1. Patchew
  2. QEMU
  3. View series

[PATCH-for-6.0] hw/ppc/mac_newworld: Restrict RAM to 2 GiB

Philippe Mathieu-Daudé posted 1 patch 3 years ago
Test checkpatch passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20210406084842.2859664-1-f4bug@amsat.org
hw/ppc/mac_newworld.c | 4 ++++
1 file changed, 4 insertions(+)
[PATCH-for-6.0] hw/ppc/mac_newworld: Restrict RAM to 2 GiB
Posted by Philippe Mathieu-Daudé 3 years ago 
On Mac99 and newer machines, the Uninorth PCI host bridge maps
the PCI hole region at 2GiB, so the RAM area beside 2GiB is not
accessible by the CPU. Restrict the memory to 2GiB to avoid
problems such the one reported in the buglink.

Buglink: https://bugs.launchpad.net/qemu/+bug/1922391
Reported-by: Håvard Eidnes <he@NetBSD.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
 hw/ppc/mac_newworld.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
index 21759628466..d88b38e9258 100644
--- a/hw/ppc/mac_newworld.c
+++ b/hw/ppc/mac_newworld.c
@@ -157,6 +157,10 @@ static void ppc_core99_init(MachineState *machine)
     }
 
     /* allocate RAM */
+    if (machine->ram_size > 2 * GiB) {
+        error_report("RAM size more than 2 GiB is not supported");
+        exit(1);
+    }
     memory_region_add_subregion(get_system_memory(), 0, machine->ram);
 
     /* allocate and load firmware ROM */
-- 
2.26.3
Re: [PATCH-for-6.0] hw/ppc/mac_newworld: Restrict RAM to 2 GiB
Posted by BALATON Zoltan 3 years ago 
On Tue, 6 Apr 2021, Philippe Mathieu-Daudé wrote:
> On Mac99 and newer machines, the Uninorth PCI host bridge maps
> the PCI hole region at 2GiB, so the RAM area beside 2GiB is not
> accessible by the CPU. Restrict the memory to 2GiB to avoid
> problems such the one reported in the buglink.
>
> Buglink: https://bugs.launchpad.net/qemu/+bug/1922391
> Reported-by: Håvard Eidnes <he@NetBSD.org>
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>

> ---
> hw/ppc/mac_newworld.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
> index 21759628466..d88b38e9258 100644
> --- a/hw/ppc/mac_newworld.c
> +++ b/hw/ppc/mac_newworld.c
> @@ -157,6 +157,10 @@ static void ppc_core99_init(MachineState *machine)
>     }
>
>     /* allocate RAM */
> +    if (machine->ram_size > 2 * GiB) {
> +        error_report("RAM size more than 2 GiB is not supported");
> +        exit(1);
> +    }
>     memory_region_add_subregion(get_system_memory(), 0, machine->ram);
>
>     /* allocate and load firmware ROM */
>
Re: [PATCH-for-6.0] hw/ppc/mac_newworld: Restrict RAM to 2 GiB
Posted by Mark Cave-Ayland 3 years ago 
On 06/04/2021 09:48, Philippe Mathieu-Daudé wrote:

> On Mac99 and newer machines, the Uninorth PCI host bridge maps
> the PCI hole region at 2GiB, so the RAM area beside 2GiB is not
> accessible by the CPU. Restrict the memory to 2GiB to avoid
> problems such the one reported in the buglink.
> 
> Buglink: https://bugs.launchpad.net/qemu/+bug/1922391
> Reported-by: Håvard Eidnes <he@NetBSD.org>
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> ---
>   hw/ppc/mac_newworld.c | 4 ++++
>   1 file changed, 4 insertions(+)
> 
> diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
> index 21759628466..d88b38e9258 100644
> --- a/hw/ppc/mac_newworld.c
> +++ b/hw/ppc/mac_newworld.c
> @@ -157,6 +157,10 @@ static void ppc_core99_init(MachineState *machine)
>       }
>   
>       /* allocate RAM */
> +    if (machine->ram_size > 2 * GiB) {
> +        error_report("RAM size more than 2 GiB is not supported");
> +        exit(1);
> +    }
>       memory_region_add_subregion(get_system_memory(), 0, machine->ram);
>   
>       /* allocate and load firmware ROM */

I think the patch is correct, however I'm fairly sure that the default g3beige 
machine also has the PCI hole located at 0x80000000 so the same problem exists there too.

Also are you keen to get this merged for 6.0? It doesn't seem to solve a security 
issue/release blocker and I'm sure the current behaviour has been like this for a 
long time...


