[bug report] wifi: ath12k: missing kmalloc checks
Dan Carpenter
error27 at gmail.com
Thu Feb 16 05:59:53 PST 2023
Hello Kalle Valo,
The patch d889913205cf: "wifi: ath12k: driver for Qualcomm Wi-Fi 7
devices" from Nov 28, 2022, leads to the following Smatch static
checker warning:
drivers/net/wireless/ath/ath12k/mac.c:2792 ath12k_mac_op_hw_scan()
warn: 'arg.extraie.ptr' was never checked for NULL
drivers/net/wireless/ath/ath12k/mac.c
2716 static int ath12k_mac_op_hw_scan(struct ieee80211_hw *hw,
2717 struct ieee80211_vif *vif,
2718 struct ieee80211_scan_request *hw_req)
2719 {
2720 struct ath12k *ar = hw->priv;
2721 struct ath12k_vif *arvif = ath12k_vif_to_arvif(vif);
2722 struct cfg80211_scan_request *req = &hw_req->req;
2723 struct ath12k_wmi_scan_req_arg arg = {};
2724 int ret;
2725 int i;
2726
2727 mutex_lock(&ar->conf_mutex);
2728
2729 spin_lock_bh(&ar->data_lock);
2730 switch (ar->scan.state) {
2731 case ATH12K_SCAN_IDLE:
2732 reinit_completion(&ar->scan.started);
2733 reinit_completion(&ar->scan.completed);
2734 ar->scan.state = ATH12K_SCAN_STARTING;
2735 ar->scan.is_roc = false;
2736 ar->scan.vdev_id = arvif->vdev_id;
2737 ret = 0;
2738 break;
2739 case ATH12K_SCAN_STARTING:
2740 case ATH12K_SCAN_RUNNING:
2741 case ATH12K_SCAN_ABORTING:
2742 ret = -EBUSY;
2743 break;
2744 }
2745 spin_unlock_bh(&ar->data_lock);
2746
2747 if (ret)
2748 goto exit;
2749
2750 ath12k_wmi_start_scan_init(ar, &arg);
2751 arg.vdev_id = arvif->vdev_id;
2752 arg.scan_id = ATH12K_SCAN_ID;
2753
2754 if (req->ie_len) {
2755 arg.extraie.len = req->ie_len;
2756 arg.extraie.ptr = kzalloc(req->ie_len, GFP_KERNEL);
kzalloc() can fails.
2757 memcpy(arg.extraie.ptr, req->ie, req->ie_len);
Crash here.
2758 }
2759
regards,
dan carpenter
More information about the ath12k
mailing list