From nobody Mon Feb 9 06:08:57 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1698871119; cv=none; d=zohomail.com; s=zohoarc; b=hmvSTOq8myjqcpZf1E+YjqZ2JlZ/djLSBZXXyRmJoUlJ4eT9SukkRt6i1qUkDRUKT1XyRD5ADN5CASGeztbHjAUxFaDJklvB/fQvdBqy9HzFBXmqCKtr/ZYfIHqIeZk702e9m+bDQEbb5Ma2zkGBdAskh80I+8wdKOz1Ibwz1kM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1698871119; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Ma8AVOZ3NpW00lRF9REjtOvB9myIAuPLVwVX4oWYdwU=; b=UGglRUg6AVyl1XDuAHIby5Wy1DJ7/WVlq7dwd8+ijt3CZWLci4bjL3jfHxRAteMP22xiEA/nDMyMskaGgNv1EpWlzXD4Ey+fkfwGr0fvlIvtz4OoCB5SgRnbej3IM1iSsqYyFACPhX+mMYl3DyobFR+5vHzWBu50uQCuXi0IIRk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1698871118996617.3675462281765; Wed, 1 Nov 2023 13:38:38 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.626638.977062 (Exim 4.92) (envelope-from ) id 1qyHyL-0006BU-9Y; Wed, 01 Nov 2023 20:37:53 +0000 Received: by outflank-mailman (output) from mailman id 626638.977062; Wed, 01 Nov 2023 20:37:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qyHyL-0006BN-6Y; Wed, 01 Nov 2023 20:37:53 +0000 Received: by outflank-mailman (input) for mailman id 626638; Wed, 01 Nov 2023 20:37:52 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qyHyJ-00069g-Hy for xen-devel@lists.xenproject.org; Wed, 01 Nov 2023 20:37:52 +0000 Received: from esa2.hc3370-68.iphmx.com (esa2.hc3370-68.iphmx.com [216.71.145.153]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 83bdd2b2-78f6-11ee-98d6-6d05b1d4d9a1; Wed, 01 Nov 2023 21:37:48 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 83bdd2b2-78f6-11ee-98d6-6d05b1d4d9a1 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1698871068; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=43oVt6N/8ogtMsgBl8YGeSvERYHwZG0JWTOITrW6Y7g=; b=DW7Mi79DlHKYHc+bDGgLdvnNyFb7BMkt/qw1Mk7PlD+gkAsENrsShtI0 dTPpOmA5lpUn2GCrcqdQtc66gHZz8lcQ1Gj6hdsYFtwQdymS/LOs5o7rH Y2ieXHHqkgiyE2UYL30YJy1ovdNqiydlkVcVUhqVzDgFV5y+KNmN6mKK0 0=; X-CSE-ConnectionGUID: sTpmSzHmT+SNwEUQVNKDUA== X-CSE-MsgGUID: SxSyzxVlRpWdjgCVXsYdWA== Authentication-Results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 127170898 X-Ironport-Server: esa2.hc3370-68.iphmx.com X-Remote-IP: 162.221.159.70 X-Policy: $RELAYED X-ThreatScanner-Verdict: Negative IronPort-Data: A9a23:qPZUIazbDUWTvaCivER6t+cjxirEfRIJ4+MujC+fZmUNrF6WrkVVm jYfXGuHOK6OZGbzeNF3YdyxpBtS7J+GndJrHAs9/iAxQypGp/SeCIXCJC8cHc8wwu7rFxs7s ppEOrEsCOhuExcwcz/0auCJQUFUjPzOHvykTrecZkidfCc8IA85kxVvhuUltYBhhNm9Emult Mj75sbSIzdJ4RYtWo4vw/zF8EgHUMja4mtC5QVnPakT5zcyqlFOZH4hDfDpR5fHatE88t6SH 47r0Ly/92XFyBYhYvvNfmHTKxBirhb6ZGBiu1IOM0SQqkEqSh8ai87XAME0e0ZP4whlqvgqo Dl7WT5cfi9yVkHEsLx1vxC1iEiSN4UekFPMCSDXXcB+UyQq2pYjqhljJBheAGEWxgp4KXpy7 fkjOhAIUlO4of2b/YuFbMpAu+12eaEHPKtH0p1h5TTQDPJgSpHfWaTao9Rf2V/chOgXQ6yYP ZBAL2MyPVKfO3WjOX9OYH46tM6uimPybHtzr1WNqLBsy2PS0BZwwP7mN9+9ltmiHJ8KxxnA9 jOWl4j/KioKD82N2QSByGqTiu3Ath3LQ7MeK5Tto5aGh3XMnzdOWXX6T2CTsfS/z0KzRd9bA 0gV4TY167g/8lSxSdvwVAH+p2SL1jY+cddNF+wx6CmW17HZpQ2eAwAsUTppeNEg8sgsSlQC9 lKPhcKvOjVpv5WcU3fb/bCRxQ5eIgBMczVEP3VdC1JYsp+8+Onfky4jUP54LLawtc/VHA2z+ BaVgRUHuZMwofMigvDTEU/8v968mnTYZldrt1WHBzr9tFMRiJ2NPdLytQaBhRpUBMPJFgPf4 SJsd922tbhWVfmweDqxrPLh9V1Dz92CKjTYyWV3BZgn+C/FF5WLJtsIv2gWyKuEKK85ld7Vj Kz741g5CGd7ZifCUEOOS9vZ5z4W5abhD8/5cfvfc8BDZJN8HCfeonA+NRDLgT6zwBF8+U3aB Xt8WZ/yZUv29Iw+kWHoLwvj+eRDKt8CKZP7GsmgkkXPPUu2b3+JU7YVWGazghQCxPrc+m39q o8PX/ZmPj0DCIUSlAGLq99MRb3LRFBnba3LRzt/LL7dfVE7RDB9V5c8A9oJIuRYokicrc+Ql lnVZ6OS4AOXaaHvQelSVk1eVQ== IronPort-HdrOrdr: A9a23:4NtU1K7WrjUk6CwdzAPXwMXXdLJyesId70hD6qkRc20wTiT7// rFoB1/73LJYVkqNE3I9ervBEDiewK4yXcW2/hzAV7KZmCP01dASrsC0WKI+UyDJ8SRzI5g/J YlV5JeYeeeMWRH X-Talos-CUID: 9a23:Mh/sQGH0MSLAtOPYqmJ8yFYRIdIFd0Ge91HPDnKBN0BKZIC8HAo= X-Talos-MUID: 9a23:pZRUZgmvsHJKsOP7mNg6dnpZJPx58bSQDHoVrpkEtOK6BTdBNwi02WE= X-IronPort-AV: E=Sophos;i="6.03,269,1694750400"; d="scan'208";a="127170898" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Wei Liu , Henry Wang Subject: [PATCH for-4.18] x86/time: Fix UBSAN failure in __update_vcpu_system_time() Date: Wed, 1 Nov 2023 20:37:37 +0000 Message-ID: <20231101203737.3441425-1-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1698871120034100001 As reported: (XEN) =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D (XEN) UBSAN: Undefined behaviour in arch/x86/time.c:1542:32 (XEN) member access within null pointer of type 'union vcpu_info_t' (XEN) ----[ Xen-4.19-unstable x86_64 debug=3Dy ubsan=3Dy Not tainted ]= ---- ... (XEN) Xen call trace: (XEN) [] R common/ubsan/ubsan.c#ubsan_epilogue+0xa/0= xd2 (XEN) [] F __ubsan_handle_type_mismatch+0x133/0x49b (XEN) [] F __ubsan_handle_type_mismatch_v1+0xfa/0xfc (XEN) [] F arch/x86/time.c#__update_vcpu_system_time= +0x212/0x30f (XEN) [] F update_vcpu_system_time+0xe/0x10 (XEN) [] F arch/x86/time.c#local_time_calibration+0x= 1f7/0x523 (XEN) [] F common/softirq.c#__do_softirq+0x1f4/0x31a (XEN) [] F do_softirq+0x13/0x15 (XEN) [] F arch/x86/domain.c#idle_loop+0x2e0/0x367 (XEN) (XEN) =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D It is not valid to derive a pointer from vcpu_info() prior to checking that the underlying map pointer is good. Reorder actions so the NULL pointer check is first. Fixes: 20279afd7323 ("x86: split populating of struct vcpu_time_info into a= separate function") Signed-off-by: Andrew Cooper --- CC: Jan Beulich CC: Roger Pau Monn=C3=A9 CC: Wei Liu CC: Henry Wang 4.18 blocker, or we'll need to issue an XSA/CVE. --- xen/arch/x86/time.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index d0b0986509b2..6d33edd0addc 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -1539,12 +1539,14 @@ static void collect_time_info(const struct vcpu *v, =20 static void __update_vcpu_system_time(struct vcpu *v, int force) { - struct vcpu_time_info *u =3D &vcpu_info(v, time), _u; + struct vcpu_time_info *u, _u; const struct domain *d =3D v->domain; =20 if ( !v->vcpu_info_area.map ) return; =20 + u =3D &vcpu_info(v, time); + collect_time_info(v, &_u); =20 /* Don't bother unless timestamp record has changed or we are forced. = */ base-commit: 7befef87cc9b1bb8ca15d866ce1ecd9165ccb58c --=20 2.30.2