On Fri, Mar 20, 2015 at 10:13:26AM +0100, Paolo Bonzini wrote:
>
>
> On 20/03/2015 04:11, David Gibson wrote:
> > If the guest programs a sufficiently large timeout value an integer
> > overflow can occur in i6300esb_restart_timer(). e.g. if the maximum
> > possible timer preload value of 0x
On 20/03/2015 04:11, David Gibson wrote:
> If the guest programs a sufficiently large timeout value an integer
> overflow can occur in i6300esb_restart_timer(). e.g. if the maximum
> possible timer preload value of 0xf is programmed then we end up with
> the calculation:
>
> timeout = get_t
On Fri, Mar 20, 2015 at 02:11:56PM +1100, David Gibson wrote:
> If the guest programs a sufficiently large timeout value an integer
> overflow can occur in i6300esb_restart_timer(). e.g. if the maximum
> possible timer preload value of 0xf is programmed then we end up with
> the calculation:
>
If the guest programs a sufficiently large timeout value an integer
overflow can occur in i6300esb_restart_timer(). e.g. if the maximum
possible timer preload value of 0xf is programmed then we end up with
the calculation:
timeout = get_ticks_per_sec() * (0xf << 15) / 3300;
get_ticks
