From: Andrew Cooper Date: Fri, 5 Jul 2019 08:30:27 +0000 (+0200) Subject: x86/irq: Fix undefined behaviour in irq_move_cleanup_interrupt() X-Git-Tag: archive/raspbian/4.11.3+24-g14b62ab3e5-1+rpi1^2~55^2~127 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=fddda5d05834011cbfb03170f55140051f9f8e61;p=xen.git x86/irq: Fix undefined behaviour in irq_move_cleanup_interrupt() UBSAN reports: (XEN) ================================================================================ (XEN) UBSAN: Undefined behaviour in irq.c:682:22 (XEN) left shift of 1 by 31 places cannot be represented in type 'int' (XEN) ----[ Xen-4.13-unstable x86_64 debug=y Not tainted ]---- (XEN) CPU: 16 (XEN) RIP: e008:[] ubsan.c#ubsan_epilogue+0xa/0xc2 (XEN) Xen call trace: (XEN) [] ubsan.c#ubsan_epilogue+0xa/0xc2 (XEN) [] __ubsan_handle_shift_out_of_bounds+0x15d/0x16c (XEN) [] irq_move_cleanup_interrupt+0x25c/0x4a0 (XEN) [] do_IRQ+0x19d/0x104c (XEN) [] common_interrupt+0x10a/0x120 (XEN) [] cpu_idle.c#acpi_idle_do_entry+0x1de/0x24b (XEN) [] cpu_idle.c#acpi_processor_idle+0x5c8/0x94e (XEN) [] domain.c#idle_loop+0xee/0x101 (XEN) (XEN) ================================================================================ Switch to an unsigned shift, and correct the surrounding style. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné Acked-by: Jan Beulich master commit: 0bf4a2560dd24a7a1285727a900b52adcb4594fb master date: 2019-06-06 20:04:32 +0100 --- diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index 0071b009bb..3bb2f5132b 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -679,7 +679,8 @@ void irq_move_cleanup_interrupt(struct cpu_user_regs *regs) * next attempt by sending another IRQ_MOVE_CLEANUP_VECTOR * to myself. */ - if (irr & (1 << (vector % 32))) { + if ( irr & (1u << (vector % 32)) ) + { send_IPI_self(IRQ_MOVE_CLEANUP_VECTOR); TRACE_3D(TRC_HW_IRQ_MOVE_CLEANUP_DELAY, irq, vector, smp_processor_id());