Commit e3c659fee0 for qemu.org

commit e3c659fee0bc2eee89115e4c8975a57d97998ef5
Author: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date:   Fri Jan 16 01:03:15 2026 -0500

    vfio/migration: Fix page size calculation

    Coverity detected an issue of left shifting int by more than 31 bits leading
    to undefined behavior.

    In practice bcontainer->dirty_pgsizes always have some common page sizes
    when dirty tracking is supported.

    Resolves: Coverity CID 1644186
    Resolves: Coverity CID 1644187
    Resolves: Coverity CID 1644188
    Fixes: 46c763311419 ("vfio/migration: Add migration blocker if VM memory is too large to cause unmap_bitmap failure").
    Suggested-by: Cédric Le Goater <clg@redhat.com>
    Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
    Reviewed-by: Cédric Le Goater <clg@redhat.com>
    Link: https://lore.kernel.org/qemu-devel/20260116060315.65723-1-zhenzhong.duan@intel.com
    Signed-off-by: Cédric Le Goater <clg@redhat.com>

diff --git a/hw/vfio/migration.c b/hw/vfio/migration.c
index f857dc25ed..b4695030c7 100644
--- a/hw/vfio/migration.c
+++ b/hw/vfio/migration.c
@@ -1173,7 +1173,7 @@ static bool vfio_dirty_tracking_exceed_limit(VFIODevice *vbasedev)
      * can also switch to use IOMMUFD backend if there is a need to migrate
      * large VM.
      */
-    page_size = 1 << ctz64(bcontainer->dirty_pgsizes);
+    page_size = 1ULL << ctz64(bcontainer->dirty_pgsizes);
     max_size = bcontainer->max_dirty_bitmap_size * BITS_PER_BYTE * page_size;

     return current_machine->ram_size > max_size;