[RFC PATCH 07/13] udp_tunnel: remove the usage of the list iterator after the loop
From: Jakob Koschel
Date: Thu Feb 17 2022 - 13:51:23 EST
The usage of node->dev after the loop body is a legitimate type
confusion if the break was not hit. It will compare an undefined
memory location with dev that could potentially be equal. The value
of node->dev in this case could either be a random struct member of the
head element or an out-of-bounds value.
Therefore it is more safe to use the found variable. With the
introduction of speculative safe list iterator this check could be
replaced with if (!node).
Signed-off-by: Jakob Koschel <jakobkoschel@xxxxxxxxx>
---
net/ipv4/udp_tunnel_nic.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/udp_tunnel_nic.c b/net/ipv4/udp_tunnel_nic.c
index b91003538d87..c47f9fb36d29 100644
--- a/net/ipv4/udp_tunnel_nic.c
+++ b/net/ipv4/udp_tunnel_nic.c
@@ -842,11 +842,14 @@ udp_tunnel_nic_unregister(struct net_device *dev, struct udp_tunnel_nic *utn)
*/
if (info->shared) {
struct udp_tunnel_nic_shared_node *node, *first;
+ bool found = false;
list_for_each_entry(node, &info->shared->devices, list)
- if (node->dev == dev)
+ if (node->dev == dev) {
+ found = true;
break;
- if (node->dev != dev)
+ }
+ if (!found)
return;
list_del(&node->list);
--
2.25.1