blob: 561184a8f97d91515f0acc1f663dd6d85703548d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
files: 0.944
ppc: 0.900
arm: 0.889
kernel: 0.877
PID: 0.876
register: 0.868
assembly: 0.840
graphic: 0.796
socket: 0.793
architecture: 0.793
peripherals: 0.783
vnc: 0.767
device: 0.758
permissions: 0.755
semantic: 0.754
risc-v: 0.752
user-level: 0.750
performance: 0.740
VMM: 0.687
network: 0.649
TCG: 0.648
mistranslation: 0.591
boot: 0.579
hypervisor: 0.534
KVM: 0.504
debug: 0.497
virtual: 0.308
i386: 0.235
x86: 0.156
bcm2835_aux (raspi3) fails when the receive FIFO fills up
Description of problem:
When a bare-metal application on the `raspi3` board reads the `AUX_MU_STAT_REG` MMIO register while the device's buffer is at full receive FIFO capacity (i.e. `s->read_count == BCM2835_AUX_RX_FIFO_LEN`) the assertion `assert(s->read_count < BCM2835_AUX_RX_FIFO_LEN)` fails.
The assertion in question is currently in line 141 of `hw/char/bcm2835_aux.c`: https://gitlab.com/qemu-project/qemu/-/blob/9c2647f75004c4f7d64c9c0ec55f8c6f0739a8b1/hw/char/bcm2835_aux.c#L141
but in my current QEMU version, it seems that it was in line 140, but I don't think that has any implication on this error. If the below steps to reproduce are followed, the full output of a normal QEMU (no debugging output or anything) is simply:
```text
$ echo abcdefgh | qemu-system-aarch64 -M raspi3 -kernel kernel8.elf -serial null -serial stdio
qemu-system-aarch64: /build/qemu-71DV4m/qemu-4.2/hw/char/bcm2835_aux.c:140: bcm2835_aux_read: Assertion `s->read_count < BCM2835_AUX_RX_FIFO_LEN' failed.
Aborted (core dumped)
```
Notice, that there is nothing really wrong with the implementation, if for instance an application that uses the `AUX_MU_LSR_REG` instead to check whether input is available, everything works as expected. It really seems that just this assertion is wrong. Also notice that the [BCM2835 manual](https://www.raspberrypi.org/app/uploads/2012/02/BCM2835-ARM-Peripherals.pdf) (page 18) explicitly allows values inclusive 8.
Steps to reproduce:
1. write a minimal bare-metal application for aarch64 using below main file
2. compile it with a decent aarch64 compiler, linker script and entry assembly as `kernel8.elf`
3. `echo abcdefgh | qemu-system-aarch64 -M raspi3 -kernel kernel8.elf -serial null -serial stdio`
4. QEMU crashes with the above state assertion error
Additional information:
Minimal bare-metal application (`main.c`):
```c
#define MMIO_BASE 0x3F000000
#define AUX_MU_STAT ((volatile unsigned int*)(MMIO_BASE+0x00215064))
void main() {
while (1) {
// Just read STAT register to trigger the assertion error
*AUX_MU_STAT;
}
}
```
Also see [kernel8.elf.zip](/uploads/b12ae2750d2df1bb8db2701f3145f653/kernel8.elf.zip) for a precompiled version of the above application.
|