[v2] Bug fix - Integer overflow when cpu frequency > u32 max value.

Commit Message

Neowutran Dec. 18, 2022, 12:14 p.m. UTC

xen/x86: prevent overflow with high frequency TSCs

Promote tsc_khz to a 64-bit type before multiplying by 1000 to avoid a
'overflow before widen' bug.
Otherwise just above 4.294GHz the value will overflow.
Processors with clocks this high are now in production and require this to work
correctly.

Signed-off-by: Neowutran <xen@neowutran.ovh>
---
Changed since v1:
 * smaller commit message
 * using uint64_t instead of u64
 * added signed-off-by tag
---
 xen/arch/x86/time.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Elliott Mitchell Dec. 18, 2022, 9:47 p.m. UTC | #1

On Sun, Dec 18, 2022 at 01:14:07PM +0100, Neowutran wrote:
> xen/x86: prevent overflow with high frequency TSCs
> 
> Promote tsc_khz to a 64-bit type before multiplying by 1000 to avoid a
> 'overflow before widen' bug.
> Otherwise just above 4.294GHz the value will overflow.
> Processors with clocks this high are now in production and require this to work
> correctly.
> 
> Signed-off-by: Neowutran <xen@neowutran.ovh>

Needing a bit of word-wrapping, but that can be adjusted during commit to
the Xen tree.

This strikes me as urgent for an updated Xen release.  In the past 3
months, both large manufacturers of desktop processors have released
processors with sufficient clock speed to require this patch.  This WILL
trigger *massive* numbers of bug reports very soon.

Similarly I suggest all Linux distributions which distribute Xen will
want to issue updates urgently.

Jan Beulich Dec. 19, 2022, 8 a.m. UTC | #2

On 18.12.2022 22:47, Elliott Mitchell wrote:
> On Sun, Dec 18, 2022 at 01:14:07PM +0100, Neowutran wrote:
>> xen/x86: prevent overflow with high frequency TSCs
>>
>> Promote tsc_khz to a 64-bit type before multiplying by 1000 to avoid a
>> 'overflow before widen' bug.
>> Otherwise just above 4.294GHz the value will overflow.
>> Processors with clocks this high are now in production and require this to work
>> correctly.
>>
>> Signed-off-by: Neowutran <xen@neowutran.ovh>
> 
> Needing a bit of word-wrapping, but that can be adjusted during commit to
> the Xen tree.

Right - also the first line of the body really wants to be the title.
I'd be happy to make edits while committing, but as said in reply to
v1 I also would prefer to suffix the literal "1000" instead of adding
a cast. I'd also be happy to make that adjustment (including to the
description), but I'd prefer to do so with your agreement.

Jan

Neowutran Dec. 19, 2022, 8:55 a.m. UTC | #3

On 2022-12-19 09:12, Jan Beulich wrote:
> On 18.12.2022 22:47, Elliott Mitchell wrote:
> > On Sun, Dec 18, 2022 at 01:14:07PM +0100, Neowutran wrote:
> >> xen/x86: prevent overflow with high frequency TSCs
> >>
> >> Pr

Patch

diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c
index b01acd390d..c71e79e019 100644
--- a/xen/arch/x86/time.c
+++ b/xen/arch/x86/time.c
@@ -2585,7 +2585,7 @@  int tsc_set_info(struct domain *d,
     case TSC_MODE_ALWAYS_EMULATE:
         d->arch.vtsc_offset = get_s_time() - elapsed_nsec;
         d->arch.tsc_khz = gtsc_khz ?: cpu_khz;
-        set_time_scale(&d->arch.vtsc_to_ns, d->arch.tsc_khz * 1000);
+        set_time_scale(&d->arch.vtsc_to_ns, (uint64_t)d->arch.tsc_khz * 1000);
 
         /*
          * In default mode use native TSC if the host has safe TSC and