From: Jia-Ju Bai <baijiaju1990@163.com>
Date: Tue, 12 Dec 2017 09:26:36 +0000 (+0800)
Subject: mac80211_hwsim: Fix a possible sleep-in-atomic bug in hwsim_get_radio_nl
X-Git-Tag: v4.15-rc5~10^2~26^2~2
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=162bd5e5fd921785077b5862d8f2ffabe2fe11e5;p=users%2Fjedix%2Flinux-maple.git

mac80211_hwsim: Fix a possible sleep-in-atomic bug in hwsim_get_radio_nl

The driver may sleep under a spinlock.
The function call path is:
hwsim_get_radio_nl (acquire the spinlock)
  nlmsg_new(GFP_KERNEL) --> may sleep

To fix it, GFP_KERNEL is replaced with GFP_ATOMIC.

This bug is found by my static analysis tool(DSAC) and checked by my code review.

Signed-off-by: Jia-Ju Bai <baijiaju1990@163.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---

diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
index 59b0cedcdf7b..e8189c07b41f 100644
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
@@ -3216,7 +3216,7 @@ static int hwsim_get_radio_nl(struct sk_buff *msg, struct genl_info *info)
 		if (!net_eq(wiphy_net(data->hw->wiphy), genl_info_net(info)))
 			continue;
 
-		skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
+		skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
 		if (!skb) {
 			res = -ENOMEM;
 			goto out_err;