[PATCH RFC] arm64/scs: Fix potential sign extension issue of advance

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH RFC] arm64/scs: Fix potential sign extension issue of advance_loc4
@ 2026-04-13  9:54 Wentao Guan
  2026-04-15 10:48 ` Catalin Marinas
  0 siblings, 1 reply; 2+ messages in thread
From: Wentao Guan @ 2026-04-13  9:54 UTC (permalink / raw)
  To: linux-arm-kernel; +Cc: catalin.marinas, will, hello, linux-kernel, Wentao Guan

The expression (*opcode++ << 24) and exp * code_alignment_factor
may overflow signed int and becomes negative.

Fix this by casting each byte to u64 before shifting. Also fix
the misaligned break statement while we are here.

Example of the result can be seen here:
Link: https://godbolt.org/z/zhY8d3595

It maybe not a real problem, but could be a issue in future.

Fixes: d499e9627d70 ("arm64/scs: Fix handling of advance_loc4")
Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
---
 arch/arm64/kernel/pi/patch-scs.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/kernel/pi/patch-scs.c b/arch/arm64/kernel/pi/patch-scs.c
index dac568e4a54f2..3944ad899021c 100644
--- a/arch/arm64/kernel/pi/patch-scs.c
+++ b/arch/arm64/kernel/pi/patch-scs.c
@@ -196,9 +196,9 @@ static int scs_handle_fde_frame(const struct eh_frame *frame,
 			loc += *opcode++ * code_alignment_factor;
 			loc += (*opcode++ << 8) * code_alignment_factor;
 			loc += (*opcode++ << 16) * code_alignment_factor;
-			loc += (*opcode++ << 24) * code_alignment_factor;
+			loc += ((u64)*opcode++ << 24) * code_alignment_factor;
 			size -= 4;
-		break;
+			break;
 
 		case DW_CFA_def_cfa:
 		case DW_CFA_offset_extended:
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH RFC] arm64/scs: Fix potential sign extension issue of advance_loc4
  2026-04-13  9:54 [PATCH RFC] arm64/scs: Fix potential sign extension issue of advance_loc4 Wentao Guan
@ 2026-04-15 10:48 ` Catalin Marinas
  0 siblings, 0 replies; 2+ messages in thread
From: Catalin Marinas @ 2026-04-15 10:48 UTC (permalink / raw)
  To: Wentao Guan; +Cc: linux-arm-kernel, will, hello, linux-kernel

On Mon, Apr 13, 2026 at 05:54:59PM +0800, Wentao Guan wrote:
> The expression (*opcode++ << 24) and exp * code_alignment_factor
> may overflow signed int and becomes negative.
> 
> Fix this by casting each byte to u64 before shifting. Also fix
> the misaligned break statement while we are here.
> 
> Example of the result can be seen here:
> Link: https://godbolt.org/z/zhY8d3595
> 
> It maybe not a real problem, but could be a issue in future.
> 
> Fixes: d499e9627d70 ("arm64/scs: Fix handling of advance_loc4")
> Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
> ---
>  arch/arm64/kernel/pi/patch-scs.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/arm64/kernel/pi/patch-scs.c b/arch/arm64/kernel/pi/patch-scs.c
> index dac568e4a54f2..3944ad899021c 100644
> --- a/arch/arm64/kernel/pi/patch-scs.c
> +++ b/arch/arm64/kernel/pi/patch-scs.c
> @@ -196,9 +196,9 @@ static int scs_handle_fde_frame(const struct eh_frame *frame,
>  			loc += *opcode++ * code_alignment_factor;
>  			loc += (*opcode++ << 8) * code_alignment_factor;
>  			loc += (*opcode++ << 16) * code_alignment_factor;
> -			loc += (*opcode++ << 24) * code_alignment_factor;
> +			loc += ((u64)*opcode++ << 24) * code_alignment_factor;
>  			size -= 4;
> -		break;
> +			break;

The fix makes sense. I'll queue it at -rc1.

Thanks.

-- 
Catalin

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-04-15 10:48 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-13  9:54 [PATCH RFC] arm64/scs: Fix potential sign extension issue of advance_loc4 Wentao Guan
2026-04-15 10:48 ` Catalin Marinas

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox