|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH v1 1/1] arm64/insn: Avoid undefined behaviour in branch offset decode
On Wed, 22 Apr 2026, Edgar E. Iglesias wrote:
> Branch offset decoding sign-extends the immediate by shifting it left into
> bit 31 and back. Perform the left shift in uint32_t and cast to int32_t
> only for the final right shift to avoid UBSAN failures on negative offsets.
>
> Fixes: 6dbf3f0e3074 ("xen/arm: arm64: Add helpers to decode and encode branch
> instructions")
> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxx>
Reviewed-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>
> ---
> xen/arch/arm/arm64/insn.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/xen/arch/arm/arm64/insn.c b/xen/arch/arm/arm64/insn.c
> index 81f7914610..6b97a84ba7 100644
> --- a/xen/arch/arm/arm64/insn.c
> +++ b/xen/arch/arm/arm64/insn.c
> @@ -225,22 +225,22 @@ u32 __kprobes aarch64_insn_gen_nop(void)
> */
> int32_t aarch64_get_branch_offset(uint32_t insn)
> {
> - int32_t imm;
> + uint32_t imm;
>
> if (aarch64_insn_is_b(insn) || aarch64_insn_is_bl(insn)) {
> imm = aarch64_insn_decode_immediate(AARCH64_INSN_IMM_26, insn);
> - return (imm << 6) >> 4;
> + return (int32_t)(imm << 6) >> 4;
> }
>
> if (aarch64_insn_is_cbz(insn) || aarch64_insn_is_cbnz(insn) ||
> aarch64_insn_is_bcond(insn)) {
> imm = aarch64_insn_decode_immediate(AARCH64_INSN_IMM_19, insn);
> - return (imm << 13) >> 11;
> + return (int32_t)(imm << 13) >> 11;
> }
>
> if (aarch64_insn_is_tbz(insn) || aarch64_insn_is_tbnz(insn)) {
> imm = aarch64_insn_decode_immediate(AARCH64_INSN_IMM_14, insn);
> - return (imm << 18) >> 16;
> + return (int32_t)(imm << 18) >> 16;
> }
>
> /* Unhandled instruction */
> --
> 2.43.0
>
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |