On Mon, Dec 11, 2023 at 03:30:24PM +0000, Will Deacon wrote: > On Mon, Dec 11, 2023 at 03:01:27PM +0000, Robin Murphy wrote: > > On 2023-12-11 1:27 pm, Will Deacon wrote: > > > On Wed, Nov 29, 2023 at 05:43:00PM +0000, Robin Murphy wrote: > > > > Return the Root Complex/Named Component memory address size limit as an > > > > inclusive limit value, rather than an exclusive size. This saves us > > > > having to special-case 64-bit overflow, and simplifies our caller too. > > > > > > > > Signed-off-by: Robin Murphy <robin.murphy@xxxxxxx> > > > > --- > > > > drivers/acpi/arm64/dma.c | 9 +++------ > > > > drivers/acpi/arm64/iort.c | 18 ++++++++---------- > > > > include/linux/acpi_iort.h | 4 ++-- > > > > 3 files changed, 13 insertions(+), 18 deletions(-) > > > > > > [...] > > > > > > > diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c > > > > index 6496ff5a6ba2..eb64d8e17dd1 100644 > > > > --- a/drivers/acpi/arm64/iort.c > > > > +++ b/drivers/acpi/arm64/iort.c > > > > @@ -1367,7 +1367,7 @@ int iort_iommu_configure_id(struct device *dev, const u32 *input_id) > > > > { return -ENODEV; } > > > > #endif > > > > -static int nc_dma_get_range(struct device *dev, u64 *size) > > > > +static int nc_dma_get_range(struct device *dev, u64 *limit) > > > > { > > > > struct acpi_iort_node *node; > > > > struct acpi_iort_named_component *ncomp; > > > > @@ -1384,13 +1384,12 @@ static int nc_dma_get_range(struct device *dev, u64 *size) > > > > return -EINVAL; > > > > } > > > > - *size = ncomp->memory_address_limit >= 64 ? U64_MAX : > > > > - 1ULL<<ncomp->memory_address_limit; > > > > + *limit = (1ULL << ncomp->memory_address_limit) - 1; > > > > > > The old code handled 'ncomp->memory_address_limit >= 64' -- why is it safe > > > to drop that? You mention it in the cover letter, so clearly I'm missing > > > something! > > > > Because an unsigned shift by 64 or more generates 0 (modulo 2^64), thus > > subtracting 1 results in the correct all-bits-set value for an inclusive > > 64-bit limit. > > Oh, I'd have thought you'd have gotten one of those "left shift count >= > width of type" warnings if you did that. I think you'll get a UBSAN splat, but here the compiler doesn't know what 'ncomp->memory_address_limit' will be and so doesn't produce a compile-time warning. Regardless, it's undefined behaviour. Mark.