diff options
Diffstat (limited to 'app-emulation/qemu/files/qemu-6.2.0-user-SLIC-crash.patch')
| -rw-r--r-- | app-emulation/qemu/files/qemu-6.2.0-user-SLIC-crash.patch | 168 |
1 files changed, 168 insertions, 0 deletions
diff --git a/app-emulation/qemu/files/qemu-6.2.0-user-SLIC-crash.patch b/app-emulation/qemu/files/qemu-6.2.0-user-SLIC-crash.patch new file mode 100644 index 000000000000..7d22feeade2a --- /dev/null +++ b/app-emulation/qemu/files/qemu-6.2.0-user-SLIC-crash.patch @@ -0,0 +1,168 @@ +commit dce6c86f54eab61028e110497c222e73381379df +Author: Igor Mammedov <imammedo@redhat.com> +Date: Mon Dec 27 14:31:17 2021 -0500 + + acpi: fix QEMU crash when started with SLIC table + + if QEMU is started with used provided SLIC table blob, + + -acpitable sig=SLIC,oem_id='CRASH ',oem_table_id="ME",oem_rev=00002210,asl_compiler_id="",asl_compiler_rev=00000000,data=/dev/null + it will assert with: + + hw/acpi/aml-build.c:61:build_append_padded_str: assertion failed: (len <= maxlen) + + and following backtrace: + + ... + build_append_padded_str (array=0x555556afe320, str=0x555556afdb2e "CRASH ME", maxlen=0x6, pad=0x20) at hw/acpi/aml-build.c:61 + acpi_table_begin (desc=0x7fffffffd1b0, array=0x555556afe320) at hw/acpi/aml-build.c:1727 + build_fadt (tbl=0x555556afe320, linker=0x555557ca3830, f=0x7fffffffd318, oem_id=0x555556afdb2e "CRASH ME", oem_table_id=0x555556afdb34 "ME") at hw/acpi/aml-build.c:2064 + ... + + which happens due to acpi_table_begin() expecting NULL terminated + oem_id and oem_table_id strings, which is normally the case, but + in case of user provided SLIC table, oem_id points to table's blob + directly and as result oem_id became longer than expected. + + Fix issue by handling oem_id consistently and make acpi_get_slic_oem() + return NULL terminated strings. + + PS: + After [1] refactoring, oem_id semantics became inconsistent, where + NULL terminated string was coming from machine and old way pointer + into byte array coming from -acpitable option. That used to work + since build_header() wasn't expecting NULL terminated string and + blindly copied the 1st 6 bytes only. + + However commit [2] broke that by replacing build_header() with + acpi_table_begin(), which was expecting NULL terminated string + and was checking oem_id size. + + 1) 602b45820 ("acpi: Permit OEM ID and OEM table ID fields to be changed") + 2) + Fixes: 4b56e1e4eb08 ("acpi: build_fadt: use acpi_table_begin()/acpi_table_end() instead of build_header()") + Resolves: https://gitlab.com/qemu-project/qemu/-/issues/786 + Signed-off-by: Igor Mammedov <imammedo@redhat.com> + +diff --git a/hw/acpi/core.c b/hw/acpi/core.c +index 1e004d0078..3e811bf03c 100644 +--- a/hw/acpi/core.c ++++ b/hw/acpi/core.c +@@ -345,8 +345,8 @@ int acpi_get_slic_oem(AcpiSlicOem *oem) + struct acpi_table_header *hdr = (void *)(u - sizeof(hdr->_length)); + + if (memcmp(hdr->sig, "SLIC", 4) == 0) { +- oem->id = hdr->oem_id; +- oem->table_id = hdr->oem_table_id; ++ oem->id = g_strndup(hdr->oem_id, 6); ++ oem->table_id = g_strndup(hdr->oem_table_id, 8); + return 0; + } + } +diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c +index a99c6e4fe3..570f82997b 100644 +--- a/hw/i386/acpi-build.c ++++ b/hw/i386/acpi-build.c +@@ -2721,6 +2721,8 @@ void acpi_build(AcpiBuildTables *tables, MachineState *machine) + + /* Cleanup memory that's no longer used. */ + g_array_free(table_offsets, true); ++ g_free(slic_oem.id); ++ g_free(slic_oem.table_id); + } + + static void acpi_ram_update(MemoryRegion *mr, GArray *data) + +commit a22de122ad03ea40953ad0328b2c3e31002d8052 +Author: Igor Mammedov <imammedo@redhat.com> +Date: Mon Dec 27 14:31:18 2021 -0500 + + tests: acpi: whitelist expected blobs before changing them + + Signed-off-by: Igor Mammedov <imammedo@redhat.com> + +diff --git a/tests/data/acpi/q35/FACP.slic b/tests/data/acpi/q35/FACP.slic +new file mode 100644 +index 0000000000..f6a864cc86 +Binary files /dev/null and b/tests/data/acpi/q35/FACP.slic differ +diff --git a/tests/data/acpi/q35/SLIC.slic b/tests/data/acpi/q35/SLIC.slic +new file mode 100644 +index 0000000000..e69de29bb2 +diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h +index dfb8523c8b..49dbf8fa3e 100644 +--- a/tests/qtest/bios-tables-test-allowed-diff.h ++++ b/tests/qtest/bios-tables-test-allowed-diff.h +@@ -1 +1,3 @@ + /* List of comma-separated changed AML files to ignore */ ++"tests/data/acpi/q35/FACP.slic", ++"tests/data/acpi/q35/SLIC.slic", + +commit cb913395d76f8fdfd7f1d0c8ea77d4710821bbd3 +Author: Igor Mammedov <imammedo@redhat.com> +Date: Mon Dec 27 14:31:19 2021 -0500 + + tests: acpi: add SLIC table test + + When user uses '-acpitable' to add SLIC table, some ACPI + tables (FADT) will change its 'Oem ID'/'Oem Table ID' fields to + match that of SLIC. Test makes sure thati QEMU handles + those fields correctly when SLIC table is added with + '-acpitable' option. + + Signed-off-by: Igor Mammedov <imammedo@redhat.com> + +diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c +index 258874167e..ae7ef13ec7 100644 +--- a/tests/qtest/bios-tables-test.c ++++ b/tests/qtest/bios-tables-test.c +@@ -1567,6 +1567,19 @@ static void test_acpi_oem_fields_virt(void) + g_free(args); + } + ++static void test_acpi_q35_slic(void) ++{ ++ test_data data = { ++ .machine = MACHINE_Q35, ++ .variant = ".slic", ++ }; ++ ++ test_acpi_one("-acpitable sig=SLIC,oem_id='CRASH ',oem_table_id='ME'," ++ "oem_rev=00002210,asl_compiler_id='qemu'," ++ "asl_compiler_rev=00000000,data=/dev/null", ++ &data); ++ free_test_data(&data); ++} + + int main(int argc, char *argv[]) + { +@@ -1639,6 +1652,7 @@ int main(int argc, char *argv[]) + qtest_add_func("acpi/q35/kvm/xapic", test_acpi_q35_kvm_xapic); + qtest_add_func("acpi/q35/kvm/dmar", test_acpi_q35_kvm_dmar); + } ++ qtest_add_func("acpi/q35/slic", test_acpi_q35_slic); + } else if (strcmp(arch, "aarch64") == 0) { + if (has_tcg) { + qtest_add_func("acpi/virt", test_acpi_virt_tcg); + +commit ffba261306370e0ad8506401b104be5fa4749ade +Author: Igor Mammedov <imammedo@redhat.com> +Date: Mon Dec 27 14:31:20 2021 -0500 + + tests: acpi: SLIC: update expected blobs + + Signed-off-by: Igor Mammedov <imammedo@redhat.com> + +diff --git a/tests/data/acpi/q35/FACP.slic b/tests/data/acpi/q35/FACP.slic +index f6a864cc86..891fd4b784 100644 +Binary files a/tests/data/acpi/q35/FACP.slic and b/tests/data/acpi/q35/FACP.slic differ +diff --git a/tests/data/acpi/q35/SLIC.slic b/tests/data/acpi/q35/SLIC.slic +index e69de29bb2..fd26592e24 100644 +Binary files a/tests/data/acpi/q35/SLIC.slic and b/tests/data/acpi/q35/SLIC.slic differ +diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h +index 49dbf8fa3e..dfb8523c8b 100644 +--- a/tests/qtest/bios-tables-test-allowed-diff.h ++++ b/tests/qtest/bios-tables-test-allowed-diff.h +@@ -1,3 +1 @@ + /* List of comma-separated changed AML files to ignore */ +-"tests/data/acpi/q35/FACP.slic", +-"tests/data/acpi/q35/SLIC.slic", |