[Qemu-devel] [PATCH] Bug Fix:Segmentation fault when use usb-ehci device

[Qemu-devel] [PATCH] Bug Fix:Segmentation fault when use usb-ehci device

[Mike Qiu]

For usb-ehci in qemu, its caps just has read() operation,
the write() operation does not exist.

This cause a Segmentation fault when use usb-ehci device in ppc64
platform.

here is gdb output:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x3fffa7fcef20 (LWP 6793)]
0x00000000103f5244 in memory_region_oldmmio_write_accessor
(opaque=0x113e9e78, addr=9, value=0x3fffa7fce088,
size=1, shift=0, mask=255) at /home/Mike/qemu-impreza/memory.c:384
384  mr->ops->old_mmio.write[ctz32(size)](mr->opaque, addr, tmp);
(gdb) p *mr->ops
$1 = {read = @0x10716f68: 0x1020699c <ehci_caps_read>, write = 0,
   endianness = DEVICE_LITTLE_ENDIAN, valid = {min_access_size = 1,
   max_access_size = 4, unaligned = false, accepts = 0}, impl =
   {min_access_size = 1, max_access_size = 1, unaligned = false},
   old_mmio = {read = {0, 0, 0}, write = {0, 0, 0}}}

Becasue function write() of mr->ops has not been implement, in
function memory_region_dispatch_write(), it call
oldmmio write accessor, but at the same time old_mmio still not
been implement by default.

That is the root cause of the Segmentation fault.

To solve this problem, add empty function: ehci_caps_write()

Signed-off-by: Mike Qiu <qiudayu@linux.vnet.ibm.com>
---
 hw/usb/hcd-ehci.c |    7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index 67e4b24..6c8a439 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -1072,6 +1072,12 @@ static void ehci_port_write(void *ptr, hwaddr addr,
     trace_usb_ehci_portsc_change(addr + s->portscbase, addr >> 2, *portsc, old);
 }
 
+static void ehci_caps_write(void *ptr, hwaddr addr, uint64_t val,
+                           unsigned size)
+{
+    /* nothing */
+}
+
 static void ehci_opreg_write(void *ptr, hwaddr addr,
                              uint64_t val, unsigned size)
 {
@@ -2380,6 +2386,7 @@ static void ehci_frame_timer(void *opaque)
 
 static const MemoryRegionOps ehci_mmio_caps_ops = {
     .read = ehci_caps_read,
+    .write = ehci_caps_write,
     .valid.min_access_size = 1,
     .valid.max_access_size = 4,
     .impl.min_access_size = 1,
-- 
1.7.10.1

Re: [Qemu-devel] [PATCH] Bug Fix:Segmentation fault when use usb-ehci device

[Mike Qiu]

Hi all

Any comments ?

Thanks
Mike
2013/7/16 11:50, Mike Qiu wrote:
> For usb-ehci in qemu, its caps just has read() operation,
> the write() operation does not exist.
>
> This cause a Segmentation fault when use usb-ehci device in ppc64
> platform.
>
> here is gdb output:
>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x3fffa7fcef20 (LWP 6793)]
> 0x00000000103f5244 in memory_region_oldmmio_write_accessor
> (opaque=0x113e9e78, addr=9, value=0x3fffa7fce088,
> size=1, shift=0, mask=255) at /home/Mike/qemu-impreza/memory.c:384
> 384  mr->ops->old_mmio.write[ctz32(size)](mr->opaque, addr, tmp);
> (gdb) p *mr->ops
> $1 = {read = @0x10716f68: 0x1020699c <ehci_caps_read>, write = 0,
>    endianness = DEVICE_LITTLE_ENDIAN, valid = {min_access_size = 1,
>    max_access_size = 4, unaligned = false, accepts = 0}, impl =
>    {min_access_size = 1, max_access_size = 1, unaligned = false},
>    old_mmio = {read = {0, 0, 0}, write = {0, 0, 0}}}
>
> Becasue function write() of mr->ops has not been implement, in
> function memory_region_dispatch_write(), it call
> oldmmio write accessor, but at the same time old_mmio still not
> been implement by default.
>
> That is the root cause of the Segmentation fault.
>
> To solve this problem, add empty function: ehci_caps_write()
>
> Signed-off-by: Mike Qiu <qiudayu@linux.vnet.ibm.com>
> ---
>  hw/usb/hcd-ehci.c |    7 +++++++
>  1 file changed, 7 insertions(+)
>
> diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
> index 67e4b24..6c8a439 100644
> --- a/hw/usb/hcd-ehci.c
> +++ b/hw/usb/hcd-ehci.c
> @@ -1072,6 +1072,12 @@ static void ehci_port_write(void *ptr, hwaddr addr,
>      trace_usb_ehci_portsc_change(addr + s->portscbase, addr >> 2, *portsc, old);
>  }
>
> +static void ehci_caps_write(void *ptr, hwaddr addr, uint64_t val,
> +                           unsigned size)
> +{
> +    /* nothing */
> +}
> +
>  static void ehci_opreg_write(void *ptr, hwaddr addr,
>                               uint64_t val, unsigned size)
>  {
> @@ -2380,6 +2386,7 @@ static void ehci_frame_timer(void *opaque)
>
>  static const MemoryRegionOps ehci_mmio_caps_ops = {
>      .read = ehci_caps_read,
> +    .write = ehci_caps_write,
>      .valid.min_access_size = 1,
>      .valid.max_access_size = 4,
>      .impl.min_access_size = 1,

