synchronous abort on accessing unused I/O ports on aarch64
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
QEMU |
Expired
|
Undecided
|
Unassigned |
Bug Description
version: QEMU emulator version 5.2.0 (Debian 1:5.2+dfsg-6)
command line: qemu-system-aarch64 \
-machine virt,virtualiza
-device virtio-
-drive if=none,
-kernel arch/arm64/
-nographic \
-device virtio-rng-pci \
-net user,host=
-append "root=/dev/vda earlyprintk=serial console=ttyAMA0 earlycon"
I am observing "synchronous external abort" when kernel tries to access unused I/O ports (see below), while hardware/qemu should return 0xffffffff in this case.
This is factored out of this LKML thread where Arnd describes it in more details:
https:/
Internal error: synchronous external abort: 96000050 [#1] PREEMPT SMP
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 11231 Comm: syz-executor.1 Not tainted 5.12.0-
Hardware name: linux,dummy-virt (DT)
pstate: 80000085 (Nzcv daIf -PAN -UAO -TCO BTYPE=--)
pc : __raw_writeb arch/arm64/
pc : _outb include/
pc : logic_outb+
lr : io_serial_
sp : ffff000015f0f980
x29: ffff000015f0f980 x28: ffff80001de0005d
x27: ffff80001601df00 x26: ffff000015f0fc90
x25: ffff80001de00000 x24: ffff80001de00000
x23: ffff00000e27f600 x22: 0000000000000000
x21: 0000000000000002 x20: 0000000000000002
x19: fffffbfffe800001 x18: ffff00006a678b48
x17: 0000000000000000 x16: 0000000000000000
x15: ffff8000197be810 x14: 1fffe00002be1f0e
x13: 1fffe00002be1e90 x12: ffff600002be1f39
x11: 1fffe00002be1f38 x10: ffff600002be1f38
x9 : dfff800000000000 x8 : 0000000000000003
x7 : 0000000000000001 x6 : 0000000000000004
x5 : ffff000015f0f9c0 x4 : dfff800000000000
x3 : 0000000000000001 x2 : 1ffff00003494e6b
x1 : fffffbfffe800000 x0 : 0000000000ffbffe
Call trace:
_outb include/
logic_
io_serial_
serial_out drivers/
serial8250_
__start_tx drivers/
serial8250_
__uart_
uart_start+
uart_flush_
__receive_buf drivers/
n_tty_
n_tty_
tiocsti drivers/
tty_ioctl+
vfs_ioctl fs/ioctl.c:48 [inline]
__do_sys_ioctl fs/ioctl.c:753 [inline]
__se_sys_ioctl fs/ioctl.c:739 [inline]
__arm64_
__invoke_syscall arch/arm64/
invoke_syscall arch/arm64/
el0_svc_
do_el0_
el0_svc+0x24/0x34 arch/arm64/
el0_sync_
el0_sync+
Code: d2bfd001 f2df7fe1 f2ffffe1 8b010273 (39000274)
---[ end trace 79cb47219936c254 ]---
summary: |
- synchronous about on accessing unused I/O ports on arm + synchronous about on accessing unused I/O ports on aarch64 |
tags: | added: arm |
summary: |
- synchronous about on accessing unused I/O ports on aarch64 + synchronous abort on accessing unused I/O ports on aarch64 |
My best guess is that the PCI I/O port handling in qemu only returns data for ports that are connected to an actual device.
In this case, the kernel attempts to access a 8250 serial port at an address where none exists. While this is also a bug in the kernel, a real PCI implementation would not cause an external abort but simply return 'all-ones' (0xff, 0xffff, 0xffffffff) for a read request and ignore writes. This is something that the kernel relies on for probing unknown ISA style devices.