mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8cdb99af45
qemu/hw/acpi
History
Igor Mammedov 8cdb99af45 acpi: fix QEMU crash when started with SLIC table 
if QEMU is started with used provided SLIC table blob,

  -acpitable sig=SLIC,oem_id='CRASH ',oem_table_id="ME",oem_rev=00002210,asl_compiler_id="",asl_compiler_rev=00000000,data=/dev/null
it will assert with:

  hw/acpi/aml-build.c:61:build_append_padded_str: assertion failed: (len <= maxlen)

and following backtrace:

  ...
  build_append_padded_str (array=0x555556afe320, str=0x555556afdb2e "CRASH ME", maxlen=0x6, pad=0x20) at hw/acpi/aml-build.c:61
  acpi_table_begin (desc=0x7fffffffd1b0, array=0x555556afe320) at hw/acpi/aml-build.c:1727
  build_fadt (tbl=0x555556afe320, linker=0x555557ca3830, f=0x7fffffffd318, oem_id=0x555556afdb2e "CRASH ME", oem_table_id=0x555556afdb34 "ME") at hw/acpi/aml-build.c:2064
  ...

which happens due to acpi_table_begin() expecting NULL terminated
oem_id and oem_table_id strings, which is normally the case, but
in case of user provided SLIC table, oem_id points to table's blob
directly and as result oem_id became longer than expected.

Fix issue by handling oem_id consistently and make acpi_get_slic_oem()
return NULL terminated strings.

PS:
After [1] refactoring, oem_id semantics became inconsistent, where
NULL terminated string was coming from machine and old way pointer
into byte array coming from -acpitable option. That used to work
since build_header() wasn't expecting NULL terminated string and
blindly copied the 1st 6 bytes only.

However commit [2] broke that by replacing build_header() with
acpi_table_begin(), which was expecting NULL terminated string
and was checking oem_id size.

1) 602b45820 ("acpi: Permit OEM ID and OEM table ID fields to be changed")
2)
Fixes: 4b56e1e4eb ("acpi: build_fadt: use acpi_table_begin()/acpi_table_end() instead of build_header()")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/786
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20211227193120.1084176-2-imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Denis Lisov <dennis.lissov@gmail.com>
Tested-by: Alexander Tsoy <alexander@tsoy.me>
Cc: qemu-stable@nongnu.org
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-01-07 19:30:13 -05:00
..
acpi_interface.c acpi: extend ACPI interface to provide send_event hook 2016-06-07 15:36:54 +03:00
acpi-cpu-hotplug-stub.c hw/acpi: refactor acpi hp modules so that targets can just use what they need 2021-09-04 09:07:46 -04:00
acpi-mem-hotplug-stub.c hw/acpi: refactor acpi hp modules so that targets can just use what they need 2021-09-04 09:07:46 -04:00
acpi-nvdimm-stub.c hw/acpi: refactor acpi hp modules so that targets can just use what they need 2021-09-04 09:07:46 -04:00
acpi-pci-hotplug-stub.c hw/acpi: refactor acpi hp modules so that targets can just use what they need 2021-09-04 09:07:46 -04:00
acpi-stub.c Include qmp-commands.h exactly where needed 2018-02-09 13:52:10 +01:00
acpi-x86-stub.c acpi: x86: set enabled when composing _MAT entries 2021-10-05 17:30:57 -04:00
aml-build-stub.c acpi: add aml builder stubs 2020-10-21 11:36:19 +02:00
aml-build.c hw/acpi/aml-build: Add PPTT table 2021-10-21 08:03:58 -07:00
bios-linker-loader.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
core.c acpi: fix QEMU crash when started with SLIC table 2022-01-07 19:30:13 -05:00
cpu_hotplug.c qom: Put name parameter before value / visitor parameter 2020-07-10 15:18:08 +02:00
cpu.c acpi: x86: set enabled when composing _MAT entries 2021-10-05 17:30:57 -04:00
generic_event_device.c acpi/ged: fix reset cause 2021-07-03 03:12:35 -04:00
ghes-stub.c hw/acpi: Provide function acpi_ghes_present() 2021-06-21 16:49:37 +01:00
ghes.c acpi: acpi_build_hest: use acpi_table_begin()/acpi_table_end() instead of build_header() 2021-10-05 17:30:57 -04:00
hmat.c acpi: build_hmat: use acpi_table_begin()/acpi_table_end() instead of build_header() 2021-10-05 17:30:57 -04:00
hmat.h acpi: Permit OEM ID and OEM table ID fields to be changed 2021-02-05 08:52:59 -05:00
ich9.c hw/acpi/ich9: Add compat prop to keep HPC bit set for 6.1 machine type 2021-11-15 09:44:46 -05:00
ipmi-stub.c ipmi: Fix SSIF ACPI handling to use the right CRS 2019-09-20 14:08:10 -05:00
ipmi.c ipmi: Fix SSIF ACPI handling to use the right CRS 2019-09-20 14:08:10 -05:00
Kconfig hw/acpi: Add VIOT table 2021-11-01 18:49:10 -04:00
memory_hotplug.c memory_hotplug.c: send DEVICE_UNPLUG_GUEST_ERROR in acpi_memory_hotplug_write() 2021-09-30 12:26:06 +10:00
meson.build hw/acpi: Add VIOT table 2021-11-01 18:49:10 -04:00
nvdimm.c nvdimm: release the correct device list 2021-10-05 17:30:57 -04:00
pci.c acpi: build_mcfg: use acpi_table_begin()/acpi_table_end() instead of build_header() 2021-10-05 17:30:57 -04:00
pcihp.c acpi: validate hotplug selector on access 2022-01-06 06:11:38 -05:00
piix4.c hw/acpi: define PIIX4 acpi pci hotplug property strings at a single place 2021-09-04 09:07:45 -04:00
tco.c hw/acpi/tco: Remove unused definitions 2020-09-09 15:26:41 +02:00
tpm.c docs: fix references to docs/specs/tpm.rst 2021-06-02 06:51:09 +02:00
trace-events docs: fix references to docs/devel/tracing.rst 2021-06-02 06:51:09 +02:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
utils.c acpi: Set proper maximum size for "etc/acpi/rsdp" blob 2021-03-22 18:58:19 -04:00
viot.c hw/acpi: Add VIOT table 2021-11-01 18:49:10 -04:00
viot.h hw/acpi: Add VIOT table 2021-11-01 18:49:10 -04:00
vmgenid.c acpi: vmgenid_build_acpi: use acpi_table_begin()/acpi_table_end() instead of build_header() 2021-10-05 17:30:57 -04:00