[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH] hvmloader: Fix reading ACPI PM1 CNT value

  • To: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • From: Anthony PERARD <anthony.perard@xxxxxxxxxx>
  • Date: Wed, 1 Jul 2020 10:10:31 +0100
  • Authentication-results: esa6.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
  • Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Delivery-date: Wed, 01 Jul 2020 09:10:44 +0000
  • Ironport-sdr: 11Kw2xoQRVL7WqilHuFkwhtyXZdyrzkrO9PEu8args1R1Vh7pOTeVnDou8nwpb16a6fhSiw3c9 WlLn3YeMG5GgizWYT44ZurqCtoQRgSNZCsecYuEnkGcRItvKIJGrdGCJNwCv+zrk1+AefS3Usz PPlsClfpbO5yL3vDelgTzziBeRyHktAqeT1Rki/2XBulSPIzhVvBfGSTnN6BdiQ8J6bgllYFTk iyJCNuIL2cB4B7kES2t3hajJigArvcDNiswFiVu3ZMPW5wAAVFIJO9+zUHfba6QEuHQH7MnI3u nUc=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Wed, Jul 01, 2020 at 09:52:57AM +0200, Roger Pau Monné wrote:
> On Tue, Jun 30, 2020 at 06:09:13PM +0100, Anthony PERARD wrote:
> > In order to get the CNT value from QEMU, we were supposed to read a
> > word, according to the implementation in QEMU. But it has been lax and
> > allowed to read a single byte. This has changed with commit
> > 5d971f9e6725 ("memory: Revert "memory: accept mismatching sizes in
> > memory_region_access_valid"") and result in hvmloader crashing on
> > the BUG_ON.
> This is a bug on the QEMU side, the ACPI spec states: "Accesses to PM1
> control registers are accessed through byte and word accesses.".
> That's on section PM1 Control Registers of my copy of the
> ACPI spec (6.2A).

I guess we can ignore this patch then, and I should write a patch for
QEMU instead.

> I'm fine with this if such bogus behavior has made it's way into a
> release version of QEMU, but it needs to state it's a workaround for a
> QEMU bug, not a bug in hvmloader.

It hasn't, but might.

> IMO the QEMU change should be reverted.

The change can't be reverted, it is to fix a CVE and isn't related to
ACPI. But we can fix the emulator.

> Thanks, Roger.


Anthony PERARD



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.