drivers/timers: avoid 32-bit overflow in arch_timer current_usec

maxikrie · jerpelea · commit eb92f0f8c844 · 2026-05-06T08:49:52.000+02:00
current_usec() returns a uint64_t, but it used TICK2USEC(timebase)
to convert scheduler ticks to microseconds. On 32-bit clock_t builds,
TICK2USEC() performs the multiplication in 32-bit arithmetic before the
result is widened.

With CONFIG_USEC_PER_TICK=10000, this wraps after about 71.6 minutes:

  UINT32_MAX / 1000000 ~= 4294 seconds

After the wrap, up_timer_gettick() can report time near zero again. This
can leave absolute watchdog timeouts, such as those used by usleep() /
clock_nanosleep(), waiting for a tick value that will not be reached until
the 32-bit scheduler counter wraps.

Cast timebase to uint64_t before multiplying by USEC_PER_TICK so
current_usec() remains monotonic across the 32-bit microsecond boundary.

Signed-off-by: Max Kriegleder &lt;max.kriegleder@gmail.com&gt;
diff --git a/drivers/timers/arch_timer.c b/drivers/timers/arch_timer.c
@@ -114,7 +114,8 @@ static uint64_t current_usec(void)
     }
   while (timebase != g_timer.timebase);
 
-  return TICK2USEC(timebase) + (status.timeout - status.timeleft);
+  return TICK2USEC((uint64_t)timebase) +
+         (status.timeout - status.timeleft);
 }
 
 static void udelay_accurate(useconds_t microseconds)

Original file line number	Diff line number	Diff line change
`@@ -114,7 +114,8 @@ static uint64_t current_usec(void)`
`114`	`114`	`}`
`115`	`115`	`while (timebase != g_timer.timebase);`
`116`	`116`
`117`		`- return TICK2USEC(timebase) + (status.timeout - status.timeleft);`
	`117`	`+ return TICK2USEC((uint64_t)timebase) +`
	`118`	`+ (status.timeout - status.timeleft);`
`118`	`119`	`}`
`119`	`120`
`120`	`121`	`static void udelay_accurate(useconds_t microseconds)`