* [PATCH 1/1] Char: ipmi_bt_sm, fix infinite loop
@ 2014-02-25 10:14 Jiri Slaby
2014-02-25 21:50 ` Corey Minyard
0 siblings, 1 reply; 6+ messages in thread
From: Jiri Slaby @ 2014-02-25 10:14 UTC (permalink / raw)
To: minyard; +Cc: jirislaby, linux-kernel, Jiri Slaby, Tomas Cech,
openipmi-developer
In read_all_bytes, we do
unsigned char i;
...
bt->read_data[0] = BMC2HOST;
bt->read_count = bt->read_data[0];
...
for (i = 1; i <= bt->read_count; i++)
bt->read_data[i] = BMC2HOST;
If bt->read_data[0] == bt->read_count == 255, we loop infinitely in
the 'for' loop. Make 'i' an 'int' instead of 'char' to get rid of the
overflow and finish the loop after 255 iterations every time.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Reported-and-debugged-by: Rui Hui Dian <rhdian@novell.com>
Cc: Tomas Cech <tcech@suse.cz>
Cc: Corey Minyard <minyard@acm.org>
Cc: <openipmi-developer@lists.sourceforge.net>
---
drivers/char/ipmi/ipmi_bt_sm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/char/ipmi/ipmi_bt_sm.c b/drivers/char/ipmi/ipmi_bt_sm.c
index f5e4cd7617f6..61e71616689b 100644
--- a/drivers/char/ipmi/ipmi_bt_sm.c
+++ b/drivers/char/ipmi/ipmi_bt_sm.c
@@ -352,7 +352,7 @@ static inline void write_all_bytes(struct si_sm_data *bt)
static inline int read_all_bytes(struct si_sm_data *bt)
{
- unsigned char i;
+ unsigned int i;
/*
* length is "framing info", minimum = 4: NetFn, Seq, Cmd, cCode.
--
1.9.0
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [PATCH 1/1] Char: ipmi_bt_sm, fix infinite loop
2014-02-25 10:14 [PATCH 1/1] Char: ipmi_bt_sm, fix infinite loop Jiri Slaby
@ 2014-02-25 21:50 ` Corey Minyard
2014-03-24 12:24 ` Jiri Slaby
0 siblings, 1 reply; 6+ messages in thread
From: Corey Minyard @ 2014-02-25 21:50 UTC (permalink / raw)
To: Jiri Slaby
Cc: jirislaby, linux-kernel, Tomas Cech, openipmi-developer,
Rocky Craig
Looks right to me. Rocky, copying you in case there's an issue with this.
Thanks,
-corey
On 02/25/2014 04:14 AM, Jiri Slaby wrote:
> In read_all_bytes, we do
> unsigned char i;
> ...
> bt->read_data[0] = BMC2HOST;
> bt->read_count = bt->read_data[0];
> ...
> for (i = 1; i <= bt->read_count; i++)
> bt->read_data[i] = BMC2HOST;
>
> If bt->read_data[0] == bt->read_count == 255, we loop infinitely in
> the 'for' loop. Make 'i' an 'int' instead of 'char' to get rid of the
> overflow and finish the loop after 255 iterations every time.
>
> Signed-off-by: Jiri Slaby <jslaby@suse.cz>
> Reported-and-debugged-by: Rui Hui Dian <rhdian@novell.com>
> Cc: Tomas Cech <tcech@suse.cz>
> Cc: Corey Minyard <minyard@acm.org>
> Cc: <openipmi-developer@lists.sourceforge.net>
> ---
> drivers/char/ipmi/ipmi_bt_sm.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/char/ipmi/ipmi_bt_sm.c b/drivers/char/ipmi/ipmi_bt_sm.c
> index f5e4cd7617f6..61e71616689b 100644
> --- a/drivers/char/ipmi/ipmi_bt_sm.c
> +++ b/drivers/char/ipmi/ipmi_bt_sm.c
> @@ -352,7 +352,7 @@ static inline void write_all_bytes(struct si_sm_data *bt)
>
> static inline int read_all_bytes(struct si_sm_data *bt)
> {
> - unsigned char i;
> + unsigned int i;
>
> /*
> * length is "framing info", minimum = 4: NetFn, Seq, Cmd, cCode.
