ntb_tool: Fix infinite loop bug when writing spad/peer_spad file

If you tried to write two spads in one line, as per the example:

root@peer# echo '0 0x01010101 1 0x7f7f7f7f' > $DBG_DIR/peer_spad

then the CPU would freeze in an infinite loop.

This wasn't immediately obvious but 'pos' was not incrementing the
buffer, so after reading the second pair of values, 'pos' would once
again be 3 and it would re-read the second pair of values ad infinitum.

Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Acked-by: Allen Hubbe <Allen.Hubbe@emc.com>
Signed-off-by: Jon Mason <jdmason@kudzu.us>

diff --git a/drivers/ntb/test/ntb_tool.c b/drivers/ntb/test/ntb_tool.c
index 6f5dc6ca673d37a1ed226b7cddbc22bd6cc51da0..209ef7ceb98a8fe7752c7a9581eb31237ed36f9b 100644 (file)
--- a/drivers/ntb/test/ntb_tool.c
+++ b/drivers/ntb/test/ntb_tool.c
@@ -268,7 +268,7 @@ static ssize_t tool_spadfn_write(struct tool_ctx *tc,
 {
        int spad_idx;
        u32 spad_val;
-       char *buf;
+       char *buf, *buf_ptr;
        int pos, n;
        ssize_t rc;
 
@@ -288,14 +288,15 @@ static ssize_t tool_spadfn_write(struct tool_ctx *tc,
        }
 
        buf[size] = 0;
-
-       n = sscanf(buf, "%d %i%n", &spad_idx, &spad_val, &pos);
+       buf_ptr = buf;
+       n = sscanf(buf_ptr, "%d %i%n", &spad_idx, &spad_val, &pos);
        while (n == 2) {
+               buf_ptr += pos;
                rc = spad_write_fn(tc->ntb, spad_idx, spad_val);
                if (rc)
                        break;
 
-               n = sscanf(buf + pos, "%d %i%n", &spad_idx, &spad_val, &pos);
+               n = sscanf(buf_ptr, "%d %i%n", &spad_idx, &spad_val, &pos);
        }
 
        if (n < 0)