drm/virtio: fix potential integer overflow on shift of a int

The left shift of unsigned int 32 bit integer constant 1 is evaluated
using 32 bit arithmetic and then assigned to a signed 64 bit integer.
In the case where i is 32 or more this can lead to an overflow. Fix
this by shifting the value 1ULL instead.

Addresses-Coverity: ("Uninitentional integer overflow")
Fixes: 8d6b006e1f51 ("drm/virtio: implement context init: handle VIRTGPU_CONTEXT_PARAM_POLL_RINGS_MASK")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20210930101941.16546-1-colin.king@canonical.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

diff --git a/drivers/gpu/drm/virtio/virtgpu_ioctl.c b/drivers/gpu/drm/virtio/virtgpu_ioctl.c
index 5618a1d..b3b0557 100644 (file)
--- a/drivers/gpu/drm/virtio/virtgpu_ioctl.c
+++ b/drivers/gpu/drm/virtio/virtgpu_ioctl.c
@@ -819,7 +819,7 @@ static int virtio_gpu_context_init_ioctl(struct drm_device *dev,
        if (vfpriv->ring_idx_mask) {
                valid_ring_mask = 0;
                for (i = 0; i < vfpriv->num_rings; i++)
-                       valid_ring_mask |= 1 << i;
+                       valid_ring_mask |= 1ULL << i;
 
                if (~valid_ring_mask & vfpriv->ring_idx_mask) {
                        ret = -EINVAL;