arm: MPU RLAR register has reserved as 0 bit set
Host environment
- Operating system: Arch Linux
- OS/kernel version: 6.17.7-zen1-1-zen
- Architecture: x86_64
- QEMU flavor: qemu-system-arm
- QEMU version: 10.1.2
- QEMU command line:
qemu-system-arm -M mps3-an547 -display none -device loader,file=bootrom.hex -d in_asm,cpu,int,'trace:*nvic*'
Emulated/Virtualized environment
- Operating system: -
- OS/kernel version: -
- Architecture: ARM (Cortex-M33)
Description of problem
QEMU does incorrectly implement RLAR MPU register bit 4 which is reserved and should be 0.
Value is returned in nvic_readl.
When running the reproducer the bootrom MPU check fails due to the RLAR MPU register having the bit [4] set which is defined as res0 which should read as 0 per ARM specification.
Expected value on read is 0x400e0301 not 0x400e0311.
$ qemu-system-arm -M mps3-an547 -display none -device loader,file=bootrom.hex -d in_asm,cpu,int,'trace:*nvic*'
[...]
nvic_sysreg_write NVIC sysreg write addr 0xda0 data 0x400e0311 size 4
[...]
nvic_sysreg_read NVIC sysreg read addr 0xda0 data 0x400e0311 size 4Steps to reproduce
- Run the reproducer.
Additional information
Reproducer: bootrom.hex
Reproducer is based on the raspberrypi rp2350 bootrom with same patches:
- skip SAU+IDAU tests (no rp2350 IDAU impl in QEMU)
- remove test for vendor specific undefined behavior of
SAU_RNRout-of-range writes (0xf0write is expected to setRNRto0), QEMU ignores these writes - added
bkpt 0xffafter MPU tests, to stop on success
mps3-an547 machine is used to easily run the reproducer, using a Cortex-M33 CPU does not fix the issue.
There are other SAU / MPU registers with reserved bits worth taking a look (haven't checked these):