Xen project Mailing List

[PATCH v1 1/1] arm64/insn: Avoid undefined behaviour in branch offset decode

From: "Edgar E. Iglesias" <edgar.iglesias@xxxxxxx>

Date: Wed, 22 Apr 2026 18:45:06 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=l1L0cHhYhKWukItgG6Pv/iZnhnVGXxoiCqOifSqAFSQ=; b=GrSB39WrvxWtA/jSGuqRgBO4VBmJpnyESRFQQiYxozJ3tke5CYLnkfv4fDKbSk4HzEao+vpAimzhaNs6eC1r9ODkC5SBzzaC3Ga9t6C65blUheEDDGci1Tiqm48FtL8LTur2aeHGH8lpSNRdlij+4KkETFLGUE1/2NiFKoJhe7DzcNCiZ7rk/yXQ2FAH0ns7m13U9rwOiwqUDGy/P4TSs7f0phTvwtWXf4ACGX3s8TbCD02dFifzs6L0BD+pQRlCWnGVFyVLw/ai7ntVLXdQdXhrCMggVPG4ZXso9DCbNqh+Oa6nA6zpcfEXZaxU8VaJ34xxmw5erHn8IBDFAU7mzw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=JNgelDCm9qID5tDiUkEXq5qJDj4H+6aHBLztkQSierCi9AALe+7orKgEG59e9j7GBawoCUYu77mKoL6HyTWxIQXMze69FBow2a6yD/ChVX1oxYz5S+8u92MWOk/tyM4BCUDBDaWWjOR9oPLXMGgw3j9falpmKFKHApji6ZE6fekjmfoP89rRV+kNI+s1NjUuOcg4eGqi6xXLXjobawFfZxWLaSDNHcune0JBZjuWZxorAo59ZfGn6zoCg4YzqRby8KlRq2fgetALYS4YyYQDy6yiPnaUBkPe0DV67yib1DEkqrNmnpTSMwsTDJbNwNjynSUfuqlTB/RCBq/uT9obXQ==

Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=amd.com header.i="@amd.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com;

Cc: sstabellini@xxxxxxxxxx, julien@xxxxxxx, bertrand.marquis@xxxxxxx, michal.orzel@xxxxxxx, Volodymyr_Babchuk@xxxxxxxx, edgar.iglesias@xxxxxxx

Delivery-date: Wed, 22 Apr 2026 16:45:37 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Branch offset decoding sign-extends the immediate by shifting it left into bit 31 and back. Perform the left shift in uint32_t and cast to int32_t only for the final right shift to avoid UBSAN failures on negative offsets. Fixes: 6dbf3f0e3074 ("xen/arm: arm64: Add helpers to decode and encode branch instructions") Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xxxxxxx> --- xen/arch/arm/arm64/insn.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/arch/arm/arm64/insn.c b/xen/arch/arm/arm64/insn.c index 81f7914610..6b97a84ba7 100644 --- a/xen/arch/arm/arm64/insn.c +++ b/xen/arch/arm/arm64/insn.c @@ -225,22 +225,22 @@ u32 __kprobes aarch64_insn_gen_nop(void) */ int32_t aarch64_get_branch_offset(uint32_t insn) { - int32_t imm; + uint32_t imm; if (aarch64_insn_is_b(insn) || aarch64_insn_is_bl(insn)) { imm = aarch64_insn_decode_immediate(AARCH64_INSN_IMM_26, insn); - return (imm << 6) >> 4; + return (int32_t)(imm << 6) >> 4; } if (aarch64_insn_is_cbz(insn) || aarch64_insn_is_cbnz(insn) || aarch64_insn_is_bcond(insn)) { imm = aarch64_insn_decode_immediate(AARCH64_INSN_IMM_19, insn); - return (imm << 13) >> 11; + return (int32_t)(imm << 13) >> 11; } if (aarch64_insn_is_tbz(insn) || aarch64_insn_is_tbnz(insn)) { imm = aarch64_insn_decode_immediate(AARCH64_INSN_IMM_14, insn); - return (imm << 18) >> 16; + return (int32_t)(imm << 18) >> 16; } /* Unhandled instruction */ -- 2.43.0

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.