From: "Philippe Mathieu-Daudé" <philmd@linaro.org>
To: qemu-devel@nongnu.org
Cc: "Chung-Yi Chen" <yeechen0207@gmail.com>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>
Subject: [PULL 15/23] hw/char/bcm2835_aux: Fix incorrect interrupt ID when RX disabled
Date: Mon, 31 Mar 2025 21:48:13 +0200 [thread overview]
Message-ID: <20250331194822.77309-16-philmd@linaro.org> (raw)
In-Reply-To: <20250331194822.77309-1-philmd@linaro.org>
From: Chung-Yi Chen <yeechen0207@gmail.com>
Fix a misconfiguration issue in the read implementation of the
AUX_MU_IIR_REG register. This issue can lead to a transmit interrupt
being incorrectly interpreted as a receive interrupt when the receive
interrupt is disabled and the receive FIFO holds valid bytes.
The AUX_MU_IIR_REG register (interrupt ID bits [2:1]) indicates the
status of mini UART interrupts:
- 00: No interrupts
- 01: Transmit FIFO is empty
- 10: Receive FIFO is not empty
- 11: <Not possible>
When the transmit interrupt is enabled and the receive interrupt is
disabled, the original code incorrectly sets the interrupt ID bits.
Specifically:
1. Transmit FIFO empty, receive FIFO empty
- Expected 0b01, returned 0b01 (correct)
2. Transmit FIFO empty, receive FIFO not empty
- Expected 0b01, returned 0b10 (incorrect)
In the second case, the code sets the interrupt ID to 0b10 (receive FIFO
is not empty) even if the receive interrupt is disabled.
To fix this, the patch adds additional condition for setting the
interrupt ID bits to also check if the receive interrupt is enabled.
Reference: BCM2835 ARM Peripherals, page 13. Available on
https://datasheets.raspberrypi.com/bcm2835/bcm2835-peripherals.pdf
Fixes: 97398d900ca ("bcm2835_aux: add emulation of BCM2835 AUX (aka UART1) block")
Signed-off-by: Chung-Yi Chen <yeechen0207@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20250328123725.94176-1-yeechen0207@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
hw/char/bcm2835_aux.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/char/bcm2835_aux.c b/hw/char/bcm2835_aux.c
index c6e7eccf7dd..9b073fc3308 100644
--- a/hw/char/bcm2835_aux.c
+++ b/hw/char/bcm2835_aux.c
@@ -98,7 +98,7 @@ static uint64_t bcm2835_aux_read(void *opaque, hwaddr offset, unsigned size)
* interrupts are active, besides that this cannot occur. At
* present, we choose to prioritise the rx interrupt, since
* the tx fifo is always empty. */
- if (s->read_count != 0) {
+ if ((s->iir & RX_INT) && s->read_count != 0) {
res |= 0x4;
} else {
res |= 0x2;
--
2.47.1
next prev parent reply other threads:[~2025-03-31 19:53 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-31 19:47 [PULL 00/23] Misc HW fixes for 2025-03-31 Philippe Mathieu-Daudé
2025-03-31 19:47 ` [PULL 01/23] hw/arm/armv7m: Expose and access System Control Space as little endian Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 02/23] hw/arm/imx8mp-evk: Fix reference count of SoC object Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 03/23] hw/arm/fsl-imx8mp: Derive struct FslImx8mpState from TYPE_SYS_BUS_DEVICE Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 04/23] hw/arm/fsl-imx8mp: Remove unused define Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 05/23] hw/core/cpu: Use size_t for memory_rw_debug len argument Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 06/23] hw/block/m25p80: Categorize and add description Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 07/23] hw/display/dm163: Add description Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 08/23] hw/dma/i82374: Categorize and add description Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 09/23] hw/mips: Mark the "mipssim" machine as deprecated Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 10/23] hw/rtc/goldfish: keep time offset when resetting Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 11/23] hw/misc/pll: Do not expose as user-creatable Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 12/23] hw/nvram/xlnx-efuse: " Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 13/23] hw/scsi/lsi53c895a: fix memory leak in lsi_scsi_realize() Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 14/23] hw/sd/sdhci: free irq on exit Philippe Mathieu-Daudé
2025-03-31 19:48 ` Philippe Mathieu-Daudé [this message]
2025-03-31 19:48 ` [PULL 16/23] hw/ufs: " Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 17/23] hw/pci-host/designware: Fix ATU_UPPER_TARGET register access Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 18/23] target/hppa: Remove duplicated CPU_RESOLVING_TYPE definition Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 19/23] target/avr: Fix buffer read in avr_print_insn Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 20/23] target/sparc: Log unimplemented ASI load/store accesses Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 21/23] target/mips: Revert TARGET_PAGE_BITS_VARY Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 22/23] target/mips: Require even maskbits in update_pagemask Philippe Mathieu-Daudé
2025-03-31 19:48 ` [PULL 23/23] target/mips: Simplify and fix update_pagemask Philippe Mathieu-Daudé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250331194822.77309-16-philmd@linaro.org \
--to=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=yeechen0207@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).