From: John David Anglin <dave.anglin@xxxxxxxx>
commit d7da660cab47183cded65e11b64497d0f56c6edf upstream.
This patch implements the same bug fix to ccio-dma.c as to sba_iommu.c.
It ensures that only the allocated entries of the sglist are accessed.
Signed-off-by: John David Anglin <dave.anglin@xxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Helge Deller <deller@xxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/parisc/ccio-dma.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/parisc/ccio-dma.c
+++ b/drivers/parisc/ccio-dma.c
@@ -1008,7 +1008,7 @@ ccio_unmap_sg(struct device *dev, struct
ioc->usg_calls++;
#endif
- while(sg_dma_len(sglist) && nents--) {
+ while (nents && sg_dma_len(sglist)) {
#ifdef CCIO_COLLECT_STATS
ioc->usg_pages += sg_dma_len(sglist) >> PAGE_SHIFT;
@@ -1016,6 +1016,7 @@ ccio_unmap_sg(struct device *dev, struct
ccio_unmap_page(dev, sg_dma_address(sglist),
sg_dma_len(sglist), direction, 0);
++sglist;
+ nents--;
}
DBG_RUN_SG("%s() DONE (nents %d)\n", __func__, nents);
