Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3539683pxf; Mon, 22 Mar 2021 08:45:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJybgicfjGEXDjHcYtgrshnzxq8CH81Fs7f7GDsu06tl5HGQ+59ugaMq72bjL75U5w0CVOY7 X-Received: by 2002:a17:907:2bd7:: with SMTP id gv23mr380045ejc.351.1616427907375; Mon, 22 Mar 2021 08:45:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1616427907; cv=none; d=google.com; s=arc-20160816; b=qFjBaBDSntwvKtLOvpDdBwMj1IIgUCW/gE1LTKwCNZRg6ZjwPxA8QnRlWvjzFBP+sp EQZaC50AXKUL3Xer57sC9hjK9Ea44VRyVU/BE5z3+RBbiR8v5zOk3NsIayWW57SjwDzz uxtdShf4ifrLyCq+H/ZiOcn2jb6G45OlImJjBdgN56AGMnJ7lJhGkwohm1XPeRaocRxb M7n4j6HWMxRBmp9QarGbNgg8KeSlmh8ajHA5cYkvZu5c1L4ymgxDW8pYQeIVjS7Sq+9h Aykmo3D1YWxsXKmUgX+POSv360qGvFyqsDaaaCNkIa/2t+nCFSxYTzhhX1BSbKdU+lXA b6nA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version; bh=YeR5rPbqgQZoTYKFaNsigXq2WmA7O65MLQ3nQf9uGU4=; b=ie0cP9UWH1Jx575mbjyqkNbGQoIj6oa6/8dJory9pIGfLmqVJGx+1oT45XNkJfzqT1 UcWoBYmRfVhlYHUo+JttnG01jQBt2JLSpgha9936MJIgfjB0h9/wJWbD1U2I4a4DOoDC rY6kVYknvhoUrJTjiwmbifdPnHPb9lj+vDgbSKEZSPGQiLZz4QJXUiTDq23yz/yIF5P/ 8hxfr+6uzWM4sG7ficAtQuh+MfRJgSk3s4QcYGlUCaDkIhu+cfL7rcQX4Jfm+JUwoy4n 79rb4Xy7dRCA6qyQvq3imEFI7U0+Nbki2cDUBbY5/WJV9nprR+xSllddADlxkBhwXSqt oxXQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l6si11976148ejo.624.2021.03.22.08.44.44; Mon, 22 Mar 2021 08:45:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230227AbhCVPno (ORCPT + 99 others); Mon, 22 Mar 2021 11:43:44 -0400 Received: from mout.kundenserver.de ([217.72.192.74]:60717 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230448AbhCVPnO (ORCPT ); Mon, 22 Mar 2021 11:43:14 -0400 Received: from mail-ot1-f44.google.com ([209.85.210.44]) by mrelayeu.kundenserver.de (mreue109 [213.165.67.113]) with ESMTPSA (Nemesis) id 1M6lxY-1lJOMY3ila-008Kw4 for ; Mon, 22 Mar 2021 16:43:13 +0100 Received: by mail-ot1-f44.google.com with SMTP id 31-20020a9d00220000b02901b64b9b50b1so16348695ota.9 for ; Mon, 22 Mar 2021 08:43:12 -0700 (PDT) X-Gm-Message-State: AOAM530y2QApd+oo1tBMD8b3GoyXgFpY6bjnA7QThEVIKpdxiHjGLnUG wpFDy5xOgrDyWStVyiWSpaqYvFfksKpqUm2YhJw= X-Received: by 2002:a9d:316:: with SMTP id 22mr470096otv.210.1616427791533; Mon, 22 Mar 2021 08:43:11 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Arnd Bergmann Date: Mon, 22 Mar 2021 16:42:55 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: arm64 syzbot instances To: Peter Maydell Cc: Dmitry Vyukov , Mark Rutland , Marc Zyngier , Will Deacon , Ard Biesheuvel , Linux ARM , syzkaller , LKML , John Garry , =?UTF-8?B?QWxleCBCZW5uw6ll?= Content-Type: text/plain; charset="UTF-8" X-Provags-ID: V03:K1:LT7wnUnrQ0twKagV6NI+TbEYlbAXBcULaEpkOLb8rRzTH3knYBl uAlOwrHmsYDqKLh0TSCXdwp0OYxPOyNRCARcSERHmWR89SC6PwEALtX9EllRfBTOlPjbzwu QpVssjZMCS3vCkyMAHhbWW0GtEGqR/aRNgkqiMX+cDne69cFNttqsJPcWHEe98n2ABx4aoZ oC/w7hpB+wkd+hhi3oA4w== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:i3WaBeHP4nc=:GGy+t7lW0MZXBdtjbYgoLt X/s2PRZqTfpca4z73MwKMd5w0Kw0seU/cDoLg0kpYvQJncL2utyTRU22ySvlRkMIHcW/v7hEL spytwFtTpyqUnd7mMy9mXnD8r/DsHN/YlybObNnONnrlP3kLYV3S4HXKOFOrMYD3kuuu9jojV FGndS2mA0IEKGK1s3vAsG1dO9JUA8uKTlWbqqHPRShcGTHi6EmZcyUgIRPU0HHs8GbWG7Q31v 5DYkNj1PGQEUwh/uJ8C7KlJBQAW8++8Xkcyr2nRaQG1GbqXyLBys8KWStb8eEP9PpOMnsKG21 9oOrlgMa1R7pDXF6YC5Vp6aQ4TkF4KCUTm18ge8kia5yFKAFwaNWfhTXYUBikG9AeVfPgv605 0+4vTeAYuZy7ql+v7rZ+D8ig7bx/1JxMCa3qXT6dAwb0nBRRcMWcceVIwQlEkGey7gyMiNWiW N42MxwP+XUzh9HcatT8fZ/BZhVGAMn34x+S5lQsAbb3KFdyPOLhCPNzI5Aozt5d5s5/LFtZt4 PFr5wNSXK1ovMNIX+VsMlJ9GNcss9n7coN6pYS0FlZFuVlAQCwhwofaH0GJ5Ti3QA== Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 22, 2021 at 2:53 PM Peter Maydell wrote: > On Sun, 21 Mar 2021 at 19:00, Arnd Bergmann wrote: > > On Sat, Mar 20, 2021 at 9:43 PM Peter Maydell wrote: > > > On Fri, 12 Mar 2021 at 09:16, Arnd Bergmann wrote: > > > > So it's probably qemu that triggers the 'synchronous external > > > > abort' when accessing the PCI I/O space, which