Wrong size calculation in __ioremap(), various platforms

From: Florian Zumbiehl (florz@gmx.de)
Date: Thu Nov 14 2002 - 11:16:50 EST

Hi all,

in arch/*/mm/ioremap.c, __ioremap() of several platforms there seems to
be a minor mistake in the calculation of the page-aligned mapping size:

void * __ioremap(unsigned long phys_addr, unsigned long size, unsigned long flags)
        void * addr;
        struct vm_struct * area;
        unsigned long offset, last_addr;

        /* Don't allow wraparound or zero size */
        last_addr = phys_addr + size - 1;
        if (!size || last_addr < phys_addr)
                return NULL;

        /* ... code which doesn't change last_addr ... */

        size = PAGE_ALIGN(last_addr) - phys_addr;

        /* ... */

For this calculation to work, PAGE_ALIGN(last_addr) would have to be
the address immediately after the last address to be mapped - if
last_addr is the first address of a page however, PAGE_ALIGN() of course
"returns" it unchanged.

So, the correct version IMO should look like this:

        size = PAGE_ALIGN(last_addr + 1) - phys_addr;

(2.5.47?/)i386 even seems to be affected twice - bt_ioremap() contains the
same piece of code.

In the hope not to have overlooked something,

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

This archive was generated by hypermail 2b29 : Fri Nov 15 2002 - 22:00:33 EST