[PATCHv7 9/9] ARM: dma-mapping: add support for IOMMU mapper
Marek Szyprowski
m.szyprowski at samsung.com
Fri Mar 30 02:30:06 EDT 2012
Hello,
On Friday, March 30, 2012 4:24 AM Krishna Reddy wrote:
> Hi,
> I have found a bug in arm_iommu_map_sg().
>
> > +int arm_iommu_map_sg(struct device *dev, struct scatterlist *sg, int nents,
> > + enum dma_data_direction dir, struct dma_attrs *attrs) {
> > + struct scatterlist *s = sg, *dma = sg, *start = sg;
> > + int i, count = 0;
> > + unsigned int offset = s->offset;
> > + unsigned int size = s->offset + s->length;
> > + unsigned int max = dma_get_max_seg_size(dev);
> > +
> > + for (i = 1; i < nents; i++) {
> > + s->dma_address = ARM_DMA_ERROR;
> > + s->dma_length = 0;
> > +
> > + s = sg_next(s);
>
> With above code, the last sg element's dma_length is not getting set to zero.
> This causing additional incorrect unmapping during arm_iommu_unmap_sg call and
> leading to random crashes.
> The order of above three lines should be as follows.
> s = sg_next(s);
>
> s->dma_address = ARM_DMA_ERROR;
> s->dma_length = 0;
>
You are right, the order of those lines must be reversed. In all my test codes the
scatter list was initially cleared, so I missed this typical off-by-one error.
Thanks for spotting it!
Best regards
--
Marek Szyprowski
Samsung Poland R&D Center
More information about the linux-arm-kernel
mailing list