[PATCH] drm/nouveau/mmu: fix potential overflow in PFN size calculation
Alexey Nepomnyashih
sdl at nppct.ru
Fri May 23 07:50:14 UTC 2025
On most Linux-supported platforms, `int` is 32-bit, making (1 << 47)
undefined and potentially dangerous. To ensure defined behavior and
correct 64-bit arithmetic, replace `1` with `1ULL`.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Cc: stable at vger.kernel.org # v5.1+
Fixes: a5ff307fe1f2 ("drm/nouveau/mmu: add a privileged method to directly manage PTEs")
Signed-off-by: Alexey Nepomnyashih <sdl at nppct.ru>
---
drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c b/drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c
index 9c97800fe037..29da1acbe3a8 100644
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c
@@ -1383,7 +1383,7 @@ nvkm_vmm_pfn_map(struct nvkm_vmm *vmm, u8 shift, u64 addr, u64 size, u64 *pfn)
*/
while (size) {
pfn[pi++] = NVKM_VMM_PFN_NONE;
- size -= 1 << page->shift;
+ size -= 1ULL << page->shift;
}
} else {
pi += size >> page->shift;
--
2.43.0
More information about the dri-devel
mailing list