On Mac99 and newer machines, the Uninorth PCI host bridge maps
the PCI hole region at 2GiB, so the RAM area beside 2GiB is not
accessible by the CPU. Restrict the memory to 2GiB to avoid
problems such the one reported in the buglink.
Buglink: https://bugs.launchpad.net/qemu/+bug/1922391
Reported-by: Håvard Eidnes <he@NetBSD.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
hw/ppc/mac_newworld.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
index 21759628466..d88b38e9258 100644
--- a/hw/ppc/mac_newworld.c
+++ b/hw/ppc/mac_newworld.c
@@ -157,6 +157,10 @@ static void ppc_core99_init(MachineState *machine)
}
/* allocate RAM */
+ if (machine->ram_size > 2 * GiB) {
+ error_report("RAM size more than 2 GiB is not supported");
+ exit(1);
+ }
memory_region_add_subregion(get_system_memory(), 0, machine->ram);
/* allocate and load firmware ROM */
--
2.26.3
On Tue, 6 Apr 2021, Philippe Mathieu-Daudé wrote: > On Mac99 and newer machines, the Uninorth PCI host bridge maps > the PCI hole region at 2GiB, so the RAM area beside 2GiB is not > accessible by the CPU. Restrict the memory to 2GiB to avoid > problems such the one reported in the buglink. > > Buglink: https://bugs.launchpad.net/qemu/+bug/1922391 > Reported-by: Håvard Eidnes <he@NetBSD.org> > Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu> > --- > hw/ppc/mac_newworld.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c > index 21759628466..d88b38e9258 100644 > --- a/hw/ppc/mac_newworld.c > +++ b/hw/ppc/mac_newworld.c > @@ -157,6 +157,10 @@ static void ppc_core99_init(MachineState *machine) > } > > /* allocate RAM */ > + if (machine->ram_size > 2 * GiB) { > + error_report("RAM size more than 2 GiB is not supported"); > + exit(1); > + } > memory_region_add_subregion(get_system_memory(), 0, machine->ram); > > /* allocate and load firmware ROM */ >
On 06/04/2021 09:48, Philippe Mathieu-Daudé wrote: > On Mac99 and newer machines, the Uninorth PCI host bridge maps > the PCI hole region at 2GiB, so the RAM area beside 2GiB is not > accessible by the CPU. Restrict the memory to 2GiB to avoid > problems such the one reported in the buglink. > > Buglink: https://bugs.launchpad.net/qemu/+bug/1922391 > Reported-by: Håvard Eidnes <he@NetBSD.org> > Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> > --- > hw/ppc/mac_newworld.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c > index 21759628466..d88b38e9258 100644 > --- a/hw/ppc/mac_newworld.c > +++ b/hw/ppc/mac_newworld.c > @@ -157,6 +157,10 @@ static void ppc_core99_init(MachineState *machine) > } > > /* allocate RAM */ > + if (machine->ram_size > 2 * GiB) { > + error_report("RAM size more than 2 GiB is not supported"); > + exit(1); > + } > memory_region_add_subregion(get_system_memory(), 0, machine->ram); > > /* allocate and load firmware ROM */ I think the patch is correct, however I'm fairly sure that the default g3beige machine also has the PCI hole located at 0x80000000 so the same problem exists there too. Also are you keen to get this merged for 6.0? It doesn't seem to solve a security issue/release blocker and I'm sure the current behaviour has been like this for a long time... ATB, Mark.
