The omap_badwidth_read* and omap_badwidth_write* functions are used by various OMAP devices when the guest makes an access to registers with an invalid width; they do two things: - log a GUEST_ERROR for the access - call cpu_physical_memory_read() or cpu_physical_memory_write() with the offset they are passed in
The first of these produces an unhelpful log message because the function name that is printed is that of the omap-badwidth_* function, not that of the read or write function of the device that called it; this means you can't tell what device is involved. The second is wrong because the offset is an offset into the device but we use it as an absolute physical address, so we will access whatever is at low memory. That happens to be the boot ROM, so we will ignore a write and return random garbage on a read. This bug has been present since 2011, when we did the conversions to the MemoryRegion APIs, which involved changing all devices from working with absolute physical addresses to working with offsets within their MemoryRegions. We must have missed updating these functions. Replace the uses of the omap_badwidth_read* functions in omap1.c with an open-coded call to qemu_log_mask() and RAZ/WI behaviour. We do just the reads here because there are a lot of callsites in omap1.c; the writes will be done in the next commit. Signed-off-by: Peter Maydell <[email protected]> --- hw/arm/omap1.c | 80 +++++++++++++++++++++++++++++++++++++------------- 1 file changed, 60 insertions(+), 20 deletions(-) diff --git a/hw/arm/omap1.c b/hw/arm/omap1.c index 74458fb7c69..a187672897e 100644 --- a/hw/arm/omap1.c +++ b/hw/arm/omap1.c @@ -208,7 +208,9 @@ static uint64_t omap_mpu_timer_read(void *opaque, hwaddr addr, struct omap_mpu_timer_s *s = opaque; if (size != 4) { - return omap_badwidth_read32(opaque, addr); + qemu_log_mask(LOG_GUEST_ERROR, "%s: read at offset 0x%" HWADDR_PRIx + " with bad width %d\n", __func__, addr, size); + return 0; } switch (addr) { @@ -314,7 +316,9 @@ static uint64_t omap_wd_timer_read(void *opaque, hwaddr addr, struct omap_watchdog_timer_s *s = opaque; if (size != 2) { - return omap_badwidth_read16(opaque, addr); + qemu_log_mask(LOG_GUEST_ERROR, "%s: read at offset 0x%" HWADDR_PRIx + " with bad width %d\n", __func__, addr, size); + return 0; } switch (addr) { @@ -438,7 +442,9 @@ static uint64_t omap_os_timer_read(void *opaque, hwaddr addr, int offset = addr & OMAP_MPUI_REG_MASK; if (size != 4) { - return omap_badwidth_read32(opaque, addr); + qemu_log_mask(LOG_GUEST_ERROR, "%s: read at offset 0x%" HWADDR_PRIx + " with bad width %d\n", __func__, addr, size); + return 0; } switch (offset) { @@ -539,7 +545,9 @@ static uint64_t omap_ulpd_pm_read(void *opaque, hwaddr addr, uint16_t ret; if (size != 2) { - return omap_badwidth_read16(opaque, addr); + qemu_log_mask(LOG_GUEST_ERROR, "%s: read at offset 0x%" HWADDR_PRIx + " with bad width %d\n", __func__, addr, size); + return 0; } switch (addr) { @@ -771,7 +779,9 @@ static uint64_t omap_pin_cfg_read(void *opaque, hwaddr addr, struct omap_mpu_state_s *s = opaque; if (size != 4) { - return omap_badwidth_read32(opaque, addr); + qemu_log_mask(LOG_GUEST_ERROR, "%s: read at offset 0x%" HWADDR_PRIx + " with bad width %d\n", __func__, addr, size); + return 0; } switch (addr) { @@ -994,7 +1004,9 @@ static uint64_t omap_id_read(void *opaque, hwaddr addr, struct omap_mpu_state_s *s = opaque; if (size != 4) { - return omap_badwidth_read32(opaque, addr); + qemu_log_mask(LOG_GUEST_ERROR, "%s: read at offset 0x%" HWADDR_PRIx + " with bad width %d\n", __func__, addr, size); + return 0; } switch (addr) { @@ -1076,7 +1088,9 @@ static uint64_t omap_mpui_read(void *opaque, hwaddr addr, struct omap_mpu_state_s *s = opaque; if (size != 4) { - return omap_badwidth_read32(opaque, addr); + qemu_log_mask(LOG_GUEST_ERROR, "%s: read at offset 0x%" HWADDR_PRIx + " with bad width %d\n", __func__, addr, size); + return 0; } switch (addr) { @@ -1174,7 +1188,9 @@ static uint64_t omap_tipb_bridge_read(void *opaque, hwaddr addr, struct omap_tipb_bridge_s *s = opaque; if (size < 2) { - return