All of lore.kernel.org
 help / color / mirror / Atom feed
* [bug report] wifi: ath12k: missing kmalloc checks
@ 2023-02-16 13:59 Dan Carpenter
  0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2023-02-16 13:59 UTC (permalink / raw)
  To: quic_kvalo; +Cc: ath12k

Hello Kalle Valo,

The patch d889913205cf: "wifi: ath12k: driver for Qualcomm Wi-Fi 7
devices" from Nov 28, 2022, leads to the following Smatch static
checker warning:

	drivers/net/wireless/ath/ath12k/mac.c:2792 ath12k_mac_op_hw_scan()
	warn: 'arg.extraie.ptr' was never checked for NULL

drivers/net/wireless/ath/ath12k/mac.c
    2716 static int ath12k_mac_op_hw_scan(struct ieee80211_hw *hw,
    2717                                  struct ieee80211_vif *vif,
    2718                                  struct ieee80211_scan_request *hw_req)
    2719 {
    2720         struct ath12k *ar = hw->priv;
    2721         struct ath12k_vif *arvif = ath12k_vif_to_arvif(vif);
    2722         struct cfg80211_scan_request *req = &hw_req->req;
    2723         struct ath12k_wmi_scan_req_arg arg = {};
    2724         int ret;
    2725         int i;
    2726 
    2727         mutex_lock(&ar->conf_mutex);
    2728 
    2729         spin_lock_bh(&ar->data_lock);
    2730         switch (ar->scan.state) {
    2731         case ATH12K_SCAN_IDLE:
    2732                 reinit_completion(&ar->scan.started);
    2733                 reinit_completion(&ar->scan.completed);
    2734                 ar->scan.state = ATH12K_SCAN_STARTING;
    2735                 ar->scan.is_roc = false;
    2736                 ar->scan.vdev_id = arvif->vdev_id;
    2737                 ret = 0;
    2738                 break;
    2739         case ATH12K_SCAN_STARTING:
    2740         case ATH12K_SCAN_RUNNING:
    2741         case ATH12K_SCAN_ABORTING:
    2742                 ret = -EBUSY;
    2743                 break;
    2744         }
    2745         spin_unlock_bh(&ar->data_lock);
    2746 
    2747         if (ret)
    2748                 goto exit;
    2749 
    2750         ath12k_wmi_start_scan_init(ar, &arg);
    2751         arg.vdev_id = arvif->vdev_id;
    2752         arg.scan_id = ATH12K_SCAN_ID;
    2753 
    2754         if (req->ie_len) {
    2755                 arg.extraie.len = req->ie_len;
    2756                 arg.extraie.ptr = kzalloc(req->ie_len, GFP_KERNEL);

kzalloc() can fails.

    2757                 memcpy(arg.extraie.ptr, req->ie, req->ie_len);

Crash here.

    2758         }
    2759 

regards,
dan carpenter

-- 
ath12k mailing list
ath12k@lists.infradead.org
https://lists.infradead.org/mailman/listinfo/ath12k

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2023-02-16 14:00 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-02-16 13:59 [bug report] wifi: ath12k: missing kmalloc checks Dan Carpenter

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.