[ofa-general] [PATCH] IB/ipoib - partial error clean up unmaps wrong address
Ralph Campbell
ralph.campbell at qlogic.com
Fri Jun 29 11:37:56 PDT 2007
If a page can't be allocated for the frag list of a skb,
the code to unmap the partially allocated list is off by one.
Say 'frags' equals one, i == 0, and the alloc_page() fails,
then the old loop would have unmapped mapping[1] which is
uninitialized. The same would happen if the ib_dma_map_page()
failed.
Signed-off-by: Ralph Campbell <ralph.campbell at qlogic.com>
diff -r f4233821c831 drivers/infiniband/ulp/ipoib/ipoib_cm.c
--- a/drivers/infiniband/ulp/ipoib/ipoib_cm.c Thu Jun 28 13:16:47 2007 -0700
+++ b/drivers/infiniband/ulp/ipoib/ipoib_cm.c Fri Jun 29 11:10:22 2007 -0700
@@ -155,8 +155,8 @@ partial_error:
ib_dma_unmap_single(priv->ca, mapping[0], IPOIB_CM_HEAD_SIZE, DMA_FROM_DEVICE);
- for (; i >= 0; --i)
- ib_dma_unmap_single(priv->ca, mapping[i + 1], PAGE_SIZE, DMA_FROM_DEVICE);
+ for (; i > 0; --i)
+ ib_dma_unmap_single(priv->ca, mapping[i], PAGE_SIZE, DMA_FROM_DEVICE);
dev_kfree_skb_any(skb);
return NULL;
More information about the general
mailing list