From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1IZuUi-0005IW-FQ for qemu-devel@nongnu.org; Mon, 24 Sep 2007 16:25:28 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1IZuUh-0005IK-2R for qemu-devel@nongnu.org; Mon, 24 Sep 2007 16:25:28 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1IZuUg-0005IH-Uk for qemu-devel@nongnu.org; Mon, 24 Sep 2007 16:25:27 -0400 Received: from bangui.magic.fr ([195.154.194.245]) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1IZuUg-0000Fo-CJ for qemu-devel@nongnu.org; Mon, 24 Sep 2007 16:25:26 -0400 Subject: Re: [Qemu-devel] [Bug] Timer bugs in hw/m48t59.c? From: "J. Mayer" In-Reply-To: <46F7F2B6.2080105@mail.berlios.de> References: <4602EA31.1010009@weilnetz.de> <46F7F2B6.2080105@mail.berlios.de> Content-Type: multipart/mixed; boundary="=-mLRbf//WBhffFRE/p4dA" Date: Mon, 24 Sep 2007 22:25:17 +0200 Message-Id: <1190665518.30193.6.camel@rapid> Mime-Version: 1.0 Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org --=-mLRbf//WBhffFRE/p4dA Content-Type: text/plain Content-Transfer-Encoding: 7bit On Mon, 2007-09-24 at 19:24 +0200, Stefan Weil wrote: > Hello, Hi, > the bug mentioned in my previous mail is still open. > Could someone please add the patch to CVS HEAD > (or find another solution)? Seems you're right, this code would lead to crashes. I think there are other issues to address in the same code because alrm_timer and wd_timer are always NULL if the RTC model is a m48t08. Could you please take a look at this updated patch ? Regards. > > Thank you > Stefan > > Stefan Weil schrieb: > > Hi, > > > > could SPARC or PPC users please check whether the timer code > > in hw/m48t59.c is really correct? > > > > I expect a crash in qemu_mod_timer after wd_timer = NULL and > > a call to qemu_mod_timer with this NULL value. > > > > The same applies to alrm_timer. > > > > I wrote a quick-and-dirty patch, but think that even more > > old code could be removed. > > > > Stefan > > [...] -- J. Mayer Never organized --=-mLRbf//WBhffFRE/p4dA Content-Disposition: attachment; filename=m48t59.c.diff Content-Type: text/x-patch; name=m48t59.c.diff; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Index: hw/m48t59.c =================================================================== RCS file: /sources/qemu/qemu/hw/m48t59.c,v retrieving revision 1.14 diff -u -d -d -p -r1.14 m48t59.c --- hw/m48t59.c 17 Sep 2007 08:09:47 -0000 1.14 +++ hw/m48t59.c 24 Sep 2007 20:24:01 -0000 @@ -161,10 +161,9 @@ static void set_alarm (m48t59_t *NVRAM, NVRAM->alarm = mktime(tm); if (NVRAM->alrm_timer != NULL) { qemu_del_timer(NVRAM->alrm_timer); - NVRAM->alrm_timer = NULL; + if (NVRAM->alarm - time(NULL) > 0) + qemu_mod_timer(NVRAM->alrm_timer, NVRAM->alarm * 1000); } - if (NVRAM->alarm - time(NULL) > 0) - qemu_mod_timer(NVRAM->alrm_timer, NVRAM->alarm * 1000); } /* Watchdog management */ @@ -188,15 +187,14 @@ static void set_up_watchdog (m48t59_t *N { uint64_t interval; /* in 1/16 seconds */ + NVRAM->buffer[0x1FF0] &= ~0x80; if (NVRAM->wd_timer != NULL) { qemu_del_timer(NVRAM->wd_timer); - NVRAM->wd_timer = NULL; - } - NVRAM->buffer[0x1FF0] &= ~0x80; - if (value != 0) { - interval = (1 << (2 * (value & 0x03))) * ((value >> 2) & 0x1F); - qemu_mod_timer(NVRAM->wd_timer, ((uint64_t)time(NULL) * 1000) + - ((interval * 1000) >> 4)); + if (value != 0) { + interval = (1 << (2 * (value & 0x03))) * ((value >> 2) & 0x1F); + qemu_mod_timer(NVRAM->wd_timer, ((uint64_t)time(NULL) * 1000) + + ((interval * 1000) >> 4)); + } } } --=-mLRbf//WBhffFRE/p4dA--