Commit 80c5be9458 for qemu.org
commit 80c5be945877ea3f258679c6042df8f0efd77202
Author: Cédric Le Goater <clg@redhat.com>
Date: Mon Mar 23 13:55:43 2026 +0100
hw/ssi/aspeed_smc: Convert mem ops to read/write_with_attrs for error handling
Error conditions (invalid flash mode, unwritable flash) now return
MEMTX_ERROR instead of silently succeeding or returning undefined
values.
This allows the memory subsystem to properly propagate transaction
errors to the guest, improving QEMU reliability.
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3335
Reviewed-by: Jamin Lin <jamin_lin@aspeedtech.com>
Link: https://lore.kernel.org/qemu-devel/20260323125545.577653-2-clg@redhat.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c
index b9d5ecba29..f0deeea996 100644
--- a/hw/ssi/aspeed_smc.c
+++ b/hw/ssi/aspeed_smc.c
@@ -493,17 +493,18 @@ static void aspeed_smc_flash_setup(AspeedSMCFlash *fl, uint32_t addr)
}
}
-static uint64_t aspeed_smc_flash_read(void *opaque, hwaddr addr, unsigned size)
+static MemTxResult aspeed_smc_flash_read(void *opaque, hwaddr addr,
+ uint64_t *data, unsigned size, MemTxAttrs attrs)
{
AspeedSMCFlash *fl = opaque;
AspeedSMCState *s = fl->controller;
- uint64_t ret = 0;
int i;
+ *data = 0;
switch (aspeed_smc_flash_mode(fl)) {
case CTRL_USERMODE:
for (i = 0; i < size; i++) {
- ret |= (uint64_t) ssi_transfer(s->spi, 0x0) << (8 * i);
+ *data |= (uint64_t) ssi_transfer(s->spi, 0x0) << (8 * i);
}
break;
case CTRL_READMODE:
@@ -512,18 +513,19 @@ static uint64_t aspeed_smc_flash_read(void *opaque, hwaddr addr, unsigned size)
aspeed_smc_flash_setup(fl, addr);
for (i = 0; i < size; i++) {
- ret |= (uint64_t) ssi_transfer(s->spi, 0x0) << (8 * i);
+ *data |= (uint64_t) ssi_transfer(s->spi, 0x0) << (8 * i);
}
aspeed_smc_flash_unselect(fl);
break;
default:
aspeed_smc_error("invalid flash mode %d", aspeed_smc_flash_mode(fl));
+ return MEMTX_ERROR;
}
- trace_aspeed_smc_flash_read(fl->cs, addr, size, ret,
+ trace_aspeed_smc_flash_read(fl->cs, addr, size, *data,
aspeed_smc_flash_mode(fl));
- return ret;
+ return MEMTX_OK;
}
/*
@@ -624,8 +626,8 @@ static bool aspeed_smc_do_snoop(AspeedSMCFlash *fl, uint64_t data,
return false;
}
-static void aspeed_smc_flash_write(void *opaque, hwaddr addr, uint64_t data,
- unsigned size)
+static MemTxResult aspeed_smc_flash_write(void *opaque, hwaddr addr,
+ uint64_t data, unsigned size, MemTxAttrs attrs)
{
AspeedSMCFlash *fl = opaque;
AspeedSMCState *s = fl->controller;
@@ -636,7 +638,7 @@ static void aspeed_smc_flash_write(void *opaque, hwaddr addr, uint64_t data,
if (!aspeed_smc_is_writable(fl)) {
aspeed_smc_error("flash is not writable at 0x%" HWADDR_PRIx, addr);
- return;
+ return MEMTX_ERROR;
}
switch (aspeed_smc_flash_mode(fl)) {
@@ -661,12 +663,15 @@ static void aspeed_smc_flash_write(void *opaque, hwaddr addr, uint64_t data,
break;
default:
aspeed_smc_error("invalid flash mode %d", aspeed_smc_flash_mode(fl));
+ return MEMTX_ERROR;
}
+
+ return MEMTX_OK;
}
static const MemoryRegionOps aspeed_smc_flash_ops = {
- .read = aspeed_smc_flash_read,
- .write = aspeed_smc_flash_write,
+ .read_with_attrs = aspeed_smc_flash_read,
+ .write_with_attrs = aspeed_smc_flash_write,
.endianness = DEVICE_LITTLE_ENDIAN,
.valid = {
.min_access_size = 1,
@@ -754,7 +759,8 @@ static void aspeed_smc_reset(DeviceState *d)
s->snoop_dummies = 0;
}
-static uint64_t aspeed_smc_read(void *opaque, hwaddr addr, unsigned int size)
+static MemTxResult aspeed_smc_read(void *opaque, hwaddr addr, uint64_t *data,
+ unsigned int size, MemTxAttrs attrs)
{
AspeedSMCState *s = ASPEED_SMC(opaque);
AspeedSMCClass *asc = ASPEED_SMC_GET_CLASS(opaque);
@@ -782,12 +788,13 @@ static uint64_t aspeed_smc_read(void *opaque, hwaddr addr, unsigned int size)
trace_aspeed_smc_read(addr << 2, size, s->regs[addr]);
- return s->regs[addr];
+ *data = s->regs[addr];
} else {
qemu_log_mask(LOG_UNIMP, "%s: not implemented: 0x%" HWADDR_PRIx "\n",
__func__, addr);
- return -1;
+ *data = -1;
}
+ return MEMTX_OK;
}
static uint8_t aspeed_smc_hclk_divisor(uint8_t hclk_mask)
@@ -1108,8 +1115,8 @@ static void aspeed_2600_smc_dma_ctrl(AspeedSMCState *s, uint32_t dma_ctrl)
s->regs[R_DMA_CTRL] &= ~(DMA_CTRL_REQUEST | DMA_CTRL_GRANT);
}
-static void aspeed_smc_write(void *opaque, hwaddr addr, uint64_t data,
- unsigned int size)
+static MemTxResult aspeed_smc_write(void *opaque, hwaddr addr, uint64_t data,
+ unsigned int size, MemTxAttrs attrs)
{
AspeedSMCState *s = ASPEED_SMC(opaque);
AspeedSMCClass *asc = ASPEED_SMC_GET_CLASS(s);
@@ -1159,13 +1166,13 @@ static void aspeed_smc_write(void *opaque, hwaddr addr, uint64_t data,
} else {
qemu_log_mask(LOG_UNIMP, "%s: not implemented: 0x%" HWADDR_PRIx "\n",
__func__, addr);
- return;
}
+ return MEMTX_OK;
}
static const MemoryRegionOps aspeed_smc_ops = {
- .read = aspeed_smc_read,
- .write = aspeed_smc_write,
+ .read_with_attrs = aspeed_smc_read,
+ .write_with_attrs = aspeed_smc_write,
.endianness = DEVICE_LITTLE_ENDIAN,
};
@@ -2007,8 +2014,8 @@ static const uint32_t aspeed_2700_fmc_resets[ASPEED_SMC_R_MAX] = {
};
static const MemoryRegionOps aspeed_2700_smc_flash_ops = {
- .read = aspeed_smc_flash_read,
- .write = aspeed_smc_flash_write,
+ .read_with_attrs = aspeed_smc_flash_read,
+ .write_with_attrs = aspeed_smc_flash_write,
.endianness = DEVICE_LITTLE_ENDIAN,
.valid = {
.min_access_size = 1,