From cf2f89edf36a59183166ae8721a8d7ab5cd286bd Mon Sep 17 00:00:00 2001 From: Eric Auger Date: Mon, 17 Jul 2023 18:21:26 +0200 Subject: [PATCH 01/22] hw/virtio-iommu: Fix potential OOB access in virtio_iommu_handle_command() In the virtio_iommu_handle_command() when a PROBE request is handled, output_size takes a value greater than the tail size and on a subsequent iteration we can get a stack out-of-band access. Initialize the output_size on each iteration. The issue was found with ASAN. Credits to: Yiming Tao(Zhejiang University) Gaoning Pan(Zhejiang University) Fixes: 1733eebb9e7 ("virtio-iommu: Implement RESV_MEM probe request") Signed-off-by: Eric Auger Reported-by: Mauro Matteo Cascella Cc: qemu-stable@nongnu.org Message-Id: <20230717162126.11693-1-eric.auger@redhat.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- hw/virtio/virtio-iommu.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c index 201127c488..4dcf1d5c62 100644 --- a/hw/virtio/virtio-iommu.c +++ b/hw/virtio/virtio-iommu.c @@ -728,13 +728,15 @@ static void virtio_iommu_handle_command(VirtIODevice *vdev, VirtQueue *vq) VirtIOIOMMU *s = VIRTIO_IOMMU(vdev); struct virtio_iommu_req_head head; struct virtio_iommu_req_tail tail = {}; - size_t output_size = sizeof(tail), sz; VirtQueueElement *elem; unsigned int iov_cnt; struct iovec *iov; void *buf = NULL; + size_t sz; for (;;) { + size_t output_size = sizeof(tail); + elem = virtqueue_pop(vq, sizeof(VirtQueueElement)); if (!elem) { return; From 503d86dd66625b4bed9484bca71db1678c730dc9 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 18 Jul 2023 11:13:27 +0100 Subject: [PATCH 02/22] hw/pci-bridge/cxl_upstream.c: Use g_new0() in build_cdat_table() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In build_cdat_table() we do: *cdat_table = g_malloc0(sizeof(*cdat_table) * CXL_USP_CDAT_NUM_ENTRIES); This is wrong because: - cdat_table has type CDATSubHeader *** - so *cdat_table has type CDATSubHeader ** - so the array we're allocating here should be items of type CDATSubHeader * - but we pass sizeof(*cdat_table), which is sizeof(CDATSubHeader **), implying that we're allocating an array of CDATSubHeader ** It happens that sizeof(CDATSubHeader **) == sizeof(CDATSubHeader *) so nothing blows up, but this should be sizeof(**cdat_table). Avoid this excessively hard-to-understand code by using g_new0() instead, which will do the type checking for us. While we're here, we can drop the useless check against failure, as g_malloc0() and g_new0() never fail. This fixes Coverity issue CID 1508120. Signed-off-by: Peter Maydell Message-Id: <20230718101327.1111374-1-peter.maydell@linaro.org> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Jonathan Cameron --- hw/pci-bridge/cxl_upstream.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/hw/pci-bridge/cxl_upstream.c b/hw/pci-bridge/cxl_upstream.c index ef47e5d625..9159f48a8c 100644 --- a/hw/pci-bridge/cxl_upstream.c +++ b/hw/pci-bridge/cxl_upstream.c @@ -274,10 +274,7 @@ static int build_cdat_table(CDATSubHeader ***cdat_table, void *priv) }; } - *cdat_table = g_malloc0(sizeof(*cdat_table) * CXL_USP_CDAT_NUM_ENTRIES); - if (!*cdat_table) { - return -ENOMEM; - } + *cdat_table = g_new0(CDATSubHeader *, CXL_USP_CDAT_NUM_ENTRIES); /* Header always at start of structure */ (*cdat_table)[CXL_USP_CDAT_SSLBIS_LAT] = g_steal_pointer(&sslbis_latency); From 1084feddc6a677cdfdde56936bfb97cf32cc4dee Mon Sep 17 00:00:00 2001 From: Eric Auger Date: Tue, 18 Jul 2023 20:21:36 +0200 Subject: [PATCH 03/22] virtio-iommu: Standardize granule extraction and formatting At several locations we compute the granule from the config page_size_mask using ctz() and then format it in traces using BIT(). As the page_size_mask is 64b we should use ctz64 and BIT_ULL() for formatting. We failed to be consistent. Note the page_size_mask is garanteed to be non null. The spec mandates the device to set at least one bit, so ctz64 cannot return 64. This is garanteed by the fact the device initializes the page_size_mask to qemu_target_page_mask() and then the page_size_mask is further constrained by virtio_iommu_set_page_size_mask() callback which can't result in a new mask being null. So if Coverity complains round those ctz64/BIT_ULL with CID 1517772 this is a false positive Signed-off-by: Eric Auger Fixes: 94df5b2180 ("virtio-iommu: Fix 64kB host page size VFIO device assignment") Message-Id: <20230718182136.40096-1-eric.auger@redhat.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: Jean-Philippe Brucker --- hw/virtio/virtio-iommu.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c index 4dcf1d5c62..be51635895 100644 --- a/hw/virtio/virtio-iommu.c +++ b/hw/virtio/virtio-iommu.c @@ -854,17 +854,19 @@ static IOMMUTLBEntry virtio_iommu_translate(IOMMUMemoryRegion *mr, hwaddr addr, VirtIOIOMMUEndpoint *ep; uint32_t sid, flags; bool bypass_allowed; + int granule; bool found; int i; interval.low = addr; interval.high = addr + 1; + granule = ctz64(s->config.page_size_mask); IOMMUTLBEntry entry = { .target_as = &address_space_memory, .iova = addr, .translated_addr = addr, - .addr_mask = (1 << ctz32(s->config.page_size_mask)) - 1, + .addr_mask = BIT_ULL(granule) - 1, .perm = IOMMU_NONE, }; @@ -1117,7 +1119,7 @@ static int virtio_iommu_set_page_size_mask(IOMMUMemoryRegion *mr, if (s->granule_frozen) { int cur_granule = ctz64(cur_mask); - if (!(BIT(cur_granule) & new_mask)) { + if (!(BIT_ULL(cur_granule) & new_mask)) { error_setg(errp, "virtio-iommu %s does not support frozen granule 0x%llx", mr->parent_obj.name, BIT_ULL(cur_granule)); return -1; @@ -1163,7 +1165,7 @@ static void virtio_iommu_freeze_granule(Notifier *notifier, void *data) } s->granule_frozen = true; granule = ctz64(s->config.page_size_mask); - trace_virtio_iommu_freeze_granule(BIT(granule)); + trace_virtio_iommu_freeze_granule(BIT_ULL(granule)); } static void virtio_iommu_device_realize(DeviceState *dev, Error **errp) From 63a3520e29a1a68d8610315b049ccb5840fe22e9 Mon Sep 17 00:00:00 2001 From: Milan Zamazal Date: Thu, 20 Jul 2023 12:10:37 +0200 Subject: [PATCH 04/22] hw/virtio: Add a protection against duplicate vu_scmi_stop calls The QEMU CI fails in virtio-scmi test occasionally. As reported by Thomas Huth, this happens most likely when the system is loaded and it fails with the following error: qemu-system-aarch64: ../../devel/qemu/hw/pci/msix.c:659: msix_unset_vector_notifiers: Assertion `dev->msix_vector_use_notifier && dev->msix_vector_release_notifier' failed. ../../devel/qemu/tests/qtest/libqtest.c:200: kill_qemu() detected QEMU death from signal 6 (Aborted) (core dumped) As discovered by Fabiano Rosas, the cause is a duplicate invocation of msix_unset_vector_notifiers via duplicate vu_scmi_stop calls: msix_unset_vector_notifiers virtio_pci_set_guest_notifiers vu_scmi_stop vu_scmi_disconnect ... qemu_chr_write_buffer msix_unset_vector_notifiers virtio_pci_set_guest_notifiers vu_scmi_stop vu_scmi_set_status ... qemu_cleanup While vu_scmi_stop calls are protected by vhost_dev_is_started() check, it's apparently not enough. vhost-user-blk and vhost-user-gpio use an extra protection, see f5b22d06fb (vhost: recheck dev state in the vhost_migration_log routine) for the motivation. Let's use the same in vhost-user-scmi, which fixes the failure above. Fixes: a5dab090e142 ("hw/virtio: Add boilerplate for vhost-user-scmi device") Signed-off-by: Milan Zamazal Message-Id: <20230720101037.2161450-1-mzamazal@redhat.