igb: Fix an end of loop test

When we exit a list_for_each_entry() without hitting a break statement,
the list iterator isn't NULL, it just point to an offset off the
list_head.  In that situation, it wouldn't be too surprising for
entry->free to be true and we end up corrupting memory.

The way to test for these is to just set a flag.

Fixes: c1fec890458a ("ethernet/intel: Use list_for_each_entry() helper")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Simon Horman <horms@kernel.org>
Reviewed-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Tested-by: Rafal Romanowski <rafal.romanowski@intel.com>
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
index db54453e19461c5222e37bb5d7952b18dd5bcd81..b2295caa2f0abd47674d68c0c11b1b869cdf70b9 100644 (file)
--- a/drivers/net/ethernet/intel/igb/igb_main.c
+++ b/drivers/net/ethernet/intel/igb/igb_main.c
@@ -7856,7 +7856,8 @@ static int igb_set_vf_mac_filter(struct igb_adapter *adapter, const int vf,
 {
        struct pci_dev *pdev = adapter->pdev;
        struct vf_data_storage *vf_data = &adapter->vf_data[vf];
-       struct vf_mac_filter *entry = NULL;
+       struct vf_mac_filter *entry;
+       bool found = false;
        int ret = 0;
 
        if ((vf_data->flags & IGB_VF_FLAG_PF_SET_MAC) &&
@@ -7887,11 +7888,13 @@ static int igb_set_vf_mac_filter(struct igb_adapter *adapter, const int vf,
        case E1000_VF_MAC_FILTER_ADD:
                /* try to find empty slot in the list */
                list_for_each_entry(entry, &adapter->vf_macs.l, l) {
-                       if (entry->free)
+                       if (entry->free) {
+                               found = true;
                                break;
+                       }
                }
 
-               if (entry && entry->free) {
+               if (found) {
                        entry->free = false;
                        entry->vf = vf;
                        ether_addr_copy(entry->vf_mac, addr);