From: Jia-Ju Bai <baijiaju1990@163.com>
Date: Sun, 8 Oct 2017 11:54:45 +0000 (+0800)
Subject: rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_createbss_cmd
X-Git-Tag: v4.9.71~11
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6641d3e307f5b42237a99f2aa961051a71c50393;p=thirdparty%2Fkernel%2Fstable.git

rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_createbss_cmd


[ Upstream commit 2bf9806d4228f7a6195f8e03eda0479d2a93b411 ]

The driver may sleep under a spinlock, and the function call path is:
rtw_surveydone_event_callback(acquire the spinlock)
  rtw_createbss_cmd
    kzalloc(GFP_KERNEL) --> may sleep

To fix it, GFP_KERNEL is replaced with GFP_ATOMIC.
This bug is found by my static analysis tool and my code review.

Signed-off-by: Jia-Ju Bai <baijiaju1990@163.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/drivers/staging/rtl8188eu/core/rtw_cmd.c b/drivers/staging/rtl8188eu/core/rtw_cmd.c
index f1f4788dbd86c..318d5b0022726 100644
--- a/drivers/staging/rtl8188eu/core/rtw_cmd.c
+++ b/drivers/staging/rtl8188eu/core/rtw_cmd.c
@@ -342,7 +342,7 @@ u8 rtw_createbss_cmd(struct adapter  *padapter)
 	else
 		RT_TRACE(_module_rtl871x_cmd_c_, _drv_info_, (" createbss for SSid:%s\n", pmlmepriv->assoc_ssid.Ssid));
 
-	pcmd = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL);
+	pcmd = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC);
 	if (!pcmd) {
 		res = _FAIL;
 		goto exit;