staging: r8188eu: Fix scheduling while atomic error introduced in commit fadbe0cd

In commit fadbe0cd5292851608e2e01b91d9295fa287b9fe entitled "staging: rtl8188eu:Remove rtw_zmalloc(), wrapper for kzalloc()", the author failed to note that the original code in the wrapper tested whether the caller could sleep, and set the flags argument to kzalloc() appropriately. After the patch, GFP_KERNEL is used unconditionally. Unfortunately, several of the routines may be entered from an interrupt routine and generate a BUG splat for every such call. Routine rtw_sitesurvey_cmd() is used in the example below: BUG: sleeping function called from invalid context at mm/slub.c:1240 in_atomic(): 1, irqs_disabled(): 0, pid: 756, name: wpa_supplicant INFO: lockdep is turned off. CPU: 2 PID: 756 Comm: wpa_supplicant Tainted: G WC O 3.18.0-rc4+ #34 Hardware name: TOSHIBA TECRA A50-A/TECRA A50-A, BIOS Version 4.20 04/17/2014 ffffc90005557000 ffff880216fafaa8 ffffffff816b0bbf 0000000000000000 ffff8800c3b58000 ffff880216fafac8 ffffffff8107af77 0000000000000001 0000000000000010 ffff880216fafb18 ffffffff811b06ce 0000000000000000 Call Trace: [<ffffffff816b0bbf>] dump_stack+0x4e/0x71 [<ffffffff8107af77>] __might_sleep+0xf7/0x120 [<ffffffff811b06ce>] kmem_cache_alloc_trace+0x4e/0x1f0 [<ffffffffa0888226>] ? rtw_sitesurvey_cmd+0x56/0x2a0 [r8188eu] [<ffffffffa0888226>] rtw_sitesurvey_cmd+0x56/0x2a0 [r8188eu] [<ffffffffa088f00d>] rtw_do_join+0x22d/0x370 [r8188eu] [<ffffffffa088f6e8>] rtw_set_802_11_ssid+0x218/0x3d0 [r8188eu] [<ffffffffa08c3ca5>] rtw_wx_set_essid+0x1e5/0x410 [r8188eu] [<ffffffffa08c3ac0>] ? rtw_wx_get_rate+0x50/0x50 [r8188eu] [<ffffffff816938f1>] ioctl_standard_iw_point+0x151/0x3f0 [<ffffffff81693d52>] ioctl_standard_call+0xb2/0xe0 [<ffffffff81597df7>] ? rtnl_lock+0x17/0x20 [<ffffffff816945a0>] ? iw_handler_get_private+0x70/0x70 [<ffffffff81693ca0>] ? call_commit_handler+0x40/0x40 [<ffffffff81693256>] wireless_process_ioctl+0x176/0x1c0 [<ffffffff81693e79>] wext_handle_ioctl+0x69/0xc0 [<ffffffff8159fe79>] dev_ioctl+0x309/0x5e0 [<ffffffff810be9c7>] ? call_rcu+0x17/0x20 [<ffffffff8156a472>] sock_ioctl+0x142/0x2e0 [<ffffffff811e0c70>] do_vfs_ioctl+0x300/0x520 [<ffffffff81101514>] ? __audit_syscall_entry+0xb4/0x110 [<ffffffff81101514>] ? __audit_syscall_entry+0xb4/0x110 [<ffffffff810102bc>] ? do_audit_syscall_entry+0x6c/0x70 [<ffffffff811e0f11>] SyS_ioctl+0x81/0xa0 [<ffffffff816ba1d2>] system_call_fastpath+0x12/0x17 Additional routines that generate this BUG are rtw_joinbss_cmd(), rtw_dynamic_chk_wk_cmd(), rtw_lps_ctrl_wk_cmd(), rtw_rpt_timer_cfg_cmd(), rtw_ps_cmd(), report_survey_event(), report_join_res(), survey_timer_hdl(), and rtw_check_bcn_info(). Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Cc: navin patidar <navin.patidar@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Larry Finger <Larry.Finger@lwfinger.net> 2014-11-12 11:07:49 -0500
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2014-11-26 17:03:48 -0500
commit: 33dc85c3c667209c930b2dac5ccbc2a365e06b7a (patch)
tree: 0b984f32ad52cbaa1eebba6647624ef8403194b6
