From: Logan Gunthorpe Date: Fri, 27 May 2016 20:38:31 +0000 (-0600) Subject: ntb_tool: Fix infinite loop bug when writing spad/peer_spad file X-Git-Tag: v4.8-rc1~18^2~16 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c792eba12cd200e67d08e20a22763ff1970a685b;p=platform%2Fkernel%2Flinux-exynos.git ntb_tool: Fix infinite loop bug when writing spad/peer_spad file If you tried to write two spads in one line, as per the example: root@peer# echo '0 0x01010101 1 0x7f7f7f7f' > $DBG_DIR/peer_spad then the CPU would freeze in an infinite loop. This wasn't immediately obvious but 'pos' was not incrementing the buffer, so after reading the second pair of values, 'pos' would once again be 3 and it would re-read the second pair of values ad infinitum. Signed-off-by: Logan Gunthorpe Acked-by: Allen Hubbe Signed-off-by: Jon Mason --- diff --git a/drivers/ntb/test/ntb_tool.c b/drivers/ntb/test/ntb_tool.c index 6f5dc6c..209ef7c 100644 --- a/drivers/ntb/test/ntb_tool.c +++ b/drivers/ntb/test/ntb_tool.c @@ -268,7 +268,7 @@ static ssize_t tool_spadfn_write(struct tool_ctx *tc, { int spad_idx; u32 spad_val; - char *buf; + char *buf, *buf_ptr; int pos, n; ssize_t rc; @@ -288,14 +288,15 @@ static ssize_t tool_spadfn_write(struct tool_ctx *tc, } buf[size] = 0; - - n = sscanf(buf, "%d %i%n", &spad_idx, &spad_val, &pos); + buf_ptr = buf; + n = sscanf(buf_ptr, "%d %i%n", &spad_idx, &spad_val, &pos); while (n == 2) { + buf_ptr += pos; rc = spad_write_fn(tc->ntb, spad_idx, spad_val); if (rc) break; - n = sscanf(buf + pos, "%d %i%n", &spad_idx, &spad_val, &pos); + n = sscanf(buf_ptr, "%d %i%n", &spad_idx, &spad_val, &pos); } if (n < 0)