From 1dc39a70ce2a8767d957a63369fee3c8b00840ea Mon Sep 17 00:00:00 2001
From: Vidya Sagar <vidyas@nvidia.com>
Date: Thu, 13 Oct 2022 23:48:14 +0530
Subject: [PATCH] NVIDIA: SAUCE: PCI: endpoint: Delete list entry before
 freeing

BugLink: https://bugs.launchpad.net/bugs/2072591

Currently, epf_group list is traversed, and each group entry is freed and
epf_group list head is deleted in the end. Deleting the list head is
corrupting the data in the group entries that are already freed, leading to
random crashes. To fix this issue, delete each group entry and then free
it, and don't delete epf_group list head.

Signed-off-by: Vidya Sagar <vidyas@nvidia.com>
Reviewed-by: Manivannan Sadhasivam <mani@kernel.org>
Reviewed-by: Nagarjuna Kristam <nkristam@nvidia.com>
Reviewed-by: Manikanta Maddireddy <mmaddireddy@nvidia.com>
Reviewed-by: Bitan Biswas <bbiswas@nvidia.com>
Tested-by: Nagarjuna Kristam <nkristam@nvidia.com>
Tested-by: Abhilash G <abhilashg@nvidia.com>
Reviewed-by: Abhilash G <abhilashg@nvidia.com>
Reviewed-by: Laxman Dewangan <ldewangan@nvidia.com>
Signed-off-by: Laxman Dewangan <ldewangan@nvidia.com>
Acked-by: Jacob Martin <jacob.martin@canonical.com>
Acked-by: Noah Wager <noah.wager@canonical.com>
Signed-off-by: Noah Wager <noah.wager@canonical.com>
---
 drivers/pci/endpoint/pci-epf-core.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/pci/endpoint/pci-epf-core.c b/drivers/pci/endpoint/pci-epf-core.c
index 059f8639f21e..cf894740f17e 100644
--- a/drivers/pci/endpoint/pci-epf-core.c
+++ b/drivers/pci/endpoint/pci-epf-core.c
@@ -309,9 +309,10 @@ static void pci_epf_remove_cfs(struct pci_epf_driver *driver)
 		return;
 
 	mutex_lock(&pci_epf_mutex);
-	list_for_each_entry_safe(group, tmp, &driver->epf_group, group_entry)
+	list_for_each_entry_safe(group, tmp, &driver->epf_group, group_entry) {
+		list_del(&group->group_entry);
 		pci_ep_cfs_remove_epf_group(group);
-	list_del(&driver->epf_group);
+	}
 	mutex_unlock(&pci_epf_mutex);
 }