Re: [Qemu-devel] [PATCH] dma: rc4030: limit interval timer reload value

Paolo Bonzini Thu, 10 Nov 2016 06:58:19 -0800


On 10/11/2016 06:56, Gonglei (Arei) wrote:
> Any ideas about this fix?


It seems sensible, but perhaps the field is even smaller.  Let's CC
Hervé and Aurelien as I don't have a datasheet for this device.

Also, s->itr is used here:

    tm_hz = 1000 / (s->itr + 1);

    timer_mod(s->periodic_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
                   NANOSECONDS_PER_SECOND / tm_hz);

and this is the same as

    timer_mod(s->periodic_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
              NANOSECONDS_PER_SECOND / 1000 * (s->itr + 1));

so perhaps it's better to do it like that.

Paolo

>> -----Original Message-----
>> From: Qemu-devel
>> [mailto:qemu-devel-bounces+arei.gonglei=huawei....@nongnu.org] On
>> Behalf Of P J P
>> Sent: Wednesday, October 12, 2016 8:38 PM
>> To: Qemu Developers
>> Cc: Paolo Bonzini; Huawei PSIRT; Prasad J Pandit; Michael S. Tsirkin
>> Subject: [Qemu-devel] [PATCH] dma: rc4030: limit interval timer reload value
>>
>> From: Prasad J Pandit <p...@fedoraproject.org>
>>
>> The JAZZ RC4030 chipset emulator has a periodic timer and
>> associated interval reload register. The reload value is used
>> as divider when computing timer's next tick value. If reload
>> value is large, it could lead to divide by zero error. Limit
>> the interval reload value to avoid it.
>>
>> Reported-by: Huawei PSIRT <ps...@huawei.com>
>> Signed-off-by: Prasad J Pandit <p...@fedoraproject.org>
>> ---
>>  hw/dma/rc4030.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c
>> index 2f2576f..c1b4997 100644
>> --- a/hw/dma/rc4030.c
>> +++ b/hw/dma/rc4030.c
>> @@ -460,7 +460,7 @@ static void rc4030_write(void *opaque, hwaddr addr,
>> uint64_t data,
>>          break;
>>      /* Interval timer reload */
>>      case 0x0228:
>> -        s->itr = val;
>> +        s->itr = val & 0x01FF;
>>          qemu_irq_lower(s->timer_irq);
>>          set_next_tick(s);
>>          break;
>> --
>> 2.5.5
>>
> 
> 
>

Re: [Qemu-devel] [PATCH] dma: rc4030: limit interval timer reload value

Reply via email to