Re: [Qemu-devel] [PATCH] Bug Fix:Segmentation fault when use usb-ehci device

[Andreas Färber]

Hi,

Am 18.07.2013 17:27, schrieb Mike Qiu:
> Hi all
> 
> Any comments ?

You should've CCed the USB maintainer whose file you are touching for
review rather than just ppc people, see ./MAINTAINERS.

There's some typos in the commit message, but the change looks okay to
me - although there were discussions to catch this on the memory API
side of things instead.

Regards,
Andreas

> 
> Thanks
> Mike
> 2013/7/16 11:50, Mike Qiu wrote:
>> For usb-ehci in qemu, its caps just has read() operation,
>> the write() operation does not exist.
>>
>> This cause a Segmentation fault when use usb-ehci device in ppc64
>> platform.
>>
>> here is gdb output:
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> [Switching to Thread 0x3fffa7fcef20 (LWP 6793)]
>> 0x00000000103f5244 in memory_region_oldmmio_write_accessor
>> (opaque=0x113e9e78, addr=9, value=0x3fffa7fce088,
>> size=1, shift=0, mask=255) at /home/Mike/qemu-impreza/memory.c:384
>> 384  mr->ops->old_mmio.write[ctz32(size)](mr->opaque, addr, tmp);
>> (gdb) p *mr->ops
>> $1 = {read = @0x10716f68: 0x1020699c <ehci_caps_read>, write = 0,
>>    endianness = DEVICE_LITTLE_ENDIAN, valid = {min_access_size = 1,
>>    max_access_size = 4, unaligned = false, accepts = 0}, impl =
>>    {min_access_size = 1, max_access_size = 1, unaligned = false},
>>    old_mmio = {read = {0, 0, 0}, write = {0, 0, 0}}}
>>
>> Becasue function write() of mr->ops has not been implement, in
>> function memory_region_dispatch_write(), it call
>> oldmmio write accessor, but at the same time old_mmio still not
>> been implement by default.
>>
>> That is the root cause of the Segmentation fault.
>>
>> To solve this problem, add empty function: ehci_caps_write()
>>
>> Signed-off-by: Mike Qiu <qiudayu@linux.vnet.ibm.com>
>> ---
>>  hw/usb/hcd-ehci.c |    7 +++++++
>>  1 file changed, 7 insertions(+)
>>
>> diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
>> index 67e4b24..6c8a439 100644
>> --- a/hw/usb/hcd-ehci.c
>> +++ b/hw/usb/hcd-ehci.c
>> @@ -1072,6 +1072,12 @@ static void ehci_port_write(void *ptr, hwaddr addr,
>>      trace_usb_ehci_portsc_change(addr + s->portscbase, addr >> 2, *portsc, old);
>>  }
>>
>> +static void ehci_caps_write(void *ptr, hwaddr addr, uint64_t val,
>> +                           unsigned size)
>> +{
>> +    /* nothing */
>> +}
>> +
>>  static void ehci_opreg_write(void *ptr, hwaddr addr,
>>                               uint64_t val, unsigned size)
>>  {
>> @@ -2380,6 +2386,7 @@ static void ehci_frame_timer(void *opaque)
>>
>>  static const MemoryRegionOps ehci_mmio_caps_ops = {
>>      .read = ehci_caps_read,
>> +    .write = ehci_caps_write,
>>      .valid.min_access_size = 1,
>>      .valid.max_access_size = 4,
>>      .impl.min_access_size = 1,
> 
> 