parent: 8bb9b9a006e8b092be3a14530d8f12cb4cb9428b (diff)
3 files changed, 18 insertions, 18 deletions
diff --git a/drivers/staging/rtl8188eu/core/rtw_cmd.c b/drivers/staging/rtl8188eu/core/rtw_cmd.c
index 9935e66935af..eddef9cd2e16 100644
--- a/drivers/staging/rtl8188eu/core/rtw_cmd.c
+++ b/drivers/staging/rtl8188eu/core/rtw_cmd.c
@@ -275,11 +275,11 @@ u8 rtw_sitesurvey_cmd(struct adapter  *padapter, struct ndis_802_11_ssid *ssid,
        if (check_fwstate(pmlmepriv, _FW_LINKED) == true)
                rtw_lps_ctrl_wk_cmd(padapter, LPS_CTRL_SCAN, 1);
-        ph2c = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL);
+        ph2c = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC);
        if (ph2c == NULL)
                return _FAIL;
-        psurveyPara = kzalloc(sizeof(struct sitesurvey_parm), GFP_KERNEL);
+        psurveyPara = kzalloc(sizeof(struct sitesurvey_parm), GFP_ATOMIC);
        if (psurveyPara == NULL) {
                kfree(ph2c);
                return _FAIL;
@@ -405,7 +405,7 @@ u8 rtw_joinbss_cmd(struct adapter  *padapter, struct wlan_network *pnetwork)
        else
                RT_TRACE(_module_rtl871x_cmd_c_, _drv_notice_, ("+Join cmd: SSid =[%s]\n", pmlmepriv->assoc_ssid.Ssid));
-        pcmd = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL);
+        pcmd = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC);
        if (pcmd == NULL) {
                res = _FAIL;
                RT_TRACE(_module_rtl871x_cmd_c_, _drv_err_, ("rtw_joinbss_cmd: memory allocate for cmd_obj fail!!!\n"));
@@ -755,13 +755,13 @@ u8 rtw_dynamic_chk_wk_cmd(struct adapter *padapter)
        u8      res = _SUCCESS;
-        ph2c = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL);
+        ph2c = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC);
        if (ph2c == NULL) {
                res = _FAIL;
                goto exit;
        }
-        pdrvextra_cmd_parm = kzalloc(sizeof(struct drvextra_cmd_parm), GFP_KERNEL);
+        pdrvextra_cmd_parm = kzalloc(sizeof(struct drvextra_cmd_parm), GFP_ATOMIC);
        if (pdrvextra_cmd_parm == NULL) {
                kfree(ph2c);
                res = _FAIL;
@@ -967,13 +967,13 @@ u8 rtw_lps_ctrl_wk_cmd(struct adapter *padapter, u8 lps_ctrl_type, u8 enqueue)
        u8      res = _SUCCESS;
        if (enqueue) {
-                ph2c = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL);
+                ph2c = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC);
                if (ph2c == NULL) {
                        res = _FAIL;
                        goto exit;
                }
-                pdrvextra_cmd_parm = kzalloc(sizeof(struct drvextra_cmd_parm), GFP_KERNEL);
+                pdrvextra_cmd_parm = kzalloc(sizeof(struct drvextra_cmd_parm), GFP_ATOMIC);
                if (pdrvextra_cmd_parm == NULL) {
                        kfree(ph2c);
                        res = _FAIL;
@@ -1010,13 +1010,13 @@ u8 rtw_rpt_timer_cfg_cmd(struct adapter *padapter, u16 min_time)
        u8      res = _SUCCESS;
-        ph2c = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL);