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Tested-by: Thomas Huth Reviewed-by: Fabiano Rosas --- hw/virtio/vhost-user-scmi.c | 7 +++++++ include/hw/virtio/vhost-user-scmi.h | 1 + 2 files changed, 8 insertions(+) diff --git a/hw/virtio/vhost-user-scmi.c b/hw/virtio/vhost-user-scmi.c index d386fb2df9..918bb7dcf7 100644 --- a/hw/virtio/vhost-user-scmi.c +++ b/hw/virtio/vhost-user-scmi.c @@ -63,6 +63,7 @@ static int vu_scmi_start(VirtIODevice *vdev) error_report("Error starting vhost-user-scmi: %d", ret); goto err_guest_notifiers; } + scmi->started_vu = true; /* * guest_notifier_mask/pending not used yet, so just unmask @@ -90,6 +91,12 @@ static void vu_scmi_stop(VirtIODevice *vdev) struct vhost_dev *vhost_dev = &scmi->vhost_dev; int ret; + /* vhost_dev_is_started() check in the callers is not fully reliable. */ + if (!scmi->started_vu) { + return; + } + scmi->started_vu = false; + if (!k->set_guest_notifiers) { return; } diff --git a/include/hw/virtio/vhost-user-scmi.h b/include/hw/virtio/vhost-user-scmi.h index 6175a74ebd..c90db77dd5 100644 --- a/include/hw/virtio/vhost-user-scmi.h +++ b/include/hw/virtio/vhost-user-scmi.h @@ -25,6 +25,7 @@ struct VHostUserSCMI { VirtQueue *cmd_vq; VirtQueue *event_vq; bool connected; + bool started_vu; }; #endif /* _QEMU_VHOST_USER_SCMI_H */ From 45d9d318c8d435cbe2d465f61e6975885d2242ca Mon Sep 17 00:00:00 2001 From: Igor Mammedov Date: Thu, 20 Jul 2023 15:38:53 +0200 Subject: [PATCH 05/22] tests: acpi: x86: whitelist expected blobs Signed-off-by: Igor Mammedov Message-Id: <20230720133858.1974024-2-imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- tests/qtest/bios-tables-test-allowed-diff.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h index dfb8523c8b..1983fa596b 100644 --- a/tests/qtest/bios-tables-test-allowed-diff.h +++ b/tests/qtest/bios-tables-test-allowed-diff.h @@ -1 +1,15 @@ /* List of comma-separated changed AML files to ignore */ +"tests/data/acpi/pc/DSDT", +"tests/data/acpi/pc/DSDT.acpierst", +"tests/data/acpi/pc/DSDT.acpihmat", +"tests/data/acpi/pc/DSDT.bridge", +"tests/data/acpi/pc/DSDT.cphp", +"tests/data/acpi/pc/DSDT.dimmpxm", +"tests/data/acpi/pc/DSDT.hpbridge", +"tests/data/acpi/pc/DSDT.ipmikcs", +"tests/data/acpi/pc/DSDT.memhp", +"tests/data/acpi/pc/DSDT.nohpet", +"tests/data/acpi/pc/DSDT.numamem", +"tests/data/acpi/pc/DSDT.roothp", +"tests/data/acpi/q35/DSDT.bridge", +"tests/data/acpi/q35/DSDT.multi-bridge", From 44d975ef340e2f21f236f9520c53e1b30d2213a4 Mon Sep 17 00:00:00 2001 From: Igor Mammedov Date: Thu, 20 Jul 2023 15:38:54 +0200 Subject: [PATCH 06/22] x86: acpi: workaround Windows not handling name references in Package properly it seems that Windows is unable to handle variable references making it choke up when accessing ASUN during _DSM call when device is hotplugged (it lists package elements as DataAlias but despite that later on it misbehaves) with following error shown up in AMLI debugger (WS2012r2): Store(ShiftLeft(One,Arg1="ASUN",) AMLI_ERROR(c0140008): Unexpected argument type ValidateArgTypes: expected Arg1 to be type Integer (Type=String) Similar outcome with WS2022. Issue is not fatal but as result acpi-index/"PCI Label ID" property is either not shown in device details page or shows incorrect value. Fix it by doing assignment of BSEL/ASUN values to package elements manually after package declaration. Fix was tested with: WS2012r2, WS2022, RHEL9 Fixes: 467d099a2985 (x86: acpi: _DSM: use Package to pass parameters) Signed-off-by: Igor Mammedov Message-Id: <20230720133858.1974024-3-imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- hw/i386/acpi-build.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c index 9c74fa17ad..19d268ff59 100644 --- a/hw/i386/acpi-build.c +++ b/hw/i386/acpi-build.c @@ -362,9 +362,13 @@ Aml *aml_pci_device_dsm(void) { Aml *params = aml_local(0); Aml *pkg = aml_package(2); - aml_append(pkg, aml_name("BSEL")); - aml_append(pkg, aml_name("ASUN")); + aml_append(pkg, aml_int(0)); + aml_append(pkg, aml_int(0)); aml_append(method, aml_store(pkg, params)); + aml_append(method, + aml_store(aml_name("BSEL"), aml_index(params, aml_int(0)))); + aml_append(method, + aml_store(aml_name("ASUN"), aml_index(params, aml_int(1)))); aml_append(method, aml_return(aml_call5("PDSM", aml_arg(0), aml_arg(1), aml_arg(2), aml_arg(3), params)) From 6e510855a90b7ca1811bdfc4be66b0fd4a4af28a Mon Sep 17 00:00:00 2001 From: Igor Mammedov Date: Thu, 20 Jul 2023 15:38:55 +0200 Subject: [PATCH 07/22] tests: acpi: x86: update expected blobs Following change is expected on each PCI slot with enabled ACPI PCI hotplug - BSEL, - ASUN + Zero, + Zero } + Local0 [Zero] = BSEL /* \_SB_.PCI0.BSEL */ + Local0 [One] = ASUN /* \_SB_.PCI0.S18_.ASUN */ Signed-off-by: Igor Mammedov Message-Id: <20230720133858.1974024-4-imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- tests/data/acpi/pc/DSDT | Bin 6488 -> 6836 bytes tests/data/acpi/pc/DSDT.acpierst | Bin 6411 -> 6747 bytes tests/data/acpi/pc/DSDT.acpihmat | Bin 7813 -> 8161 bytes tests/data/acpi/pc/DSDT.bridge | Bin 12615 -> 13707 bytes tests/data/acpi/pc/DSDT.cphp | Bin 6952 -> 7300 bytes tests/data/acpi/pc/DSDT.dimmpxm | Bin 8142 -> 8490 bytes tests/data/acpi/pc/DSDT.hpbridge | Bin 6451 -> 6787 bytes tests/data/acpi/pc/DSDT.ipmikcs | Bin 6560 -> 6908 bytes tests/data/acpi/pc/DSDT.memhp | Bin 7847 -> 8195 bytes tests/data/acpi/pc/DSDT.nohpet | Bin 6346 -> 6694 bytes tests/data/acpi/pc/DSDT.numamem | Bin 6494 -> 6842 bytes tests/data/acpi/pc/DSDT.roothp | Bin 9873 -> 10629 bytes tests/data/acpi/q35/DSDT.bridge | Bin 11590 -> 11974 bytes tests/data/acpi/q35/DSDT.multi-bridge | Bin 12770 -> 13214 bytes tests/qtest/bios-tables-test-allowed-diff.h | 14 -------------- 15 files changed, 14 deletions(-) diff --git a/tests/data/acpi/pc/DSDT b/tests/data/acpi/pc/DSDT index 32d255cfc0a207c89bf8459edaca11fad12979e9..3f104cc65c4fcc55616540867ec1ec50a7b9c7fd 100644 GIT binary patch delta 1639 zcma*ly-vbV6u|LIp@g)BmeSTJAKggU6vBsNv6v8)sMSp^vk3{CiL;5!;%OEae3!eI;&HLON1Z$G^2P}4TU~{D1$?-RP*tNh~q`d=+T^p=T+D~EI*mb}< zq-|LI(?7T9Pya@YK1CQ^@X=eF{?m%h`-c%muWWu^A5WBrHS^?}AHsIYA>w)77a2vipwT$G65pav`?CIX2C<6u&EHSq~t^bOe5cQA-A zp%aUVqmGVF>SnlJyyaYfzfZn*_gH_ei69JyM+He*xSxm@P4s5RQP_^m&TRUj`SQv@ z3D=sD8nuFhv?L`YwH1!~BH@&yAnc_tEFrhU&i?%IWW1wS=f1Z3=N0q{>+jH0KZ!oc z`X9Y250vqek+Zq+hX#CK{_{OGV7qnNPQ_^|JIyp>Pur!?r&xa;`#SXndcpc<^wihT zYph?+!g+%%fBkh9*4?0726GuU_a6HOt*fKgS-)*Tzd?Niy}|n1*f*(fqBmLpZNYhq zHhGy)OXRltbcOgyibQeuj;~g-{rrr zT-a`xw)1eB$4+}gPumsH7g)cQgML8$BKjihZ_rb}gucZ3uN<7`=lS!7c^KcJTp4p^ dHaCfVm)5PIudrVCpx>pwkKX6}^wisve*rUoCENf2 diff --git a/tests/data/acpi/pc/DSDT.acpierst b/tests/data/acpi/pc/DSDT.acpierst index 33e872b2fae3d974a3dc4ec0401b1f1734db313b..d33cffc67a5dc49694a6c6a57b3f26da1f759bbe 100644 GIT binary patch delta 1579 zcma*my-LGS6bJCz*p%9&`A!D=wG|YEQa>8Sr6ER{@mkoW>MyWkw?SOj0dUF`$t z0|;({=%94+D+c5deJ?z!MYNQ>5#aI;0(e#aHu z@aRR3=#7Xz<%rHj)O6_qwq1VT5N}k2J!|Bi6JZB;&C%}u=Knrt*1l|tIEfF8lA_FQJc@Tie>+N(erj*OPCt!ET^?yk zGfMMmFWxs5MN{&<=hc|yMI1|KEwJ4>08v#qR+Bk zSkP}#KZicY`ctc+jfo$&-!!e`_vE62dw`hXM3s>Q~TLSbrz|fcjPRRo3T2I4=tM^NvG!ev5K7%+=W3 R6MC9kM_=dsv_8MC{s8n097O;C diff --git a/tests/data/acpi/pc/DSDT.acpihmat b/tests/data/acpi/pc/DSDT.acpihmat index cd84abc1b1d026e6055057f4c6170146e1921ea6..726741a0f0934fa6504ab451d6374a739f704301 100644 GIT binary patch delta 1640 zcma*mJxjw-6b9hiv}w~&+9XZVFKL_#f`ebs78FSu3#IB{)JaIhUE&YWO)Rb*1ZTmy z)Lr}o`U9N06v0_=l-_&rj3;y6C+|7;Cbv7YUDXf#TaS+x;mJjg@G4p?tE(N zj?^B?!FnfDLf1bkFqUSD8=M@fX>%p?gM&hBWF*F-*bDadM-gN3;^`<#v2j#xE$qhH zzs-QnkahwVdu6aPX(f~QZenj1Y?ibESnSP#&5`y=*e&c;z$&Eu0gJtPuzAw}Um~j6^jo_&AK*Me^xo!o)5bF@!k$HP&rh&;MkTN%(ymr`ZwGrd zuo`Kv!D6otRwwPduwCpmz#61=s(j`y_LjkxNgE66Vy_9-B<&km?6tsJq%~@MW)FL9 zur_Hgz+!I&Y=yKh!uGJY3bsmGxz1A&PzL_ZQle?@e;LBDm- i-~(JGh(0#>o_#!{ChXZH_xuKnXXJo&C_CL=8c2T^#Byc; delta 1309 zcmZwCO-{m45Ww+TnoybomX?+l+HRDM8$VDnN(@j)Oav02?o8@hS$G9CoPdpb3JE80 zrS3R^A16>Zx;0EE&Stjn{qmogkNr_Yi$ruh3M6S^IMHN7>&;GM(TW#4v#D)_^2$IF zYxP)-o6(UjNhwKfij%&Uvivv_J^iwv$t}@2oIjq8hh}x|*H{0&f?i?$i&>Qi%J|!~ zO)gip;Ja_}-!~Ra+o0{zI4#Xidry3gwo}ootZx*dU!#5oeTMb-iQlBYhF)X+ZxPN5 zZT`Gt8^&)@PRE?i<|gQA-7NYn>vInDx2c~)pJV+6dg|xV=UM;kz$JMj2#;lZ>PZRg-L zhn@D2_%>}(3J(QQt%FvHqzH*MFAz^Oh8O|oD diff --git a/tests/data/acpi/pc/DSDT.bridge b/tests/data/acpi/pc/DSDT.bridge index 69a73ea2a691de387b82bf85a7ba1a2279c01a0c..89b5ee17e156d08168fcc93ab635dfb83d63b335 100644 GIT binary patch literal 13707 zcmeHO&2QV-5uc|In|hLLN@n6D&WDgq+U^Gu$<8MVw2?^JR&2?NC}+1|P*IW>Rnh=U zWH-PjMo`6DWW6Z@G*wgd(1SMc-iqW;Xn~%3%W;p}LoYpU(M?Y4&OB10EsH=2T zV45@Y_?wS6ocBhgG+nFy<}3jFI=7-O>Z#lZWi^E#1^{$U|K&pH8W?RYw@_ozK!_Rl zqv9M7IZ1g>%dIZ3Keo(2nC2&+o2+g@=|sLH)%0A=*jOAd ztA(^wTP$d?>0YFVuUQf;-MfwC0NYkD!>J=eJbRwBs2>>m1Er6OFhDP`B!~P+nF}kp-mP zXqQ#J%A)X$OU8Yf2o?FODLiN?qpjyJqrcKK9zutSP;=@0WfbH}#R`kc_GLt-)mi;s{SM>fZkW0!cg1i3z-lT&aSU475!P>Q8f#Cw1Po?