[wireless,1/2] ath: dfs_pattern_detector: Fix a memory initialization issue

If an error occurs and channel_detector_exit() is called, it relies on
entries of the 'detectors' array to be NULL.
Otherwise, it may access to un-initialized memory.

Fix it and initialize the memory, as what was done before the commit in
Fixes.

Fixes: a063b650ce5d ("ath: dfs_pattern_detector: Avoid open coded arithmetic in memory allocation")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
---
Patch #1/2 is a fix, for for wireless.
Patch #2/2 is for wireless-next I guess, but depnds on #1

Not sure if we can mix different target in the same serie. Let me know.

BTW, sorry for messing up things with a063b650ce5d :(
---
 drivers/net/wireless/ath/dfs_pattern_detector.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

On 9/23/2023 11:57 PM, Christophe JAILLET wrote:
> If an error occurs and channel_detector_exit() is called, it relies on
> entries of the 'detectors' array to be NULL.
> Otherwise, it may access to un-initialized memory.
> 
> Fix it and initialize the memory, as what was done before the commit in
> Fixes.
> 
> Fixes: a063b650ce5d ("ath: dfs_pattern_detector: Avoid open coded arithmetic in memory allocation")
> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> ---
> Patch #1/2 is a fix, for for wireless.
> Patch #2/2 is for wireless-next I guess, but depnds on #1
> 
> Not sure if we can mix different target in the same serie. Let me know.
> 
> BTW, sorry for messing up things with a063b650ce5d :(
> ---
>   drivers/net/wireless/ath/dfs_pattern_detector.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/net/wireless/ath/dfs_pattern_detector.c b/drivers/net/wireless/ath/dfs_pattern_detector.c
> index 27f4d74a41c8..2788a1b06c17 100644
> --- a/drivers/net/wireless/ath/dfs_pattern_detector.c
> +++ b/drivers/net/wireless/ath/dfs_pattern_detector.c
> @@ -206,7 +206,7 @@ channel_detector_create(struct dfs_pattern_detector *dpd, u16 freq)
>   
>   	INIT_LIST_HEAD(&cd->head);
>   	cd->freq = freq;
> -	cd->detectors = kmalloc_array(dpd->num_radar_types,
> +	cd->detectors = kcalloc(dpd->num_radar_types,
>   				      sizeof(*cd->detectors), GFP_ATOMIC);

nit: align descendant on (

>   	if (cd->detectors == NULL)
>   		goto fail;

Le 25/09/2023 à 20:46, Jeff Johnson a écrit :
> On 9/23/2023 11:57 PM, Christophe JAILLET wrote:
>> If an error occurs and channel_detector_exit() is called, it relies on
>> entries of the 'detectors' array to be NULL.
>> Otherwise, it may access to un-initialized memory.
>>
>> Fix it and initialize the memory, as what was done before the commit in
>> Fixes.
>>
>> Fixes: a063b650ce5d ("ath: dfs_pattern_detector: Avoid open coded 
>> arithmetic in memory allocation")
>> Signed-off-by: Christophe JAILLET 
>> <christophe.jaillet-39ZsbGIQGT5GWvitb5QawA@public.gmane.org>
>> ---
>> Patch #1/2 is a fix, for for wireless.
>> Patch #2/2 is for wireless-next I guess, but depnds on #1
>>
>> Not sure if we can mix different target in the same serie. Let me know.
>>
>> BTW, sorry for messing up things with a063b650ce5d :(
>> ---
>>   drivers/net/wireless/ath/dfs_pattern_detector.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/net/wireless/ath/dfs_pattern_detector.c 
>> b/drivers/net/wireless/ath/dfs_pattern_detector.c
>> index 27f4d74a41c8..2788a1b06c17 100644
>> --- a/drivers/net/wireless/ath/dfs_pattern_detector.c
>> +++ b/drivers/net/wireless/ath/dfs_pattern_detector.c
>> @@ -206,7 +206,7 @@ channel_detector_create(struct 
>> dfs_pattern_detector *dpd, u16 freq)
>>       INIT_LIST_HEAD(&cd->head);
>>       cd->freq = freq;
>> -    cd->detectors = kmalloc_array(dpd->num_radar_types,
>> +    cd->detectors = kcalloc(dpd->num_radar_types,
>>                         sizeof(*cd->detectors), GFP_ATOMIC);
> 
> nit: align descendant on (

Agreed, but as the code is removed in patch 2/2, I thought that having a 
smaller diff was a better option.

Let me know if I should resend the serie.

CJ

> 
>>       if (cd->detectors == NULL)
>>           goto fail;
> 
>

On 9/25/2023 1:54 PM, Christophe JAILLET wrote:
> Le 25/09/2023 à 20:46, Jeff Johnson a écrit :
>> On 9/23/2023 11:57 PM, Christophe JAILLET wrote:
>>> -    cd->detectors = kmalloc_array(dpd->num_radar_types,
>>> +    cd->detectors = kcalloc(dpd->num_radar_types,
>>>                         sizeof(*cd->detectors), GFP_ATOMIC);
>>
>> nit: align descendant on (
> 
> Agreed, but as the code is removed in patch 2/2, I thought that having a 
> smaller diff was a better option.
> 
> Let me know if I should resend the serie.

nevermind, don't bother

On 9/23/2023 11:57 PM, Christophe JAILLET wrote:
> If an error occurs and channel_detector_exit() is called, it relies on
> entries of the 'detectors' array to be NULL.
> Otherwise, it may access to un-initialized memory.
> 
> Fix it and initialize the memory, as what was done before the commit in
> Fixes.
> 
> Fixes: a063b650ce5d ("ath: dfs_pattern_detector: Avoid open coded arithmetic in memory allocation")
> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>

Reviewed-by: Jeff Johnson <quic_jjohnson@quicinc.com>

Christophe JAILLET <christophe.jaillet@wanadoo.fr> wrote:

> If an error occurs and channel_detector_exit() is called, it relies on
> entries of the 'detectors' array to be NULL.
> Otherwise, it may access to un-initialized memory.
> 
> Fix it and initialize the memory, as what was done before the commit in
> Fixes.
> 
> Fixes: a063b650ce5d ("ath: dfs_pattern_detector: Avoid open coded arithmetic in memory allocation")
> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
> Reviewed-by: Jeff Johnson <quic_jjohnson@quicinc.com>
> Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>

2 patches applied to ath-next branch of ath.git, thanks.

79bd60ee87e1 wifi: ath: dfs_pattern_detector: Fix a memory initialization issue
27e154abf694 wifi: ath: dfs_pattern_detector: Use flex array to simplify code