Re: [PATCH] ntb_tool: Fix infinite loop bug when writing spad/peer_spad file

From: Jon Mason
Date: Sat Jun 04 2016 - 11:19:24 EST


On Sat, May 28, 2016 at 9:09 AM, Allen Hubbe <allenbh@xxxxxxxxx> wrote:
> On Fri, May 27, 2016 at 4:38 PM, Logan Gunthorpe <logang@xxxxxxxxxxxx> wrote:
>> If you tried to write two spads in one line, as per the example:
>>
>> root@peer# echo '0 0x01010101 1 0x7f7f7f7f' > $DBG_DIR/peer_spad
>>
>> then the CPU would freeze in an infinite loop.
>>
>> This wasn't immediately obvious but 'pos' was not incrementing the
>> buffer, so after reading the second pair of values, 'pos' would once
>> again be 3 and it would re-read the second pair of values ad infinitum.
>>
>> Signed-off-by: Logan Gunthorpe <logang@xxxxxxxxxxxx>
>
> Good catch. Thanks Logan.
>
> Acked-by: Allen Hubbe <Allen.Hubbe@xxxxxxx>

Applied to the ntb branch

Thanks,
Jon

>> ---
>> drivers/ntb/test/ntb_tool.c | 9 +++++----
>> 1 file changed, 5 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/ntb/test/ntb_tool.c b/drivers/ntb/test/ntb_tool.c
>> index 6f5dc6c..209ef7c 100644
>> --- a/drivers/ntb/test/ntb_tool.c
>> +++ b/drivers/ntb/test/ntb_tool.c
>> @@ -268,7 +268,7 @@ static ssize_t tool_spadfn_write(struct tool_ctx *tc,
>> {
>> int spad_idx;
>> u32 spad_val;
>> - char *buf;
>> + char *buf, *buf_ptr;
>> int pos, n;
>> ssize_t rc;
>>
>> @@ -288,14 +288,15 @@ static ssize_t tool_spadfn_write(struct tool_ctx *tc,
>> }
>>
>> buf[size] = 0;
>> -
>> - n = sscanf(buf, "%d %i%n", &spad_idx, &spad_val, &pos);
>> + buf_ptr = buf;
>> + n = sscanf(buf_ptr, "%d %i%n", &spad_idx, &spad_val, &pos);
>> while (n == 2) {
>> + buf_ptr += pos;
>> rc = spad_write_fn(tc->ntb, spad_idx, spad_val);
>> if (rc)
>> break;
>>
>> - n = sscanf(buf + pos, "%d %i%n", &spad_idx, &spad_val, &pos);
>> + n = sscanf(buf_ptr, "%d %i%n", &spad_idx, &spad_val, &pos);
>> }
>>
>> if (n < 0)
>> --
>> 2.1.4