[PATCH v2] staging: wfx: check the return value of devm_kmalloc()

From: xkernel . wang
Date: Wed Feb 16 2022 - 07:26:58 EST

Next message: Michael Walle: "[PATCH] pinctrl: ocelot: fix duplicate debugfs entry"
Previous message: Rafael J. Wysocki: "Re: [PATCH v6 00/21] Introduce power-off+restart call chain API"
Next in thread: Greg KH: "Re: [PATCH v2] staging: wfx: check the return value of devm_kmalloc()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Xiaoke Wang <xkernel.wang@xxxxxxxxxxx>

devm_kmalloc() returns a pointer to allocated memory on success, NULL
on failure. While there is a memory allocation of devm_kmalloc()
without proper check. It is better to check the return value of it to
prevent wrong memory access.
By the way, all the error handlers of this function return without
calling ieee80211_free_hw(hw), which may result in memory leak. So I
add one err label to unify the error handler.

Suggested-by: Jérôme Pouiller <jerome.pouiller@xxxxxxxxxx>
Signed-off-by: Xiaoke Wang <xkernel.wang@xxxxxxxxxxx>
---
Changelog
v1->v2: add ieee80211_free_hw(hw) on error path.
drivers/staging/wfx/main.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/drivers/staging/wfx/main.c b/drivers/staging/wfx/main.c
index 4b9fdf9..5d4fcc3 100644
--- a/drivers/staging/wfx/main.c
+++ b/drivers/staging/wfx/main.c
@@ -294,6 +294,9 @@ struct wfx_dev *wfx_init_common(struct device *dev,
hw->wiphy->n_iface_combinations = ARRAY_SIZE(wfx_iface_combinations);
hw->wiphy->iface_combinations = wfx_iface_combinations;
hw->wiphy->bands[NL80211_BAND_2GHZ] = devm_kmalloc(dev, sizeof(wfx_band_2ghz), GFP_KERNEL);
+ if (!hw->wiphy->bands[NL80211_BAND_2GHZ])
+ goto err;
+
// FIXME: also copy wfx_rates and wfx_2ghz_chantable
memcpy(hw->wiphy->bands[NL80211_BAND_2GHZ], &wfx_band_2ghz,
sizeof(wfx_band_2ghz));
@@ -309,7 +312,8 @@ struct wfx_dev *wfx_init_common(struct device *dev,
wdev->pdata.gpio_wakeup = devm_gpiod_get_optional(dev, "wakeup",
GPIOD_OUT_LOW);
if (IS_ERR(wdev->pdata.gpio_wakeup))
- return NULL;
+ goto err;
+
if (wdev->pdata.gpio_wakeup)
gpiod_set_consumer_name(wdev->pdata.gpio_wakeup, "wfx wakeup");

@@ -325,9 +329,13 @@ struct wfx_dev *wfx_init_common(struct device *dev,
wdev->force_ps_timeout = -1;

if (devm_add_action_or_reset(dev, wfx_free_common, wdev))
- return NULL;
+ goto err;

return wdev;
+
+err:
+ ieee80211_free_hw(hw);
+ return NULL;
}

int wfx_probe(struct wfx_dev *wdev)
--

Next message: Michael Walle: "[PATCH] pinctrl: ocelot: fix duplicate debugfs entry"
Previous message: Rafael J. Wysocki: "Re: [PATCH v6 00/21] Introduce power-off+restart call chain API"
Next in thread: Greg KH: "Re: [PATCH v2] staging: wfx: check the return value of devm_kmalloc()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]