From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A02AC433DB for ; Mon, 22 Mar 2021 15:45:22 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 3089D6146D for ; Mon, 22 Mar 2021 15:45:22 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3089D6146D Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=arndb.de Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=lqB9aVAiKMjG4IVB0hM+Zkqua5mIHZ6FP3VLAqhzprg=; b=KoO5Ku92bM/VfaHxJapB/JU2y lJ4rNoKi6VdMZ7eF0MWPn0hqrhIRishaR4d6r5u3+WebbhIx9boJphyH/lPcIb2ysDrSt5OYkO9V+ D9RfXeMH+KA1y5QuTETCNV6T1Mjh4BVA5n8/XS8jjWtCd0qm7QNkBDlHz3yYlDnYPmO9BRks/12Ao 0m87q4Z/5ZrYyGa0OsNt/Ge0ywKzHXfI+ha4eP+ce5V8o1KSTj0dVtLjKICgYrpUux6LCFThPjt/4 2gGChyqIQJIYn5YsY+rnpjM6G4YutNa1SMRknzlqW5HZR0uhOJ59+sjTb0ODJcV/Hs+JMYjyQQFf4 n5DF+venQ==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lOMi9-00BvQj-1e; Mon, 22 Mar 2021 15:43:21 +0000 Received: from mout.kundenserver.de ([212.227.126.133]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lOMi2-00BvPw-Bi for linux-arm-kernel@lists.infradead.org; Mon, 22 Mar 2021 15:43:17 +0000 Received: from mail-ot1-f45.google.com ([209.85.210.45]) by mrelayeu.kundenserver.de (mreue011 [213.165.67.97]) with ESMTPSA (Nemesis) id 1Mow4E-1m1DZf0DhW-00qSJf for ; Mon, 22 Mar 2021 16:43:13 +0100 Received: by mail-ot1-f45.google.com with SMTP id 68-20020a9d0f4a0000b02901b663e6258dso16365881ott.13 for ; Mon, 22 Mar 2021 08:43:12 -0700 (PDT) X-Gm-Message-State: AOAM531Rm3t/Q0XEUju4nmzBZeI6o849sj6zrDwhr3CzIogcBI9w8seZ NA2rC4+HodIVmK0woAHjww8aZCgcpYAo7qpmaxU= X-Google-Smtp-Source: ABdhPJwWNPEJuaMEZd8pIQV9l7n7UkrBbBEBeXH7l5ey8sIMjBmiFNOwitwEz/Yn8XRlHflfgzUwdqIgvpVDd75yQvY= X-Received: by 2002:a9d:316:: with SMTP id 22mr470096otv.210.1616427791533; Mon, 22 Mar 2021 08:43:11 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Arnd Bergmann Date: Mon, 22 Mar 2021 16:42:55 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: arm64 syzbot instances To: Peter Maydell Cc: Dmitry Vyukov , Mark Rutland , Marc Zyngier , Will Deacon , Ard Biesheuvel , Linux ARM , syzkaller , LKML , John Garry , =?UTF-8?B?QWxleCBCZW5uw6ll?= X-Provags-ID: V03:K1:S+byzrG5IxOuNpdLBSepzT4XuRi/GW02gjOLMlJAG9xTUAAe5FX OCo9Bs3K4Tq/w8Tsfw1DH3z/uT710BkWZtyCNBaVhVzPtERHUYqxrVy8Fp3wRzMlG8QS9ut Ir6b5pf0ogsCkI6l9reR8NhBDxJyHl9m3KDWp6SCJXzXJiOD49D5tkK36qFQVbRysy3LQcD I/wBSCHxbu/IF5WXZTWTg== X-UI-Out-Filterresults: notjunk:1;V03:K0:O+ztmXxbOq0=:Mf/zawW9Wkv6O3Zg9Jm9O+ YVkAtFMzAI6Axb7NHqhF99MpoDZP+011vSauZPxhOQz0XG4CM7SrCbXTb/z8trA/k6q8HJrDs JDyQE+pcZAY/wkE2KzszHOR0m9ONSsagzn/2ZVnH9UbEpeSBR/bNdL+ivdAGTUL6O4bMMH3YY G6V7bELQBGavf9WmE6xgo+GtpW3Me9KqSA8q9O0L8ApXM3EZ876OFzyjfwZFwS/ITJ685pXU5 CPGDrrLTZQ3t5WUX+hRl48CLiXOrFTMK1wXEhDduytfkodOJFeUXXQZ3JUMfDQrvQRXc+zJmY /mYS1OVU99ZAjMIZidBx83G3bq7EywjqoEcEKZUSI5Eo2nOZls0aQV2jC2Z/0ZEzenOmHBfKm E5IBUBPg6x7dF7C3svvxmTN5y/cP75nmIM/Tl1SVVtPVhavIQ0+M5/3E091fL X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210322_154314_611487_8D9AA906 X-CRM114-Status: GOOD ( 45.73 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Mon, Mar 22, 2021 at 2:53 PM Peter Maydell wrote: > On Sun, 21 Mar 2021 at 19:00, Arnd Bergmann wrote: > > On Sat, Mar 20, 2021 at 9:43 PM Peter Maydell wrote: > > > On Fri, 12 Mar 2021 at 09:16, Arnd Bergmann wrote: > > > > So it's probably qemu that triggers the 'synchronous external > > > > abort' when accessing the PCI I/O space, which in turn hints > > > > towards a bug in qemu. Presumably it only returns data from > > > > I/O ports that are actually mapped to a device when real hardware > > > > is supposed to return 0xffffffff when reading from unused I/O ports. > > > > > > Do you have a reference to the bit of the PCI spec