nvme-pci: DMA unmap the correct regions in nvme_free_sgls

The call to nvme_free_sgls() in nvme_unmap_data() has the sg_list and sge parameters swapped. This wasn't noticed by the compiler because both share the same type. On a Xen PV hardware domain, and possibly any other architectures that takes that path, this leads to corruption of the NVMe contents. Fixes: f0887e2a52d4 ("nvme-pci: create common sgl unmapping helper") Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Signed-off-by: Keith Busch <kbusch@kernel.org>
author: Roger Pau Monne <roger.pau@citrix.com> 2026-01-27 22:59:06 +0300
committer: Keith Busch <kbusch@kernel.org> 2026-01-28 17:58:10 +0300
commit: a54afbc8a2138f8c2490510cf26cde188d480c43 (patch)
tree: 1cfd707dd61d0f616c9eb07575095035f5f80ea3
parent: 0fcee2cfc4b2e16e62ff8e0cc2cd8dd24efad65e (diff)
download: linux-a54afbc8a2138f8c2490510cf26cde188d480c43.tar.xz
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c
index 58f3097888a7..c2bee32332fe 100644
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -806,8 +806,8 @@ static void nvme_unmap_data(struct request *req)
 	if (!blk_rq_dma_unmap(req, dma_dev, &iod->dma_state, iod->total_len,
 			      map)) {
 		if (nvme_pci_cmd_use_sgl(&iod->cmd))
-			nvme_free_sgls(req, iod->descriptors[0],
-				       &iod->cmd.common.dptr.sgl, attrs);
+			nvme_free_sgls(req, &iod->cmd.common.dptr.sgl,
+			               iod->descriptors[0], attrs);
 		else
 			nvme_free_prps(req, attrs);
 	}
author	Roger Pau Monne <roger.pau@citrix.com>	2026-01-27 22:59:06 +0300
committer	Keith Busch <kbusch@kernel.org>	2026-01-28 17:58:10 +0300
commit	a54afbc8a2138f8c2490510cf26cde188d480c43 (patch)
tree	1cfd707dd61d0f616c9eb07575095035f5f80ea3
parent	0fcee2cfc4b2e16e62ff8e0cc2cd8dd24efad65e (diff)
download	linux-a54afbc8a2138f8c2490510cf26cde188d480c43.tar.xz