The PRP setup code advances prp_pool using u64 pointer
arithmetic:
prp_pool += page_size;
This increments the pointer by page_size * sizeof(u64)
bytes instead of page_size bytes, resulting in invalid
PRP list addresses when multiple PRP list pages are
required.
The issue becomes visible for large transfers, typically
above 2 MiB when MDTS > 9.
Fix it by using byte-wise pointer arithmetic when
advancing to the next PRP list page.
Signed-off-by: Prashant Kamble <[email protected]>
---
drivers/nvme/nvme.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/nvme/nvme.c b/drivers/nvme/nvme.c
index 2b14437f69c..3ce98de1a5c 100644
--- a/drivers/nvme/nvme.c
+++ b/drivers/nvme/nvme.c
@@ -94,7 +94,7 @@ static int nvme_setup_prps(struct nvme_dev *dev, u64 *prp2,
*(prp_pool + i) = cpu_to_le64((ulong)prp_pool +
page_size);
i = 0;
- prp_pool += page_size;
+ prp_pool = (u64 *)((uintptr_t)prp_pool + page_size);
}
*(prp_pool + i++) = cpu_to_le64(dma_addr);
dma_addr += page_size;
--
2.43.0
