The imx boards were all incorrectly creating ROMs using memory_region_init_rom_device() with a NULL ops pointer. This will cause QEMU to abort if the guest tries to write to the ROM. The way we currently provide for "create a pure ROM" is to use memory_region_init_ram() followed by memory_region_set_readonly(), but this is a bit obscure. So provide a new memory_region_init_rom() which does the equivalent of those two calls, and use it in the imx boards.
We can then add an assert() in memory_region_init_rom_device() to prevent further misuse. (Passing NULL was documented as "I/O space is not supposed to be handled by QEMU itself", but this doesn't make much sense (who would be handling the writes?) and isn't used by any of the callers.) This is for-2.7 because it fixes a crash in the imx boards if the guest misbehaves: https://bugs.launchpad.net/qemu/+bug/1596160 thanks -- PMM Peter Maydell (3): memory: Provide memory_region_init_rom() imx: Use memory_region_init_rom() for ROMs memory: Assert that memory_region_init_rom_device() ops aren't NULL docs/memory.txt | 9 +++++++-- hw/arm/fsl-imx25.c | 8 ++++---- hw/arm/fsl-imx31.c | 9 ++++----- hw/arm/fsl-imx6.c | 8 ++++---- include/exec/memory.h | 24 ++++++++++++++++++++---- memory.c | 16 ++++++++++++++++ 6 files changed, 55 insertions(+), 19 deletions(-) -- 1.9.1