All of lore.kernel.org
 help / color / mirror / Atom feed
From: Eric Auger <eauger@redhat.com>
To: cenjiahui@huawei.com, qemu list <qemu-devel@nongnu.org>,
	qemu-arm <qemu-arm@nongnu.org>, Ard Biesheuvel <ardb@kernel.org>,
	Xingang Wang <wangxingang5@huawei.com>
Subject: QEMU PCIe expander bridge with 64kB page guest -> guest BUG_ON()
Date: Mon, 21 Jun 2021 18:22:20 +0200	[thread overview]
Message-ID: <1811f735-3426-08c0-ee86-b410b632efb5@redhat.com> (raw)

Hi Jiahui,

I noticed the PCIe expander bridge + PCIe root port does not work with a
64kB page guest. One hits a kernel BUG at mm/vmalloc.c:96
(BUG_ON(!pte_none(*pte));)! This happens with an upstream guest.

I understand this happens on pci_remap_iospace when handling the Io16
regions below. Wonder if the edk2 code could be the source (I saw you
write both the edk2 and the qemu part [edk2-devel] [PATCH v2 0/4] Add
extra pci roots support for Arm).

Please could give me a hand?

Best Regards

Eric


Sample qemu cmd options:

-device pxb-pcie,bus_nr=4,id=bridge,bus=pcie.0 \
-device pcie-root-port,bus=bridge,chassis=4,id=pcie.11 \
-device virtio-net-pci,bus=pcie.11,netdev=nic0,mac=6a:f5:10:b1:3d:d2
-netdev
tap,id=nic0,script=/home/augere/TEST/SCRIPTS/qemu-ifup,downscript=/home/augere/TEST/SCRIPTS/qemu-ifdown


[    2.867734] ACPI: PCI Root Bridge [PCFE] (domain 0000 [bus fe-ff])
[    2.869339] acpi PNP0A08:00: _OSC: OS supports [ExtendedConfig ASPM
ClockPM Segments MSI EDR HPX-Type3]
[    2.871405] acpi PNP0A08:00: _OSC: platform does not support [LTR DPC]
[    2.873226] acpi PNP0A08:00: _OSC: OS now controls [PCIeHotplug PME
AER PCIeCapability]
[    2.875609] acpi PNP0A08:00: ECAM area [mem
0x401fe00000-0x401fffffff] reserved by PNP0C02:00
[    2.877830] acpi PNP0A08:00: ECAM at [mem 0x401fe00000-0x401fffffff]
for [bus fe-ff]
phys_addr=0x3eff3000
[    2.884036] ------------[ cut here ]------------
[    2.885249] kernel BUG at mm/vmalloc.c:96!
[    2.886322] Internal error: Oops - BUG: 0 [#1] SMP
[    2.887560] Modules linked in:
[    2.888352] CPU: 7 PID: 1 Comm: swapper/0 Not tainted
5.13.0-rc6-guest-64K+ #57
[    2.890216] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0
02/06/2015
[    2.891983] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO BTYPE=--)
[    2.893519] pc : vmap_range+0x1d8/0x208
[    2.894600] lr : vmap_range+0x38/0x208
[    2.895615] sp : fffffe0012c2f7f0
[    2.896517] x29: fffffe0012c2f7f0 x28: fffffffefe800000 x27:
fffffffefe801000
[    2.898437] x26: ffffffff20070000 x25: 00000001407f0000 x24:
0140000000000000
[    2.900357] x23: fffffe001134ffb8 x22: 000000000000003f x21:
0068000000000717
[    2.902284] x20: 000000003eff3000 x19: fffffffefe801000 x18:
0000000000000010
[    2.904236] x17: 0000000000000000 x16: 0000000000000001 x15:
ffffffffffffffff
[    2.906157] x14: 695f70616d65725f x13: 696370202a2a2a2a x12:
fffffe0011c77150
[    2.908084] x11: 0000000000000003 x10: fffffe0011bb7110 x9 :
fffffe0010d33ad4
[    2.909996] x8 : 00000000000bffe8 x7 : c0000000ffff7fff x6 :
0000000000000001
[    2.911323] x5 : 0000000000000000 x4 : 000000003eff0000 x3 :
0000000000001ff7
[    2.912631] x2 : 0040000000000001 x1 : fffffc07f4080038 x0 :
fffffc07ffbecdc0
[    2.913951] Call trace:
[    2.914398]  vmap_range+0x1d8/0x208
[    2.915363]  ioremap_page_range+0x20/0x30
[    2.916453]  pci_remap_iospace+0xcc/0xf0
[    2.917519]  acpi_pci_probe_root_resources+0x244/0x268
[    2.918907]  pci_acpi_root_prepare_resources+0x28/0xc8
[    2.920281]  acpi_pci_root_create+0x9c/0x2f8
[    2.921443]  pci_acpi_scan_root+0x14c/0x230
[    2.922574]  acpi_pci_root_add+0x268/0x5c0
[    2.923710]  acpi_bus_attach+0x15c/0x2c0
[    2.924794]  acpi_bus_attach+0x9c/0x2c0
[    2.925833]  acpi_bus_attach+0x9c/0x2c0
[    2.926881]  acpi_bus_scan+0x64/0x118
[    2.927875]  acpi_scan_init+0x10c/0x25c
[    2.928922]  acpi_init+0x3e8/0x458
[    2.929847]  do_one_initcall+0x54/0x268
[    2.930879]  kernel_init_freeable+0x290/0x344
[    2.932068]  kernel_init+0x1c/0x128
[    2.933017]  ret_from_fork+0x10/0x18
[    2.934005] Code: a90687e2 97f518e5 a94687e2 17ffffe4 (d4210000)
[    2.935673] ---[ end trace 1d687ce361e3e7ca ]---
[    2.936922] Kernel panic - not syncing: Oops - BUG: Fatal exception
[    2.938611] SMP: stopping secondary CPUs
[    2.939760] ---[ end Kernel panic - not syncing: Oops - BUG: Fatal
exception ]---


