On 01/06/2025 18:32, Jahan Murudi wrote:
> The current implementation performs left shift operations that may trigger
> undefined behavior when the target value is too large. This patch:
>
> 1. Changes the shift from signed (1) to unsigned (1U) to ensure well-defined
NIT for the future: Use imperative mood
> behavior for all valid target values
> 2. Maintains identical functionality while fixing the UBSAN warning
>
> The issue was detected by UBSAN:
> (XEN) UBSAN: Undefined behaviour in arch/arm/vgic-v2.c:73:56
> (XEN) left shift of 128 by 24 places cannot be represented in type 'int'
> (XEN) Xen WARN at common/ubsan/ubsan.c:174
>
> Signed-off-by: Jahan Murudi <jahan.murudi...@renesas.com>
Reviewed-by: Michal Orzel <michal.or...@amd.com>
~Michal
>
> ---
> Changed since v1:
> * Added space after subject line
> ---
> xen/arch/arm/vgic-v2.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/xen/arch/arm/vgic-v2.c b/xen/arch/arm/vgic-v2.c
> index a19d610178..642407fd5b 100644
> --- a/xen/arch/arm/vgic-v2.c
> +++ b/xen/arch/arm/vgic-v2.c
> @@ -70,7 +70,7 @@ static uint32_t vgic_fetch_itargetsr(struct vgic_irq_rank
> *rank,
> offset &= ~(NR_TARGETS_PER_ITARGETSR - 1);
>
> for ( i = 0; i < NR_TARGETS_PER_ITARGETSR; i++, offset++ )
> - reg |= (1 << read_atomic(&rank->vcpu[offset])) << (i *
> NR_BITS_PER_TARGET);
> + reg |= (1U << read_atomic(&rank->vcpu[offset])) << (i *
> NR_BITS_PER_TARGET);
>
> return reg;
> }
