When calculating the DMA mask from the address limit provided by the firmware, we add one to the ilog2() of the end address, and pass the result to DMA_BIT_MASK(). For an end address that is not a power-of-2 minus 1, this will result in the mask to be wider than the limit, and cover memory that is not addressable by the device. Instead, we should add 1 to 'end' before taking the log, so that a limit of, say, 0x3fffffff gets translated to a mask of 30, but any value below it gets translated to 29. Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> --- drivers/acpi/arm64/iort.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c index 7d04424189df..aab2f51eff14 100644 --- a/drivers/acpi/arm64/iort.c +++ b/drivers/acpi/arm64/iort.c @@ -1162,7 +1162,7 @@ void iort_dma_setup(struct device *dev, u64 *dma_addr, u64 *dma_size) * firmware. */ end = dmaaddr + size - 1; - mask = DMA_BIT_MASK(ilog2(end) + 1); + mask = DMA_BIT_MASK(ilog2(end + 1)); dev->bus_dma_limit = end; dev->coherent_dma_mask = mask; *dev->dma_mask = mask; -- 2.17.1
