[{"id":3673174,"web_url":"http://patchwork.ozlabs.org/comment/3673174/","msgid":"<hkbpiuquqvsseu7tkv5gtlfxlj7qvsjoj6rndntty2btpcmdpx@4dfgpwffld2k>","list_archive_url":null,"date":"2026-04-03T15:30:35","subject":"Re: [PATCH] RISC-V: KVM: Fix shift-out-of-bounds in\n make_xfence_request()","submitter":{"id":92377,"url":"http://patchwork.ozlabs.org/api/people/92377/","name":"Andrew Jones","email":"andrew.jones@oss.qualcomm.com"},"content":"On Fri, Apr 03, 2026 at 06:13:02AM +0000, Jiakai Xu wrote:\n> The make_xfence_request() function uses a shift operation to check if a\n> vCPU is in the hart mask:\n> \n>   if (!(hmask & (1UL << (vcpu->vcpu_id - hbase))))\n> \n> However, when the difference between vcpu_id and hbase\n> is >= BITS_PER_LONG, the shift operation causes undefined behavior.\n> \n> This was detected by UBSAN:\n>   UBSAN: shift-out-of-bounds in arch/riscv/kvm/tlb.c:343:23\n>   shift exponent 256 is too large for 64-bit type 'long unsigned int'\n> \n> Fix this by adding a bounds check before the shift operation.\n> \n> This bug was found by fuzzing the KVM RISC-V interface.\n> \n> Fixes: 13acfec2dbcc (\"RISC-V: KVM: Add remote HFENCE functions based on VCPU requests\")\n> Signed-off-by: Jiakai Xu <jiakaiPeanut@gmail.com>\n> Signed-off-by: Jiakai Xu <xujiakai2025@iscas.ac.cn>\n> ---\n>  arch/riscv/kvm/tlb.c | 7 +++++--\n>  1 file changed, 5 insertions(+), 2 deletions(-)\n> \n> diff --git a/arch/riscv/kvm/tlb.c b/arch/riscv/kvm/tlb.c\n> index ff1aeac4eb8eb..500e001513a11 100644\n> --- a/arch/riscv/kvm/tlb.c\n> +++ b/arch/riscv/kvm/tlb.c\n> @@ -333,14 +333,17 @@ static void make_xfence_request(struct kvm *kvm,\n>  \tunsigned long i;\n>  \tstruct kvm_vcpu *vcpu;\n>  \tunsigned int actual_req = req;\n> +\tunsigned int idx;\n>  \tDECLARE_BITMAP(vcpu_mask, KVM_MAX_VCPUS);\n>  \n>  \tbitmap_zero(vcpu_mask, KVM_MAX_VCPUS);\n>  \tkvm_for_each_vcpu(i, vcpu, kvm) {\n>  \t\tif (hbase != -1UL) {\n> -\t\t\tif (vcpu->vcpu_id < hbase)\n> +\t\t\tidx = vcpu->vcpu_id - hbase;\n> +\n> +\t\t\tif (idx < 0 || idx >= BITS_PER_LONG)\n\nidx is unsigned, so I would expect this 'idx < 0' to produce a warning\nthat it's always false.\n\nI wouldn't introduce idx and just change the current condition instead\n\n  if (vcpu->vcpu_id < hbase || vcpu->vcpu_id >= hbase + BITS_PER_LONG)\n     continue;\n\n>  \t\t\t\tcontinue;\n> -\t\t\tif (!(hmask & (1UL << (vcpu->vcpu_id - hbase))))\n> +\t\t\tif (!(hmask & (1UL << idx)))\n>  \t\t\t\tcontinue;\n>  \t\t}\n>  \n> -- \n> 2.34.1\n> \n\nunsigned arithmetic makes my head hurt. It would hurt less if we\nguaranteed the ranges of all the components. vcpu_ids are\nguaranteed to be [ 0, min(KVM_MAX_VCPU_IDS, INT_MAX) ), see\nkvm_vm_ioctl_create_vcpu(). We should also test and reject hbase\nand hmask in all the SBI calls to ensure that hbase is in the\nsame range as vcpu_ids and hmask is in the [0, BITS_PER_LONG)\nrange.\n\nThanks,\ndrew","headers":{"Return-Path":"\n <kvm-riscv-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=VzBzwsS3;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=qualcomm.com header.i=@qualcomm.com header.a=rsa-sha256\n header.s=qcppdkim1 header.b=L02kEkE9;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com\n header.a=rsa-sha256 header.s=google header.b=G/jgboqv;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=kvm-riscv-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fnN3B4vvkz1yFT\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 04 Apr 2026 02:30:45 +1100 (AEDT)","from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1w8gTr-00000002DIv-2VF6;\n\tFri, 03 Apr 2026 15:30:43 +0000","from mx0a-0031df01.pphosted.com ([205.220.168.131])\n\tby bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1w8gTn-00000002DDp-2VDF\n\tfor kvm-riscv@lists.infradead.org;\n\tFri, 03 Apr 2026 15:30:41 +0000","from pps.filterd (m0279867.ppops.net [127.0.0.1])\n\tby mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id\n 633AxVVE3803971\n\tfor <kvm-riscv@lists.infradead.org>; Fri, 3 Apr 2026 15:30:38 GMT","from mail-dy1-f200.google.com (mail-dy1-f200.google.com\n [74.125.82.200])\n\tby mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4dac9f8qa7-1\n\t(version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT)\n\tfor <kvm-riscv@lists.infradead.org>; Fri, 03 Apr 2026 15:30:38 +0000 (GMT)","by mail-dy1-f200.google.com with SMTP id\n 5a478bee46e88-2bda35eab74so2105905eec.0\n        for <kvm-riscv@lists.infradead.org>;\n Fri, 03 Apr 2026 08:30:38 -0700 (PDT)","from localhost ([140.82.166.162])\n        by smtp.gmail.com with ESMTPSA id\n 5a478bee46e88-2cc0c6ec215sm2627655eec.4.2026.04.03.08.30.36\n        