On 08/27/2014 01:03 AM, David Vrabel wrote: > On 26/08/14 16:38, Chen Gang wrote: >> In grow_gnttab_list(), 'i' is 'unsigned int', and 'nr_glist_frames' may >> be 0 because 'nr_grant_frames' may be 0. So 'i' may never be less than >> 'nr_glist_frames' in failure processing, which cause infinite looping. > > nr_grant_frames is at least 1. See gnttab_init(). >
OK, thanks, that sounds reasonable to me, it is not a real wold bug, it is my fault. :-) >> --- a/drivers/xen/grant-table.c >> +++ b/drivers/xen/grant-table.c >> @@ -592,8 +592,8 @@ static int grow_gnttab_list(unsigned int more_frames) >> return 0; >> >> grow_nomem: >> - for ( ; i >= nr_glist_frames; i--) >> - free_page((unsigned long) gnttab_list[i]); >> + while (i > nr_glist_frames) >> + free_page((unsigned long) gnttab_list[--i]); > > while (i-- > nr_glist_frames) > ... > > Would have been better. > OK, thanks, that sounds reasonable to me. If necessary to send patch v2 (change comments and contents), please let me know, and I shall send. Thanks. -- Chen Gang Open share and attitude like air water and life which God blessed -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
