linuxkpi: fix iteration in __sg_alloc_table_from_pages

Commit 3f686532c9 tried to fix an issue with not properly starting
at the first page in the sg list to prevent a panic. This worked but
with the side effect of incrementing "s" during the final iteration
causing it to be NULL since the list had ended.
In cases non-DEBUG kernels this causes a panic with drm-5.15, since
"s" is NULL when we later pass it to sg_mark_end().
This change decouples the iteration sg from the return value so that
it is never incremented past the final page in the chain.

MFC after:	3 days
Reviewed by:	manu
Differential Revision: https://reviews.freebsd.org/D41574

sys/compat/linuxkpi/common/include/linux/scatterlist.h

@@ -343,7 +343,7 @@ __sg_alloc_table_from_pages(struct sg_table *sgt,
 {
 	unsigned int i, segs, cur, len;
 	int rc;
-	struct scatterlist *s;
+	struct scatterlist *s, *sg_iter;
 
 #if defined(LINUXKPI_VERSION) && LINUXKPI_VERSION >= 51300
 	if (prv != NULL) {
@@ -377,10 +377,18 @@ __sg_alloc_table_from_pages(struct sg_table *sgt,
 #endif
 
 	cur = 0;
-	for (i = 0, s = sgt->sgl; i < sgt->orig_nents; i++) {
+	for_each_sg(sgt->sgl, sg_iter, sgt->orig_nents, i) {
 		unsigned long seg_size;
 		unsigned int j;
 
+		/*
+		 * We need to make sure that when we exit this loop "s" has the
+		 * last sg in the chain so we can call sg_mark_end() on it.
+		 * Only set this inside the loop since sg_iter will be iterated
+		 * until it is NULL.
+		 */
+		s = sg_iter;
+
 		len = 0;
 		for (j = cur + 1; j < count; ++j) {
 			len += PAGE_SIZE;
@@ -394,8 +402,6 @@ __sg_alloc_table_from_pages(struct sg_table *sgt,
 		size -= seg_size;
 		off = 0;
 		cur = j;
-
-		s = sg_next(s);
 	}
 	KASSERT(s != NULL, ("s is NULL after loop in __sg_alloc_table_from_pages()"));