$&t#8rJ%)dINY6nq9fm#6gh|z;bCxgSGC7 zPLp*LojMQo**dI!8ShhB9F*uZd7#h9Ihaq znsvBc-!he{!WEqJZe*ReTd>6=TRf_qD_l`45vg3Mq!SZ7`o$PTDDB}6JR}|uWc}81jC5K@h>Xyl*yW2&B7KLQLbD` zD~Xy`(BU4P^S0nj*3^nlBh-qZr)zpeXAfJp6&9%{zN0-ipq=^9p4p*2BeZAGzMa}L z%5d!&W1~pEs{`73z=!(T9qMO=`q=^XvmWYa9rfCvdMqRVbL{7KsGk$+=LXczd8nT= zHdaFDy*{WuWUKF`P{f|{h&|<)XJcZrm8czKG8I`gyK>Pfi+O3WoUit98Tvy7(P%H0 zt3`+by!bu}SdC<&r>^EpTB=;pYANNM&|wkB#1zqL^}8mQ&2H>*$ApfFcf=NSCmwg| z@cViU{_&si7Un+YD^7MI!6zP&sR#~uPu>ApsV$WA!iacQEf>=1^f{1Me&SSae(iLy zS3=8`d_M|&OjsLN%d4ryk3O+(-u^}E)`uT|bo*BG!;isWYI%7HD?F);bH2dfIXq{v zJLnw-g39o79y9L$h=?qt)N;PW)Iv#TYNdFUVKGh9VV*%yRf`%H>?Dm0s(OAog~PRM zHKoLAg;GJXfS8ygbJs+zM}ur59d9yeGQ(bY!b(D|&i^dX<((EhP|?-v%HkNV1lfr3 z*0s~2osN7Bnrk_EbxD)|iDQl!?;49Q$p@WKWvNGOgyIO5yMz6DOrR{bZ1f)6)E^ z8^PMXjcUHKhRL!153*_At>z}#NOc>n`tp4D?4DsFGjRHvJZS9+3<~kO+fCYzqnuu}O$WBXUd3L;n1p;53li%kieJV0bQ~9I zfPa5J4PeV@sodVCrIJ1Y5E8KzBPnff|K)ojfWLnC@Ll&Bn@7WNJM*jFaGMKl`j16s zLk*!f_Kq`NE|t?+ENXVaBL0p_g{8Qf<YL}^JZB*Sxg07lmMeB?+zo=E7*h52 zV!<@%&6JDTR0dcS}T_B?%cX|JV(-v2kkteRbY8;7Y!@ zijzA_qX#UO!*ZBvtNiFu;F{Q@{rXXWX3N-!>gjaN-fkNk^D}z-f=%JnFsj98(rSR4 zJS4v-E;R0+I31)bX&?z1?LKg?bR|QFSvt%~#>SbYoQ6R5em;l`7n$U&FbDX)1!jT? z40B=)*6{!FfS8mM#g*0mRg+V@u9A58ILH+BtTeBw{bpet{iQ`@h96j9-v+-8LTG`# z489BkJAMh?2?^lL{Bjw0W_D9CuN9Ih8F-kl@HFGkF~%qHFUe>4HowWgvHC8e)-XNi=<6@UkfjeOWmCMm10mOy#ChD}P$ zN`^3QrbPp(SFlL9X)@TN9tO+HFHN+A#wTmEvQx7}V~J;M6cE-mhk<}*KB3uA=%w)P zxCm$-@QIBV46~cSUAu8o$!i|;3m)_WpLJ&xQ&511{DOx(!ClM44tUrvc-RYk&b55Z z0Uz@VKIRGTT8_0rgk{_>__!DN8P{@LDh0UY7hLiLcP)=N;1R#z5ijtwuI1bT=YGMt zC%9`lRw)sds9*4?7x+2X@|Xi2^9vsH1a~cuJK%A@;BhbT^RDF+4)}y$@Ci?F*YZgR ze9|xYq!;)F*K*kbm;Hjvp5U(K2?spk7d+twe$ll&>3}Ewf+sz}UCXB&@F~CGQ(oX% z*K)-HSNwu2p5U(K`yB9ne!=&7f#+Py_dDSG{etiJ1a~c;cEG3of=_#atFGk-9Pk5v z!4G(XyOtkxzz_NbKj;Onxt1Stzz_KaKjaDST0Y}|&-ewO@dD4gmLGP&5Bmi_>#w5z3Rpc`FpF?c{*^y}T& zdJ7v%BrZ5a2nlQvY>7lfPa-3MTTNS%BBCd`gamHoY)P94lEl|rQS3P$=(tyMDAIJM zFC$gB8*yZ$>ug^}%5c4RWTfp}UqxyS*IS}lMH*MF9*zA5(yknP=Lb5j z4Lv!2&4IKlmx;y-+>@sS?aD6^jdiXkZwuO$3y-my^yJuNJ(!P~o8)H8o7pC1J=&yEXM~-`o7x%edPYK>5jL;A zTQ)2nlz5jh|ql=|@MP2#cszj|bp=CL?on4T zG%Ta8U}#uIUBS?>jJkrMVHtG=L&NfBb_Gj^?1v}xz-06!gr2ng-#!VEOOpF)q`V;B zzLI}HkGK^44NnPwioyf*yBnHNe1&n9IVT#ulVuNJ9`c``A{ZLe8wuVc@yQvDlz&Pu e%qkc0mDvo?`@sFz$@tn%#?C;1@L{pgc0UBR0|8X2#h!5zlh`pHhuvzTdTeJ^Ly>mG zF4962)nuz|;HlJ`st;j9fhQ{2Qk*&G z-1(i~xgY1AJ03+dlhTdx^k?C5o%MtAE5=X4=n6{>2ss% zs4nJ}Nai{B3)PHL2BEr|S3p_{<`lIM?aZ}rff4gF&^yQe*lxzAxcL0i-~XvzykB@c z{jb8&zsZF?y)(Xhll%5`gFo2O0Z?(geT$D9@t_Z)pd*Rf05zj#8O3Gk95Ep8TB{_h z6&8l4T+kkfB*>^=P2iW3&{}Hl8pbO;v5~aNI zQ9@(cWqAptvn4rq&8NLX(*C~Dq!z|Kb`uCg`zfjSKzcue_Y7-ASO$IRc3WM_hDv6y zC}XeHEf_mFF}nf37}T*dH`{e+*CYG*fz2ALZPxBFKJIi==j?$#8~`xtc4sbLpuQBB zICZC_@M@`C0VD2f=?2uEWJ9|(-ZJjjxDV>a#+_OnxE~rFvE9H%p#Z>gaY=#o&Y5ldgHo)J#_8vPv!FvMEnj)w0SSH7ynfxhK8tJv-o?y@vNxpZApMJ%#-Gy{Dw% z-c#CEfnt{jymQ}cxKH=FPn+)31MbrsfxxuTLNm6d8jnlpVEq|tGTDAn41or`)W^0=)-TgMf#2c3z>?HYVl zi@-nr6WqhOkMk7=I~L;;+e8(?0oUX`5T)uuDQA+1X5>;nnM}@sxbh1-bMv+H{%#5_ zm2KL zup=l9KjRVY!Ouv@Kte9%icHQIRVJ4UHy9?~WmPT;E@23A zG52BIw{JkhVCzqmczc~0m_nJEx|bt=XzOgZfhyf-47xM}9#rC>bf$L)wKyz|Z#p5& z?fdBF8)KLq^Z%fl#@%S_5J$?}$m;7$or|wDGiL@4UxWLNS2_lbc;DRyl_R-;RgVy0 z9U3&`7+XV24G-=WEaY>yKD?U?A$diuL|nRg_-uIvA3M*uIoJurN)CG*cC&v-m6&f z6rQppm}K8wL-*=zH9i(#$QiFMRO3Q``>Cd7J=)z!YU4K znpzJq7K37ta;x|-?^`o#v{v3nqor+y)nu}2mD}3Z{EV8sY)LpYjB@dXr0nB54~QR_ zH);>gocGh6)R2sfst>G{uBYfLO<%Kuwsm1Ct00h7&--!XB1-lSbA%sSU^?i)a89hl zI{rWHGY92NVP&;<*W}cJy96FQ4I=e=MwnOR-eF-JdFYpyE9>We+nBtPdpQnorly=};78SgSyKG=;4BfcxC3yXwv`V!lS#;^t3{AbRPm4!G2+}u zjYy~O(YXav%5Qb_O>N>;+Rf>JL~Tfin>9i?6d0Ir%mW-73bztC7{3X}eID?z(J+1l z=pWfkQ?AdhatBCxfek03g|Gz3}J>G_5v7o z1DtahMr^={7r=-spu;d~14g|7M%@4}ISeOkzzHva6Rv;`!$})((hK0E8{lP!p=bk& zUI0Z`K!;(>28?+DjJW|`aTvyJz_=H{xGSK;aLNXp@&Y*J2AFXeN;aV61yFJYbQm78 z0S|crJmdzLbr>GD0S|itJnRbSFr2mlr@a79y8+4$!y`7}5ifv8Tmc=1M{U5PUI34} z0V)o|V>aM1FM!8f0Ud@jHsFjGz!^8doWt4#Sf+ z;7KolCtU#@hNo=6Q(gd14FQyjCzKn-imwyiXfoKQ67gmyveCqY4GNcSA%FswsFp<_ zp=%LQz|zRFBuMC5uA+b?iDhY#K$hr6GmJIwwu-fYEs>`SJsY{gUD&pfuZuk!Im7+W zwvo5Fo{ik$&STri-zBn5ZZyrq63UqMyE2{=P)I2h z?AWi8jQOT(Z<(@VHzUT?-nC%tIWPo@STfytp?1+{_ArD rLv6Y(!M!EArIz9^>18+R3cl`^0(zIP_lm3a0)L-^n$yd62U`3W8!JGy diff --git a/tests/data/acpi/pc/DSDT.cphp b/tests/data/acpi/pc/DSDT.cphp index 20379056b399bf1ad8b8316453eac344f604d3b6..cb9fc3c524f238f90d9d84d795061fe78a21a6dd 100644 GIT binary patch delta 1640 zcma*mJ4?e*6bJCzv?(P`+Ps<;`iL%qgT)8-AvmO@O07DWii?mA?$$4$ONWBs(nWAC zbd}=ZCVm0^0D@aVa2DL8_Z~ds$(;X>|2c=7X>Hh4{J`%GON_;;kIF<-I`i`|Xob2r zpFL}?RPV~cMk7pxo`0e;7H26hI6YS4_G;({N9w>#NR0Idt)P84>N7T2d>!>;Y#i5D z7It&}-zLB&NZSL8y)sytv=d>sur~=dN!lNMMe54qis87_diw^CUPg%Ci|9*)=$D8Z zCOyE8$?v<3H%h~vX>!k7VQY9J6|73y53ty)fz?R6X7QQp*qZ^HA?-C-?9GDBlJ-s5 z2KMS;b$YvuUN9`@Q`ZPH$V#oip)9BH3~ zZDFqi)*)@u;XhQ>p`ZSlh~7kqPDS)RLiATem-F-h2YG&9A8%BIJ&WX?55l(bMkTN% k(td-*-ZI!SX?F{J<~{7KfUS`B4lMS%U|q`2J_{Y`58!ojQvd(} delta 1309 zcmZwCy-vbV6u|LXN>VNqN?S^SKo=z@E^3sIs6(-sm4!(jPZ@{FxiKB$c z(MjES0`(2lMOVY=iDxE)l zU(LEY(8k}UYjfl4dHC+<`R}VdY_~z%={QYir+uKO?NaDdtlzPqze#<8UazCk$ya|WB6#J)-EX3=L^pLL+$q<#*4j`gRpZ&BYwZ?gWyf%Co` z{=B6EjBiuU!koqCF45DvHhP=&@39Z4@1S>BzwN?40rd;$3#`9!;k+l8Kkq00t`+%j zS%hi3w4I03Ja*axdfKjpzQlUNgMLW;GWs&>Pta4pg1*A~XAiFb^!W1@OEA7mxhm$W bZ0;iVd$ev1eU0^R=&A3c_c=e^D(|a*dzU5N diff --git a/tests/data/acpi/pc/DSDT.dimmpxm b/tests/data/acpi/pc/DSDT.dimmpxm index 435496e836939eeb767f1a524dc1471740ad917e..3fcb0a22a3d074ce3e6e6d12eed95d174876ff99 100644 GIT binary patch delta 1674 zcma*mJ4?e*6u|M@U}~DC4@#Ox+cXGL(8))&oh(VyLaBBzIw_>1V;6T3gl>vm1!u)Y zI{5`01@Q|gLN~=#L6F{i@QkPX`Q?A^<>skz>#IQ+>@6=a7W=+eyE(NpIgCO-%6gM= zlyfDiE00ce!(EDka7P>D<|M}Y13zqS5BrP_yl}ra?8n&XMz2gqpJy2T(JQsC9In+P zCGvt@jWL-i(+{b#PG!1zZr4}-Z5(Wzv{zuUI}diAv>(D&v8#YpNV{e5ovYYQfK8D0 zT-Xils$f;pzJkSW5^R#Rt0v!h6T2E%jkKp=v6}*$BJGQ?HSDIrrb)YK@ttef&4A62 z_E^|DcC%o!q4}|sc zjtsB{Y45;d*92>l_E*>@b}g_LX?sO}-X?Z!ur_J0g$=M<09zpK7g+2T!4^sDmH5sr o?3TcmNP7tuyAD`~wC}>Uv0DaPCT-Q>JGZgxf^{i7K65(KA8fySnE(I) delta 1292 zcmZ|KOG?8~6vpuw(g(LGO=6PPJaJMLC!(lzR2x!3v__4Oi4Zs7V+HC!-9V?h0SAIq zH=$Cx15sC@Bk8>d&*XG`fBf(H9-@Ae#c90P4<%{rx z7k&x*DtMLjzu>W7245!qVU4f9tkLVAYy8}0%vB&)A#?f!_YFK(1Fw<(6g>8I@H*+= zgkQnF0p1|}w8Q6ZJM_F8ho9TRoC!IT%zc5!b1m=|>6a=N)+b`C`O#&*Rs{c%1{kIplAeFFao7f_F)OB77VB9(a%Rui&xogZD{474UgU WK(D_J__=GC3n3R$x!z~6F8={LI3!;H diff --git a/tests/data/acpi/pc/DSDT.hpbridge b/tests/data/acpi/pc/DSDT.hpbridge index b6eafab250d508e1358ea09f81eb1b2a6d96ce32..2cb4310af36c483e62671c9a9eaefef9363e59c7 100644 GIT binary patch delta 1620 zcma*my-vbV6u|Kdp-|dVX({C!Hxgq^42WRjU~B7wI#Ah6+Ay2Q1Gur^OyUceI7>Qf zd;uLDTp5hJiJKAcJ;@mlbI-5;b8p(XJ?$!9;9X3sj3s^-%Db9fUWS1i=8u-~mpV@F zI8xBw4P_@7ohvD8EA)ahZDOX9j71YS@K0wEW0U`lX-FYG>cHLx0KzrkWR2R27q-{9x%VOIyMllIPNB?r>{*|0aMPw-QWZkY6F-{fzN z))>7Nql-00KTLkk1H7XGoU=flbGyK;gLhtfdiYm>HV@ts}l zmcW)sdoAoScFSPPq#of61Fo{!sCceVF_Mj7@Di delta 1250 zcmZ|KxlY4C5P)H0tQ?Nx#0Nf54$(wHG$8>JBnoUC4he|FLKn#qPY@cQrv{4jKm$E; z3$NgY;~h920@xif&7|G^^v}%2a?(;G79F;INt&8}RNo8vbP%&JF0ZG_N8wnW>nW_& zjB^1y+E*338b@qT8=0ycvfl3B<8XYgH{`xDzSA9x`hL?J3w?#PeyGOeku=k}&K#scj}^;1)wpA+9}_=(Q8+F+9Jyop^MtWMe);)kU`^6~fyHhbY?`zyCf~V% zT??#5+8eOgwZYn?{SdZ^-3-_aX_wM`=O%WuV6&vX64u3T4s4FJZ(y;T2b(9YVey?? n*e!r9koF8Lc8g$(qpo|NYc^H5NwUW^YVUMymI0ptIIsFOHhA*?#GN=m%=G zlZ>Vtu@(p6hM_14MGK;>RhDqdaTv9YW6soO)LI#S-0xoIDrzU$z00{a_57Zz40AJ> zOF=G0=7Le-Yg2!}PlHdB{suhuGvG6%|CW9h`x9ditFjLdOM zdOTMLuao{r`Z??y;0@A0gU5are3tZ+T+CbN^t=oCeEZMy8y9ODc%2Dnc%wKJff4wV#bijP?2rzqvW+G1i}a9rPk>c$TY7 z?9#%&je(7k_7yDl%3x*EmUZ5{jJ;D}r$~DO7JK7h9wu-$euqo31fW_W4*feRo7QeTK zy&13>(q4nbUJa~9+Am@2*qa5LC9ONn-(1Ju9M~LbuY`56R|l(;_5&>T8ek35uH^Zf z8`x`tHA#B`7JDtQ7HQw|{D=C@(?8T)fk(Fsbo5k2Z$d<0MD#mEv@pXrYT`yV+-Z|{ k9)rb=ieQVReG;~Xy(O?E(k5;G<`(ukU>(Yi4(+z|2NqUy#sB~S delta 1308 zcmZ|Ky-vbV6u|LPN+=EAEu}3K7Q^Boe&b+5p`a!riPa6QPoOON0*QOBl{Q@hpe+-e3Oboa^RzTk`||Xk3w`$m6TFkkfk8K^U~cY-c)YxgwkU z6uwRCTIem-FO{I*roN5dX8n!uKJ^{+4(q>5a9*y=pVuwJ_xYUfr!s8Uq3v9p=5o{S aUEp0>u7bS6@zDu-%2&}>IX`)G_vAl!D&||DW`8w!D*zis(P3&^{ z-^RekNc*Feq;7mz&{IXKrmgen=@ii$5q+K_`X!