-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH] Bug Fix:Segmentation fault when use usb-ehci device

[Mike Qiu]

[-- Attachment #1: Type: text/plain, Size: 3122 bytes --]

于 2013/7/19 1:14, Andreas Färber 写道:
> Hi,
>
> Am 18.07.2013 17:27, schrieb Mike Qiu:
>> Hi all
>>
>> Any comments ?
> You should've CCed the USB maintainer whose file you are touching for
> review rather than just ppc people, see ./MAINTAINERS.
I have CC to the usb naintainer Gerd Hoffmann, his files are hw/usb/*.

>
> There's some typos in the commit message, but the change looks okay to
> me - although there were discussions to catch this on the memory API
> side of things instead.
You mean this patch: see below:

exec: Support 64-bit operations in address_s

if so it is very different.

BTW, this bug has been opened before?

Thanks
Mike
>
> Regards,
> Andreas
>
>> Thanks
>> Mike
>> 2013/7/16 11:50, Mike Qiu wrote:
>>> For usb-ehci in qemu, its caps just has read() operation,
>>> the write() operation does not exist.
>>>
>>> This cause a Segmentation fault when use usb-ehci device in ppc64
>>> platform.
>>>
>>> here is gdb output:
>>>
>>> Program received signal SIGSEGV, Segmentation fault.
>>> [Switching to Thread 0x3fffa7fcef20 (LWP 6793)]
>>> 0x00000000103f5244 in memory_region_oldmmio_write_accessor
>>> (opaque=0x113e9e78, addr=9, value=0x3fffa7fce088,
>>> size=1, shift=0, mask=255) at /home/Mike/qemu-impreza/memory.c:384
>>> 384  mr->ops->old_mmio.write[ctz32(size)](mr->opaque, addr, tmp);
>>> (gdb) p *mr->ops
>>> $1 = {read = @0x10716f68: 0x1020699c <ehci_caps_read>, write = 0,
>>>     endianness = DEVICE_LITTLE_ENDIAN, valid = {min_access_size = 1,
>>>     max_access_size = 4, unaligned = false, accepts = 0}, impl =
>>>     {min_access_size = 1, max_access_size = 1, unaligned = false},
>>>     old_mmio = {read = {0, 0, 0}, write = {0, 0, 0}}}
>>>
>>> Becasue function write() of mr->ops has not been implement, in
>>> function memory_region_dispatch_write(), it call
>>> oldmmio write accessor, but at the same time old_mmio still not
>>> been implement by default.
>>>
>>> That is the root cause of the Segmentation fault.
>>>
>>> To solve this problem, add empty function: ehci_caps_write()
>>>
>>> Signed-off-by: Mike Qiu <qiudayu@linux.vnet.ibm.com>
>>> ---
>>>   hw/usb/hcd-ehci.c |    7 +++++++
>>>   1 file changed, 7 insertions(+)
>>>
>>> diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
>>> index 67e4b24..6c8a439 100644
>>> --- a/hw/usb/hcd-ehci.c
>>> +++ b/hw/usb/hcd-ehci.c
>>> @@ -1072,6 +1072,12 @@ static void ehci_port_write(void *ptr, hwaddr addr,
>>>       trace_usb_ehci_portsc_change(addr + s->portscbase, addr >> 2, *portsc, old);
>>>   }
>>>
>>> +static void ehci_caps_write(void *ptr, hwaddr addr, uint64_t val,
>>> +                           unsigned size)
>>> +{
>>> +    /* nothing */
>>> +}
>>> +
>>>   static void ehci_opreg_write(void *ptr, hwaddr addr,
>>>                                uint64_t val, unsigned size)
>>>   {
>>> @@ -2380,6 +2386,7 @@ static void ehci_frame_timer(void *opaque)
>>>
>>>   static const MemoryRegionOps ehci_mmio_caps_ops = {
>>>       .read = ehci_caps_read,
>>> +    .write = ehci_caps_write,
>>>       .valid.min_access_size = 1,
>>>       .valid.max_access_size = 4,
>>>       .impl.min_access_size = 1,
>>
>


