git.ipfire.org Git - thirdparty/qemu.git/commit

author	Jessica Clarke <jrtc27@jrtc27.com>
	Sat, 18 Jul 2020 00:49:34 +0000 (01:49 +0100)
committer	Alistair Francis <alistair.francis@wdc.com>
	Wed, 22 Jul 2020 16:39:46 +0000 (09:39 -0700)
commit	8380b3a453c38f040e7ca2105418802344cc23d0
tree	7758a8d91a4f448c8439ca97558083defed93f90	tree
parent	3cbc8970f55c87cb58699b6dc8fe42998bc79dc0	commit \| diff

goldfish_rtc: Fix non-atomic read behaviour of TIME_LOW/TIME_HIGH

The specification says:

   0x00  TIME_LOW   R: Get current time, then return low-order 32-bits.
   0x04  TIME_HIGH  R: Return high 32-bits from previous TIME_LOW read.

   ...

   To read the value, the kernel must perform an IO_READ(TIME_LOW),
   which returns an unsigned 32-bit value, before an IO_READ(TIME_HIGH),
   which returns a signed 32-bit value, corresponding to the higher half
   of the full value.

However, we were just returning the current time for both. If the guest
is unlucky enough to read TIME_LOW and TIME_HIGH either side of an
overflow of the lower half, it will see time be in the future, before
jumping backwards on the next read, and Linux currently relies on the
atomicity guaranteed by the spec so is affected by this. Fix this
violation of the spec by caching the correct value for TIME_HIGH
whenever TIME_LOW is read, and returning that value for any TIME_HIGH
read.

Signed-off-by: Jessica Clarke <jrtc27@jrtc27.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200718004934.83174-1-jrtc27@jrtc27.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>

hw/rtc/goldfish_rtc.c		diff \| blob \| blame \| history
include/hw/rtc/goldfish_rtc.h		diff \| blob \| blame \| history