From nobody Tue Dec 2 00:46:32 2025 Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C956F2E719E for ; Mon, 24 Nov 2025 07:29:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763969354; cv=none; b=iPmGjSZD58UonMXm2ZTPzDr1pkJ+3es21Td24jKyjzPglpO3FBQv99x+jaZtsa+gw8k2F7YhephRQQ4z3kaYL13noy3d5W+NzB6jaE1d6qxga83SQ7zs7zXmj3Zp65EgwxCYDSjs3mCfqr8ZRH2KYRWYajjVACBAB31+DGLhB3E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763969354; c=relaxed/simple; bh=TMZv6DiI7YTlWL+GWS0yVxHiJdi4ZO3iSpTQ1QqARek=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:To:Cc; b=skoQnJc/ypMZPLdbNWDV+SRipA2d6StirIWkYXcpbUGivBocNVm+4Xy8jK6rMaxW0Pe1R9XEnrD9oZLxrJK4QjFnxGnjxGuXA3lrmv0BaInD66KZ+77gZebP4nEu/4i6lN0lUlJQuYNKi/EruTL69SuEzP03shzqiunzlMQOLcI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=mW3dn1H5; arc=none smtp.client-ip=209.85.214.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="mW3dn1H5" Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-2953ad5517dso48709595ad.0 for ; Sun, 23 Nov 2025 23:29:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763969352; x=1764574152; darn=vger.kernel.org; h=cc:to:message-id:content-transfer-encoding:mime-version:subject :date:from:from:to:cc:subject:date:message-id:reply-to; bh=lL8i4yd9K6cdAsLA9VXTIc7TLjAQjmeneyMWm+Rw4AI=; b=mW3dn1H5UNa+sohK/+O52NWz9p6Y8G4SzpcnJC4gRCvJU3d46LFhlXjDs4BMUjy/ux 9vI3CvJYMFprSqmjzuIhj5/ppy0MaVpYBHUU47Xsr0r9kTl0T4ulQYwCco5S1TbNaVsP RWoZKsaJUbUulMdOZTo3tskLzvhygW7eUzooKmxq3pqgXGD2fOtLbCxpdglAgPJXPg/0 AxXK4KPHYgP6NVUSNNwsIxcimGWxJjlKktWlF8xtZ3AIu27gIHHeBS8qVnvqd+X8Qa+4 Jl6YKnmQ5n9J3wgjOB1tFd1Zdi9HvQuK/Kc2/4t0RL736ByRrT7Hhr+6zPVHTSlKcUHb purw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763969352; x=1764574152; h=cc:to:message-id:content-transfer-encoding:mime-version:subject :date:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=lL8i4yd9K6cdAsLA9VXTIc7TLjAQjmeneyMWm+Rw4AI=; b=FEtI5WoSd+dOO7lf0alfU7bxwgqESZvmO1M8JztrNSY+6VKDll2eEf2qOfWDKDSbDT kbu7y5ReOjiH9KdIxdgkE6l9+g1CIZW4kT05DOkw8nV8y2seZf8yxTSIZQmxOIVFqYWv Vyuc4uvj2JthOxLdp/yPQkigjs94jIcfUpDWNZXiY8ZJYGR+IX5Y5We5Lux4+Es7mR3J IScT7DcA6usEQwA1VLZXjg8jx9jy51b0f/iYQUQ8+bckynxNaXTKNQztT+WP4ShGZ7sU qMNmaAt/cz3eS3WQtSEHui28YWaK73YYVMvLITtPEFj9d9c1MkLE+0UgVrdUQ4knBn3M kGnQ== X-Forwarded-Encrypted: i=1; AJvYcCUb02Ip5CEMcwEBXoUix93ecP1I/ks1TR4fADGIxED7KaVFhWIlYIlfkHh+58so649ZX42XRe93jL27AOY=@vger.kernel.org X-Gm-Message-State: AOJu0YzKzZkJ7nSaqUmo9yPCYrtd1HqA+qa4HCILHvjKTK+6sTxiAaTL ahcicIc+f8/7zbuu/Q8MZhVnHP9ffIDaVEbjGq8YzGckc/ub4k6gskgl X-Gm-Gg: ASbGncvH/p8QL1om09C/pKEt+nlky/naZQyP+9yPRvjAPyXHEitVxo9sKHPUS5KR/zK OMSuul9a29V1OOXDD8uZYd8vGoE1CEDdWk5tP0+qTDb3bblKH8oXqa67bqeIwhNDRIQLXYn0UXr QS4HBRMGdPS0kmuPA+GwL3YqnJcdQhMujg3BBjNN8/+ooY+BkiYiaUHWsHy0LZFZL3MKuHH73wo