From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Subject: [PATCH] fix serial token buket
Date: Fri, 14 Nov 2008 15:54:24 +0000
Message-ID: <491D9F30.6000206@eu.citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
List-Unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: xen-devel <xen-devel@lists.xensource.com>
List-Id: xen-devel@lists.xenproject.org

Using timespec in the serial token bucket causes problems with integer
overflows.
This patch fixes the issue using timeval instead of timespec variables,
everywhere but from reading the current time with clock_gettime.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>

---

diff -r 0ea6bd53cfb6 hw/serial.c
--- a/hw/serial.c	Thu Oct 23 10:26:02 2008 +0100
+++ b/hw/serial.c	Fri Nov 14 15:51:53 2008 +0000
@@ -155,8 +155,8 @@
    doesn't kill dom0.  Simple token bucket.  If we get some actual
    data from the user, instantly refil the bucket. */
 
-/* How long it takes to generate a token, in nanoseconds. */
-#define TOKEN_PERIOD 1000000
+/* How long it takes to generate a token, in microseconds. */
+#define TOKEN_PERIOD 1000
 /* Maximum and initial size of token bucket */
 #define TOKENS_MAX 100000
 
@@ -279,16 +279,19 @@
 
 static void serial_get_token(void)
 {
-    static struct timespec last_refil_time;
+    static struct timeval last_refil_time;
     static int started;
 
     assert(tokens_avail >= 0);
     if (!tokens_avail) {
-	struct timespec delta, now;
+	struct timespec now;
+	struct timeval delta;
 	long generated;
 
 	if (!started) {
-	    clock_gettime(CLOCK_MONOTONIC, &last_refil_time);
+	    clock_gettime(CLOCK_MONOTONIC, &now);
+	    last_refil_time.tv_sec = now.tv_sec;
+	    last_refil_time.tv_usec = now.tv_nsec / 1000;
 	    tokens_avail = TOKENS_MAX;
 	    started = 1;
 	    return;
@@ -296,17 +299,17 @@
     retry:
 	clock_gettime(CLOCK_MONOTONIC, &now);
 	delta.tv_sec = now.tv_sec - last_refil_time.tv_sec;
-	delta.tv_nsec = now.tv_nsec - last_refil_time.tv_nsec;
-	if (delta.tv_nsec < 0) {
-	    delta.tv_nsec += 1000000000;
+	delta.tv_usec = (now.tv_nsec / 1000) - last_refil_time.tv_usec;
+	if (delta.tv_usec < 0) {
+	    delta.tv_usec += 1000000;
 	    delta.tv_sec--;
 	}
-	assert(delta.tv_nsec >= 0 && delta.tv_sec >= 0);
-	if (delta.tv_nsec < TOKEN_PERIOD) {
+	assert(delta.tv_usec >= 0 && delta.tv_sec >= 0);
+	if (delta.tv_sec == 0 && delta.tv_usec < TOKEN_PERIOD) {
 	    struct timespec ts;
 	    /* Wait until at least one token is available. */
-	    ts.tv_sec = TOKEN_PERIOD / 1000000000;
-	    ts.tv_nsec = TOKEN_PERIOD % 1000000000;
+	    ts.tv_sec = TOKEN_PERIOD / 1000000;
+	    ts.tv_nsec = (TOKEN_PERIOD % 1000000) * 1000;
 	    while (nanosleep(&ts, &ts) < 0 && errno == EINTR)
 		;
 	    goto retry;
@@ -316,15 +319,15 @@
             delta.tv_sec = 2;
             delta.tv_nsec = 0;
         }
-	generated = (delta.tv_sec * 1000000000) / TOKEN_PERIOD;
+	generated = (delta.tv_sec * 1000000) / TOKEN_PERIOD;
 	generated +=
-	    ((delta.tv_sec * 1000000000) % TOKEN_PERIOD + delta.tv_nsec) / TOKEN_PERIOD;
+	    ((delta.tv_sec * 1000000) % TOKEN_PERIOD + delta.tv_usec) / TOKEN_PERIOD;
 	assert(generated > 0);
 
-	last_refil_time.tv_nsec += (generated * TOKEN_PERIOD) % 1000000000;
-	last_refil_time.tv_sec  += last_refil_time.tv_nsec / 1000000000;
-	last_refil_time.tv_nsec %= 1000000000;
-        last_refil_time.tv_sec  += (generated * TOKEN_PERIOD) / 1000000000;
+	last_refil_time.tv_usec += (generated * TOKEN_PERIOD) % 1000000;
+	last_refil_time.tv_sec  += last_refil_time.tv_usec / 1000000;
+	last_refil_time.tv_usec %= 1000000;
+	last_refil_time.tv_sec  += (generated * TOKEN_PERIOD) / 1000000;
 	if (generated > TOKENS_MAX)
 	    generated = TOKENS_MAX;
 	tokens_avail = generated;