Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp822316pxb; Thu, 17 Feb 2022 15:49:09 -0800 (PST) X-Google-Smtp-Source: ABdhPJwWT0k62qwSuzZlH+BRDu0E/8XMf1iu+lrgfHyVdkcjmqJ3tjd4GSmpP7n6e62LCn/7pALU X-Received: by 2002:a17:90a:fc6:b0:1b9:1e81:a53e with SMTP id 64-20020a17090a0fc600b001b91e81a53emr5484133pjz.169.1645141749670; Thu, 17 Feb 2022 15:49:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645141749; cv=none; d=google.com; s=arc-20160816; b=p1NQNuEIcWzAqsCWXZgo0+79M5mfvp/elbfMgebl+l+ZB6DJEb98eFb+WmY9HROo1W tA8rmJj/xyY1VpYA6r8UFID2LN/UYO6PqgdG7FgGgA64A44ixkrf9/vsVd5vvb/eJd1g 5aZWqF67GowumP77k1HClzW8+YoXhnqTD1Q2W5KPe3Y1C3UOYRYmzJo0JerB+P9tGn4b O7Ql/8PKxh6a/jv+NzfU1TUAn9sxIDT+KmZdZbQXI5Uq/OUSz5bLbkgcgw+hyorlz4Q8 OEknYUjtEJk+2OA9sYbXU7WJbumAll1lKOGSlHCHGvrsNH8HQGtCYXEOu6h0hVe+/kq9 PgQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=unUH0vvyOBECU4IrGGURVauaUXMQWjJ7wkWDp8rOwCg=; b=k6J3tqTGeQBt9zivfHFYKWW1AOGNScafM0LJ7w/V4CRZEXdszyIYRresP+HgQ68uXy t4yTH+qg5EBC6LVk4Jae0J4iy0BzHEakbzCu1AKAvsC9rZv5K+sMHpEc7/RlZPMS9GNx Ry6hVA4UUEArqNJvWQeE2Gwojg6Bi9HgG+Kjs+sjagk0fRIXVG2e/aNwaOiA9EQ0w0vW v2I0YY+dU0WUYbLM06bXu/r6/RKhBRDHs7Yr3DpWyfHN5oJzqWovxvGbQzXd8hBFc20V bwhptBu2gwepTvnM49FSUXNYVHWi3Qg+zY4ZY5/KFpi3H3iNAcxWU4xkXSONuyg7zga1 EG2g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=Fl3qxwWQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id w64si991613pff.366.2022.02.17.15.49.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Feb 2022 15:49:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=Fl3qxwWQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 181083631C; Thu, 17 Feb 2022 15:22:02 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244655AbiBQSu1 (ORCPT + 99 others); Thu, 17 Feb 2022 13:50:27 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:45200 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244640AbiBQSuR (ORCPT ); Thu, 17 Feb 2022 13:50:17 -0500 Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5FDA1522EF; Thu, 17 Feb 2022 10:50:02 -0800 (PST) Received: by mail-ej1-x632.google.com with SMTP id vz16so9556606ejb.0; Thu, 17 Feb 2022 10:50:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=unUH0vvyOBECU4IrGGURVauaUXMQWjJ7wkWDp8rOwCg=; b=Fl3qxwWQ5BLecyc2lLwyIjWUBs0RQaVZrk6sfZcHIjbYnBUMpeF0Gsv2igqs1xjD+9 5v1Kdd57Q35HedaFP09/Iom0huFuGfh0uCygJnKVLHh/wtbFHE6Nsa/itVlT5w+v36I2 8y+V8HUoVwJQV8aRG8ne216+yVcyYjqM3PIFBDoeZFAkMw1+S+0ka2O55icCeOCF3Yuy 68LKEqYcjBsZwc2MQpzC6/1bFen/+5+9/QiER2lfM6mEezOTo2t4SYFQuaIaCo7jaugC aCan1E2p2RnHQVIE92rWEdYnl7vYnBzK5wDkbdzhY4pKP8g3kluE8ubdW6sifyYxUzup qzBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=unUH0vvyOBECU4IrGGURVauaUXMQWjJ7wkWDp8rOwCg=; b=yvGPBavcbXt+SGR1HfCz6jubsiRCKXxUTymhu1B2Pc09ZuQ0PoPRAoT44b63N2RMKn