a1Qw165rf43XccJjhfv8XNstcmUO5jC2ivH/rqceCphXKsy1O3qDO7uxxJ92PC+y4q0+1vzwU7m irYDS0uvtTXgBB1nEfCmNKg1+1lwxL2yF9jvcpxMAwAAWOVJxEJ5NUBriI5W37BHvZ67ws1Tgz7 g3g25aPvE/ux/ufTynsnRZFHsyG3/MlyeiR24CgrZGJVRKeE8E6rzhcvjPzaWwRLleV71DmBXFh l8tuhRDpPG X-Google-Smtp-Source: AGHT+IH4F6FBvgyOceTbRcvv+S7rQX9Y/kHRwk75+mymO4QNY5NFT01pdhCppW7LNnQTS6sXJ1p/dg== X-Received: by 2002:a17:902:fc43:b0:28d:18fb:bb93 with SMTP id d9443c01a7336-29b6be9394amr122878955ad.7.1763969351969; Sun, 23 Nov 2025 23:29:11 -0800 (PST) Received: from aheev.home ([2401:4900:8fce:eb65:99e9:53c:32e6:4996]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29b5b13a870sm126138035ad.34.2025.11.23.23.29.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 23 Nov 2025 23:29:11 -0800 (PST) From: Ally Heev Date: Mon, 24 Nov 2025 12:59:05 +0530 Subject: [PATCH iwlwifi-next v5] wifi: iwlwifi: fix uninitialized pointers with free attribute Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251124-aheev-uninitialized-free-attr-wireless-v5-1-0bd6da692975@gmail.com> X-B4-Tracking: v=1; b=H4sIAEAJJGkC/5XOwW6EIBQF0F+ZsC6NIAh21f9oumDgMr7E0QlYn Xbiv5e6Mu3GLm/uy7nvwTISIbOX04MlzJRpHErQTyfmOzdcwCmUzGQltRCV5q4DZv4x0EATuZ6 +EHhMAHfTlPhCCT1y5ucA06h4hhWeFeyWEOm+Db0xWvqFIvEB94m9l7ajPI3pc/tiFtvNfwdnw QVvvNWVU67V0r1ero76Zz9et4lZ7llzmJU/rFHR19DeWPxm6x0rxGG2LqxsYG0bKhj8YdWOlcd ZVVijZd0Gp22LuGfXdf0GAgpHp+8BAAA= X-Change-ID: 20251105-aheev-uninitialized-free-attr-wireless-bde764fbe81c To: Miri Korenblit Cc: Krzysztof Kozlowski , Johannes Berg , linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org, Dan Carpenter , Ally Heev X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=3518; i=allyheev@gmail.com; h=from:subject:message-id; bh=TMZv6DiI7YTlWL+GWS0yVxHiJdi4ZO3iSpTQ1QqARek=; b=owGbwMvMwCU2zXbRFfvr1TKMp9WSGDJVOJ09TLy2/Yv8czhC9KjYRY/K055NcbZGjNcPRzHy9 tuX633qKGVhEONikBVTZGEUlfLT2yQ1Ie5w0jeYOaxMIEMYuDgFYCLl8YwM+76qND/8G3elpv3L 1bS0rcXxiUYVng+vybLJ77Au5Fz3gpFhHe8K+wWpa/MKbRoMgiatZbaqUfQNlik0qFs+zVFxjTc nAA== X-Developer-Key: i=allyheev@gmail.com; a=openpgp; fpr=01151A4E2EB21A905EC362F6963DA2D43FD77B1C Uninitialized pointers with `__free` attribute can cause undefined behavior as the memory assigned randomly to the pointer is freed automatically when the pointer goes out of scope. It is better to initialize and assign pointers with `__free` attribute in one statement to ensure proper scope-based cleanup Reported-by: Dan Carpenter Closes: https://lore.kernel.org/all/aPiG_F5EBQUjZqsl@stanley.mountain/ Signed-off-by: Ally Heev Reviewed-by: Krzysztof Kozlowski --- Changes in v5: - merge declaration and allocation of `data` pointer - Link to v4: https://lore.kernel.org/r/20251121-aheev-uninitialized-free-a= ttr-wireless-v4-1-75239da589ef@gmail.com