提交 e6aabee0 编写于 作者: J Joerg Roedel

iommu/amd: Handle integer overflow in dma_ops_area_alloc

Handle this case to make sure boundary_size does not become
0 and trigger a BUG_ON later.
Signed-off-by: NJoerg Roedel <jroedel@suse.de>
上级 d4b03664
...@@ -1699,14 +1699,16 @@ static unsigned long dma_ops_area_alloc(struct device *dev, ...@@ -1699,14 +1699,16 @@ static unsigned long dma_ops_area_alloc(struct device *dev,
unsigned long next_bit = dom->next_address % APERTURE_RANGE_SIZE; unsigned long next_bit = dom->next_address % APERTURE_RANGE_SIZE;
int max_index = dom->aperture_size >> APERTURE_RANGE_SHIFT; int max_index = dom->aperture_size >> APERTURE_RANGE_SHIFT;
int i = start >> APERTURE_RANGE_SHIFT; int i = start >> APERTURE_RANGE_SHIFT;
unsigned long boundary_size; unsigned long boundary_size, mask;
unsigned long address = -1; unsigned long address = -1;
unsigned long limit; unsigned long limit;
next_bit >>= PAGE_SHIFT; next_bit >>= PAGE_SHIFT;
boundary_size = ALIGN(dma_get_seg_boundary(dev) + 1, mask = dma_get_seg_boundary(dev);
PAGE_SIZE) >> PAGE_SHIFT;
boundary_size = mask + 1 ? ALIGN(mask + 1, PAGE_SIZE) >> PAGE_SHIFT :
1UL << (BITS_PER_LONG - PAGE_SHIFT);
for (;i < max_index; ++i) { for (;i < max_index; ++i) {
unsigned long offset = dom->aperture[i]->offset >> PAGE_SHIFT; unsigned long offset = dom->aperture[i]->offset >> PAGE_SHIFT;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册