RE: [PATCHv7 9/9] ARM: dma-mapping: add support for IOMMU mapper

Krishna Reddy Thu, 29 Mar 2012 19:24:54 -0700

Hi,
I have found a bug in arm_iommu_map_sg(). 

> +int arm_iommu_map_sg(struct device *dev, struct scatterlist *sg, int nents,
> +                  enum dma_data_direction dir, struct dma_attrs *attrs) {
> +     struct scatterlist *s = sg, *dma = sg, *start = sg;
> +     int i, count = 0;
> +     unsigned int offset = s->offset;
> +     unsigned int size = s->offset + s->length;
> +     unsigned int max = dma_get_max_seg_size(dev);
> +
> +     for (i = 1; i < nents; i++) {
> +             s->dma_address = ARM_DMA_ERROR;
> +             s->dma_length = 0;
> +
> +             s = sg_next(s);


With above code, the last sg element's dma_length is not getting set to zero.
This causing additional incorrect  unmapping during arm_iommu_unmap_sg call and 
leading to random crashes.
The order of above three lines should be as follows.
                s = sg_next(s);

                s->dma_address = ARM_DMA_ERROR;
                s->dma_length = 0;


-KR
--nvpublic
_______________________________________________
iommu mailing list
[email protected]
https://lists.linuxfoundation.org/mailman/listinfo/iommu

RE: [PATCHv7 9/9] ARM: dma-mapping: add support for IOMMU mapper

Reply via email to