From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.7 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF9B6C433E3 for ; Sat, 11 Jul 2020 21:41:48 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id B2658206A5 for ; Sat, 11 Jul 2020 21:41:48 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B2658206A5 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=bugs.launchpad.net Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:52058 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1juNFj-0001o6-V2 for qemu-devel@archiver.kernel.org; Sat, 11 Jul 2020 17:41:47 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:48334) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1juNFB-0001Ou-SL for qemu-devel@nongnu.org; Sat, 11 Jul 2020 17:41:14 -0400 Received: from indium.canonical.com ([91.189.90.7]:48620) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1juNF7-0003R3-Ob for qemu-devel@nongnu.org; Sat, 11 Jul 2020 17:41:13 -0400 Received: from loganberry.canonical.com ([91.189.90.37]) by indium.canonical.com with esmtp (Exim 4.86_2 #2 (Debian)) id 1juNF5-0001qY-LM for ; Sat, 11 Jul 2020 21:41:07 +0000 Received: from loganberry.canonical.com (localhost [127.0.0.1]) by loganberry.canonical.com (Postfix) with ESMTP id 9E9362E80EE for ; Sat, 11 Jul 2020 21:41:07 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Date: Sat, 11 Jul 2020 21:34:39 -0000 From: Simon John <1886318@bugs.launchpad.net> To: qemu-devel@nongnu.org X-Launchpad-Notification-Type: bug X-Launchpad-Bug: product=qemu; status=New; importance=Undecided; assignee=None; X-Launchpad-Bug-Information-Type: Public X-Launchpad-Bug-Private: no X-Launchpad-Bug-Security-Vulnerability: no X-Launchpad-Bug-Commenters: mark-cave-ayland sej7278 X-Launchpad-Bug-Reporter: Simon John (sej7278) X-Launchpad-Bug-Modifier: Simon John (sej7278) References: <159394898604.17667.6684490731246411850.malonedeb@soybean.canonical.com> Message-Id: <159450327987.12745.18288028012768679202.malone@soybean.canonical.com> Subject: [Bug 1886318] Re: Qemu after v5.0.0 breaks macos guests X-Launchpad-Message-Rationale: Subscriber (QEMU) @qemu-devel-ml X-Launchpad-Message-For: qemu-devel-ml Precedence: bulk X-Generated-By: Launchpad (canonical.com); Revision="4809fcb62f445aaa3ae919f7f6c3cc7d156ea57a"; Instance="production-secrets-lazr.conf" X-Launchpad-Hash: 22c62de048f7427c111237bd8112922cf81b81b4 Received-SPF: none client-ip=91.189.90.7; envelope-from=bounces@canonical.com; helo=indium.canonical.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/11 17:41:08 X-ACL-Warn: Detected OS = Linux 3.11 and newer [fuzzy] X-Spam_score_int: -58 X-Spam_score: -5.9 X-Spam_bar: ----- X-Spam_report: (-5.9 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Bug 1886318 <1886318@bugs.launchpad.net> Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Thanks Mark, what an interesting exercise that was - and sorry, didn't know 5.1 was due. So the git bisect revealed this: $ git bisect good 5d971f9e672507210e77d020d89e0e89165c8fc9 is the first bad commit commit 5d971f9e672507210e77d020d89e0e89165c8fc9 Author: Michael S. Tsirkin Date: Wed Jun 10 09:47:49 2020 -0400 memory: Revert "memory: accept mismatching sizes in memory_region_acces= s_valid" = Memory API documentation documents valid .min_access_size and .max_acce= ss_size fields and explains that any access outside these boundaries is blocked. = This is what devices seem to assume. = However this is not what the implementation does: it simply ignores the boundaries unless there's an "accepts" callback. = Naturally, this breaks a bunch of devices. = Revert to the documented behaviour. = Devices that want to allow any access can just drop the valid field, or add the impl field to have accesses converted to appropriate length. = Cc: qemu-stable@nongnu.org Reviewed-by: Richard Henderson Fixes: CVE-2020-13754 Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=3D1842363 Fixes: a014ed07bd5a ("memory: accept mismatching sizes in memory_region= _access_valid") Signed-off-by: Michael S. Tsirkin Message-Id: <20200610134731.1514409-1-mst@redhat.com> Signed-off-by: Paolo Bonzini memory.c | 29 +++++++++-------------------- 1 file changed, 9 insertions(+), 20 deletions(-) ** Bug watch added: Red Hat Bugzilla #1842363 https://bugzilla.redhat.com/show_bug.cgi?id=3D1842363 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=3D2020-13754 -- = You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1886318 Title: Qemu after v5.0.0 breaks macos guests Status in QEMU: New Bug description: The Debian Sid 5.0-6 qemu-kvm package can no longer get further than the Clover bootloader whereas 5.0-6 and earlier worked fine. So I built qemu master from github and it has the same problem, whereas git tag v5.0.0 (or 4.2.1) does not, so something between v5.0.0 release and the last few days has caused the problem. Here's my qemu script, pretty standard macOS-Simple-KVM setup on a Xeon host: qemu-system-x86_64 \ -enable-kvm \ -m 4G \ -machine q35,accel=3Dkvm \ -smp 4,sockets=3D1,cores=3D2,threads=3D2 \ -cpu = Penryn,vendor=3DGenuineIntel,kvm=3Don,+sse3,+sse4.2,+aes,+xsave,+avx,+xsa= veopt,+xsavec,+xgetbv1,+avx2,+bmi2,+smep,+bmi1,+fma,+movbe,+invtsc = \ -device = isa-applesmc,osk=3D"ourhardworkbythesewordsguardedpleasedontsteal(c)Apple= ComputerInc" = \ -smbios type=3D2 \ -drive if=3Dpflash,format=3Draw,readonly,file=3D"/tmp/OVMF_CODE.fd" \ -drive if=3Dpflash,format=3Draw,file=3D"/tmp/macos_catalina_VARS.fd" \ -vga qxl \ -device ich9-ahci,id=3Dsata \ -drive id=3DESP,if=3Dnone,format=3Draw,file=3D/tmp/ESP.img \ -device ide-hd,bus=3Dsata.2,drive=3DESP \ -drive id=3DInstallMedia,format=3Draw,if=3Dnone,file=3D/tmp/BaseSyste= m.img \ -device ide-hd,bus=3Dsata.3,drive=3DInstallMedia \ -drive id=3DSystemDisk,if=3Dnone,format=3Draw,file=3D/tmp/macos_catal= ina.img \ -device ide-hd,bus=3Dsata.4,drive=3DSystemDisk \ -usb -device usb-kbd -device usb-mouse Perhaps something has changed in Penryn support recently, as that's required for macos? See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D964247 Also on a related note, kernel 5.6/5.7 (on Debian) hard crashes the host when I try GPU passthrough on macos, whereas Ubuntu20/Win10 work fine - as does 5.5 kernel. See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D961676 To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1886318/+subscriptions