[PATCH] hw/arm: Remove hw_error() for the unimplemented CM_LMBUSCNT register

[PATCH] hw/arm: Remove hw_error() for the unimplemented CM_LMBUSCNT register

[Thomas Huth]

From: Thomas Huth <thuth@redhat.com>

When writing to this register, QEMU currently aborts:

 $ echo "readl 0x10000018" | ./qemu-system-arm -audiodev none,id=snd0 \
    -M integratorcp,accel=qtest,audiodev=snd0 -display none -qtest stdio
 [I 0.000000] OPENED
 [R +0.001907] readl 0x10000018
 qemu: hardware error: integratorcm_read: CM_LMBUSCNT
 [...]
 Aborted                    (core dumped)

This is bad, a guest should ideally never be able to kill QEMU like this.

Now, according to the "Intergrator/CP User Guide" from:

 https://developer.arm.com/documentation/dui0159/b/porting-integrator-ap-and-im-pd1/registers

 "The Integrator/AP CM_LMBUSCNT has been removed."

That means this register does not seem to be implemented on real CP boards
at all, only for older AP boards. Thus it should be fine if we simply
ignore this register in QEMU and handle it like all other unimplemented
registers in the "default" handler of the case statement.

Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3407
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
 hw/arm/integratorcp.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/hw/arm/integratorcp.c b/hw/arm/integratorcp.c
index 0bf519b6bb8..28d478eb52b 100644
--- a/hw/arm/integratorcp.c
+++ b/hw/arm/integratorcp.c
@@ -107,9 +107,6 @@ static uint64_t integratorcm_read(void *opaque, hwaddr offset,
         } else {
             return s->cm_lock;
         }
-    case 6: /* CM_LMBUSCNT */
-        /* ??? High frequency timer.  */
-        hw_error("integratorcm_read: CM_LMBUSCNT");
     case 7: /* CM_AUXOSC */
         return s->cm_auxosc;
     case 8: /* CM_SDRAM */
-- 
2.53.0

Re: [PATCH] hw/arm: Remove hw_error() for the unimplemented CM_LMBUSCNT register

[Philippe Mathieu-Daudé]

On 20/4/26 08:49, Thomas Huth wrote:
> From: Thomas Huth <thuth@redhat.com>
> 
> When writing to this register, QEMU currently aborts:
> 
>   $ echo "readl 0x10000018" | ./qemu-system-arm -audiodev none,id=snd0 \
>      -M integratorcp,accel=qtest,audiodev=snd0 -display none -qtest stdio
>   [I 0.000000] OPENED
>   [R +0.001907] readl 0x10000018
>   qemu: hardware error: integratorcm_read: CM_LMBUSCNT
>   [...]
>   Aborted                    (core dumped)
> 
> This is bad, a guest should ideally never be able to kill QEMU like this.
> 
> Now, according to the "Intergrator/CP User Guide" from:
> 
>   https://developer.arm.com/documentation/dui0159/b/porting-integrator-ap-and-im-pd1/registers
> 
>   "The Integrator/AP CM_LMBUSCNT has been removed."
> 
> That means this register does not seem to be implemented on real CP boards
> at all, only for older AP boards. Thus it should be fine if we simply
> ignore this register in QEMU and handle it like all other unimplemented
> registers in the "default" handler of the case statement.
> 
> Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3407
> Signed-off-by: Thomas Huth <thuth@redhat.com>
> ---
>   hw/arm/integratorcp.c | 3 ---
>   1 file changed, 3 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

Re: [PATCH] hw/arm: Remove hw_error() for the unimplemented CM_LMBUSCNT register

[Peter Maydell]

On Mon, 20 Apr 2026 at 07:49, Thomas Huth <thuth@redhat.com> wrote:
>
> From: Thomas Huth <thuth@redhat.com>
>
> When writing to this register, QEMU currently aborts:
>
>  $ echo "readl 0x10000018" | ./qemu-system-arm -audiodev none,id=snd0 \
>     -M integratorcp,accel=qtest,audiodev=snd0 -display none -qtest stdio
>  [I 0.000000] OPENED
>  [R +0.001907] readl 0x10000018
>  qemu: hardware error: integratorcm_read: CM_LMBUSCNT
>  [...]
>  Aborted                    (core dumped)
>
> This is bad, a guest should ideally never be able to kill QEMU like this.
>
> Now, according to the "Intergrator/CP User Guide" from:
>
>  https://developer.arm.com/documentation/dui0159/b/porting-integrator-ap-and-im-pd1/registers
>
>  "The Integrator/AP CM_LMBUSCNT has been removed."
>
> That means this register does not seem to be implemented on real CP boards
> at all, only for older AP boards. Thus it should be fine if we simply
> ignore this register in QEMU and handle it like all other unimplemented
> registers in the "default" handler of the case statement.
>
> Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3407
> Signed-off-by: Thomas Huth <thuth@redhat.com>
> ---