[-- Attachment #2: Type: text/html, Size: 4254 bytes --]

Re: [Qemu-devel] [PATCH] Bug Fix:Segmentation fault when use usb-ehci device

[Andreas Färber]

Am 19.07.2013 04:26, schrieb Mike Qiu:
> 于 2013/7/19 1:14, Andreas Färber 写道:
>> There's some typos in the commit message, but the change looks okay to
>> me - although there were discussions to catch this on the memory API
>> side of things instead.
> You mean this patch: see below:
> 
> exec: Support 64-bit operations in address_s

No, I don't. There were other segfault avoidance patches like yours over
the past months - they're all fixing individual segfault symptoms.
Question for Paolo is whether we want to continue to discover them one
by one or whether to implement a fallback inside memory code if .read or
.write is NULL.

Andreas

> 
> BTW, this bug has been opened before?
> 
> Thanks
> Mike
>>
>> Regards,
>> Andreas
>>
>>> Thanks
>>> Mike
>>> 2013/7/16 11:50, Mike Qiu wrote:
>>>> For usb-ehci in qemu, its caps just has read() operation,
>>>> the write() operation does not exist.
>>>>
>>>> This cause a Segmentation fault when use usb-ehci device in ppc64
>>>> platform.
>>>>
>>>> here is gdb output:
>>>>
>>>> Program received signal SIGSEGV, Segmentation fault.
>>>> [Switching to Thread 0x3fffa7fcef20 (LWP 6793)]
>>>> 0x00000000103f5244 in memory_region_oldmmio_write_accessor
>>>> (opaque=0x113e9e78, addr=9, value=0x3fffa7fce088,
>>>> size=1, shift=0, mask=255) at /home/Mike/qemu-impreza/memory.c:384
>>>> 384  mr->ops->old_mmio.write[ctz32(size)](mr->opaque, addr, tmp);
>>>> (gdb) p *mr->ops
>>>> $1 = {read = @0x10716f68: 0x1020699c <ehci_caps_read>, write = 0,
>>>>    endianness = DEVICE_LITTLE_ENDIAN, valid = {min_access_size = 1,
>>>>    max_access_size = 4, unaligned = false, accepts = 0}, impl =
>>>>    {min_access_size = 1, max_access_size = 1, unaligned = false},
>>>>    old_mmio = {read = {0, 0, 0}, write = {0, 0, 0}}}
>>>>
>>>> Becasue function write() of mr->ops has not been implement, in
>>>> function memory_region_dispatch_write(), it call
>>>> oldmmio write accessor, but at the same time old_mmio still not
>>>> been implement by default.
>>>>
>>>> That is the root cause of the Segmentation fault.
>>>>
>>>> To solve this problem, add empty function: ehci_caps_write()
>>>>
>>>> Signed-off-by: Mike Qiu <qiudayu@linux.vnet.ibm.com>
>>>> ---
>>>>  hw/usb/hcd-ehci.c |    7 +++++++
>>>>  1 file changed, 7 insertions(+)
>>>>
>>>> diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
>>>> index 67e4b24..6c8a439 100644
>>>> --- a/hw/usb/hcd-ehci.c
>>>> +++ b/hw/usb/hcd-ehci.c
>>>> @@ -1072,6 +1072,12 @@ static void ehci_port_write(void *ptr, hwaddr addr,
>>>>      trace_usb_ehci_portsc_change(addr + s->portscbase, addr >> 2, *portsc, old);
>>>>  }
>>>>
>>>> +static void ehci_caps_write(void *ptr, hwaddr addr, uint64_t val,
>>>> +                           unsigned size)
>>>> +{
>>>> +    /* nothing */
>>>> +}
>>>> +
>>>>  static void ehci_opreg_write(void *ptr, hwaddr addr,
>>>>                               uint64_t val, unsigned size)
>>>>  {
>>>> @@ -2380,6 +2386,7 @@ static void ehci_frame_timer(void *opaque)
>>>>
>>>>  static const MemoryRegionOps ehci_mmio_caps_ops = {
>>>>      .read = ehci_caps_read,
>>>> +    .write = ehci_caps_write,
>>>>      .valid.min_access_size = 1,
>>>>      .valid.max_access_size = 4,
>>>>      .impl.min_access_size = 1,
>>>
>>
> 


