[Bug 1918917] Re: synchronous about on accessing unused I/O ports on aarch64
** Tags added: arm -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1918917 Title: synchronous about on accessing unused I/O ports on aarch64 Status in QEMU: New Bug description: version: QEMU emulator version 5.2.0 (Debian 1:5.2+dfsg-6) command line: qemu-system-aarch64 \ -machine virt,virtualization=on,graphics=on,usb=on -cpu cortex-a57 -smp 2 -m 2G \ -device virtio-blk-device,drive=hd0 \ -drive if=none,format=raw,id=hd0,file=buildroot \ -kernel arch/arm64/boot/Image \ -nographic \ -device virtio-rng-pci \ -net user,host=10.0.2.10,hostfwd=tcp::10022-:22 -net nic,model=virtio-net-pci \ -append "root=/dev/vda earlyprintk=serial console=ttyAMA0 earlycon" I am observing "synchronous external abort" when kernel tries to access unused I/O ports (see below), while hardware/qemu should return 0x in this case. This is factored out of this LKML thread where Arnd describes it in more details: https://lore.kernel.org/lkml/CAK8P3a0HVu+x0T6+K3d0v1bvU-Pes0F0CSjqm5x=bxfgv5y...@mail.gmail.com/ Internal error: synchronous external abort: 9650 [#1] PREEMPT SMP Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 11231 Comm: syz-executor.1 Not tainted 5.12.0-rc2-syzkaller-00302-g28806e4d9b97 #0 Hardware name: linux,dummy-virt (DT) pstate: 8085 (Nzcv daIf -PAN -UAO -TCO BTYPE=--) pc : __raw_writeb arch/arm64/include/asm/io.h:27 [inline] pc : _outb include/asm-generic/io.h:501 [inline] pc : logic_outb+0x3c/0x114 lib/logic_pio.c:302 lr : io_serial_out+0x80/0xc0 drivers/tty/serial/8250/8250_port.c:453 sp : 15f0f980 x29: 15f0f980 x28: 80001de0005d x27: 80001601df00 x26: 15f0fc90 x25: 80001de0 x24: 80001de0 x23: 0e27f600 x22: x21: 0002 x20: 0002 x19: fbfffe81 x18: 6a678b48 x17: x16: x15: 8000197be810 x14: 1fffe2be1f0e x13: 1fffe2be1e90 x12: 62be1f39 x11: 1fffe2be1f38 x10: 62be1f38 x9 : dfff8000 x8 : 0003 x7 : 0001 x6 : 0004 x5 : 15f0f9c0 x4 : dfff8000 x3 : 0001 x2 : 13494e6b x1 : fbfffe80 x0 : 00ffbffe Call trace: _outb include/asm-generic/io.h:501 [inline] logic_outb+0x3c/0x114 lib/logic_pio.c:302 io_serial_out+0x80/0xc0 drivers/tty/serial/8250/8250_port.c:453 serial_out drivers/tty/serial/8250/8250.h:118 [inline] serial8250_set_THRI drivers/tty/serial/8250/8250.h:138 [inline] __start_tx drivers/tty/serial/8250/8250_port.c:1566 [inline] serial8250_start_tx+0x338/0x6c0 drivers/tty/serial/8250/8250_port.c:1666 __uart_start.isra.0+0x10c/0x154 drivers/tty/serial/serial_core.c:127 uart_start+0xe0/0x210 drivers/tty/serial/serial_core.c:137 uart_flush_chars+0x10/0x20 drivers/tty/serial/serial_core.c:573 __receive_buf drivers/tty/n_tty.c:1646 [inline] n_tty_receive_buf_common+0x588/0x22c0 drivers/tty/n_tty.c:1739 n_tty_receive_buf+0x14/0x20 drivers/tty/n_tty.c:1768 tiocsti drivers/tty/tty_io.c:2317 [inline] tty_ioctl+0xed0/0x1aec drivers/tty/tty_io.c:2718 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __arm64_sys_ioctl+0x120/0x18c fs/ioctl.c:739 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall arch/arm64/kernel/syscall.c:49 [inline] el0_svc_common.constprop.0+0xf0/0x2c0 arch/arm64/kernel/syscall.c:129 do_el0_svc+0xa4/0xd0 arch/arm64/kernel/syscall.c:168 el0_svc+0x24/0x34 arch/arm64/kernel/entry-common.c:416 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432 el0_sync+0x170/0x180 arch/arm64/kernel/entry.S:699 Code: d2bfd001 f2df7fe1 f2e1 8b010273 (39000274) ---[ end trace 79cb47219936c254 ]--- To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1918917/+subscriptions
[Bug 1918917] Re: synchronous about on accessing unused I/O ports on aarch64
