From: Xiaoke Wang <xkernel.wang@xxxxxxxxxxx> devm_kmalloc() returns a pointer to allocated memory on success, NULL on failure. While there is a memory allocation of devm_kmalloc() without proper check. It is better to check the return value of it to prevent wrong memory access. By the way, all the error handlers of this function return without calling ieee80211_free_hw(hw), which may result in memory leak. So I add one err label to unify the error handler. Suggested-by: Jérôme Pouiller <jerome.pouiller@xxxxxxxxxx> Signed-off-by: Xiaoke Wang <xkernel.wang@xxxxxxxxxxx> --- Changelog v1->v2: add ieee80211_free_hw(hw) on error path. drivers/staging/wfx/main.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/drivers/staging/wfx/main.c b/drivers/staging/wfx/main.c index 4b9fdf9..5d4fcc3 100644 --- a/drivers/staging/wfx/main.c +++ b/drivers/staging/wfx/main.c @@ -294,6 +294,9 @@ struct wfx_dev *wfx_init_common(struct device *dev, hw->wiphy->n_iface_combinations = ARRAY_SIZE(wfx_iface_combinations); hw->wiphy->iface_combinations = wfx_iface_combinations; hw->wiphy->bands[NL80211_BAND_2GHZ] = devm_kmalloc(dev, sizeof(wfx_band_2ghz), GFP_KERNEL); + if (!hw->wiphy->bands[NL80211_BAND_2GHZ]) + goto err; + // FIXME: also copy wfx_rates and wfx_2ghz_chantable memcpy(hw->wiphy->bands[NL80211_BAND_2GHZ], &wfx_band_2ghz, sizeof(wfx_band_2ghz)); @@ -309,7 +312,8 @@ struct wfx_dev *wfx_init_common(struct device *dev, wdev->pdata.gpio_wakeup = devm_gpiod_get_optional(dev, "wakeup", GPIOD_OUT_LOW); if (IS_ERR(wdev->pdata.gpio_wakeup)) - return NULL; + goto err; + if (wdev->pdata.gpio_wakeup) gpiod_set_consumer_name(wdev->pdata.gpio_wakeup, "wfx wakeup"); @@ -325,9 +329,13 @@ struct wfx_dev *wfx_init_common(struct device *dev, wdev->force_ps_timeout = -1; if (devm_add_action_or_reset(dev, wfx_free_common, wdev)) - return NULL; + goto err; return wdev; + +err: + ieee80211_free_hw(hw); + return NULL; } int wfx_probe(struct wfx_dev *wdev) --