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n        Fri, 03 Apr 2026 08:30:36 -0700 (PDT)"],"DKIM-Signature":["v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:\n\tMessage-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=wic5T96ZDcPltyFcsi/VU1nctDHMMd821CskxGM1QjY=; b=VzBzwsS3j3EKcW\n\t892mRffJjOpuiXd+vgxkPCXqGkArlyFWtVxqbihYZV0XdK+OSk7fswz6enObWXhUxQY1dJtSX+EPR\n\trwz3BVNPYVxgi/az5ldiOCeudErV7ioVQwGDQU7cC1dxKVGkQJITBYIbdUQIX/4YkP4mnJdp3APXL\n\t5vMy47OZKqzO4gXONc4t1umRDkF1wqktzYfBtdaExgpT+XCledRp1IDGaw+IJ5ZuqWyWB9n25sPsQ\n\tTafKKaNvU4+q3mCXH0XMpnZQlzxmOgcrJeFlS/YcMjH0aHVvRL2O6tgGJVM91WvNbaUHaWfFk+ncj\n\tQFKzPqCVA7hHbeocInnA==;","v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h=\n\tcc:content-type:date:from:in-reply-to:message-id:mime-version\n\t:references:subject:to; s=qcppdkim1; bh=x057pD4qBgfPmH6mGQKhbfbL\n\tKZ/u2npmqoIAxD1CZvw=; b=L02kEkE9FOYWgfe2dQtakWR9UsPL3StLa56Iu0UF\n\t3res9c4iJA2e2FD9Rp+3DG+v7VSToZub/BnjJiCP+7K6tdIhwJ1EoEFcTOWR3jkZ\n\tSJEexQqo05ehKOtc5SCv+Ej0nOFkYW7MlsnqhA+rlnSns4uAo53KYfK1xapvjbCC\n\tqAGNFWR+KyQfTqUzt67Z5lEWqH8a23fCEj4LSxgQ5Vt4IiZF+GUDCNAQvXjvRIdh\n\t6pcmW612kZN07QsahOzFfotPhL3Ju3R7JoVzCjm+IwZRks+wioNpnxDPYKieR6uH\n\t/VO0v+QX5ArUi2IxNrU4eFCVEQQTxssoixyoqMRzAqb/PQ==","v=1; a=rsa-sha256; c=relaxed/relaxed;\n        d=oss.qualcomm.com; s=google; t=1775230237; x=1775835037;\n darn=lists.infradead.org;\n        h=in-reply-to:content-disposition:mime-version:references:message-id\n         :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;\n        bh=x057pD4qBgfPmH6mGQKhbfbLKZ/u2npmqoIAxD1CZvw=;\n        b=G/jgboqv7ixXwUwn7DGrdIEcYl6TbB7OqNQeuhqjVaZAbDy7bgVNaTqPmTpF+v54Al\n         GeWT8XgYWI4FBYJ5CfyBZHzzDA3Yj2f/zX1iobumsE7nf84+p73jFYYJetBcZr1bLQWJ\n         VXjg6Xt8ot7XaWOuapOpD05TeMOfUnfgQ1myXq5z4r9a40GWeLqZm7yv4rQKxnMP45pq\n         Or03RdOEnRZg+gYbII3yluYmmX02uzeLT9onq7ARextdCMf0kzPt+KEme7Wark6qwj7E\n         wsSEBVT/nxBBM74Q5iHErfbBI5at54EVKN11QUndLUn/Z1BZoeZqBqnDA4SEic3kY/Gw\n         Vwyw=="],"X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n        d=1e100.net; s=20251104; t=1775230237; x=1775835037;\n        h=in-reply-to:content-disposition:mime-version:references:message-id\n         :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc\n         :subject:date:message-id:reply-to;\n        bh=x057pD4qBgfPmH6mGQKhbfbLKZ/u2npmqoIAxD1CZvw=;\n        b=QHf5NqYOjYIHwRtzLivSJh+Ig0GXrJXQekgl4SoFrXsnU8UYQo6VwJMIPP4nMoGf9d\n         AEkghERYTkLGYb2wwYTj4CsWzJW3L+Ep96okf4Gwn8P8qXUgtRdI4LWfqHgQmB6AwZQU\n         fSjbFEIJFZDaQViDb9x7qNTgefgWldkzqMA8pYaq5pjEbAc7sxgEc7srjEzGDAMVOMuo\n         SSdCVKl2T3mul0XYn3iOjknZAUY+cRAj13K+LIpeZVJ835ivdlBPpV2hc+Zt8zUTljOh\n         5p9fpqfp+p+/drjb6K8GJTsXOnKiJPGY3o+DCAvExFZBp9VuRKHwzlsP2YhsZLLY8MLa\n         nZ9A==","X-Gm-Message-State":"AOJu0YwNQ3SacDanCwhAuvnlbeUdBsjlH7K3NintVTCIH4wH2Bz2A02p\n\tPuADbfk+9/h+kJnssdMI2GvqoTyDdgcD+zWXMKR+W1qnmMA/Cg4mOhz8cTKusaKLQBBc0XcJaoN\n\tAl0wjb5pSaJQ80u2ifEUlAK7rTM87Na9xR2e8Z9xyNJ0iX5DXBd4dXzTJguLpspiAu/ewS5bDFu\n\tUw","X-Gm-Gg":"AeBDiev6a/+gaHi2rD5xC+twn2wk3NuUDFnWtAZAyFPUgUa8dAHdlPCLglBLeHhbRl3\n\t2Lt3mIW5IrEKh1+9u6ZDj+K2nf1zeLKpxw1few9NQrZVp+od1ZPIrYCP2+iv7ilMEQU3fv6Ngc6\n\tMy/WDvbCoe50DAIH2xzsLH3qnuc750dZUR6TcMid8lJjMXfE3od9TPT+KuvT4L5WSvEWAcd2Gdy\n\thmf+fkmcS01vLKUqHmpVglAUDf+CSX6PQfn956wlWT/cVeVefCKR76zQ1FI58IAkxO1BasPbni7\n\tkZqB5x2uZ9B1wjb5Ss9gbnKe0UtGuIOgBwasqWX5jG2Z/VhCQW//l9OTBU89x6/9qhKTkbL3fi0\n\t+3ZiD4T2zOKpp2OS15k3djQhgWOMH0kc=","X-Received":["by 2002:a05:7300:6c1f:b0:2c1:517d:5e97 with SMTP id\n 5a478bee46e88-2cbf9ee8ce0mr1399185eec.7.1775230237332;\n        Fri, 03 Apr 2026 08:30:37 -0700 (PDT)","by 2002:a05:7300:6c1f:b0:2c1:517d:5e97 with SMTP id\n 5a478bee46e88-2cbf9ee8ce0mr1399167eec.7.1775230236741;\n        Fri, 03 Apr 2026 08:30:36 -0700 (PDT)"],"Date":"Fri, 3 Apr 2026 10:30:35 -0500","From":"Andrew Jones <andrew.jones@oss.qualcomm.com>","To":"Jiakai Xu <xujiakai2025@iscas.ac.cn>","Cc":"kvm-riscv@lists.infradead.org, kvm@vger.kernel.org,\n        linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org,\n        Albert Ou <aou@eecs.berkeley.edu>, Alexandre Ghiti <alex@ghiti.fr>,\n        Anup Patel <anup@brainfault.org>, Atish Patra <atish.patra@linux.dev>,\n        Palmer Dabbelt <palmer@dabbelt.com>, Paul Walmsley <pjw@kernel.org>,\n        Jiakai Xu <jiakaiPeanut@gmail.com>","Subject":"Re: [PATCH] RISC-V: KVM: Fix shift-out-of-bounds in\n make_xfence_request()","Message-ID":"<hkbpiuquqvsseu7tkv5gtlfxlj7qvsjoj6rndntty2btpcmdpx@4dfgpwffld2k>","References":"<20260403061302.2203179-1-xujiakai2025@iscas.ac.cn>","MIME-Version":"1.0","Content-Disposition":"inline","In-Reply-To":"<20260403061302.2203179-1-xujiakai2025@iscas.ac.cn>","X-Proofpoint-GUID":"ZgQybez5QKZPrZ1poKOHkXdNIvONTyFs","X-Proofpoint-ORIG-GUID":"ZgQybez5QKZPrZ1poKOHkXdNIvONTyFs","X-Authority-Analysis":"v=2.4 