The image is (gunzip it after download):
https://storage.googleapis.com/syzkaller/images/buildroot-arm64-2020.11.gz
Kernel:
https://storage.googleapis.com/syzkaller/temp/arm64-Image
qemu command line:
qemu-system-aarch64 \
-machine virt,virtualization=on,graphics=on,usb=on -cpu cortex-a57 -smp
2 -m 2G \
-device virtio-blk-device,drive=hd0 \
-drive if=none,format=raw,id=hd0,file=buildroot-arm64-2020.11 \
-kernel arm64-Image \
-nographic \
-device virtio-rng-pci \
-net user,host=10.0.2.10,hostfwd=tcp::10022-:22 -net
nic,model=virtio-net-pci \
-append "root=/dev/vda earlyprintk=serial console=ttyAMA0 earlycon"
Reproducer:
#include
#include
#include
#include
#include
int main(void)
{
int fd = syscall(__NR_openat, 0xff9cul, "/dev/ttyS3", 0ul, 0ul);
char ch = 0;
syscall(__NR_ioctl, fd, 0x5412, ); // TIOCSTI
return 0;
}
Build with:
arch64-linux-gnu-gcc prog.c -static
scp to the VM and run. The image has password-less root ssh.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1918917
Title:
synchronous about on accessing unused I/O ports on aarch64
Status in QEMU:
New
Bug description:
version: QEMU emulator version 5.2.0 (Debian 1:5.2+dfsg-6)
command line: qemu-system-aarch64 \
-machine virt,virtualization=on,graphics=on,usb=on -cpu cortex-a57 -smp
2 -m 2G \
-device virtio-blk-device,drive=hd0 \
-drive if=none,format=raw,id=hd0,file=buildroot \
-kernel arch/arm64/boot/Image \
-nographic \
-device virtio-rng-pci \
-net user,host=10.0.2.10,hostfwd=tcp::10022-:22 -net
nic,model=virtio-net-pci \
-append "root=/dev/vda earlyprintk=serial console=ttyAMA0 earlycon"
I am observing "synchronous external abort" when kernel tries to
access unused I/O ports (see below), while hardware/qemu should return
0x in this case.
This is factored out of this LKML thread where Arnd describes it in more
details:
https://lore.kernel.org/lkml/CAK8P3a0HVu+x0T6+K3d0v1bvU-Pes0F0CSjqm5x=bxfgv5y...@mail.gmail.com/
Internal error: synchronous external abort: 9650 [#1] PREEMPT SMP
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 11231 Comm: syz-executor.1 Not tainted
5.12.0-rc2-syzkaller-00302-g28806e4d9b97 #0
Hardware name: linux,dummy-virt (DT)
pstate: 8085 (Nzcv daIf -PAN -UAO -TCO BTYPE=--)
pc : __raw_writeb arch/arm64/include/asm/io.h:27 [inline]
pc : _outb include/asm-generic/io.h:501 [inline]
pc : logic_outb+0x3c/0x114 lib/logic_pio.c:302
lr : io_serial_out+0x80/0xc0 drivers/tty/serial/8250/8250_port.c:453
sp : 15f0f980
x29: 15f0f980 x28: 80001de0005d
x27: 80001601df00 x26: 15f0fc90
x25: 80001de0 x24: 80001de0
x23: 0e27f600 x22:
x21: 0002 x20: 0002
x19: fbfffe81 x18: 6a678b48
x17: x16:
x15: 8000197be810 x14: 1fffe2be1f0e
x13: 1fffe2be1e90 x12: 62be1f39
x11: 1fffe2be1f38 x10: 62be1f38
x9 : dfff8000 x8 : 0003
x7 : 0001 x6 : 0004
x5 : 15f0f9c0 x4 : dfff8000
x3 : 0001 x2 : 13494e6b
x1 : fbfffe80 x0 : 00ffbffe
Call trace:
_outb include/asm-generic/io.h:501 [inline]
logic_outb+0x3c/0x114 lib/logic_pio.c:302
io_serial_out+0x80/0xc0 drivers/tty/serial/8250/8250_port.c:453
serial_out drivers/tty/serial/8250/8250.h:118 [inline]
serial8250_set_THRI drivers/tty/serial/8250/8250.h:138 [inline]
