From nobody Mon Feb 9 07:07:25 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 162913751612117.623276247753893; Mon, 16 Aug 2021 11:11:56 -0700 (PDT) Received: from localhost ([::1]:37986 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mFh5W-0004IO-NB for importer@patchew.org; Mon, 16 Aug 2021 14:11:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:51922) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mFgVW-0001BC-KY; Mon, 16 Aug 2021 13:34:42 -0400 Received: from mail.salt-inc.org ([104.244.79.104]:25588 helo=vm0.salt-inc.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mFgVT-0000Tw-Bi; Mon, 16 Aug 2021 13:34:42 -0400 Received: from pc1 (92.229-132-109.adsl-dyn.isp.belgacom.be [109.132.229.92]) by vm0.salt-inc.org (Postfix) with ESMTPSA id 93790FF2AB; Sun, 16 Aug 2020 19:33:56 +0200 (CEST) Received: from david by pc1 with local (Exim 4.92) (envelope-from ) id 1mFgUJ-0001Mm-G0; Mon, 16 Aug 2021 19:33:27 +0200 From: David Hoppenbrouwers To: qemu-devel@nongnu.org Subject: [PATCH] hw/intc/sifive_clint: Fix overflow in sifive_clint_write_timecmp() Date: Mon, 16 Aug 2021 19:30:35 +0200 Message-Id: <20210816173035.5165-1-david@salt-inc.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=104.244.79.104; envelope-from=david@salt-inc.org; helo=vm0.salt-inc.org X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Mon, 16 Aug 2021 14:10:06 -0400 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Bin Meng , Palmer Dabbelt , David Hoppenbrouwers , Alistair Francis , "open list:SiFive Machines" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZM-MESSAGEID: 1629137519582100001 Content-Type: text/plain; charset="utf-8" `next` is an `uint64_t` value, but `timer_mod` takes an `int64_t`. This resulted in high values such as `UINT64_MAX` being converted to `-1`, which caused an immediate timer interrupt. By limiting `next` to `INT64_MAX` no overflow will happen while the timer will still be effectively set to "infinitely" far in the future. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/493 Signed-off-by: David Hoppenbrouwers --- hw/intc/sifive_clint.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hw/intc/sifive_clint.c b/hw/intc/sifive_clint.c index 0f41e5ea1c..e65e71e5ec 100644 --- a/hw/intc/sifive_clint.c +++ b/hw/intc/sifive_clint.c @@ -61,6 +61,8 @@ static void sifive_clint_write_timecmp(RISCVCPU *cpu, uin= t64_t value, /* back to ns (note args switched in muldiv64) */ next =3D qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + muldiv64(diff, NANOSECONDS_PER_SECOND, timebase_freq); + /* ensure next does not overflow, as timer_mod takes a signed value */ + next =3D MAX(next, INT64_MAX); timer_mod(cpu->env.timer, next); } =20 --=20 2.20.1