From e2327678732d78c90dec024e0ba4c9b65ca9cdd2 Mon Sep 17 00:00:00 2001
From: Marcelo Diop-Gonzalez <marcgonzalez@google.com>
Date: Thu, 13 Feb 2020 14:40:01 -0500
Subject: [PATCH] staging: vc04_services: Fix wrong early return in
 next_service_by_instance()

If kref_get_unless_zero() fails, we should keep looking for the
next service, since the callers of this function expect that a NULL
return value means there are no more.

Signed-off-by: Marcelo Diop-Gonzalez <marcgonzalez@google.com>
Link: https://lore.kernel.org/r/20200213194001.130110-1-marcgonzalez@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 .../vc04_services/interface/vchiq_arm/vchiq_core.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c
index d7d7f4d9d57f..edcd97373809 100644
--- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c
+++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c
@@ -252,11 +252,15 @@ next_service_by_instance(struct vchiq_state *state,
 	struct vchiq_service *service;
 
 	rcu_read_lock();
-	service = __next_service_by_instance(state, instance, pidx);
-	if (service && kref_get_unless_zero(&service->ref_count))
-		service = rcu_pointer_handoff(service);
-	else
-		service = NULL;
+	while (1) {
+		service = __next_service_by_instance(state, instance, pidx);
+		if (!service)
+			break;
+		if (kref_get_unless_zero(&service->ref_count)) {
+			service = rcu_pointer_handoff(service);
+			break;
+		}
+	}
 	rcu_read_unlock();
 	return service;
 }