From nobody Thu Dec 18 09:11:33 2025 Received: from mail-pj1-f42.google.com (mail-pj1-f42.google.com [209.85.216.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3898F30F939 for ; Wed, 3 Dec 2025 15:42:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.42 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764776522; cv=none; b=Cqwe4IZJu0uB/FwND2OGMQtBOkciuySwrCLOMVt7wp2/AGWrE3au+hEH6E+78s0oSWcnwExB5FCQMzPmyeBCAn7G+b1btWCXfEj2lPGaNvqq1m2/PwrvdYh4ppCAa9FLCBRkUsBIXWw3x/+lHwlo9kvnNJVup/GgpZ3T1+X3e7k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764776522; c=relaxed/simple; bh=hAqsnrCrvPDMdNs30u4o5b1kDn+bC2ncbZf0JyQnbe8=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:To:Cc; b=q2MrRta2FAQDYHyWxPcYAFbAyqbPs/tyOaPnGbVYn8WvjL/hlpG6Wv6oIfBCkrQaZjBAgPKQIg9qzDztT1YX3riaftEtTyHTEs4T1s5Cu5RJhVttXOq2G9wSw+ICQArwR3LzdWlJR7JcRjAGrVF/OFO0yq6APeXTd1RGb8hhVwU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ENdWrDi2; arc=none smtp.client-ip=209.85.216.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ENdWrDi2" Received: by mail-pj1-f42.google.com with SMTP id 98e67ed59e1d1-340c39ee02dso6109580a91.1 for ; Wed, 03 Dec 2025 07:42:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764776520; x=1765381320; darn=vger.kernel.org; h=cc:to:message-id:content-transfer-encoding:mime-version:subject :date:from:from:to:cc:subject:date:message-id:reply-to; bh=0O71B0+ZytGmg78nzlOLpDFk0Q5PkQuHuikjI5daKfI=; b=ENdWrDi2CK3OZlLdDx2jTjtCbQ2ynb9Xld/VM3a03ysJrAEvSzBkCOnAdEvIjJUWFQ nbrIhijTloayRawO0rj+8X5Rd8CYPdOkjjA4XcU59wTGsB5St4lKMYxYPO0P1gF2iimt cwThEWMQWC2YLCHSooDqOjqXS4HtLh7Yz3sfXW5ga585/Bu+OoaFxyvg/Do92qaT79NQ F6RiKGL7pQOT6DCKwFdqs76Zl+hk0UkvhSWuUvT73xZVLnKkhEygqsfO8qH8OS3uktBL GL8DdHA3nSpuKoE+o46aOTzfzsbS5PnSUHJRZnD2AvFlZk5a+nBdi7wcun8/WuQoS7x3 XI7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764776520; x=1765381320; h=cc:to:message-id:content-transfer-encoding:mime-version:subject :date:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=0O71B0+ZytGmg78nzlOLpDFk0Q5PkQuHuikjI5daKfI=; b=lZWKoLjG2RGE0f4OOWmiUbOtM+MnWt5Ale3EGNlpHGl9XqmrwiovLNArC2uN4780/b JXzNWuAsg9sPuNIxfkCZI4gvMWM0Ht6ja1UYWWQVmIrPPhefs+vBFRuIqDB/1+5IZM7C HGeyUP6xm1SdGbgZc4UE7BEw4KaHqIGdRTgtkReiAf1K0ZlwSu9LgSQ3imynLzjmqS/w D8WhcKYsdwQi6zXBQd8pgwcKe8RJVuy8hXBqnZ3xIjN1SaU2Itiq6BrEC+Gp7S/tz5J6 wwQKz+IUI9FxAtzHg16J2SqYh3MmnD8o2GhPsMiEOlXa+d2YjysCEYIs7MucaEYeGeDt 9m8g== X-Forwarded-Encrypted: i=1; AJvYcCVJbFfgzL495IdS9b8OZ8Xx+AhdsP+t9OKKOMIjgoaWUztr1CJhT5vxV3EphGD9n+BWfxXm/7Qfb3qQA3M=@vger.kernel.org X-Gm-Message-State: AOJu0Yyr4btLXSHtIvyCpiKBJKQjrmay4f0MllfWCYCumJXz+CJLTfC3 PMG+15HQXATHMIjEcPDtGCFZegpS6TkGqYeT/LDyTikfrqWnkKhHdWTI+gKv9Q== X-Gm-Gg: ASbGncsneMAzok/LzbbQ7g00EWRnTxGzF2hL+kbm3PKWcaqinz4K5MssOrafJuUr2wc unyBWmvO3I8R3L//tdkCPdfrDUZyZBv24GPf83H+WVJR9H5UK6+4LVJExOt58ofpz+HVUpiFxxW