[PATCH] KVM: arm64: Harden clock for nvhe/pKVM

Next message: Boris Brezillon: "Re: [PATCH 03/10] drm/panthor: Replace the panthor_irq macro machinery by inline helpers"
Previous message: Marco Crivellari: "[RFC PATCH] phy: ti: tusb1210: Move long delayed work on system_dfl_long_wq"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Mostafa Saleh

Date: Thu Apr 30 2026 - 06:37:38 EST

Sashiko(locally) reports possiblity of division by zero and
out-of-bounds bitwise shift in trace_clock_update().

Although the clock update is untrusted, we should at least have some
basic checks to avoid the clock value getting out of sync if the host
is buggy.

Signed-off-by: Mostafa Saleh <smostafa@xxxxxxxxxx>
---
arch/arm64/kvm/hyp/nvhe/clock.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/arch/arm64/kvm/hyp/nvhe/clock.c b/arch/arm64/kvm/hyp/nvhe/clock.c
index 32fc4313fe43..a7fc61976fd0 100644
--- a/arch/arm64/kvm/hyp/nvhe/clock.c
+++ b/arch/arm64/kvm/hyp/nvhe/clock.c
@@ -35,6 +35,9 @@ void trace_clock_update(u32 mult, u32 shift, u64 epoch_ns, u64 epoch_cyc)
struct clock_data *clock = &trace_clock_data;
u64 bank = clock->cur ^ 1;

+ if (!mult || shift >= 64)
+ return;
+
clock->data[bank].mult = mult;
clock->data[bank].shift = shift;
clock->data[bank].epoch_ns = epoch_ns;
--
2.54.0.545.g6539524ca2-goog