mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 12:54:27 +00:00
linuxkpi: Fix __sg_alloc_table_from_pages loop
Commit3e0856b63f
updated __sg_alloc_table_from_pages to use the same API as linux, but modified the loop condition when going over the pages in a sg list. Part of the change included moving the sg_next call out of the for loop and into the body, which causes an off by one error when traversing the list. Since sg_next is called before the loop body it will skip the first element and read one past the last element. This caused panics when running PRIME with nvidia-drm as the off-by-one issue causes a NULL dereference. Reviewed by: bz, hselasky Differential Revision: https://reviews.freebsd.org/D39628 Fixes:3e0856b63f
("linuxkpi: Fix `sg_alloc_table_from_pages()` to have the same API as Linux")
This commit is contained in:
parent
9abba78acc
commit
3f686532c9
|
@ -383,8 +383,6 @@ __sg_alloc_table_from_pages(struct sg_table *sgt,
|
|||
unsigned long seg_size;
|
||||
unsigned int j;
|
||||
|
||||
s = sg_next(s);
|
||||
|
||||
len = 0;
|
||||
for (j = cur + 1; j < count; ++j) {
|
||||
len += PAGE_SIZE;
|
||||
|
@ -398,6 +396,8 @@ __sg_alloc_table_from_pages(struct sg_table *sgt,
|
|||
size -= seg_size;
|
||||
off = 0;
|
||||
cur = j;
|
||||
|
||||
s = sg_next(s);
|
||||
}
|
||||
KASSERT(s != NULL, ("s is NULL after loop in __sg_alloc_table_from_pages()"));
|
||||
|
||||
|
|
Loading…
Reference in a new issue