On Sun, Aug 09, 2020 at 10:34:06PM +0200, Christophe JAILLET wrote:
> When '*sgt' is allocated, we must allocated 'sizeof(**sgt)' bytes instead
> of 'sizeof(*sg)'. 'sg' (i.e. struct scatterlist) is smaller than
> 'sgt' (i.e struct sg_table), so this could lead to memory corruption.
The sizeof(*sg) is bigger than sizeof(**sgt) so this wastes memory but
it won't lead to corruption.
11 struct scatterlist {
12 unsigned long page_link;
13 unsigned int offset;
14 unsigned int length;
15 dma_addr_t dma_address;
16 #ifdef CONFIG_NEED_SG_DMA_LENGTH
17 unsigned int dma_length;
18 #endif
19 };
42 struct sg_table {
43 struct scatterlist *sgl; /* the list */
44 unsigned int nents; /* number of mapped entries */
45 unsigned int orig_nents; /* original size of list */
46 };
regards,
dan carpenter
