From: Jia-Ju Bai <baijiaju1990@163.com>
Date: Sun, 8 Oct 2017 11:54:07 +0000 (+0800)
Subject: rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_disassoc_cmd
X-Git-Tag: C0P2-H0.0--20200415~6039
X-Git-Url: https://git.somdevices.com/?a=commitdiff_plain;h=8315bcf841ae26d266dbaecd8a47956632478799;p=linux.git

rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_disassoc_cmd


[ Upstream commit 08880f8e08cbd814e870e9d3ab9530abc1bce226 ]

The driver may sleep under a spinlock, and the function call path is:
rtw_set_802_11_bssid(acquire the spinlock)
  rtw_disassoc_cmd
    kzalloc(GFP_KERNEL) --> may sleep

To fix it, GFP_KERNEL is replaced with GFP_ATOMIC.
This bug is found by my static analysis tool and my code review.

Signed-off-by: Jia-Ju Bai <baijiaju1990@163.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/drivers/staging/rtl8188eu/core/rtw_cmd.c b/drivers/staging/rtl8188eu/core/rtw_cmd.c
index 318d5b002272..6051a7ba0797 100644
--- a/drivers/staging/rtl8188eu/core/rtw_cmd.c
+++ b/drivers/staging/rtl8188eu/core/rtw_cmd.c
@@ -522,7 +522,7 @@ u8 rtw_disassoc_cmd(struct adapter *padapter, u32 deauth_timeout_ms, bool enqueu
 
 	if (enqueue) {
 		/* need enqueue, prepare cmd_obj and enqueue */
-		cmdobj = kzalloc(sizeof(*cmdobj), GFP_KERNEL);
+		cmdobj = kzalloc(sizeof(*cmdobj), GFP_ATOMIC);
 		if (!cmdobj) {
 			res = _FAIL;
 			kfree(param);