pfR1Rj0s1jgjpn+QfWGOZaec5EgDDV89XZB/K/Ri3eSQo07fnUwGhvUGC2ISIjqaQ/eOJNveI9x Le7UwKSOLt/1keCK7eif+0GG57eCLIGL+3mFkqe4A0MPWQZSI4ddQDF8FiZAAXkgeaCgSreY4Cd /iIOFqtGiVXQ9Q/rxpETF9c1jtkOUoi0U14BB8FPYdNzJ6NfsUoC34Zk7nIzSams8V31kqx6lUp 9Oge2H5mg9lLKIbPq6HqDxvVc57VsbCU6BjJkKjFbxyvpzO5o68oswuS2g16/VL3mly6cp4Xll+ SSEqlgpoZU X-Google-Smtp-Source: AGHT+IEIjabFKeYRWheKkFzPBkpGjwLB+9Eglpm14ogtBvVyA3LeNq5gYQEnE12Gw1OZLMhYxlxovQ== X-Received: by 2002:a17:90b:3b81:b0:340:f05a:3eca with SMTP id 98e67ed59e1d1-349126bc47fmr3083050a91.20.1764776519823; Wed, 03 Dec 2025 07:41:59 -0800 (PST) Received: from aheev.home ([106.215.171.188]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-34910e7af86sm3148580a91.9.2025.12.03.07.41.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Dec 2025 07:41:59 -0800 (PST) From: Ally Heev Date: Wed, 03 Dec 2025 21:11:55 +0530 Subject: [PATCH iwlwifi-next v6] wifi: iwlwifi: fix uninitialized pointers with free attribute Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251203-aheev-uninitialized-free-attr-wireless-v6-1-95716a6f0409@gmail.com> X-B4-Tracking: v=1; b=H4sIAEJaMGkC/5XOTW6DMBAF4KtEXtcVNv7tqveIsjD2OIxEoLIpp I24e11WVrqhy6c3+t48SIaEkMnb6UESLJhxGktQLyfiezdegWIomfCGS8YaSV0PsNDPEUec0Q3 4DYHGBEDdPCe6YoIBcqZdAK1E7MAwTwr2kSDifR86E1yHFSPSEe4zuZS2xzxP6Wv/YmH7zX8HF 0YZVd7IxglnJXfv15vD4dVPt31i4TWrD7P8l9Ui+hak1wae2bZiGTvMtoXlCoyxoQENf1hRsfw 4KwqrJW9tcNJYiM+srFlxmJWFbbqgglOWWy1rdtu2HxwCE1JGAgAA X-Change-ID: 20251105-aheev-uninitialized-free-attr-wireless-bde764fbe81c To: Miri Korenblit Cc: Krzysztof Kozlowski , Johannes Berg , linux-wireless@vger.kernel.org, linux-kernel@vger.kernel.org, Dan Carpenter , Ally Heev X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=3742; i=allyheev@gmail.com; h=from:subject:message-id; bh=hAqsnrCrvPDMdNs30u4o5b1kDn+bC2ncbZf0JyQnbe8=; b=owGbwMvMwCU2zXbRFfvr1TKMp9WSGDINolw0Jv+1jJl62YrT4uCXLfUzZ1ytCzu0cpb1eq2Km pCKK8+KOkpZGMS4GGTFFFkYRaX89DZJTYg7nPQNZg4rE8gQBi5OAZiIaRrD/zyuSzeFlF5bnagN 6tp5c/Vkow2fnwa5bTt0suor98QTR5YwMuyVWflu6bbJyqk8e7t8E1o0VV09ZRamHWhxnWqVVbB pLg8A X-Developer-Key: i=allyheev@gmail.com; a=openpgp; fpr=01151A4E2EB21A905EC362F6963DA2D43FD77B1C Uninitialized pointers with `__free` attribute can cause undefined behavior as the memory assigned randomly to the pointer is freed automatically when the pointer goes out of scope. It is better to initialize and assign pointers with `__free` attribute in one statement to ensure proper scope-based cleanup Reported-by: Dan Carpenter Closes: https://lore.kernel.org/all/aPiG_F5EBQUjZqsl@stanley.mountain/ Signed-off-by: Ally Heev Reviewed-by: Krzysztof Kozlowski --- Changes in v6: - RESEND. added Reviewed-by trailer - Link to v5: https://lore.kernel.org/r/20251124-aheev-uninitialized-free-a= ttr-wireless-v5-1-0bd6da692975@gmail.com Changes in v5: - merge declaration and allocation of `data` pointer - Link to