nb_splits was decremented one time too much becoming negative. This
leads to the failure of the loop termination conditions which checks
only for nb_splits being zero. Move the loop termination condition
a couple of lines up before nb_splits is decremented again and potentially
becomes negative.
Signed-off-by: Alexander Egorenkov <[email protected]>
---
lib/sg_split.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/lib/sg_split.c b/lib/sg_split.c
index 3d9b32084d78..0920affd12ee 100644
--- a/lib/sg_split.c
+++ b/lib/sg_split.c
@@ -60,15 +60,16 @@ static int sg_calculate_split(struct scatterlist *in, int nents, int nb_splits,
curr->length_last_sg = len;
size -= len;
}
- skip = 0;
-
- if (!size && --nb_splits > 0) {
- curr++;
- size = *(++sizes);
- }
if (!nb_splits)
break;
+
+ skip = 0;
+
+ if (!size && --nb_splits > 0) {
+ curr++;
+ size = *(++sizes);
+ }
}
return (size || !splitters[0].in_sg0) ? -EINVAL : 0;
--
2.31.1
sg_split_phys() incorrectly resets the offset of all split SGLs but the
first one to 0. This is wrong because one of the original SGLs might have
the offset != 0.
Signed-off-by: Alexander Egorenkov <[email protected]>
---
lib/sg_split.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/lib/sg_split.c b/lib/sg_split.c
index 0920affd12ee..4e91547a898d 100644
--- a/lib/sg_split.c
+++ b/lib/sg_split.c
@@ -89,8 +89,6 @@ static void sg_split_phys(struct sg_splitter *splitters, const int nb_splits)
if (!j) {
out_sg->offset += split->skip_sg0;
out_sg->length -= split->skip_sg0;
- } else {
- out_sg->offset = 0;
}
sg_dma_address(out_sg) = 0;
if (IS_ENABLED(CONFIG_NEED_SG_DMA_LENGTH))
--
2.31.1