that mandates > > > this -1/discard behaviour for attempted access to places where > > > there isn't actually a PCI device mapped ? The spec is pretty > > > long and hard to read... > > > > > > (Knowing to what extent this behaviour is mandatory for all > > > PCI systems/host controllers vs just "it would be nice if the > > > gpex host controller worked this way" would help in figuring > > > out where in QEMU to change.) > > > > I spent some more time looking at both really old PCI specifications, > > and new ones. > > The old PCI specs seem to just leave this bit as out of scope because > > it does not concern transactions on the bus. The PCI host controller > > can either report a 'master abort' to the CPU, or ignore it, and each > > bridge can decide to turn master aborts on reads into all 1s. > > We do have support some SoCs in Linux that trigger a CPU exception, > > but we tend to deal with those with an ugly hack that just ignores > > all exceptions from the CPU. Most host bridges fortunately behave > > like an x86 PC though, and do not trigger an exception here. > > There's apparently a bit in the PCI spec that reads: > The host bus bridge, in PC compatible systems, must return all > 1's on a read transaction and discard data on a write transaction > when terminated with Master-Abort. > > which obviously applies only to "PC compatible systems". Right. As far as I can tell, all ARMv8 and most ARMv7 based SoCs do this to be more compatible with PC style operating systems like Linux, but you are right that the specification here does not mandate that, and the older ARMv5 SoCs seem to be compliant as well based on this. > > Linux has a driver for DPC, which apparently configures it to > > cause an interrupt to log the event, but it does not hook up the > > CPU exception handler to this. I don't see an implementation of DPC > > in qemu, which I take as an indication that it should use the > > default behavior and cause neither an interrupt nor a CPU exception. > > Hmm, maybe. We should probably also implement -1/discard just because > we're not intending to have 'surprising' behaviour. > > TBH I'm having difficulty seeing why the kernel should be doing > this at all, though. The device tree tells you you have a PCI > controller; PCI supports enumeration of devices; you know exactly > where everything is mapped because the BARs tell you that. > I don't see anything that justifies the kernel in randomly > dereferencing areas of the IO or memory windows where it hasn't > mapped anything. You shouldn't be probing for legacy ISA-port > devices unless you're on a system which might actually have them > (eg an x86 PC). It only happened in this case because there is also a bug in the 8250 serial port driver that is configured to assume four ports exist at port zero. On real arm64 hardware, this is apparently harmless because the driver has coped with this for 30 years ;-) There are a few other drivers that assume hardware is accessible at the legacy addresses, and applications can also still open /dev/ioport (if that is enabled at compile time) for the same purpose. Examples could be PC-style mouse/keyboard (emulated by a server BMC), PATA/SATA controllers in pre-AHCI mode, VGA console, and a couple of industrial I/O drivers that have ISA devices behind a PCI bridge. Most other actual ISA add-on card drivers can only be enabled on kernels that support machines with real slots, so you could get them on an i386 kernel running a virtualized x86_64 machine, but not on ARMv6 or later kernels, and you can't run pre-ARMv7 kernels on ARMv8 hardware. Arnd _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel