From 8204b61a775879acaa4ec67fc5f92985238cc27d Mon Sep 17 00:00:00 2001
From: Jia-Ju Bai <baijiaju1990@gmail.com>
Date: Sat, 15 Sep 2018 10:49:44 +0800
Subject: [PATCH] staging: rtl8723bs: Fix two sleep-in-atomic-context bugs in
 _rtw_pwr_wakeup()

The driver may sleep with holding a spinlock.
The function call paths (from bottom to top) in Linux-4.17 are:

[FUNC] msleep
drivers/staging/rtl8723bs/core/rtw_pwrctrl.c, 1243:
	msleep in _rtw_pwr_wakeup
drivers/staging/rtl8723bs/core/rtw_ioctl_set.c, 510:
	_rtw_pwr_wakeup in rtw_set_802_11_disassociate
drivers/staging/rtl8723bs/core/rtw_ioctl_set.c, 501:
	spin_lock_bh in rtw_set_802_11_disassociate

[FUNC] msleep
drivers/staging/rtl8723bs/core/rtw_pwrctrl.c, 1255:
	msleep in _rtw_pwr_wakeup
drivers/staging/rtl8723bs/core/rtw_ioctl_set.c, 510:
	_rtw_pwr_wakeup in rtw_set_802_11_disassociate
drivers/staging/rtl8723bs/core/rtw_ioctl_set.c, 501:
	spin_lock_bh in rtw_set_802_11_disassociate

To fix these bugs, msleep() is replaced with mdelay().

These bugs are found by my static analysis tool DSAC.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/staging/rtl8723bs/core/rtw_pwrctrl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/staging/rtl8723bs/core/rtw_pwrctrl.c b/drivers/staging/rtl8723bs/core/rtw_pwrctrl.c
index 110bbe340b78..59a667753266 100644
--- a/drivers/staging/rtl8723bs/core/rtw_pwrctrl.c
+++ b/drivers/staging/rtl8723bs/core/rtw_pwrctrl.c
@@ -1232,7 +1232,7 @@ int _rtw_pwr_wakeup(struct adapter *padapter, u32 ips_deffer_ms, const char *cal
 	if (pwrpriv->ps_processing) {
 		DBG_871X("%s wait ps_processing...\n", __func__);
 		while (pwrpriv->ps_processing && jiffies_to_msecs(jiffies - start) <= 3000)
-			msleep(10);
+			mdelay(10);
 		if (pwrpriv->ps_processing)
 			DBG_871X("%s wait ps_processing timeout\n", __func__);
 		else
@@ -1244,7 +1244,7 @@ int _rtw_pwr_wakeup(struct adapter *padapter, u32 ips_deffer_ms, const char *cal
 		while (pwrpriv->bInSuspend
 			&& jiffies_to_msecs(jiffies - start) <= 3000
 		) {
-			msleep(10);
+			mdelay(10);
 		}
 		if (pwrpriv->bInSuspend)
 			DBG_871X("%s wait bInSuspend timeout\n", __func__);
-- 
2.11.0