As found in LP#1886318, MacOS Catalina performs 2-byte reads on the acpi timer address space while the spec says it should be 4-byte. Allow any small reads.
Reported-By: Simon John <g...@the-jedi.co.uk> Signed-off-by: Michael Tokarev <m...@tls.msk.ru> BugLink: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964247 BugLink: https://bugs.launchpad.net/bugs/1886318 Fixes: 77d58b1e47c8d1c661f98f12b47ab519d3561488 (apci: switch timer to memory api) Fixes: 5d971f9e672507210e7 (memory: Revert "memory: accept mismatching sizes in memory_region_access_valid") --- hw/acpi/core.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) v2: fixed bug#, use the right form of S-o-b, and allow up to 1 byte reads. v3: added BugLink & Fixes references, updated comment I'm applying this to debian qemu package, need the fix faster in order to release security updates for other branches. diff --git a/hw/acpi/core.c b/hw/acpi/core.c --- a/hw/acpi/core.c +++ b/hw/acpi/core.c @@ -530,7 +530,10 @@ static void acpi_pm_tmr_write(void *opaque, hwaddr addr, uint64_t val, static const MemoryRegionOps acpi_pm_tmr_ops = { .read = acpi_pm_tmr_read, .write = acpi_pm_tmr_write, - .valid.min_access_size = 4, + .impl.min_access_size = 4, + /* at least MacOS Catalina reads 2 bytes and fails if it doesn't work */ + /* allow 1-byte reads too, memory API will do all the conversion needed */ + .valid.min_access_size = 1, .valid.max_access_size = 4, .endianness = DEVICE_LITTLE_ENDIAN, }; -- 2.20.1
