From 5c864e775dfdecda1ea340af2d3b1c94b4dea63b Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva Date: Mon, 16 Nov 2015 19:23:25 +0000 Subject: [PATCH] greybus: manifest: fix bundle descriptor parse The descriptor list is walked in two points, in the bundle parsing and cport parsing, this can make the next descriptor pointer in bundle to be already removed by the cport remove descriptor and become invalid. So, just get the next bundle until there no more left. Signed-off-by: Rui Miguel Silva Signed-off-by: Greg Kroah-Hartman --- drivers/staging/greybus/manifest.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/drivers/staging/greybus/manifest.c b/drivers/staging/greybus/manifest.c index 3e61b6655a5f..084e07e195c0 100644 --- a/drivers/staging/greybus/manifest.c +++ b/drivers/staging/greybus/manifest.c @@ -60,6 +60,18 @@ static void release_manifest_descriptors(struct gb_interface *intf) release_manifest_descriptor(descriptor); } +static struct manifest_desc *get_next_bundle_desc(struct gb_interface *intf) +{ + struct manifest_desc *descriptor; + struct manifest_desc *next; + + list_for_each_entry_safe(descriptor, next, &intf->manifest_descs, links) + if (descriptor->type == GREYBUS_TYPE_BUNDLE) + return descriptor; + + return NULL; +} + /* * Validate the given descriptor. Its reported size must fit within * the number of bytes remaining, and it must have a recognized @@ -282,18 +294,14 @@ exit: static u32 gb_manifest_parse_bundles(struct gb_interface *intf) { struct manifest_desc *desc; - struct manifest_desc *next; struct gb_bundle *bundle; struct gb_bundle *bundle_next; u32 count = 0; u8 bundle_id; - list_for_each_entry_safe(desc, next, &intf->manifest_descs, links) { + while ((desc = get_next_bundle_desc(intf))) { struct greybus_descriptor_bundle *desc_bundle; - if (desc->type != GREYBUS_TYPE_BUNDLE) - continue; - /* Found one. Set up its bundle structure*/ desc_bundle = desc->data; bundle_id = desc_bundle->id; -- 2.20.1