usb: gadget: configfs: remove using list iterator after loop body as a ptr

If the list does not contain the expected element, the value of
list_for_each_entry() iterator will not point to a valid structure.
To avoid type confusion in such case, the list iterator
scope will be limited to list_for_each_entry() loop.

In preparation to limiting scope of a list iterator to the list traversal
loop, use a dedicated pointer to point to the found element [1].
Determining if an element was found is then simply checking if
the pointer is != NULL instead of using the potentially bogus pointer.

Link: https://lore.kernel.org/all/YhdfEIwI4EdtHdym@kroah.com/
Signed-off-by: Jakob Koschel <jakobkoschel@gmail.com>
Link: https://lore.kernel.org/r/20220308171818.384491-18-jakobkoschel@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/usb/gadget/configfs.c b/drivers/usb/gadget/configfs.c
index d4a678c..1fb837d 100644 (file)
--- a/drivers/usb/gadget/configfs.c
+++ b/drivers/usb/gadget/configfs.c
@@ -418,7 +418,7 @@ static int config_usb_cfg_link(
 
        struct usb_function_instance *fi =
                        to_usb_function_instance(usb_func_ci);
-       struct usb_function_instance *a_fi;
+       struct usb_function_instance *a_fi = NULL, *iter;
        struct usb_function *f;
        int ret;
 
@@ -428,11 +428,13 @@ static int config_usb_cfg_link(
         * from another gadget or a random directory.
         * Also a function instance can only be linked once.
         */
-       list_for_each_entry(a_fi, &gi->available_func, cfs_list) {
-               if (a_fi == fi)
-                       break;
+       list_for_each_entry(iter, &gi->available_func, cfs_list) {
+               if (iter != fi)
+                       continue;
+               a_fi = iter;
+               break;
        }
-       if (a_fi != fi) {
+       if (!a_fi) {
                ret = -EINVAL;
                goto out;
        }
@@ -882,15 +884,17 @@ static int os_desc_link(struct config_item *os_desc_ci,
        struct gadget_info *gi = os_desc_item_to_gadget_info(os_desc_ci);
        struct usb_composite_dev *cdev = &gi->cdev;
        struct config_usb_cfg *c_target = to_config_usb_cfg(usb_cfg_ci);
-       struct usb_configuration *c;
+       struct usb_configuration *c = NULL, *iter;
        int ret;
 
        mutex_lock(&gi->lock);
-       list_for_each_entry(c, &cdev->configs, list) {
-               if (c == &c_target->c)
-                       break;
+       list_for_each_entry(iter, &cdev->configs, list) {
+               if (iter != &c_target->c)
+                       continue;
+               c = iter;
+               break;
        }
-       if (c != &c_target->c) {
+       if (!c) {
                ret = -EINVAL;
                goto out;
        }