From ba61f887ac6c1abb96e71d17ee696bca668cd241 Mon Sep 17 00:00:00 2001
From: Mahesh Sivasubramanian <msivasub@codeaurora.org>
Date: Wed, 7 Mar 2018 16:00:07 -0700
Subject: [PATCH] drivers: qcom: lpm-stats: Fix undefined access error

In cleanup_stats(), a freed memory pointer pos might be accessed for
list traversal. Switch to using _safe() variant of the list API to
prevent undefined accesses.

Bug: 79421260
Change-Id: I7d068cb7813ccb9bfdbcab4646b4ec890145828a
Signed-off-by: Mahesh Sivasubramanian <msivasub@codeaurora.org>
---
 drivers/power/qcom/lpm-stats.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/drivers/power/qcom/lpm-stats.c b/drivers/power/qcom/lpm-stats.c
index 321e13c2b7ea..f4f22007b4cb 100644
--- a/drivers/power/qcom/lpm-stats.c
+++ b/drivers/power/qcom/lpm-stats.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2012-2014, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2012-2014, 2018, The Linux Foundation. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 and
@@ -590,11 +590,14 @@ static void cleanup_stats(struct lpm_stats *stats)
 {
 	struct list_head *centry = NULL;
 	struct lpm_stats *pos = NULL;
+	struct lpm_stats *n = NULL;
 
 	centry = &stats->child;
-	list_for_each_entry_reverse(pos, centry, sibling) {
-		if (!list_empty(&pos->child))
+	list_for_each_entry_safe_reverse(pos, n, centry, sibling) {
+		if (!list_empty(&pos->child)) {
 			cleanup_stats(pos);
+			continue;
+		}
 
 		list_del_init(&pos->child);
 
-- 
GitLab