public inbox for ath12k@lists.infradead.org
 help / color / mirror / Atom feed
* [bug report] wifi: ath12k: missing kmalloc checks
@ 2023-02-16 13:59 Dan Carpenter
  0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2023-02-16 13:59 UTC (permalink / raw)
  To: quic_kvalo; +Cc: ath12k

Hello Kalle Valo,

The patch d889913205cf: "wifi: ath12k: driver for Qualcomm Wi-Fi 7
devices" from Nov 28, 2022, leads to the following Smatch static
checker warning:

	drivers/net/wireless/ath/ath12k/mac.c:2792 ath12k_mac_op_hw_scan()
	warn: 'arg.extraie.ptr' was never checked for NULL

drivers/net/wireless/ath/ath12k/mac.c
    2716 static int ath12k_mac_op_hw_scan(struct ieee80211_hw *hw,
    2717                                  struct ieee80211_vif *vif,
    2718                                  struct ieee80211_scan_request *hw_req)
    2719 {
    2720         struct ath12k *ar = hw->priv;
    2721         struct ath12k_vif *arvif = ath12k_vif_to_arvif(vif);
    2722         struct cfg80211_scan_request *req = &hw_req->req;
    2723         struct ath12k_wmi_scan_req_arg arg = {};
    2724         int ret;
    2725         int i;
    2726 
    2727         mutex_lock(&ar->conf_mutex);
    2728 
    2729         spin_lock_bh(&ar->data_lock);
    2730         switch (ar->scan.state) {
    2731         case ATH12K_SCAN_IDLE:
    2732                 reinit_completion(&ar->scan.started);
    2733                 reinit_completion(&ar->scan.completed);
    2734                 ar->scan.state = ATH12K_SCAN_STARTING;
    2735                 ar->scan.is_roc = false;
    2736                 ar->scan.vdev_id = arvif->vdev_id;
    2737                 ret = 0;
    2738                 break;
    2739         case ATH12K_SCAN_STARTING:
    2740         case ATH12K_SCAN_RUNNING:
    2741         case ATH12K_SCAN_ABORTING:
    2742                 ret = -EBUSY;
    2743                 break;
    2744         }
    2745         spin_unlock_bh(&ar->data_lock);
    2746 
    2747         if (ret)
    2748                 goto exit;
    2749 
    2750         ath12k_wmi_start_scan_init(ar, &arg);
    2751         arg.vdev_id = arvif->vdev_id;
    2752         arg.scan_id = ATH12K_SCAN_ID;
    2753 
    2754         if (req->ie_len) {
    2755                 arg.extraie.len = req->ie_len;
    2756                 arg.extraie.ptr = kzalloc(req->ie_len, GFP_KERNEL);

kzalloc() can fails.

    2757                 memcpy(arg.extraie.ptr, req->ie, req->ie_len);

Crash here.

    2758         }
    2759 

regards,
dan carpenter

-- 
ath12k mailing list
ath12k@lists.infradead.org
https://lists.infradead.org/mailman/listinfo/ath12k

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2023-02-16 14:00 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-02-16 13:59 [bug report] wifi: ath12k: missing kmalloc checks Dan Carpenter

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox