[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-9.0.3 23/69] hw/char/bcm2835_aux: Fix assert when receive FIFO f
From: |
Michael Tokarev |
Subject: |
[Stable-9.0.3 23/69] hw/char/bcm2835_aux: Fix assert when receive FIFO fills up |
Date: |
Fri, 6 Sep 2024 14:12:32 +0300 |
From: Frederik van Hövell <frederik@fvhovell.nl>
When a bare-metal application on the raspi3 board reads the
AUX_MU_STAT_REG MMIO register while the device's buffer is
at full receive FIFO capacity
(i.e. `s->read_count == BCM2835_AUX_RX_FIFO_LEN`) the
assertion `assert(s->read_count < BCM2835_AUX_RX_FIFO_LEN)`
fails.
Reported-by: Cryptjar <cryptjar@junk.studio>
Suggested-by: Cryptjar <cryptjar@junk.studio>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/459
Signed-off-by: Frederik van Hövell <frederik@fvhovell.nl>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
[PMM: commit message tweaks]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 546d574b11e02bfd5b15cdf1564842c14516dfab)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/hw/char/bcm2835_aux.c b/hw/char/bcm2835_aux.c
index 83990e20f7..fca2f27a55 100644
--- a/hw/char/bcm2835_aux.c
+++ b/hw/char/bcm2835_aux.c
@@ -138,7 +138,7 @@ static uint64_t bcm2835_aux_read(void *opaque, hwaddr
offset, unsigned size)
res = 0x30e; /* space in the output buffer, empty tx fifo, idle tx/rx
*/
if (s->read_count > 0) {
res |= 0x1; /* data in input buffer */
- assert(s->read_count < BCM2835_AUX_RX_FIFO_LEN);
+ assert(s->read_count <= BCM2835_AUX_RX_FIFO_LEN);
res |= ((uint32_t)s->read_count) << 16; /* rx fifo fill level */
}
return res;
--
2.39.2
- [Stable-9.0.3 12/69] virtio-snd: check for invalid param shift operands, (continued)
- [Stable-9.0.3 12/69] virtio-snd: check for invalid param shift operands, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 13/69] intel_iommu: fix FRCD construction macro, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 14/69] target/i386: do not crash if microvm guest uses SGX CPUID leaves, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 15/69] chardev/char-win-stdio.c: restore old console mode, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 16/69] hw/intc/loongson_ipi: Access memory in little endian, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 17/69] hw/intc/loongson_ipi: Fix resource leak, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 18/69] target/loongarch: Fix helper_lddir() a CID INTEGER_OVERFLOW issue, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 19/69] util/async.c: Forbid negative min/max in aio_context_set_thread_pool_params(), Michael Tokarev, 2024/09/06
- [Stable-9.0.3 21/69] hw/virtio: Fix the de-initialization of vhost-user devices, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 22/69] target/rx: Use target_ulong for address in LI, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 23/69] hw/char/bcm2835_aux: Fix assert when receive FIFO fills up,
Michael Tokarev <=
- [Stable-9.0.3 20/69] Revert "qemu-char: do not operate on sources from finalize callbacks", Michael Tokarev, 2024/09/06
- [Stable-9.0.3 24/69] hw/misc/bcm2835_property: Fix handling of FRAMEBUFFER_SET_PALETTE, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 27/69] target/arm: Avoid shifts by -1 in tszimm_shr() and tszimm_shl(), Michael Tokarev, 2024/09/06
- [Stable-9.0.3 26/69] target/arm: Fix UMOPA/UMOPS of 16-bit values, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 25/69] target/arm: Don't assert for 128-bit tile accesses when SVL is 128, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 31/69] hw/arm/mps2-tz.c: fix RX/TX interrupts order, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 30/69] hw/i386/amd_iommu: Don't leak memory in amdvi_update_iotlb(), Michael Tokarev, 2024/09/06
- [Stable-9.0.3 28/69] target/arm: Ignore SMCR_EL2.LEN and SVCR_EL2.LEN if EL2 is not enabled, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 29/69] docs/sphinx/depfile.py: Handle env.doc2path() returning a Path not a str, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 34/69] virtio-net: Fix network stall at the host side waiting for kick, Michael Tokarev, 2024/09/06