From eb6db9ccf6fb35f44f905d40ffbd667ddcc0e1cc Mon Sep 17 00:00:00 2001 From: Jakob Koschel Date: Tue, 8 Mar 2022 18:18:10 +0100 Subject: [PATCH] usb: gadget: legacy: remove using list iterator after loop body as a ptr If the list does not contain the expected element, the value of list_for_each_entry() iterator will not point to a valid structure. To avoid type confusion in such case, the list iterator scope will be limited to list_for_each_entry() loop. In preparation to limiting scope of a list iterator to the list traversal loop, use a dedicated pointer to point to the found element [1]. Determining if an element was found is then simply checking if the pointer is != NULL instead of using the potentially bogus pointer. Link: https://lore.kernel.org/all/YhdfEIwI4EdtHdym@kroah.com/ Signed-off-by: Jakob Koschel Link: https://lore.kernel.org/r/20220308171818.384491-19-jakobkoschel@gmail.com Signed-off-by: Greg Kroah-Hartman --- drivers/usb/gadget/legacy/hid.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/drivers/usb/gadget/legacy/hid.c b/drivers/usb/gadget/legacy/hid.c index 3912cc8..1187ee4 100644 --- a/drivers/usb/gadget/legacy/hid.c +++ b/drivers/usb/gadget/legacy/hid.c @@ -134,7 +134,7 @@ static int hid_bind(struct usb_composite_dev *cdev) { struct usb_gadget *gadget = cdev->gadget; struct list_head *tmp; - struct hidg_func_node *n, *m; + struct hidg_func_node *n = NULL, *m, *iter_n; struct f_hid_opts *hid_opts; int status, funcs = 0; @@ -144,18 +144,19 @@ static int hid_bind(struct usb_composite_dev *cdev) if (!funcs) return -ENODEV; - list_for_each_entry(n, &hidg_func_list, node) { - n->fi = usb_get_function_instance("hid"); - if (IS_ERR(n->fi)) { - status = PTR_ERR(n->fi); + list_for_each_entry(iter_n, &hidg_func_list, node) { + iter_n->fi = usb_get_function_instance("hid"); + if (IS_ERR(iter_n->fi)) { + status = PTR_ERR(iter_n->fi); + n = iter_n; goto put; } - hid_opts = container_of(n->fi, struct f_hid_opts, func_inst); - hid_opts->subclass = n->func->subclass; - hid_opts->protocol = n->func->protocol; - hid_opts->report_length = n->func->report_length; - hid_opts->report_desc_length = n->func->report_desc_length; - hid_opts->report_desc = n->func->report_desc; + hid_opts = container_of(iter_n->fi, struct f_hid_opts, func_inst); + hid_opts->subclass = iter_n->func->subclass; + hid_opts->protocol = iter_n->func->protocol; + hid_opts->report_length = iter_n->func->report_length; + hid_opts->report_desc_length = iter_n->func->report_desc_length; + hid_opts->report_desc = iter_n->func->report_desc; } -- 2.7.4