Hello Hector Martin,
The patch 398ce273d6b1: "wifi: brcmfmac: cfg80211: Add support for
scan params v2" from Feb 14, 2023, leads to the following Smatch
static checker warning:
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:1459 brcmf_run_escan() error: potential null dereference 'params_v1'. (kzalloc returns null)
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:4319 brcmf_pmksa_v3_op() error: potential null dereference 'pmk_op'. (kzalloc returns null)
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
1451 params->version = cpu_to_le32(BRCMF_ESCAN_REQ_VERSION_V2);
1452
1453 if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_SCAN_V2)) {
1454 struct brcmf_escan_params_le *params_v1;
1455
1456 params_size -= BRCMF_SCAN_PARAMS_V2_FIXED_SIZE;
1457 params_size += BRCMF_SCAN_PARAMS_FIXED_SIZE;
1458 params_v1 = kzalloc(params_size, GFP_KERNEL);
kzalloc() needs a check for failure.
--> 1459 params_v1->version = cpu_to_le32(BRCMF_ESCAN_REQ_VERSION);
1460 brcmf_scan_params_v2_to_v1(¶ms->params_v2_le, ¶ms_v1->params_le);
1461 kfree(params);
1462 params = params_v1;
1463 }
1464
1465 params->action = cpu_to_le16(WL_ESCAN_ACTION_START);
1466 params->sync_id = cpu_to_le16(0x1234);
1467
1468 err = brcmf_fil_iovar_data_set(ifp, "escan", params, params_size);
1469 if (err) {
1470 if (err == -EBUSY)
1471 brcmf_dbg(INFO, "system busy : escan canceled\n");
1472 else
1473 bphy_err(drvr, "error (%d)\n", err);
1474 }
1475
1476 kfree(params);
1477 exit:
1478 return err;
1479 }
regards,
dan carpenter