+        ph2c = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC);
        if (ph2c == NULL) {
                res = _FAIL;
                goto exit;
        }
-        pdrvextra_cmd_parm = kzalloc(sizeof(struct drvextra_cmd_parm), GFP_KERNEL);
+        pdrvextra_cmd_parm = kzalloc(sizeof(struct drvextra_cmd_parm), GFP_ATOMIC);
        if (pdrvextra_cmd_parm == NULL) {
                kfree(ph2c);
                res = _FAIL;
@@ -1088,13 +1088,13 @@ u8 rtw_ps_cmd(struct adapter *padapter)
        u8      res = _SUCCESS;
-        ppscmd = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL);
+        ppscmd = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC);
        if (ppscmd == NULL) {
                res = _FAIL;
                goto exit;
        }
-        pdrvextra_cmd_parm = kzalloc(sizeof(struct drvextra_cmd_parm), GFP_KERNEL);
+        pdrvextra_cmd_parm = kzalloc(sizeof(struct drvextra_cmd_parm), GFP_ATOMIC);
        if (pdrvextra_cmd_parm == NULL) {
                kfree(ppscmd);
                res = _FAIL;
diff --git a/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c b/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c
index 5ba5099ec20d..70b1bc3e0e63 100644
--- a/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c
+++ b/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c
@@ -4241,12 +4241,12 @@ void report_survey_event(struct adapter *padapter,
        pcmdpriv = &padapter->cmdpriv;
-        pcmd_obj = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL);
+        pcmd_obj = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC);
        if (pcmd_obj == NULL)
                return;
        cmdsz = (sizeof(struct survey_event) + sizeof(struct C2HEvent_Header));
-        pevtcmd = kzalloc(cmdsz, GFP_KERNEL);
+        pevtcmd = kzalloc(cmdsz, GFP_ATOMIC);
        if (pevtcmd == NULL) {
                kfree(pcmd_obj);
                return;
@@ -4339,12 +4339,12 @@ void report_join_res(struct adapter *padapter, int res)
        struct mlme_ext_info    *pmlmeinfo = &(pmlmeext->mlmext_info);
        struct cmd_priv *pcmdpriv = &padapter->cmdpriv;
-        pcmd_obj = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL);
+        pcmd_obj = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC);
        if (pcmd_obj == NULL)
                return;
        cmdsz = (sizeof(struct joinbss_event) + sizeof(struct C2HEvent_Header));
-        pevtcmd = kzalloc(cmdsz, GFP_KERNEL);
+        pevtcmd = kzalloc(cmdsz, GFP_ATOMIC);
        if (pevtcmd == NULL) {
                kfree(pcmd_obj);
                return;
@@ -4854,11 +4854,11 @@ void survey_timer_hdl(void *function_context)
                        pmlmeext->scan_abort = false;/* reset */
                }
-                ph2c = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL);
+                ph2c = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC);
                if (ph2c == NULL)
                        goto exit_survey_timer_hdl;
-                psurveyPara = kzalloc(sizeof(struct sitesurvey_parm), GFP_KERNEL);
