From 50b145417ae40cba580265edc901805cecd38af4 Mon Sep 17 00:00:00 2001
From: "Andrew J. Hesford" <ajh@sideband.org>
Date: Mon, 28 Feb 2022 10:15:59 -0500
Subject: [PATCH] qemu: fix loading of custom SLIC tables

---
 .../qemu/patches/fix-acpi-slic-table.patch    | 90 +++++++++++++++++++
 srcpkgs/qemu/template                         |  2 +-
 2 files changed, 91 insertions(+), 1 deletion(-)
 create mode 100644 srcpkgs/qemu/patches/fix-acpi-slic-table.patch

diff --git a/srcpkgs/qemu/patches/fix-acpi-slic-table.patch b/srcpkgs/qemu/patches/fix-acpi-slic-table.patch
new file mode 100644
index 0000000000..1a55ec5aa8
--- /dev/null
+++ b/srcpkgs/qemu/patches/fix-acpi-slic-table.patch
@@ -0,0 +1,90 @@
+From 8cdb99af45365727ac17f45239a9b8c1d5155c6d Mon Sep 17 00:00:00 2001
+From: Igor Mammedov <imammedo@redhat.com>
+Date: Mon, 27 Dec 2021 14:31:17 -0500
+Subject: [PATCH] acpi: fix QEMU crash when started with SLIC table
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+if QEMU is started with used provided SLIC table blob,
+
+  -acpitable sig=SLIC,oem_id='CRASH ',oem_table_id="ME",oem_rev=00002210,asl_compiler_id="",asl_compiler_rev=00000000,data=/dev/null
+it will assert with:
+
+  hw/acpi/aml-build.c:61:build_append_padded_str: assertion failed: (len <= maxlen)
+
+and following backtrace:
+
+  ...
+  build_append_padded_str (array=0x555556afe320, str=0x555556afdb2e "CRASH ME", maxlen=0x6, pad=0x20) at hw/acpi/aml-build.c:61
+  acpi_table_begin (desc=0x7fffffffd1b0, array=0x555556afe320) at hw/acpi/aml-build.c:1727
+  build_fadt (tbl=0x555556afe320, linker=0x555557ca3830, f=0x7fffffffd318, oem_id=0x555556afdb2e "CRASH ME", oem_table_id=0x555556afdb34 "ME") at hw/acpi/aml-build.c:2064
+  ...
+
+which happens due to acpi_table_begin() expecting NULL terminated
+oem_id and oem_table_id strings, which is normally the case, but
+in case of user provided SLIC table, oem_id points to table's blob
+directly and as result oem_id became longer than expected.
+
+Fix issue by handling oem_id consistently and make acpi_get_slic_oem()
+return NULL terminated strings.
+
+PS:
+After [1] refactoring, oem_id semantics became inconsistent, where
+NULL terminated string was coming from machine and old way pointer
+into byte array coming from -acpitable option. That used to work
+since build_header() wasn't expecting NULL terminated string and
+blindly copied the 1st 6 bytes only.
+
+However commit [2] broke that by replacing build_header() with
+acpi_table_begin(), which was expecting NULL terminated string
+and was checking oem_id size.
+
+1) 602b45820 ("acpi: Permit OEM ID and OEM table ID fields to be changed")
+2)
+Fixes: 4b56e1e4eb08 ("acpi: build_fadt: use acpi_table_begin()/acpi_table_end() instead of build_header()")
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/786
+Signed-off-by: Igor Mammedov <imammedo@redhat.com>
+Message-Id: <20211227193120.1084176-2-imammedo@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Tested-by: Denis Lisov <dennis.lissov@gmail.com>
+Tested-by: Alexander Tsoy <alexander@tsoy.me>
+Cc: qemu-stable@nongnu.org
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ hw/acpi/core.c       | 4 ++--
+ hw/i386/acpi-build.c | 2 ++
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/hw/acpi/core.c b/hw/acpi/core.c
+index 1e004d0078..3e811bf03c 100644
+--- a/hw/acpi/core.c
++++ b/hw/acpi/core.c
+@@ -345,8 +345,8 @@ int acpi_get_slic_oem(AcpiSlicOem *oem)
+         struct acpi_table_header *hdr = (void *)(u - sizeof(hdr->_length));
+ 
+         if (memcmp(hdr->sig, "SLIC", 4) == 0) {
+-            oem->id = hdr->oem_id;
+-            oem->table_id = hdr->oem_table_id;
++            oem->id = g_strndup(hdr->oem_id, 6);
++            oem->table_id = g_strndup(hdr->oem_table_id, 8);
+             return 0;
+         }
+     }
+diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
+index 8383b83ee3..0234fe7588 100644
+--- a/hw/i386/acpi-build.c
++++ b/hw/i386/acpi-build.c
+@@ -2723,6 +2723,8 @@ void acpi_build(AcpiBuildTables *tables, MachineState *machine)
+ 
+     /* Cleanup memory that's no longer used. */
+     g_array_free(table_offsets, true);
++    g_free(slic_oem.id);
++    g_free(slic_oem.table_id);
+ }
+ 
+ static void acpi_ram_update(MemoryRegion *mr, GArray *data)
+-- 
+GitLab
+
diff --git a/srcpkgs/qemu/template b/srcpkgs/qemu/template
index 6b5fb57b3b..17655fdbdd 100644
--- a/srcpkgs/qemu/template
+++ b/srcpkgs/qemu/template
@@ -2,7 +2,7 @@
 # This package should be updated together with qemu-user-static
 pkgname=qemu
 version=6.2.0
-revision=1
+revision=2
 build_style=configure
 configure_args="--prefix=/usr --sysconfdir=/etc --libexecdir=/usr/libexec --localstatedir=/var
  --disable-glusterfs --disable-xen --enable-docs --enable-kvm --enable-libusb --enable-pie