All of lore.kernel.org
 help / color / mirror / Atom feed
From: Dan Carpenter <error27@gmail.com>
To: quic_kvalo@quicinc.com
Cc: ath12k@lists.infradead.org
Subject: [bug report] wifi: ath12k: missing kmalloc checks
Date: Thu, 16 Feb 2023 16:59:53 +0300	[thread overview]
Message-ID: <Y+422WFdVPaDJuCe@kili> (raw)

Hello Kalle Valo,

The patch d889913205cf: "wifi: ath12k: driver for Qualcomm Wi-Fi 7
devices" from Nov 28, 2022, leads to the following Smatch static
checker warning:

	drivers/net/wireless/ath/ath12k/mac.c:2792 ath12k_mac_op_hw_scan()
	warn: 'arg.extraie.ptr' was never checked for NULL

drivers/net/wireless/ath/ath12k/mac.c
    2716 static int ath12k_mac_op_hw_scan(struct ieee80211_hw *hw,
    2717                                  struct ieee80211_vif *vif,
    2718                                  struct ieee80211_scan_request *hw_req)
    2719 {
    2720         struct ath12k *ar = hw->priv;
    2721         struct ath12k_vif *arvif = ath12k_vif_to_arvif(vif);
    2722         struct cfg80211_scan_request *req = &hw_req->req;
    2723         struct ath12k_wmi_scan_req_arg arg = {};
    2724         int ret;
    2725         int i;
    2726 
    2727         mutex_lock(&ar->conf_mutex);
    2728 
    2729         spin_lock_bh(&ar->data_lock);
    2730         switch (ar->scan.state) {
    2731         case ATH12K_SCAN_IDLE:
    2732                 reinit_completion(&ar->scan.started);
    2733                 reinit_completion(&ar->scan.completed);
    2734                 ar->scan.state = ATH12K_SCAN_STARTING;
    2735                 ar->scan.is_roc = false;
    2736                 ar->scan.vdev_id = arvif->vdev_id;
    2737                 ret = 0;
    2738                 break;
    2739         case ATH12K_SCAN_STARTING:
    2740         case ATH12K_SCAN_RUNNING:
    2741         case ATH12K_SCAN_ABORTING:
    2742                 ret = -EBUSY;
    2743                 break;
    2744         }
    2745         spin_unlock_bh(&ar->data_lock);
    2746 
    2747         if (ret)
    2748                 goto exit;
    2749 
    2750         ath12k_wmi_start_scan_init(ar, &arg);
    2751         arg.vdev_id = arvif->vdev_id;
    2752         arg.scan_id = ATH12K_SCAN_ID;
    2753 
    2754         if (req->ie_len) {
    2755                 arg.extraie.len = req->ie_len;
    2756                 arg.extraie.ptr = kzalloc(req->ie_len, GFP_KERNEL);

kzalloc() can fails.

    2757                 memcpy(arg.extraie.ptr, req->ie, req->ie_len);

Crash here.

    2758         }
    2759 

regards,
dan carpenter

-- 
ath12k mailing list
ath12k@lists.infradead.org
https://lists.infradead.org/mailman/listinfo/ath12k

                 reply	other threads:[~2023-02-16 14:00 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y+422WFdVPaDJuCe@kili \
    --to=error27@gmail.com \
    --cc=ath12k@lists.infradead.org \
    --cc=quic_kvalo@quicinc.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.