>4K@YHQ@I9+|qa^H^B=@`$b_H)F zgOy490Tz1|unK7xO+ND~_Nri2(w>9GUJa~9+Bacq*sFupNjqopnQPcaCTtyh zO|T|uU%+Co1=b?1WAmBUu-67_llBBG_Bvo4(mo06VXq6;CGCvEf2bvge)@+ZdND=x zK}6rDi2jP`yh{(TX(=Pyarw)y=h91{V4b- z=})9z!F~*UjPx&NS?y|rFVlCabr(`%d=+y#`z^M2%a(Wbw-EvBvFb|y?S$!YiCak~`w6zP+W=-07tfwxG13?BP7 zc$@Ukj=28Qq0gIl#rQSMxsY?o+=cWFT-O8dk^T)l_S4|gq+j>MK27ZV;C<3xd*ZwY zk3R2P=31D`LM}_@dTBAfh3n?P=SY7ieSrNu_&n(ozUT+oFMuzQ{>T^SUHSBRPxAZY fpYOShn6`=A6=7PDoOTW#w=01!QGWEA*;ao60qQ3j diff --git a/tests/data/acpi/pc/DSDT.numamem b/tests/data/acpi/pc/DSDT.numamem index 59e31338eeb3a84c39ed3ae63105226ce2ad1125..36bf83259ed7d3cb51e426d83663421ede24d998 100644 GIT binary patch delta 1674 zcma*mJxjw-6oBE|VrrVCX-u2+yAg+iASkW<5L^;dp;R4=Iti)x2P(QMjzw_l<{xmD zI&~AA73V_7E)K4a(t8h{@pM1Web2ol)9Sdc_dNk-o*l|-|%Hc#4nu-GktEs*w0*fw^H nV2h+(v-!?#?3TcmNP8{pK6cAs%cOk=i(Ln-L)np)=|ukk4#0Sa delta 1292 zcmZwC$x6du5Ww*m(uFT+vnRC+z4fAkv{dUwXiNmbS}=N0i}4X$ohgUXTW&f;KvsRZ0pi>0=EfvTZ*2pQ_-ueUoxS; zLVXRr#`-Jt)GwhgvHsJ9_jHSYFSKC&D&=&{>1^&M^F2D(KyR@A2R-#o^d{?%Y`ABQ z`WAYN_4hWs_h$3&xeny|lyflWu(@;ebgqluW&Km;1L}L|J=QO}a8E#eAHC1|OBddo zxcqw`*|_ZS;|&kCg>+pNw^i9~*XZfG8u}XRzcU|EzmC4n`a>V?iKyQ|-(dZn58uD~ V{CiFXa+{QEVy?;Mre~Ec`48DGBwPRh diff --git a/tests/data/acpi/pc/DSDT.roothp b/tests/data/acpi/pc/DSDT.roothp index 448d596cf413d7e487af114e5c80bc73311d17f9..ca44cca6a3e46777e1e3433512dfd101c1c7bb8b 100644 GIT binary patch literal 10629 zcmeHN&2Jmm5ue8oY57P>OKNS|mOlu^M(ZT7NlBJ%6lhKEQW7nZT5~BU#R}z;R8ZPA zkcATgkp-hPgF1?Psmr+Np$EoLP6g~gp#^&CrS-AL^w3L>DH{6}b!KX(bmx`uTesK|i-OjDbOIj-TzAC5i!vKKp>AzSAt%KfDa*I_K4TPBf zC~Do~B_~MlD!H{q_S>fM8^iecGlSJks6Q8<)obRbJ4PL7&}QA_oNmM$LRHIE_4d-J zDi_j1b*Z4lvafhhsAiQi2-UTM0@89guV}@1cfNBM%tVlZ(LMF+PBSsV#aCDV{15HQ zgW}W4e-=;vNiOah-O*=vcwpBs`J){J02!w{cloH93pk~%=p|~PlA`3{n z-cn_)!lLkk3;H9G2pRcnDZD5ty`|-EqQAlm9zutSkaOw$O%&ux#WIVE_G3iIxzbuO zr52R;Q##A7$jcyIQ04s1fc_RydwXV+Mwnad4iJX^J!0>I^iCF^88(WrOu87(SVPK1 zR4XdVh_A4q@1(>E16~-^F_;fKb?DS%d-#EeHCB6A+hTmw4O92Rffx<|m~|(ZOLG)U zahX#%C52bjas|v}pkcE50=!%^N4vK^TR!YkXY;@0e z8myb>)Oe`R)?nkyc%RDRphTy^1AR`;;RO2}88*y^TXil%6rI}H05G>}sBdS3fw{3` z)L^r=Ye*A?TR7+4$Tn{^VV6gCc~qJ&+>*-?K`ocli7_7id;}tt_OJy{h{wZtEp(&L zn&?fF?sti;w^v5dfov~{W8-%E3K#_~ahy+lJ_eCs7;!lMMJ+sOysA~QuuDd$axvbF$xopvsRjsVCCr#T5lhhO6(ViR7&U|Rk?9-mHv}e%1{n|6q zaP1krT_oS-0qs2CL;cJ?^)r_GnE~}P9_nWt^~#`nEF=GQ>}U6>pS9G_4yd2?P(Q1; zS3~H%HmE*itM8>y#GdkqJ>{5ZBi3X~Q9H(DDza#H#iCOd^TLvvuk>&k`a=a#Z!M{n zBE$e*eHR6+Mk3J@xAP?>rIwXyN}9KHn8YzKMU-mofx$(i8++O@pkv^Q*oE%c(@qV( zsKwy#{|@hB?qj~@k^&;DBp#3q+~9sOBvr;#pZOq|@nn5LbWbRBpb0IoK^EZ9jJ8I-mBN(zT7*-A=^ zRSTtpU;;5QM`qWpT8{?VMmpYP(qx9c@r0#>Tv_;WpvyZ=cr2r271t8N5q z`yQ(K${Z%g`aj5~c{dw7WFysWwCc;N-7ANNS($;;*Wf|(P+(Aq&uup7IFb+9=Me&| zLxZLqeQW5M;m#exLVGsr!^2#R$g5f<<`L%M*>VUUgJ<3u3Q@D7r3{>;!8E{rS zEhNe*QI_nLMccl;qHl2iyPY@$utwo$k1lMHy@|bvF#-8379`ed6u*h}={RoG0RQ@I z62O+zR=KxFTP1x0U`ed47)fDo?+@Qu0{G*%Pu_8#v3WEMk262-4Y#?_qW@TA+HwfJ zu}_?FwWOxASk&x-Mf`o03QKV%%cJ`$)z>e-e#t@vax(&`<=P!(AOK(TDbh>IExApeIl$O3`Q#dt@YVllJ4se5q#CNR+ z^+)F~2kA)~NJ2)Z4?HW~%FtzoF0+E(o?Ff-2xOnA4p|3vge?v(`Q*MIK*dp9DV%3c_^DvSCJEE%u)Y1FgTgy1pj1wCG32n_NfGr2! z%=B(%=|*q=^7l;3xM>hX)`2W3{_S9v2szvVnBLBZ-CPo~+FA*ui&gAVVrDXgVKYn` zN3DWM!X1ObF10XNU4CYu88kjwrH!3>B^paSy4^ z3QN>4c+?Ag-nBgDfXDoT$2`GZ%i|7s+%I_C3;e2U`IrMf<`;a-6Wq0Y+yNi=3qI}z ze$BO9bihTw;G!qEYk9%}Pxu8-c!6JcEl)b&Nx$GpPjJ`r2?u<_FZhHPc-FOCa=<0O z;F2e}Yxyw;{Fq({H!OqYxy|`{G4C#b3?$T(i!D;sS@Z$x0?(e(-HknH@4lxz7mOR z4iQ2EI|N%I5Ydx}NZ?V^mZXU2Np2v4M>$*4B7!9G?Pe5Pj>j6Fl^lvR&GluZ3Qr@B zjC5V;%SajS_l}IT&G%)b4tG>XM*6OjY<#&aUd?aD2Wv6}Sc*ke7`AH5!^NIX7F5S|c}Gj#{Ik*@CCZ zUTryQjjU{uvL3C`Q8$F$#s6bBL~p(hycZFbQTKJJxM01K5id~RE1gs268=1m(NFQH zL&mq7Ys|S(=sk@s2M_sAE)fcik?^;Ih=dGmn(0>j5xpvxuH(z{4A3tD`ah7dfBv_R MLBr`){ecnx0Z2bYmjD0& delta 2603 zcmeH}y-wRu6vrLMpy0U9hn)~d!ASsnXqSNaYM~zq2C1kaw3kjrGHWX}>I0yDAP^Hn zlmR+ad4mAT13;&$55NeBwL{7ykeqwz5z?V6OIH7X_jmtCvW~sYYGu`9-fGR2q`=aV zdKwPzHUeutEBVo_M(a;FEz3I_^?p73^n?{={E%Pt-e?_G3YFNxtH8U>mkKKs_;V># zWN()xbIA8tS^E@MkAFt#IA+6XJ4VM<8_G;z znE_E|fGl$u1AY>RRRyn-{DU}Lzmlb|{}2b=6zVjg(@5PfuKOFOb+N6r^_?*Ea(=26xShWb#RY1ry3lC=AbDe zXpfwut)=<{f@p9E8nWN-z!{IT=i~SM4m$3Rj}%SU_QrX}Ouk#?EpDG28hX?4tW8GW z@w(}CR8o^mJCa@~7`BGKzs&+UL(@CXzE3hU*6TO**4D7cSpWaSVb8=y12tXVko7{< zuo(?)*E#)W#;J*8+3oLe3uqtKm>N%_Q2VM%DrvLx| delta 1427 zcmZ|MxlRIM5WsOD%e8F6AxAi5kz;{1Dxw^A0t*#L;%Z~mHBlQYdo6qh)|XH#;|qud zy`9G3D=2Ru%uX`R*zWhse`d0ilgW{&>DobW&1SP-J&WII@ATNv+eV->HD~Ev``E0? z*-S^!D;2}j(hv7+;blY92hw#&bhPzufAQ_iyps#+V2+xG$7pH$(!6E^ZfE(ITv#0n z`sTce++lIi!TLrGv6Bk*iWpz?{J5X6R{KCweFA_g0|4MST}~7wezU zQ{Ro=&3aE3&Z}hk^DeV6ew%V$%z4?|o8@b?u83Y_y_|!7jrugg(T2 zw*u#FDE##o3XE@2E{wS_n;WC2btC8_tWOuA-==;PeU$Y#=&2t=A7lMTadF z6XPNl+M8D1xV-E}-etV&*i-eH?&agw^z$IkW?j9+U)9;br0ejFa4Q;A8Edx6yt2OE zWUSTsalffBZ#z-!xRZOj*~C5as=D_%k-T%Co^39h7d*G*>Tbz-5ms1$HQMDLV%p9( z{-^49Z`aJ;?a}9^y|||FY!RO8@0W?~DdhGNNxM+fc+Ow9Xo)dZQbQ$eE141&V*_9V zq&<^%4s(NGgQSgGB6kjRHLx0KH!XXnr15z;Ud97be6mt%P4mvJM{(*X-pI!CIFt^J z>10f8Tnv@Rp}N3!k@i5^1~>VcKe%_ zbm&d<9kKiZ>I~2sr0zBF7&iudjO2exei8j~;Nv9UaYdd*^e2E%ko=)5>V09oG^~~;S9>LS57T9U&yf5N;L$${{3yxaD~UW!^p62QM)GeT;mVQMv Date: Thu, 20 Jul 2023 15:38:56 +0200 Subject: [PATCH 08/22] tests: acpi: whitelist expected blobs Signed-off-by: Igor Mammedov Message-Id: <20230720133858.1974024-5-imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- tests/qtest/bios-tables-test-allowed-diff.h | 37 +++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h index dfb8523c8b..8911b10650 100644 --- a/tests/qtest/bios-tables-test-allowed-diff.h +++ b/tests/qtest/bios-tables-test-allowed-diff.h @@ -1 +1,38 @@ /* List of comma-separated changed AML files to ignore */ +"tests/data/acpi/pc/DSDT", +"tests/data/acpi/pc/DSDT.acpierst", +"tests/data/acpi/pc/DSDT.acpihmat", +"tests/data/acpi/pc/DSDT.bridge", +"tests/data/acpi/pc/DSDT.cphp", +"tests/data/acpi/pc/DSDT.dimmpxm", +"tests/data/acpi/pc/DSDT.hpbridge", +"tests/data/acpi/pc/DSDT.hpbrroot", +"tests/data/acpi/pc/DSDT.ipmikcs", +"tests/data/acpi/pc/DSDT.memhp", +"tests/data/acpi/pc/DSDT.nohpet", +"tests/data/acpi/pc/DSDT.numamem", +"tests/data/acpi/pc/DSDT.roothp", +"tests/data/acpi/q35/DSDT", +"tests/data/acpi/q35/DSDT.acpierst", +"tests/data/acpi/q35/DSDT.acpihmat", +"tests/data/acpi/q35/DSDT.acpihmat-noinitiator", +"tests/data/acpi/q35/DSDT.applesmc", +"tests/data/acpi/q35/DSDT.bridge", +"tests/data/acpi/q35/DSDT.core-count2", +"tests/data/acpi/q35/DSDT.cphp", +"tests/data/acpi/q35/DSDT.cxl", +"tests/data/acpi/q35/DSDT.dimmpxm", +"tests/data/acpi/q35/DSDT.ipmibt", +"tests/data/acpi/q35/DSDT.ipmismbus", +"tests/data/acpi/q35/DSDT.ivrs", +"tests/data/acpi/q35/DSDT.memhp", +"tests/data/acpi/q35/DSDT.mmio64", +"tests/data/acpi/q35/DSDT.multi-bridge", +"tests/data/acpi/q35/DSDT.noacpihp", +"tests/data/acpi/q35/DSDT.nohpet", +"tests/data/acpi/q35/DSDT.numamem", +"tests/data/acpi/q35/DSDT.pvpanic-isa", +"tests/data/acpi/q35/DSDT.tis.tpm12", +"tests/data/acpi/q35/DSDT.tis.tpm2", +"tests/data/acpi/q35/DSDT.viot", +"tests/data/acpi/q35/DSDT.xapic", From 5ce869f788b0b8d82693212366d5637d9f3206c9 Mon Sep 17 00:00:00 2001 From: Igor Mammedov Date: Thu, 20 Jul 2023 15:38:57 +0200 Subject: [PATCH 09/22] acpi: x86: remove _ADR on host bridges ACPI spec (since 2.0a) says " A device object must contain either an _HID object or an _ADR object, but can contain both. " _ADR is used when device is attached to an ennumerable bus, however hostbridge is not and uses dedicated _HID for discovery, drop _ADR field. It doesn't seem that having _ADR has a negative effects OSes manage to tolerate that, but there is no point of having it there. (only pc/q35 has it hostbridge description, while others (microvm/arm) don't) Signed-off-by: Igor Mammedov Message-Id: <20230720133858.1974024-6-imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- hw/i386/acpi-build.