From: David Vrabel <david.vrabel@citrix.com>
To: Chen Gang <gang.chen.5i5j@gmail.com>
Cc: <konrad.wilk@oracle.com>, <boris.ostrovsky@oracle.com>,
<xen-devel@lists.xenproject.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] drivers/xen/grant-table.c: Be sure of unsigned value never comparing with 0
Date: Wed, 27 Aug 2014 11:06:29 +0100 [thread overview]
Message-ID: <53FDADA5.6070802@citrix.com> (raw)
In-Reply-To: <53FCE338.1050304@gmail.com>
On 26/08/14 20:42, Chen Gang wrote:
> On 08/27/2014 01:03 AM, David Vrabel wrote:
>> On 26/08/14 16:38, Chen Gang wrote:
>>> In grow_gnttab_list(), 'i' is 'unsigned int', and 'nr_glist_frames' may
>>> be 0 because 'nr_grant_frames' may be 0. So 'i' may never be less than
>>> 'nr_glist_frames' in failure processing, which cause infinite looping.
>>
>> nr_grant_frames is at least 1. See gnttab_init().
>>
>
> OK, thanks, that sounds reasonable to me, it is not a real wold bug, it
> is my fault. :-)
>
>>> --- a/drivers/xen/grant-table.c
>>> +++ b/drivers/xen/grant-table.c
>>> @@ -592,8 +592,8 @@ static int grow_gnttab_list(unsigned int more_frames)
>>> return 0;
>>>
>>> grow_nomem:
>>> - for ( ; i >= nr_glist_frames; i--)
>>> - free_page((unsigned long) gnttab_list[i]);
>>> + while (i > nr_glist_frames)
>>> + free_page((unsigned long) gnttab_list[--i]);
>>
>> while (i-- > nr_glist_frames)
>> ...
>>
>> Would have been better.
>>
>
> OK, thanks, that sounds reasonable to me.
>
> If necessary to send patch v2 (change comments and contents), please
> let me know, and I shall send.
Applied to devel/for-linus-3.18 with this description:
xen/grant-table: refactor error cleanup in grow_gnttab_list()
The cleanup loop in grow_gnttab_list() is safe from the underflow of
the unsigned 'i' since nr_glist_frames is >= 1, but refactor it
anyway.
Thanks.
David
next prev parent reply other threads:[~2014-08-27 10:06 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-26 15:38 [PATCH] drivers/xen/grant-table.c: Be sure of unsigned value never comparing with 0 Chen Gang
2014-08-26 17:03 ` David Vrabel
2014-08-26 17:03 ` David Vrabel
2014-08-26 19:42 ` Chen Gang
2014-08-27 10:06 ` David Vrabel
2014-08-27 10:06 ` David Vrabel [this message]
2014-08-27 10:27 ` Chen Gang
2014-08-27 10:27 ` Chen Gang
2014-08-26 19:42 ` Chen Gang
-- strict thread matches above, loose matches on Subject: below --
2014-08-26 15:38 Chen Gang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53FDADA5.6070802@citrix.com \
--to=david.vrabel@citrix.com \
--cc=boris.ostrovsky@oracle.com \
--cc=gang.chen.5i5j@gmail.com \
--cc=konrad.wilk@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.