From nobody Tue Dec  2 01:28:36 2025
Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com
 [209.85.214.170])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id B108934C821
	for <linux-kernel@vger.kernel.org>; Fri, 21 Nov 2025 14:25:29 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.170
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1763735131; cv=none;
 b=AlE47EMXzNtZtSpRLNfpoWsfloi/isp+qcHNRLVQRFaZiGLNvIWV/JZxLunc1obSEUfXyZRBfRXpwH4NzD0jjO4ZzW8agz35SpI1cXyofN418NrGIoxWKxxoqBqoqeRZ9vi4ZbcfW/OvP1WuHJF5mX5ibK46ZLblmGyGlWhT2vg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1763735131; c=relaxed/simple;
	bh=PcdYriELTRxxqyi2zLlAXbiIhevRprgNoH3faDmYI40=;
	h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:To:Cc;
 b=qDriRVS7MptM0SEQiytDF1Zs2cjDvUXB57jvAmbQiMv0m8buOt0qrF7ZxVeEJbY7qs6dXcNDRf7nAvsNIf0FUpi1WataELh8JDhRcL5tpibl4izAqfUgGTFdOLGaPQVECxahoikJcPpM1UAnMcylfnzkDngDIuds7NRF6c3s5ek=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=doU7WSWL; arc=none smtp.client-ip=209.85.214.170
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="doU7WSWL"
Received: by mail-pl1-f170.google.com with SMTP id
 d9443c01a7336-298039e00c2so27613855ad.3
        for <linux-kernel@vger.kernel.org>;
 Fri, 21 Nov 2025 06:25:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1763735129; x=1764339929;
 darn=vger.kernel.org;
        h=cc:to:message-id:content-transfer-encoding:mime-version:subject
         :date:from:from:to:cc:subject:date:message-id:reply-to;
        bh=2o66V1W0VIii4WKZlNV89eF/qYtMTYUH+9PUIJHPFEE=;
        b=doU7WSWLE3dJxKTIUPCQv2e6uTk66lfrTfXbP8DACrjKXpddgUktkDT5qtW1Q9Lqn1
         W2l2KkBAJ7tXf0YuCVG8XEqbHxS6SwKj3+61msP+Zh1oe3OoXHIQIaTculAaRFnd+ryR
         tC9XLP5ZyVGS2RxwxzRhNq1bY/VLfMaP1jfxnmJuCanHGxR8fPg+LYTNaqgA/b+Lufk6
         LL2sd6ZJOeUlTon75k4/K5bg7demo/AJs1Z7K5Zk4JpJIdYR6LxC2zU7F5VUVKw0nxbr
         COTlWgpzkDoV5/CYJ2RnkV8DtxNw/0K18dw4JixvpDGOxwyIcj/pfDtRtxLZtZJp1lbu
         cvhA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1763735129; x=1764339929;
        h=cc:to:message-id:content-transfer-encoding:mime-version:subject
         :date:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=2o66V1W0VIii4WKZlNV89eF/qYtMTYUH+9PUIJHPFEE=;
        b=HjdgAPWlmGozlCDVJYdXWH5bfy+Pq3J/IpZ5dqDuf2pBYhO5h2p6xTWGugV/c7iLZc
         PqWBdXxSraQ5iovRpwxLXz3L5FtiX1WN6737u+/u8t6IqvtcYIsRnG6SaoZyO4jVP4wt
         I7IF2BgeVN30ieBgZJAhAn6Ec/570OhI2WviNmvKki7nIq2H+0Cc1gpu0KiDh76W5dA0
         rTi6inFzWUKappWYEg1LTtB96/DGdasT3RTD1JSJH3bab2t2tBRNjiREBCkhb1uhBiB6
         xMQhnOVwyApRsqg8+Zzt43qSngGDExYz01njXafBFN9Zrcw9QktTXr6MAHY0891ksFdP
         klDA==
X-Forwarded-Encrypted: i=1;
