From: Joerg Roedel Date: Tue, 4 Nov 2014 13:53:51 +0000 (+0100) Subject: iommu: Do more input validation in iommu_map_sg() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=38ec010d9b04ed94845f8ff6f10d33eb6bbfe180;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git iommu: Do more input validation in iommu_map_sg() The IOMMU-API works on page boundarys, unlike the DMA-API which can work with sub-page buffers. The sg->offset field does not make sense on the IOMMU level, so force it to be 0. Do some error-path consolidation while at it. Signed-off-by: Joerg Roedel --- diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c index 46727ce9280d..08c53c5a046f 100644 --- a/drivers/iommu/iommu.c +++ b/drivers/iommu/iommu.c @@ -1127,26 +1127,33 @@ EXPORT_SYMBOL_GPL(iommu_unmap); size_t default_iommu_map_sg(struct iommu_domain *domain, unsigned long iova, struct scatterlist *sg, unsigned int nents, int prot) { - int ret; + struct scatterlist *s; size_t mapped = 0; unsigned int i; - struct scatterlist *s; + int ret; for_each_sg(sg, s, nents, i) { phys_addr_t phys = page_to_phys(sg_page(s)); - size_t page_len = s->offset + s->length; - ret = iommu_map(domain, iova + mapped, phys, page_len, prot); - if (ret) { - /* undo mappings already done */ - iommu_unmap(domain, iova, mapped); - mapped = 0; - break; - } - mapped += page_len; + /* We are mapping on page boundarys, so offset must be 0 */ + if (s->offset) + goto out_err; + + ret = iommu_map(domain, iova + mapped, phys, s->length, prot); + if (ret) + goto out_err; + + mapped += s->length; } return mapped; + +out_err: + /* undo mappings already done */ + iommu_unmap(domain, iova, mapped); + + return 0; + } EXPORT_SYMBOL_GPL(default_iommu_map_sg);