All of lore.kernel.org
 help / color / mirror / Atom feed
From: Igor Mammedov <imammedo@redhat.com>
To: qemu-devel@nongnu.org
Cc: mst@redhat.com, eauger@redhat.com, peter.maydell@linaro.org,
	shannon.zhaosl@gmail.com, rad@semihalf.com,
	leif.lindholm@oss.qualcomm.com, qemu-arm@nongnu.org
Subject: [PATCH v3 17/17] sbsa-gwdt: limit compare_value to INT64_MAX
Date: Wed, 24 Jun 2026 12:28:30 +0200	[thread overview]
Message-ID: <20260624102830.1355552-18-imammedo@redhat.com> (raw)
In-Reply-To: <20260624102830.1355552-1-imammedo@redhat.com>

QEMU timer subsystem uses int64_t, so WCV values with bit 63 set
overflow and cause the timer to fire immediately. The SBSA spec
defines WCV as an unsigned 64-bit compare value, so such values
are valid per spec and represent far-future deadlines (however
unpractical).

Windows in GTDT mode writes WCV in two 32-bit halves while the
watchdog is running:

 sbsa-gwdt_control_write [0x8]  <- 0xffffffff    # WOR (~4 sec)
 sbsa-gwdt_control_write [0x0]  <- 0x1           # WCS enable
 sbsa-gwdt_control_write [0x14] <- 0xffffffff    # WCVU (intermediate)
 sbsa-gwdt_control_write [0x10] <- 0xa906ca28    # WCVL
 sbsa-gwdt_control_write [0x14] <- 0xecb1        # WCVU (final)

The intermediate WCVU write (0xffffffff) creates a WCV above
INT64_MAX, which overflows QEMU's signed timer and fires
immediately — triggering WS0 => WS1 => reboot before the final
WCVU write lands.

Clamp WCV to INT64_MAX to avoid timer API overflow.

Note: Windows' GTDT watchdog usage is also fragile under
virtualization. It programs a short WOR (~4 sec), enables WCS,
and relies on a subsequent WCV write to push the deadline far
into the future — never using WRR for explicit refresh. On bare
metal the WCS=>WCV gap is negligible, but in a VM the vCPU can
be preempted between MMIO accesses while the clock keeps
ticking, potentially expiring the short WOR timeout before the
WCV override lands.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
---
 hw/watchdog/sbsa_gwdt.c        | 2 ++
 tests/qtest/bios-tables-test.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/watchdog/sbsa_gwdt.c b/hw/watchdog/sbsa_gwdt.c
index fb67db9672..ff7adbcb0f 100644
--- a/hw/watchdog/sbsa_gwdt.c
+++ b/hw/watchdog/sbsa_gwdt.c
@@ -122,6 +122,8 @@ static void sbsa_gwdt_update_timer(SBSA_GWDTState *s, WdtRefreshType rtype)
     }
 
     timeout = (uint64_t)s->wcvu << 32 | s->wcvl;
+    /* clamp timeout to INT64_MAX to avoid timer overflow */
+    timeout &= INT64_MAX;
     timer_mod(s->timer, timeout);
 }
 
diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c
index 94fc95c8e1..370b0fd2e6 100644
--- a/tests/qtest/bios-tables-test.c
+++ b/tests/qtest/bios-tables-test.c
@@ -2308,7 +2308,7 @@ static void test_acpi_aarch64_virt_tcg_gtdt_wd(void)
         .scan_len = 128ULL * MiB,
     };
 
-    test_acpi_one("-cpu cortex-a57 " "-device sbsa-gwdt", &data);
+    test_acpi_one("-cpu cortex-a57 -device sbsa-gwdt", &data);
     free_test_data(&data);
 }
 
-- 
2.47.3



  parent reply	other threads:[~2026-06-24 10:31 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-24 10:28 [PATCH v3 00/17] Add watchdog support to arm/virt board Igor Mammedov
2026-06-24 10:28 ` [PATCH v3 01/17] arm: sbsa_gwdt: fixup default "clock-frequency" Igor Mammedov
2026-06-24 10:28 ` [PATCH v3 02/17] arm: add tracing events to sbsa_gwdt Igor Mammedov
2026-06-24 10:28 ` [PATCH v3 03/17] arm: sbsa_gwdt: rename device type to sbsa-gwdt Igor Mammedov
2026-06-29  8:12   ` Eric Auger
2026-06-24 10:28 ` [PATCH v3 04/17] arm: virt: create sbsa-gwdt watchdog Igor Mammedov
2026-06-29  8:37   ` Eric Auger
2026-06-29 13:36     ` Igor Mammedov
2026-07-01 11:57       ` Eric Auger
2026-07-01 13:24         ` Igor Mammedov
2026-06-24 10:28 ` [PATCH v3 05/17] arm: sbsa-gwdt: add 'wdat' option Igor Mammedov
2026-06-24 10:28 ` [PATCH v3 06/17] acpi: introduce WDAT table for GWDT Igor Mammedov
2026-06-29 12:07   ` Eric Auger
2026-06-24 10:28 ` [PATCH v3 07/17] arm: virt: add support for WDAT based watchdog Igor Mammedov
2026-06-29 12:15   ` Eric Auger
2026-06-24 10:28 ` [PATCH v3 08/17] tests: acpi: arm/virt: whitelist new WDAT table Igor Mammedov
2026-06-24 10:28 ` [PATCH v3 09/17] tests: acpi: arm/virt: add WDAT table test case Igor Mammedov
2026-06-24 10:28 ` [PATCH v3 10/17] tests: acpi: arm/virt: update expected WDAT blob Igor Mammedov
2026-06-29 12:16   ` Eric Auger
2026-06-24 10:28 ` [PATCH v3 11/17] tests: acpi: arm/virt: whitelist GTDT table Igor Mammedov
2026-06-24 10:28 ` [PATCH v3 12/17] tests: acpi: arm/virt: add GTDT watchdog table test case Igor Mammedov
2026-06-24 10:28 ` [PATCH v3 13/17] tests: acpi: arm/virt: update expected GTDT blob Igor Mammedov
2026-06-24 10:28 ` [PATCH v3 14/17] sbsa-gwdt: reduce code ident Igor Mammedov
2026-06-24 10:28 ` [PATCH v3 15/17] sbsa-gwdt: move all foo_REFRESH logic under REFRESH condition Igor Mammedov
2026-06-29 14:03   ` Eric Auger
2026-06-29 14:51   ` Peter Maydell
2026-06-24 10:28 ` [PATCH v3 16/17] sbsa-gwdt: reschedule timer on direct WCV load Igor Mammedov
2026-06-29 14:08   ` Eric Auger
2026-06-24 10:28 ` Igor Mammedov [this message]
2026-06-29 14:10   ` [PATCH v3 17/17] sbsa-gwdt: limit compare_value to INT64_MAX Eric Auger
2026-06-29 14:48   ` Peter Maydell
2026-06-30 12:14     ` Igor Mammedov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260624102830.1355552-18-imammedo@redhat.com \
    --to=imammedo@redhat.com \
    --cc=eauger@redhat.com \
    --cc=leif.lindholm@oss.qualcomm.com \
    --cc=mst@redhat.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-arm@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    --cc=rad@semihalf.com \
    --cc=shannon.zhaosl@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.