From c792eba12cd200e67d08e20a22763ff1970a685b Mon Sep 17 00:00:00 2001 From: Logan Gunthorpe Date: Fri, 27 May 2016 14:38:31 -0600 Subject: [PATCH] ntb_tool: Fix infinite loop bug when writing spad/peer_spad file If you tried to write two spads in one line, as per the example: root@peer# echo '0 0x01010101 1 0x7f7f7f7f' > $DBG_DIR/peer_spad then the CPU would freeze in an infinite loop. This wasn't immediately obvious but 'pos' was not incrementing the buffer, so after reading the second pair of values, 'pos' would once again be 3 and it would re-read the second pair of values ad infinitum. Signed-off-by: Logan Gunthorpe Acked-by: Allen Hubbe Signed-off-by: Jon Mason --- drivers/ntb/test/ntb_tool.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/ntb/test/ntb_tool.c b/drivers/ntb/test/ntb_tool.c index 6f5dc6ca673d..209ef7ceb98a 100644 --- a/drivers/ntb/test/ntb_tool.c +++ b/drivers/ntb/test/ntb_tool.c @@ -268,7 +268,7 @@ static ssize_t tool_spadfn_write(struct tool_ctx *tc, { int spad_idx; u32 spad_val; - char *buf; + char *buf, *buf_ptr; int pos, n; ssize_t rc; @@ -288,14 +288,15 @@ static ssize_t tool_spadfn_write(struct tool_ctx *tc, } buf[size] = 0; - - n = sscanf(buf, "%d %i%n", &spad_idx, &spad_val, &pos); + buf_ptr = buf; + n = sscanf(buf_ptr, "%d %i%n", &spad_idx, &spad_val, &pos); while (n == 2) { + buf_ptr += pos; rc = spad_write_fn(tc->ntb, spad_idx, spad_val); if (rc) break; - n = sscanf(buf + pos, "%d %i%n", &spad_idx, &spad_val, &pos); + n = sscanf(buf_ptr, "%d %i%n", &spad_idx, &spad_val, &pos); } if (n < 0)