linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] i3c/master: Fix a potentially infinite loop in 'hci_dat_v1_get_index()'
@ 2021-11-17 22:05 Christophe JAILLET
  2021-11-19 23:16 ` Nicolas Pitre
  2021-12-10 15:39 ` Alexandre Belloni
  0 siblings, 2 replies; 3+ messages in thread
From: Christophe JAILLET @ 2021-11-17 22:05 UTC (permalink / raw)
  To: alexandre.belloni, npitre, boris.brezillon
  Cc: linux-i3c, linux-kernel, kernel-janitors, Christophe JAILLET

The code in 'hci_dat_v1_get_index()' really looks like a hand coded version
of 'for_each_set_bit()', except that a +1 is missing when searching for the
next set bit.

This really looks odd and it seems that it will loop until 'dat_w0_read()'
returns the expected result.

So use 'for_each_set_bit()' instead. It is less verbose and should be more
correct.

Fixes: 9ad9a52cce28 ("i3c/master: introduce the mipi-i3c-hci driver")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
---
Speculative fix. Untested.
---
 drivers/i3c/master/mipi-i3c-hci/dat_v1.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/i3c/master/mipi-i3c-hci/dat_v1.c b/drivers/i3c/master/mipi-i3c-hci/dat_v1.c
index 783e551a2c85..97bb49ff5b53 100644
--- a/drivers/i3c/master/mipi-i3c-hci/dat_v1.c
+++ b/drivers/i3c/master/mipi-i3c-hci/dat_v1.c
@@ -160,9 +160,7 @@ static int hci_dat_v1_get_index(struct i3c_hci *hci, u8 dev_addr)
 	unsigned int dat_idx;
 	u32 dat_w0;
 
-	for (dat_idx = find_first_bit(hci->DAT_data, hci->DAT_entries);
-	     dat_idx < hci->DAT_entries;
-	     dat_idx = find_next_bit(hci->DAT_data, hci->DAT_entries, dat_idx)) {
+	for_each_set_bit(dat_idx, hci->DAT_data, hci->DAT_entries) {
 		dat_w0 = dat_w0_read(dat_idx);
 		if (FIELD_GET(DAT_0_DYNAMIC_ADDRESS, dat_w0) == dev_addr)
 			return dat_idx;
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] i3c/master: Fix a potentially infinite loop in 'hci_dat_v1_get_index()'
  2021-11-17 22:05 [PATCH] i3c/master: Fix a potentially infinite loop in 'hci_dat_v1_get_index()' Christophe JAILLET
@ 2021-11-19 23:16 ` Nicolas Pitre
  2021-12-10 15:39 ` Alexandre Belloni
  1 sibling, 0 replies; 3+ messages in thread
From: Nicolas Pitre @ 2021-11-19 23:16 UTC (permalink / raw)
  To: Christophe JAILLET
  Cc: alexandre.belloni, boris.brezillon, linux-i3c, linux-kernel,
	kernel-janitors

On Wed, 17 Nov 2021, Christophe JAILLET wrote:

> The code in 'hci_dat_v1_get_index()' really looks like a hand coded version
> of 'for_each_set_bit()', except that a +1 is missing when searching for the
> next set bit.
> 
> This really looks odd and it seems that it will loop until 'dat_w0_read()'
> returns the expected result.
> 
> So use 'for_each_set_bit()' instead. It is less verbose and should be more
> correct.
> 
> Fixes: 9ad9a52cce28 ("i3c/master: introduce the mipi-i3c-hci driver")
> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>

Acked-by: Nicolas Pitre <npitre@baylibre.com>

> ---
> Speculative fix. Untested.
> ---
>  drivers/i3c/master/mipi-i3c-hci/dat_v1.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/drivers/i3c/master/mipi-i3c-hci/dat_v1.c b/drivers/i3c/master/mipi-i3c-hci/dat_v1.c
> index 783e551a2c85..97bb49ff5b53 100644
> --- a/drivers/i3c/master/mipi-i3c-hci/dat_v1.c
> +++ b/drivers/i3c/master/mipi-i3c-hci/dat_v1.c
> @@ -160,9 +160,7 @@ static int hci_dat_v1_get_index(struct i3c_hci *hci, u8 dev_addr)
>  	unsigned int dat_idx;
>  	u32 dat_w0;
>  
> -	for (dat_idx = find_first_bit(hci->DAT_data, hci->DAT_entries);
> -	     dat_idx < hci->DAT_entries;
> -	     dat_idx = find_next_bit(hci->DAT_data, hci->DAT_entries, dat_idx)) {
> +	for_each_set_bit(dat_idx, hci->DAT_data, hci->DAT_entries) {
>  		dat_w0 = dat_w0_read(dat_idx);
>  		if (FIELD_GET(DAT_0_DYNAMIC_ADDRESS, dat_w0) == dev_addr)
>  			return dat_idx;
> -- 
> 2.30.2
> 
> 
> -- 
> linux-i3c mailing list
> linux-i3c@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-i3c
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] i3c/master: Fix a potentially infinite loop in 'hci_dat_v1_get_index()'
  2021-11-17 22:05 [PATCH] i3c/master: Fix a potentially infinite loop in 'hci_dat_v1_get_index()' Christophe JAILLET
  2021-11-19 23:16 ` Nicolas Pitre
@ 2021-12-10 15:39 ` Alexandre Belloni
  1 sibling, 0 replies; 3+ messages in thread
From: Alexandre Belloni @ 2021-12-10 15:39 UTC (permalink / raw)
  To: boris.brezillon, Christophe JAILLET, npitre
  Cc: Alexandre Belloni, linux-i3c, linux-kernel, kernel-janitors

On Wed, 17 Nov 2021 23:05:23 +0100, Christophe JAILLET wrote:
> The code in 'hci_dat_v1_get_index()' really looks like a hand coded version
> of 'for_each_set_bit()', except that a +1 is missing when searching for the
> next set bit.
> 
> This really looks odd and it seems that it will loop until 'dat_w0_read()'
> returns the expected result.
> 
> [...]

Applied, thanks!

[1/1] i3c/master: Fix a potentially infinite loop in 'hci_dat_v1_get_index()'
      commit: 3f43926f271287fb1744c9ac9ae1122497f2b0c2

Best regards,
-- 
Alexandre Belloni <alexandre.belloni@bootlin.com>

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-12-10 15:39 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-17 22:05 [PATCH] i3c/master: Fix a potentially infinite loop in 'hci_dat_v1_get_index()' Christophe JAILLET
2021-11-19 23:16 ` Nicolas Pitre
2021-12-10 15:39 ` Alexandre Belloni

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).