drm/nouveau/gsp: Fix potential integer overflow on integer shifts

The left shift int 32 bit integer constants 1 is evaluated using 32 bit
arithmetic and then assigned to a 64 bit unsigned integer. In the case
where the shift is 32 or more this can lead to an overflow. Avoid this
by shifting using the BIT_ULL macro instead.

Fixes: 6c3ac7bcfcff ("drm/nouveau/gsp: support deeper page tables in COPY_SERVER_RESERVED_PDES")
Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Signed-off-by: Danilo Krummrich <dakr@kernel.org>
Link: https://lore.kernel.org/r/20250522131512.2768310-1-colin.i.king@gmail.com

diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/vmm.c b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/vmm.c
index 52f2e5f145174282df53497be47c9047fd0d6ede..f25ea610cd99a280a8d9f046377217147941f45f 100644 (file)
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/vmm.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/vmm.c
@@ -121,7 +121,7 @@ r535_mmu_vaspace_new(struct nvkm_vmm *vmm, u32 handle, bool external)
                        page_shift -= desc->bits;
 
                        ctrl->levels[i].physAddress = pd->pt[0]->addr;
-                       ctrl->levels[i].size = (1 << desc->bits) * desc->size;
+                       ctrl->levels[i].size = BIT_ULL(desc->bits) * desc->size;
                        ctrl->levels[i].aperture = 1;
                        ctrl->levels[i].pageShift = page_shift;