Commit b2135d1c authored Nov 28, 2025 by Dan Carpenter Committed by Andrew Morton Dec 10, 2025

liveupdate: luo_file: don't use invalid list iterator

If we exit a list_for_each_entry() without hitting a break then the list
iterator points to an offset from the list_head.  It's a non-NULL but
invalid pointer and dereferencing it isn't allowed.

Introduce a new "found" variable to test instead.

Link: https://lkml.kernel.org/r/aSlMc4SS09Re4_xn@stanley.mountain


Fixes: 3ee1d673194e ("liveupdate: luo_file: implement file systems callbacks")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/r/202511280420.y9O4fyhX-lkp@intel.com/


Reviewed-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
Reviewed-by: Pasha Tatashin <pasha.tatashin@soleen.com>
Cc: Pratyush Yadav <pratyush@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

parent aa514a29

kernel/liveupdate/luo_file.c

+5 −2

Original line number	Diff line number	Diff line
		@@ -554,17 +554,20 @@ int luo_retrieve_file(struct luo_file_set *file_set, u64 token,
		{
		struct liveupdate_file_op_args args = {0};
		struct luo_file *luo_file;
		bool found = false;
		int err;

		if (list_empty(&file_set->files_list))
		return -ENOENT;

		list_for_each_entry(luo_file, &file_set->files_list, list) {
		if (luo_file->token == token)
		if (luo_file->token == token) {
		found = true;
		break;
		}
		}

		if (luo_file->token != token)
		if (!found)
		return -ENOENT;

		guard(mutex)(&luo_file->mutex);