 AJvYcCWxl90GZngW5n94n4WLAyRy5zLu3sH9lItMwN8k06vwNBJgo7xhjZ8ORCU+dH0AEpfYcwGaRqxRbnuzTts=@vger.kernel.org
X-Gm-Message-State: AOJu0YwSY3bocCCJlnbrXZCoheJdx3quHHzffNUSB0k6A0vbHoDvmDbe
	uLMGpnXFxFa1T9m8PNfvyqX3qG211a7JHs7eTWY1Zlhwpc1zSYWJC+qW
X-Gm-Gg: ASbGncujsczVt7D6yobbUPgzcJwhT3G2p70vH8PZZdBYJf81a9p+vAOiU2Wd0Mtqtb2
	7D4Ed9NsfRlRD2ZCkJs0bMVar3mmJSMrD5SVGTqmL7svypmb8YTjfoxOVx7/JV5BtLrfKwGbP19
	wyn3xaIo2CVdsnrN2LrDfguWrg6cmbO08DR8fcuf6JdFWoePJOBtPsmP9QRWoU8s7x7co+iBvri
	QadH9yNjtfiPJPzrR6jgMA50AXKshRue+EhJrPycaTQhfWZqEq4Jw6GS50GmVpXXBKvIgLxMYZY
	1juOlDc6ILxY2yh7NNj5cxwHUOSeKqLQR8UzkHZYZ1tkteIwNNFdV6nbcXt5+gUCINtXiqIYWMP
	Gv4i4aTUSNOE2k5rQ+uXzWytAfVqk8ihKpm80WVBbLfwotNXHZmw+VFR1jrPdbRHOr+/H6wtnqL
	oNB2jhVO78HA==
X-Google-Smtp-Source: 
 AGHT+IHrikX+mOrHKT9vmVeCWGYlCMNxVDcD9cXQP3dYFw7N706EKc9U3floYgztSLCn04z/xkfXrg==
X-Received: by 2002:a17:903:947:b0:290:9332:eebd with SMTP id
 d9443c01a7336-29b6be8c682mr31943015ad.10.1763735128583;
        Fri, 21 Nov 2025 06:25:28 -0800 (PST)
Received: from aheev.home ([2401:4900:8fcd:4575:1ad3:3d1a:3314:cdd0])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-29b5b111016sm58167555ad.6.2025.11.21.06.25.25
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 21 Nov 2025 06:25:28 -0800 (PST)
From: Ally Heev <allyheev@gmail.com>
Date: Fri, 21 Nov 2025 19:55:13 +0530
Subject: [PATCH iwlwifi-next v4] wifi: iwlwifi: fix uninitialized pointers
 with free attribute
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: 
 <20251121-aheev-uninitialized-free-attr-wireless-v4-1-75239da589ef@gmail.com>
X-B4-Tracking: v=1; b=H4sIAEh2IGkC/5XOwW7DIBAE0F+JOJfKYGNIT/2PKgeCh3glB0dAc
 dLI/17qU9pTehzN6s3eWUIkJPa2u7OIQonmUEP3smNutOEETkPNTDZSCdEobkeg8M9AgTLZib4
 wcB8BbnOOfKGICSnx4wDdd/4IIxyr2CXC03Ub+mC0TAt54gHXzA61HSnlOd62L4rYbv47WAQXv
 HdGNbazeyXt++lsaXp183mbKPKR1U+z8ofVnXctlNMGf9n2gRXiabatrOxhzH5ooPGLXdf1G4T
 1peqYAQAA
X-Change-ID: 20251105-aheev-uninitialized-free-attr-wireless-bde764fbe81c
To: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Cc: Johannes Berg <johannes@sipsolutions.net>,
 linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org,
 Dan Carpenter <dan.carpenter@linaro.org>, Ally Heev <allyheev@gmail.com>
X-Mailer: b4 0.14.2
X-Developer-Signature: v=1; a=openpgp-sha256; l=3190; i=allyheev@gmail.com;
 h=from:subject:message-id; bh=PcdYriELTRxxqyi2zLlAXbiIhevRprgNoH3faDmYI40=;
 b=owGbwMvMwCU2zXbRFfvr1TKMp9WSGDIVyoK7vEV71EUrIv4tTHG4yHf17ctt0d/m6TfYsDDzm
 JjsnN7UUcrCIMbFICumyMIoKuWnt0lqQtzhpG8wc1iZQIYwcHEKwET++TEyXLYV8/icfv0W/xKH
 nz6fJ2kualJaqyu/kHOy/48JBoKXpRkZlvbs2j4zf5GKdYjbBa/NloEuATXRtp2t0ZwH9zA8NQv
 lBQA=
X-Developer-Key: i=allyheev@gmail.com; a=openpgp;
 fpr=01151A4E2EB21A905EC362F6963DA2D43FD77B1C

