PCIe silicon bug to immediately hang a Tegra X1 and X2 ?

THIS IS SEPARATE ISSUE FROM PCIe DoS bug described here:

We have found another strange behavior of the PCIe root complex on the Tegra platform.

Lets connect a FPGA, with a simple debug core which can issue MRd32/MRd64 requests and receive completions.

Now issue a 64 bit read (4DW header) to an address whose upper 32 bits are zeroes - which is effectively a 32bit address.
The system immediately hangs.

Tested on both TX1 and TX2, with R28.1

While the behavior of the PCIe bus under such case is not defined and the specification tells you not to do this (and use 3DW header for 32bit addresses), it is technically possible and very easy to issue such a request.

I would expect to see a malformed packet information when such a packet is received, or anything else affecting only the PCIe portion of the SoC, not that the whole system crashes! No messages anywhere, it stops hard.

Is anywhere an errata for the Tegra SoCs to see if that is duplicate or new bug?

As per PCIe spec rev.3.0 page # 67

“• For Addresses below 4 GB, Requesters must use the 32-bit format. The behavior of the
receiver is not specified if a 64-bit format request addressing below 4 GB (i.e., with the
upper 32 bits of address all 0) is received.”

So, what is coming from end point in this case is a violation of spec and the un specified behavior as per spec in this case is system hang.

Still a malformed packet flag, or a MCE (machine check exception) might be a more appropriate solution than to hang the system.

We can just hope that the hang will not cause destruction of any hardware - either by a missing thermal regulation or by the chip going haywire.


And lets keep this as documentation of undocumented behaviour :)