cv=BO++bVQG c=1 sm=1 tr=0 ts=69cfdd1e cx=c_pps\n a=PfFC4Oe2JQzmKTvty2cRDw==:117 a=cvcws7F5//HeuvjG1O1erQ==:17\n a=kj9zAlcOel0A:10 a=A5OVakUREuEA:10 a=s4-Qcg_JpJYA:10\n a=VkNPw1HP01LnGYTKEx00:22 a=u7WPNUs3qKkmUXheDGA7:22 a=eoimf2acIAo5FJnRuUoq:22\n a=pGLkceISAAAA:8 a=rTD6Z3Ji9OhdE_Ng1OYA:9 a=CjuIK1q_8ugA:10\n a=6Ab_bkdmUrQuMsNx7PHu:22","X-Proofpoint-Spam-Details-Enc":"AW1haW4tMjYwNDAzMDEzNyBTYWx0ZWRfXz0++cJEXx3BY\n GBu2E0ORBcQ9zztIFetcG0POxX0sZ59Y282OuWPLZWzRV4J5lWc8gzOZ2r4aPnp7WzRk6MwXyNK\n s0USA+qZ15Dj4/u9JJdMUoS8kvvkc1m1zFoq/tDHdvOdae1bBDaShkORHF5A9PynkHAnKBkZC8b\n +cLoWLuZFdSS9WO3jPfc9FlwPSBLFr3FAF+UDjeJhYm3K9HE2+unDGTufkp07ZAlkfoihdbQDbS\n a5Akq7nrtAdPnflErBlB3ZMDXbDgBxEzy0JhWCErFupTkGSx9dzbY+gcA6lKvV0NxmnULDJIa6X\n HOxLhAoUbb7N+Keaejx1aS5dKnu49R9Vrf4HTLV+gmI3kM64Ri3fftTaIqRycMHxSqRWEzEGN/P\n ulVmaM1lCAN8JuRS3koVpmBK8a0l4FTvDQOhtfPoN7VL1nufeLLoa2kjhi9T6LSZmiyxvR8MM21\n bQFt3X3EU75eJtj9SKg==","X-Proofpoint-Virus-Version":"vendor=baseguard\n engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49\n definitions=2026-04-03_04,2026-04-03_01,2025-10-01_01","X-Proofpoint-Spam-Details":"rule=outbound_notspam policy=outbound score=0\n impostorscore=0 priorityscore=1501 suspectscore=0 lowpriorityscore=0\n malwarescore=0 bulkscore=0 phishscore=0 spamscore=0 clxscore=1015\n adultscore=0 classifier=typeunknown authscore=0 authtc= authcc=\n route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2603050001\n definitions=main-2604030137","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20260403_083039_694531_905AF533 ","X-CRM114-Status":"GOOD (  25.11  )","X-Spam-Score":"-2.8 (--)","X-Spam-Report":"Spam detection software,\n running on the system \"bombadil.infradead.org\",\n has NOT identified this incoming email as spam.  The original\n message has been attached to this so you can view it or label\n similar future email.  If you have any questions, see\n the administrator of that system for details.\n Content preview:  On Fri, Apr 03, 2026 at 06:13:02AM +0000, Jiakai Xu wrote:\n    > The make_xfence_request() function uses a shift operation to check if a\n    > vCPU is in the hart mask: > > if (!(hmask & (1UL << (vcpu->vcpu_i [...]    \n Content analysis details:   (-2.8 points, 5.0 required)\n  pts rule name              description\n ---- ----------------------\n --------------------------------------------------\n -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at https://www.dnswl.org/, low\n                             trust\n                             [205.220.168.131 listed in list.dnswl.org]\n  0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to\n                              Validity was blocked.  See\n                             https://knowledge.validity.com/hc/en-us/articles/20961730681243\n                              for more information.\n                             [205.220.168.131 listed in\n sa-accredit.habeas.com]\n  0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The\n                             query to Validity was blocked.  See\n                             https://knowledge.validity.com/hc/en-us/articles/20961730681243\n                              for more information.\n                        [205.220.168.131 listed in\n sa-trusted.bondedsender.org]\n  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record\n -0.0 SPF_PASS               SPF: sender matches SPF record\n  0.1 DKIM_SIGNED            Message has a DKIM or DK signature,\n not necessarily valid\n -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from\n                             envelope-from domain\n -0.1 DKIM_VALID             Message has at least one valid DKIM or DK\n signature\n -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from\n author's\n                             domain\n -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%\n                             [score: 0.0000]\n  0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to\n                              Validity was blocked.  See\n                             https://knowledge.validity.com/hc/en-us/articles/20961730681243\n                              for more information.