On 4/7/21 3:11 PM, Mark Cave-Ayland wrote: > On 06/04/2021 09:48, Philippe Mathieu-Daudé wrote: > >> On Mac99 and newer machines, the Uninorth PCI host bridge maps >> the PCI hole region at 2GiB, so the RAM area beside 2GiB is not >> accessible by the CPU. Restrict the memory to 2GiB to avoid >> problems such the one reported in the buglink. >> >> Buglink: https://bugs.launchpad.net/qemu/+bug/1922391 >> Reported-by: Håvard Eidnes <he@NetBSD.org> >> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> >> --- >> hw/ppc/mac_newworld.c | 4 ++++ >> 1 file changed, 4 insertions(+) >> >> diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c >> index 21759628466..d88b38e9258 100644 >> --- a/hw/ppc/mac_newworld.c >> +++ b/hw/ppc/mac_newworld.c >> @@ -157,6 +157,10 @@ static void ppc_core99_init(MachineState *machine) >> } >> /* allocate RAM */ >> + if (machine->ram_size > 2 * GiB) { >> + error_report("RAM size more than 2 GiB is not supported"); >> + exit(1); >> + } >> memory_region_add_subregion(get_system_memory(), 0, machine->ram); >> /* allocate and load firmware ROM */ > > I think the patch is correct, however I'm fairly sure that the default > g3beige machine also has the PCI hole located at 0x80000000 so the same > problem exists there too. > > Also are you keen to get this merged for 6.0? It doesn't seem to solve a > security issue/release blocker and I'm sure the current behaviour has > been like this for a long time... No problem. I wanted to revisit this bug anyway, I realized during the night, while this patch makes QEMU exit cleanly, it hides the bug which is likely in TYPE_MACIO_IDE (I haven't tried Håvard's full reproducer). Regards, Phil.
On Wed, Apr 07, 2021 at 03:44:35PM +0200, Philippe Mathieu-Daudé wrote: > On 4/7/21 3:11 PM, Mark Cave-Ayland wrote: > > On 06/04/2021 09:48, Philippe Mathieu-Daudé wrote: > > > >> On Mac99 and newer machines, the Uninorth PCI host bridge maps > >> the PCI hole region at 2GiB, so the RAM area beside 2GiB is not > >> accessible by the CPU. Restrict the memory to 2GiB to avoid > >> problems such the one reported in the buglink. > >> > >> Buglink: https://bugs.launchpad.net/qemu/+bug/1922391 > >> Reported-by: Håvard Eidnes <he@NetBSD.org> > >> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> > >> --- > >> hw/ppc/mac_newworld.c | 4 ++++ > >> 1 file changed, 4 insertions(+) > >> > >> diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c > >> index 21759628466..d88b38e9258 100644 > >> --- a/hw/ppc/mac_newworld.c > >> +++ b/hw/ppc/mac_newworld.c > >> @@ -157,6 +157,10 @@ static void ppc_core99_init(MachineState *machine) > >> } > >> /* allocate RAM */ > >> + if (machine->ram_size > 2 * GiB) { > >> + error_report("RAM size more than 2 GiB is not supported"); > >> + exit(1); > >> + } > >> memory_region_add_subregion(get_system_memory(), 0, machine->ram); > >> /* allocate and load firmware ROM */ > > > > I think the patch is correct, however I'm fairly sure that the default > > g3beige machine also has the PCI hole located at 0x80000000 so the same > > problem exists there too. > > > > Also are you keen to get this merged for 6.0? It doesn't seem to solve a > > security issue/release blocker and I'm sure the current behaviour has > > been like this for a long time... > > No problem. I wanted to revisit this bug anyway, I realized during the > night, while this patch makes QEMU exit cleanly, it hides the bug which > is likely in TYPE_MACIO_IDE (I haven't tried Håvard's full > reproducer). Ah, given the comments above, I've pulled this out of ppc-for-6.0 and moved it to ppc-for-6.1. > > Regards, > > Phil. > -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson
On Tue, Apr 06, 2021 at 10:48:42AM +0200, Philippe Mathieu-Daudé wrote: > On Mac99 and newer machines, the Uninorth PCI host bridge maps > the PCI hole region at 2GiB, so the RAM area beside 2GiB is not > accessible by the CPU. Restrict the memory to 2GiB to avoid > problems such the one reported in the buglink. > > Buglink: https://bugs.launchpad.net/qemu/+bug/1922391 > Reported-by: Håvard Eidnes <he@NetBSD.org> > Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Simple, and a bugfix. Applied to ppc-for-6.0. > --- > hw/ppc/mac_newworld.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c > index 21759628466..d88b38e9258 100644 > --- a/hw/ppc/mac_newworld.c > +++ b/hw/ppc/mac_newworld.c > @@ -157,6 +157,10 @@ static void ppc_core99_init(MachineState *machine) > } > > /* allocate RAM */ > + if (machine->ram_size > 2 * GiB) { > + error_report("RAM size more than 2 GiB is not supported"); > + exit(1); > + } > memory_region_add_subregion(get_system_memory(), 0, machine->ram); > > /* allocate and load firmware ROM */ -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson
© 2016 - 2024 Red Hat, Inc.