Re: [RFC] DMA mapping error check analysis

[Clemens Ladisch]

Stefan Richter wrote:
> On Sep 10 Shuah Khan wrote:
>>>> http://linuxdriverproject.org/mediawiki/index.php/DMA_Mapping_Error_Analysis
>>>
>>>> File Name                  # of calls  Status 	
>>>> drivers/firewire/core-iso.c   1        Unmap Broken
>>>> drivers/firewire/ohci.c       1        Unmap Broken
>>>
>>> In ohci.c, ar_context_release() takes care of cleanup.
>>>
>>> In core-iso.c, on failure, the callers are responsible to call
>>> fw_iso_buffer_destroy() eventually.  (ioctl_create_iso_context()
>>> doesn't do this correctly if it's called multiple times.)
>>
>> Thanks. I updated the page with your comments. I moved ohci.c to Good
>> status and left core-iso.c in Unmap Broken in case
>> ioctl_create_iso_context() case is worth fixing.
>
> I don't see what could go wrong if ioctl_create_iso_context() is called
> multiple times.

fw_iso_buffer_map_dma() maps as many pages as it can, and saves in
->page_count_mapped how many pages need unmapping.

When fw_iso_buffer_map_dma() fails, ioctl_create_iso_context() does _not_
call fw_iso_buffer_destroy() but takes care to not change the cdev's
state in any other way.  So ioctl_create_iso_context() can be called
again and will then call fw_iso_buffer_map_dma(), which will happily
map the pages a second time, overwriting the previous mapped addresses.


Regards,
Clemens
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/