KVM: arm64: Remove potential UB on nvhe tracing clock update

Sashiko(locally) reports possiblity of division by zero and
out-of-bounds bitwise shift in trace_clock_update().

Although the clock update is untrusted, we should at least have some
basic checks to avoid undefined behaviours.

Reviewed-by: Vincent Donnefort <vdonnefort@google.com>
Signed-off-by: Mostafa Saleh <smostafa@google.com>
Link: https://patch.msgid.link/20260430103724.2151625-1-smostafa@google.com
Signed-off-by: Marc Zyngier <maz@kernel.org>

diff --git a/arch/arm64/kvm/hyp/nvhe/clock.c b/arch/arm64/kvm/hyp/nvhe/clock.c
index 32fc4313fe432aa6f96265940cc6d97836c0b3e6..a7fc61976fd0dcbb42c0687b3ac0d0d8a348b1f0 100644 (file)
--- a/arch/arm64/kvm/hyp/nvhe/clock.c
+++ b/arch/arm64/kvm/hyp/nvhe/clock.c
@@ -35,6 +35,9 @@ void trace_clock_update(u32 mult, u32 shift, u64 epoch_ns, u64 epoch_cyc)
        struct clock_data *clock = &trace_clock_data;
        u64 bank = clock->cur ^ 1;
 
+       if (!mult || shift >= 64)
+               return;
+
        clock->data[bank].mult                  = mult;
        clock->data[bank].shift                 = shift;
        clock->data[bank].epoch_ns              = epoch_ns;