From 6aea7624a01cc39c19d4237c4b108659270a61c5 Mon Sep 17 00:00:00 2001 From: Vijayenthiran Subramaniam Date: Thu, 29 Sep 2022 15:33:50 +0530 Subject: [PATCH] fix(gicv3/multichip): fix overflow caused by left shift When spi_id_max is 5119, the expression `(spi_id_max - 4096U + 1U >> 5)` evaluates to 32 leading to undefined behavior when using it to left shift 1. Fix this undefined behavior. Reported-by coverity scan: https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.org/thread/RMB4U7COL6IONZWEGF2FWXOQ6FPDIT4U/ ``` large_shift: In expression 1 << (spi_id_max - 4096U + 1U >> 5), left shifting by more than 31 bits has undefined behavior. The shift amount, spi_id_max - 4096U + 1U >> 5, is as much as 32. ``` Signed-off-by: Vijayenthiran Subramaniam Change-Id: I5e77a78b81a6d0367875e7ea432a82b6ba0e587c --- drivers/arm/gic/v3/gic600_multichip_private.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/arm/gic/v3/gic600_multichip_private.h b/drivers/arm/gic/v3/gic600_multichip_private.h index c7b15c1a6..414bd5b84 100644 --- a/drivers/arm/gic/v3/gic600_multichip_private.h +++ b/drivers/arm/gic/v3/gic600_multichip_private.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019, ARM Limited. All rights reserved. + * Copyright (c) 2019-2022, ARM Limited. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -74,7 +74,8 @@ * Multichip data assertion macros */ /* Set bits from 0 to ((spi_id_max + 1) / 32) */ -#define SPI_BLOCKS_TILL_MAX(spi_id_max) ((1 << (((spi_id_max) + 1) >> 5)) - 1) +#define SPI_BLOCKS_TILL_MAX(spi_id_max) \ + ((1ULL << (((spi_id_max) + 1) >> 5)) - 1) /* Set bits from 0 to (spi_id_min / 32) */ #define SPI_BLOCKS_TILL_MIN(spi_id_min) ((1 << ((spi_id_min) >> 5)) - 1) /* Set bits from (spi_id_min / 32) to ((spi_id_max + 1) / 32) */