From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 09/26] Virt: ACPI: fix qemu assert due to re-assigned table data address
Date: Thu, 11 Jan 2018 13:38:05 +0000 [thread overview]
Message-ID: <1515677902-23436-10-git-send-email-peter.maydell@linaro.org> (raw)
In-Reply-To: <1515677902-23436-1-git-send-email-peter.maydell@linaro.org>
From: Zhaoshenglong <zhaoshenglong@huawei.com>
acpi_data_push uses g_array_set_size to resize the memory size. If there
is no enough contiguous memory, the address will be changed. If we use
the old value, it will assert.
qemu-kvm: hw/acpi/bios-linker-loader.c:214: bios_linker_loader_add_checksum:
Assertion `start_offset < file->blob->len' failed.`
This issue only happens in building SRAT table now but here we unify the
pattern for other tables as well to avoid possible issues in the future.
Signed-off-by: Zhaoshenglong <zhaoshenglong@huawei.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/arm/virt-acpi-build.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 3d78ff6..f7fa795 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -453,6 +453,7 @@ build_spcr(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
AcpiSerialPortConsoleRedirection *spcr;
const MemMapEntry *uart_memmap = &vms->memmap[VIRT_UART];
int irq = vms->irqmap[VIRT_UART] + ARM_SPI_BASE;
+ int spcr_start = table_data->len;
spcr = acpi_data_push(table_data, sizeof(*spcr));
@@ -476,8 +477,8 @@ build_spcr(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
spcr->pci_device_id = 0xffff; /* PCI Device ID: not a PCI device */
spcr->pci_vendor_id = 0xffff; /* PCI Vendor ID: not a PCI device */
- build_header(linker, table_data, (void *)spcr, "SPCR", sizeof(*spcr), 2,
- NULL, NULL);
+ build_header(linker, table_data, (void *)(table_data->data + spcr_start),
+ "SPCR", table_data->len - spcr_start, 2, NULL, NULL);
}
static void
@@ -512,8 +513,8 @@ build_srat(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
mem_base += numa_info[i].node_mem;
}
- build_header(linker, table_data, (void *)srat, "SRAT",
- table_data->len - srat_start, 3, NULL, NULL);
+ build_header(linker, table_data, (void *)(table_data->data + srat_start),
+ "SRAT", table_data->len - srat_start, 3, NULL, NULL);
}
static void
@@ -522,6 +523,7 @@ build_mcfg(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
AcpiTableMcfg *mcfg;
const MemMapEntry *memmap = vms->memmap;
int len = sizeof(*mcfg) + sizeof(mcfg->allocation[0]);
+ int mcfg_start = table_data->len;
mcfg = acpi_data_push(table_data, len);
mcfg->allocation[0].address = cpu_to_le64(memmap[VIRT_PCIE_ECAM].base);
@@ -532,7 +534,8 @@ build_mcfg(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
mcfg->allocation[0].end_bus_number = (memmap[VIRT_PCIE_ECAM].size
/ PCIE_MMCFG_SIZE_MIN) - 1;
- build_header(linker, table_data, (void *)mcfg, "MCFG", len, 1, NULL, NULL);
+ build_header(linker, table_data, (void *)(table_data->data + mcfg_start),
+ "MCFG", table_data->len - mcfg_start, 1, NULL, NULL);
}
/* GTDT */
@@ -651,6 +654,7 @@ build_madt(GArray *table_data, BIOSLinker *linker, VirtMachineState *vms)
static void build_fadt(GArray *table_data, BIOSLinker *linker,
VirtMachineState *vms, unsigned dsdt_tbl_offset)
{
+ int fadt_start = table_data->len;
AcpiFadtDescriptorRev5_1 *fadt = acpi_data_push(table_data, sizeof(*fadt));
unsigned xdsdt_entry_offset = (char *)&fadt->x_dsdt - table_data->data;
uint16_t bootflags;
@@ -681,8 +685,8 @@ static void build_fadt(GArray *table_data, BIOSLinker *linker,
ACPI_BUILD_TABLE_FILE, xdsdt_entry_offset, sizeof(fadt->x_dsdt),
