| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <DM3PPF63A6024A9B5D5C1983918C785DA13A3CEA@DM3PPF63A6024A9.namprd11.prod.outlook.com>
Date: Mon, 10 Nov 2025 13:17:10 +0000
From: "Korenblit, Miriam Rachel" <miriam.rachel.korenblit@...el.com>
To: Ally Heev <allyheev@...il.com>
CC: Johannes Berg <johannes@...solutions.net>,
"linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Dan Carpenter
<dan.carpenter@...aro.org>
Subject: RE: [PATCH v2] net: wireless: fix uninitialized pointers with free
attribute
> Subject: [PATCH v2] net: wireless: fix uninitialized pointers with free attribute
Please send iwlwifi patches to either iwlwifi-next or iwlwifi-fixes ([PATCH iwlwifi-next] wifi: iwlwifi: blah blah )
In your case it is not really fixing any bug, since we never return from the functions without initializing the pointers.
>
> Uninitialized pointers with `__free` attribute can cause undefined behavior as the
> memory assigned randomly to the pointer is freed automatically when the pointer
> goes out of scope.
>
> It is better to initialize and assign pointers with `__free` attribute in one statement
> to ensure proper scope-based cleanup
>
> Reported-by: Dan Carpenter <dan.carpenter@...aro.org>
> Closes: https://lore.kernel.org/all/aPiG_F5EBQUjZqsl@stanley.mountain/
> Signed-off-by: Ally Heev <allyheev@...il.com>
> ---
> Changes in v2:
> - fixed style issues
> - ignore v1 of this patch
> - Link to v1: https://lore.kernel.org/r/20251105-aheev-uninitialized-free-attr-
> wireless-v1-1-6c850a4a952a@...il.com
> ---
> drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 2 +-
> drivers/net/wireless/intel/iwlwifi/mld/d3.c | 4 +---
> 2 files changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/net/wireless/intel/iwlwifi/fw/uefi.c
> b/drivers/net/wireless/intel/iwlwifi/fw/uefi.c
> index
> 4ae4d215e633e0d51194d818d479349e7c502201..c31a1187f53a79aeb0837f062
> 50410eec4e7ea6d 100644
> --- a/drivers/net/wireless/intel/iwlwifi/fw/uefi.c
> +++ b/drivers/net/wireless/intel/iwlwifi/fw/uefi.c
> @@ -818,8 +818,8 @@ int iwl_uefi_get_dsbr(struct iwl_fw_runtime *fwrt, u32
> *value)
>
> int iwl_uefi_get_phy_filters(struct iwl_fw_runtime *fwrt) {
> - struct uefi_cnv_wpfc_data *data __free(kfree);
> struct iwl_phy_specific_cfg *filters = &fwrt->phy_filters;
> + struct uefi_cnv_wpfc_data *data __free(kfree) = NULL;
>
> data = iwl_uefi_get_verified_variable(fwrt->trans,
> IWL_UEFI_WPFC_NAME,
> "WPFC", sizeof(*data), NULL); diff --
> git a/drivers/net/wireless/intel/iwlwifi/mld/d3.c
> b/drivers/net/wireless/intel/iwlwifi/mld/d3.c
> index
> 1d4282a21f09e0f90a52dc02c8287ecc0e0fafe1..d3a03940b0a2c6a4b0107266cd
> 2fc11ec9745e47 100644
> --- a/drivers/net/wireless/intel/iwlwifi/mld/d3.c
> +++ b/drivers/net/wireless/intel/iwlwifi/mld/d3.c
> @@ -996,8 +996,6 @@ static void iwl_mld_mlo_rekey(struct iwl_mld *mld,
> struct iwl_mld_wowlan_status *wowlan_status,
> struct ieee80211_vif *vif)
> {
> - struct iwl_mld_old_mlo_keys *old_keys __free(kfree) = NULL;
This removes an unused variable. Please do that in a separate patch
> -
> IWL_DEBUG_WOWLAN(mld, "Num of MLO Keys: %d\n", wowlan_status-
> >num_mlo_keys);
>
> if (!wowlan_status->num_mlo_keys)
> @@ -1785,7 +1783,7 @@ iwl_mld_send_proto_offload(struct iwl_mld *mld,
> struct ieee80211_vif *vif,
> u8 ap_sta_id)
> {
> - struct iwl_proto_offload_cmd_v4 *cmd __free(kfree);
> + struct iwl_proto_offload_cmd_v4 *cmd __free(kfree) = NULL;
> struct iwl_host_cmd hcmd = {
> .id = PROT_OFFLOAD_CONFIG_CMD,
> .dataflags[0] = IWL_HCMD_DFL_NOCOPY,
>
> ---
> base-commit: c9cfc122f03711a5124b4aafab3211cf4d35a2ac
> change-id: 20251105-aheev-uninitialized-free-attr-wireless-bde764fbe81c
>
> Best regards,
> --
> Ally Heev <allyheev@...il.com>
Powered by blists - more mailing lists