omap_badwidth_read16(opaque, addr); + qemu_log_mask(LOG_GUEST_ERROR, "%s: read at offset 0x%" HWADDR_PRIx + " with bad width %d\n", __func__, addr, size); + return 0; } switch (addr) { @@ -1276,7 +1292,9 @@ static uint64_t omap_tcmi_read(void *opaque, hwaddr addr, uint32_t ret; if (size != 4) { - return omap_badwidth_read32(opaque, addr); + qemu_log_mask(LOG_GUEST_ERROR, "%s: read at offset 0x%" HWADDR_PRIx + " with bad width %d\n", __func__, addr, size); + return 0; } switch (addr) { @@ -1390,7 +1408,9 @@ static uint64_t omap_dpll_read(void *opaque, hwaddr addr, struct dpll_ctl_s *s = opaque; if (size != 2) { - return omap_badwidth_read16(opaque, addr); + qemu_log_mask(LOG_GUEST_ERROR, "%s: read at offset 0x%" HWADDR_PRIx + " with bad width %d\n", __func__, addr, size); + return 0; } if (addr == 0x00) /* CTL_REG */ @@ -1470,7 +1490,9 @@ static uint64_t omap_clkm_read(void *opaque, hwaddr addr, struct omap_mpu_state_s *s = opaque; if (size != 2) { - return omap_badwidth_read16(opaque, addr); + qemu_log_mask(LOG_GUEST_ERROR, "%s: read at offset 0x%" HWADDR_PRIx + " with bad width %d\n", __func__, addr, size); + return 0; } switch (addr) { @@ -1763,7 +1785,9 @@ static uint64_t omap_clkdsp_read(void *opaque, hwaddr addr, CPUState *cpu = CPU(s->cpu); if (size != 2) { - return omap_badwidth_read16(opaque, addr); + qemu_log_mask(LOG_GUEST_ERROR, "%s: read at offset 0x%" HWADDR_PRIx + " with bad width %d\n", __func__, addr, size); + return 0; } switch (addr) { @@ -1955,7 +1979,9 @@ static uint64_t omap_mpuio_read(void *opaque, hwaddr addr, uint16_t ret; if (size != 2) { - return omap_badwidth_read16(opaque, addr); + qemu_log_mask(LOG_GUEST_ERROR, "%s: read at offset 0x%" HWADDR_PRIx + " with bad width %d\n", __func__, addr, size); + return 0; } switch (offset) { @@ -2205,7 +2231,9 @@ static uint64_t omap_uwire_read(void *opaque, hwaddr addr, unsigned size) int offset = addr & OMAP_MPUI_REG_MASK; if (size != 2) { - return omap_badwidth_read16(opaque, addr); + qemu_log_mask(LOG_GUEST_ERROR, "%s: read at offset 0x%" HWADDR_PRIx + " with bad width %d\n", __func__, addr, size); + return 0; } switch (offset) { @@ -2346,7 +2374,9 @@ static uint64_t omap_pwl_read(void *opaque, hwaddr addr, unsigned size) int offset = addr & OMAP_MPUI_REG_MASK; if (size != 1) { - return omap_badwidth_read8(opaque, addr); + qemu_log_mask(LOG_GUEST_ERROR, "%s: read at offset 0x%" HWADDR_PRIx + " with bad width %d\n", __func__, addr, size); + return 0; } switch (offset) { @@ -2439,7 +2469,9 @@ static uint64_t omap_pwt_read(void *opaque, hwaddr addr, unsigned size) int offset = addr & OMAP_MPUI_REG_MASK; if (size != 1) { - return omap_badwidth_read8(opaque, addr); + qemu_log_mask(LOG_GUEST_ERROR, "%s: read at offset 0x%" HWADDR_PRIx + " with bad width %d\n", __func__, addr, size); + return 0; } switch (offset) { @@ -2573,7 +2605,9 @@ static uint64_t omap_rtc_read(void *opaque, hwaddr addr, unsigned size) uint8_t i; if (size != 1) { - return omap_badwidth_read8(opaque, addr); + qemu_log_mask(LOG_GUEST_ERROR, "%s: read at offset 0x%" HWADDR_PRIx + " with bad width %d\n", __func__, addr, size); + return 0; } switch (offset) { @@ -3117,7 +3151,9 @@ static uint64_t omap_mcbsp_read(void *opaque, hwaddr addr, uint16_t ret; if (size != 2) { - return omap_badwidth_read16(opaque, addr); + qemu_log_mask(LOG_GUEST_ERROR, "%s: read at offset 0x%" HWADDR_PRIx + " with bad width %d\n", __func__, addr, size); + return 0; } switch (offset) { @@ -3546,7 +3582,9 @@ static uint64_t omap_lpg_read(void *opaque, hwaddr addr, unsigned size) int offset = addr & OMAP_MPUI_REG_MASK; if (size != 1) { - return omap_badwidth_read8(opaque, addr); + qemu_log_mask(LOG_GUEST_ERROR, "%s: read at offset 0x%" HWADDR_PRIx + " with bad width %d\n", __func__, addr, size); + return 0; } switch (offset) { @@ -3627,7 +3665,9 @@ static uint64_t omap_mpui_io_read(void *opaque, hwaddr addr, unsigned size) { if (size != 2) { - return omap_badwidth_read16(opaque, addr); + qemu_log_mask(LOG_GUEST_ERROR, "%s: read at offset 0x%" HWADDR_PRIx + " with bad width %d\n", __func__, addr, size); + return 0; } if (addr == OMAP_MPUI_BASE) /* CMR */ -- 2.43.0
