commit dce6c86f54eab61028e110497c222e73381379df Author: Igor Mammedov Date: Mon Dec 27 14:31:17 2021 -0500 acpi: fix QEMU crash when started with SLIC table if QEMU is started with used provided SLIC table blob, -acpitable sig=SLIC,oem_id='CRASH ',oem_table_id="ME",oem_rev=00002210,asl_compiler_id="",asl_compiler_rev=00000000,data=/dev/null it will assert with: hw/acpi/aml-build.c:61:build_append_padded_str: assertion failed: (len <= maxlen) and following backtrace: ... build_append_padded_str (array=0x555556afe320, str=0x555556afdb2e "CRASH ME", maxlen=0x6, pad=0x20) at hw/acpi/aml-build.c:61 acpi_table_begin (desc=0x7fffffffd1b0, array=0x555556afe320) at hw/acpi/aml-build.c:1727 build_fadt (tbl=0x555556afe320, linker=0x555557ca3830, f=0x7fffffffd318, oem_id=0x555556afdb2e "CRASH ME", oem_table_id=0x555556afdb34 "ME") at hw/acpi/aml-build.c:2064 ... which happens due to acpi_table_begin() expecting NULL terminated oem_id and oem_table_id strings, which is normally the case, but in case of user provided SLIC table, oem_id points to table's blob directly and as result oem_id became longer than expected. Fix issue by handling oem_id consistently and make acpi_get_slic_oem() return NULL terminated strings. PS: After [1] refactoring, oem_id semantics became inconsistent, where NULL terminated string was coming from machine and old way pointer into byte array coming from -acpitable option. That used to work since build_header() wasn't expecting NULL terminated string and blindly copied the 1st 6 bytes only. However commit [2] broke that by replacing build_header() with acpi_table_begin(), which was expecting NULL terminated string and was checking oem_id size. 1) 602b45820 ("acpi: Permit OEM ID and OEM table ID fields to be changed") 2) Fixes: 4b56e1e4eb08 ("acpi: build_fadt: use acpi_table_begin()/acpi_table_end() instead of build_header()") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/786 Signed-off-by: Igor Mammedov diff --git a/hw/acpi/core.c b/hw/acpi/core.c index 1e004d0078..3e811bf03c 100644 --- a/hw/acpi/core.c +++ b/hw/acpi/core.c @@ -345,8 +345,8 @@ int acpi_get_slic_oem(AcpiSlicOem *oem) struct acpi_table_header *hdr = (void *)(u - sizeof(hdr->_length)); if (memcmp(hdr->sig, "SLIC", 4) == 0) { - oem->id = hdr->oem_id; - oem->table_id = hdr->oem_table_id; + oem->id = g_strndup(hdr->oem_id, 6); + oem->table_id = g_strndup(hdr->oem_table_id, 8); return 0; } } diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c index a99c6e4fe3..570f82997b 100644 --- a/hw/i386/acpi-build.c +++ b/hw/i386/acpi-build.c @@ -2721,6 +2721,8 @@ void acpi_build(AcpiBuildTables *tables, MachineState *machine) /* Cleanup memory that's no longer used. */ g_array_free(table_offsets, true); + g_free(slic_oem.id); + g_free(slic_oem.table_id); } static void acpi_ram_update(MemoryRegion *mr, GArray *data) commit a22de122ad03ea40953ad0328b2c3e31002d8052 Author: Igor Mammedov Date: Mon Dec 27 14:31:18 2021 -0500 tests: acpi: whitelist expected blobs before changing them Signed-off-by: Igor Mammedov diff --git a/tests/data/acpi/q35/FACP.slic b/tests/data/acpi/q35/FACP.slic new file mode 100644 index 0000000000..f6a864cc86 Binary files /dev/null and b/tests/data/acpi/q35/FACP.slic differ diff --git a/tests/data/acpi/q35/SLIC.slic b/tests/data/acpi/q35/SLIC.slic new file mode 100644 index 0000000000..e69de29bb2 diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h index dfb8523c8b..49dbf8fa3e 100644 --- a/tests/qtest/bios-tables-test-allowed-diff.h +++ b/tests/qtest/bios-tables-test-allowed-diff.h @@ -1 +1,3 @@ /* List of comma-separated changed AML files to ignore */ +"tests/data/acpi/q35/FACP.slic", +"tests/data/acpi/q35/SLIC.slic", commit cb913395d76f8fdfd7f1d0c8ea77d4710821bbd3 Author: Igor Mammedov Date: Mon Dec 27 14:31:19 2021 -0500 tests: acpi: add SLIC table test When user uses '-acpitable' to add SLIC table, some ACPI tables (FADT) will change its 'Oem ID'/'Oem Table ID' fields to match that of SLIC. Test makes sure thati QEMU handles those fields correctly when SLIC table is added with '-acpitable' option. Signed-off-by: Igor Mammedov diff --git a/tests/qtest/bios-tables-test.c b/tests/qtest/bios-tables-test.c index 258874167e..ae7ef13ec7 100644 --- a/tests/qtest/bios-tables-test.c +++ b/tests/qtest/bios-tables-test.c @@ -1567,6 +1567,19 @@ static void test_acpi_oem_fields_virt(void) g_free(args); } +static void test_acpi_q35_slic(void) +{ + test_data data = { + .machine = MACHINE_Q35, + .variant = ".slic", + }; + + test_acpi_one("-acpitable sig=SLIC,oem_id='CRASH ',oem_table_id='ME'," + "oem_rev=00002210,asl_compiler_id='qemu'," + "asl_compiler_rev=00000000,data=/dev/null", + &data); + free_test_data(&data); +} int main(int argc, char *argv[]) { @@ -1639,6 +1652,7 @@ int main(int argc, char *argv[]) qtest_add_func("acpi/q35/kvm/xapic", test_acpi_q35_kvm_xapic); qtest_add_func("acpi/q35/kvm/dmar", test_acpi_q35_kvm_dmar); } + qtest_add_func("acpi/q35/slic", test_acpi_q35_slic); } else if (strcmp(arch, "aarch64") == 0) { if (has_tcg) { qtest_add_func("acpi/virt", test_acpi_virt_tcg); commit ffba261306370e0ad8506401b104be5fa4749ade Author: Igor Mammedov Date: Mon Dec 27 14:31:20 2021 -0500 tests: acpi: SLIC: update expected blobs Signed-off-by: Igor Mammedov diff --git a/tests/data/acpi/q35/FACP.slic b/tests/data/acpi/q35/FACP.slic index f6a864cc86..891fd4b784 100644 Binary files a/tests/data/acpi/q35/FACP.slic and b/tests/data/acpi/q35/FACP.slic differ diff --git a/tests/data/acpi/q35/SLIC.slic b/tests/data/acpi/q35/SLIC.slic index e69de29bb2..fd26592e24 100644 Binary files a/tests/data/acpi/q35/SLIC.slic and b/tests/data/acpi/q35/SLIC.slic differ diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h index 49dbf8fa3e..dfb8523c8b 100644 --- a/tests/qtest/bios-tables-test-allowed-diff.h +++ b/tests/qtest/bios-tables-test-allowed-diff.h @@ -1,3 +1 @@ /* List of comma-separated changed AML files to ignore */ -"tests/data/acpi/q35/FACP.slic", -"tests/data/acpi/q35/SLIC.slic",