liveupdate: luo_file: don't use invalid list iterator

If we exit a list_for_each_entry() without hitting a break then the list
iterator points to an offset from the list_head.  It's a non-NULL but
invalid pointer and dereferencing it isn't allowed.

Introduce a new "found" variable to test instead.

Link: https://lkml.kernel.org/r/aSlMc4SS09Re4_xn@stanley.mountain
Fixes: 3ee1d673194e ("liveupdate: luo_file: implement file systems callbacks")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/r/202511280420.y9O4fyhX-lkp@intel.com/
Reviewed-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
Reviewed-by: Pasha Tatashin <pasha.tatashin@soleen.com>
Cc: Pratyush Yadav <pratyush@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

diff --git a/kernel/liveupdate/luo_file.c b/kernel/liveupdate/luo_file.c
index ddff87917b217cd9adb3f3ed57ca545c40c61398..a32a777f6df8f3e72578808eaf711a19ef9ab935 100644 (file)
--- a/kernel/liveupdate/luo_file.c
+++ b/kernel/liveupdate/luo_file.c
@@ -554,17 +554,20 @@ int luo_retrieve_file(struct luo_file_set *file_set, u64 token,
 {
        struct liveupdate_file_op_args args = {0};
        struct luo_file *luo_file;
+       bool found = false;
        int err;
 
        if (list_empty(&file_set->files_list))
                return -ENOENT;
 
        list_for_each_entry(luo_file, &file_set->files_list, list) {
-               if (luo_file->token == token)
+               if (luo_file->token == token) {
+                       found = true;
                        break;
+               }
        }
 
-       if (luo_file->token != token)
+       if (!found)
                return -ENOENT;
 
        guard(mutex)(&luo_file->mutex);