staging: rtl8723bs: Fix a sleep-in-atomic-context bug in issue_deauth_ex()

The driver may sleep with holding a spinlock.
The function call paths (from bottom to top) in Linux-4.17 are:

[FUNC] msleep
drivers/staging/rtl8723bs/core/rtw_mlme_ext.c, 3805:
	msleep in issue_deauth_ex
drivers/staging/rtl8723bs/core/rtw_mlme_ext.c, 6336:
	issue_deauth_ex in disconnect_hdl
drivers/staging/rtl8723bs/core/rtw_cmd.c, 963:
	disconnect_hdl in rtw_disassoc_cmd
drivers/staging/rtl8723bs/core/rtw_ioctl_set.c, 506:
	rtw_disassoc_cmd in rtw_set_802_11_disassociate
drivers/staging/rtl8723bs/core/rtw_ioctl_set.c, 501:
	spin_lock_bh in rtw_set_802_11_disassociate

[FUNC] msleep
drivers/staging/rtl8723bs/core/rtw_mlme_ext.c, 3805:
	msleep in issue_deauth_ex
drivers/staging/rtl8723bs/core/rtw_mlme_ext.c, 6336:
	issue_deauth_ex in disconnect_hdl
drivers/staging/rtl8723bs/core/rtw_cmd.c, 963:
	disconnect_hdl in rtw_disassoc_cmd
drivers/staging/rtl8723bs/core/rtw_mlme.c, 2256:
	rtw_disassoc_cmd in rtw_select_and_join_from_scanned_queue
drivers/staging/rtl8723bs/core/rtw_mlme.c, 2204:
	spin_lock_bh in rtw_select_and_join_from_scanned_queue

To fix this bug, msleep() is replaced with mdelay().

This bug is found by my static analysis tool DSAC.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/staging/rtl8723bs/core/rtw_mlme_ext.c b/drivers/staging/rtl8723bs/core/rtw_mlme_ext.c
index 0952d15f6d40f66243cc8c91e7d109fb749886f2..bf055935ef652eeb961c260ea55bc7655b0b5fac 100644 (file)
--- a/drivers/staging/rtl8723bs/core/rtw_mlme_ext.c
+++ b/drivers/staging/rtl8723bs/core/rtw_mlme_ext.c
@@ -3796,7 +3796,7 @@ int issue_deauth_ex(struct adapter *padapter, u8 *da, unsigned short reason, int
                        break;
 
                if (i < try_cnt && wait_ms > 0 && ret == _FAIL)
-                       msleep(wait_ms);
+                       mdelay(wait_ms);
 
        } while ((i < try_cnt) && ((ret == _FAIL) || (wait_ms == 0)));