From: Jakob Koschel <jakobkoschel@gmail.com>
To: Greg Kroah-Hartman <greg@kroah.com>
Cc: Jakob Koschel <jakobkoschel@gmail.com>,
linux-kernel@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
Felipe Balbi <balbi@kernel.org>, Joel Stanley <joel@jms.id.au>,
Andrew Jeffery <andrew@aj.id.au>,
Nicolas Ferre <nicolas.ferre@microchip.com>,
Alexandre Belloni <alexandre.belloni@bootlin.com>,
Claudiu Beznea <claudiu.beznea@microchip.com>,
Cristian Birsan <cristian.birsan@microchip.com>,
Al Cooper <alcooperx@gmail.com>, Li Yang <leoyang.li@nxp.com>,
Vladimir Zapolskiy <vz@mleia.com>,
Daniel Mack <daniel@zonque.org>,
Haojian Zhuang <haojian.zhuang@gmail.com>,
Robert Jarzmik <robert.jarzmik@free.fr>,
Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>,
Alim Akhtar <alim.akhtar@samsung.com>,
Thierry Reding <thierry.reding@gmail.com>,
Jonathan Hunter <jonathanh@nvidia.com>,
Michal Simek <michal.simek@xilinx.com>,
linux-usb@vger.kernel.org (open list:USB GADGET/PERIPHERAL
SUBSYSTEM), Mike Rapoport <rppt@kernel.org>,
"Brian Johannesmeyer" <bjohannesmeyer@gmail.com>,
Cristiano Giuffrida <c.giuffrida@vu.nl>,
"Bos, H.J." <h.j.bos@vu.nl>
Subject: [PATCH v2 02/26] usb: gadget: bdc: remove usage of list iterator past the loop body
Date: Tue, 8 Mar 2022 18:17:54 +0100 [thread overview]
Message-ID: <20220308171818.384491-3-jakobkoschel@gmail.com> (raw)
In-Reply-To: <20220308171818.384491-1-jakobkoschel@gmail.com>
If the list representing the request queue does not contain the expected
request, the value of the list_for_each_entry() iterator will not point
to a valid structure. To avoid type confusion in such case, the list
iterator scope will be limited to the list_for_each_entry() loop.
In preparation to limiting scope of the list iterator to the list traversal
loop, use a dedicated pointer to point to the found request object [1].
Link: https://lore.kernel.org/all/YhdfEIwI4EdtHdym@kroah.com/
Signed-off-by: Jakob Koschel <jakobkoschel@gmail.com>
---
drivers/usb/gadget/udc/bdc/bdc_ep.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/usb/gadget/udc/bdc/bdc_ep.c b/drivers/usb/gadget/udc/bdc/bdc_ep.c
index 8e2f20b12519..fa88f210ecd5 100644
--- a/drivers/usb/gadget/udc/bdc/bdc_ep.c
+++ b/drivers/usb/gadget/udc/bdc/bdc_ep.c
@@ -1757,6 +1757,7 @@ static int bdc_gadget_ep_dequeue(struct usb_ep *_ep,
struct usb_request *_req)
{
struct bdc_req *req;
+ struct bdc_req *iter;
unsigned long flags;
struct bdc_ep *ep;
struct bdc *bdc;
@@ -1771,12 +1772,16 @@ static int bdc_gadget_ep_dequeue(struct usb_ep *_ep,
dev_dbg(bdc->dev, "%s ep:%s req:%p\n", __func__, ep->name, req);
bdc_dbg_bd_list(bdc, ep);
spin_lock_irqsave(&bdc->lock, flags);
+
+ req = NULL;
/* make sure it's still queued on this endpoint */
- list_for_each_entry(req, &ep->queue, queue) {
- if (&req->usb_req == _req)
- break;
+ list_for_each_entry(iter, &ep->queue, queue) {
+ if (&iter->usb_req != _req)
+ continue;
+ req = iter;
+ break;
}
- if (&req->usb_req != _req) {
+ if (!req) {
spin_unlock_irqrestore(&bdc->lock, flags);
dev_err(bdc->dev, "usb_req !=req n");
return -EINVAL;
--
2.25.1
next prev parent reply other threads:[~2022-03-08 17:19 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-08 17:17 [PATCH v2 00/26] usb: gadget: remove usage of list iterator past the loop Jakob Koschel
