The omap_badwidth_read* and omap_badwidth_write* functions are used by various OMAP devices when the guest makes an access to registers with an invalid width. They do two things: - log a GUEST_ERROR for the access - call cpu_physical_memory_read() or cpu_physical_memory_write() with the offset they are passed in
The first of these produces an unhelpful log message because the function name that is printed is that of the omap_badwidth_* function, not that of the read or write function of the device that called it; this means you can't tell what device is involved. The second is wrong because the offset is an offset into the device but we use it as an absolute physical address, so we will access whatever is at low memory. That happens to be the boot ROM, so we will ignore a write and return random garbage on a read. This bug has been present since 2011, when we did the conversions to the MemoryRegion APIs, which involved changing all devices from working with absolute physical addresses to working with offsets within their MemoryRegions. We must have missed updating these functions. At this point it is unclear what the original intention was in feeding these bad accesses back into the memory system. Rather than trying to make them do that again, this series replaces them with open-coded calls to qemu_log_mask() and RAZ/WI behaviour, and then removes the implementations. The benefit of this is that we remove a callsite of cpu_physical_memory_read/write that was doing something badly wrong anyway. thanks -- PMM Peter Maydell (7): hw/sd/omap_mmc: Remove omap_badwidth_* calls hw/i2c/omap_i2c: Remove omap_badwidth_* calls hw/gpio/omap_gpio: Remove omap_badwidth_* calls hw/dma/omap_dma: Remove omap_badwidth_* calls hw/arm/omap1: Remove omap_badwidth_read* calls hw/arm/omap1: Remove omap_badwidth_write* calls hw/arm/omap1: Remove omap_badwidth_* implementations include/hw/arm/omap.h | 10 --- hw/arm/omap1.c | 203 +++++++++++++++++++++--------------------- hw/dma/omap_dma.c | 7 +- hw/gpio/omap_gpio.c | 7 +- hw/i2c/omap_i2c.c | 7 +- hw/sd/omap_mmc.c | 7 +- 6 files changed, 122 insertions(+), 119 deletions(-) -- 2.43.0