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c index 19d268ff59..bb12b0ad43 100644 --- a/hw/i386/acpi-build.c +++ b/hw/i386/acpi-build.c @@ -1464,7 +1464,6 @@ build_dsdt(GArray *table_data, BIOSLinker *linker, sb_scope = aml_scope("_SB"); dev = aml_device("PCI0"); aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0A03"))); - aml_append(dev, aml_name_decl("_ADR", aml_int(0))); aml_append(dev, aml_name_decl("_UID", aml_int(pcmc->pci_root_uid))); aml_append(dev, aml_pci_edsm()); aml_append(sb_scope, dev); @@ -1479,7 +1478,6 @@ build_dsdt(GArray *table_data, BIOSLinker *linker, dev = aml_device("PCI0"); aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0A08"))); aml_append(dev, aml_name_decl("_CID", aml_eisaid("PNP0A03"))); - aml_append(dev, aml_name_decl("_ADR", aml_int(0))); aml_append(dev, aml_name_decl("_UID", aml_int(pcmc->pci_root_uid))); aml_append(dev, build_q35_osc_method(!pm->pcihp_bridge_en)); aml_append(dev, aml_pci_edsm()); @@ -1593,7 +1591,6 @@ build_dsdt(GArray *table_data, BIOSLinker *linker, aml_append(pkg, aml_eisaid("PNP0A08")); aml_append(pkg, aml_eisaid("PNP0A03")); aml_append(dev, aml_name_decl("_CID", pkg)); - aml_append(dev, aml_name_decl("_ADR", aml_int(0))); build_cxl_osc_method(dev); } else if (pci_bus_is_express(bus)) { aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0A08"))); From e3c79cf3ef24008e536beb41ed41dd253d62c95a Mon Sep 17 00:00:00 2001 From: Igor Mammedov Date: Thu, 20 Jul 2023 15:38:58 +0200 Subject: [PATCH 10/22] tests: acpi: update expected blobs Expected change is that _ADR object is removed from hostbridge descriptor in DSDT for PC and Q35 machines. Signed-off-by: Igor Mammedov Message-Id: <20230720133858.1974024-7-imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- tests/data/acpi/pc/DSDT | Bin 6836 -> 6830 bytes tests/data/acpi/pc/DSDT.acpierst | Bin 6747 -> 6741 bytes tests/data/acpi/pc/DSDT.acpihmat | Bin 8161 -> 8155 bytes tests/data/acpi/pc/DSDT.bridge | Bin 13707 -> 13701 bytes tests/data/acpi/pc/DSDT.cphp | Bin 7300 -> 7294 bytes tests/data/acpi/pc/DSDT.dimmpxm | Bin 8490 -> 8484 bytes tests/data/acpi/pc/DSDT.hpbridge | Bin 6787 -> 6781 bytes tests/data/acpi/pc/DSDT.hpbrroot | Bin 3343 -> 3337 bytes tests/data/acpi/pc/DSDT.ipmikcs | Bin 6908 -> 6902 bytes tests/data/acpi/pc/DSDT.memhp | Bin 8195 -> 8189 bytes tests/data/acpi/pc/DSDT.nohpet | Bin 6694 -> 6688 bytes tests/data/acpi/pc/DSDT.numamem | Bin 6842 -> 6836 bytes tests/data/acpi/pc/DSDT.roothp | Bin 10629 -> 10623 bytes tests/data/acpi/q35/DSDT | Bin 8361 -> 8355 bytes tests/data/acpi/q35/DSDT.acpierst | Bin 8378 -> 8372 bytes tests/data/acpi/q35/DSDT.acpihmat | Bin 9686 -> 9680 bytes tests/data/acpi/q35/DSDT.acpihmat-noinitiator | Bin 8640 -> 8634 bytes tests/data/acpi/q35/DSDT.applesmc | Bin 8407 -> 8401 bytes tests/data/acpi/q35/DSDT.bridge | Bin 11974 -> 11968 bytes tests/data/acpi/q35/DSDT.core-count2 | Bin 32501 -> 32495 bytes tests/data/acpi/q35/DSDT.cphp | Bin 8825 -> 8819 bytes tests/data/acpi/q35/DSDT.cxl | Bin 9673 -> 9655 bytes tests/data/acpi/q35/DSDT.dimmpxm | Bin 10015 -> 10009 bytes tests/data/acpi/q35/DSDT.ipmibt | Bin 8436 -> 8430 bytes tests/data/acpi/q35/DSDT.ipmismbus | Bin 8449 -> 8443 bytes tests/data/acpi/q35/DSDT.ivrs | Bin 8378 -> 8372 bytes tests/data/acpi/q35/DSDT.memhp | Bin 9720 -> 9714 bytes tests/data/acpi/q35/DSDT.mmio64 | Bin 9491 -> 9485 bytes tests/data/acpi/q35/DSDT.multi-bridge | Bin 13214 -> 13208 bytes tests/data/acpi/q35/DSDT.noacpihp | Bin 8241 -> 8235 bytes tests/data/acpi/q35/DSDT.nohpet | Bin 8219 -> 8213 bytes tests/data/acpi/q35/DSDT.numamem | Bin 8367 -> 8361 bytes tests/data/acpi/q35/DSDT.pvpanic-isa | Bin 8462 -> 8456 bytes tests/data/acpi/q35/DSDT.tis.tpm12 | Bin 8967 -> 8961 bytes tests/data/acpi/q35/DSDT.tis.tpm2 | Bin 8993 -> 8987 bytes tests/data/acpi/q35/DSDT.viot | Bin 9470 -> 9464 bytes tests/data/acpi/q35/DSDT.xapic | Bin 35724 -> 35718 bytes tests/qtest/bios-tables-test-allowed-diff.h | 37 ------------------ 38 files changed, 37 deletions(-) diff --git a/tests/data/acpi/pc/DSDT b/tests/data/acpi/pc/DSDT index 3f104cc65c4fcc55616540867ec1ec50a7b9c7fd..c93ad6b7f83a168a1833d7dba1112dd2ab8a431f 100644 GIT binary patch delta 47 zcmdmDy3Ul#CDUsd5e+@xe~<(M=xg0nVNV9Pu8WE Cx($v1 delta 53 zcmca=a@&NzQD`Dps+g`;OuF@5%1yY!sB>>i+N-3KNA2s CSPi%U delta 53 zcmZq8?#||N33dtTHf3O7yfKk0RnCDUKG-Qfy2*n*z}eG)Bi_T)g~#y%7c)n^qe~FO I#`b?E0HnPSxBvhE diff --git a/tests/data/acpi/pc/DSDT.cphp b/tests/data/acpi/pc/DSDT.cphp index cb9fc3c524f238f90d9d84d795061fe78a21a6dd..dbc0141b2bbc77a6d806ff046dc137992c59a899 100644 GIT binary patch delta 47 zcmZp%{Aa=C66_LEC&R$Nm_Ly#Rlz}eG)Bi_T)g~#y%7xTv6@6rH4 C+zs0R delta 53 zcmexo(PGKv66_MvBE!JIs5g--RnCDUKG-Qfy2*n*z}eG)Bi_T)g~#y%7c)n^qe~FO I#`f>h0Ep2J+W-In diff --git a/tests/data/acpi/pc/DSDT.dimmpxm b/tests/data/acpi/pc/DSDT.dimmpxm index 3fcb0a22a3d074ce3e6e6d12eed95d174876ff99..1294f655d418dbdccc095e0d47ab220869a61a07 100644 GIT binary patch delta 47 zcmZ4Gw8V+aCDz}eG)Bi_T)g~#y%7xTv6Z;}8x CbPbyT delta 53 zcmexs(rn7*66_MvEXBaU_-`Uts+XhPg33dtLg`;OuF@5%1yY!sB>>i+N*j6Au6f CvkU70 delta 53 zcmeB_>X+hj33dtL=Vf4Ed^?dVRnCDUKG-Qfy2*n*z}eG)Bi_T)g~#y%7c)n^qe~FO I#`Y#20Bj-+>i_@% diff --git a/tests/data/acpi/pc/DSDT.ipmikcs b/tests/data/acpi/pc/DSDT.ipmikcs index b0e0922f5e38f01b9eed33d6b7c7d60f81850a20..0a891baf458abee4a772ffba7a31914ec22418ec 100644 GIT binary patch delta 47 zcmexk`puNfCDgR0%Kk_+Y2_=q4xj0B27Fj(87G7aqq8T+ADL%j5xQ Cj}CeO delta 53 zcmexs-|WEU66_MftiZs)xO*a3s+j2R5=HZ_+Y2_=q3;L0B27Fj(87G7aqq8T+AHtjxIqA J8{20}0swe^4m$t< diff --git a/tests/data/acpi/pc/DSDT.numamem b/tests/data/acpi/pc/DSDT.numamem index 36bf83259ed7d3cb51e426d83663421ede24d998..9fc731d3d2bcde5e2612a8ccd81e12098134afe9 100644 GIT binary patch delta 47 zcmdmGy2X^sCDsS;l7@xe~<(M?Y50nVNV9Pu8WEPi6s DOtTGd delta 53 zcmdmDy33TyCDkoZvX%Q diff --git a/tests/data/acpi/pc/DSDT.roothp b/tests/data/acpi/pc/DSDT.roothp index ca44cca6a3e46777e1e3433512dfd101c1c7bb8b..e654c83ebe40c413b204c711adcefe3f04655e8c 100644 GIT binary patch delta 47 zcmZn-{vX8U66_LEugSo`IDH~ls)QGNe6Uk|bdwW%fU~CoN4$rp3y#5>7&ehBRnCDUKG-Qfy2*n*z}eG)Bi_T)g~#y%7c)n^qe~FO I#`Yf?0Gt;ORR910 diff --git a/tests/data/acpi/q35/DSDT b/tests/data/acpi/q35/DSDT index 720e8cbbbb10d86a458027b5cb47884bf8c5ee78..fb89ae0ac6d4346e33156e9e4d3718698a0a1a8e 100644 GIT binary patch delta 57 zcmZ4KxY&`)CDu1FqxnRxR3&fW_+Y2_=q6A80B27Fj(87G7aqq8TpS$n&JY&! I#_2)|0LDuXT>t<8 delta 63 zcmZ4NxYCi!CD3$@xe~<(M_KG0nVNV9Pu8WEz>% delta 63 zcmdnuxXY2tCD3$@xe~<(M_KG0nVNV9Pu8WE;M1& delta 63 zcmccMea)N8CD3$@xe~<(M_KG0nVNV9Pu8WEWdmxs}CDz>% delta 63 zcmX>Qdn}gACDvTIqtHaIR1HUw_+Y2_=q7*u0B27Fj(87G7aqq8TpS$n&JY$e ON4%p;5W~ia`g#CDJrO|w diff --git a/tests/data/acpi/q35/DSDT.core-count2 b/tests/data/acpi/q35/DSDT.core-count2 index 2ec11fe3c36d635080af05afa32852fcc1bf10be..b47891ec10be131a59bf404242241c054ac902f8 100644 GIT binary patch delta 59 zcmezRm+}2yMlP3Nmyq{$3=E7x6S-2AyoKX~o#LaLJoy8hJqNAOs*<;Ge6Uk|bdx84fU~CoN4$rp3y`WA;R@R3&fW_+Y2_=q6A80B27Fj(87G7aqq8TpS$n&JY&! I#_6#N0RDXty#N3J delta 63 zcmaFo_{EXSCD3$@xe~<(M_KG0nVNV9Pu8WEz>% delta 63 zcmdnuxXY2tCD@~ delta 63 zcmez5{llBfCDE%>V!Z delta 63 zcmeD6n(W2p66_KptjfT^xOgI0s)nOTe6Uk|bdx`SfU~CoN4$rp3yi_@% delta 63 zcmbR0Fx!F4CDwR}kv} diff --git a/tests/data/acpi/q35/DSDT.numamem b/tests/data/acpi/q35/DSDT.numamem index 0cdec0b4c53b2b0e38cd019caab552f66f7728e7..ba6669437e65952f24516ded954b33fe54bdedfb 100644 GIT binary patch delta 57 zcmZ4QxYCi!CD3$@xe~<(M_KG0nVNV9Pu8WEOV delta 63 zcmZ4KxZaV=CDTu$633dtLP-I|Wd^wRTRmod8KG-Qfy2+D2z}eG)Bi_T)g~#y%7Y9eYGla#w IaeBD|0KB*lrT_o{ delta 63 zcmeBh>T}|933dtLQ)FOZTrrU=Rl`vvKG-Qfy2+nEz}eG)Bi_T)g~#y%7Y9eYGla#= O5%1^{#ISKw1;OuF@5%1yY!sB>>i-RNH8Ny=T IIK4m#0Hll$6aWAK delta 63 zcmZp4Yj@*v33dr#S7u;fRGY|^s^KUSAM6w#-Q>?7;OuF@5%1yY!sB>>i-RNH8Ny=b Oh<9`eV%RvbKnVcyZ4eXy diff --git a/tests/data/acpi/q35/DSDT.tis.tpm2 b/tests/data/acpi/q35/DSDT.tis.tpm2 index 35c6b08068d4d2fb0353802dc2460cc2912c129c..a09253042ce4a715922027245de8a2ab7449c5b7 100644 GIT binary patch delta 57 zcmZ4JHrtKMCDmvh{B HPeBC$z1a|1 delta 48 zcmez2`OlNfCD9P!Q& K7W2mGU%LPi*b*cF delta 65 zcmZph&eSuViOVI}C8VdDfq`+&M6Of~N0Inor}*e5fBpbxPXms44^I~!