qemu/hw/ppc
Nicholas Piggin 4d8459c365 target/ppc: Fix decrementer time underflow and infinite timer loop
It is possible to store a very large value to the decrementer that it
does not raise the decrementer exception so the timer is scheduled, but
the next time value wraps and is treated as in the past.

This can occur if (u64)-1 is stored on a zero-triggered exception, or
(u64)-1 is stored twice on an underflow-triggered exception, for
example.

If such a value is set in DECAR, it gets stored to the decrementer by
the timer function, which then immediately causes another timer, which
hangs QEMU.

Clamp the decrementer to the implemented width, and use that as the
value for the timer calculation, effectively preventing this overflow.

Reported-by: sdicaro@DDCI.com
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20230530131214.373524-1-npiggin@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
(cherry picked from commit 09d2db9f46)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2023-06-30 09:18:28 +03:00
..
e500-ccsr.h Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
e500.c hw/ppc/e500: Implement pflash handling 2022-10-29 06:34:34 -03:00
e500.h hw/ppc/e500: Remove if statement which is now always true 2022-10-17 16:15:09 -03:00
e500plat.c hw/ppc/e500: Remove if statement which is now always true 2022-10-17 16:15:09 -03:00
fdt.c target/ppc: Split page size information into a separate allocation 2018-04-27 18:05:22 +10:00
fw_cfg.c hw/ppc: Implement fw_cfg_arch_key_name() 2019-05-23 14:10:31 +02:00
Kconfig MIPS patches queue 2022-10-31 06:36:15 -04:00
mac_newworld.c mac_newworld: Turn CORE99_VIA_CONFIG defines into an enum 2022-10-31 18:48:23 +00:00
mac_oldworld.c mac_{old|new}world: Code style fix adding missing braces to if-s 2022-10-31 18:48:23 +00:00
meson.build ppc440_uc.c: Move DDR2 SDRAM controller model to ppc4xx_sdram.c 2022-10-28 13:15:22 -03:00
mpc8544_guts.c ppc/ppc4xx: Convert printfs() 2022-01-04 07:55:34 +01:00
mpc8544ds.c hw/ppc/e500: Remove if statement which is now always true 2022-10-17 16:15:09 -03:00
pef.c ppc/pef.c: initialize cgs->ready in kvmppc_svm_init() 2021-06-03 18:10:31 +10:00
pegasos2.c hw/isa/vt82c686: Create rtc-time alias in boards instead 2022-10-31 11:32:07 +01:00
pnv_bmc.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
pnv_core.c target/ppc: introduce ppc_maybe_interrupt 2022-10-28 13:15:22 -03:00
pnv_homer.c ppc/pnv: Add a HOMER model to POWER10 2022-03-02 06:51:39 +01:00
pnv_lpc.c ppc/pnv: Remove PnvLpcController::psi link 2022-04-20 18:00:30 -03:00
pnv_occ.c ppc/pnv: Remove PnvOCC::psi link 2022-04-20 18:00:30 -03:00
pnv_pnor.c block: Change blk_{pread,pwrite}() param order 2022-07-12 12:14:56 +02:00
pnv_psi.c ppc/pnv: Remove useless checks in set_irq handlers 2022-04-20 18:00:30 -03:00
pnv_sbe.c ppc/pnv: Add initial P9/10 SBE model 2022-08-31 14:08:05 -03:00
pnv_xscom.c ppc/pnv: Add initial P9/10 SBE model 2022-08-31 14:08:05 -03:00
pnv.c reset: allow registering handlers that aren't called by snapshot loading 2022-10-27 11:34:31 +01:00
ppc4xx_devs.c ppc4xx_sdram: Move ppc4xx_sdram_banks() to ppc4xx_sdram.c 2022-10-28 13:15:23 -03:00
ppc4xx_pci.c ppc4xx: Fix code style problems reported by checkpatch 2022-08-31 17:05:15 -03:00
ppc4xx_sdram.c ppc4xx_sdram: Add errp parameter to ppc4xx_sdram_banks() 2022-10-28 13:15:23 -03:00
ppc405_boards.c ppc4xx_sdram: Rename functions to prevent name clashes 2022-10-17 16:15:09 -03:00
