arm64/insn: Avoid undefined behaviour in branch offset decode

[PATCH v1 0/1] arm64/insn: Avoid undefined behaviour in branch offset decode

Edgar E. Iglesias posted 1 patch 1 week, 3 days ago

Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/20260422164506.2234095-1-edgar.iglesias@amd.com

xen/arch/arm/arm64/insn.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

Expand all Fold all

[PATCH v1 0/1] arm64/insn: Avoid undefined behaviour in branch offset decode

Posted by Edgar E. Iglesias 1 week, 3 days ago

I hit a UBSAN failure while alternatives patching decoded a branch with
a negative offset.

The branch offset helper sign-extends the decoded immediate by shifting
it left into bit 31 and back again. Doing the left shift in the signed
domain trips UBSAN on negative offsets, so switch the intermediate to
uint32_t and cast back to int32_t only for the final right shift.

(XEN) alternatives: Patching with alt table 00000a00005e7298 -> 00000a00005e8894
(XEN) ================================================================================
(XEN) UBSAN: Undefined behaviour in arch/arm/arm64/insn.c:232:15
(XEN) left shift of 66621055 by 6 places cannot be represented in type 'int'
(XEN) Xen WARN at common/ubsan/ubsan.c:176
(XEN) ----[ Xen-4.21.0  arm64  debug=y ubsan=y  Not tainted ]----
(XEN) CPU:    0
(XEN) PC:     00000a00003432e0 ubsan.c#ubsan_epilogue+0x14/0xec
(XEN) LR:     00000a0000344a58
(XEN) SP:     00000a000061fbd0
(XEN) CPSR:   00000000400002c9 MODE:64-bit EL2h (Hypervisor, handler)


Edgar E. Iglesias (1):
  arm64/insn: Avoid undefined behaviour in branch offset decode

 xen/arch/arm/arm64/insn.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

-- 
2.43.0