| Message ID | f7c17a7f-f173-43bf-bc39-316b8adde349@stanley.mountain (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Johannes Berg |
| Headers | show |
| Series | [next] wifi: iwlwifi: Fix uninitialized variable with __free() | expand |
| Context | Check | Description |
|---|---|---|
| wifibot/tree_selection | success | Guessing tree name failed - patch did not apply |
> -----Original Message----- > From: Dan Carpenter <dan.carpenter@linaro.org> > Sent: Wednesday, 12 March 2025 10:32 > To: Korenblit, Miriam Rachel <miriam.rachel.korenblit@intel.com> > Cc: Berg, Johannes <johannes.berg@intel.com>; Anjaneyulu, Pagadala Yesu > <pagadala.yesu.anjaneyulu@intel.com>; Grumbach, Emmanuel > <emmanuel.grumbach@intel.com>; Stern, Avraham > <avraham.stern@intel.com>; Ben Shimol, Yedidya > <yedidya.ben.shimol@intel.com>; Gabay, Daniel <daniel.gabay@intel.com>; > linux-wireless@vger.kernel.org; linux-kernel@vger.kernel.org; kernel- > janitors@vger.kernel.org > Subject: [PATCH next] wifi: iwlwifi: Fix uninitialized variable with __free() > > Pointers declared with the __free(kfree) attribute need to be initialized because > they will be passed to kfree() on every return path. There are two return > statement before the "cmd" pointer is initialized so this leads to an uninitialized > variable bug. > > Fixes: d1e879ec600f ("wifi: iwlwifi: add iwlmld sub-driver") > Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> > --- > drivers/net/wireless/intel/iwlwifi/mld/debugfs.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/net/wireless/intel/iwlwifi/mld/debugfs.c > b/drivers/net/wireless/intel/iwlwifi/mld/debugfs.c > index c759c5c68dc0..1d4b2ad5d388 100644 > --- a/drivers/net/wireless/intel/iwlwifi/mld/debugfs.c > +++ b/drivers/net/wireless/intel/iwlwifi/mld/debugfs.c > @@ -556,8 +556,8 @@ iwl_dbgfs_vif_twt_setup_write(struct iwl_mld *mld, char > *buf, size_t count, > }; > struct ieee80211_vif *vif = data; > struct iwl_mld_vif *mld_vif = iwl_mld_vif_from_mac80211(vif); > + struct iwl_dhc_cmd *cmd __free(kfree) = NULL; > struct iwl_dhc_twt_operation *dhc_twt_cmd; > - struct iwl_dhc_cmd *cmd __free(kfree); > u64 target_wake_time; > u32 twt_operation, interval_exp, interval_mantissa, min_wake_duration; > u8 trigger, flow_type, flow_id, protection, tenth_param; > -- > 2.47.2 Acked-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
diff --git a/drivers/net/wireless/intel/iwlwifi/mld/debugfs.c b/drivers/net/wireless/intel/iwlwifi/mld/debugfs.c index c759c5c68dc0..1d4b2ad5d388 100644 --- a/drivers/net/wireless/intel/iwlwifi/mld/debugfs.c +++ b/drivers/net/wireless/intel/iwlwifi/mld/debugfs.c @@ -556,8 +556,8 @@ iwl_dbgfs_vif_twt_setup_write(struct iwl_mld *mld, char *buf, size_t count, }; struct ieee80211_vif *vif = data; struct iwl_mld_vif *mld_vif = iwl_mld_vif_from_mac80211(vif); + struct iwl_dhc_cmd *cmd __free(kfree) = NULL; struct iwl_dhc_twt_operation *dhc_twt_cmd; - struct iwl_dhc_cmd *cmd __free(kfree); u64 target_wake_time; u32 twt_operation, interval_exp, interval_mantissa, min_wake_duration; u8 trigger, flow_type, flow_id, protection, tenth_param;
Pointers declared with the __free(kfree) attribute need to be initialized because they will be passed to kfree() on every return path. There are two return statement before the "cmd" pointer is initialized so this leads to an uninitialized variable bug. Fixes: d1e879ec600f ("wifi: iwlwifi: add iwlmld sub-driver") Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> --- drivers/net/wireless/intel/iwlwifi/mld/debugfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)