[PATCH 2/2] arm64: KVM: prevent overflow in inject_abt64

From: Anastasia Belova
Date: Mon Sep 09 2024 - 06:40:20 EST

Next message: Anastasia Belova: "[PATCH 0/2] arm64: KVM: prevent overflow in inject_abt64"
Previous message: Jeongjun Park: "[PATCH v2] wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()"
In reply to: Anastasia Belova: "[PATCH 0/2] arm64: KVM: prevent overflow in inject_abt64"
Next in thread: Anastasia Belova: "[PATCH 1/2] arm64: KVM: prevent overflow in inject_abt64"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ESR_ELx_EC_DABT_LOW << ESR_ELx_EC_SHIFT = 0x24 << 26.
This operation's result is int with 1 in 32th bit.
While casting this value into u64 (esr is u64) 1
fills 32 highest bits.

Add explicit casting to prevent it.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: e4fe9e7dc382 ("kvm: arm64: Fix EC field in inject_abt64")
Signed-off-by: Anastasia Belova <abelova@xxxxxxxxxxxxx>
---
arch/arm64/kvm/inject_fault.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm64/kvm/inject_fault.c b/arch/arm64/kvm/inject_fault.c
index b6b2cfff6629..6cb191b799ac 100644
--- a/arch/arm64/kvm/inject_fault.c
+++ b/arch/arm64/kvm/inject_fault.c
@@ -79,7 +79,7 @@ static void inject_abt64(struct kvm_vcpu *vcpu, bool is_iabt, unsigned long addr
esr |= ((u64)ESR_ELx_EC_IABT_CUR << ESR_ELx_EC_SHIFT);

if (!is_iabt)
- esr |= ESR_ELx_EC_DABT_LOW << ESR_ELx_EC_SHIFT;
+ esr |= (u64)ESR_ELx_EC_DABT_LOW << ESR_ELx_EC_SHIFT;

esr |= ESR_ELx_FSC_EXTABT;

--
2.30.2

Next message: Anastasia Belova: "[PATCH 0/2] arm64: KVM: prevent overflow in inject_abt64"
Previous message: Jeongjun Park: "[PATCH v2] wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()"
In reply to: Anastasia Belova: "[PATCH 0/2] arm64: KVM: prevent overflow in inject_abt64"
Next in thread: Anastasia Belova: "[PATCH 1/2] arm64: KVM: prevent overflow in inject_abt64"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]