lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 21 Mar 2021 12:52:57 +0100
From:   Arnd Bergmann <arnd@...db.de>
To:     Peter Maydell <peter.maydell@...aro.org>
Cc:     Dmitry Vyukov <dvyukov@...gle.com>,
        Mark Rutland <mark.rutland@....com>,
        Marc Zyngier <maz@...nel.org>, Will Deacon <will@...nel.org>,
        Ard Biesheuvel <ardb@...nel.org>,
        Linux ARM <linux-arm-kernel@...ts.infradead.org>,
        syzkaller <syzkaller@...glegroups.com>,
        LKML <linux-kernel@...r.kernel.org>,
        John Garry <john.garry@...wei.com>,
        Alex Bennée <alex.bennee@...aro.org>
Subject: Re: arm64 syzbot instances

On Sat, Mar 20, 2021 at 9:43 PM Peter Maydell <peter.maydell@...aro.org> wrote:
>
> On Fri, 12 Mar 2021 at 09:16, Arnd Bergmann <arnd@...db.de> wrote:
> > So it's probably qemu that triggers the 'synchronous external
> > abort' when accessing the PCI I/O space, which in turn hints
> > towards a bug in qemu. Presumably it only returns data from
> > I/O ports that are actually mapped to a device when real hardware
> > is supposed to return 0xffffffff when reading from unused I/O ports.
>
> Do you have a reference to the bit of the PCI spec that mandates
> this -1/discard behaviour for attempted access to places where
> there isn't actually a PCI device mapped ? The spec is pretty
> long and hard to read...
>
> (Knowing to what extent this behaviour is mandatory for all
> PCI systems/host controllers vs just "it would be nice if the
> gpex host controller worked this way" would help in figuring
> out where in QEMU to change.)

Sorry, I don't. I can probably find something in there myself,
but in the end it comes down to Linux drivers relying on this
behavior for ISA devices since the start. On an old-style x86
PC, this is the only method for finding out if a device is present
or not, since there is no description in the firmware that lists them.

PCIe devices remain backwards compatible with the old ISA
bus, so the old behavior must generally be kept possible.
I don't think a specification for the ISA bus exists at all, and
I found nothing in the related LPC specification about reading
from an unknown device.

https://tldp.org/HOWTO/Plug-and-Play-HOWTO-6.html#ss6.12
states the behavior of the ISA I/O ports and how Linux drivers rely
on that. Is that enough for you?

          Arnd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