Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp164796pxb; Thu, 30 Sep 2021 03:31:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwa1edpI5rTA8JwMgTzeHAyhChk9xZPPnsbNJ2/j7tH9WdGTTOkldNpPNZ3KRdqbz8paiZE X-Received: by 2002:aa7:d7d5:: with SMTP id e21mr6347287eds.27.1632997908100; Thu, 30 Sep 2021 03:31:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632997908; cv=none; d=google.com; s=arc-20160816; b=iIyugtqZNQ9x9WNGofcjniaRURQp1cYFsnbSB66WPIRH86in1pfeHIRWh7eOYyPN2H 7sMtzFHzWLSh0e9OmIfS/0BIEB8210ThF3zQPq9rTvMVOOrJbJOB45egJE65mcwq/xeW HVzsL3CQdnRdEKoiRtTr3iapvjqfI21Dsq4acNWYABKys2pmkxsvAi9sJuDGZb/Q0rkX 5g4ZNa+0t8KnETiFCVVqkINPQCYI7WCRZJPsm1n15ZlkbDcwAbL3L3IP4O8WV91HonVm IH0zAMpcwvgcJic/NNE5LiQk1d0JeA7SUz3xNo9R3JfodXOIDHalkp0XIjQROKzItONV fMJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=M6sy7w+Nseo+km9zhs6Ryq7ai4W52YENoxc1GDWogd8=; b=FYTGA6J0ks8Uu98GbQ70RCnQQ5oO7fozglGmi5qWme+EdTSATLjPJ9DRFoT/YpjE7V 3cid7VYv11OxejFa1zVGy2VpgR2724zWquuGdk7xTvOB6wQVWVAUNWFOw5SyWRQqjLZR 6lVG2ZyFUFxdiEe4jFC7BNgyzgs/bN+Svw65VSZGyWQ9GPfxPa73ZSnEvbtHT6ZTZpeI YD42obUi4YPZgLqGm1pOEuRhSPUPUcJoO35Ug2q09hGGSxjB794fcPL1v1gwKtZoS8gi hDzZ/n7I18zldX93XR/LwQe+5/WQgmDxc6rulLSxXrPH+iUh4mmjvLOLtgq3wFI6aRFF ZHgg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=Y30t1Jdb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m12si3605543edd.470.2021.09.30.03.31.02; Thu, 30 Sep 2021 03:31:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=Y30t1Jdb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350011AbhI3K3d (ORCPT + 99 others); Thu, 30 Sep 2021 06:29:33 -0400 Received: from smtp-relay-canonical-1.canonical.com ([185.125.188.121]:40796 "EHLO smtp-relay-canonical-1.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1349993AbhI3K3c (ORCPT ); Thu, 30 Sep 2021 06:29:32 -0400 Received: from localhost (1.general.cking.uk.vpn [10.172.193.212]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-1.canonical.com (Postfix) with ESMTPSA id 8585F4199A; Thu, 30 Sep 2021 10:27:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1632997668; bh=M6sy7w+Nseo+km9zhs6Ryq7ai4W52YENoxc1GDWogd8=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Content-Type; b=Y30t1JdbogXU0K+bW1bTvWxv86GNTLURM7AED2LkZ/ttZYw9LhYMnHQj3JHgmXkhW sRCjx5TjEc9egXxsVx0JmzEmckMXwjVV4c+eEG+eS/7JgPxs2Tbqt4nFbAyL3XKrWC KLcKhshLfR5P6Rr9vO4/xb2SCXlFdSQX5ZE0sRc2lHXcIWIeZj1XL76wiG5J8yjFYf ymGKmhVQ9QoEUgrPb8y0+maV7PIBRnBn1CPOTkwjmQcXWvI3W/QW+Z28BZUt4A2mLs QJ5o+tqnL4tzhB0ZX4Q4Zyc7vSg3pNHmIOH06odwTc4RNwoYj7oJ9Rqx5whH1lNjTv 6u5G7YqrNz15w== From: Colin King To: David Airlie , Gerd Hoffmann , Daniel Vetter , Lingfeng Yang , Anthoine Bourgeois , dri-devel@lists.freedesktop.org, virtualization@lists.linux-foundation.org Cc: kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH][next] drm/virtio: fix another potential integer overflow on shift of a int Date: Thu, 30 Sep 2021 11:27:48 +0100 Message-Id: <20210930102748.16922-1-colin.king@canonical.com> X-Mailer: git-send-email 2.32.0 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Colin Ian King The left shift of unsigned int 32 bit integer constant 1 is evaluated using 32 bit arithmetic and then assigned to a signed 64 bit integer. In the case where value is 32 or more this can lead to an overflow (value can be in range 0..MAX_CAPSET_ID (63). Fix this by shifting the value 1ULL instead. Addresses-Coverity: ("Uninitentional integer overflow") Fixes: 4fb530e5caf7 ("drm/virtio: implement context init: support init ioctl") Signed-off-by: Colin Ian King --- drivers/gpu/drm/virtio/virtgpu_ioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/virtio/virtgpu_ioctl.c b/drivers/gpu/drm/virtio/virtgpu_ioctl.c index b3b0557d72cf..0007e423d885 100644 --- a/drivers/gpu/drm/virtio/virtgpu_ioctl.c +++ b/drivers/gpu/drm/virtio/virtgpu_ioctl.c @@ -774,7 +774,7 @@ static int virtio_gpu_context_init_ioctl(struct drm_device *dev, goto out_unlock; } - if ((vgdev->capset_id_mask & (1 << value)) == 0) { + if ((vgdev->capset_id_mask & (1ULL << value)) == 0) { ret = -EINVAL; goto out_unlock; } -- 2.32.0