Skip to content

CAN sja1000 standard frame filter bug

A CAN sja1000 standard frame filter (in single Acceptance Filter Mode MOD_AFM = 1) is unable to receive a CAN frame with any of the lower 3 bits of the CAN ID set.

I believe this is the bug:

https://gitlab.com/qemu-project/qemu/-/blob/master/hw/net/can/can_sja1000.c#L111

filter->can_mask = (uint32_t)amr[0] << 3;
filter->can_mask |= (uint32_t)amr[1] << 5;

<< 5 above should be >> 5.

The above code is getting an 11 bit CAN ID mask out of the amr bytes.

Byte 0 contains the upper 8 bits so is shifted up 3.

The upper 3 bits of byte 1 are the lower 3 bits of the mask, so they should be shifted down 5 (rather than up).

image

This bug is reproducible on the latest master branch 9c74490b (v8.2.0-rc3).

It does not affect the current Linux driver as that uses dual filter mode (MOD_AFM = 0), I was testing with Zephyr RTOS.

I can provide detailed steps to reproduce if necessary

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information