|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen staging] arm/vgic-v2: Fix undefined behavior in vgic_fetch_itargetsr()
commit 82dc405bc1232f14867aa1dcf2b1406596dfe4ba
Author: Jahan Murudi <jahan.murudi.zg@xxxxxxxxxxx>
AuthorDate: Sun Jun 1 22:02:12 2025 +0530
Commit: Stefano Stabellini <stefano.stabellini@xxxxxxx>
CommitDate: Wed Jun 4 14:16:51 2025 -0700
arm/vgic-v2: Fix undefined behavior in vgic_fetch_itargetsr()
The current implementation performs left shift operations that may trigger
undefined behavior when the target value is too large. This patch:
1. Changes the shift from signed (1) to unsigned (1U) to ensure well-defined
behavior for all valid target values
2. Maintains identical functionality while fixing the UBSAN warning
The issue was detected by UBSAN:
(XEN) UBSAN: Undefined behaviour in arch/arm/vgic-v2.c:73:56
(XEN) left shift of 128 by 24 places cannot be represented in type 'int'
(XEN) Xen WARN at common/ubsan/ubsan.c:174
Signed-off-by: Jahan Murudi <jahan.murudi.zg@xxxxxxxxxxx>
Reviewed-by: Michal Orzel <michal.orzel@xxxxxxx>
---
xen/arch/arm/vgic-v2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xen/arch/arm/vgic-v2.c b/xen/arch/arm/vgic-v2.c
index a19d610178..642407fd5b 100644
--- a/xen/arch/arm/vgic-v2.c
+++ b/xen/arch/arm/vgic-v2.c
@@ -70,7 +70,7 @@ static uint32_t vgic_fetch_itargetsr(struct vgic_irq_rank
*rank,
offset &= ~(NR_TARGETS_PER_ITARGETSR - 1);
for ( i = 0; i < NR_TARGETS_PER_ITARGETSR; i++, offset++ )
- reg |= (1 << read_atomic(&rank->vcpu[offset])) << (i *
NR_BITS_PER_TARGET);
+ reg |= (1U << read_atomic(&rank->vcpu[offset])) << (i *
NR_BITS_PER_TARGET);
return reg;
}
--
generated by git-patchbot for /home/xen/git/xen.git#staging
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |