diff options
author | Jia-Ju Bai <baijiaju1990@gmail.com> | 2017-12-12 16:08:06 +0300 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2017-12-13 14:48:46 +0300 |
commit | 705f385849b209605dadf0450effd96947fdb6c6 (patch) | |
tree | 882ab89ea7d758c45413b0072d1eb5e725cea13b /drivers/staging/rtl8188eu | |
parent | d6a5eee8e050d85a65afb22f5259e3619f0b8cb0 (diff) | |
download | linux-705f385849b209605dadf0450effd96947fdb6c6.tar.xz |
rtl8188eu: Fix a possible sleep-in-atomic bug in set_tx_beacon_cmd
The driver may sleep under a spinlock.
The function call path is:
update_beacon (acquire the spinlock)
update_BCNTIM
set_tx_beacon_cmd
kzalloc(GFP_KERNEL) --> may sleep
kmemdup(GFP_KERNEL) --> may sleep
To fix it, GFP_KERNEL is replaced with GFP_ATOMIC.
This bug is found by my static analysis tool(DSAC) and checked by my code review.
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/staging/rtl8188eu')
-rw-r--r-- | drivers/staging/rtl8188eu/core/rtw_mlme_ext.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c b/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c index d73e9bdc80cc..bcb6919bb7d5 100644 --- a/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c +++ b/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c @@ -5395,14 +5395,14 @@ u8 set_tx_beacon_cmd(struct adapter *padapter) int len_diff = 0; - ph2c = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL); + ph2c = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC); if (!ph2c) { res = _FAIL; goto exit; } ptxBeacon_parm = kmemdup(&(pmlmeinfo->network), - sizeof(struct wlan_bssid_ex), GFP_KERNEL); + sizeof(struct wlan_bssid_ex), GFP_ATOMIC); if (ptxBeacon_parm == NULL) { kfree(ph2c); res = _FAIL; |