\n                           [205.220.168.131 listed in\n bl.score.senderscore.com]","X-BeenThere":"kvm-riscv@lists.infradead.org","X-Mailman-Version":"2.1.34","Precedence":"list","List-Id":"<kvm-riscv.lists.infradead.org>","List-Unsubscribe":"<http://lists.infradead.org/mailman/options/kvm-riscv>,\n <mailto:kvm-riscv-request@lists.infradead.org?subject=unsubscribe>","List-Archive":"<http://lists.infradead.org/pipermail/kvm-riscv/>","List-Post":"<mailto:kvm-riscv@lists.infradead.org>","List-Help":"<mailto:kvm-riscv-request@lists.infradead.org?subject=help>","List-Subscribe":"<http://lists.infradead.org/mailman/listinfo/kvm-riscv>,\n <mailto:kvm-riscv-request@lists.infradead.org?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"\"kvm-riscv\" <kvm-riscv-bounces@lists.infradead.org>","Errors-To":"kvm-riscv-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"}},{"id":3673179,"web_url":"http://patchwork.ozlabs.org/comment/3673179/","msgid":"<wneyyisnu6rtkzwpdantjfb6e3fzakkc4gbyfuanavunjoxaev@5niyyh64rdrb>","list_archive_url":null,"date":"2026-04-03T15:38:55","subject":"Re: [PATCH] RISC-V: KVM: Fix shift-out-of-bounds in\n make_xfence_request()","submitter":{"id":92377,"url":"http://patchwork.ozlabs.org/api/people/92377/","name":"Andrew Jones","email":"andrew.jones@oss.qualcomm.com"},"content":"On Fri, Apr 03, 2026 at 10:30:35AM -0500, Andrew Jones wrote:\n> On Fri, Apr 03, 2026 at 06:13:02AM +0000, Jiakai Xu wrote:\n> > The make_xfence_request() function uses a shift operation to check if a\n> > vCPU is in the hart mask:\n> > \n> >   if (!(hmask & (1UL << (vcpu->vcpu_id - hbase))))\n> > \n> > However, when the difference between vcpu_id and hbase\n> > is >= BITS_PER_LONG, the shift operation causes undefined behavior.\n> > \n> > This was detected by UBSAN:\n> >   UBSAN: shift-out-of-bounds in arch/riscv/kvm/tlb.c:343:23\n> >   shift exponent 256 is too large for 64-bit type 'long unsigned int'\n> > \n> > Fix this by adding a bounds check before the shift operation.\n> > \n> > This bug was found by fuzzing the KVM RISC-V interface.\n> > \n> > Fixes: 13acfec2dbcc (\"RISC-V: KVM: Add remote HFENCE functions based on VCPU requests\")\n> > Signed-off-by: Jiakai Xu <jiakaiPeanut@gmail.com>\n> > Signed-off-by: Jiakai Xu <xujiakai2025@iscas.ac.cn>\n> > ---\n> >  arch/riscv/kvm/tlb.c | 7 +++++--\n> >  1 file changed, 5 insertions(+), 2 deletions(-)\n> > \n> > diff --git a/arch/riscv/kvm/tlb.c b/arch/riscv/kvm/tlb.c\n> > index ff1aeac4eb8eb..500e001513a11 100644\n> > --- a/arch/riscv/kvm/tlb.c\n> > +++ b/arch/riscv/kvm/tlb.c\n> > @@ -333,14 +333,17 @@ static void make_xfence_request(struct kvm *kvm,\n> >  \tunsigned long i;\n> >  \tstruct kvm_vcpu *vcpu;\n> >  \tunsigned int actual_req = req;\n> > +\tunsigned int idx;\n> >  \tDECLARE_BITMAP(vcpu_mask, KVM_MAX_VCPUS);\n> >  \n> >  \tbitmap_zero(vcpu_mask, KVM_MAX_VCPUS);\n> >  \tkvm_for_each_vcpu(i, vcpu, kvm) {\n> >  \t\tif (hbase != -1UL) {\n> > -\t\t\tif (vcpu->vcpu_id < hbase)\n> > +\t\t\tidx = vcpu->vcpu_id - hbase;\n> > +\n> > +\t\t\tif (idx < 0 || idx >= BITS_PER_LONG)\n> \n> idx is unsigned, so I would expect this 'idx < 0' to produce a warning\n> that it's always false.\n> \n> I wouldn't introduce idx and just change the current condition instead\n> \n>   if (vcpu->vcpu_id < hbase || vcpu->vcpu_id >= hbase + BITS_PER_LONG)\n>      continue;\n> \n> >  \t\t\t\tcontinue;\n> > -\t\t\tif (!(hmask & (1UL << (vcpu->vcpu_id - hbase))))\n> > +\t\t\tif (!(hmask & (1UL << idx)))\n> >  \t\t\t\tcontinue;\n> >  \t\t}\n> >  \n> > -- \n> > 2.34.1\n> > \n> \n> unsigned arithmetic makes my head hurt. It would hurt less if we\n> guaranteed the ranges of all the components. vcpu_ids are\n> guaranteed to be [ 0, min(KVM_MAX_VCPU_IDS, INT_MAX) ), see\n> kvm_vm_ioctl_create_vcpu(). We should also test and reject hbase\n> and hmask in all the SBI calls to ensure that hbase is in the\n> same range as vcpu_ids and hmask is in the [0, BITS_PER_LONG)\n> range.\n\neh, scratch this last phrase. Of course hmask can be [0, ULONG_MAX], not\njust [0, BITS_PER_LONG) - so it doesn't need a range check. I guess my\nhead hurt too much when I wrote that...\n\ndrew","headers":{"Return-Path":"\n <kvm-riscv-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=xIKL6ks3;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=qualcomm.com header.i=@qualcomm.com header.a=rsa-sha256\n header.s=qcppdkim1 header.b=f9YsfV+a;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=oss.qualcomm.com header.i=@oss.qualcomm.com\n header.a=rsa-sha256 header.s=google header.b=RuX3h5kf;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=kvm-riscv-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fnNDm0JYCz1yCs\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 04 Apr 2026 02:39:04 +1100 (AEDT)","from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1w8gbu-00000002E89-1UQZ;\n\tFri, 03 Apr 2026 15:39:02 +0000","from mx0a-0031df01.pphosted.com ([205.220.168.131])\n\tby bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1w8gbs-00000002E7M-0PCt\n\tfor kvm-riscv@lists.infradead.org;\n\tFri, 03 Apr 2026 15:39:01 +0000","from pps.filterd (m0279864.ppops.net [127.0.0.1])\n\tby mx0a-0031df01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id\n 633ETfxv140906\n\tfor <kvm-riscv@lists.infradead.org>; Fri, 3 Apr 2026 15:38:59 GMT","from mail-dl1-f69.google.com (mail-dl1-f69.google.com\n [74.125.82.69])\n\tby mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4da83y1hn4-1\n\t(version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT)\n\tfor <kvm-riscv@lists.infradead.org>; Fri, 03 Apr 2026 15:38:58 +0000 (GMT)","by mail-dl1-f69.google.com with SMTP id\n a92af1059eb24-12711ec96fbso2897231c88.0\n        for <kvm-riscv@lists.infradead.org>;\n Fri, 03 Apr 2026 08:38:58 -0700 (PDT)","from localhost ([140.82.166.162])\n        by smtp.gmail.com with ESMTPSA id\n a92af1059eb24-12bedea9807sm4669086c88.15.2026.04.03.08.38.56\n        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n        Fri, 03 Apr 2026 08:38:56 -0700 (PDT)"],"DKIM-Signature":["v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:\n\tMessage-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=yChexlqyUSf7EAuVrrmefvpdlspkuK13Dy/9R55sX+0=; b=xIKL6ks3WUS8wO\n\t58hNdcXpdELxtzDRlcQskTEdo3Mcs+KPbZVlMbVAO0tNknp2Nl/kDzvZXqjwkW42dalRCxT3NaIag\n\t6R89ePPiv1f3StlWAyq0538OITJcfvk1u6IThklcF/IRI2wYVBT/eGlBM53o8dlZ5koAVelCzSwY9\n\tSbiGXwwb89xxJNrMTCOaRjwF0r0LXGhjdrN4pGoO8qh4cXf0f9IOHV0b79B1KofkaVCapVK8WKmN9\n\tJVPn73w1a6qGZpvREmALvJKFirmsx3Y1dV2KuvYRWTv/3SATxTU9U0pBEtxiy2lkzkXjde13x75J/\n\tJeekQQsvVTH7fU5b4ezQ==;","v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h=\n\tcc:content-type:date:from:in-reply-to:message-id:mime-version\n\t:references:subject:to; s=qcppdkim1; bh=dlQHizxSHnf89XQwG90apDFP\n\tE1boyp7qYsxMDR+MAKc=; b=f9YsfV+ajdvocMSfQLYKAK2lumyoUM73YP0zzUm6\n\tPfpAOWsaVN9ZI2RgMVhw7p/CXwKale7DGZW/s2moMVwBv5WAf65AxPuSb2yh6RyK\n\tjY9aim51m6nzrDTUGtVryEr9IBS1kGgsvb4HjrGJ8+ZGWZ39vwi+pdOB+gZRxOvC\n\tEbXnY5B4UKbcdMgqf360mbtrvwULkl2pL4mSB8RL98zKT7CyvgxhS4gP+KDWBr+n\n\teWIh7pQSgHHLalv+BDyPXdUCvQ+JcE+mE9UXFrI4FzAm4KbW6HibHJZg8fx3ShLH\n\tUPU/jmIamyqu/R0jhIx+oCOYjIM2H50FrUEnQFqJMp7niQ==","v=1; a=rsa-sha256; c=relaxed/relaxed;\n        d=oss.qualcomm.com; s=google; t=1775230738; x=1775835538;\n darn=lists.infradead.org;\n        h=in-reply-to:content-disposition:mime-version:references:message-id\n         :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;\n        bh=dlQHizxSHnf89XQwG90apDFPE1boyp7qYsxMDR+MAKc=;\n        b=RuX3h5kftYThj0ImGBKALXxlm4awlXtZtzczFQgthNRHIzlp5WCerqorkiz53SZCde\n         m6r85l2XZar3F5E0ltsb5IzGk3BXjPXZyO2NB9YJxRCstgSV061pyaQRf+tiAeJr+w2N\n         ipU1kURTO8cZ6lgU0RH3f/bhVU00lH0PjLTwBqYWxCGejlY303D9ILmScxkWzyRrIGmB\n         mH+GsEVCiVDI6OJ4IBW4yJFTNhWAgSldnS8vZI7ccz+m0UjetRXOBqTxeYkspi1QyoqX\n         OB6m8xNEEyi5ympCxpKNhV6Ahk+6t0q42ZFudI8xX8d5Ivr9tbgUWQ2xquYvji2FL9lU\n         aVgQ=="],"X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n        d=1e100.net; s=20251104; t=1775230738; x=1775835538;\n        h=in-reply-to:content-disposition:mime-version:references:message-id\n         :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc\n         :subject:date:message-id:reply-to;\n        bh=dlQHizxSHnf89XQwG90apDFPE1boyp7qYsxMDR+MAKc=;\n        b=XtEslE8ycbjD5EhN/q1VrkMhYHfNNbhaRrlzp+Rxcplxof9ZKc0n9XAm9gVnK9B6ld\n         7ASg8XBAhi9qitbg2RpQsap5qOtV2WG8mcLIqFtNJbHi8Qhqd3RXix2gXUNB6wCyUfkZ\n         a7fSpXSnGRYLbmPKcwWebcaTj+XPFZydtEOlHQYgk5GNh2Zt9VCBqmJuZl4egrZ97cBD\n         cnmrloLeSnPYatbkJfBTJGqSeXOph9uRgtHmS2lHinnZvX7ZUpFfNSmWUPCgaxIfUCnU\n         hdnFxKgnM023oYinl4VuuNiVze/dSC2Xo422jUc7b04qwLxz7Mmm46ZyM/c3Mly7jkOy\n         Lu5A==","X-Gm-Message-State":"AOJu0YwPVMbGKezgWadCa3ehg6TODQ5f4Ru1Cfu/Q3xOSy9vq3so4ARj\n\tGG8lqv8j1jnRJ4EzEAbGvGxyCyDIk+EHmN5axUn6MKRIAifFlQuPbNFZJqzrYiJUA0BPIcUaGCI\n\tCIF+fqXu0T8xOsGPWYgaS1wWG9fYKY9WKxJObeGMZ/lB1GBSIkXjOS61JZn76uPrIMsL9","X-Gm-Gg":"ATEYQzyKCjPcd2ZNxUYQqkMCujDf7vtbIdw1LGEcidZrwAxEs4yWmg78KXgquLRppNF\n\t4HLK+yvxz12MnZNPBDuXpbG0mJ0aIH2PvLxSOVWTvShBFQejD6Jd7lDV8yO3k2AVPIKYpGD66Ln\n\tsDlz5uKy1YyLGAjKJ6mu2QdjjIRy3dWyJaZxb12BNomgwIzMEXJDBV8bKr7jdoti2Ub85cQ/75R\n\tWo4/5cPC7GgGYka4Pv6g8RSqOPLnnetexCIqc9+gZbCck5AkaBD0VFoxi0bIkky9V6Enrp5G36Z\n\tOBoWnkALD53FmUBMBr6qbHucCHTxOSD+9QGzay5vz7I+XCQHv8SLGmzKuUDawLEsN97iIGDe3+u\n\tPUZghDk+3fwwyCyvdH1o9ZGqkaMgxfo4=","X-Received":["by 2002:a05:7022:6997:b0:11a:4016:44a5 with SMTP id\n a92af1059eb24-12bfb7455dcmr1659269c88.24.1775230737734;\n        Fri, 03 Apr 2026 