ACPI_BUILD_TABLE_FILE, dsdt_tbl_offset);
- build_header(linker, table_data,
- (void *)fadt, "FACP", sizeof(*fadt), 5, NULL, NULL);
+ build_header(linker, table_data, (void *)(table_data->data + fadt_start),
+ "FACP", table_data->len - fadt_start, 5, NULL, NULL);
}
/* DSDT */
--
2.7.4
next prev parent reply other threads:[~2018-01-11 13:38 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-11 13:37 [Qemu-devel] [PULL 00/26] target-arm queue Peter Maydell
2018-01-11 13:37 ` [Qemu-devel] [PULL 01/26] linux-user: Add support for big-endian aarch64 Peter Maydell
2018-01-11 13:37 ` [Qemu-devel] [PULL 02/26] linux-user: Add separate aarch64_be uname Peter Maydell
2018-01-11 13:37 ` [Qemu-devel] [PULL 03/26] linux-user: Fix endianess of aarch64 signal trampoline Peter Maydell
2018-01-11 13:38 ` [Qemu-devel] [PULL 04/26] configure: Add aarch64_be-linux-user target Peter Maydell
2018-01-11 13:38 ` [Qemu-devel] [PULL 05/26] linux-user: Add aarch64_be magic numbers to qemu-binfmt-conf.sh Peter Maydell
2018-01-11 13:38 ` [Qemu-devel] [PULL 06/26] linux-user: Separate binfmt arm CPU families Peter Maydell
2018-01-11 13:38 ` [Qemu-devel] [PULL 07/26] linux-user: Activate armeb handler registration Peter Maydell
2018-01-11 13:38 ` [Qemu-devel] [PULL 08/26] target/arm: Fix stlxp for aarch64_be Peter Maydell
2018-01-11 13:38 ` Peter Maydell [this message]
2018-01-11 13:38 ` [Qemu-devel] [PULL 10/26] imx_fec: Do not link to netdev Peter Maydell
2018-01-11 13:38 ` [Qemu-devel] [PULL 11/26] imx_fec: Refactor imx_eth_enable_rx() Peter Maydell
2018-01-11 13:38 ` [Qemu-devel] [PULL 12/26] imx_fec: Change queue flushing heuristics Peter Maydell
2018-01-11 13:38 ` [Qemu-devel] [PULL 13/26] imx_fec: Move Tx frame buffer away from the stack Peter Maydell
2018-01-11 13:38 ` [Qemu-devel] [PULL 14/26] imx_fec: Use ENET_FTRL to determine truncation length Peter Maydell
2018-01-11 13:38 ` [Qemu-devel] [PULL 15/26] imx_fec: Use MIN instead of explicit ternary operator Peter Maydell
2018-01-11 13:38 ` [Qemu-devel] [PULL 16/26] imx_fec: Emulate SHIFT16 in ENETx_RACC Peter Maydell
2018-01-11 13:38 ` [Qemu-devel] [PULL 17/26] imx_fec: Add support for multiple Tx DMA rings Peter Maydell
2018-01-11 13:38 ` [Qemu-devel] [PULL 18/26] imx_fec: Use correct length for packet size Peter Maydell
2018-01-11 13:38 ` [Qemu-devel] [PULL 19/26] imx_fec: Fix a typo in imx_enet_receive() Peter Maydell
2018-01-11 13:38 ` [Qemu-devel] [PULL 20/26] imx_fec: Reserve full FSL_IMX25_FEC_SIZE page for the register file Peter Maydell
2018-01-11 13:38 ` [Qemu-devel] [PULL 21/26] hw/timer/pxa2xx_timer: replace hw_error() -> qemu_log_mask() Peter Maydell
2018-01-11 13:38 ` [Qemu-devel] [PULL 22/26] hw/sd/pxa2xx_mmci: add read/write() trace events Peter Maydell
2018-01-11 13:38 ` [Qemu-devel] [PULL 23/26] linux-user/arm/nwfpe: Check coprocessor number for FPA emulation Peter Maydell
2018-01-11 13:38 ` [Qemu-devel] [PULL 24/26] target/arm: Make disas_thumb2_insn() generate its own UNDEF exceptions Peter Maydell
2018-01-11 13:38 ` [Qemu-devel] [PULL 25/26] hw/intc/arm_gicv3: Make reserved register addresses RAZ/WI Peter Maydell
2018-01-11 13:38 ` [Qemu-devel] [PULL 26/26] hw/intc/arm_gic: reserved register addresses are RAZ/WI Peter Maydell
2018-01-11 14:19 ` [Qemu-devel] [PULL 00/26] target-arm queue no-reply
2018-01-11 15:24 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1515677902-23436-10-git-send-email-peter.maydell@linaro.org \
--to=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).