From: Jakob Koschel Date: Tue, 8 Mar 2022 17:18:11 +0000 (+0100) Subject: usb: gadget: udc: max3420_udc: remove using list iterator after loop body as a ptr X-Git-Tag: v6.6.17~7891^2~27 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=b832eb1d578b8352cf8ea84d5dbd55e9089bc1b9;p=platform%2Fkernel%2Flinux-rpi.git usb: gadget: udc: max3420_udc: remove using list iterator after loop body as a ptr If the list does not contain the expected element, the value of list_for_each_entry() iterator will not point to a valid structure. To avoid type confusion in such case, the list iterator scope will be limited to list_for_each_entry() loop. In preparation to limiting scope of a list iterator to the list traversal loop, use a dedicated pointer to point to the found element [1]. Determining if an element was found is then simply checking if the pointer is != NULL instead of using the potentially bogus pointer. Link: https://lore.kernel.org/all/YhdfEIwI4EdtHdym@kroah.com/ Signed-off-by: Jakob Koschel Link: https://lore.kernel.org/r/20220308171818.384491-20-jakobkoschel@gmail.com Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/usb/gadget/udc/max3420_udc.c b/drivers/usb/gadget/udc/max3420_udc.c index d2a2b20..ac8a46b 100644 --- a/drivers/usb/gadget/udc/max3420_udc.c +++ b/drivers/usb/gadget/udc/max3420_udc.c @@ -1044,22 +1044,26 @@ static int max3420_ep_queue(struct usb_ep *_ep, struct usb_request *_req, static int max3420_ep_dequeue(struct usb_ep *_ep, struct usb_request *_req) { - struct max3420_req *t, *req = to_max3420_req(_req); + struct max3420_req *t = NULL; + struct max3420_req *req = to_max3420_req(_req); + struct max3420_req *iter; struct max3420_ep *ep = to_max3420_ep(_ep); unsigned long flags; spin_lock_irqsave(&ep->lock, flags); /* Pluck the descriptor from queue */ - list_for_each_entry(t, &ep->queue, queue) - if (t == req) { - list_del_init(&req->queue); - break; - } + list_for_each_entry(iter, &ep->queue, queue) { + if (iter != req) + continue; + list_del_init(&req->queue); + t = iter; + break; + } spin_unlock_irqrestore(&ep->lock, flags); - if (t == req) + if (t) max3420_req_done(req, -ECONNRESET); return 0;