Google Git
Sign in
qemu-android / qemu-android / 490309fcfbed9fa1ed357541f609975016a34628
commit490309fcfbed9fa1ed357541f609975016a34628[log] [tgz]
authorPeter Maydell <peter.maydell@linaro.org>Tue Nov 25 18:21:45 2014 +0000
committerPeter Maydell <peter.maydell@linaro.org>Thu Nov 27 11:31:58 2014 +0000
treec8caabfb128d467474687a414affcb93441cf3bb
parent3ef4ebcc5c0360629bb05f49d9b961774247d6ca [diff]
qemu-timer: Avoid overflows when converting timeout to struct timespec

In qemu_poll_ns(), when we convert an int64_t nanosecond timeout into
a struct timespec, we may accidentally run into overflow problems if
the timeout is very long. This happens because the tv_sec field is a
time_t, which is signed, so we might end up setting it to a negative
value by mistake. This will result in what was intended to be a
near-infinite timeout turning into an instantaneous timeout, and we'll
busy loop. Cap the maximum timeout at INT32_MAX seconds (about 68 years)
to avoid this problem.

This specifically manifested on ARM hosts as an extreme slowdown on
guest shutdown (when the guest reprogrammed the PL031 RTC to not
generate alarms using a very long timeout) but could happen on other
hosts and guests too.

Reported-by: Christoffer Dall <christoffer.dall@linaro.org>
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Fam Zheng <famz@redhat.com>
Message-id: 1416939705-1272-1-git-send-email-peter.maydell@linaro.org
1 file changed
tree: c8caabfb128d467474687a414affcb93441cf3bb
  1. audio/
  2. backends/
  3. block/
  4. bsd-user/
  5. default-configs/
  6. disas/
  7. docs/
  8. fpu/
  9. fsdev/
  10. gdb-xml/
  11. hw/
  12. include/
  13. libcacard/
  14. libdecnumber/
  15. linux-headers/
  16. linux-user/
  17. net/
  18. pc-bios/
  19. po/
  20. qapi/
  21. qga/
  22. qobject/
  23. qom/
  24. roms/
  25. scripts/
  26. slirp/
  27. stubs/
  28. sysconfigs/
  29. target-alpha/
  30. target-arm/
  31. target-cris/
  32. target-i386/
  33. target-lm32/
  34. target-m68k/
  35. target-microblaze/
  36. target-mips/
  37. target-moxie/
  38. target-openrisc/
  39. target-ppc/
  40. target-s390x/
  41. target-sh4/
  42. target-sparc/
  43. target-tricore/
  44. target-unicore32/
  45. target-xtensa/
  46. tcg/
  47. tests/
  48. trace/
  49. ui/
  50. util/
  51. dtc
  52. pixman
  53. .exrc
  54. .gitignore
  55. .gitmodules
  56. .mailmap
  57. .travis.yml
  58. accel.c
  59. aio-posix.c
  60. aio-win32.c
  61. arch_init.c
  62. async.c
  63. balloon.c
  64. block-migration.c
  65. block.c
  66. blockdev-nbd.c
  67. blockdev.c
  68. blockjob.c
  69. bootdevice.c
  70. bt-host.c
  71. bt-vhci.c
  72. Changelog
  73. CODING_STYLE
  74. configure
  75. COPYING
  76. COPYING.LIB
  77. coroutine-gthread.c
  78. coroutine-sigaltstack.c
  79. coroutine-ucontext.c
  80. coroutine-win32.c
  81. cpu-exec.c
  82. cpus.c
  83. cputlb.c
  84. device-hotplug.c
  85. device_tree.c
  86. disas.c
  87. dma-helpers.c
  88. dump.c
  89. exec.c
  90. gdbstub.c
  91. HACKING
  92. hmp-commands.hx
  93. hmp.c
  94. hmp.h
  95. iohandler.c
  96. ioport.c
  97. iothread.c
  98. kvm-all.c
  99. kvm-stub.c
  100. LICENSE
  101. main-loop.c
  102. MAINTAINERS
  103. Makefile
  104. Makefile.objs
  105. Makefile.target
  106. memory.c
  107. memory_mapping.c
  108. migration-exec.c
  109. migration-fd.c
  110. migration-rdma.c
  111. migration-tcp.c
  112. migration-unix.c
  113. migration.c
  114. module-common.c
  115. monitor.c
  116. nbd.c
  117. numa.c
  118. os-posix.c
  119. os-win32.c
  120. page_cache.c
  121. qapi-schema.json
  122. qdev-monitor.c
  123. qdict-test-data.txt
  124. qemu-bridge-helper.c
  125. qemu-char.c
  126. qemu-coroutine-io.c
  127. qemu-coroutine-lock.c
  128. qemu-coroutine-sleep.c
  129. qemu-coroutine.c
  130. qemu-doc.texi
  131. qemu-file-stdio.c
  132. qemu-file-unix.c
  133. qemu-file.c
  134. qemu-img-cmds.hx
  135. qemu-img.c
  136. qemu-img.texi
  137. qemu-io-cmds.c
  138. qemu-io.c
  139. qemu-log.c
  140. qemu-nbd.c
  141. qemu-nbd.texi
  142. qemu-options-wrapper.h
  143. qemu-options.h
  144. qemu-options.hx
  145. qemu-seccomp.c
  146. qemu-tech.texi
  147. qemu-timer.c
  148. qemu.nsi
  149. qemu.sasl
  150. qmp-commands.hx
  151. qmp.c
  152. qtest.c
  153. README
  154. rules.mak
  155. savevm.c
  156. softmmu_template.h
  157. spice-qemu-char.c
  158. tcg-runtime.c
  159. tci.c
  160. thread-pool.c
  161. thunk.c
  162. tpm.c
  163. trace-events
  164. translate-all.c
  165. translate-all.h
  166. user-exec.c
  167. VERSION
  168. version.rc
  169. vl.c
  170. vmstate.c
  171. xbzrle.c
  172. xen-common-stub.c
  173. xen-common.c
  174. xen-hvm-stub.c
  175. xen-hvm.c
  176. xen-mapcache.c