A possible call chain is as follow:
ks_wlan_start_xmit (ks_wlan_net.c)
--> hostif_data_request (ks_hostif.c)
--> michael_mic (ks_hostif.c)
'ks_wlan_start_xmit()' is a '.ndo_start_xmit()' function (see
net_device_ops structure). Such calls are guarded by the __netif_tx_lock
spinlock. So memory allocation must be atomic.
So, use GFP_ATOMIC instead of GFP_KERNEL 'in michael_mic()'
Fixes: ???
Signed-off-by: Christophe JAILLET <christophe.jaillet@xxxxxxxxxx>
---
This is completely speculative. I don't know if the call chain given above
if possible in RL application.
So review carefully :)
If the fix is correct, it is also more the starting point of a bigger
change, because in 'michael_mic()' there is a call to
'crypto_alloc_shash()' and this function uses GFP_KERNEL internally (in
'crypto_create_tfm()')
Should this need to be changed, I don't know how 'ks_hostif.c' should be
fixed. Changing allocation in 'crypto/api.c' looks like an overkill.
In other word, I think that my patch is wrong, but don't know what else to
propose :).
---
drivers/staging/ks7010/ks_hostif.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/ks7010/ks_hostif.c b/drivers/staging/ks7010/ks_hostif.c
index d70b671b06aa..c66f50e4a158 100644
--- a/drivers/staging/ks7010/ks_hostif.c
+++ b/drivers/staging/ks7010/ks_hostif.c
@@ -212,7 +212,7 @@ michael_mic(u8 *key, u8 *data, unsigned int len, u8 priority, u8 *result)
if (ret < 0)
goto err_free_tfm;
- desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(tfm), GFP_KERNEL);
+ desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(tfm), GFP_ATOMIC);
if (!desc) {
ret = -ENOMEM;
goto err_free_tfm;
--
2.25.1
