[PATCH] vfio/igd: Fix potential overflow in igd_gtt_memory_size()

Cédric Le Goater posted 1 patch 2 months, 3 weeks ago
hw/vfio/igd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] vfio/igd: Fix potential overflow in igd_gtt_memory_size()
Posted by Cédric Le Goater 2 months, 3 weeks ago
The risk is mainly theoretical since the applied bit mask will keep
the 'ggms' shift value below 3. Nevertheless, let's use a 64 bit
integer type and resolve the coverity issue.

Resolves: Coverity CID 1585908
Fixes: 1e1eac5f3dcd ("vfio/igd: canonicalize memory size calculations")
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 hw/vfio/igd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/vfio/igd.c b/hw/vfio/igd.c
index 0740a5dd8cc9346a92c4613194faa8dea42e1d98..b5303ea565d6a344d0a43273f288bbb4a7f48327 100644
--- a/hw/vfio/igd.c
+++ b/hw/vfio/igd.c
@@ -133,7 +133,7 @@ static uint64_t igd_gtt_memory_size(int gen, uint16_t gmch)
     } else {
         ggms = (gmch >> IGD_GMCH_GEN8_GGMS_SHIFT) & IGD_GMCH_GEN8_GGMS_MASK;
         if (ggms != 0) {
-            ggms = 1 << ggms;
+            ggms = 1ULL << ggms;
         }
     }
 
-- 
2.47.1


Re: [PATCH] vfio/igd: Fix potential overflow in igd_gtt_memory_size()
Posted by Cédric Le Goater 2 months, 2 weeks ago
On 1/7/25 14:06, Cédric Le Goater wrote:
> The risk is mainly theoretical since the applied bit mask will keep
> the 'ggms' shift value below 3. Nevertheless, let's use a 64 bit
> integer type and resolve the coverity issue.
> 
> Resolves: Coverity CID 1585908
> Fixes: 1e1eac5f3dcd ("vfio/igd: canonicalize memory size calculations")
> Signed-off-by: Cédric Le Goater <clg@redhat.com>


Applied to vfio-next.

Thanks,

C.


> ---
>   hw/vfio/igd.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/vfio/igd.c b/hw/vfio/igd.c
> index 0740a5dd8cc9346a92c4613194faa8dea42e1d98..b5303ea565d6a344d0a43273f288bbb4a7f48327 100644
> --- a/hw/vfio/igd.c
> +++ b/hw/vfio/igd.c
> @@ -133,7 +133,7 @@ static uint64_t igd_gtt_memory_size(int gen, uint16_t gmch)
>       } else {
>           ggms = (gmch >> IGD_GMCH_GEN8_GGMS_SHIFT) & IGD_GMCH_GEN8_GGMS_MASK;
>           if (ggms != 0) {
> -            ggms = 1 << ggms;
> +            ggms = 1ULL << ggms;
>           }
>       }
>   


Re: [PATCH] vfio/igd: Fix potential overflow in igd_gtt_memory_size()
Posted by Alex Williamson 2 months, 2 weeks ago
On Tue,  7 Jan 2025 14:06:04 +0100
Cédric Le Goater <clg@redhat.com> wrote:

> The risk is mainly theoretical since the applied bit mask will keep
> the 'ggms' shift value below 3. Nevertheless, let's use a 64 bit
> integer type and resolve the coverity issue.
> 
> Resolves: Coverity CID 1585908
> Fixes: 1e1eac5f3dcd ("vfio/igd: canonicalize memory size calculations")
> Signed-off-by: Cédric Le Goater <clg@redhat.com>
> ---
>  hw/vfio/igd.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/vfio/igd.c b/hw/vfio/igd.c
> index 0740a5dd8cc9346a92c4613194faa8dea42e1d98..b5303ea565d6a344d0a43273f288bbb4a7f48327 100644
> --- a/hw/vfio/igd.c
> +++ b/hw/vfio/igd.c
> @@ -133,7 +133,7 @@ static uint64_t igd_gtt_memory_size(int gen, uint16_t gmch)
>      } else {
>          ggms = (gmch >> IGD_GMCH_GEN8_GGMS_SHIFT) & IGD_GMCH_GEN8_GGMS_MASK;
>          if (ggms != 0) {
> -            ggms = 1 << ggms;
> +            ggms = 1ULL << ggms;
>          }
>      }
>  

Reviewed-by: Alex Williamson <alex.williamson@redhat.com>