#|vB>9P!Q& Q7Bfe@qe~FO#))6M0BnU5Bme*a diff --git a/tests/qtest/bios-tables-test-allowed-diff.h b/tests/qtest/bios-tables-test-allowed-diff.h index 8911b10650..dfb8523c8b 100644 --- a/tests/qtest/bios-tables-test-allowed-diff.h +++ b/tests/qtest/bios-tables-test-allowed-diff.h @@ -1,38 +1 @@ /* List of comma-separated changed AML files to ignore */ -"tests/data/acpi/pc/DSDT", -"tests/data/acpi/pc/DSDT.acpierst", -"tests/data/acpi/pc/DSDT.acpihmat", -"tests/data/acpi/pc/DSDT.bridge", -"tests/data/acpi/pc/DSDT.cphp", -"tests/data/acpi/pc/DSDT.dimmpxm", -"tests/data/acpi/pc/DSDT.hpbridge", -"tests/data/acpi/pc/DSDT.hpbrroot", -"tests/data/acpi/pc/DSDT.ipmikcs", -"tests/data/acpi/pc/DSDT.memhp", -"tests/data/acpi/pc/DSDT.nohpet", -"tests/data/acpi/pc/DSDT.numamem", -"tests/data/acpi/pc/DSDT.roothp", -"tests/data/acpi/q35/DSDT", -"tests/data/acpi/q35/DSDT.acpierst", -"tests/data/acpi/q35/DSDT.acpihmat", -"tests/data/acpi/q35/DSDT.acpihmat-noinitiator", -"tests/data/acpi/q35/DSDT.applesmc", -"tests/data/acpi/q35/DSDT.bridge", -"tests/data/acpi/q35/DSDT.core-count2", -"tests/data/acpi/q35/DSDT.cphp", -"tests/data/acpi/q35/DSDT.cxl", -"tests/data/acpi/q35/DSDT.dimmpxm", -"tests/data/acpi/q35/DSDT.ipmibt", -"tests/data/acpi/q35/DSDT.ipmismbus", -"tests/data/acpi/q35/DSDT.ivrs", -"tests/data/acpi/q35/DSDT.memhp", -"tests/data/acpi/q35/DSDT.mmio64", -"tests/data/acpi/q35/DSDT.multi-bridge", -"tests/data/acpi/q35/DSDT.noacpihp", -"tests/data/acpi/q35/DSDT.nohpet", -"tests/data/acpi/q35/DSDT.numamem", -"tests/data/acpi/q35/DSDT.pvpanic-isa", -"tests/data/acpi/q35/DSDT.tis.tpm12", -"tests/data/acpi/q35/DSDT.tis.tpm2", -"tests/data/acpi/q35/DSDT.viot", -"tests/data/acpi/q35/DSDT.xapic", From 92f04221379ae5e35f6474c2afed2eb02d552df3 Mon Sep 17 00:00:00 2001 From: David Edmondson Date: Fri, 21 Jul 2023 08:28:20 +0100 Subject: [PATCH 11/22] hw/virtio: qmp: add RING_RESET to 'info virtio-status' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: David Edmondson Message-Id: <20230721072820.75797-1-david.edmondson@oracle.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: Philippe Mathieu-Daudé --- hw/virtio/virtio-qmp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hw/virtio/virtio-qmp.c b/hw/virtio/virtio-qmp.c index 3d32dbec8d..7515b0947b 100644 --- a/hw/virtio/virtio-qmp.c +++ b/hw/virtio/virtio-qmp.c @@ -79,6 +79,8 @@ static const qmp_virtio_feature_map_t virtio_transport_map[] = { "VIRTIO_F_ORDER_PLATFORM: Memory accesses ordered by platform"), FEATURE_ENTRY(VIRTIO_F_SR_IOV, \ "VIRTIO_F_SR_IOV: Device supports single root I/O virtualization"), + FEATURE_ENTRY(VIRTIO_F_RING_RESET, \ + "VIRTIO_F_RING_RESET: Driver can reset a queue individually"), /* Virtio ring transport features */ FEATURE_ENTRY(VIRTIO_RING_F_INDIRECT_DESC, \ "VIRTIO_RING_F_INDIRECT_DESC: Indirect descriptors supported"), From c92f4fcafa14890524945073b494937e97112677 Mon Sep 17 00:00:00 2001 From: Hanna Czenczek Date: Fri, 21 Jul 2023 15:49:45 +0200 Subject: [PATCH 12/22] virtio: Fix packed virtqueue used_idx mask virtio_queue_packed_set_last_avail_idx() is used by vhost devices to set the internal queue indices to what has been reported by the vhost back-end through GET_VRING_BASE. For packed virtqueues, this 32-bit value is expected to contain both the device's internal avail and used indices, as well as their respective wrap counters. To get the used index, we shift the 32-bit value right by 16, and then apply a mask of 0x7ffff. That seems to be a typo, because it should be 0x7fff; first of all, the virtio specification says that the maximum queue size for packed virt queues is 2^15, so the indices cannot exceed 2^15 - 1 anyway, making 0x7fff the correct mask. Second, the mask clearly is wrong from context, too, given that (A) `idx & 0x70000` must be 0 at this point (`idx` is 32 bit and was shifted to the right by 16 already), (B) `idx & 0x8000` is the used_wrap_counter, so should not be part of the used index, and (C) `vq->used_idx` is a `uint16_t`, so cannot fit the 0x70000 part of the mask anyway. This most likely never produced any guest-visible bugs, though, because for a vhost device, qemu will probably not evaluate the used index outside of virtio_queue_packed_get_last_avail_idx(), where we reconstruct the 32-bit value from avail and used indices and their wrap counters again. There, it does not matter whether the highest bit of the used_idx is the used index wrap counter, because we put the wrap counter exactly in that position anyway. Signed-off-by: Hanna Czenczek Message-Id: <20230721134945.26967-1-hreitz@redhat.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: German Maglione --- hw/virtio/virtio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index 295a603e58..309038fd46 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -3321,7 +3321,7 @@ static void virtio_queue_packed_set_last_avail_idx(VirtIODevice *vdev, vq->last_avail_wrap_counter = vq->shadow_avail_wrap_counter = !!(idx & 0x8000); idx >>= 16; - vq->used_idx = idx & 0x7ffff; + vq->used_idx = idx & 0x7fff; vq->used_wrap_counter = !!(idx & 0x8000); } From 348e354417b64c484877354ee7cc66f29fa6c7df Mon Sep 17 00:00:00 2001 From: Yuri Benditovich Date: Fri, 28 Jul 2023 11:40:49 +0300 Subject: [PATCH 13/22] pci: do not respond config requests after PCI device eject Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2224964 In migration with VF failover, Windows guest and ACPI hot unplug we do not need to satisfy config requests, otherwise the guest immediately detects the device and brings up its driver. Many network VF's are stuck on the guest PCI bus after the migration. Signed-off-by: Yuri Benditovich Message-Id: <20230728084049.191454-1-yuri.benditovich@daynix.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- hw/pci/pci_host.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/hw/pci/pci_host.c b/hw/pci/pci_host.c index 7af8afdcbe..a18aa0a8d4 100644 --- a/hw/pci/pci_host.c +++ b/hw/pci/pci_host.c @@ -62,6 +62,17 @@ static void pci_adjust_config_limit(PCIBus *bus, uint32_t *limit) } } +static bool is_pci_dev_ejected(PCIDevice *pci_dev) +{ + /* + * device unplug was requested and the guest acked it, + * so we stop responding config accesses even if the + * device is not deleted (failover flow) + */ + return pci_dev && pci_dev->partially_hotplugged && + !pci_dev->qdev.pending_deleted_event; +} + void pci_host_config_write_common(PCIDevice *pci_dev, uint32_t addr, uint32_t limit, uint32_t val, uint32_t len) { @@ -75,7 +86,7 @@ void pci_host_config_write_common(PCIDevice *pci_dev, uint32_t addr, * allowing direct removal of unexposed functions. */ if ((pci_dev->qdev.hotplugged && !pci_get_function_0(pci_dev)) || - !pci_dev->has_power) { + !pci_dev->has_power || is_pci_dev_ejected(pci_dev)) { return; } @@ -100,7 +111,7 @@ uint32_t pci_host_config_read_common(PCIDevice *pci_dev, uint32_t addr, * allowing direct removal of unexposed functions. */ if ((pci_dev->qdev.hotplugged && !pci_get_function_0(pci_dev)) || - !pci_dev->has_power) { + !pci_dev->has_power || is_pci_dev_ejected(pci_dev)) { return ~0x0; } From 18f2971ce403008d5e1c2875b483c9d1778143dc Mon Sep 17 00:00:00 2001 From: Li Feng Date: Mon, 31 Jul 2023 20:10:06 +0800 Subject: [PATCH 14/22] vhost: fix the fd leak When the vhost-user reconnect to the backend, the notifer should be cleanup. Otherwise, the fd resource will be exhausted. Fixes: f9a09ca3ea ("vhost: add support for configure interrupt") Signed-off-by: Li Feng Reviewed-by: Raphael Norwitz Message-Id: <20230731121018.2856310-2-fengli@smartx.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Tested-by: Fiona Ebner --- hw/virtio/vhost.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c index abf0d03c8d..e2f6ffb446 100644 --- a/hw/virtio/vhost.c +++ b/hw/virtio/vhost.c @@ -2044,6 +2044,8 @@ void vhost_dev_stop(struct vhost_dev *hdev, VirtIODevice *vdev, bool vrings) event_notifier_test_and_clear( &hdev->vqs[VHOST_QUEUE_NUM_CONFIG_INR].masked_config_notifier); event_notifier_test_and_clear(&vdev->config_notifier); + event_notifier_cleanup( + &hdev->vqs[VHOST_QUEUE_NUM_CONFIG_INR].masked_config_notifier); trace_vhost_dev_stop(hdev, vdev->name, vrings); From cc2a08480e19007c05be8fe5b6893e20448954dc Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Wed, 2 Aug 2023 15:57:18 +0200 Subject: [PATCH 15/22] hw/i386/intel_iommu: Fix trivial endianness problems MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit After reading the guest memory with dma_memory_read(), we have to make sure that we byteswap the little endian data to the host's byte order. Signed-off-by: Thomas Huth Message-Id: <20230802135723.178083-2-thuth@redhat.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Peter Xu --- hw/i386/intel_iommu.