From: Andrew Cooper Date: Thu, 6 Jun 2019 14:26:17 +0000 (+0100) Subject: x86/irq: Fix undefined behaviour in irq_move_cleanup_interrupt() X-Git-Tag: archive/raspbian/4.14.0+80-gd101b417b7-1+rpi1^2~63^2~2089 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=0bf4a2560dd24a7a1285727a900b52adcb4594fb;p=xen.git x86/irq: Fix undefined behaviour in irq_move_cleanup_interrupt() UBSAN reports: (XEN) ================================================================================ (XEN) UBSAN: Undefined behaviour in irq.c:682:22 (XEN) left shift of 1 by 31 places cannot be represented in type 'int' (XEN) ----[ Xen-4.13-unstable x86_64 debug=y Not tainted ]---- (XEN) CPU: 16 (XEN) RIP: e008:[] ubsan.c#ubsan_epilogue+0xa/0xc2 (XEN) Xen call trace: (XEN) [] ubsan.c#ubsan_epilogue+0xa/0xc2 (XEN) [] __ubsan_handle_shift_out_of_bounds+0x15d/0x16c (XEN) [] irq_move_cleanup_interrupt+0x25c/0x4a0 (XEN) [] do_IRQ+0x19d/0x104c (XEN) [] common_interrupt+0x10a/0x120 (XEN) [] cpu_idle.c#acpi_idle_do_entry+0x1de/0x24b (XEN) [] cpu_idle.c#acpi_processor_idle+0x5c8/0x94e (XEN) [] domain.c#idle_loop+0xee/0x101 (XEN) (XEN) ================================================================================ Switch to an unsigned shift, and correct the surrounding style. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné Acked-by: Jan Beulich --- diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index 4042caaa00..ccee68ff69 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -679,7 +679,8 @@ void irq_move_cleanup_interrupt(struct cpu_user_regs *regs) * next attempt by sending another IRQ_MOVE_CLEANUP_VECTOR * to myself. */ - if (irr & (1 << (vector % 32))) { + if ( irr & (1u << (vector % 32)) ) + { send_IPI_self(IRQ_MOVE_CLEANUP_VECTOR); TRACE_3D(TRC_HW_IRQ_MOVE_CLEANUP_DELAY, irq, vector, smp_processor_id());