+                psurveyPara = kzalloc(sizeof(struct sitesurvey_parm), GFP_ATOMIC);
                if (psurveyPara == NULL) {
                        kfree(ph2c);
                        goto exit_survey_timer_hdl;
diff --git a/drivers/staging/rtl8188eu/core/rtw_wlan_util.c b/drivers/staging/rtl8188eu/core/rtw_wlan_util.c
index 33ccbbbd8ed6..d300369977fa 100644
--- a/drivers/staging/rtl8188eu/core/rtw_wlan_util.c
+++ b/drivers/staging/rtl8188eu/core/rtw_wlan_util.c
@@ -935,7 +935,7 @@ int rtw_check_bcn_info(struct adapter  *Adapter, u8 *pframe, u32 packet_len)
                return true;
        }
-        bssid = kzalloc(sizeof(struct wlan_bssid_ex), GFP_KERNEL);
+        bssid = kzalloc(sizeof(struct wlan_bssid_ex), GFP_ATOMIC);
        subtype = GetFrameSubType(pframe) >> 4;
author	Larry Finger <Larry.Finger@lwfinger.net>	2014-11-12 11:07:49 -0500
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2014-11-26 17:03:48 -0500
commit	33dc85c3c667209c930b2dac5ccbc2a365e06b7a (patch)
tree	0b984f32ad52cbaa1eebba6647624ef8403194b6
parent	8bb9b9a006e8b092be3a14530d8f12cb4cb9428b (diff)

diff --git a/drivers/staging/rtl8188eu/core/rtw_cmd.c b/drivers/staging/rtl8188eu/core/rtw_cmd.c index 9935e66935af..eddef9cd2e16 100644 --- a/drivers/staging/rtl8188eu/core/rtw_cmd.c +++ b/drivers/staging/rtl8188eu/core/rtw_cmd.c
@@ -275,11 +275,11 @@ u8 rtw_sitesurvey_cmd(struct adapter padapter, struct ndis_802_11_ssid ssid,
275	if (check_fwstate(pmlmepriv, _FW_LINKED) == true)	275	if (check_fwstate(pmlmepriv, _FW_LINKED) == true)
276	rtw_lps_ctrl_wk_cmd(padapter, LPS_CTRL_SCAN, 1);	276	rtw_lps_ctrl_wk_cmd(padapter, LPS_CTRL_SCAN, 1);
277		277
278	ph2c = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL);	278	ph2c = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC);
279	if (ph2c == NULL)	279	if (ph2c == NULL)
280	return _FAIL;	280	return _FAIL;
281		281
282	psurveyPara = kzalloc(sizeof(struct sitesurvey_parm), GFP_KERNEL);	282	psurveyPara = kzalloc(sizeof(struct sitesurvey_parm), GFP_ATOMIC);
283	if (psurveyPara == NULL) {	283	if (psurveyPara == NULL) {
284	kfree(ph2c);	284	kfree(ph2c);
285	return _FAIL;	285	return _FAIL;
@@ -405,7 +405,7 @@ u8 rtw_joinbss_cmd(struct adapter padapter, struct wlan_network pnetwork)
405	else	405	else
406	RT_TRACE(_module_rtl871x_cmd_c_, _drv_notice_, ("+Join cmd: SSid =[%s]\n", pmlmepriv->assoc_ssid.Ssid));	406	RT_TRACE(_module_rtl871x_cmd_c_, _drv_notice_, ("+Join cmd: SSid =[%s]\n", pmlmepriv->assoc_ssid.Ssid));
407		407
408	pcmd = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL);	408	pcmd = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC);
409	if (pcmd == NULL) {	409	if (pcmd == NULL) {
410	res = _FAIL;	410	res = _FAIL;
411	RT_TRACE(_module_rtl871x_cmd_c_, _drv_err_, ("rtw_joinbss_cmd: memory allocate for cmd_obj fail!!!\n"));	411	RT_TRACE(_module_rtl871x_cmd_c_, _drv_err_, ("rtw_joinbss_cmd: memory allocate for cmd_obj fail!!!\n"));
@@ -755,13 +755,13 @@ u8 rtw_dynamic_chk_wk_cmd(struct adapter *padapter)
755	u8 res = _SUCCESS;	755	u8 res = _SUCCESS;
756		756
757		757
