cfi01 driver initializes a rom device with ops represented by pflash_cfi01_ops.

static const MemoryRegionOps pflash_cfi01_ops = {
    .read_with_attrs = pflash_mem_read_with_attrs,
    .write_with_attrs = pflash_mem_write_with_attrs,
    .endianness = DEVICE_NATIVE_ENDIAN,

        &pfl->mem, OBJECT(dev),
        pfl->name, total_len, errp);

This region is also mapped in guest address space. For ex: hw/arm/virt.c does
that by:

virt_flash_map1() {

    memory_region_add_subregion(sysmem, base,
                sysbus_mmio_get_region(SYS_BUS_DEVICE(dev), 0));

It is not clear to me under what circumstance would the callbacks listed in
pflash_cfi01_ops be invoked. Is rom device memory supposed to be of trap/emulate
type, so that guest read of that memory will get trapped and handled by ops
listed in pflash_cfi01_ops? I see that a hypervisor accelerator's memory
listener callback gets notified of that memory range and appears to be
registering that as "read-only" memory. A read of that memory range from guest
need not necessarily cause a trap for example, in which case when would
pflash_mem_read_with_attrs get invoked?

- vatsa

Reply via email to