From b7ae5c33e6b0c5849de9916bd4b15561be43b690 Mon Sep 17 00:00:00 2001
From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Fri, 9 Nov 2018 13:46:27 +0000
Subject: [PATCH] x86/badpage: Fix badpage->order overflow

For order 32 or more, the shift will truncate before the addition occurs.

Spotted by Coverity.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
---
 xen/common/page_alloc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c
index 1aec13e95f..88d1637247 100644
--- a/xen/common/page_alloc.c
+++ b/xen/common/page_alloc.c
@@ -334,7 +334,7 @@ void __init init_boot_pages(paddr_t ps, paddr_t pe)
         for ( i = 0; i < array_size; i++ )
         {
             bootmem_region_zap(badpage->mfn,
-                               badpage->mfn + (1U << badpage->order));
+                               badpage->mfn + (1UL << badpage->order));
             badpage++;
         }
     }
@@ -347,7 +347,7 @@ void __init init_boot_pages(paddr_t ps, paddr_t pe)
             for ( i = 0; i < array_size; i++ )
             {
                 bootmem_region_zap(badpage->mfn,
-                                   badpage->mfn + (1U << badpage->order));
+                                   badpage->mfn + (1UL << badpage->order));
                 badpage++;
             }
         }
-- 
2.39.5