summary refs log tree commit diff stats
path: root/gitlab/issues/target_arm/host_missing/accel_missing/459.toml
diff options
context:
space:
mode:
Diffstat (limited to 'gitlab/issues/target_arm/host_missing/accel_missing/459.toml')
-rw-r--r--gitlab/issues/target_arm/host_missing/accel_missing/459.toml43
1 files changed, 43 insertions, 0 deletions
diff --git a/gitlab/issues/target_arm/host_missing/accel_missing/459.toml b/gitlab/issues/target_arm/host_missing/accel_missing/459.toml
new file mode 100644
index 00000000..a21f663c
--- /dev/null
+++ b/gitlab/issues/target_arm/host_missing/accel_missing/459.toml
@@ -0,0 +1,43 @@
+id = 459
+title = "bcm2835_aux (raspi3) fails when the receive FIFO fills up"
+state = "opened"
+created_at = "2021-07-03T12:21:18.513Z"
+closed_at = "n/a"
+labels = ["TestCase", "target: arm"]
+url = "https://gitlab.com/qemu-project/qemu/-/issues/459"
+host-os = "Linux"
+host-arch = "x86_64"
+qemu-version = "QEMU emulator version 4.2.1 (Debian 1:4.2-3ubuntu6.16)"
+guest-os = "bare-metal _see below_"
+guest-arch = "aarch64"
+description = """When a bare-metal application on the `raspi3` board reads the `AUX_MU_STAT_REG` MMIO register while the device's buffer is at full receive FIFO capacity (i.e. `s->read_count == BCM2835_AUX_RX_FIFO_LEN`) the assertion `assert(s->read_count < BCM2835_AUX_RX_FIFO_LEN)` fails.
+
+The assertion in question is currently in line 141 of `hw/char/bcm2835_aux.c`: https://gitlab.com/qemu-project/qemu/-/blob/9c2647f75004c4f7d64c9c0ec55f8c6f0739a8b1/hw/char/bcm2835_aux.c#L141
+but in my current QEMU version, it seems that it was in line 140, but I don't think that has any implication on this error. If the below steps to reproduce are followed, the full output of a normal QEMU (no debugging output or anything) is simply:
+
+```text
+$ echo abcdefgh | qemu-system-aarch64 -M raspi3 -kernel kernel8.elf -serial null -serial stdio
+qemu-system-aarch64: /build/qemu-71DV4m/qemu-4.2/hw/char/bcm2835_aux.c:140: bcm2835_aux_read: Assertion `s->read_count < BCM2835_AUX_RX_FIFO_LEN' failed.
+Aborted (core dumped)
+```
+
+Notice, that there is nothing really wrong with the implementation, if for instance an application that uses the `AUX_MU_LSR_REG` instead to check whether input is available, everything works as expected. It really seems that just this assertion is wrong. Also notice that the [BCM2835 manual](https://www.raspberrypi.org/app/uploads/2012/02/BCM2835-ARM-Peripherals.pdf) (page 18) explicitly allows values inclusive 8."""
+reproduce = """1. write a minimal bare-metal application for aarch64 using below main file
+2. compile it with a decent aarch64 compiler, linker script and entry assembly as `kernel8.elf`
+3. `echo abcdefgh | qemu-system-aarch64 -M raspi3 -kernel kernel8.elf -serial null -serial stdio`
+4. QEMU crashes with the above state assertion error"""
+additional = """Minimal bare-metal application (`main.c`):
+
+```c
+#define MMIO_BASE       0x3F000000
+#define AUX_MU_STAT     ((volatile unsigned int*)(MMIO_BASE+0x00215064))
+
+void main() {
+    while (1) {
+        // Just read STAT register to trigger the assertion error
+        *AUX_MU_STAT;
+    }
+}
+```
+
+Also see [kernel8.elf.zip](/uploads/b12ae2750d2df1bb8db2701f3145f653/kernel8.elf.zip) for a precompiled version of the above application."""