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [PATCH 1/1] Char: ipmi_bt_sm, fix infinite loop
2014-02-25 21:50 ` Corey Minyard
@ 2014-03-24 12:24 ` Jiri Slaby
2014-03-24 18:59 ` Corey Minyard
0 siblings, 1 reply; 6+ messages in thread
From: Jiri Slaby @ 2014-03-24 12:24 UTC (permalink / raw)
To: minyard
Cc: jirislaby, linux-kernel, Tomas Cech, openipmi-developer,
Rocky Craig
On 02/25/2014 10:50 PM, Corey Minyard wrote:
> Looks right to me. Rocky, copying you in case there's an issue with this.
Hi,
any updates here, I don't see it in the -next tree yet?
Thanks.
> On 02/25/2014 04:14 AM, Jiri Slaby wrote:
>> In read_all_bytes, we do
>> unsigned char i;
>> ...
>> bt->read_data[0] = BMC2HOST;
>> bt->read_count = bt->read_data[0];
>> ...
>> for (i = 1; i <= bt->read_count; i++)
>> bt->read_data[i] = BMC2HOST;
>>
>> If bt->read_data[0] == bt->read_count == 255, we loop infinitely in
>> the 'for' loop. Make 'i' an 'int' instead of 'char' to get rid of the
>> overflow and finish the loop after 255 iterations every time.
>>
>> Signed-off-by: Jiri Slaby <jslaby@suse.cz>
>> Reported-and-debugged-by: Rui Hui Dian <rhdian@novell.com>
>> Cc: Tomas Cech <tcech@suse.cz>
>> Cc: Corey Minyard <minyard@acm.org>
>> Cc: <openipmi-developer@lists.sourceforge.net>
>> ---
>> drivers/char/ipmi/ipmi_bt_sm.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/char/ipmi/ipmi_bt_sm.c b/drivers/char/ipmi/ipmi_bt_sm.c
>> index f5e4cd7617f6..61e71616689b 100644
>> --- a/drivers/char/ipmi/ipmi_bt_sm.c
>> +++ b/drivers/char/ipmi/ipmi_bt_sm.c
>> @@ -352,7 +352,7 @@ static inline void write_all_bytes(struct si_sm_data *bt)
>>
>> static inline int read_all_bytes(struct si_sm_data *bt)
>> {
>> - unsigned char i;
>> + unsigned int i;
>>
>> /*
>> * length is "framing info", minimum = 4: NetFn, Seq, Cmd, cCode.
>
--
js
suse labs
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [PATCH 1/1] Char: ipmi_bt_sm, fix infinite loop
2014-03-24 12:24 ` Jiri Slaby
@ 2014-03-24 18:59 ` Corey Minyard
2014-04-17 13:21 ` Torsten Duwe
0 siblings, 1 reply; 6+ messages in thread
From: Corey Minyard @ 2014-03-24 18:59 UTC (permalink / raw)
To: Jiri Slaby
Cc: jirislaby, linux-kernel, Tomas Cech, openipmi-developer,
Rocky Craig
On 03/24/2014 07:24 AM, Jiri Slaby wrote:
> On 02/25/2014 10:50 PM, Corey Minyard wrote:
>> Looks right to me. Rocky, copying you in case there's an issue with this.
> Hi,
>
> any updates here, I don't see it in the -next tree yet?
>
> Thanks.
I normally don't submit to the -next tree because there is little to
integrate with in the IPMI driver. Maybe it would be a good idea to
start, though. If you want to, I can.
Thanks,
-corey
>> On 02/25/2014 04:14 AM, Jiri Slaby wrote:
>>> In read_all_bytes, we do
>>> unsigned char i;
>>> ...
>>> bt->read_data[0] = BMC2HOST;
>>> bt->read_count = bt->read_data[0];
>>> ...
>>> for (i = 1; i <= bt->read_count; i++)
>>> bt->read_data[i] = BMC2HOST;
>>>
>>> If bt->read_data[0] == bt->read_count == 255, we loop infinitely in
>>> the 'for' loop. Make 'i' an 'int' instead of 'char' to get rid of the
>>> overflow and finish the loop after 255 iterations every time.
