• Peter Maydell's avatar
    qemu-timer: Avoid overflows when converting timeout to struct timespec · 490309fc
    Peter Maydell authored
    In qemu_poll_ns(), when we convert an int64_t nanosecond timeout into
    a struct timespec, we may accidentally run into overflow problems if
    the timeout is very long. This happens because the tv_sec field is a
    time_t, which is signed, so we might end up setting it to a negative
    value by mistake. This will result in what was intended to be a
    near-infinite timeout turning into an instantaneous timeout, and we'll
    busy loop. Cap the maximum timeout at INT32_MAX seconds (about 68 years)
    to avoid this problem.
    
    This specifically manifested on ARM hosts as an extreme slowdown on
    guest shutdown (when the guest reprogrammed the PL031 RTC to not
    generate alarms using a very long timeout) but could happen on other
    hosts and guests too.
    Reported-by: 's avatarChristoffer Dall <christoffer.dall@linaro.org>
    Cc: qemu-stable@nongnu.org
    Signed-off-by: 's avatarPeter Maydell <peter.maydell@linaro.org>
    Reviewed-by: 's avatarFam Zheng <famz@redhat.com>
    Message-id: 1416939705-1272-1-git-send-email-peter.maydell@linaro.org
    490309fc
qemu-timer.c 16.2 KB