Xen project Mailing List

RE: [PATCH v2] arm/vgic-v2: Fix undefined behavior in vgic_fetch_itargetsr()

To: "Orzel, Michal" <michal.orzel@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>

From: Jahan Murudi <jahan.murudi.zg@xxxxxxxxxxx>

Date: Wed, 4 Jun 2025 11:19:55 +0000

Accept-language: en-IN, kn-IN, en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=renesas.com; dmarc=pass action=none header.from=renesas.com; dkim=pass header.d=renesas.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KNrgudgmzOX5uFrNQV2dwcE6ST9TJL2pYV4m02zJjrQ=; b=a/SuS4LkPLJsiisagZHSK4yPobzezsNVu2mjSWcgU47yYzVAqkoOOWZXG+ZJN9Xwj9grma7nH0wD+8rKHBsdc6LSOg4dWoHV5jg9CafTk5d2OfpjkxwfIpjWYtIjgFeY9ZbR1+QmOKRUU0mVwra1R2xnCbwQspE32Q+XrY2Ya+ThWuwUVvtWK8SA798yw6o1nR8WnOh/IOLloQKqCdFSyp9/D3reP9QTLARo7HVeF24735alZyQbJ6KfuoERtljeUlQqLisyLTTEDXdedrEmxMHJv1ZnN4vTqXQ5Xppbnd68grFurcYgH4gkD++VyCroaGX8FLjhGm/EhAfqMFa1CA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=l8EnLnXOKzlsHWTcdWwNA5oOO7w8KZ+R3/8J1Fa3j3+h9DkKSfm6/tlTaXZh+pXtBthiRkO3ufxg29nXPQjFudYngyM5XMofidqP9GsZeURnyIYMA1dtlV4mPQcnDB82+/s1U0OiYTEiDx2YkkinExuYqhNJmrRdboTdsC0pYCBjFsdgf99nk3tj/BeOwj82YyAT0uj02rr8nVQLFa7LYjdd91TkXgv4rFCoa0zBHb8LwOvJzFIV2bQHgqoq4canDs2DS7jR+qNG6DRDzR99TzrckGwrvr0+rugTQgq6Lr5w43YxAd/OmH9lbP21S23keZ0PmKlmmBxFlJ9j/+zVsg==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=renesas.com;

Cc: Bertrand Marquis <bertrand.marquis@xxxxxxx>, Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Wed, 04 Jun 2025 11:20:19 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHb0xLawsf35GKOO0Slf/uLdloOKrPvcB4AgANsdTA=

Thread-topic: [PATCH v2] arm/vgic-v2: Fix undefined behavior in vgic_fetch_itargetsr()

Hi Stefano/Julien, This v2 patch was reviewed-by Michal Orzel on 2nd June. Could it be merged? Link : https://patchwork.kernel.org/project/xen-devel/patch/20250601163212.2988162-1-jahan.murudi.zg@xxxxxxxxxxx/ Thanks, Jahan Murudi -----Original Message----- From: Orzel, Michal <michal.orzel@xxxxxxx> Sent: 02 June 2025 12:24 To: Jahan Murudi <jahan.murudi.zg@xxxxxxxxxxx>; xen-devel@xxxxxxxxxxxxxxxxxxxx Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>; Julien Grall <julien@xxxxxxx>; Bertrand Marquis <bertrand.marquis@xxxxxxx>; Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx> Subject: Re: [PATCH v2] arm/vgic-v2: Fix undefined behavior in vgic_fetch_itargetsr() On 01/06/2025 18:32, Jahan Murudi wrote: > The current implementation performs left shift operations that may > trigger undefined behavior when the target value is too large. This patch: > > 1. Changes the shift from signed (1) to unsigned (1U) to ensure > well-defined NIT for the future: Use imperative mood > behavior for all valid target values 2. Maintains identical > functionality while fixing the UBSAN warning > > The issue was detected by UBSAN: > (XEN) UBSAN: Undefined behaviour in arch/arm/vgic-v2.c:73:56 > (XEN) left shift of 128 by 24 places cannot be represented in type 'int' > (XEN) Xen WARN at common/ubsan/ubsan.c:174 > > Signed-off-by: Jahan Murudi <jahan.murudi.zg@xxxxxxxxxxx> Reviewed-by: Michal Orzel <michal.orzel@xxxxxxx> ~Michal > > --- > Changed since v1: > * Added space after subject line > --- > xen/arch/arm/vgic-v2.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/xen/arch/arm/vgic-v2.c b/xen/arch/arm/vgic-v2.c index > a19d610178..642407fd5b 100644 > --- a/xen/arch/arm/vgic-v2.c > +++ b/xen/arch/arm/vgic-v2.c > @@ -70,7 +70,7 @@ static uint32_t vgic_fetch_itargetsr(struct vgic_irq_rank > *rank, > offset &= ~(NR_TARGETS_PER_ITARGETSR - 1); > > for ( i = 0; i < NR_TARGETS_PER_ITARGETSR; i++, offset++ ) > - reg |= (1 << read_atomic(&rank->vcpu[offset])) << (i * > NR_BITS_PER_TARGET); > + reg |= (1U << read_atomic(&rank->vcpu[offset])) << (i * > + NR_BITS_PER_TARGET); > > return reg; > }

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.