Applied to target-arm.next, thanks.

-- PMM

Re: [PATCH] hw/arm: Remove hw_error() for the unimplemented CM_LMBUSCNT register

[Michael Tokarev]

On 20.04.2026 09:49, Thomas Huth wrote:
> From: Thomas Huth <thuth@redhat.com>
> 
> When writing to this register, QEMU currently aborts:
> 
>   $ echo "readl 0x10000018" | ./qemu-system-arm -audiodev none,id=snd0 \
>      -M integratorcp,accel=qtest,audiodev=snd0 -display none -qtest stdio
>   [I 0.000000] OPENED
>   [R +0.001907] readl 0x10000018
>   qemu: hardware error: integratorcm_read: CM_LMBUSCNT
>   [...]
>   Aborted                    (core dumped)
> 
> This is bad, a guest should ideally never be able to kill QEMU like this.
> 
> Now, according to the "Intergrator/CP User Guide" from:
> 
>   https://developer.arm.com/documentation/dui0159/b/porting-integrator-ap-and-im-pd1/registers
> 
>   "The Integrator/AP CM_LMBUSCNT has been removed."
> 
> That means this register does not seem to be implemented on real CP boards
> at all, only for older AP boards. Thus it should be fine if we simply
> ignore this register in QEMU and handle it like all other unimplemented
> registers in the "default" handler of the case statement.
> 
> Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3407
> Signed-off-by: Thomas Huth <thuth@redhat.com>

Not sure how important it is, but from the bug report it seems this is
a real issue which triggers for real use cases, so I'm picking this one
up for qemu stable series.  Please let me know if I shouldn't.

Thanks,

/mjt

Re: [PATCH] hw/arm: Remove hw_error() for the unimplemented CM_LMBUSCNT register

[Peter Maydell]

On Thu, 30 Apr 2026 at 17:50, Michael Tokarev <mjt@tls.msk.ru> wrote:
>
> On 20.04.2026 09:49, Thomas Huth wrote:
> > From: Thomas Huth <thuth@redhat.com>
> >
> > When writing to this register, QEMU currently aborts:
> >
> >   $ echo "readl 0x10000018" | ./qemu-system-arm -audiodev none,id=snd0 \
> >      -M integratorcp,accel=qtest,audiodev=snd0 -display none -qtest stdio
> >   [I 0.000000] OPENED
> >   [R +0.001907] readl 0x10000018
> >   qemu: hardware error: integratorcm_read: CM_LMBUSCNT
> >   [...]
> >   Aborted                    (core dumped)
> >
> > This is bad, a guest should ideally never be able to kill QEMU like this.
> >
> > Now, according to the "Intergrator/CP User Guide" from:
> >
> >   https://developer.arm.com/documentation/dui0159/b/porting-integrator-ap-and-im-pd1/registers
> >
> >   "The Integrator/AP CM_LMBUSCNT has been removed."
> >
> > That means this register does not seem to be implemented on real CP boards
> > at all, only for older AP boards. Thus it should be fine if we simply
> > ignore this register in QEMU and handle it like all other unimplemented
> > registers in the "default" handler of the case statement.
> >
> > Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3407
> > Signed-off-by: Thomas Huth <thuth@redhat.com>
>
> Not sure how important it is, but from the bug report it seems this is
> a real issue which triggers for real use cases

No, it absolutely isn't. It's just somebody who's been pointing
an LLM at the codebase and asking it to find cases where the
guest can do things like triggering asserts or aborts. No
real guest is going to touch this register, because (as the
commit message notes) it doesn't exist on the real hardware.
It's a harmless change to pick to stable if you want to, though.

-- PMM