758	ph2c = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL);	758	ph2c = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC);
759	if (ph2c == NULL) {	759	if (ph2c == NULL) {
760	res = _FAIL;	760	res = _FAIL;
761	goto exit;	761	goto exit;
762	}	762	}
763		763
764	pdrvextra_cmd_parm = kzalloc(sizeof(struct drvextra_cmd_parm), GFP_KERNEL);	764	pdrvextra_cmd_parm = kzalloc(sizeof(struct drvextra_cmd_parm), GFP_ATOMIC);
765	if (pdrvextra_cmd_parm == NULL) {	765	if (pdrvextra_cmd_parm == NULL) {
766	kfree(ph2c);	766	kfree(ph2c);
767	res = _FAIL;	767	res = _FAIL;
@@ -967,13 +967,13 @@ u8 rtw_lps_ctrl_wk_cmd(struct adapter *padapter, u8 lps_ctrl_type, u8 enqueue)
967	u8 res = _SUCCESS;	967	u8 res = _SUCCESS;
968		968
969	if (enqueue) {	969	if (enqueue) {
970	ph2c = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL);	970	ph2c = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC);
971	if (ph2c == NULL) {	971	if (ph2c == NULL) {
972	res = _FAIL;	972	res = _FAIL;
973	goto exit;	973	goto exit;
974	}	974	}
975		975
976	pdrvextra_cmd_parm = kzalloc(sizeof(struct drvextra_cmd_parm), GFP_KERNEL);	976	pdrvextra_cmd_parm = kzalloc(sizeof(struct drvextra_cmd_parm), GFP_ATOMIC);
977	if (pdrvextra_cmd_parm == NULL) {	977	if (pdrvextra_cmd_parm == NULL) {
978	kfree(ph2c);	978	kfree(ph2c);
979	res = _FAIL;	979	res = _FAIL;
@@ -1010,13 +1010,13 @@ u8 rtw_rpt_timer_cfg_cmd(struct adapter *padapter, u16 min_time)
1010		1010
1011	u8 res = _SUCCESS;	1011	u8 res = _SUCCESS;
1012		1012
1013	ph2c = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL);	1013	ph2c = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC);
1014	if (ph2c == NULL) {	1014	if (ph2c == NULL) {
1015	res = _FAIL;	1015	res = _FAIL;
1016	goto exit;	1016	goto exit;
1017	}	1017	}
1018		1018
1019	pdrvextra_cmd_parm = kzalloc(sizeof(struct drvextra_cmd_parm), GFP_KERNEL);	1019	pdrvextra_cmd_parm = kzalloc(sizeof(struct drvextra_cmd_parm), GFP_ATOMIC);
1020	if (pdrvextra_cmd_parm == NULL) {	1020	if (pdrvextra_cmd_parm == NULL) {
1021	kfree(ph2c);	1021	kfree(ph2c);
1022	res = _FAIL;	1022	res = _FAIL;
@@ -1088,13 +1088,13 @@ u8 rtw_ps_cmd(struct adapter *padapter)
1088		1088
1089	u8 res = _SUCCESS;	1089	u8 res = _SUCCESS;
1090		1090
1091	ppscmd = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL);	1091	ppscmd = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC);
1092	if (ppscmd == NULL) {	1092	if (ppscmd == NULL) {
1093	res = _FAIL;	1093	res = _FAIL;
1094	goto exit;	1094	goto exit;
1095	}	1095	}
1096		1096
1097	pdrvextra_cmd_parm = kzalloc(sizeof(struct drvextra_cmd_parm), GFP_KERNEL);	1097	pdrvextra_cmd_parm = kzalloc(sizeof(struct drvextra_cmd_parm), GFP_ATOMIC);
1098	if (pdrvextra_cmd_parm == NULL) {	1098	if (pdrvextra_cmd_parm == NULL) {
1099	kfree(ppscmd);	1099	kfree(ppscmd);
1100	res = _FAIL;	1100	res = _FAIL;


diff --git a/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c b/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c index 5ba5099ec20d..70b1bc3e0e63 100644 --- a/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c +++ b/drivers/staging/rtl8188eu/core/rtw_mlme_ext.c
