On Thu, Aug 20, 2020 at 05:49:41PM +0200, Christoph Hellwig wrote: > On Thu, Aug 20, 2020 at 01:36:17AM -0700, Nicolin Chen wrote: > > Took a quick look -- the boundary_size is seemingly passed from > > https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tree/arch/powerpc/kernel/iommu.c#n240 > > > > boundary_size = ALIGN(dma_get_seg_boundary(dev) + 1, > > 1 << tbl->it_page_shift); > > > > Looks like an overflow happens due to (ULONG_MAX + 1). Should > > we fix here instead (or also)? > > Yes, please. I'll drop the patch again for now, but once we've > got this sorted out I'll readd it. I'll send a series of changes, as I found these... 1 145 arch/alpha/kernel/pci_iommu.c <<iommu_arena_find_pages>> boundary_size = dma_get_seg_boundary(dev) + 1; 2 488 arch/ia64/hp/common/sba_iommu.c <<sba_search_bitmap>> boundary_size = (unsigned long long )dma_get_seg_boundary(dev) + 1; 3 266 arch/s390/pci/pci_dma.c <<__dma_alloc_iommu>> boundary_size = ALIGN(dma_get_seg_boundary(dev) + 1, 4 170 arch/sparc/kernel/iommu-common.c <<iommu_tbl_range_alloc>> boundary_size = ALIGN(dma_get_seg_boundary(dev) + 1, 5 475 arch/sparc/kernel/iommu.c <<dma_4u_map_sg>> seg_boundary_size = ALIGN(dma_get_seg_boundary(dev) + 1, 6 511 arch/sparc/kernel/pci_sun4v.c <<dma_4v_map_sg>> seg_boundary_size = ALIGN(dma_get_seg_boundary(dev) + 1, 7 97 arch/x86/kernel/amd_gart_64.c <<alloc_iommu>> base_index = ALIGN(iommu_bus_base & dma_get_seg_boundary(dev), 8 99 arch/x86/kernel/amd_gart_64.c <<alloc_iommu>> boundary_size = ALIGN((u64)dma_get_seg_boundary(dev) + 1, 9 359 drivers/parisc/ccio-dma.c <<ccio_alloc_range>> boundary_size = ALIGN((unsigned long long )dma_get_seg_boundary(dev) + 1, 10 110 drivers/parisc/iommu-helpers.h <<iommu_coalesce_chunks>> unsigned int max_seg_boundary = dma_get_seg_boundary(dev) + 1; 11 345 drivers/parisc/sba_iommu.c <<sba_search_bitmap>> boundary_size = ALIGN((unsigned long long )dma_get_seg_boundary(dev) + 1,