__start_tx drivers/tty/serial/8250/8250_port.c:1566 [inline]
serial8250_start_tx+0x338/0x6c0 drivers/tty/serial/8250/8250_port.c:1666
__uart_start.isra.0+0x10c/0x154 drivers/tty/serial/serial_core.c:127
uart_start+0xe0/0x210 drivers/tty/serial/serial_core.c:137
uart_flush_chars+0x10/0x20 drivers/tty/serial/serial_core.c:573
__receive_buf drivers/tty/n_tty.c:1646 [inline]
n_tty_receive_buf_common+0x588/0x22c0 drivers/tty/n_tty.c:1739
n_tty_receive_buf+0x14/0x20 drivers/tty/n_tty.c:1768
tiocsti drivers/tty/tty_io.c:2317 [inline]
tty_ioctl+0xed0/0x1aec drivers/tty/tty_io.c:2718
vfs_ioctl fs/ioctl.c:48 [inline]
__do_sys_ioctl fs/ioctl.c:753 [inline]
__se_sys_ioctl fs/ioctl.c:739 [inline]
__arm64_sys_ioctl+0x120/0x18c fs/ioctl.c:739
__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
el0_svc_common.constprop.0+0xf0/0x2c0 arch/arm64/kernel/syscall.c:129
do_el0_svc+0xa4/0xd0 arch/arm64/kernel/syscall.c:168
el0_svc+0x24/0x34 arch/arm64/kernel/entry-common.c:416
el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432
el0_sync+0x170/0x180
[Bug 1918917] Re: synchronous about on accessing unused I/O ports on aarch64
Uploaded the binary reproducer as: https://storage.googleapis.com/syzkaller/temp/arm64-tty-crash -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1918917 Title: synchronous about on accessing unused I/O ports on aarch64 Status in QEMU: New Bug description: version: QEMU emulator version 5.2.0 (Debian 1:5.2+dfsg-6) command line: qemu-system-aarch64 \ -machine virt,virtualization=on,graphics=on,usb=on -cpu cortex-a57 -smp 2 -m 2G \ -device virtio-blk-device,drive=hd0 \ -drive if=none,format=raw,id=hd0,file=buildroot \ -kernel arch/arm64/boot/Image \ -nographic \ -device virtio-rng-pci \ -net user,host=10.0.2.10,hostfwd=tcp::10022-:22 -net nic,model=virtio-net-pci \ -append "root=/dev/vda earlyprintk=serial console=ttyAMA0 earlycon" I am observing "synchronous external abort" when kernel tries to access unused I/O ports (see below), while hardware/qemu should return 0x in this case. This is factored out of this LKML thread where Arnd describes it in more details: https://lore.kernel.org/lkml/CAK8P3a0HVu+x0T6+K3d0v1bvU-Pes0F0CSjqm5x=bxfgv5y...@mail.gmail.com/ Internal error: synchronous external abort: 9650 [#1] PREEMPT SMP Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 11231 Comm: syz-executor.1 Not tainted 5.12.0-rc2-syzkaller-00302-g28806e4d9b97 #0 Hardware name: linux,dummy-virt (DT) pstate: 8085 (Nzcv daIf -PAN -UAO -TCO BTYPE=--) pc : __raw_writeb arch/arm64/include/asm/io.h:27 [inline] pc : _outb include/asm-generic/io.h:501 [inline] pc : logic_outb+0x3c/0x114 lib/logic_pio.c:302 lr : io_serial_out+0x80/0xc0 drivers/tty/serial/8250/8250_port.c:453 sp : 15f0f980 x29: 15f0f980 x28: 80001de0005d x27: 80001601df00 x26: 15f0fc90 x25: 80001de0 x24: 80001de0 x23: 0e27f600 x22: x21: 0002 x20: 0002 x19: fbfffe81 x18: 6a678b48 x17: x16: x15: 8000197be810 x14: 1fffe2be1f0e x13: 1fffe2be1e90 x12: 62be1f39 x11: 1fffe2be1f38 x10: 62be1f38 x9 : dfff8000 x8 : 0003 x7 : 0001 x6 : 0004 x5 : 15f0f9c0 x4 : dfff8000 x3 : 0001 x2 : 13494e6b x1 : fbfffe80 x0 : 00ffbffe Call trace: _outb include/asm-generic/io.h:501 [inline] logic_outb+0x3c/0x114 lib/logic_pio.c:302 io_serial_out+0x80/0xc0 drivers/tty/serial/8250/8250_port.c:453 serial_out