ATB,

Mark.
Re: [PATCH-for-6.0] hw/ppc/mac_newworld: Restrict RAM to 2 GiB
Posted by Philippe Mathieu-Daudé 3 years ago 
On 4/7/21 3:11 PM, Mark Cave-Ayland wrote:
> On 06/04/2021 09:48, Philippe Mathieu-Daudé wrote:
> 
>> On Mac99 and newer machines, the Uninorth PCI host bridge maps
>> the PCI hole region at 2GiB, so the RAM area beside 2GiB is not
>> accessible by the CPU. Restrict the memory to 2GiB to avoid
>> problems such the one reported in the buglink.
>>
>> Buglink: https://bugs.launchpad.net/qemu/+bug/1922391
>> Reported-by: Håvard Eidnes <he@NetBSD.org>
>> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
>> ---
>>   hw/ppc/mac_newworld.c | 4 ++++
>>   1 file changed, 4 insertions(+)
>>
>> diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
>> index 21759628466..d88b38e9258 100644
>> --- a/hw/ppc/mac_newworld.c
>> +++ b/hw/ppc/mac_newworld.c
>> @@ -157,6 +157,10 @@ static void ppc_core99_init(MachineState *machine)
>>       }
>>         /* allocate RAM */
>> +    if (machine->ram_size > 2 * GiB) {
>> +        error_report("RAM size more than 2 GiB is not supported");
>> +        exit(1);
>> +    }
>>       memory_region_add_subregion(get_system_memory(), 0, machine->ram);
>>         /* allocate and load firmware ROM */
> 
> I think the patch is correct, however I'm fairly sure that the default
> g3beige machine also has the PCI hole located at 0x80000000 so the same
> problem exists there too.
> 
> Also are you keen to get this merged for 6.0? It doesn't seem to solve a
> security issue/release blocker and I'm sure the current behaviour has
> been like this for a long time...

No problem. I wanted to revisit this bug anyway, I realized during the
night, while this patch makes QEMU exit cleanly, it hides the bug which
is likely in TYPE_MACIO_IDE (I haven't tried Håvard's full reproducer).

Regards,

Phil.
Re: [PATCH-for-6.0] hw/ppc/mac_newworld: Restrict RAM to 2 GiB
Posted by David Gibson 3 years ago 
On Wed, Apr 07, 2021 at 03:44:35PM +0200, Philippe Mathieu-Daudé wrote:
> On 4/7/21 3:11 PM, Mark Cave-Ayland wrote:
> > On 06/04/2021 09:48, Philippe Mathieu-Daudé wrote:
> > 
> >> On Mac99 and newer machines, the Uninorth PCI host bridge maps
> >> the PCI hole region at 2GiB, so the RAM area beside 2GiB is not
> >> accessible by the CPU. Restrict the memory to 2GiB to avoid
> >> problems such the one reported in the buglink.
> >>
> >> Buglink: https://bugs.launchpad.net/qemu/+bug/1922391
> >> Reported-by: Håvard Eidnes <he@NetBSD.org>
> >> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> >> ---
> >>   hw/ppc/mac_newworld.c | 4 ++++
> >>   1 file changed, 4 insertions(+)
> >>
> >> diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
> >> index 21759628466..d88b38e9258 100644
> >> --- a/hw/ppc/mac_newworld.c
> >> +++ b/hw/ppc/mac_newworld.c
> >> @@ -157,6 +157,10 @@ static void ppc_core99_init(MachineState *machine)
> >>       }
> >>         /* allocate RAM */
> >> +    if (machine->ram_size > 2 * GiB) {
> >> +        error_report("RAM size more than 2 GiB is not supported");
> >> +        exit(1);
> >> +    }
> >>       memory_region_add_subregion(get_system_memory(), 0, machine->ram);
> >>         /* allocate and load firmware ROM */
> > 
> > I think the patch is correct, however I'm fairly sure that the default
> > g3beige machine also has the PCI hole located at 0x80000000 so the same
> > problem exists there too.
> > 
> > Also are you keen to get this merged for 6.0? It doesn't seem to solve a
> > security issue/release blocker and I'm sure the current behaviour has
> > been like this for a long time...
> 
> No problem. I wanted to revisit this bug anyway, I realized during the
> night, while this patch makes QEMU exit cleanly, it hides the bug which
> is likely in TYPE_MACIO_IDE (I haven't tried Håvard's full
> reproducer).

Ah, given the comments above, I've pulled this out of ppc-for-6.0 and
moved it to ppc-for-6.1.

> 
> Regards,
> 
> Phil.
> 

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson
Re: [PATCH-for-6.0] hw/ppc/mac_newworld: Restrict RAM to 2 GiB
Posted by David Gibson 3 years ago 
On Tue, Apr 06, 2021 at 10:48:42AM +0200, Philippe Mathieu-Daudé wrote:
> On Mac99 and newer machines, the Uninorth PCI host bridge maps
> the PCI hole region at 2GiB, so the RAM area beside 2GiB is not
> accessible by the CPU. Restrict the memory to 2GiB to avoid
> problems such the one reported in the buglink.
> 
> Buglink: https://bugs.launchpad.net/qemu/+bug/1922391
> Reported-by: Håvard Eidnes <he@NetBSD.org>
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Simple, and a bugfix.  Applied to ppc-for-6.0.

> ---
>  hw/ppc/mac_newworld.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
> index 21759628466..d88b38e9258 100644
> --- a/hw/ppc/mac_newworld.c
> +++ b/hw/ppc/mac_newworld.c
> @@ -157,6 +157,10 @@ static void ppc_core99_init(MachineState *machine)
>      }
>  
>      /* allocate RAM */
> +    if (machine->ram_size > 2 * GiB) {
> +        error_report("RAM size more than 2 GiB is not supported");
> +        exit(1);
> +    }
>      memory_region_add_subregion(get_system_memory(), 0, machine->ram);
>  
>      /* allocate and load firmware ROM */

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.