08:38:57 -0700 (PDT)","by 2002:a05:7022:6997:b0:11a:4016:44a5 with SMTP id\n a92af1059eb24-12bfb7455dcmr1659243c88.24.1775230737154;\n        Fri, 03 Apr 2026 08:38:57 -0700 (PDT)"],"Date":"Fri, 3 Apr 2026 10:38:55 -0500","From":"Andrew Jones <andrew.jones@oss.qualcomm.com>","To":"Jiakai Xu <xujiakai2025@iscas.ac.cn>","Cc":"kvm-riscv@lists.infradead.org, kvm@vger.kernel.org,\n        linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org,\n        Albert Ou <aou@eecs.berkeley.edu>, Alexandre Ghiti <alex@ghiti.fr>,\n        Anup Patel <anup@brainfault.org>, Atish Patra <atish.patra@linux.dev>,\n        Palmer Dabbelt <palmer@dabbelt.com>, Paul Walmsley <pjw@kernel.org>,\n        Jiakai Xu <jiakaiPeanut@gmail.com>","Subject":"Re: [PATCH] RISC-V: KVM: Fix shift-out-of-bounds in\n make_xfence_request()","Message-ID":"<wneyyisnu6rtkzwpdantjfb6e3fzakkc4gbyfuanavunjoxaev@5niyyh64rdrb>","References":"<20260403061302.2203179-1-xujiakai2025@iscas.ac.cn>\n <hkbpiuquqvsseu7tkv5gtlfxlj7qvsjoj6rndntty2btpcmdpx@4dfgpwffld2k>","MIME-Version":"1.0","Content-Disposition":"inline","In-Reply-To":"<hkbpiuquqvsseu7tkv5gtlfxlj7qvsjoj6rndntty2btpcmdpx@4dfgpwffld2k>","X-Authority-Analysis":"v=2.4 cv=ar6/yCZV c=1 sm=1 tr=0 ts=69cfdf12 cx=c_pps\n a=kVLUcbK0zfr7ocalXnG1qA==:117 a=cvcws7F5//HeuvjG1O1erQ==:17\n a=kj9zAlcOel0A:10 a=A5OVakUREuEA:10 a=s4-Qcg_JpJYA:10\n a=VkNPw1HP01LnGYTKEx00:22 a=u7WPNUs3qKkmUXheDGA7:22 a=DJpcGTmdVt4CTyJn9g5Z:22\n a=pGLkceISAAAA:8 a=MZhlcbl5PfivOvk-ML8A:9 a=CjuIK1q_8ugA:10\n a=vr4QvYf-bLy2KjpDp97w:22","X-Proofpoint-ORIG-GUID":"4UOqAb7i8xcT2yUbdgMHWCiyio174Ed8","X-Proofpoint-GUID":"4UOqAb7i8xcT2yUbdgMHWCiyio174Ed8","X-Proofpoint-Spam-Details-Enc":"AW1haW4tMjYwNDAzMDEzOCBTYWx0ZWRfX8bKkIg/oYjKY\n Q1/fuboP7q66N+AeTqig9jVSLO66DuAWI5eH8iaDOm47TI/Jq8Ihs3Dm+Zpx3eJoc7fq5oqpUaj\n Rg6wF6GcaDMazavJvPitYlHP3AX9BT9dqdEjIpbN7UyNMnWi7/8V/tJnrH9CBapwW0pSunJX0sa\n yl5OCet1jPcXN6Og7zfEUbCPlUp7lu074U4UyxiHn181Plw0H0sMLI/UT+ss1P0lSjCFxyyoVY0\n vfvGj3D62B0yj8ilGPzgKA4LZfx2/mWy8l/fBUgsYmhnggejqrhVICDDNI/zyHKQCxgonVh8BHG\n /x1u8UUwjCgL5Ztdyz9B4wvHP4MOPQEqbBClcDLCHNLIXmNdtYVsGTHmLlHwBWKVezhIHiJR+2u\n PNYLOylz7VQ5S+UowlFV3NNxNoX5lnG1nH84SHn1AP41MzA4sr7ucwFMI5cWbCLDcxPJtvJGGQ+\n YCIArqpXzHwgR9COLqw==","X-Proofpoint-Virus-Version":"vendor=baseguard\n engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49\n definitions=2026-04-03_05,2026-04-03_01,2025-10-01_01","X-Proofpoint-Spam-Details":"rule=outbound_notspam policy=outbound score=0\n priorityscore=1501 suspectscore=0 lowpriorityscore=0 bulkscore=0 adultscore=0\n malwarescore=0 phishscore=0 spamscore=0 clxscore=1015 impostorscore=0\n classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0\n reason=mlx scancount=1 engine=8.22.0-2603050001 definitions=main-2604030138","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20260403_083900_145996_09DFF2C5 ","X-CRM114-Status":"GOOD (  30.47  )","X-Spam-Score":"-2.8 (--)","X-Spam-Report":"Spam detection software,\n running on the system \"bombadil.infradead.org\",\n has NOT identified this incoming email as spam.  The original\n message has been attached to this so you can view it or label\n similar future email.  If you have any questions, see\n the administrator of that system for details.\n Content preview:  On Fri, Apr 03, 2026 at 10:30:35AM -0500,\n Andrew Jones wrote:\n    > On Fri, Apr 03, 2026 at 06:13:02AM +0000,\n Jiakai Xu wrote: > > The make_xfence_request()\n    function uses a shift operation to check if a > [...]\n Content analysis details:   (-2.8 points, 5.0 required)\n  pts rule name              description\n ---- ----------------------\n --------------------------------------------------\n -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at https://www.dnswl.org/, low\n                             trust\n                             [205.220.168.131 listed in list.dnswl.org]\n  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record\n -0.0 SPF_PASS               SPF: sender matches SPF record\n  0.1 DKIM_SIGNED            Message has a DKIM or DK signature,\n not necessarily valid\n -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from\n                             envelope-from domain\n -0.1 DKIM_VALID             Message has at least one valid DKIM or DK\n signature\n -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from\n author's\n                             domain\n -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%\n                             [score: 0.0000]\n  0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to\n                              Validity was blocked.  