drivers/tty/serial/8250/8250.h:118 [inline] serial8250_set_THRI drivers/tty/serial/8250/8250.h:138 [inline] __start_tx drivers/tty/serial/8250/8250_port.c:1566 [inline] serial8250_start_tx+0x338/0x6c0 drivers/tty/serial/8250/8250_port.c:1666 __uart_start.isra.0+0x10c/0x154 drivers/tty/serial/serial_core.c:127 uart_start+0xe0/0x210 drivers/tty/serial/serial_core.c:137 uart_flush_chars+0x10/0x20 drivers/tty/serial/serial_core.c:573 __receive_buf drivers/tty/n_tty.c:1646 [inline] n_tty_receive_buf_common+0x588/0x22c0 drivers/tty/n_tty.c:1739 n_tty_receive_buf+0x14/0x20 drivers/tty/n_tty.c:1768 tiocsti drivers/tty/tty_io.c:2317 [inline] tty_ioctl+0xed0/0x1aec drivers/tty/tty_io.c:2718 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __arm64_sys_ioctl+0x120/0x18c fs/ioctl.c:739 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall arch/arm64/kernel/syscall.c:49 [inline] el0_svc_common.constprop.0+0xf0/0x2c0 arch/arm64/kernel/syscall.c:129 do_el0_svc+0xa4/0xd0 arch/arm64/kernel/syscall.c:168 el0_svc+0x24/0x34 arch/arm64/kernel/entry-common.c:416 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432 el0_sync+0x170/0x180 arch/arm64/kernel/entry.S:699 Code: d2bfd001 f2df7fe1 f2e1 8b010273 (39000274) ---[ end trace 79cb47219936c254 ]--- To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1918917/+subscriptions
[Bug 1918917] Re: synchronous about on accessing unused I/O ports on aarch64
Is there a test case (all necessary images/files/QEMU command line) I can repro this with ? -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1918917 Title: synchronous about on accessing unused I/O ports on aarch64 Status in QEMU: New Bug description: version: QEMU emulator version 5.2.0 (Debian 1:5.2+dfsg-6) command line: qemu-system-aarch64 \ -machine virt,virtualization=on,graphics=on,usb=on -cpu cortex-a57 -smp 2 -m 2G \ -device virtio-blk-device,drive=hd0 \ -drive if=none,format=raw,id=hd0,file=buildroot \ -kernel arch/arm64/boot/Image \ -nographic \ -device virtio-rng-pci \ -net user,host=10.0.2.10,hostfwd=tcp::10022-:22 -net nic,model=virtio-net-pci \ -append "root=/dev/vda earlyprintk=serial console=ttyAMA0 earlycon" I am observing "synchronous external abort" when kernel tries to access unused I/O ports (see below), while hardware/qemu should return 0x in this case. This is factored out of this LKML thread where Arnd describes it in more details: https://lore.kernel.org/lkml/CAK8P3a0HVu+x0T6+K3d0v1bvU-Pes0F0CSjqm5x=bxfgv5y...@mail.gmail.com/ Internal error: synchronous external abort: 9650 [#1] PREEMPT SMP Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 11231 Comm: syz-executor.1 Not tainted 5.12.0-rc2-syzkaller-00302-g28806e4d9b97 #0 Hardware name: linux,dummy-virt (DT) pstate: 8085 (Nzcv daIf -PAN -UAO -TCO BTYPE=--) pc : __raw_writeb arch/arm64/include/asm/io.h:27 [inline] pc : _outb include/asm-generic/io.h:501 [inline] pc : logic_outb+0x3c/0x114 lib/logic_pio.c:302 lr : io_serial_out+0x80/0xc0 drivers/tty/serial/8250/8250_port.c:453 sp : 15f0f980 x29: 15f0f980 x28: 80001de0005d x27: 80001601df00 x26: 15f0fc90 x25: 80001de0 x24: 80001de0 x23: 0e27f600 x22: x21: 0002 x20: 0002 x19: fbfffe81 x18: 6a678b48 x17: x16: x15: 8000197be810 x14: 1fffe2be1f0e x13: 1fffe2be1e90 x12: 62be1f39 x11: 1fffe2be1f38 x10: 62be1f38 x9 : dfff8000 x8 : 0003 x7 : 0001 x6 : 0004 x5 : 15f0f9c0 x4 : dfff8000 x3 : 0001 x2 : 13494e6b x1 : fbfffe80 x0 : 00ffbffe Call trace: _outb include/asm-generic/io.h:501 [inline] logic_outb+0x3c/0x114 lib/logic_pio.c:302 io_serial_out+0x80/0xc0 drivers/tty/serial/8250/8250_port.c:453 serial_out drivers/tty/serial/8250/8250.h:118 [inline] serial8250_set_THRI drivers/tty/serial/8250/8250.h:138 [inline] __start_tx drivers/tty/serial/8250/8250_port.c:1566 [inline] serial8250_start_tx+0x338/0x6c0 drivers/tty/serial/8250/8250_port.c:1666 __uart_start.isra.0+0x10c/0x154 drivers/tty/serial/serial_core.c:127 uart_start+0xe0/0x210 drivers/tty/serial/serial_core.c:137 uart_flush_chars+0x10/0x20 drivers/tty/serial/serial_core.c:573 __receive_buf drivers/tty/n_tty.c:1646 [inline] n_tty_receive_buf_common+0x588/0x22c0 drivers/tty/n_tty.c:1739 n_tty_receive_buf+0x14/0x20 drivers/tty/n_tty.c:1768 tiocsti drivers/tty/tty_io.c:2317 [inline] tty_ioctl+0xed0/0x1aec drivers/tty/tty_io.c:2718 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __arm64_sys_ioctl+0x120/0x18c fs/ioctl.c:739 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall arch/arm64/kernel/syscall.c:49 [inline] el0_svc_common.constprop.0+0xf0/0x2c0 arch/arm64/kernel/syscall.c:129 do_el0_svc+0xa4/0xd0 arch/arm64/kernel/syscall.c:168 el0_svc+0x24/0x34 arch/arm64/kernel/entry-common.c:416 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432 el0_sync+0x170/0x180 arch/arm64/kernel/entry.S:699 Code: d2bfd001 f2df7fe1 f2e1 8b010273 (39000274) ---[ end trace 79cb47219936c254 ]--- To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1918917/+subscriptions
[Bug 1918917] Re: synchronous about on accessing unused I/O ports on aarch64
That seems correct, and could probably be improved. In this case, I know that _outb() only writes within the PCI PIO virtual address between fbfffe80 and fb80, which according to the boot log (https://gist.githubusercontent.com/dvyukov/084890d9b4aa7cd54f468e652a9b5881/raw/54c12248ff6a4885ba6c530d56b3adad59bc6187/gistfile1.txt) was mapped to qemu's PCI IO space, using DEVICE_nGnRnE attributes (PIO space unlike any other MMIO in the kernel uses 'nE'): [3.973419][T1] pci-host-generic 401000.pcie: host bridge /pcie@1000 ranges: [3.974309][T1] pci-host-generic 401000.pcie: IO 0x003eff..0x003eff -> 0x00 [3.975021][T1] pci-host-generic 401000.pcie: MEM 0x001000..0x003efe -> 0x001000 So physical address 0x003eff corresponds to virtual address fbfffe80, which corresponds to logical PIO port number 0. The serial port in the kernel was probed at port number 0, so the driver attempts to write to the 8250 compatible UART_IER at address fbfffe81, which is in register x19. -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1918917 Title: synchronous about on accessing unused I/O ports on aarch64 Status in QEMU: New Bug description: version: QEMU emulator version 5.2.0 (Debian 1:5.2+dfsg-6) command line: qemu-system-aarch64 \ -machine virt,virtualization=on,graphics=on,usb=on -cpu cortex-a57 -smp 2 -m 2G \ -device virtio-blk-device,drive=hd0 \ -drive if=none,format=raw,id=hd0,file=buildroot \ -kernel arch/arm64/boot/Image \ -nographic \ -device virtio-rng-pci \ -net user,host=10.0.2.10,hostfwd=tcp::10022-:22 -net nic,model=virtio-net-pci \ -append "root=/dev/vda earlyprintk=serial console=ttyAMA0 earlycon" I am observing "synchronous external abort" when kernel tries to access unused I/O ports (see below), while hardware/qemu should return 0x in this case. This is factored out of this LKML thread where Arnd describes it in more details: https://lore.kernel.org/lkml/CAK8P3a0HVu+x0T6+K3d0v1bvU-Pes0F0CSjqm5x=bxfgv5y...