[PATCH 3/7] ACPI/IORT: Handle memory address size limits as limits
Robin Murphy
robin.murphy at arm.com
Mon Dec 11 07:37:55 PST 2023
On 2023-12-11 3:30 pm, Will Deacon wrote:
> On Mon, Dec 11, 2023 at 03:01:27PM +0000, Robin Murphy wrote:
>> On 2023-12-11 1:27 pm, Will Deacon wrote:
>>> On Wed, Nov 29, 2023 at 05:43:00PM +0000, Robin Murphy wrote:
>>>> Return the Root Complex/Named Component memory address size limit as an
>>>> inclusive limit value, rather than an exclusive size. This saves us
>>>> having to special-case 64-bit overflow, and simplifies our caller too.
>>>>
>>>> Signed-off-by: Robin Murphy <robin.murphy at arm.com>
>>>> ---
>>>> drivers/acpi/arm64/dma.c | 9 +++------
>>>> drivers/acpi/arm64/iort.c | 18 ++++++++----------
>>>> include/linux/acpi_iort.h | 4 ++--
>>>> 3 files changed, 13 insertions(+), 18 deletions(-)
>>>
>>> [...]
>>>
>>>> diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c
>>>> index 6496ff5a6ba2..eb64d8e17dd1 100644
>>>> --- a/drivers/acpi/arm64/iort.c
>>>> +++ b/drivers/acpi/arm64/iort.c
>>>> @@ -1367,7 +1367,7 @@ int iort_iommu_configure_id(struct device *dev, const u32 *input_id)
>>>> { return -ENODEV; }
>>>> #endif
>>>> -static int nc_dma_get_range(struct device *dev, u64 *size)
>>>> +static int nc_dma_get_range(struct device *dev, u64 *limit)
>>>> {
>>>> struct acpi_iort_node *node;
>>>> struct acpi_iort_named_component *ncomp;
>>>> @@ -1384,13 +1384,12 @@ static int nc_dma_get_range(struct device *dev, u64 *size)
>>>> return -EINVAL;
>>>> }
>>>> - *size = ncomp->memory_address_limit >= 64 ? U64_MAX :
>>>> - 1ULL<<ncomp->memory_address_limit;
>>>> + *limit = (1ULL << ncomp->memory_address_limit) - 1;
>>>
>>> The old code handled 'ncomp->memory_address_limit >= 64' -- why is it safe
>>> to drop that? You mention it in the cover letter, so clearly I'm missing
>>> something!
>>
>> Because an unsigned shift by 64 or more generates 0 (modulo 2^64), thus
>> subtracting 1 results in the correct all-bits-set value for an inclusive
>> 64-bit limit.
>
> Oh, I'd have thought you'd have gotten one of those "left shift count >=
> width of type" warnings if you did that.
Compilers might give such a warning if it was a constant shift whose
size was visible at compile time, but even then only because compilers
seem to have a vendetta against us relying on the well-defined
behaviours of unsigned integer overflow (it's only *signed* shifts which
are UB if the result is unrepresentable).
Cheers,
Robin.
More information about the linux-arm-kernel
mailing list