wifi: mt76: mt7915: check return value before accessing free_block_num

[ Upstream commit 59b27a7d472f100ac8998e15a63c47a03cced12a ]

Check return value of mt7915_mcu_get_eeprom_free_block() first before
accessing free_block_num.

Fixes: bbc1d4154ec1 ("mt76: mt7915: add default calibrated data support")
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c b/drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c
index 0bce0ce..f0ec000 100644 (file)
--- a/drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/eeprom.c
@@ -110,18 +110,23 @@ static int mt7915_eeprom_load(struct mt7915_dev *dev)
        } else {
                u8 free_block_num;
                u32 block_num, i;
+               u32 eeprom_blk_size = MT7915_EEPROM_BLOCK_SIZE;
 
-               mt7915_mcu_get_eeprom_free_block(dev, &free_block_num);
-               /* efuse info not enough */
+               ret = mt7915_mcu_get_eeprom_free_block(dev, &free_block_num);
+               if (ret < 0)
+                       return ret;
+
+               /* efuse info isn't enough */
                if (free_block_num >= 29)
                        return -EINVAL;
 
                /* read eeprom data from efuse */
-               block_num = DIV_ROUND_UP(eeprom_size,
-                                        MT7915_EEPROM_BLOCK_SIZE);
-               for (i = 0; i < block_num; i++)
-                       mt7915_mcu_get_eeprom(dev,
-                                             i * MT7915_EEPROM_BLOCK_SIZE);
+               block_num = DIV_ROUND_UP(eeprom_size, eeprom_blk_size);
+               for (i = 0; i < block_num; i++) {
+                       ret = mt7915_mcu_get_eeprom(dev, i * eeprom_blk_size);
+                       if (ret < 0)
+                               return ret;
+               }
        }
 
        return mt7915_check_eeprom(dev);

diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
index 8d297e4..c4843f4 100644 (file)
--- a/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
@@ -2743,8 +2743,9 @@ int mt7915_mcu_get_eeprom(struct mt7915_dev *dev, u32 offset)
        int ret;
        u8 *buf;
 
-       ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_QUERY(EFUSE_ACCESS), &req,
-                               sizeof(req), true, &skb);
+       ret = mt76_mcu_send_and_get_msg(&dev->mt76,
+                                       MCU_EXT_QUERY(EFUSE_ACCESS),
+                                       &req, sizeof(req), true, &skb);
        if (ret)
                return ret;
 
@@ -2769,8 +2770,9 @@ int mt7915_mcu_get_eeprom_free_block(struct mt7915_dev *dev, u8 *block_num)
        struct sk_buff *skb;
        int ret;
 
-       ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_QUERY(EFUSE_FREE_BLOCK), &req,
-                                       sizeof(req), true, &skb);
+       ret = mt76_mcu_send_and_get_msg(&dev->mt76,
+                                       MCU_EXT_QUERY(EFUSE_FREE_BLOCK),
+                                       &req, sizeof(req), true, &skb);
        if (ret)
                return ret;