From: Cédric Le Goater <clg@redhat.com>
Date: Tue, 7 Jan 2025 13:06:04 +0000 (+0100)
Subject: vfio/igd: Fix potential overflow in igd_gtt_memory_size()
X-Git-Tag: v10.0.0-rc0~56^2~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6e7998ceb9008e82501c7cf069e5552c7e352c6c;p=thirdparty%2Fqemu.git

vfio/igd: Fix potential overflow in igd_gtt_memory_size()

The risk is mainly theoretical since the applied bit mask will keep
the 'ggms' shift value below 3. Nevertheless, let's use a 64 bit
integer type and resolve the coverity issue.

Resolves: Coverity CID 1585908
Fixes: 1e1eac5f3dcd ("vfio/igd: canonicalize memory size calculations")
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Link: https://lore.kernel.org/r/20250107130604.669697-1-clg@redhat.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---

diff --git a/hw/vfio/igd.c b/hw/vfio/igd.c
index 0740a5dd8cc..b5303ea565d 100644
--- a/hw/vfio/igd.c
+++ b/hw/vfio/igd.c
@@ -133,7 +133,7 @@ static uint64_t igd_gtt_memory_size(int gen, uint16_t gmch)
     } else {
         ggms = (gmch >> IGD_GMCH_GEN8_GGMS_SHIFT) & IGD_GMCH_GEN8_GGMS_MASK;
         if (ggms != 0) {
-            ggms = 1 << ggms;
+            ggms = 1ULL << ggms;
         }
     }