@mail.gmail.com/ Internal error: synchronous external abort: 9650 [#1] PREEMPT SMP Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 11231 Comm: syz-executor.1 Not tainted 5.12.0-rc2-syzkaller-00302-g28806e4d9b97 #0 Hardware name: linux,dummy-virt (DT) pstate: 8085 (Nzcv daIf -PAN -UAO -TCO BTYPE=--) pc : __raw_writeb arch/arm64/include/asm/io.h:27 [inline] pc : _outb include/asm-generic/io.h:501 [inline] pc : logic_outb+0x3c/0x114 lib/logic_pio.c:302 lr : io_serial_out+0x80/0xc0 drivers/tty/serial/8250/8250_port.c:453 sp : 15f0f980 x29: 15f0f980 x28: 80001de0005d x27: 80001601df00 x26: 15f0fc90 x25: 80001de0 x24: 80001de0 x23: 0e27f600 x22: x21: 0002 x20: 0002 x19: fbfffe81 x18: 6a678b48 x17: x16: x15: 8000197be810 x14: 1fffe2be1f0e x13: 1fffe2be1e90 x12: 62be1f39 x11: 1fffe2be1f38 x10: 62be1f38 x9 : dfff8000 x8 : 0003 x7 : 0001 x6 : 0004 x5 : 15f0f9c0 x4 : dfff8000 x3 : 0001 x2 : 13494e6b x1 : fbfffe80 x0 : 00ffbffe Call trace: _outb include/asm-generic/io.h:501 [inline] logic_outb+0x3c/0x114 lib/logic_pio.c:302 io_serial_out+0x80/0xc0 drivers/tty/serial/8250/8250_port.c:453 serial_out drivers/tty/serial/8250/8250.h:118 [inline] serial8250_set_THRI drivers/tty/serial/8250/8250.h:138 [inline] __start_tx drivers/tty/serial/8250/8250_port.c:1566 [inline] serial8250_start_tx+0x338/0x6c0 drivers/tty/serial/8250/8250_port.c:1666 __uart_start.isra.0+0x10c/0x154 drivers/tty/serial/serial_core.c:127 uart_start+0xe0/0x210 drivers/tty/serial/serial_core.c:137 uart_flush_chars+0x10/0x20 drivers/tty/serial/serial_core.c:573 __receive_buf drivers/tty/n_tty.c:1646 [inline] n_tty_receive_buf_common+0x588/0x22c0 drivers/tty/n_tty.c:1739 n_tty_receive_buf+0x14/0x20 drivers/tty/n_tty.c:1768 tiocsti drivers/tty/tty_io.c:2317 [inline] tty_ioctl+0xed0/0x1aec drivers/tty/tty_io.c:2718 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __arm64_sys_ioctl+0x120/0x18c fs/ioctl.c:739 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall arch/arm64/kernel/syscall.c:49 [inline] el0_svc_common.constprop.0+0xf0/0x2c0 arch/arm64/kernel/syscall.c:129 do_el0_svc+0xa4/0xd0 arch/arm64/kernel/syscall.c:168 el0_svc+0x24/0x34 arch/arm64/kernel/entry-common.c:416 el0_sync_handler+0x1a4/0x1b0
[Bug 1918917] Re: synchronous about on accessing unused I/O ports on aarch64
Am I missing it, or does the kernel's logging for data aborts not print the FAR_EL1 value ? -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1918917 Title: synchronous about on accessing unused I/O ports on aarch64 Status in QEMU: New Bug description: version: QEMU emulator version 5.2.0 (Debian 1:5.2+dfsg-6) command line: qemu-system-aarch64 \ -machine virt,virtualization=on,graphics=on,usb=on -cpu cortex-a57 -smp 2 -m 2G \ -device virtio-blk-device,drive=hd0 \ -drive if=none,format=raw,id=hd0,file=buildroot \ -kernel arch/arm64/boot/Image \ -nographic \ -device virtio-rng-pci \ -net user,host=10.0.2.10,hostfwd=tcp::10022-:22 -net nic,model=virtio-net-pci \ -append "root=/dev/vda earlyprintk=serial console=ttyAMA0 earlycon" I am observing "synchronous external abort" when kernel tries to access unused I/O ports (see below), while hardware/qemu should return 0x in this case. This is factored out of this LKML thread where Arnd describes it in more details: https://lore.kernel.org/lkml/CAK8P3a0HVu+x0T6+K3d0v1bvU-Pes0F0CSjqm5x=bxfgv5y...