From 6071d8363b7b284038069f1795a98372fbc1a48e Mon Sep 17 00:00:00 2001 From: Sarah Sharp Date: Thu, 14 May 2009 11:44:14 -0700 Subject: usb; xhci: Fix TRB offset calculations. Greg KH introduced a bug into xhci_trb_virt_to_dma() when he changed the type of offset to dma_addr_t from unsigned int and dropped the casts to unsigned int around the virtual address pointer subtraction. trb and seg->trbs are both valid pointers to virtual addresses, so the compiler will mod the subtraction by the size of union trb (16 bytes). segment_offset is an unsigned long, which is guaranteed to be at least as big as a void *. Drop the void * casts in the first if statement because trb and seg->trbs are both pointers of the same type (pointers to union trb). Signed-off-by: Sarah Sharp Signed-off-by: Greg Kroah-Hartman --- drivers/usb/host/xhci-ring.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'drivers') diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index d42a738cdaa..02d81985c45 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -74,16 +74,15 @@ dma_addr_t xhci_trb_virt_to_dma(struct xhci_segment *seg, union xhci_trb *trb) { - dma_addr_t offset; + unsigned long segment_offset; - if (!seg || !trb || (void *) trb < (void *) seg->trbs) + if (!seg || !trb || trb < seg->trbs) return 0; - /* offset in bytes, since these are byte-addressable */ - offset = trb - seg->trbs; - /* SEGMENT_SIZE in bytes, trbs are 16-byte aligned */ - if (offset > SEGMENT_SIZE || (offset % sizeof(*trb)) != 0) + /* offset in TRBs */ + segment_offset = trb - seg->trbs; + if (segment_offset > TRBS_PER_SEGMENT) return 0; - return seg->dma + offset; + return seg->dma + (segment_offset * sizeof(*trb)); } /* Does this link TRB point to the first segment in a ring, -- cgit v1.2.3