Received: by 2002:a5d:925a:0:0:0:0:0 with SMTP id e26csp1472487iol; Fri, 10 Jun 2022 08:10:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxdT4GDdxodIU0NrMRwp62JioMe5JRSUUpfBjOJzZcMDS8veDjPtK16/2yAL4McAnrgkTli X-Received: by 2002:a05:6402:5191:b0:42f:b303:ed61 with SMTP id q17-20020a056402519100b0042fb303ed61mr40965124edd.233.1654873844859; Fri, 10 Jun 2022 08:10:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1654873844; cv=none; d=google.com; s=arc-20160816; b=ONMYxO+anitgaNMt6bCidAD7zIOBoIJkV3ADRi6yaSztO78jSdbKNwJXbVLYdr47QM CmSTR+EZ7MzIgvyDYAdVEG/re5rbTJEG7MX7qD3z/2wXXV3uGJhBII+KfoXgF0ZE3bEJ yjmFCNDyIUTR37Xu4dQvrocaVEFVmmRyjhEjbu58wmhfOpKAUS9nlYNt20TpawiWaT0a nimFbjMX0N5x44/XtAheM6lCUyUsefYMH4CPLfA8UDV5czmGExAaB1iNN3SfouOPN1l9 UZcctvmhD8h58ynHfYEb9SHB2WiA5+53abK8bbQEirZymIMVTZio3HcyK7Q6UYQ2DScE NeTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=wJsCFQid4sHaK/ZKO+qfx/hNEBYaCAv7ipedUinRSCA=; b=y72Hr/qgzOOpwsHGjw6CRI3Mupyu8iXgcXmpC98QlwXCtDAudtu5FI9iEkkoGQToNH RzMzVuhuJBJ0FfevugftlMROpO+9hojlhxDtdET7GByDs1yd+UgRa3epGTUdCvm50xM8 AwuLtyy4/lwVNCmZ0RBmE3W4mNo9CdjVvz1ILP7nTMgt318WoMKN7nBgR9GdRFmPK2l1 55CuNRfg6NMbxXdtDNmgAIVtYeBf/rcYs8QWsknPDugoGr40rivPhjsj/FIDISoit30h vpckRG5ix1Xq+3kHPQL2Y5w+Eg2obSAmbCmGoXx+usx30ZXBPPrJBaGQ0eWIT8KnPbDv bpRA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=DmZwOB8y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w5-20020aa7dcc5000000b0042600959715si25521193edu.204.2022.06.10.08.10.18; Fri, 10 Jun 2022 08:10:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=DmZwOB8y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231317AbiFJO4S (ORCPT + 99 others); Fri, 10 Jun 2022 10:56:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38304 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229553AbiFJO4Q (ORCPT ); Fri, 10 Jun 2022 10:56:16 -0400 Received: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6:2607:f8b0:4864:20::429]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3A76F55B3; Fri, 10 Jun 2022 07:56:15 -0700 (PDT) Received: by mail-pf1-x429.google.com with SMTP id x138so2258994pfc.12; Fri, 10 Jun 2022 07:56:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=wJsCFQid4sHaK/ZKO+qfx/hNEBYaCAv7ipedUinRSCA=; b=DmZwOB8yj183zZJrZAw1WK2vDFaNRohRqhiAivoZuMpBDx4rD75d9vSgogfoFOXTyA oNOqJux67XmaerADpU2/fXwgugw/2QujGD062CGuRuRWOHGriavWeAyfSmRPjsXYrExA 3ktfE5K0SpyCx0x6WGvPki69v5wXWD2uEOYcLQXQ51qO1U6JAnvQUQyj5AVtLTsHfTcC f0jjVb1O6MdrNnIDy2U1MtQ2xH+PfAOOU8byi6x2hmh1BfIFhx/OiVle9E1mT1zYBVEK 1ENBT1mwGJGRuiXSs5mRkHP6HEpH1/etrfnSjTlbECIay3MuEXfJUH9ooLD0ctao/0+y I3JA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=wJsCFQid4sHaK/ZKO+qfx/hNEBYaCAv7ipedUinRSCA=; b=M4BNAAhDCRwPVvtC1bI4ECvNWYiUhyEXYuNEXRH1ym4g6ZIDA761QohXw4NMDNhjCB IKsJtL6sRVsnNLIy4bACmUIMOfcm7Hi77muraOAzknwshSc1FpFHVK3s2pZ7u0AOBFft oiC+BR4974SPKa4JnUoYzgOi74TyaN8pXMaN5SmdBurGjxRveFx31/sEExyoFHdLpp6z loHoeIrOrzfo5Lptd6NRGVPmWat3AIQZrflzAyFIT9V2N0SjqTGmiD7dvXUYZAooFySz Z8Dt0UEoG0BjxWd7+5mSlL7LYrdLvRHRzJoPAGQMakfY6JKdc7Lypwpa76GXUH6t8Gdq AAyA== X-Gm-Message-State: AOAM532Gh+RlXL76u+pQrDzjqcnpQ5PFeoU91JOEBjZmbgeNgHyEyarg HLKcPPN4Pfheu0wGFc0jtkE+id2Uofijgj9Q X-Received: by 2002:a05:6a00:148f:b0:51c:70f9:b62e with SMTP id v15-20020a056a00148f00b0051c70f9b62emr13426346pfu.84.1654872974762; Fri, 10 Jun 2022 07:56:14 -0700 (PDT) Received: from fedora ([2601:1c1:4202:28a0::ec2b]) by smtp.gmail.com with ESMTPSA id x17-20020a056a000bd100b0051be1b4cfb5sm15393657pfu.5.2022.06.10.07.56.