At EDK2 level I have:

PciBus: Resource Map for Root Bridge PciRoot(0x0)^M
Type =   Io16; Base = 0x0;      Length = 0x3000;        Alignment = 0xFFF^M
   Base = 0x0;  Length = 0x200; Alignment = 0xFFF;      Owner = PPB
[00|02|02:**]^M
   Base = 0x1000;       Length = 0x200; Alignment = 0xFFF;      Owner =
PPB [00|02|01:**]^M
   Base = 0x2000;       Length = 0x200; Alignment = 0xFFF;      Owner =
PPB [00|02|00:**]^M
Type =  Mem32; Base = 0x10000000;       Length = 0x700000;
Alignment = 0x1FFFFF^M
   Base = 0x10000000;   Length = 0x200000;      Alignment = 0x1FFFFF;
Owner = PPB [00|02|02:**]^M
   Base = 0x10200000;   Length = 0x200000;      Alignment = 0x1FFFFF;
Owner = PPB [00|02|01:**]^M
   Base = 0x10400000;   Length = 0x200000;      Alignment = 0x1FFFFF;
Owner = PPB [00|02|00:**]^M
   Base = 0x10600000;   Length = 0x1000;        Alignment = 0xFFF;
Owner = PPB [00|02|02:10]^M
   Base = 0x10601000;   Length = 0x1000;        Alignment = 0xFFF;
Owner = PPB [00|02|01:10]^M
   Base = 0x10602000;   Length = 0x1000;        Alignment = 0xFFF;
Owner = PPB [00|02|00:10]^M
Type =  Mem64; Base = 0x8000000000;     Length = 0x200000;
Alignment = 0xFFFFF^M
   Base = 0x8000000000; Length = 0x100000;      Alignment = 0xFFFFF;
Owner = PPB [00|02|01:**]; Type = PMem64^M
   Base = 0x8000100000; Length = 0x100000;      Alignment = 0xFFFFF;
Owner = PPB [00|02|02:**]; Type = PMem64^M


PciBus: Resource Map for Root Bridge PciRoot(0x4)^M
Type =   Io16; Base = 0x3000;   Length = 0x1000;        Alignment = 0xFFF^M
   Base = 0x3000;       Length = 0x200; Alignment = 0xFFF;      Owner =
PPB [04|00|00:**]^M
Type =  Mem32; Base = 0x10800000;       Length = 0x300000;
Alignment = 0x1FFFFF^M
   Base = 0x10800000;   Length = 0x200000;      Alignment = 0x1FFFFF;
Owner = PPB [04|00|00:**]^M
   Base = 0x10A00000;   Length = 0x1000;        Alignment = 0xFFF;
Owner = PPB [04|00|00:10]^M
^M
PciBus: Resource Map for Bridge [04|00|00]^M
Type =   Io16; Base = 0x3000;   Length = 0x200; Alignment = 0xFFF^M
   Base = Padding;      Length = 0x200; Alignment = 0x1FF^M
Type =  Mem32; Base = 0x10800000;       Length = 0x200000;
Alignment = 0x1FFFFF^M
   Base = Padding;      Length = 0x200000;      Alignment = 0x1FFFFF^M
Type =  Mem32; Base = 0x10A00000;       Length = 0x1000;
Alignment = 0xFFF^M



             reply	other threads:[~2021-06-21 16:23 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-21 16:22 Eric Auger [this message]
2021-06-22  8:20 ` QEMU PCIe expander bridge with 64kB page guest -> guest BUG_ON() Eric Auger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1811f735-3426-08c0-ee86-b410b632efb5@redhat.com \
    --to=eauger@redhat.com \
    --cc=ardb@kernel.org \
    --cc=cenjiahui@huawei.com \
    --cc=qemu-arm@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    --cc=wangxingang5@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.