From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753511AbbINMne (ORCPT ); Mon, 14 Sep 2015 08:43:34 -0400 Received: from mx1.redhat.com ([209.132.183.28]:45061 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751437AbbINMnd (ORCPT ); Mon, 14 Sep 2015 08:43:33 -0400 From: Vitaly Kuznetsov To: Andy Shevchenko Cc: James Bottomley , "akpm\@linux-foundation.org" , "linux\@rasmusvillemoes.dk" , "linux-kernel\@vger.kernel.org" , "kys\@microsoft.com" Subject: Re: [PATCH] lib/string_helpers.c: fix infinite loop in string_get_size() References: <1441371393-15030-1-git-send-email-vkuznets@redhat.com> <20150910160815.30d56ee48bbfdf5eed783c53@linux-foundation.org> <1441996263.6276.4.camel@Odin.com> <1442221595.8361.4.camel@linux.intel.com> Date: Mon, 14 Sep 2015 14:43:30 +0200 In-Reply-To: <1442221595.8361.4.camel@linux.intel.com> (Andy Shevchenko's message of "Mon, 14 Sep 2015 12:06:35 +0300") Message-ID: <87wpvtyxvx.fsf@vitty.brq.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Andy Shevchenko writes: > On Fri, 2015-09-11 at 18:31 +0000, James Bottomley wrote: >> On Thu, 2015-09-10 at 16:08 -0700, Andrew Morton wrote: >> > On Fri, 4 Sep 2015 14:56:33 +0200 Vitaly Kuznetsov < >> > vkuznets@redhat.com> wrote: >> > >> > > string_get_size(1, 512, 0, ..., ...) call results in an infinite >> > > loop. The >> > > problem is that if size == 0 when we start calculating sf_cap >> > > this loop >> > > will never end. >> > > >> > > The caller causing the issue is sd_read_capacity(), the problem >> > > was noticed >> > > on Hyper-V. >> > >> > When fixing bugs, please provide enough info for others to be able >> > to >> > understand which kernel version(s) need the fix. In this case: >> > what >> > end-user action triggers this bug? (iow, how does sdkp->capacity >> > become zero?) >> >> Any more details. The attached programme, which is cut straight out >> of >> the algorithm in string_helpers.c and modified for a C environment >> slightly (only in do_div and the typedefs) produces this >> >> hello >> STRING IS 512 B >> >> With your input, so I don't think the problem is where you think it >> is. >> >> James >> > > Vitaly, it might make sense to extend test-string_helpers.c to what you > are trying to do right. The issue is that string_get_size() enters an infinite loop on some inputs so if we add a test for such inputs we'll hang our kernel... -- Vitaly