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c index dcc334060c..13fcde8e91 100644 --- a/hw/i386/intel_iommu.c +++ b/hw/i386/intel_iommu.c @@ -756,6 +756,8 @@ static int vtd_get_pdire_from_pdir_table(dma_addr_t pasid_dir_base, return -VTD_FR_PASID_TABLE_INV; } + pdire->val = le64_to_cpu(pdire->val); + return 0; } @@ -780,6 +782,9 @@ static int vtd_get_pe_in_pasid_leaf_table(IntelIOMMUState *s, pe, entry_size, MEMTXATTRS_UNSPECIFIED)) { return -VTD_FR_PASID_TABLE_INV; } + for (size_t i = 0; i < ARRAY_SIZE(pe->val); i++) { + pe->val[i] = le64_to_cpu(pe->val[i]); + } /* Do translation type check */ if (!vtd_pe_type_check(x86_iommu, pe)) { From 642ba89672279fbdd14016a90da239c85e845d18 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Wed, 2 Aug 2023 15:57:19 +0200 Subject: [PATCH 16/22] hw/i386/intel_iommu: Fix endianness problems related to VTD_IR_TableEntry The code already tries to do some endianness handling here, but currently fails badly: - While it already swaps the data when logging errors / tracing, it fails to byteswap the value before e.g. accessing entry->irte.present - entry->irte.source_id is swapped with le32_to_cpu(), though this is a 16-bit value - The whole union is apparently supposed to be swapped via the 64-bit data[2] array, but the struct is a mixture between 32 bit values (the first 8 bytes) and 64 bit values (the second 8 bytes), so this cannot work as expected. Fix it by converting the struct to two proper 64-bit bitfields, and by swapping the values only once for everybody right after reading the data from memory. Signed-off-by: Thomas Huth Message-Id: <20230802135723.178083-3-thuth@redhat.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: Peter Xu --- hw/i386/intel_iommu.c | 16 +++++------ include/hw/i386/intel_iommu.h | 50 ++++++++++++++++++----------------- 2 files changed, 34 insertions(+), 32 deletions(-) diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c index 13fcde8e91..4028e32701 100644 --- a/hw/i386/intel_iommu.c +++ b/hw/i386/intel_iommu.c @@ -3328,14 +3328,15 @@ static int vtd_irte_get(IntelIOMMUState *iommu, uint16_t index, return -VTD_FR_IR_ROOT_INVAL; } - trace_vtd_ir_irte_get(index, le64_to_cpu(entry->data[1]), - le64_to_cpu(entry->data[0])); + entry->data[0] = le64_to_cpu(entry->data[0]); + entry->data[1] = le64_to_cpu(entry->data[1]); + + trace_vtd_ir_irte_get(index, entry->data[1], entry->data[0]); if (!entry->irte.present) { error_report_once("%s: detected non-present IRTE " "(index=%u, high=0x%" PRIx64 ", low=0x%" PRIx64 ")", - __func__, index, le64_to_cpu(entry->data[1]), - le64_to_cpu(entry->data[0])); + __func__, index, entry->data[1], entry->data[0]); return -VTD_FR_IR_ENTRY_P; } @@ -3343,14 +3344,13 @@ static int vtd_irte_get(IntelIOMMUState *iommu, uint16_t index, entry->irte.__reserved_2) { error_report_once("%s: detected non-zero reserved IRTE " "(index=%u, high=0x%" PRIx64 ", low=0x%" PRIx64 ")", - __func__, index, le64_to_cpu(entry->data[1]), - le64_to_cpu(entry->data[0])); + __func__, index, entry->data[1], entry->data[0]); return -VTD_FR_IR_IRTE_RSVD; } if (sid != X86_IOMMU_SID_INVALID) { /* Validate IRTE SID */ - source_id = le32_to_cpu(entry->irte.source_id); + source_id = entry->irte.source_id; switch (entry->irte.sid_vtype) { case VTD_SVT_NONE: break; @@ -3404,7 +3404,7 @@ static int vtd_remap_irq_get(IntelIOMMUState *iommu, uint16_t index, irq->trigger_mode = irte.irte.trigger_mode; irq->vector = irte.irte.vector; irq->delivery_mode = irte.irte.delivery_mode; - irq->dest = le32_to_cpu(irte.irte.dest_id); + irq->dest = irte.irte.dest_id; if (!iommu->intr_eime) { #define VTD_IR_APIC_DEST_MASK (0xff00ULL) #define VTD_IR_APIC_DEST_SHIFT (8) diff --git a/include/hw/i386/intel_iommu.h b/include/hw/i386/intel_iommu.h index 89dcbc5e1e..7fa0a695c8 100644 --- a/include/hw/i386/intel_iommu.h +++ b/include/hw/i386/intel_iommu.h @@ -178,37 +178,39 @@ enum { union VTD_IR_TableEntry { struct { #if HOST_BIG_ENDIAN - uint32_t __reserved_1:8; /* Reserved 1 */ - uint32_t vector:8; /* Interrupt Vector */ - uint32_t irte_mode:1; /* IRTE Mode */ - uint32_t __reserved_0:3; /* Reserved 0 */ - uint32_t __avail:4; /* Available spaces for software */ - uint32_t delivery_mode:3; /* Delivery Mode */ - uint32_t trigger_mode:1; /* Trigger Mode */ - uint32_t redir_hint:1; /* Redirection Hint */ - uint32_t dest_mode:1; /* Destination Mode */ - uint32_t fault_disable:1; /* Fault Processing Disable */ - uint32_t present:1; /* Whether entry present/available */ + uint64_t dest_id:32; /* Destination ID */ + uint64_t __reserved_1:8; /* Reserved 1 */ + uint64_t vector:8; /* Interrupt Vector */ + uint64_t irte_mode:1; /* IRTE Mode */ + uint64_t __reserved_0:3; /* Reserved 0 */ + uint64_t __avail:4; /* Available spaces for software */ + uint64_t delivery_mode:3; /* Delivery Mode */ + uint64_t trigger_mode:1; /* Trigger Mode */ + uint64_t redir_hint:1; /* Redirection Hint */ + uint64_t dest_mode:1; /* Destination Mode */ + uint64_t fault_disable:1; /* Fault Processing Disable */ + uint64_t present:1; /* Whether entry present/available */ #else - uint32_t present:1; /* Whether entry present/available */ - uint32_t fault_disable:1; /* Fault Processing Disable */ - uint32_t dest_mode:1; /* Destination Mode */ - uint32_t redir_hint:1; /* Redirection Hint */ - uint32_t trigger_mode:1; /* Trigger Mode */ - uint32_t delivery_mode:3; /* Delivery Mode */ - uint32_t __avail:4; /* Available spaces for software */ - uint32_t __reserved_0:3; /* Reserved 0 */ - uint32_t irte_mode:1; /* IRTE Mode */ - uint32_t vector:8; /* Interrupt Vector */ - uint32_t __reserved_1:8; /* Reserved 1 */ + uint64_t present:1; /* Whether entry present/available */ + uint64_t fault_disable:1; /* Fault Processing Disable */ + uint64_t dest_mode:1; /* Destination Mode */ + uint64_t redir_hint:1; /* Redirection Hint */ + uint64_t trigger_mode:1; /* Trigger Mode */ + uint64_t delivery_mode:3; /* Delivery Mode */ + uint64_t __avail:4; /* Available spaces for software */ + uint64_t __reserved_0:3; /* Reserved 0 */ + uint64_t irte_mode:1; /* IRTE Mode */ + uint64_t vector:8; /* Interrupt Vector */ + uint64_t __reserved_1:8; /* Reserved 1 */ + uint64_t dest_id:32; /* Destination ID */ #endif - uint32_t dest_id; /* Destination ID */ - uint16_t source_id; /* Source-ID */ #if HOST_BIG_ENDIAN uint64_t __reserved_2:44; /* Reserved 2 */ uint64_t sid_vtype:2; /* Source-ID Validation Type */ uint64_t sid_q:2; /* Source-ID Qualifier */ + uint64_t source_id:16; /* Source-ID */ #else + uint64_t source_id:16; /* Source-ID */ uint64_t sid_q:2; /* Source-ID Qualifier */ uint64_t sid_vtype:2; /* Source-ID Validation Type */ uint64_t __reserved_2:44; /* Reserved 2 */ From 4572b22cf9ba432fa3955686853c706a1821bbc7 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Wed, 2 Aug 2023 15:57:20 +0200 Subject: [PATCH 17/22] hw/i386/intel_iommu: Fix struct VTDInvDescIEC on big endian hosts On big endian hosts, we need to reverse the bitfield order in the struct VTDInvDescIEC, just like it is already done for the other bitfields in the various structs of the intel-iommu device. Signed-off-by: Thomas Huth Message-Id: <20230802135723.178083-4-thuth@redhat.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: Peter Xu --- hw/i386/intel_iommu_internal.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hw/i386/intel_iommu_internal.h b/hw/i386/intel_iommu_internal.h index 2e61eec2f5..e1450c5cfe 100644 --- a/hw/i386/intel_iommu_internal.h +++ b/hw/i386/intel_iommu_internal.h @@ -321,12 +321,21 @@ typedef enum VTDFaultReason { /* Interrupt Entry Cache Invalidation Descriptor: VT-d 6.5.2.7. */ struct VTDInvDescIEC { +#if HOST_BIG_ENDIAN + uint64_t reserved_2:16; + uint64_t index:16; /* Start index to invalidate */ + uint64_t index_mask:5; /* 2^N for continuous int invalidation */ + uint64_t resved_1:22; + uint64_t granularity:1; /* If set, it's global IR invalidation */ + uint64_t type:4; /* Should always be 0x4 */ +#else uint32_t type:4; /* Should always be 0x4 */ uint32_t granularity:1; /* If set, it's global IR invalidation */ uint32_t resved_1:22; uint32_t index_mask:5; /* 2^N for continuous int invalidation */ uint32_t index:16; /* Start index to invalidate */ uint32_t reserved_2:16; +#endif }; typedef struct VTDInvDescIEC VTDInvDescIEC; From fcd8027423300b201b37842b88393dc5c6c8ee9e Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Wed, 2 Aug 2023 15:57:21 +0200 Subject: [PATCH 18/22] hw/i386/intel_iommu: Fix index calculation in vtd_interrupt_remap_msi() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The values in "addr" are populated locally in this function in host endian byte order, so we must not swap the index_l field here. Signed-off-by: Thomas Huth Message-Id: <20230802135723.178083-5-thuth@redhat.