On Thu, Sep 01, 2016 at 07:45:51PM +0100, Robin Murphy wrote:
> On 01/09/16 19:32, Will Deacon wrote:
> > On Tue, Aug 23, 2016 at 08:05:20PM +0100, Robin Murphy wrote:
> >> - while (--i >= 0)
> >> - __arm_smmu_free_bitmap(smmu->smr_map, smrs[i].idx);
> >> - kfree(smrs);
> >> + while (i--) {
> >> + arm_smmu_free_smr(smmu, cfg->smendx[i]);
> >> + cfg->smendx[i] = INVALID_SMENDX;
> >> + }
> >
> > Hmm, don't you have an off-by-one here? At least, looking at the final
> > code, we branch to out_err from within the for_each_cfg_sme loop, but
> > before we've incremented smmu->s2crs[idx].count, so the arm_smmu_free_smr
> > will erroneously decrement that.
>
> Given that s2crs only doesn't exist until patch 10, and s2crs->count
> doesn't exist until patch 14, I'd have to say pick one of:
>
> a) no
>
> b) ¯\_(ツ)_/¯
You forgot:
c) I completely misread the code
So it's all fine!
Will
_______________________________________________
iommu mailing list
[email protected]
https://lists.linuxfoundation.org/mailman/listinfo/iommu
