[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen stable-4.18] xen/arm: Fix UBSAN failure in start_xen()

commit 498b3624d0ecc1267773e6482fd0b732e90c4511
Author:     Michal Orzel <michal.orzel@xxxxxxx>
AuthorDate: Thu Feb 8 11:43:39 2024 +0100
Commit:     Stefano Stabellini <stefano.stabellini@xxxxxxx>
CommitDate: Wed Feb 28 14:43:26 2024 -0800

    xen/arm: Fix UBSAN failure in start_xen()
    
    When running Xen on arm32, in scenario where Xen is loaded at an address
    such as boot_phys_offset >= 2GB, UBSAN reports the following:
    
    (XEN) UBSAN: Undefined behaviour in arch/arm/setup.c:739:58
    (XEN) pointer operation underflowed 00200000 to 86800000
    (XEN) Xen WARN at common/ubsan/ubsan.c:172
    (XEN) ----[ Xen-4.19-unstable  arm32  debug=y ubsan=y  Not tainted ]----
    ...
    (XEN) Xen call trace:
    (XEN)    [<0031b4c0>] ubsan.c#ubsan_epilogue+0x18/0xf0 (PC)
    (XEN)    [<0031d134>] __ubsan_handle_pointer_overflow+0xb8/0xd4 (LR)
    (XEN)    [<0031d134>] __ubsan_handle_pointer_overflow+0xb8/0xd4
    (XEN)    [<004d15a8>] start_xen+0xe0/0xbe0
    (XEN)    [<0020007c>] head.o#primary_switched+0x4/0x30
    
    The failure is reported for the following line:
    (paddr_t)(uintptr_t)(_start + boot_phys_offset)
    
    This occurs because the compiler treats (ptr + size) with size bigger than
    PTRDIFF_MAX as undefined behavior. To address this, switch to macro
    virt_to_maddr(), given the future plans to eliminate boot_phys_offset.
    
    Signed-off-by: Michal Orzel <michal.orzel@xxxxxxx>
    Reviewed-by: Luca Fancellu <luca.fancellu@xxxxxxx>
    Tested-by: Luca Fancellu <luca.fancellu@xxxxxxx>
    Acked-by: Julien Grall <jgrall@xxxxxxxxxx>
    (cherry picked from commit e11f5766503c0ff074b4e0f888bbfc931518a169)
---
 xen/arch/arm/setup.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c
index db748839d3..2ccdde5277 100644
--- a/xen/arch/arm/setup.c
+++ b/xen/arch/arm/setup.c
@@ -1109,7 +1109,7 @@ void __init start_xen(unsigned long boot_phys_offset,
 
     /* Register Xen's load address as a boot module. */
     xen_bootmodule = add_boot_module(BOOTMOD_XEN,
-                             (paddr_t)(uintptr_t)(_start + boot_phys_offset),
+                             virt_to_maddr(_start),
                              (paddr_t)(uintptr_t)(_end - _start), false);
     BUG_ON(!xen_bootmodule);
 
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.18

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.