +5395,14 @@ u8 set_tx_beacon_cmd(struct adapter *padapter)
		int len_diff = 0;


		ph2c = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL);
		ph2c = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC);
		if (!ph2c) {
		res = _FAIL;
		goto exit;
		}

		ptxBeacon_parm = kmemdup(&(pmlmeinfo->network),
		sizeof(struct wlan_bssid_ex), GFP_KERNEL);
		sizeof(struct wlan_bssid_ex), GFP_ATOMIC);
		if (ptxBeacon_parm == NULL) {
		kfree(ph2c);
		res = _FAIL;