swiotlb: avoid potential left shift overflow

gaochaointel · Christoph Hellwig · commit 3f0461613ebc · 2022-09-07T10:38:16.000+02:00
The second operand passed to slot_addr() is declared as int or unsigned int in all call sites. The left-shift to get the offset of a slot can overflow if swiotlb size is larger than 4G. Convert the macro to an inline function and declare the second argument as phys_addr_t to avoid the potential overflow. Fixes: 26a7e09 ("swiotlb: refactor swiotlb_tbl_map_single") Signed-off-by: Chao Gao <chao.gao@intel.com> Reviewed-by: Dongli Zhang <dongli.zhang@oracle.com> Signed-off-by: Christoph Hellwig <hch@lst.de>
diff --git a/kernel/dma/swiotlb.c b/kernel/dma/swiotlb.c
@@ -575,7 +575,10 @@ static void swiotlb_bounce(struct device *dev, phys_addr_t tlb_addr, size_t size
 	}
 }
 
-#define slot_addr(start, idx)	((start) + ((idx) << IO_TLB_SHIFT))
+static inline phys_addr_t slot_addr(phys_addr_t start, phys_addr_t idx)
+{
+	return start + (idx << IO_TLB_SHIFT);
+}
 
 /*
  * Carefully handle integer overflow which can occur when boundary_mask == ~0UL.

Original file line number	Diff line number	Diff line change
`@@ -575,7 +575,10 @@ static void swiotlb_bounce(struct device *dev, phys_addr_t tlb_addr, size_t size`
`575`	`575`	`}`
`576`	`576`	`}`
`577`	`577`
`578`		`-#define slot_addr(start, idx) ((start) + ((idx) << IO_TLB_SHIFT))`
	`578`	`+static inline phys_addr_t slot_addr(phys_addr_t start, phys_addr_t idx)`
	`579`	`+{`
	`580`	`+ return start + (idx << IO_TLB_SHIFT);`
	`581`	`+}`
`579`	`582`
`580`	`583`	`/*`
`581`	`584`	`* Carefully handle integer overflow which can occur when boundary_mask == ~0UL.`