Uninitialized pointers with `__free` attribute can cause undefined
behavior as the memory assigned randomly to the pointer is freed
automatically when the pointer goes out of scope.

It is better to initialize and assign pointers with `__free` attribute
in one statement to ensure proper scope-based cleanup

Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/all/aPiG_F5EBQUjZqsl@stanley.mountain/
Signed-off-by: Ally Heev <allyheev@gmail.com>
---
Changes in v4:
- moved pointers declaration to where the allocation is
- Link to v3: https://lore.kernel.org/r/20251111-aheev-uninitialized-free-a=
ttr-wireless-v3-1-26e889d0e7ee@gmail.com

Changes in v3:
- fixed commit message to include iwlwifi
- reverted unused variable removal. To be done in a different patch
- Link to v2: https://lore.kernel.org/r/20251107-aheev-uninitialized-free-a=
ttr-wireless-v2-1-674fc3e5c78e@gmail.com

Changes in v2:
- fixed style issues
- ignore v1 of this patch
- Link to v1: https://lore.kernel.org/r/20251105-aheev-uninitialized-free-a=
ttr-wireless-v1-1-6c850a4a952a@gmail.com
---
 drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 2 +-
 drivers/net/wireless/intel/iwlwifi/mld/d3.c  | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/net/wireless/intel/iwlwifi/fw/uefi.c b/drivers/net/wir=
eless/intel/iwlwifi/fw/uefi.c
index 4ae4d215e633e0d51194d818d479349e7c502201..2fe5f744a81cf42e768cc409f1a=
f8823e204946f 100644
--- a/drivers/net/wireless/intel/iwlwifi/fw/uefi.c
+++ b/drivers/net/wireless/intel/iwlwifi/fw/uefi.c
@@ -818,9 +818,9 @@ int iwl_uefi_get_dsbr(struct iwl_fw_runtime *fwrt, u32 =
*value)
=20
 int iwl_uefi_get_phy_filters(struct iwl_fw_runtime *fwrt)
 {
-	struct uefi_cnv_wpfc_data *data __free(kfree);
 	struct iwl_phy_specific_cfg *filters =3D &fwrt->phy_filters;
=20
+	struct uefi_cnv_wpfc_data *data __free(kfree) =3D NULL;
 	data =3D iwl_uefi_get_verified_variable(fwrt->trans, IWL_UEFI_WPFC_NAME,
 					      "WPFC", sizeof(*data), NULL);
 	if (IS_ERR(data))
diff --git a/drivers/net/wireless/intel/iwlwifi/mld/d3.c b/drivers/net/wire=
less/intel/iwlwifi/mld/d3.c
index 1d4282a21f09e0f90a52dc02c8287ecc0e0fafe1..e4e4f35b762a445a98df1c725e0=
53fb9bd07affc 100644
--- a/drivers/net/wireless/intel/iwlwifi/mld/d3.c
+++ b/drivers/net/wireless/intel/iwlwifi/mld/d3.c
@@ -1785,15 +1785,15 @@ iwl_mld_send_proto_offload(struct iwl_mld *mld,
 			   struct ieee80211_vif *vif,
 			   u8 ap_sta_id)
 {
-	struct iwl_proto_offload_cmd_v4 *cmd __free(kfree);
 	struct iwl_host_cmd hcmd =3D {
 		.id =3D PROT_OFFLOAD_CONFIG_CMD,
 		.dataflags[0] =3D IWL_HCMD_DFL_NOCOPY,
-		.len[0] =3D sizeof(*cmd),
+		.len[0] =3D sizeof(struct iwl_proto_offload_cmd_v4),
 	};
 	u32 enabled =3D 0;
=20
-	cmd =3D kzalloc(hcmd.len[0], GFP_KERNEL);
+	struct iwl_proto_offload_cmd_v4 *cmd __free(kfree) =3D
+		kzalloc(hcmd.len[0], GFP_KERNEL);
=20
 #if IS_ENABLED(CONFIG_IPV6)
 	struct iwl_mld_vif *mld_vif =3D iwl_mld_vif_from_mac80211(vif);

---
base-commit: c9cfc122f03711a5124b4aafab3211cf4d35a2ac
change-id: 20251105-aheev-uninitialized-free-attr-wireless-bde764fbe81c

Best regards,
--=20
Ally Heev <allyheev@gmail.com>