summary refs log tree commit diff stats
path: root/hw/char/bcm2835_aux.c
diff options
context:
space:
mode:
authorFrederik van Hövell <frederik@fvhovell.nl>2024-07-29 13:34:18 +0100
committerPeter Maydell <peter.maydell@linaro.org>2024-07-29 13:34:18 +0100
commit546d574b11e02bfd5b15cdf1564842c14516dfab (patch)
tree9d91f841898ab18e0f091e3a93814a990dbd9b39 /hw/char/bcm2835_aux.c
parent93b799fafd9170da3a79a533ea6f73a18de82e22 (diff)
downloadfocaccia-qemu-546d574b11e02bfd5b15cdf1564842c14516dfab.tar.gz
focaccia-qemu-546d574b11e02bfd5b15cdf1564842c14516dfab.zip
hw/char/bcm2835_aux: Fix assert when receive FIFO fills up
When a bare-metal application on the raspi3 board reads the
AUX_MU_STAT_REG MMIO register while the device's buffer is
at full receive FIFO capacity
(i.e. `s->read_count == BCM2835_AUX_RX_FIFO_LEN`) the
assertion `assert(s->read_count < BCM2835_AUX_RX_FIFO_LEN)`
fails.

Reported-by: Cryptjar <cryptjar@junk.studio>
Suggested-by: Cryptjar <cryptjar@junk.studio>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/459
Signed-off-by: Frederik van Hövell <frederik@fvhovell.nl>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
[PMM: commit message tweaks]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'hw/char/bcm2835_aux.c')
-rw-r--r--hw/char/bcm2835_aux.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/char/bcm2835_aux.c b/hw/char/bcm2835_aux.c
index 83990e20f7..fca2f27a55 100644
--- a/hw/char/bcm2835_aux.c
+++ b/hw/char/bcm2835_aux.c
@@ -138,7 +138,7 @@ static uint64_t bcm2835_aux_read(void *opaque, hwaddr offset, unsigned size)
         res = 0x30e; /* space in the output buffer, empty tx fifo, idle tx/rx */
         if (s->read_count > 0) {
             res |= 0x1; /* data in input buffer */
-            assert(s->read_count < BCM2835_AUX_RX_FIFO_LEN);
+            assert(s->read_count <= BCM2835_AUX_RX_FIFO_LEN);
             res |= ((uint32_t)s->read_count) << 16; /* rx fifo fill level */
         }
         return res;