From 846d22d54f24f336fb80d052338e0cd030d54fee Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich@suse.com>
Date: Fri, 20 Nov 2020 08:28:58 +0100
Subject: AMD/IOMMU: avoid UB in guest CR3 retrieval

Found by looking for patterns similar to the one Julien did spot in
pci_vtd_quirks(). (Not that it matters much here, considering the code
is dead right now.)

Fixes: 3a7947b69011 ("amd-iommu: use a bitfield for DTE")
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
 xen/drivers/passthrough/amd/iommu_guest.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'xen')

diff --git a/xen/drivers/passthrough/amd/iommu_guest.c b/xen/drivers/passthrough/amd/iommu_guest.c
index 30b7353cd6..2a3def9a5d 100644
--- a/xen/drivers/passthrough/amd/iommu_guest.c
+++ b/xen/drivers/passthrough/amd/iommu_guest.c
@@ -70,7 +70,8 @@ static void guest_iommu_disable(struct guest_iommu *iommu)
 
 static uint64_t get_guest_cr3_from_dte(struct amd_iommu_dte *dte)
 {
-    return ((dte->gcr3_trp_51_31 << 31) | (dte->gcr3_trp_30_15 << 15) |
+    return (((uint64_t)dte->gcr3_trp_51_31 << 31) |
+            (dte->gcr3_trp_30_15 << 15) |
             (dte->gcr3_trp_14_12 << 12)) >> PAGE_SHIFT;
 }
 
-- 
cgit v1.2.3