See\n                             https://knowledge.validity.com/hc/en-us/articles/20961730681243\n                              for more information.\n                             [205.220.168.131 listed in\n sa-accredit.habeas.com]\n  0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The\n                             query to Validity was blocked.  See\n                             https://knowledge.validity.com/hc/en-us/articles/20961730681243\n                              for more information.\n                        [205.220.168.131 listed in\n sa-trusted.bondedsender.org]\n  0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to\n                              Validity was blocked.  See\n                             https://knowledge.validity.com/hc/en-us/articles/20961730681243\n                              for more information.\n                           [205.220.168.131 listed in\n bl.score.senderscore.com]","X-BeenThere":"kvm-riscv@lists.infradead.org","X-Mailman-Version":"2.1.34","Precedence":"list","List-Id":"<kvm-riscv.lists.infradead.org>","List-Unsubscribe":"<http://lists.infradead.org/mailman/options/kvm-riscv>,\n <mailto:kvm-riscv-request@lists.infradead.org?subject=unsubscribe>","List-Archive":"<http://lists.infradead.org/pipermail/kvm-riscv/>","List-Post":"<mailto:kvm-riscv@lists.infradead.org>","List-Help":"<mailto:kvm-riscv-request@lists.infradead.org?subject=help>","List-Subscribe":"<http://lists.infradead.org/mailman/listinfo/kvm-riscv>,\n <mailto:kvm-riscv-request@lists.infradead.org?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"\"kvm-riscv\" <kvm-riscv-bounces@lists.infradead.org>","Errors-To":"kvm-riscv-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"}},{"id":3673344,"web_url":"http://patchwork.ozlabs.org/comment/3673344/","msgid":"<20260403230737.2388099-1-xujiakai2025@iscas.ac.cn>","list_archive_url":null,"date":"2026-04-03T23:07:37","subject":"Re: [PATCH] RISC-V: KVM: Fix shift-out-of-bounds in\n make_xfence_request()","submitter":{"id":92543,"url":"http://patchwork.ozlabs.org/api/people/92543/","name":"Jiakai Xu","email":"xujiakai2025@iscas.ac.cn"},"content":"> idx is unsigned, so I would expect this 'idx < 0' to produce a warning\n> that it's always false.\n> \n> I wouldn't introduce idx and just change the current condition instead\n> \n>   if (vcpu->vcpu_id < hbase || vcpu->vcpu_id >= hbase + BITS_PER_LONG)\n>      continue;\n\nThanks for the review!\n\nYou're right, the 'idx < 0' check is redundant since idx is unsigned.\nWill drop the idx variable and use your suggested condition directly.\n\nWill send a v2 shortly.\n\nThanks,\nJiakai","headers":{"Return-Path":"\n <kvm-riscv-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=YjkAMUA7;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=kvm-riscv-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fnZCS65m9z1yD3\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 04 Apr 2026 10:08:33 +1100 (AEDT)","from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1w8nco-00000002i35-26Iy;\n\tFri, 03 Apr 2026 23:08:26 +0000","from smtp21.cstnet.cn ([159.226.251.21] helo=cstnet.cn)\n\tby bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1w8ncl-00000002i2U-0w3c;\n\tFri, 03 Apr 2026 23:08:25 +0000","from fric.. (unknown [210.73.43.101])\n\tby APP-01 (Coremail) with SMTP id qwCowABXAW05SNBprXYbDA--.6997S2;\n\tSat, 04 Apr 2026 07:07:38 +0800 (CST)"],"DKIM-Signature":"v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:\n\tMessage-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=K9P6DlMV5Kj+uWbTIVsZyHTQ7QSdCAP+lIlLYk1ISfU=; b=YjkAMUA7mniZtd\n\tCDxI0Qc2bvPpHaUAoQ8icW5v4Nh4+sI651pRQucjX82Kf8uDj74KLxHVlLY/B07ktFX4gQEcrTfLH\n\tQNfvoFljREoZqeFuBoaXRB9AYfznxeejTT/FKVpbdn1WP3T3zGJlOsGnkguxrnw9UFZuEjHxaA4bs\n\tmH5KddZnkKYaxU8pTDHtfhTvFHt2j2ldK25cU4vAUFuzbMOnChMyBy8cVmDi6+qD9TgB+jxts8D9O\n\tyabtQ15yCVFlQ3Qxzc7Cgnd8RhZYmo4B62WiCozlIyQnZQE3PT7LLMDjHreMNyMPflyf0RV4gvZ4c\n\tMuPldU4TZMrZ9LhAmtww==;","From":"Jiakai Xu <xujiakai2025@iscas.ac.cn>","To":"andrew.jones@oss.qualcomm.com","Cc":"alex@ghiti.fr,\n\tanup@brainfault.org,\n\taou@eecs.berkeley.edu,\n\tatish.patra@linux.dev,\n\tjiakaiPeanut@gmail.com,\n\tkvm-riscv@lists.infradead.org,\n\tkvm@vger.kernel.org,\n\tlinux-kernel@vger.kernel.org,\n\tlinux-riscv@lists.infradead.org,\n\tpalmer@dabbelt.com,\n\tpjw@kernel.org,\n\txujiakai2025@iscas.ac.cn","Subject":"Re: [PATCH] RISC-V: KVM: Fix shift-out-of-bounds in\n make_xfence_request()","Date":"Fri,  3 Apr 2026 23:07:37 +0000","Message-Id":"<20260403230737.2388099-1-xujiakai2025@iscas.ac.cn>","X-Mailer":"git-send-email 