mei: avoid iterator usage outside of list_for_each_entry

commit c10187b1c5ebb8681ca467ab7b0ded5ea415d258 upstream.

Usage of the iterator outside of the list_for_each_entry
is considered harmful. https://lkml.org/lkml/2022/2/17/1032

Do not reference the loop variable outside of the loop,
by rearranging the orders of execution.
Instead of performing search loop and checking outside the loop
if the end of the list was hit and no matching element was found,
the execution is performed inside the loop upon a successful match
followed by a goto statement to the next step,
therefore no condition has to be performed after the loop has ended.

Cc: <stable@vger.kernel.org>
Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Link: https://lore.kernel.org/r/20220308095926.300412-1-tomas.winkler@intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/misc/mei/interrupt.c b/drivers/misc/mei/interrupt.c
index a67f4f2..0706322 100644 (file)
--- a/drivers/misc/mei/interrupt.c
+++ b/drivers/misc/mei/interrupt.c
@@ -424,31 +424,26 @@ int mei_irq_read_handler(struct mei_device *dev,
        list_for_each_entry(cl, &dev->file_list, link) {
                if (mei_cl_hbm_equal(cl, mei_hdr)) {
                        cl_dbg(dev, cl, "got a message\n");
-                       break;
+                       ret = mei_cl_irq_read_msg(cl, mei_hdr, meta_hdr, cmpl_list);
+                       goto reset_slots;
                }
        }
 
        /* if no recipient cl was found we assume corrupted header */
-       if (&cl->link == &dev->file_list) {
-               /* A message for not connected fixed address clients
-                * should be silently discarded
-                * On power down client may be force cleaned,
-                * silently discard such messages
-                */
-               if (hdr_is_fixed(mei_hdr) ||
-                   dev->dev_state == MEI_DEV_POWER_DOWN) {
-                       mei_irq_discard_msg(dev, mei_hdr, mei_hdr->length);
-                       ret = 0;
-                       goto reset_slots;
-               }
-               dev_err(dev->dev, "no destination client found 0x%08X\n",
-                               dev->rd_msg_hdr[0]);
-               ret = -EBADMSG;
-               goto end;
+       /* A message for not connected fixed address clients
+        * should be silently discarded
+        * On power down client may be force cleaned,
+        * silently discard such messages
+        */
+       if (hdr_is_fixed(mei_hdr) ||
+           dev->dev_state == MEI_DEV_POWER_DOWN) {
+               mei_irq_discard_msg(dev, mei_hdr, mei_hdr->length);
+               ret = 0;
+               goto reset_slots;
        }
-
-       ret = mei_cl_irq_read_msg(cl, mei_hdr, meta_hdr, cmpl_list);
-
+       dev_err(dev->dev, "no destination client found 0x%08X\n", dev->rd_msg_hdr[0]);
+       ret = -EBADMSG;
+       goto end;
 
 reset_slots:
        /* reset the number of slots and header */