Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider: - [High] A 32-bit intermediate integer overflow occurs when calculating `lapic_timer_period`, which can lead to a severely misconfigured APIC timer and an interrupt storm. - [Low] Incorrect indentation using spaces instead of tabs. --
commit 40284f144fdfd7a76b8fc8d36344d0fc35eb4b65 Author: Sean Christopherson <[email protected]> x86/kvm: Get local APIC bus frequency from PV CPUID Timing Info This commit updates KVM guest initialization to configure the APIC timer period using the local APIC bus frequency reported directly via the PV CPUID timing info leaf, bypassing the need for calibration. > diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c > index 4fe9c69bf40b3..c1139182121d5 100644 > --- a/arch/x86/kernel/kvm.c > +++ b/arch/x86/kernel/kvm.c [ ... ] > @@ -1039,6 +1040,13 @@ static void __init kvm_init_platform(void) > x86_init.hyper.get_tsc_khz = kvm_get_tsc_khz; > x86_init.hyper.get_cpu_khz = kvm_get_tsc_khz; > } > + > +#ifdef CONFIG_X86_LOCAL_APIC > + /* The leaf also includes the local APIC bus/timer frequency.*/ > + apic_khz = cpuid_ebx(timing_info_leaf); > + if (apic_khz) > + lapic_timer_period = apic_khz * 1000 / HZ; [Severity: High] Could the intermediate multiplication of apic_khz * 1000 overflow here? Since apic_khz is a u32, the multiplication is evaluated in 32-bit unsigned arithmetic. If the hypervisor reports an APIC timer frequency greater than ~4.29 GHz (apic_khz > 4294967), this calculation will silently overflow. The wrapped, drastically smaller value divided by HZ would yield a tiny lapic_timer_period. Would this configure the guest's local APIC timer to fire almost continuously and cause an immediate interrupt storm? Modern processor clocks can exceed 4.3 GHz, and hypervisors sometimes match virtual APIC frequencies to the host TSC frequency. An untrusted host could also intentionally provide a large value to crash the guest. [Severity: Low] This isn't a bug, but the indentation for this assignment uses spaces instead of tabs. > +#endif > } > > /* -- Sashiko AI review ยท https://sashiko.dev/#/patchset/[email protected]?part=18