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Jun 2022 07:56:14 -0700 (PDT) Date: Fri, 10 Jun 2022 07:56:12 -0700 From: Jared Kangas To: Johan Hovold Cc: vaibhav.sr@gmail.com, elder@kernel.org, gregkh@linuxfoundation.org, greybus-dev@lists.linaro.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org, linux-staging@lists.linux.dev, mgreer@animalcreek.com, Dan Carpenter Subject: Re: [PATCH v2] staging: greybus: audio: fix loop cursor use after iteration Message-ID: References: <20220609214517.85661-1-kangas.jd@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jun 10, 2022 at 10:00:03AM +0200, Johan Hovold wrote: > On Thu, Jun 09, 2022 at 02:45:18PM -0700, Jared Kangas wrote: > > gbaudio_dapm_free_controls() iterates over widgets using the > > list_for_each_entry*() family of macros from , which > > leaves the loop cursor pointing to a meaningless structure if it > > completes a traversal of the list. The cursor was set to NULL at the end > > of the loop body, but would be overwritten by the final loop cursor > > update. > > > > Because of this behavior, the widget could be non-null after the loop > > even if the widget wasn't found, and the cleanup logic would treat the > > pointer as a valid widget to free. > > > > To fix this, introduce a temporary variable to act as the loop cursor > > and copy it to a variable that can be accessed after the loop finishes. > > Due to not removing any list elements, use list_for_each_entry() instead > > of list_for_each_entry_safe() in the revised loop. > > > > This was detected with the help of Coccinelle. > > > > Fixes: 510e340efe0c ("staging: greybus: audio: Add helper APIs for dynamic audio modules") > > Cc: stable@vger.kernel.org > > Reviewed-by: Dan Carpenter > > Reviewed-by: Johan Hovold > > Signed-off-by: Jared Kangas > > --- > > > > Changes since v1: > > * Removed safe list iteration as suggested by Johan Hovold > > * Updated patch changelog to explain the list iteration change > > * Added tags to changelog based on feedback (Cc:, Fixes:, Reviewed-by:) > > Apparently Greg applied this to staging-next before we had a change to > look at it. You should have received a notification from Greg when he > did so. > > https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git/commit/?h=staging-next&id=80c968a04a381dc0e690960c60ffd6b6aee7e157 > > It seems unlikely that this would cause any issues in real life, but > there's still a chance it will be picked up by the stable team despite > the lack of a CC stable tag. > > I've just sent a follow-up patch to replace the list macro. > > Johan Sorry about that - I got a notification but thought it was still revisable. In hindsight, it makes sense that once it gets applied to a public branch, changes should be done in additional patches. Thanks to both you and Dan for taking the time to review and catch my mistakes. Jared