On Mon, Mar 23, 2015 at 12:51:48PM +1100, David Gibson wrote:
> If the guest programs a sufficiently large timeout value an integer
> overflow can occur in i6300esb_restart_timer(). e.g. if the maximum
> possible timer preload value of 0xf is programmed then we end up with
> the calculation:
>
If the guest programs a sufficiently large timeout value an integer
overflow can occur in i6300esb_restart_timer(). e.g. if the maximum
possible timer preload value of 0xf is programmed then we end up with
the calculation:
timeout = get_ticks_per_sec() * (0xf << 15) / 3300;
get_ticks
