KVM: arm64: Remove potential UB on nvhe tracing clock update

Sashiko(locally) reports possiblity of division by zero and out-of-bounds bitwise shift in trace_clock_update(). Although the clock update is untrusted, we should at least have some basic checks to avoid undefined behaviours. Reviewed-by: Vincent Donnefort <vdonnefort@google.com> Signed-off-by: Mostafa Saleh <smostafa@google.com> Link: https://patch.msgid.link/20260430103724.2151625-1-smostafa@google.com Signed-off-by: Marc Zyngier <maz@kernel.org>
author: Mostafa Saleh <smostafa@google.com> 2026-04-30 13:37:24 +0300
committer: Marc Zyngier <maz@kernel.org> 2026-05-06 19:09:48 +0300
commit: 9a624ea3f26f40c76bd2c7f77cde30659d42efbd (patch)
tree: e840645227a6404bcd2ae75e8ffb6540b2e413a1
parent: fc240715fc5003538ff530e3cfb985e7769b7171 (diff)
download: linux-9a624ea3f26f40c76bd2c7f77cde30659d42efbd.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/arch/arm64/kvm/hyp/nvhe/clock.c b/arch/arm64/kvm/hyp/nvhe/clock.c
index 32fc4313fe43..a7fc61976fd0 100644
--- a/arch/arm64/kvm/hyp/nvhe/clock.c
+++ b/arch/arm64/kvm/hyp/nvhe/clock.c
@@ -35,6 +35,9 @@ void trace_clock_update(u32 mult, u32 shift, u64 epoch_ns, u64 epoch_cyc)
 	struct clock_data *clock = &trace_clock_data;
 	u64 bank = clock->cur ^ 1;
 
+	if (!mult || shift >= 64)
+		return;
+
 	clock->data[bank].mult			= mult;
 	clock->data[bank].shift			= shift;
 	clock->data[bank].epoch_ns		= epoch_ns;
author	Mostafa Saleh <smostafa@google.com>	2026-04-30 13:37:24 +0300
committer	Marc Zyngier <maz@kernel.org>	2026-05-06 19:09:48 +0300
commit	9a624ea3f26f40c76bd2c7f77cde30659d42efbd (patch)
tree	e840645227a6404bcd2ae75e8ffb6540b2e413a1
parent	fc240715fc5003538ff530e3cfb985e7769b7171 (diff)
download	linux-9a624ea3f26f40c76bd2c7f77cde30659d42efbd.tar.xz