in turn hints > > > > towards a bug in qemu. Presumably it only returns data from > > > > I/O ports that are actually mapped to a device when real hardware > > > > is supposed to return 0xffffffff when reading from unused I/O ports. > > > > > > Do you have a reference to the bit of the PCI spec that mandates > > > this -1/discard behaviour for attempted access to places where > > > there isn't actually a PCI device mapped ? The spec is pretty > > > long and hard to read... > > > > > > (Knowing to what extent this behaviour is mandatory for all > > > PCI systems/host controllers vs just "it would be nice if the > > > gpex host controller worked this way" would help in figuring > > > out where in QEMU to change.) > > > > I spent some more time looking at both really old PCI specifications, > > and new ones. > > The old PCI specs seem to just leave this bit as out of scope because > > it does not concern transactions on the bus. The PCI host controller > > can either report a 'master abort' to the CPU, or ignore it, and each > > bridge can decide to turn master aborts on reads into all 1s. > > We do have support some SoCs in Linux that trigger a CPU exception, > > but we tend to deal with those with an ugly hack that just ignores > > all exceptions from the CPU. Most host bridges fortunately behave > > like an x86 PC though, and do not trigger an exception here. > > There's apparently a bit in the PCI spec that reads: > The host bus bridge, in PC compatible systems, must return all > 1's on a read transaction and discard data on a write transaction > when terminated with Master-Abort. > > which obviously applies only to "PC compatible systems". Right. As far as I can tell, all ARMv8 and most ARMv7 based SoCs do this to be more compatible with PC style operating systems like Linux, but you are right that the specification here does not mandate that, and the older ARMv5 SoCs seem to be compliant as well based on this. > > Linux has a driver for DPC, which apparently configures it to > > cause an interrupt to log the event, but it does not hook up the > > CPU exception handler to this. I don't see an implementation of DPC > > in qemu, which I take as an indication that it should use the > > default behavior and cause neither an interrupt nor a CPU exception. > > Hmm, maybe. We should probably also implement -1/discard just because > we're not intending to have 'surprising' behaviour. > > TBH I'm having difficulty seeing why the kernel should be doing > this at all, though. The device tree tells you you have a PCI > controller; PCI supports enumeration of devices; you know exactly > where everything is mapped because the BARs tell you that. > I don't see anything that justifies the kernel in randomly > dereferencing areas of the IO or memory windows where it hasn't > mapped anything. You shouldn't be probing for legacy ISA-port > devices unless you're on a system which might actually have them > (eg an x86 PC). It only happened in this case because there is also a bug in the 8250 serial port driver that is configured to assume four ports exist at port zero. On real arm64 hardware, this is apparently harmless because the driver has coped with this for 30 years ;-) There are a few other drivers that assume hardware is accessible at the legacy addresses, and applications can also still open /dev/ioport (if that is enabled at compile time) for the same purpose. Examples could be PC-style mouse/keyboard (emulated by a server BMC), PATA/SATA controllers in pre-AHCI mode, VGA console, and a couple of industrial I/O drivers that have ISA devices behind a PCI bridge. Most other actual ISA add-on card drivers can only be enabled on kernels that support machines with real slots, so you could get them on an i386 kernel running a virtualized x86_64 machine, but not on ARMv6 or later kernels, and you can't run pre-ARMv7 kernels on ARMv8 hardware. Arnd