From: Sarah Sharp Date: Thu, 14 May 2009 18:44:14 +0000 (-0700) Subject: usb; xhci: Fix TRB offset calculations. X-Git-Tag: v2.6.31-rc1~304^2~5 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=6071d8363b7b284038069f1795a98372fbc1a48e;p=profile%2Fivi%2Fkernel-adaptation-intel-automotive.git usb; xhci: Fix TRB offset calculations. Greg KH introduced a bug into xhci_trb_virt_to_dma() when he changed the type of offset to dma_addr_t from unsigned int and dropped the casts to unsigned int around the virtual address pointer subtraction. trb and seg->trbs are both valid pointers to virtual addresses, so the compiler will mod the subtraction by the size of union trb (16 bytes). segment_offset is an unsigned long, which is guaranteed to be at least as big as a void *. Drop the void * casts in the first if statement because trb and seg->trbs are both pointers of the same type (pointers to union trb). Signed-off-by: Sarah Sharp Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index d42a738..02d8198 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -74,16 +74,15 @@ dma_addr_t xhci_trb_virt_to_dma(struct xhci_segment *seg, union xhci_trb *trb) { - dma_addr_t offset; + unsigned long segment_offset; - if (!seg || !trb || (void *) trb < (void *) seg->trbs) + if (!seg || !trb || trb < seg->trbs) return 0; - /* offset in bytes, since these are byte-addressable */ - offset = trb - seg->trbs; - /* SEGMENT_SIZE in bytes, trbs are 16-byte aligned */ - if (offset > SEGMENT_SIZE || (offset % sizeof(*trb)) != 0) + /* offset in TRBs */ + segment_offset = trb - seg->trbs; + if (segment_offset > TRBS_PER_SEGMENT) return 0; - return seg->dma + offset; + return seg->dma + (segment_offset * sizeof(*trb)); } /* Does this link TRB point to the first segment in a ring,