xenbits.xensource.com Git - qemu-xen.git/commit

author	Nicholas Piggin <npiggin@gmail.com>
	Tue, 30 May 2023 13:12:12 +0000 (23:12 +1000)
committer	Michael Tokarev <mjt@tls.msk.ru>
	Fri, 30 Jun 2023 06:18:28 +0000 (09:18 +0300)
commit	55ee115e7a13c6a923d3f7f7f18fd3f5de6653aa
tree	b670cf3f098151d786a7581bf6d318cba3039a74	tree
parent	ce6331222dd74abb8ca9832e0cf011ecb9af7408	commit \| diff

target/ppc: Fix decrementer time underflow and infinite timer loop

It is possible to store a very large value to the decrementer that it
does not raise the decrementer exception so the timer is scheduled, but
the next time value wraps and is treated as in the past.

This can occur if (u64)-1 is stored on a zero-triggered exception, or
(u64)-1 is stored twice on an underflow-triggered exception, for
example.

If such a value is set in DECAR, it gets stored to the decrementer by
the timer function, which then immediately causes another timer, which
hangs QEMU.

Clamp the decrementer to the implemented width, and use that as the
value for the timer calculation, effectively preventing this overflow.

Reported-by: sdicaro@DDCI.com
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20230530131214.373524-1-npiggin@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
(cherry picked from commit 09d2db9f46e38e2da990df8ad914d735d764251a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>