From 46ed1dbd8e692ee53a544022dd70151f21a4e725 Mon Sep 17 00:00:00 2001
From: John Levon <john.levon@nutanix.com>
Date: Tue, 17 Aug 2021 17:08:05 +0100
Subject: fix dma_{map,unmap}_sg() array handling (#586)

Multiple places in dma_map_sg() and dma_unmap_sg() were dereferencing sg[0]
instead of the correct index.

Take the opportunity to improve the doc comments at the same time.

Reported-by: Changpeng Liu <changpeng.liu@intel.com>
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Swapnil Ingle <swapnil.ingle@nutanix.com>
---
 lib/dma.h | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'lib')

diff --git a/lib/dma.h b/lib/dma.h
index 29809d3..895e14f 100644
--- a/lib/dma.h
+++ b/lib/dma.h
@@ -245,15 +245,15 @@ dma_map_sg(dma_controller_t *dma, dma_sg_t *sg, struct iovec *iov,
             return ERROR_INT(EFAULT);
         }
 
-        if (sg->writeable) {
+        if (sg[i].writeable) {
             if (dma->dirty_pgsize > 0) {
-                _dma_mark_dirty(dma, region, sg);
+                _dma_mark_dirty(dma, region, &sg[i]);
             }
             LIST_INSERT_HEAD(&dma->maps, &sg[i], entry);
         }
         vfu_log(dma->vfu_ctx, LOG_DEBUG, "map %p-%p",
-                sg->dma_addr + sg->offset,
-                sg->dma_addr + sg->offset + sg->length);
+                sg[i].dma_addr + sg[i].offset,
+                sg[i].dma_addr + sg[i].offset + sg[i].length);
         iov[i].iov_base = region->info.vaddr + sg[i].offset;
         iov[i].iov_len = sg[i].length;
         region->refcnt++;
@@ -282,8 +282,8 @@ dma_unmap_sg(dma_controller_t *dma, const dma_sg_t *sg,
             /* bad region */
             continue;
         }
-        if (sg->writeable) {
-            LIST_REMOVE(sg, entry);
+        if (sg[i].writeable) {
+            LIST_REMOVE(&sg[i], entry);
         }
         vfu_log(dma->vfu_ctx, LOG_DEBUG, "unmap %p-%p",
                 sg[i].dma_addr + sg[i].offset,
-- 
cgit v1.1