Hi,
I have found a bug in arm_iommu_map_sg().
> +int arm_iommu_map_sg(struct device *dev, struct scatterlist *sg, int nents,
> + enum dma_data_direction dir, struct dma_attrs *attrs) {
> + struct scatterlist *s = sg, *dma = sg, *start = sg;
> + int i, count = 0;
> + unsigned int offset = s->offset;
> + unsigned int size = s->offset + s->length;
> + unsigned int max = dma_get_max_seg_size(dev);
> +
> + for (i = 1; i < nents; i++) {
> + s->dma_address = ARM_DMA_ERROR;
> + s->dma_length = 0;
> +
> + s = sg_next(s);
With above code, the last sg element's dma_length is not getting set to zero.
This causing additional incorrect unmapping during arm_iommu_unmap_sg call and
leading to random crashes.
The order of above three lines should be as follows.
s = sg_next(s);
s->dma_address = ARM_DMA_ERROR;
s->dma_length = 0;
-KR
--nvpublic
--
To unsubscribe from this list: send the line "unsubscribe linux-samsung-soc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
