If the list does not contain the expected element, the value of list_for_each_entry() iterator will not point to a valid structure. To avoid type confusion in such case, the list iterator scope will be limited to list_for_each_entry() loop. In preparation to limiting scope of a list iterator to the list traversal loop, use a dedicated pointer to point to the found element [1]. Determining if an element was found is then simply checking if the pointer is != NULL instead of using the potentially bogus pointer. Link: https://lore.kernel.org/all/YhdfEIwI4EdtHdym@xxxxxxxxx/ Signed-off-by: Jakob Koschel <jakobkoschel@xxxxxxxxx> --- drivers/usb/gadget/udc/max3420_udc.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/drivers/usb/gadget/udc/max3420_udc.c b/drivers/usb/gadget/udc/max3420_udc.c index d2a2b20cc1ad..ac8a46bc1057 100644 --- a/drivers/usb/gadget/udc/max3420_udc.c +++ b/drivers/usb/gadget/udc/max3420_udc.c @@ -1044,22 +1044,26 @@ static int max3420_ep_queue(struct usb_ep *_ep, struct usb_request *_req, static int max3420_ep_dequeue(struct usb_ep *_ep, struct usb_request *_req) { - struct max3420_req *t, *req = to_max3420_req(_req); + struct max3420_req *t = NULL; + struct max3420_req *req = to_max3420_req(_req); + struct max3420_req *iter; struct max3420_ep *ep = to_max3420_ep(_ep); unsigned long flags; spin_lock_irqsave(&ep->lock, flags); /* Pluck the descriptor from queue */ - list_for_each_entry(t, &ep->queue, queue) - if (t == req) { - list_del_init(&req->queue); - break; - } + list_for_each_entry(iter, &ep->queue, queue) { + if (iter != req) + continue; + list_del_init(&req->queue); + t = iter; + break; + } spin_unlock_irqrestore(&ep->lock, flags); - if (t == req) + if (t) max3420_req_done(req, -ECONNRESET); return 0; -- 2.25.1