>>>
>>> Signed-off-by: Jiri Slaby <jslaby@suse.cz>
>>> Reported-and-debugged-by: Rui Hui Dian <rhdian@novell.com>
>>> Cc: Tomas Cech <tcech@suse.cz>
>>> Cc: Corey Minyard <minyard@acm.org>
>>> Cc: <openipmi-developer@lists.sourceforge.net>
>>> ---
>>> drivers/char/ipmi/ipmi_bt_sm.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/char/ipmi/ipmi_bt_sm.c b/drivers/char/ipmi/ipmi_bt_sm.c
>>> index f5e4cd7617f6..61e71616689b 100644
>>> --- a/drivers/char/ipmi/ipmi_bt_sm.c
>>> +++ b/drivers/char/ipmi/ipmi_bt_sm.c
>>> @@ -352,7 +352,7 @@ static inline void write_all_bytes(struct si_sm_data *bt)
>>>
>>> static inline int read_all_bytes(struct si_sm_data *bt)
>>> {
>>> - unsigned char i;
>>> + unsigned int i;
>>>
>>> /*
>>> * length is "framing info", minimum = 4: NetFn, Seq, Cmd, cCode.
>
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [PATCH 1/1] Char: ipmi_bt_sm, fix infinite loop
2014-03-24 18:59 ` Corey Minyard
@ 2014-04-17 13:21 ` Torsten Duwe
2014-04-17 13:33 ` Corey Minyard
0 siblings, 1 reply; 6+ messages in thread
From: Torsten Duwe @ 2014-04-17 13:21 UTC (permalink / raw)
To: Corey Minyard
Cc: Jiri Slaby, jirislaby, linux-kernel, Tomas Cech,
openipmi-developer, Rocky Craig
On Mon, Mar 24, 2014 at 01:59:55PM -0500, Corey Minyard wrote:
> On 03/24/2014 07:24 AM, Jiri Slaby wrote:
> > On 02/25/2014 10:50 PM, Corey Minyard wrote:
> >> Looks right to me. Rocky, copying you in case there's an issue with this.
> > Hi,
> >
> > any updates here, I don't see it in the -next tree yet?
> >
> > Thanks.
>
> I normally don't submit to the -next tree because there is little to
> integrate with in the IPMI driver. Maybe it would be a good idea to
> start, though. If you want to, I can.
Yes, please! :)
And you may want to send bugfixes towards -stable.
Thanks,
Torsten
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/1] Char: ipmi_bt_sm, fix infinite loop
2014-04-17 13:21 ` Torsten Duwe
@ 2014-04-17 13:33 ` Corey Minyard
0 siblings, 0 replies; 6+ messages in thread
From: Corey Minyard @ 2014-04-17 13:33 UTC (permalink / raw)
To: Torsten Duwe
Cc: Jiri Slaby, jirislaby, linux-kernel, Tomas Cech,
openipmi-developer, Rocky Craig
On 04/17/2014 08:21 AM, Torsten Duwe wrote:
> On Mon, Mar 24, 2014 at 01:59:55PM -0500, Corey Minyard wrote:
>> On 03/24/2014 07:24 AM, Jiri Slaby wrote:
>>> On 02/25/2014 10:50 PM, Corey Minyard wrote:
>>>> Looks right to me. Rocky, copying you in case there's an issue with this.
>>> Hi,
>>>
>>> any updates here, I don't see it in the -next tree yet?
>>>
>>> Thanks.
>> I normally don't submit to the -next tree because there is little to
>> integrate with in the IPMI driver. Maybe it would be a good idea to
>> start, though. If you want to, I can.
> Yes, please! :)
> And you may want to send bugfixes towards -stable.
I will definitely do that.
Thanks,
-corey
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-04-17 13:33 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-02-25 10:14 [PATCH 1/1] Char: ipmi_bt_sm, fix infinite loop Jiri Slaby
2014-02-25 21:50 ` Corey Minyard
2014-03-24 12:24 ` Jiri Slaby
2014-03-24 18:59 ` Corey Minyard
2014-04-17 13:21 ` Torsten Duwe
2014-04-17 13:33 ` Corey Minyard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).