From: Andrew Cooper Date: Tue, 17 Oct 2017 14:11:23 +0000 (+0100) Subject: xen/public: Correct the definition of GNTTAB_CACHE_SOURCE_GREF X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=5dd3907a2af37060a675dd3bc5a02b7b38dac66c;p=people%2Fiwj%2Fxen.git xen/public: Correct the definition of GNTTAB_CACHE_SOURCE_GREF Discovered when running the XSA-232 PoC on a UBSAN-enabled hypervisor. (d79) XSA-232 PoC (XEN) ================================================================================ (XEN) UBSAN: Undefined behaviour in grant_table.c:3217:25 (XEN) left shift of 1 by 31 places cannot be represented in type 'int' (XEN) ----[ Xen-4.10.0-rc x86_64 debug=y Tainted: H ]---- Update all of the GNTTAB_CACHE_* constants to be unsigned integers. Signed-off-by: Andrew Cooper Reviewed-by: Wei Liu Reviewed-by: Konrad Rzeszutek Wilk Release-acked-by: Julien Grall --- diff --git a/xen/include/public/grant_table.h b/xen/include/public/grant_table.h index 018036e825..180d62c6d8 100644 --- a/xen/include/public/grant_table.h +++ b/xen/include/public/grant_table.h @@ -589,9 +589,9 @@ struct gnttab_cache_flush { } a; uint16_t offset; /* offset from start of grant */ uint16_t length; /* size within the grant */ -#define GNTTAB_CACHE_CLEAN (1<<0) -#define GNTTAB_CACHE_INVAL (1<<1) -#define GNTTAB_CACHE_SOURCE_GREF (1<<31) +#define GNTTAB_CACHE_CLEAN (1u<<0) +#define GNTTAB_CACHE_INVAL (1u<<1) +#define GNTTAB_CACHE_SOURCE_GREF (1u<<31) uint32_t op; }; typedef struct gnttab_cache_flush gnttab_cache_flush_t;