[bug report] mt76: implement functions to get the response skb for MCU calls
Dan Carpenter
dan.carpenter at oracle.com
Fri Oct 8 06:00:07 PDT 2021
Hello Felix Fietkau,
The patch ae5ad6272d25: "mt76: implement functions to get the
response skb for MCU calls" from Sep 30, 2020, leads to the following
Smatch static checker warning:
drivers/net/wireless/mediatek/mt76/mt7921/mcu.c:1151 mt7921_mcu_get_eeprom()
error: potentially dereferencing uninitialized 'skb'.
drivers/net/wireless/mediatek/mt76/mt7921/mcu.c
1136 int mt7921_mcu_get_eeprom(struct mt7921_dev *dev, u32 offset)
1137 {
1138 struct mt7921_mcu_eeprom_info req = {
1139 .addr = cpu_to_le32(round_down(offset, 16)),
1140 };
1141 struct mt7921_mcu_eeprom_info *res;
1142 struct sk_buff *skb;
1143 int ret;
1144 u8 *buf;
1145
1146 ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_CMD_EFUSE_ACCESS, &req,
1147 sizeof(req), true, &skb);
If mt76_mcu_send_and_get_msg() calls the dev->mcu_ops->mcu_send_msg()
then "skb" is not initialized.
1148 if (ret)
1149 return ret;
1150
--> 1151 res = (struct mt7921_mcu_eeprom_info *)skb->data;
1152 buf = dev->mt76.eeprom.data + le32_to_cpu(res->addr);
1153 memcpy(buf, res->data, 16);
1154 dev_kfree_skb(skb);
1155
1156 return 0;
1157 }
regards,
dan carpenter
More information about the Linux-mediatek
mailing list