qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v1 1/2] target/ppc: Fix decrementer time underflow and infini

From: Michael Tokarev
Subject: Re: [PATCH v1 1/2] target/ppc: Fix decrementer time underflow and infinite timer loop
Date: Wed, 7 Jun 2023 12:26:47 +0300
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 
30.05.2023 16:12, Nicholas Piggin wrote:

It is possible to store a very large value to the decrementer that it
does not raise the decrementer exception so the timer is scheduled, but
the next time value wraps and is treated as in the past.

This can occur if (u64)-1 is stored on a zero-triggered exception, or
(u64)-1 is stored twice on an underflow-triggered exception, for
example.

If such a value is set in DECAR, it gets stored to the decrementer by
the timer function, which then immediately causes another timer, which
hangs QEMU.

Clamp the decrementer to the implemented width, and use that as the
value for the timer calculation, effectively preventing this overflow.

Reported-by: sdicaro@DDCI.com
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
sdicaro@DDCI.com debugged and reported this, I just changed their fix
to extract variable bits so it works with large decrementer. So most
of the credit goes to them.

Thanks,
Nick

  hw/ppc/ppc.c | 2 ++
  1 file changed, 2 insertions(+)


Is it a -stable material?  From the description it smells like it is.

Thanks,

/mjt
reply via email to
[Prev in Thread] Current Thread [Next in Thread]