Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp2964958pxf; Sun, 21 Mar 2021 13:16:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyhr/J0DjPDYUZzdNiQo337iPCOgsa3WBlflMCnlkQteqrfYvudoPTPYNxaYRx2FjLc5AuD X-Received: by 2002:a17:906:845b:: with SMTP id e27mr15856656ejy.487.1616357760562; Sun, 21 Mar 2021 13:16:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1616357760; cv=none; d=google.com; s=arc-20160816; b=mEe3PqyGL1i6XaEYMkdQg61aZsPXhzjdmvCy7QCf8/2Y/aVOvomEjBoz/vkfXH42Dg zgybeQpKUI8q6RzrfCPTlTZoDIA2K6pRtD/B28em0AlPeZv6js4G3K86/6TA0NELoSjo KrI8ZsKX601sLiRrOly/uw4Nn7nscqyYbuL5vD/uFQLdKfUoTPzDbuKuo8goOW9amz77 ob9AEJgvo29IMeIJgbFPNz3dpd5gx05TCk3ujcSBCh+C9MTr3Q3rh5BNCVdNRwplcMCc IySYcBMzLdOb1GA/jWeG20EILyvRrGuUhksfmD6xkey9A3L5y6hyvbCurxKAeKpyDB21 HNxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version; bh=0CnhSwya90LPt1ynvXYGMlqDvizc1MTTOSU17RJcWi0=; b=kO4TyS3bCqBzsZXaKtzC1sZT9tccp2O9rY+41YakrrdZXIrUPu7SVoomKrP2DcGcT7 pJFrJSuKXNNpbPy48XUhjgLcnnwf9nTlbQxoXEH1kuPH5Bo1zHoPyY6A+1Z/03TYeEFr /MNUfvDboagkNR2s5t0CCTdeWRYZjAQZUT59AP9kJGoipLGq0ARLzrIG4QaaSR2ezPTs l3ywxc25vf+6BLbF/EGlJgaoCtFfiTJdbKuK/s0mJ81pYBPVkKteFvuX5zR85S5GGEUK a+CrgmhhDdvi+HqwIcZO08ss+n3v2oD65CohHKqGbx1EoOrfmLjLY6N7Li/hQvX1DmO3 XIkg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id el21si7386300ejc.603.2021.03.21.13.15.38; Sun, 21 Mar 2021 13:16:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230182AbhCUTA1 (ORCPT + 99 others); Sun, 21 Mar 2021 15:00:27 -0400 Received: from mout.kundenserver.de ([212.227.126.130]:58137 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230178AbhCUTAL (ORCPT ); Sun, 21 Mar 2021 15:00:11 -0400 Received: from mail-ot1-f44.google.com ([209.85.210.44]) by mrelayeu.kundenserver.de (mreue012 [213.165.67.97]) with ESMTPSA (Nemesis) id 1MAtoX-1lYong0w9J-00BISS for ; Sun, 21 Mar 2021 20:00:09 +0100 Received: by mail-ot1-f44.google.com with SMTP id w21-20020a9d63950000b02901ce7b8c45b4so13808758otk.5 for ; Sun, 21 Mar 2021 12:00:09 -0700 (PDT) X-Gm-Message-State: AOAM530PB54+ZSf3XQcsFau7XLI38fuXH0VZrnUZMAF9ObRADEYEwg+s libm4w94NHhTfgT2yPyf8lfbjI4c33Vd7BLKCuc= X-Received: by 2002:a9d:316:: with SMTP id 22mr4722339otv.210.1616353207990; Sun, 21 Mar 2021 12:00:07 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Arnd Bergmann Date: Sun, 21 Mar 2021 19:59:52 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: arm64 syzbot instances To: Peter Maydell Cc: Dmitry Vyukov , Mark Rutland , Marc Zyngier , Will Deacon , Ard Biesheuvel , Linux ARM , syzkaller , LKML , John Garry , =?UTF-8?B?QWxleCBCZW5uw6ll?= Content-Type: text/plain; charset="UTF-8" X-Provags-ID: V03:K1:pbC1xdMBCn4LA6auhd3jgd8VkxHDgJqrGbFaDXsRhuRO+ZhbL/d 7oPDP6OSBHRtOvGvPsd7LzSNzLrkOBpSiWtocwAByhsvcjwAPOQTlRK0NC0jEKPqfmy9pOZ 1pd3758sJ88XTxMMuRmyljds5JAZMclWBo3jdQmwAkvuTNSd1RFGGbNB0qpHmRw+4ob4unx yedxDTt2TaNo4ViQe3xWg== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:DMMNpiWVmjo=:Jv1H2Nhr1PV98cwkQCZR7l m0oPs6oso4ZGr08hFNl4Zu6sDSA77YafBFn7hbVDtKinvpPb33+hSuZ3txtTyjWmI6jq15XwP Q/LwdfMsjAbmvo86VQJtDJW/AubdzR8Hs7q/tr357o2oq+SYAC9EZe8lGrsvg+K0yPC5h4Gxc w8Ns8BAnBxjH6NaUSgt8LitpQAeWO88lId/x3Mj40iDp6Wv/e9NRPvSW9q39e2+tBYhStmVCQ rh+PFosO+bkFc3/NA4RKZUAiT0yXrMEYcvOCYsLIXV6w3RoZlWGIotZy+BsszaNO+ACY1Z7Vn l/brlsIQ9cZkB5TJvSTMBpkNhrFTCAlZ0A9w91J/6YeUj+V2A669fbsgPjmgnk/I6oDai/bNB 4X+XCEg/+GEHR5WgWUeNTFSlXRp1cs8tcg8rPgvMHmRNJFgPug1X/sMKxFEFy Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Mar 20, 2021 at 9:43 PM Peter Maydell wrote: > > On Fri, 12 Mar 2021 at 09:16, Arnd Bergmann wrote: > > So it's probably qemu that triggers the 'synchronous external > > abort' when accessing the PCI I/O space, which in turn hints > > towards a bug in qemu. Presumably it only returns data from > > I/O ports that are actually mapped to a device when real hardware > > is supposed to return 0xffffffff when reading from unused I/O ports. > > Do you have a reference to the bit of the PCI spec that mandates > this -1/discard behaviour for attempted access to places where > there isn't actually a PCI device mapped ? The spec is pretty > long and hard to read... > > (Knowing to what extent this behaviour is mandatory for all > PCI systems/host controllers vs just "it would be nice if the > gpex host controller worked this way" would help in figuring > out where in QEMU to change.) I spent some more time looking at both really old PCI specifications, and new ones. The old PCI specs seem to just leave this bit as out of scope because it does not concern transactions on the bus. The PCI host controller can either report a 'master abort' to the CPU, or ignore it, and each bridge can decide to turn master aborts on reads into all 1s. We do have support some SoCs in Linux that trigger a CPU exception, but we tend to deal with those with an ugly hack that just ignores all exceptions from the CPU. Most host bridges fortunately behave like an x86 PC though, and do not trigger an exception here. In the PCIe 4.0 specification, I found that the behavior is configurable at the root port, using the 'RP PIO Exception Register' at offset 0x1c in the DPC Extended Capability. This register defaults to '0', meaning that reads from an unknown port that generate a 'Unsupported Request Completion' get turned into all 1s. If the firmware or OS enables it, this can be turned into an AER log event, generate an interrupt or a CPU exception. Linux has a driver for DPC, which apparently configures it to cause an interrupt to log the event, but it does not hook up the CPU exception handler to this. I don't see an implementation of DPC in qemu, which I take as an indication that it should use the default behavior and cause neither an interrupt nor a CPU exception. Arnd