> Subject: Re: [Qemu-devel] [PATCH] dma: rc4030: limit interval timer reload > value > > Hi, > > Le 10/11/2016 à 15:50, Paolo Bonzini a écrit : > > > > > > On 10/11/2016 06:56, Gonglei (Arei) wrote: > >> Any ideas about this fix? > > > > It seems sensible, but perhaps the field is even smaller. Let's CC > > Hervé and Aurelien as I don't have a datasheet for this device. > > Sorry for the delay... > > I don't have any datasheet for this device either, so I tested with real > programs. > Those initialize itr field to either 0 or to 9, so your mask doesn't change > anything. > > Tested-by: Hervé Poussineau <hpous...@reactos.org> >
Thanks for your feedback. Paolo, maybe you can post a formal patch :) Regards, -Gonglei > > > > Also, s->itr is used here: > > > > tm_hz = 1000 / (s->itr + 1); > > > > timer_mod(s->periodic_timer, > qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + > > NANOSECONDS_PER_SECOND / tm_hz); > > > > and this is the same as > > > > timer_mod(s->periodic_timer, > qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + > > NANOSECONDS_PER_SECOND / 1000 * (s->itr + 1)); > > > > so perhaps it's better to do it like that. > > > > Paolo > > > >>> -----Original Message----- > >>> From: Qemu-devel > >>> [mailto:qemu-devel-bounces+arei.gonglei=huawei....@nongnu.org] On > >>> Behalf Of P J P > >>> Sent: Wednesday, October 12, 2016 8:38 PM > >>> To: Qemu Developers > >>> Cc: Paolo Bonzini; Huawei PSIRT; Prasad J Pandit; Michael S. Tsirkin > >>> Subject: [Qemu-devel] [PATCH] dma: rc4030: limit interval timer reload > value > >>> > >>> From: Prasad J Pandit <p...@fedoraproject.org> > >>> > >>> The JAZZ RC4030 chipset emulator has a periodic timer and > >>> associated interval reload register. The reload value is used > >>> as divider when computing timer's next tick value. If reload > >>> value is large, it could lead to divide by zero error. Limit > >>> the interval reload value to avoid it. > >>> > >>> Reported-by: Huawei PSIRT <ps...@huawei.com> > >>> Signed-off-by: Prasad J Pandit <p...@fedoraproject.org> > >>> --- > >>> hw/dma/rc4030.c | 2 +- > >>> 1 file changed, 1 insertion(+), 1 deletion(-) > >>> > >>> diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c > >>> index 2f2576f..c1b4997 100644 > >>> --- a/hw/dma/rc4030.c > >>> +++ b/hw/dma/rc4030.c > >>> @@ -460,7 +460,7 @@ static void rc4030_write(void *opaque, hwaddr > addr, > >>> uint64_t data, > >>> break; > >>> /* Interval timer reload */ > >>> case 0x0228: > >>> - s->itr = val; > >>> + s->itr = val & 0x01FF; > >>> qemu_irq_lower(s->timer_irq); > >>> set_next_tick(s); > >>> break; > >>> -- > >>> 2.5.5 > >>> > >> > >> > >> > > >
