Since the type of swiotlb slot index is a signed integer, the "((idx) << IO_TLB_SHIFT)" will returns incorrect value. As a result, the slot_addr() returns a value which is smaller than the expected one. E.g., the 'tlb_addr' generated in swiotlb_tbl_map_single() may return a value smaller than the expected one. As a result, the swiotlb_bounce() will access a wrong swiotlb slot. Cc: Konrad Wilk <konrad.wilk@xxxxxxxxxx> Cc: Joe Jin <joe.jin@xxxxxxxxxx> Signed-off-by: Dongli Zhang <dongli.zhang@xxxxxxxxxx> --- kernel/dma/swiotlb.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/dma/swiotlb.c b/kernel/dma/swiotlb.c index 0dcdd25ea95d..c64e557de55c 100644 --- a/kernel/dma/swiotlb.c +++ b/kernel/dma/swiotlb.c @@ -531,7 +531,8 @@ static void swiotlb_bounce(struct device *dev, phys_addr_t tlb_addr, size_t size } } -#define slot_addr(start, idx) ((start) + ((idx) << IO_TLB_SHIFT)) +#define slot_addr(start, idx) ((start) + \ + (((unsigned long)idx) << IO_TLB_SHIFT)) /* * Carefully handle integer overflow which can occur when boundary_mask == ~0UL. -- 2.17.1 _______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/virtualization
