[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen staging] x86/irq: Fix undefined behaviour in irq_move_cleanup_interrupt()
commit 0bf4a2560dd24a7a1285727a900b52adcb4594fb Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> AuthorDate: Thu Jun 6 15:26:17 2019 +0100 Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> CommitDate: Thu Jun 6 20:04:32 2019 +0100 x86/irq: Fix undefined behaviour in irq_move_cleanup_interrupt() UBSAN reports: (XEN) ================================================================================ (XEN) UBSAN: Undefined behaviour in irq.c:682:22 (XEN) left shift of 1 by 31 places cannot be represented in type 'int' (XEN) ----[ Xen-4.13-unstable x86_64 debug=y Not tainted ]---- (XEN) CPU: 16 (XEN) RIP: e008:[<ffff82d0802a54ce>] ubsan.c#ubsan_epilogue+0xa/0xc2 <snip> (XEN) Xen call trace: (XEN) [<ffff82d0802a54ce>] ubsan.c#ubsan_epilogue+0xa/0xc2 (XEN) [<ffff82d0802a6009>] __ubsan_handle_shift_out_of_bounds+0x15d/0x16c (XEN) [<ffff82d08031ae77>] irq_move_cleanup_interrupt+0x25c/0x4a0 (XEN) [<ffff82d08031b585>] do_IRQ+0x19d/0x104c (XEN) [<ffff82d08050c8ba>] common_interrupt+0x10a/0x120 (XEN) [<ffff82d0803b13a6>] cpu_idle.c#acpi_idle_do_entry+0x1de/0x24b (XEN) [<ffff82d0803b1d83>] cpu_idle.c#acpi_processor_idle+0x5c8/0x94e (XEN) [<ffff82d0802fa8d6>] domain.c#idle_loop+0xee/0x101 (XEN) (XEN) ================================================================================ Switch to an unsigned shift, and correct the surrounding style. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> Acked-by: Jan Beulich <jbeulich@xxxxxxxx> --- xen/arch/x86/irq.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index 4042caaa00..ccee68ff69 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -679,7 +679,8 @@ void irq_move_cleanup_interrupt(struct cpu_user_regs *regs) * next attempt by sending another IRQ_MOVE_CLEANUP_VECTOR * to myself. */ - if (irr & (1 << (vector % 32))) { + if ( irr & (1u << (vector % 32)) ) + { send_IPI_self(IRQ_MOVE_CLEANUP_VECTOR); TRACE_3D(TRC_HW_IRQ_MOVE_CLEANUP_DELAY, irq, vector, smp_processor_id()); -- generated by git-patchbot for /home/xen/git/xen.git#staging _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |