Xen project Mailing List

Re: [PATCH] x86/APIC: handle overflow in TMICT calculation

To: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Thu, 9 Apr 2026 10:39:56 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gOxvfhRzXM3bOYL/bM+QCj0XR/27X2u91zMUEfTG5jw=; b=wr4u0HtbE5nBQ+JgKIsPGZkqDecDLiEftvcVFfLpDscFZXDh+TgazCFy7IZhBfb9t9X9W7b7gLptxr1hsJq1/e8exNKJahRcuKsAM+Q29jyUzLeZYikJMV4JEHF6zeMU28woUR7PpF4r+mzcK4XmWxRIitoauxqYBUPvCc8pJ+8kS/hNzUpa25m6lmqpFTu+AIBTJ/iok/97n5LBHMKj7QKJ425+lGS+klK0PHGNfpe0g+Y53L7N4d7hQihA5Mh41xQCu6fZgM2aFSLUB9U4WWAUCEUAAw+olnUgLGdZoitLrrKhNmL7yz0hxDSCTBzJvZMrgisXeOlZD398g8q3gw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=aw/SqIH+Suv+vtKxAs/IiFog3zIHU0c89AMtjn1VJmJpCqyrOlTKWDnGVzK4MdD7A1H+DNh23vXcJW/v83Z8xgg4CTV9dspN3wY7i1qMNZv7myZrkjURq6YYHr8T/CNzcnDLKmuHXk2bcESjkbwIljFCQMuVzgOAC/lYy6DzWK748bcJT5gzDTLkLSO3XxsYSju7oYrVJKr7J5lbslz8Y1Tgeluvihnhsnp003C9eK8Ssa5W6OTayt4m4YZ2v4BDbgCyNbYYb8+OBBIDLo4+jIhXaaUk8knvc9jT6+nQIsqYRi6cSJn4Qv6uOV7coZGJkiig508jpecnSSRwTiQqww==

Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=citrix.com header.i="@citrix.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Teddy Astie <teddy.astie@xxxxxxxxxx>, Stewart Hildebrand <stewart.hildebrand@xxxxxxx>

Delivery-date: Thu, 09 Apr 2026 09:40:13 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 09/04/2026 10:21 am, Jan Beulich wrote: > With an expiry value on the order of 20 hours, and with a bus scale value > of 256k (as supplied by qemu), the (signed) multiplication will be UB. As > we've checked that the value is positive, we mean unsigned multiplication > anyway. Yet let's play safe against even larger expiry and bus scale > values, leveraging the compiler builtin that there is for this purpose. > > While there also drop the stray cast from the actual TMICT write. > > Fixes: 9062553a0dc1 ("added time and accurate timer support") > Fixes: b95beb185810 ("x86: Clean up APIC local timer handling") > Reported-by: Stewart Hildebrand <stewart.hildebrand@xxxxxxx> > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> > --- > Sadly neither gcc5 nor gcc15 properly optimize the (effectively) two uses > of the 0xffffffffU constant: Both use a 2nd register to load the constant > (really 0xfffffffeU unless <= is used) a 2nd time. > > --- a/xen/arch/x86/apic.c > +++ b/xen/arch/x86/apic.c > @@ -1224,10 +1224,16 @@ int reprogram_timer(s_time_t timeout) > } > > if ( timeout && ((expire = timeout - NOW()) > 0) ) > - apic_tmict = min_t(uint64_t, (bus_scale * expire) >> BUS_SCALE_SHIFT, > - UINT32_MAX); > + { > + unsigned long product; > > - apic_write(APIC_TMICT, (unsigned long)apic_tmict); > + apic_tmict = UINT32_MAX; > + if ( !__builtin_umull_overflow(bus_scale, expire, &product) && > + (product >>= BUS_SCALE_SHIFT) < apic_tmict ) > + apic_tmict = product; > + } > + > + apic_write(APIC_TMICT, apic_tmict); > > return apic_tmict || !timeout; > } This is fine for staging, but be aware it cannot be backported before 4.21 due to the toolchain baseline (and nothing in CI will notice, I don't think.) ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.