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Peter Xu --- hw/i386/intel_iommu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c index 4028e32701..3ca71df369 100644 --- a/hw/i386/intel_iommu.c +++ b/hw/i386/intel_iommu.c @@ -3459,7 +3459,7 @@ static int vtd_interrupt_remap_msi(IntelIOMMUState *iommu, goto out; } - index = addr.addr.index_h << 15 | le16_to_cpu(addr.addr.index_l); + index = addr.addr.index_h << 15 | addr.addr.index_l; #define VTD_IR_MSI_DATA_SUBHANDLE (0x0000ffff) #define VTD_IR_MSI_DATA_RESERVED (0xffff0000) From 37cf5cecb039a063c0abe3b51ae30f969e73aa84 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Wed, 2 Aug 2023 15:57:22 +0200 Subject: [PATCH 19/22] hw/i386/x86-iommu: Fix endianness issue in x86_iommu_irq_to_msi_message() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The values in "msg" are assembled in host endian byte order (the other field are also not swapped), so we must not swap the __addr_head here. Signed-off-by: Thomas Huth Message-Id: <20230802135723.178083-6-thuth@redhat.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Peter Xu --- hw/i386/x86-iommu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/i386/x86-iommu.c b/hw/i386/x86-iommu.c index 01d11325a6..726e9e1d16 100644 --- a/hw/i386/x86-iommu.c +++ b/hw/i386/x86-iommu.c @@ -63,7 +63,7 @@ void x86_iommu_irq_to_msi_message(X86IOMMUIrq *irq, MSIMessage *msg_out) msg.redir_hint = irq->redir_hint; msg.dest = irq->dest; msg.__addr_hi = irq->dest & 0xffffff00; - msg.__addr_head = cpu_to_le32(0xfee); + msg.__addr_head = 0xfee; /* Keep this from original MSI address bits */ msg.__not_used = irq->msi_addr_last_bits; From e1e56c07d1fa24aa37a7e89e6633768fc8ea8705 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Wed, 2 Aug 2023 15:57:23 +0200 Subject: [PATCH 20/22] include/hw/i386/x86-iommu: Fix struct X86IOMMU_MSIMessage for big endian hosts The first bitfield here is supposed to be used as a 64-bit equivalent to the "uint64_t msi_addr" in the union. To make this work correctly on big endian hosts, too, the __addr_hi field has to be part of the bitfield, and the the bitfield members must be declared with "uint64_t" instead of "uint32_t" - otherwise the values are placed in the wrong bytes on big endian hosts. Same applies to the 32-bit "msi_data" field: __resved1 must be part of the bitfield, and the members must be declared with "uint32_t" instead of "uint16_t". Signed-off-by: Thomas Huth Message-Id: <20230802135723.178083-7-thuth@redhat.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: Peter Xu --- include/hw/i386/x86-iommu.h | 50 +++++++++++++++++++------------------ 1 file changed, 26 insertions(+), 24 deletions(-) diff --git a/include/hw/i386/x86-iommu.h b/include/hw/i386/x86-iommu.h index 8d8d53b18b..bfd21649d0 100644 --- a/include/hw/i386/x86-iommu.h +++ b/include/hw/i386/x86-iommu.h @@ -87,40 +87,42 @@ struct X86IOMMU_MSIMessage { union { struct { #if HOST_BIG_ENDIAN - uint32_t __addr_head:12; /* 0xfee */ - uint32_t dest:8; - uint32_t __reserved:8; - uint32_t redir_hint:1; - uint32_t dest_mode:1; - uint32_t __not_used:2; + uint64_t __addr_hi:32; + uint64_t __addr_head:12; /* 0xfee */ + uint64_t dest:8; + uint64_t __reserved:8; + uint64_t redir_hint:1; + uint64_t dest_mode:1; + uint64_t __not_used:2; #else - uint32_t __not_used:2; - uint32_t dest_mode:1; - uint32_t redir_hint:1; - uint32_t __reserved:8; - uint32_t dest:8; - uint32_t __addr_head:12; /* 0xfee */ + uint64_t __not_used:2; + uint64_t dest_mode:1; + uint64_t redir_hint:1; + uint64_t __reserved:8; + uint64_t dest:8; + uint64_t __addr_head:12; /* 0xfee */ + uint64_t __addr_hi:32; #endif - uint32_t __addr_hi; } QEMU_PACKED; uint64_t msi_addr; }; union { struct { #if HOST_BIG_ENDIAN - uint16_t trigger_mode:1; - uint16_t level:1; - uint16_t __resved:3; - uint16_t delivery_mode:3; - uint16_t vector:8; + uint32_t __resved1:16; + uint32_t trigger_mode:1; + uint32_t level:1; + uint32_t __resved:3; + uint32_t delivery_mode:3; + uint32_t vector:8; #else - uint16_t vector:8; - uint16_t delivery_mode:3; - uint16_t __resved:3; - uint16_t level:1; - uint16_t trigger_mode:1; + uint32_t vector:8; + uint32_t delivery_mode:3; + uint32_t __resved:3; + uint32_t level:1; + uint32_t trigger_mode:1; + uint32_t __resved1:16; #endif - uint16_t __resved1; } QEMU_PACKED; uint32_t msi_data; }; From 9d38a8434721a6479fe03fb5afb150ca793d3980 Mon Sep 17 00:00:00 2001 From: zhenwei pi Date: Thu, 3 Aug 2023 10:43:13 +0800 Subject: [PATCH 21/22] virtio-crypto: verify src&dst buffer length for sym request For symmetric algorithms, the length of ciphertext must be as same as the plaintext. The missing verification of the src_len and the dst_len in virtio_crypto_sym_op_helper() may lead buffer overflow/divulged. This patch is originally written by Yiming Tao for QEMU-SECURITY, resend it(a few changes of error message) in qemu-devel. Fixes: CVE-2023-3180 Fixes: 04b9b37edda("virtio-crypto: add data queue processing handler") Cc: Gonglei Cc: Mauro Matteo Cascella Cc: Yiming Tao Signed-off-by: zhenwei pi Message-Id: <20230803024314.29962-2-pizhenwei@bytedance.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- hw/virtio/virtio-crypto.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c index 44faf5a522..13aec771e1 100644 --- a/hw/virtio/virtio-crypto.c +++ b/hw/virtio/virtio-crypto.c @@ -634,6 +634,11 @@ virtio_crypto_sym_op_helper(VirtIODevice *vdev, return NULL; } + if (unlikely(src_len != dst_len)) { + virtio_error(vdev, "sym request src len is different from dst len"); + return NULL; + } + max_len = (uint64_t)iv_len + aad_len + src_len + dst_len + hash_result_len; if (unlikely(max_len > vcrypto->conf.max_size)) { virtio_error(vdev, "virtio-crypto too big length"); From 15b11a1da6a4b7c6b8bb37883f52b544dee2b8fd Mon Sep 17 00:00:00 2001 From: zhenwei pi Date: Thu, 3 Aug 2023 10:43:14 +0800 Subject: [PATCH 22/22] cryptodev: Handle unexpected request to avoid crash Generally guest side should discover which services the device is able to offer, then do requests on device. However it's also possible to break this rule in a guest. Handle unexpected request here to avoid NULL pointer dereference. Fixes: e7a775fd ('cryptodev: Account statistics') Cc: Gonglei Cc: Mauro Matteo Cascella Cc: Xiao Lei Cc: Yongkang Jia Reported-by: Yiming Tao Signed-off-by: zhenwei pi Message-Id: <20230803024314.29962-3-pizhenwei@bytedance.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- backends/cryptodev.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/backends/cryptodev.c b/backends/cryptodev.c index 7d29517843..4d183f7237 100644 --- a/backends/cryptodev.c +++ b/backends/cryptodev.c @@ -191,6 +191,11 @@ static int cryptodev_backend_account(CryptoDevBackend *backend, if (algtype == QCRYPTODEV_BACKEND_ALG_ASYM) { CryptoDevBackendAsymOpInfo *asym_op_info = op_info->u.asym_op_info; len = asym_op_info->src_len; + + if (unlikely(!backend->asym_stat)) { + error_report("cryptodev: Unexpected asym operation"); + return -VIRTIO_CRYPTO_NOTSUPP; + } switch (op_info->op_code) { case VIRTIO_CRYPTO_AKCIPHER_ENCRYPT: CryptodevAsymStatIncEncrypt(backend, len); @@ -210,6 +215,11 @@ static int cryptodev_backend_account(CryptoDevBackend *backend, } else if (algtype == QCRYPTODEV_BACKEND_ALG_SYM) { CryptoDevBackendSymOpInfo *sym_op_info = op_info->u.sym_op_info; len = sym_op_info->src_len; + + if (unlikely(!backend->sym_stat)) { + error_report("cryptodev: Unexpected sym operation"); + return -VIRTIO_CRYPTO_NOTSUPP; + } switch (op_info->op_code) { case VIRTIO_CRYPTO_CIPHER_ENCRYPT: CryptodevSymStatIncEncrypt(backend, len);