Changes in v4: - moved pointers declaration to where the allocation is - Link to v3: https://lore.kernel.org/r/20251111-aheev-uninitialized-free-a= ttr-wireless-v3-1-26e889d0e7ee@gmail.com Changes in v3: - fixed commit message to include iwlwifi - reverted unused variable removal. To be done in a different patch - Link to v2: https://lore.kernel.org/r/20251107-aheev-uninitialized-free-a= ttr-wireless-v2-1-674fc3e5c78e@gmail.com Changes in v2: - fixed style issues - ignore v1 of this patch - Link to v1: https://lore.kernel.org/r/20251105-aheev-uninitialized-free-a= ttr-wireless-v1-1-6c850a4a952a@gmail.com --- drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 7 ++++--- drivers/net/wireless/intel/iwlwifi/mld/d3.c | 6 +++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/drivers/net/wireless/intel/iwlwifi/fw/uefi.c b/drivers/net/wir= eless/intel/iwlwifi/fw/uefi.c index 4ae4d215e633e0d51194d818d479349e7c502201..a240fd2052bd1f029cbb59abe5e= df84c2227b397 100644 --- a/drivers/net/wireless/intel/iwlwifi/fw/uefi.c +++ b/drivers/net/wireless/intel/iwlwifi/fw/uefi.c @@ -818,11 +818,12 @@ int iwl_uefi_get_dsbr(struct iwl_fw_runtime *fwrt, u3= 2 *value) =20 int iwl_uefi_get_phy_filters(struct iwl_fw_runtime *fwrt) { - struct uefi_cnv_wpfc_data *data __free(kfree); struct iwl_phy_specific_cfg *filters =3D &fwrt->phy_filters; =20 - data =3D iwl_uefi_get_verified_variable(fwrt->trans, IWL_UEFI_WPFC_NAME, - "WPFC", sizeof(*data), NULL); + struct uefi_cnv_wpfc_data *data __free(kfree) =3D + iwl_uefi_get_verified_variable(fwrt->trans, IWL_UEFI_WPFC_NAME, + "WPFC", sizeof(*data), NULL); + if (IS_ERR(data)) return -EINVAL; =20 diff --git a/drivers/net/wireless/intel/iwlwifi/mld/d3.c b/drivers/net/wire= less/intel/iwlwifi/mld/d3.c index 1d4282a21f09e0f90a52dc02c8287ecc0e0fafe1..e4e4f35b762a445a98df1c725e0= 53fb9bd07affc 100644 --- a/drivers/net/wireless/intel/iwlwifi/mld/d3.c +++ b/drivers/net/wireless/intel/iwlwifi/mld/d3.c @@ -1785,15 +1785,15 @@ iwl_mld_send_proto_offload(struct iwl_mld *mld, struct ieee80211_vif *vif, u8 ap_sta_id) { - struct iwl_proto_offload_cmd_v4 *cmd __free(kfree); struct iwl_host_cmd hcmd =3D { .id =3D PROT_OFFLOAD_CONFIG_CMD, .dataflags[0] =3D IWL_HCMD_DFL_NOCOPY, - .len[0] =3D sizeof(*cmd), + .len[0] =3D sizeof(struct iwl_proto_offload_cmd_v4), }; u32 enabled =3D 0; =20 - cmd =3D kzalloc(hcmd.len[0], GFP_KERNEL); + struct iwl_proto_offload_cmd_v4 *cmd __free(kfree) =3D + kzalloc(hcmd.len[0], GFP_KERNEL); =20 #if IS_ENABLED(CONFIG_IPV6) struct iwl_mld_vif *mld_vif =3D iwl_mld_vif_from_mac80211(vif); --- base-commit: c9cfc122f03711a5124b4aafab3211cf4d35a2ac change-id: 20251105-aheev-uninitialized-free-attr-wireless-bde764fbe81c Best regards, --=20 Ally Heev