@@ -4241,12 +4241,12 @@ void report_survey_event(struct adapter *padapter,
4241	pcmdpriv = &padapter->cmdpriv;	4241	pcmdpriv = &padapter->cmdpriv;
4242		4242
4243		4243
4244	pcmd_obj = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL);	4244	pcmd_obj = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC);
4245	if (pcmd_obj == NULL)	4245	if (pcmd_obj == NULL)
4246	return;	4246	return;
4247		4247
4248	cmdsz = (sizeof(struct survey_event) + sizeof(struct C2HEvent_Header));	4248	cmdsz = (sizeof(struct survey_event) + sizeof(struct C2HEvent_Header));
4249	pevtcmd = kzalloc(cmdsz, GFP_KERNEL);	4249	pevtcmd = kzalloc(cmdsz, GFP_ATOMIC);
4250	if (pevtcmd == NULL) {	4250	if (pevtcmd == NULL) {
4251	kfree(pcmd_obj);	4251	kfree(pcmd_obj);
4252	return;	4252	return;
@@ -4339,12 +4339,12 @@ void report_join_res(struct adapter *padapter, int res)
4339	struct mlme_ext_info *pmlmeinfo = &(pmlmeext->mlmext_info);	4339	struct mlme_ext_info *pmlmeinfo = &(pmlmeext->mlmext_info);
4340	struct cmd_priv *pcmdpriv = &padapter->cmdpriv;	4340	struct cmd_priv *pcmdpriv = &padapter->cmdpriv;
4341		4341
4342	pcmd_obj = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL);	4342	pcmd_obj = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC);
4343	if (pcmd_obj == NULL)	4343	if (pcmd_obj == NULL)
4344	return;	4344	return;
4345		4345
4346	cmdsz = (sizeof(struct joinbss_event) + sizeof(struct C2HEvent_Header));	4346	cmdsz = (sizeof(struct joinbss_event) + sizeof(struct C2HEvent_Header));
4347	pevtcmd = kzalloc(cmdsz, GFP_KERNEL);	4347	pevtcmd = kzalloc(cmdsz, GFP_ATOMIC);
4348	if (pevtcmd == NULL) {	4348	if (pevtcmd == NULL) {
4349	kfree(pcmd_obj);	4349	kfree(pcmd_obj);
4350	return;	4350	return;
@@ -4854,11 +4854,11 @@ void survey_timer_hdl(void *function_context)
4854	pmlmeext->scan_abort = false;/* reset */	4854	pmlmeext->scan_abort = false;/* reset */
4855	}	4855	}
4856		4856
4857	ph2c = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL);	4857	ph2c = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC);
4858	if (ph2c == NULL)	4858	if (ph2c == NULL)
4859	goto exit_survey_timer_hdl;	4859	goto exit_survey_timer_hdl;
4860		4860
4861	psurveyPara = kzalloc(sizeof(struct sitesurvey_parm), GFP_KERNEL);	4861	psurveyPara = kzalloc(sizeof(struct sitesurvey_parm), GFP_ATOMIC);
4862	if (psurveyPara == NULL) {	4862	if (psurveyPara == NULL) {
4863	kfree(ph2c);	4863	kfree(ph2c);
4864	goto exit_survey_timer_hdl;	4864	goto exit_survey_timer_hdl;


diff --git a/drivers/staging/rtl8188eu/core/rtw_wlan_util.c b/drivers/staging/rtl8188eu/core/rtw_wlan_util.c index 33ccbbbd8ed6..d300369977fa 100644 --- a/drivers/staging/rtl8188eu/core/rtw_wlan_util.c +++ b/drivers/staging/rtl8188eu/core/rtw_wlan_util.c
@@ -935,7 +935,7 @@ int rtw_check_bcn_info(struct adapter Adapter, u8 pframe, u32 packet_len)
935	return true;	935	return true;
936	}	936	}
937		937
938	bssid = kzalloc(sizeof(struct wlan_bssid_ex), GFP_KERNEL);	938	bssid = kzalloc(sizeof(struct wlan_bssid_ex), GFP_ATOMIC);
939		939
940	subtype = GetFrameSubType(pframe) >> 4;	940	subtype = GetFrameSubType(pframe) >> 4;
941		941