Xen project Mailing List

[PATCH v1 0/1] arm64/insn: Avoid undefined behaviour in branch offset decode

From: "Edgar E. Iglesias" <edgar.iglesias@xxxxxxx>

Date: Wed, 22 Apr 2026 18:45:05 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dXYTPr286/vW4QR7rsApjLMHIj/fupcV6bZIGJ5DvLc=; b=AwoKZKBGuDmBGxJrL0YqW85I+p1CryVLe2FRystXQ2urqjrnrzuh996Pm26zDsUFzBmk++zxMcF9vrzYZ3xG13SsAh4WmHRHoygPiaZtMOJB+XVYbqYuSLG1sf5QPfS4+Ne/2bSEooy3M2stVOG6LhSiXSqobw2LC4YcIpByJP8vHDfVCd7CrQFL5r5ACgQQ7twOFdgCgyIbqfRAxR2XQhZKxTtLDAKhiG/imUU9IZb1mU9TU8iLRYKDWHrBDYlCxLVR+Jwl1mrLcuUaVuipagDv33O/1Pf8WkodHQ8Sq6THUFJvPw4q9ZXJTMvk0mH1XndyY0P96QKt0DYNHmI90g==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=hzT4oI68ElZo1p+9Skwi86f4MbIO+sciucspNiurSe97fRT0I+Ks0WCiyX6TIA/WufWEbgudPyIs/MfE3CWglcPFPJtzaMpqlAhP+tP3uhMc6HTFOSs96fm1pmJ2KEPPCPeQEbo+HTpuHyzAz6uU50HcWT+REJMGbwT08he8YOxLOu/Y4Z4WbYuCHepWiIZqEwehQWEU6UNVIcNKdm8dJgT+rQtEtmTulsvtFICbfHFp5i7M6PS26b5FLxH97eSn9N9nDDBaZ848rGjFcuvP9Io+o9ipj7X/VQmbnf4mIbTlt3F0AhCid8VSlCF7DePQDMF3KYyvCw5NDcZY7Z6VxQ==

Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=amd.com header.i="@amd.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com;

Cc: sstabellini@xxxxxxxxxx, julien@xxxxxxx, bertrand.marquis@xxxxxxx, michal.orzel@xxxxxxx, Volodymyr_Babchuk@xxxxxxxx, edgar.iglesias@xxxxxxx

Delivery-date: Wed, 22 Apr 2026 16:45:37 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

I hit a UBSAN failure while alternatives patching decoded a branch with a negative offset. The branch offset helper sign-extends the decoded immediate by shifting it left into bit 31 and back again. Doing the left shift in the signed domain trips UBSAN on negative offsets, so switch the intermediate to uint32_t and cast back to int32_t only for the final right shift. (XEN) alternatives: Patching with alt table 00000a00005e7298 -> 00000a00005e8894 (XEN) ================================================================================ (XEN) UBSAN: Undefined behaviour in arch/arm/arm64/insn.c:232:15 (XEN) left shift of 66621055 by 6 places cannot be represented in type 'int' (XEN) Xen WARN at common/ubsan/ubsan.c:176 (XEN) ----[ Xen-4.21.0 arm64 debug=y ubsan=y Not tainted ]---- (XEN) CPU: 0 (XEN) PC: 00000a00003432e0 ubsan.c#ubsan_epilogue+0x14/0xec (XEN) LR: 00000a0000344a58 (XEN) SP: 00000a000061fbd0 (XEN) CPSR: 00000000400002c9 MODE:64-bit EL2h (Hypervisor, handler) Edgar E. Iglesias (1): arm64/insn: Avoid undefined behaviour in branch offset decode xen/arch/arm/arm64/insn.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) -- 2.43.0

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.