2.34.1","In-Reply-To":"<wneyyisnu6rtkzwpdantjfb6e3fzakkc4gbyfuanavunjoxaev@5niyyh64rdrb>","References":"<wneyyisnu6rtkzwpdantjfb6e3fzakkc4gbyfuanavunjoxaev@5niyyh64rdrb>","MIME-Version":"1.0","X-CM-TRANSID":"qwCowABXAW05SNBprXYbDA--.6997S2","X-Coremail-Antispam":"1UD129KBjDUn29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7v73\n\tVFW2AGmfu7bjvjm3AaLaJ3UjIYCTnIWjp_UUUYM7AC8VAFwI0_Gr0_Xr1l1xkIjI8I6I8E\n\t6xAIw20EY4v20xvaj40_Wr0E3s1l1IIY67AEw4v_Jr0_Jr4l8cAvFVAK0II2c7xJM28Cjx\n\tkF64kEwVA0rcxSw2x7M28EF7xvwVC0I7IYx2IY67AKxVW5JVW7JwA2z4x0Y4vE2Ix0cI8I\n\tcVCY1x0267AKxVW8JVWxJwA2z4x0Y4vEx4A2jsIE14v26r4UJVWxJr1l84ACjcxK6I8E87\n\tIv6xkF7I0E14v26F4UJVW0owAac4AC62xK8xCEY4vEwIxC4wAS0I0E0xvYzxvE52x082IY\n\t62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0I7IYx2IY67AKxVWUJVWUGwAv7V\n\tC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r4UM4x0Y48IcxkI7VAKI48JM4x0\n\tx7Aq67IIx4CEVc8vx2IErcIFxwACI402YVCY1x02628vn2kIc2xKxwCF04k20xvY0x0EwI\n\txGrwCF54CYxVCY1x0262kKe7AKxVWUtVW8ZwCFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s02\n\t6c02F40E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_Jw\n\t0_GFylIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI42IY6xIIjxv20xvE\n\tc7CjxVAFwI0_Gr0_Cr1lIxAIcVCF04k26cxKx2IYs7xG6r1j6r1xMIIF0xvEx4A2jsIE14\n\tv26r1j6r4UMIIF0xvEx4A2jsIEc7CjxVAFwI0_Gr0_Gr1UYxBIdaVFxhVjvjDU0xZFpf9x\n\t0JUQZ23UUUUU=","X-Originating-IP":"[210.73.43.101]","X-CM-SenderInfo":"50xmxthndljiysv6x2xfdvhtffof0/1tbiBwwGCWnP11+mewAAs3","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20260403_160823_644910_A8F403E1 ","X-CRM114-Status":"UNSURE (   5.63  )","X-CRM114-Notice":"Please train this message.","X-Spam-Score":"-4.2 (----)","X-Spam-Report":"Spam detection software,\n running on the system \"bombadil.infradead.org\",\n has NOT identified this incoming email as spam.  The original\n message has been attached to this so you can view it or label\n similar future email.  If you have any questions, see\n the administrator of that system for details.\n Content preview:  > idx is unsigned,\n so I would expect this 'idx < 0' to produce\n    a warning > that it's always false. > > I wouldn't introduce idx and just\n    change the current condition instead > > if (vcpu->vcpu_id < hb [...]\n Content analysis details:   (-4.2 points, 5.0 required)\n  pts rule name              description\n ---- ----------------------\n --------------------------------------------------\n  0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to\n                              Validity was blocked.  See\n                             https://knowledge.validity.com/hc/en-us/articles/20961730681243\n                              for more information.\n                             [159.226.251.21 listed in sa-accredit.habeas.com]\n  0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The\n                             query to Validity was blocked.  See\n                             https://knowledge.validity.com/hc/en-us/articles/20961730681243\n                              for more information.\n                         [159.226.251.21 listed in\n sa-trusted.bondedsender.org]\n -2.3 RCVD_IN_DNSWL_MED      RBL: Sender listed at https://www.dnswl.org/,\n                             medium trust\n                             [159.226.251.21 listed in list.dnswl.org]\n  0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to\n                              Validity was blocked.  See\n                             https://knowledge.validity.com/hc/en-us/articles/20961730681243\n                              for more information.\n                            [159.226.251.21 listed in\n bl.score.senderscore.com]\n -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record\n -0.0 SPF_PASS               SPF: sender matches SPF record\n -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%\n                             [score: 0.0000]","X-BeenThere":"kvm-riscv@lists.infradead.org","X-Mailman-Version":"2.1.34","Precedence":"list","List-Id":"<kvm-riscv.lists.infradead.org>","List-Unsubscribe":"<http://lists.infradead.org/mailman/options/kvm-riscv>,\n <mailto:kvm-riscv-request@lists.infradead.org?subject=unsubscribe>","List-Archive":"<http://lists.infradead.org/pipermail/kvm-riscv/>","List-Post":"<mailto:kvm-riscv@lists.infradead.org>","List-Help":"<mailto:kvm-riscv-request@lists.infradead.org?subject=help>","List-Subscribe":"<http://lists.infradead.org/mailman/listinfo/kvm-riscv>,\n <mailto:kvm-riscv-request@lists.infradead.org?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"\"kvm-riscv\" <kvm-riscv-bounces@lists.infradead.org>","Errors-To":"kvm-riscv-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"}}]