@mail.gmail.com/ Internal error: synchronous external abort: 9650 [#1] PREEMPT SMP Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 11231 Comm: syz-executor.1 Not tainted 5.12.0-rc2-syzkaller-00302-g28806e4d9b97 #0 Hardware name: linux,dummy-virt (DT) pstate: 8085 (Nzcv daIf -PAN -UAO -TCO BTYPE=--) pc : __raw_writeb arch/arm64/include/asm/io.h:27 [inline] pc : _outb include/asm-generic/io.h:501 [inline] pc : logic_outb+0x3c/0x114 lib/logic_pio.c:302 lr : io_serial_out+0x80/0xc0 drivers/tty/serial/8250/8250_port.c:453 sp : 15f0f980 x29: 15f0f980 x28: 80001de0005d x27: 80001601df00 x26: 15f0fc90 x25: 80001de0 x24: 80001de0 x23: 0e27f600 x22: x21: 0002 x20: 0002 x19: fbfffe81 x18: 6a678b48 x17: x16: x15: 8000197be810 x14: 1fffe2be1f0e x13: 1fffe2be1e90 x12: 62be1f39 x11: 1fffe2be1f38 x10: 62be1f38 x9 : dfff8000 x8 : 0003 x7 : 0001 x6 : 0004 x5 : 15f0f9c0 x4 : dfff8000 x3 : 0001 x2 : 13494e6b x1 : fbfffe80 x0 : 00ffbffe Call trace: _outb include/asm-generic/io.h:501 [inline] logic_outb+0x3c/0x114 lib/logic_pio.c:302 io_serial_out+0x80/0xc0 drivers/tty/serial/8250/8250_port.c:453 serial_out drivers/tty/serial/8250/8250.h:118 [inline] serial8250_set_THRI drivers/tty/serial/8250/8250.h:138 [inline] __start_tx drivers/tty/serial/8250/8250_port.c:1566 [inline] serial8250_start_tx+0x338/0x6c0 drivers/tty/serial/8250/8250_port.c:1666 __uart_start.isra.0+0x10c/0x154 drivers/tty/serial/serial_core.c:127 uart_start+0xe0/0x210 drivers/tty/serial/serial_core.c:137 uart_flush_chars+0x10/0x20 drivers/tty/serial/serial_core.c:573 __receive_buf drivers/tty/n_tty.c:1646 [inline] n_tty_receive_buf_common+0x588/0x22c0 drivers/tty/n_tty.c:1739 n_tty_receive_buf+0x14/0x20 drivers/tty/n_tty.c:1768 tiocsti drivers/tty/tty_io.c:2317 [inline] tty_ioctl+0xed0/0x1aec drivers/tty/tty_io.c:2718 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __arm64_sys_ioctl+0x120/0x18c fs/ioctl.c:739 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall arch/arm64/kernel/syscall.c:49 [inline] el0_svc_common.constprop.0+0xf0/0x2c0 arch/arm64/kernel/syscall.c:129 do_el0_svc+0xa4/0xd0 arch/arm64/kernel/syscall.c:168 el0_svc+0x24/0x34 arch/arm64/kernel/entry-common.c:416 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432 el0_sync+0x170/0x180 arch/arm64/kernel/entry.S:699 Code: d2bfd001 f2df7fe1 f2e1 8b010273 (39000274) ---[ end trace 79cb47219936c254 ]--- To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1918917/+subscriptions
[Bug 1918917] Re: synchronous about on accessing unused I/O ports on aarch64
My best guess is that the PCI I/O port handling in qemu only returns data for ports that are connected to an actual device. In this case, the kernel attempts to access a 8250 serial port at an address where none exists. While this is also a bug in the kernel, a real PCI implementation would not cause an external abort but simply return 'all-ones' (0xff, 0x, 0x) for a read request and ignore writes. This is something that the kernel relies on for probing unknown ISA style devices. -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1918917 Title: synchronous about on accessing unused I/O ports on aarch64 Status in QEMU: New Bug description: version: QEMU emulator version 5.2.0 (Debian 1:5.2+dfsg-6) command line: qemu-system-aarch64 \ -machine virt,virtualization=on,graphics=on,usb=on -cpu cortex-a57 -smp 2 -m 2G \ -device virtio-blk-device,drive=hd0 \ -drive if=none,format=raw,id=hd0,file=buildroot \ -kernel arch/arm64/boot/Image \ -nographic \ -device virtio-rng-pci \ -net user,host=10.0.2.10,hostfwd=tcp::10022-:22 -net nic,model=virtio-net-pci \ -append "root=/dev/vda earlyprintk=serial console=ttyAMA0 earlycon" I am observing "synchronous external abort" when kernel tries to access unused I/O ports (see below), while hardware/qemu should return 0x in this case. This is factored out of this LKML thread where Arnd describes it in more details: https://lore.kernel.org/lkml/CAK8P3a0HVu+x0T6+K3d0v1bvU-Pes0F0CSjqm5x=bxfgv5y...@mail.gmail.com/ Internal error: synchronous external abort: 9650 [#1] PREEMPT SMP Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 11231 Comm: syz-executor.1 Not tainted 5.12.0-rc2-syzkaller-00302-g28806e4d9b97 #0 Hardware name: linux,dummy-virt (DT) pstate: 8085 (Nzcv daIf -PAN -UAO -TCO BTYPE=--) pc : __raw_writeb arch/arm64/include/asm/io.h:27 [inline] pc : _outb include/asm-generic/io.h:501 [inline] pc : logic_outb+0x3c/0x114 lib/logic_pio.c:302 lr : io_serial_out+0x80/0xc0 drivers/tty/serial/8250/8250_port.c:453 sp : 15f0f980 x29: 15f0f980 x28: 80001de0005d x27: 80001601df00 x26: 15f0fc90 x25: 80001de0 x24: 80001de0 x23: 0e27f600 x22: x21: 0002 x20: 0002 x19: fbfffe81 x18: 6a678b48 x17: x16: x15: 8000197be810 x14: 1fffe2be1f0e x13: 1fffe2be1e90 x12: 62be1f39 x11: 1fffe2be1f38 x10: 62be1f38 x9 : dfff8000 x8 : 0003 x7 : 0001 x6 : 0004 x5 : 15f0f9c0 x4 : dfff8000 x3 : 0001 x2 : 13494e6b x1 : fbfffe80 x0 : 00ffbffe Call trace: _outb include/asm-generic/io.h:501 [inline] logic_outb+0x3c/0x114 lib/logic_pio.c:302 io_serial_out+0x80/0xc0 drivers/tty/serial/8250/8250_port.c:453 serial_out drivers/tty/serial/8250/8250.h:118 [inline] serial8250_set_THRI drivers/tty/serial/8250/8250.h:138 [inline] __start_tx drivers/tty/serial/8250/8250_port.c:1566 [inline] serial8250_start_tx+0x338/0x6c0 drivers/tty/serial/8250/8250_port.c:1666 __uart_start.isra.0+0x10c/0x154 drivers/tty/serial/serial_core.c:127 uart_start+0xe0/0x210 drivers/tty/serial/serial_core.c:137 uart_flush_chars+0x10/0x20 drivers/tty/serial/serial_core.c:573 __receive_buf drivers/tty/n_tty.c:1646 [inline] n_tty_receive_buf_common+0x588/0x22c0 drivers/tty/n_tty.c:1739 n_tty_receive_buf+0x14/0x20 drivers/tty/n_tty.c:1768 tiocsti drivers/tty/tty_io.c:2317 [inline] tty_ioctl+0xed0/0x1aec drivers/tty/tty_io.c:2718 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __arm64_sys_ioctl+0x120/0x18c fs/ioctl.c:739 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall arch/arm64/kernel/syscall.c:49 [inline] el0_svc_common.constprop.0+0xf0/0x2c0 arch/arm64/kernel/syscall.c:129 do_el0_svc+0xa4/0xd0 arch/arm64/kernel/syscall.c:168 el0_svc+0x24/0x34 arch/arm64/kernel/entry-common.c:416 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432 el0_sync+0x170/0x180 arch/arm64/kernel/entry.S:699 Code: d2bfd001 f2df7fe1 f2e1 8b010273 (39000274) ---[ end trace 79cb47219936c254 ]--- To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1918917/+subscriptions
