Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp875386rwi; Wed, 19 Oct 2022 04:11:19 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7AAqi3lDKcz5mUv+xHlQB/tVy9uTiuxgI2xbGVnG9M6qAfpa4KbH1ZqLRZgjaGILOAR+uL X-Received: by 2002:a05:6a00:2291:b0:563:9d0d:62ae with SMTP id f17-20020a056a00229100b005639d0d62aemr8224185pfe.17.1666177878757; Wed, 19 Oct 2022 04:11:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666177878; cv=none; d=google.com; s=arc-20160816; b=sz5XYKFWwMmYNrZpzjtfzp4eSL567gwjBwJ1vTIHTGV5sXwcTQO4R7j3RbN/63dptE YR+SWqa15JAkthP65FVFG9HcW3g7bf+Z8BYhPi15PHKJw4/XwAsJ2I3zd8Ime5bK7XTj fAqlBDt0aLNvajABDEGwzbYN9plEY34hnHrrtGvdmUVla8vnI8/jPWIeztvkUio9CqG1 SXbYKe5xmjPKwRRNwoXyRcVQHS7A6015X9rw+t0WGWLMYYlovR0+fPOKrgzQevU2f3ra dc6ruwcCVJQKDmd3w+r/IPHYG1KeCpBHzBhjY4RpoFWNrQZAEPZbGxh842N5n7EmdEIx nsKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Nfa+HXInf3+9WrIfRzS6/6EK+owEXMGAUIzzaIB4kIM=; b=vAod7XK7WcyAkrw6D4g75H/r3rEWbVZ+cLtoyt6Ps4w5MBQcwZM1zpARQ1Y1saZMz2 PYT4IqzayCO7bJwC12b/8Bou007BSjfvye6dr+IreFKe/XVKMklgZsCikK8a8bH9zHEc AX1aRdS5IUYcyxOLEQ3HOOoV6gGpjVMh4X5LOpTI1gnhDGsTc3oojUHg/JSgWLJMs0L5 gc/TBcZ0et8UTbgDDW8hgRxK3YYo6uHfVt1vMPbULWvQRhbMrlBaOe79zmFR7exF6XMK fgR8T0i+xtkN96lAfuhOlMXqBsBo3JvjaNAdauVJwYazKgi1xhqy4nyiDpadXiZ8E4ht iG0Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=uKqM23aa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id oj15-20020a17090b4d8f00b001f335a72172si27630667pjb.62.2022.10.19.04.11.04; Wed, 19 Oct 2022 04:11:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=uKqM23aa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233219AbiJSKq0 (ORCPT + 99 others); Wed, 19 Oct 2022 06:46:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37266 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233150AbiJSKoa (ORCPT ); Wed, 19 Oct 2022 06:44:30 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6BDEF1578BD; Wed, 19 Oct 2022 03:20:29 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 0C018B823B0; Wed, 19 Oct 2022 08:52:28 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 75ED2C433C1; Wed, 19 Oct 2022 08:52:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1666169546; bh=dVDJSEzRrPtFqIsoE3zXwmOWCE8M6Zw0BQZP6LOW0Mw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=uKqM23aaQh5eGBkp3tyKgTLhQQtBauVikuDueIY3SJdsxmi/vXwM1VynbO/bBGgQu xtXMUUCmxbG6ok1UlwVArRAR7gos7OlEF7+cfhDAfGVSA97lDa6EfNaU5T2vgkshMO 25MOW0xomKMxwbFX12AEo/abSYFJbV5DjXGM6c/A= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Xiaomeng Tong , Kalle Valo , Sasha Levin Subject: [PATCH 6.0 318/862] cw1200: fix incorrect check to determine if no element is found in list Date: Wed, 19 Oct 2022 10:26:45 +0200 Message-Id: <20221019083304.064274432@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221019083249.951566199@linuxfoundation.org> References: <20221019083249.951566199@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Xiaomeng Tong [ Upstream commit 86df5de5c632d3bd940f59bbb14ae912aa9cc363 ] The bug is here: "} else if (item) {". The list iterator value will *always* be set and non-NULL by list_for_each_entry(), so it is incorrect to assume that the iterator value will be NULL if the list is empty or no element is found in list. Use a new value 'iter' as the list iterator, while use the old value 'item' as a dedicated pointer to point to the found element, which 1. can fix this bug, due to now 'item' is NULL only if it's not found. 2. do not need to change all the uses of 'item' after the loop. 3. can also limit the scope of the list iterator 'iter' *only inside* the traversal loop by simply declaring 'iter' inside the loop in the future, as usage of the iterator outside of the list_for_each_entry is considered harmful. https://lkml.org/lkml/2022/2/17/1032 Fixes: a910e4a94f692 ("cw1200: add driver for the ST-E CW1100 & CW1200 WLAN chipsets") Signed-off-by: Xiaomeng Tong Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20220413091723.17596-1-xiam0nd.tong@gmail.com Signed-off-by: Sasha Levin --- drivers/net/wireless/st/cw1200/queue.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/drivers/net/wireless/st/cw1200/queue.c b/drivers/net/wireless/st/cw1200/queue.c index e06da4b3b0d4..805a3c1bf8fe 100644 --- a/drivers/net/wireless/st/cw1200/queue.c +++ b/drivers/net/wireless/st/cw1200/queue.c @@ -91,23 +91,25 @@ static void __cw1200_queue_gc(struct cw1200_queue *queue, bool unlock) { struct cw1200_queue_stats *stats = queue->stats; - struct cw1200_queue_item *item = NULL, *tmp; + struct cw1200_queue_item *item = NULL, *iter, *tmp; bool wakeup_stats = false; - list_for_each_entry_safe(item, tmp, &queue->queue, head) { - if (time_is_after_jiffies(item->queue_timestamp + queue->ttl)) + list_for_each_entry_safe(iter, tmp, &queue->queue, head) { + if (time_is_after_jiffies(iter->queue_timestamp + queue->ttl)) { + item = iter; break; + } --queue->num_queued; - --queue->link_map_cache[item->txpriv.link_id]; + --queue->link_map_cache[iter->txpriv.link_id]; spin_lock_bh(&stats->lock); --stats->num_queued; - if (!--stats->link_map_cache[item->txpriv.link_id]) + if (!--stats->link_map_cache[iter->txpriv.link_id]) wakeup_stats = true; spin_unlock_bh(&stats->lock); cw1200_debug_tx_ttl(stats->priv); - cw1200_queue_register_post_gc(head, item); - item->skb = NULL; - list_move_tail(&item->head, &queue->free_pool); + cw1200_queue_register_post_gc(head, iter); + iter->skb = NULL; + list_move_tail(&iter->head, &queue->free_pool); } if (wakeup_stats) -- 2.35.1