v4: https://lore.kernel.org/r/20251121-aheev-uninitialized-free-a= ttr-wireless-v4-1-75239da589ef@gmail.com Changes in v4: - moved pointers declaration to where the allocation is - Link to v3: https://lore.kernel.org/r/20251111-aheev-uninitialized-free-a= ttr-wireless-v3-1-26e889d0e7ee@gmail.com Changes in v3: - fixed commit message to include iwlwifi - reverted unused variable removal. To be done in a different patch - Link to v2: https://lore.kernel.org/r/20251107-aheev-uninitialized-free-a= ttr-wireless-v2-1-674fc3e5c78e@gmail.com Changes in v2: - fixed style issues - ignore v1 of this patch - Link to v1: https://lore.kernel.org/r/20251105-aheev-uninitialized-free-a= ttr-wireless-v1-1-6c850a4a952a@gmail.com --- drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 7 ++++--- drivers/net/wireless/intel/iwlwifi/mld/d3.c | 6 +++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/drivers/net/wireless/intel/iwlwifi/fw/uefi.c b/drivers/net/wir= eless/intel/iwlwifi/fw/uefi.c index 4ae4d215e633e0d51194d818d479349e7c502201..a240fd2052bd1f029cbb59abe5e= df84c2227b397 100644 --- a/drivers/net/wireless/intel/iwlwifi/fw/uefi.c +++ b/drivers/net/wireless/intel/iwlwifi/fw/uefi.c @@ -818,11 +818,12 @@ int iwl_uefi_get_dsbr(struct iwl_fw_runtime *fwrt, u3= 2 *value) =20 int iwl_uefi_get_phy_filters(struct iwl_fw_runtime *fwrt) { - struct uefi_cnv_wpfc_data *data __free(kfree); struct iwl_phy_specific_cfg *filters =3D &fwrt->phy_filters; =20 - data =3D iwl_uefi_get_verified_variable(fwrt->trans, IWL_UEFI_WPFC_NAME, - "WPFC", sizeof(*data), NULL); + struct uefi_cnv_wpfc_data *data __free(kfree) =3D + iwl_uefi_get_verified_variable(fwrt->trans, IWL_UEFI_WPFC_NAME, + "WPFC", sizeof(*data), NULL); + if (IS_ERR(data)) return -EINVAL; =20 diff --git a/drivers/net/wireless/intel/iwlwifi/mld/d3.c b/drivers/net/wire= less/intel/iwlwifi/mld/d3.c index 1d4282a21f09e0f90a52dc02c8287ecc0e0fafe1..e4e4f35b762a445a98df1c725e0= 53fb9bd07affc 100644 --- a/drivers/net/wireless/intel/iwlwifi/mld/d3.c +++ b/drivers/net/wireless/intel/iwlwifi/mld/d3.c @@ -1785,15 +1785,15 @@ iwl_mld_send_proto_offload(struct iwl_mld *mld, struct ieee80211_vif *vif, u8 ap_sta_id) { - struct iwl_proto_offload_cmd_v4 *cmd __free(kfree); struct iwl_host_cmd hcmd =3D { .id =3D PROT_OFFLOAD_CONFIG_CMD, .dataflags[0] =3D IWL_HCMD_DFL_NOCOPY, - .len[0] =3D sizeof(*cmd), + .len[0] =3D sizeof(struct iwl_proto_offload_cmd_v4), }; u32 enabled =3D 0; =20 - cmd =3D kzalloc(hcmd.len[0], GFP_KERNEL); + struct iwl_proto_offload_cmd_v4 *cmd __free(kfree) =3D + kzalloc(hcmd.len[0], GFP_KERNEL); =20 #if IS_ENABLED(CONFIG_IPV6) struct iwl_mld_vif *mld_vif =3D iwl_mld_vif_from_mac80211(vif); --- base-commit: c9cfc122f03711a5124b4aafab3211cf4d35a2ac change-id: 20251105-aheev-uninitialized-free-attr-wireless-bde764fbe81c Best regards, --=20 Ally Heev