2022-03-08 17:17 ` [PATCH v2 01/26] usb: gadget: fsl: remove usage of list iterator past the loop body Jakob Koschel
2022-03-08 17:17 ` Jakob Koschel [this message]
2022-03-08 17:17 ` [PATCH v2 03/26] usb: gadget: udc: atmel: " Jakob Koschel
2022-03-08 17:17 ` [PATCH v2 04/26] usb: gadget: udc: pxa25x: " Jakob Koschel
2022-03-08 17:17 ` [PATCH v2 05/26] usb: gadget: udc: at91: " Jakob Koschel
2022-03-08 17:17 ` [PATCH v2 06/26] usb: gadget: goku_udc: " Jakob Koschel
2022-03-08 17:17 ` [PATCH v2 07/26] usb: gadget: udc: gr_udc: " Jakob Koschel
2022-03-08 17:18 ` [PATCH v2 08/26] usb: gadget: lpc32xx_udc: " Jakob Koschel
2022-03-08 17:18 ` [PATCH v2 09/26] usb: gadget: mv_u3d: " Jakob Koschel
2022-03-08 17:18 ` [PATCH v2 10/26] usb: gadget: udc: mv_udc_core: " Jakob Koschel
2022-03-08 17:18 ` [PATCH v2 11/26] usb: gadget: net2272: " Jakob Koschel
2022-03-08 17:18 ` [PATCH v2 12/26] usb: gadget: udc: net2280: " Jakob Koschel
2022-03-08 17:18 ` [PATCH v2 13/26] usb: gadget: omap_udc: " Jakob Koschel
2022-03-08 17:18 ` [PATCH v2 14/26] usb: gadget: s3c-hsudc: " Jakob Koschel
2022-03-09 17:25 ` Krzysztof Kozlowski
2022-03-09 17:36 ` Jakob Koschel
2022-03-09 17:56 ` Krzysztof Kozlowski
2022-03-08 17:18 ` [PATCH v2 15/26] usb: gadget: udc-xilinx: " Jakob Koschel
2022-03-08 17:18 ` [PATCH v2 16/26] usb: gadget: aspeed: " Jakob Koschel
2022-03-08 17:18 ` [PATCH v2 17/26] usb: gadget: configfs: remove using list iterator after loop body as a ptr Jakob Koschel
2022-03-08 17:18 ` [PATCH v2 18/26] usb: gadget: legacy: " Jakob Koschel
2022-03-08 17:18 ` [PATCH v2 19/26] usb: gadget: udc: max3420_udc: " Jakob Koschel
2022-03-08 17:18 ` [PATCH v2 20/26] usb: gadget: tegra-xudc: " Jakob Koschel
2022-03-08 17:18 ` [PATCH v2 21/26] usb: gadget: composite: remove check of list iterator against head past the loop body Jakob Koschel
2022-03-08 17:18 ` [PATCH v2 22/26] usb: gadget: pxa27x_udc: replace usage of rc to check if a list element was found Jakob Koschel
2022-03-08 17:18 ` [PATCH v2 23/26] usb: gadget: composite: remove usage of list iterator past the loop body Jakob Koschel
2022-03-08 17:18 ` [PATCH v2 24/26] usb: gadget: udc: core: " Jakob Koschel
2022-03-08 17:18 ` [PATCH v2 25/26] usb: gadget: dummy_hcd: " Jakob Koschel
2022-03-08 17:18 ` [PATCH v2 26/26] usb: gadget: udc: s3c2410: " Jakob Koschel
2022-03-09 17:20 ` Krzysztof Kozlowski
2022-03-08 21:17 ` [PATCH v2 00/26] usb: gadget: remove usage of list iterator past the loop Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220308171818.384491-3-jakobkoschel@gmail.com \
--to=jakobkoschel@gmail.com \
--cc=alcooperx@gmail.com \
--cc=alexandre.belloni@bootlin.com \
--cc=alim.akhtar@samsung.com \
--cc=andrew@aj.id.au \
--cc=balbi@kernel.org \
--cc=bjohannesmeyer@gmail.com \
--cc=c.giuffrida@vu.nl \
--cc=claudiu.beznea@microchip.com \
--cc=cristian.birsan@microchip.com \
--cc=daniel@zonque.org \
--cc=greg@kroah.com \
--cc=h.j.bos@vu.nl \
--cc=haojian.zhuang@gmail.com \
--cc=joel@jms.id.au \
--cc=jonathanh@nvidia.com \
--cc=krzysztof.kozlowski@canonical.com \
--cc=leoyang.li@nxp.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=michal.simek@xilinx.com \
--cc=nicolas.ferre@microchip.com \
--cc=robert.jarzmik@free.fr \
--cc=rppt@kernel.org \
--cc=thierry.reding@gmail.com \
--cc=torvalds@linux-foundation.org \
--cc=vz@mleia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).