On Wed, Nov 08, 2023 at 01:21:20PM +0100, Petr Tesařík wrote: > On Wed, 8 Nov 2023 12:12:49 +0100 > Petr Tesarik <petrtesarik@xxxxxxxxxxxxxxx> wrote: > > > From: Petr Tesarik <petr.tesarik1@xxxxxxxxxxxxxxxxxxx> > > > > Limit the free list length to the size of the IO TLB. Transient pool can be > > smaller than IO_TLB_SEGSIZE, but the free list is initialized with the > > assumption that the total number of slots is a multiple of IO_TLB_SEGSIZE. > > As a result, swiotlb_area_find_slots() may allocate slots past the end of > > a transient IO TLB buffer. > > Just to make it clear, this patch addresses only the memory corruption > reported by Niklas, without addressing the underlying issues. Where > corruption happened before, allocations will fail with this patch. Thanks, I've applied so that we can get it into -rc1.
