wifi: mt76: mt7996: check return value before accessing free_block_num (783ef7da) · Commits · git / linux-nf

drivers/net/wireless/mediatek/mt76/mt7996/eeprom.c

+12 −6

Original line number	Diff line number	Diff line
		@@ -65,17 +65,23 @@ static int mt7996_eeprom_load(struct mt7996_dev *dev)
		} else {
		u8 free_block_num;
		u32 block_num, i;
		u32 eeprom_blk_size = MT7996_EEPROM_BLOCK_SIZE;

		/* TODO: check free block event */
		mt7996_mcu_get_eeprom_free_block(dev, &free_block_num);
		/* efuse info not enough */
		ret = mt7996_mcu_get_eeprom_free_block(dev, &free_block_num);
		if (ret < 0)
		return ret;

		/* efuse info isn't enough */
		if (free_block_num >= 59)
		return -EINVAL;

		/* read eeprom data from efuse */
		block_num = DIV_ROUND_UP(MT7996_EEPROM_SIZE, MT7996_EEPROM_BLOCK_SIZE);
		for (i = 0; i < block_num; i++)
		mt7996_mcu_get_eeprom(dev, i * MT7996_EEPROM_BLOCK_SIZE);
		block_num = DIV_ROUND_UP(MT7996_EEPROM_SIZE, eeprom_blk_size);
		for (i = 0; i < block_num; i++) {
		ret = mt7996_mcu_get_eeprom(dev, i * eeprom_blk_size);
		if (ret < 0)
		return ret;
		}
		}

		return mt7996_check_eeprom(dev);

+3 −2

Original line number	Diff line number	Diff line
		@@ -2927,8 +2927,9 @@ int mt7996_mcu_get_eeprom(struct mt7996_dev *dev, u32 offset)
		bool valid;
		int ret;

		ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_WM_UNI_CMD_QUERY(EFUSE_CTRL), &req,
		sizeof(req), true, &skb);
		ret = mt76_mcu_send_and_get_msg(&dev->mt76,
		MCU_WM_UNI_CMD_QUERY(EFUSE_CTRL),
		&req, sizeof(req), true, &skb);
		if (ret)
		return ret;