Re: UBSan bug in real mode fpu emulation

On 4/25/25 11:11, Jan Beulich wrote: On 24.04.2025 16:04, Andrew Cooper wrote: I have a sneaking suspicion that this is sufficient: diff --git a/xen/arch/x86/x86_emulate/private.h b/xen/arch/x86/x86_emulate/private.h index 30be59547032..9f3d6f0e5357 100644 --- a/xen/arch/x86/x86_emulate/private

Re: UBSan bug in real mode fpu emulation

On 24.04.2025 12:05, Fabian Specht wrote: > On Thu, Apr 24, 2025 at 08:34:42AM +0200, Jan Beulich wrote: >> Since ... >> >>> Similar code resides in the same file in lines 87, 125 and 127. >> >> ... all of these are shifts by 16, could you clarify what it is that you >> want to shift by 4? Imo what

Re: UBSan bug in real mode fpu emulation

On 24.04.2025 16:04, Andrew Cooper wrote: > I have a sneaking suspicion that this is sufficient: > > diff --git a/xen/arch/x86/x86_emulate/private.h > b/xen/arch/x86/x86_emulate/private.h > index 30be59547032..9f3d6f0e5357 100644 > --- a/xen/arch/x86/x86_emulate/private.h > +++ b/xen/arch/x86/x86_

Re: UBSan bug in real mode fpu emulation

On 24/04/2025 2:13 pm, Fabian Specht wrote: >>> if ( !s->rex_prefix ) >>> { >>> /* Convert 32-bit real/vm86 to 32-bit prot format. */ >>> unsigned int fip = fpstate.env.mode.real.fip_lo + >>>(fpstate.env.mode.real.fip_hi << 16); >>> unsigned int f

Re: UBSan bug in real mode fpu emulation

> > if ( !s->rex_prefix ) > > { > > /* Convert 32-bit real/vm86 to 32-bit prot format. */ > > unsigned int fip = fpstate.env.mode.real.fip_lo + > >(fpstate.env.mode.real.fip_hi << 16); > > unsigned int fdp = fpstate.env.mode.real.fdp_lo + > >

Re: UBSan bug in real mode fpu emulation

On 24/04/2025 2:08 am, Fabian Specht wrote: > Dear Xen-Devel team, > > we discovered a bug regarding undefined behaviour in the FPU emulation > unit. > > if ( !s->rex_prefix ) > { > /* Convert 32-bit real/vm86 to 32-bit prot format. */ > unsigned int fip = fpstate.env.mode.real.fip_lo +

Re: UBSan bug in real mode fpu emulation

On Thu, Apr 24, 2025 at 08:34:42AM +0200, Jan Beulich wrote: > Since ... > > > Similar code resides in the same file in lines 87, 125 and 127. > > ... all of these are shifts by 16, could you clarify what it is that you > want to shift by 4? Imo what we need to do here is add casts to unsigned >

Re: UBSan bug in real mode fpu emulation

On Thu, Apr 24, 2025 at 08:34:42AM +0200, Jan Beulich wrote: > Since ... > > > Similar code resides in the same file in lines 87, 125 and 127. > > ... all of these are shifts by 16, could you clarify what it is that you > want to shift by 4? Imo what we need to do here is add casts to unsigned >

Re: UBSan bug in real mode fpu emulation

On 24.04.2025 03:08, Fabian Specht wrote: > we discovered a bug regarding undefined behaviour in the FPU emulation > unit. > > if ( !s->rex_prefix ) > { > /* Convert 32-bit real/vm86 to 32-bit prot format. */ > unsigned int fip = fpstate.env.mode.real.fip_lo + >

UBSan bug in real mode fpu emulation

Dear Xen-Devel team, we discovered a bug regarding undefined behaviour in the FPU emulation unit. if ( !s->rex_prefix ) { /* Convert 32-bit real/vm86 to 32-bit prot format. */ unsigned int fip = fpstate.env.mode.real.fip_lo + (fpstate.env