Dev news

Commit 4d353e1228 for qemu.org

commit 4d353e1228d56b9b67178e49e25e207d321f7ec7
Author: Peter Maydell <peter.maydell@linaro.org>
Date:   Thu Jan 15 15:26:30 2026 +0000

    hw/sd/omap_mmc: Remove omap_badwidth_* calls

    The omap_badwidth_read* and omap_badwidth_write* functions are
    used by various OMAP devices when the guest makes an access
    to registers with an invalid width; they do two things:
     - log a GUEST_ERROR for the access
     - call cpu_physical_memory_read() or cpu_physical_memory_write()
       with the offset they are passed in

    The first of these produces an unhelpful log message because the
    function name that is printed is that of the omap-badwidth_*
    function, not that of the read or write function of the device that
    called it; this means you can't tell what device is involved.

    The second is wrong because the offset is an offset into the device
    but we use it as an absolute physical address, so we will access
    whatever is at low memory.  That happens to be the boot ROM, so we
    will ignore a write and return random garbage on a read.  This bug
    has been present since 2011, when we did the conversions to the
    MemoryRegion APIs, which involved changing all devices from working
    with absolute physical addresses to working with offsets within their
    MemoryRegions.  We must have missed updating these functions.

    Replace the uses of these functions in omap_mmc.c with an
    open-coded call to qemu_log_mask() and RAZ/WI behaviour.

    Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
    Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

diff --git a/hw/sd/omap_mmc.c b/hw/sd/omap_mmc.c
index 020429aa4f..d779506131 100644
--- a/hw/sd/omap_mmc.c
+++ b/hw/sd/omap_mmc.c
@@ -335,7 +335,9 @@ static uint64_t omap_mmc_read(void *opaque, hwaddr offset, unsigned size)
     OMAPMMCState *s = opaque;

     if (size != 2) {
-        return omap_badwidth_read16(opaque, offset);
+        qemu_log_mask(LOG_GUEST_ERROR, "%s: read at offset 0x%" HWADDR_PRIx
+                      " with bad width %d\n", __func__, offset, size);
+        return 0;
     }

     switch (offset) {
@@ -428,7 +430,8 @@ static void omap_mmc_write(void *opaque, hwaddr offset,
     OMAPMMCState *s = opaque;

     if (size != 2) {
-        omap_badwidth_write16(opaque, offset, value);
+        qemu_log_mask(LOG_GUEST_ERROR, "%s: write at offset 0x%" HWADDR_PRIx
+                      " with bad width %d\n", __func__, offset, size);
         return;
     }