On Mon, 12 Jul 2021 10:31:35 +0200
David Hildenbrand <da...@redhat.com> wrote:
> CID 1458134: Integer handling issues (BAD_SHIFT)
> In expression "1 << ctz64(container->pgsizes)", left shifting by more
> than 31 bits has undefined behavior. The shift amount,
> "ctz64(container->pgsizes)", is 64.
>
> Commit 5e3b981c330c ("vfio: Support for RamDiscardManager in the !vIOMMU
> case") added an assertion that our granularity is at least as big as the
> page size.
>
> Although unlikely, we could have a page size that does not fit into
> 32 bit. In that case, we'd try shifting by more than 31 bit.
>
> Let's use 1ULL instead and make sure we're not shifting by more than 63
> bit by asserting that any bit in container->pgsizes is set.
>
> Fixes: CID 1458134
> Cc: Alex Williamson <alex.william...@redhat.com>
> Cc: Eduardo Habkost <ehabk...@redhat.com>
> Cc: "Michael S. Tsirkin" <m...@redhat.com>
> Cc: Paolo Bonzini <pbonz...@redhat.com>
> Cc: Dr. David Alan Gilbert <dgilb...@redhat.com>
> Cc: Igor Mammedov <imamm...@redhat.com>
> Cc: Pankaj Gupta <pankaj.gupta.li...@gmail.com>
> Cc: Peter Xu <pet...@redhat.com>
> Cc: Auger Eric <eric.au...@redhat.com>
> Cc: Wei Yang <richard.weiy...@linux.alibaba.com>
> Cc: teawater <teawat...@linux.alibaba.com>
> Cc: Marek Kedzierski <mkedz...@redhat.com>
> Signed-off-by: David Hildenbrand <da...@redhat.com>
Reviewed-by: Igor Mammedov <imamm...@redhat.com>
> ---
> hw/vfio/common.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/hw/vfio/common.c b/hw/vfio/common.c
> index 3f0d111360..8728d4d5c2 100644
> --- a/hw/vfio/common.c
> +++ b/hw/vfio/common.c
> @@ -783,7 +783,8 @@ static void
> vfio_register_ram_discard_listener(VFIOContainer *container,
> section->mr);
>
> g_assert(vrdl->granularity && is_power_of_2(vrdl->granularity));
> - g_assert(vrdl->granularity >= 1 << ctz64(container->pgsizes));
> + g_assert(container->pgsizes &&
> + vrdl->granularity >= 1ULL << ctz64(container->pgsizes));
>
> ram_discard_listener_init(&vrdl->listener,
> vfio_ram_discard_notify_populate,