JhQF/xNXPBpSHNtv7F0RVbO7YWMMG016Kx6nnK8YPnRSedg2QxtroMpXu5n1SHrm7KgP knny13f4hm+oJtIsHMltFY7FFr3K+2wLA61r929/dT1cuOhY0OHzieWLQqItIsrG73D5 Jq5ZzSUL3v5Z29zUTH/DwkOowxOYdi/1Ltl1Gb95/t/zZXEUEI+/rf1BDE177q0Y5S4J wsNvVVvZR43DjfRoVepzyKmRjlHTEcxU25T1jmNTjZvnSqwMRoUzFx6qZiojfxpiAV2k Sf2A== X-Gm-Message-State: AOAM531Xm+Ize6ZdCWDI/utSl9iwmz/ctbY5BWRDkokUxemKCMetpBtz 8GPV9BUllE+r+0s6NqK4UhA= X-Received: by 2002:a17:906:27db:b0:6ce:6f8:d0e3 with SMTP id k27-20020a17090627db00b006ce06f8d0e3mr3515168ejc.455.1645123800878; Thu, 17 Feb 2022 10:50:00 -0800 (PST) Received: from localhost.localdomain (dhcp-077-250-038-153.chello.nl. [77.250.38.153]) by smtp.googlemail.com with ESMTPSA id q7sm3493268edv.93.2022.02.17.10.49.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Feb 2022 10:50:00 -0800 (PST) From: Jakob Koschel To: Linus Torvalds , linux-kernel@vger.kernel.org Cc: linux-arch@vger.kernel.org, Greg Kroah-Hartman , Thomas Gleixner , Arnd Bergman , Andy Shevchenko , Andrew Morton , Kees Cook , Mike Rapoport , "Gustavo A. R. Silva" , Brian Johannesmeyer , Cristiano Giuffrida , "Bos, H.J." , Jakob Koschel Subject: [RFC PATCH 03/13] usb: remove the usage of the list iterator after the loop Date: Thu, 17 Feb 2022 19:48:19 +0100 Message-Id: <20220217184829.1991035-4-jakobkoschel@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220217184829.1991035-1-jakobkoschel@gmail.com> References: <20220217184829.1991035-1-jakobkoschel@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org It is unsafe to assume that &req->req != _req can only evaluate to false if the break within the list iterator is hit. When the break is not hit, req is set to an address derived from the head element. If _req would match with that value of req it would allow continuing beyond the safety check even if the _req was never found within the list. Signed-off-by: Jakob Koschel --- drivers/usb/gadget/udc/gr_udc.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/usb/gadget/udc/gr_udc.c b/drivers/usb/gadget/udc/gr_udc.c index 4b35739d3695..18ae2c7a1656 100644 --- a/drivers/usb/gadget/udc/gr_udc.c +++ b/drivers/usb/gadget/udc/gr_udc.c @@ -1695,6 +1695,7 @@ static int gr_dequeue(struct usb_ep *_ep, struct usb_request *_req) struct gr_udc *dev; int ret = 0; unsigned long flags; + bool found = false; ep = container_of(_ep, struct gr_ep, ep); if (!_ep || !_req || (!ep->ep.desc && ep->num != 0)) @@ -1711,10 +1712,12 @@ static int gr_dequeue(struct usb_ep *_ep, struct usb_request *_req) /* Make sure it's actually queued on this endpoint */ list_for_each_entry(req, &ep->queue, queue) { - if (&req->req == _req) + if (&req->req == _req) { + found = true; break; + } } - if (&req->req != _req) { + if (!found) { ret = -EINVAL; goto out; } -- 2.25.1