On 21/03/2019 17:48, Marc Gonzalez wrote: > As far as I can tell, the specific line that crashes the system is: > > AT_WRITE_REG(hw, REG_RXQ_CTRL, rxq); > > which attempts to write 0x80800000 to [0x1b300000 + 0x15a0] > > Note that I wrote "crashes the system" not "crashes the kernel" because > there is no panic, no log from the kernel. The system just hangs for a > few seconds, and then reboots. I suspect the system might be trapping > into the FW, which is unhappy because $REASON. > > > What I find confusing is that the previous write was: > > AT_WRITE_REG(hw, REG_TXQ_CTRL, txq); > > Why would REG_RXQ_CTRL be handled differently than REG_TXQ_CTRL? As pointed out by Jeffrey and Evan, it is probably not the write /per se/ that crashes the system; it is probably that this write enables RX, which would trigger a DMA operation which traps into TZ because the IOMMU is incorrectly configured. 0x80800000 = RXQ_CTRL_EN | (hw->rfd_burst << RXQ_RFD_BURST_NUM_SHIFT) The question is: how do I figure out what is missing, considering TZ doesn't write anything before suiciding the system... Regards.