ppc405_uc.c ppc4xx_sdram: QOM'ify 2022-10-17 16:15:09 -03:00
ppc405.h ppc4xx_sdram: QOM'ify 2022-10-17 16:15:09 -03:00
ppc440_bamboo.c hw/ppc: set machine->fdt in bamboo_load_device_tree() 2022-10-17 16:15:10 -03:00
ppc440_pcix.c Do not include exec/address-spaces.h if it's not really necessary 2021-05-02 17:24:51 +02:00
ppc440_uc.c ppc440_uc.c: Move DDR2 SDRAM controller model to ppc4xx_sdram.c 2022-10-28 13:15:22 -03:00
ppc440.h ppc440_sdram: QOM'ify 2022-10-17 16:15:09 -03:00
ppc_booke.c Use g_new() & friends where that makes obvious sense 2022-03-21 15:44:44 +01:00
ppc.c target/ppc: Fix decrementer time underflow and infinite timer loop 2023-06-30 09:18:28 +03:00
ppce500_spin.c powerpc tcg: Fix Lesser GPL version number 2020-11-15 16:38:50 +01:00
prep_systemio.c ppc/6xx: Allocate IRQ lines with qdev_init_gpio_in() 2022-07-18 13:59:43 -03:00
prep.c hw/ppc/prep: Fix wiring of PIC -> CPU interrupt 2023-05-31 09:43:56 +03:00
rs6000_mc.c Do not include hw/boards.h if it's not really necessary 2021-05-02 17:24:51 +02:00
sam460ex.c hw/ppc: set machine->fdt in sam460ex_load_device_tree() 2022-10-17 16:15:10 -03:00
spapr_caps.c Trivial: 3 char repeat typos 2022-06-28 11:06:02 +02:00
spapr_cpu_core.c hw/ppc: free env->tb_env in spapr_unrealize_vcpu() 2022-04-04 08:49:06 +02:00
spapr_drc.c hw/ppc/spapr_drc.c: use g_autofree in spapr_drc_by_index() 2022-03-02 06:51:40 +01:00
spapr_events.c Use g_new() & friends where that makes obvious sense 2022-03-21 15:44:44 +01:00
spapr_hcall.c target/ppc: introduce ppc_maybe_interrupt 2022-10-28 13:15:22 -03:00
spapr_iommu.c spapr/ddw: Reset DMA when the last non-default window is removed 2022-07-06 10:22:37 -03:00
spapr_irq.c spapr/xics: Drop unused argument to xics_kvm_has_broken_disconnect() 2020-12-14 15:50:55 +11:00
spapr_numa.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
spapr_nvdimm.c hw/ppc: check if spapr_drc_index() returns NULL in spapr_nvdimm.c 2022-07-28 10:31:54 -03:00
spapr_ovec.c spapr: Improve handling of memory unplug with old guests 2021-01-19 10:20:29 +11:00
spapr_pci_nvlink2.c hw/ppc/pnv: Avoid dynamic stack allocation 2022-09-22 16:38:28 +01:00
spapr_pci_vfio.c pci: Export pci_for_each_device_under_bus*() 2021-11-01 19:36:11 -04:00
spapr_pci.c hw/ppc/spapr_pci.c: Use device_cold_reset() rather than device_legacy_reset() 2022-10-17 16:15:10 -03:00
spapr_rng.c Do not include cpu.h if it's not really necessary 2021-05-02 17:24:51 +02:00
spapr_rtas_ddw.c spapr/ddw: Implement 64bit query extension 2022-07-06 10:22:37 -03:00
spapr_rtas.c target/ppc: introduce ppc_maybe_interrupt 2022-10-28 13:15:22 -03:00
spapr_rtc.c rtc: Have event RTC_CHANGE identify the RTC by QOM path 2022-02-28 11:39:35 +01:00
spapr_softmmu.c osdep: Move memalign-related functions to their own header 2022-03-07 13:16:49 +00:00
spapr_tpm_proxy.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
spapr_vio.c hw/ppc/spapr_vio.c: use g_autofree in spapr_dt_vdevice() 2022-03-02 06:51:40 +01:00
spapr_vof.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
spapr.c reset: allow registering handlers that aren't called by snapshot loading 2022-10-27 11:34:31 +01:00
trace-events ppc4xx_sdram: Generalise bank setup 2022-10-28 13:15:23 -03:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
virtex_ml507.c hw/ppc: set machine->fdt in xilinx_load_device_tree() 2022-10-17 16:15:10 -03:00
vof.c ppc/vof: Fix uninitialized string tracing 2022-04-20 18:00:30 -03:00