-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH] Bug Fix:Segmentation fault when use usb-ehci device

[Peter Maydell]

On 19 July 2013 15:12, Andreas Färber <afaerber@suse.de> wrote:
> No, I don't. There were other segfault avoidance patches like yours over
> the past months - they're all fixing individual segfault symptoms.
> Question for Paolo is whether we want to continue to discover them one
> by one or whether to implement a fallback inside memory code if .read or
> .write is NULL.

I think that the correct behaviour is "if neither
.read nor .oldmmio.read[x] are set then behave as if
.valid.accepts returned false" (ie "device has not responded
to the read access, bus error").

That said, if we want to add do-nothing functions instead,
then (a) having memory.c provide a single set of nop functions
that devices can use would be nicer than lots of individual
nop functions and (b) a list to start with:

$ for f in $(find . -name '*.c'); do perl -e '$s = 0; while (<>) { if
(/MemoryRegionOps (.*) =/) { $n = $1; $s = 1; next; } next if $s == 0;
if (/\.read = /) { $s |= 2; } if (/\.write = /) { $s |= 4; } if (/;/)
{ print "$ARGV: $n: missing read\n" unless $s & 2; print "$ARGV: $n:
missing write\n" unless $s & 4; $s = 0; }}' $f; done
./memory.c: unassigned_mem_ops: missing read
./memory.c: unassigned_mem_ops: missing write
./exec.c: notdirty_mem_ops: missing read
./hw/pci-host/prep.c: PPC_intack_ops: missing write
./hw/ssi/xilinx_spips.c: lqspi_ops: missing write
./hw/arm/omap1.c: omap_pwt_ops: missing read
./hw/arm/musicpal.c: mv88w8618_wlan_ops: missing write
./hw/scsi/megasas.c: megasas_queue_ops: missing write
./hw/usb/hcd-ehci.c: ehci_mmio_caps_ops: missing write
./hw/usb/hcd-uhci.c: uhci_ioport_ops: missing read
./hw/intc/openpic_kvm.c: kvm_openpic_mem_ops: missing read
./hw/intc/openpic.c: openpic_glb_ops_le: missing read
./hw/intc/openpic.c: openpic_glb_ops_be: missing read
./hw/intc/openpic.c: openpic_tmr_ops_le: missing read
./hw/intc/openpic.c: openpic_tmr_ops_be: missing read
./hw/intc/openpic.c: openpic_cpu_ops_le: missing read
./hw/intc/openpic.c: openpic_cpu_ops_be: missing read
./hw/intc/openpic.c: openpic_src_ops_le: missing read
./hw/intc/openpic.c: openpic_src_ops_be: missing read
./hw/pci/msix.c: msix_pba_mmio_ops: missing write
./hw/xen/xen_platform.c: xen_pci_io_ops: missing read
./hw/misc/lm32_sys.c: sys_ops: missing read
./hw/misc/pc-testdev.c: test_irq_ops: missing read
./hw/misc/pc-testdev.c: test_flush_ops: missing read
./hw/misc/vfio.c: vfio_ati_3c3_quirk: missing write
./hw/misc/debugexit.c: debug_exit_ops: missing read
./hw/net/lan9118.c: *mem_ops: missing read
./hw/net/lan9118.c: *mem_ops: missing write
./hw/char/grlib_apbuart.c: grlib_apbuart_ops: missing read
./hw/char/grlib_apbuart.c: grlib_apbuart_ops: missing write
./hw/isa/pc87312.c: pc87312_io_ops: missing read
./hw/nvram/fw_cfg.c: fw_cfg_ctl_mem_ops: missing read

No doubt there are some false positives in there (eg fw_cfg.c
provides a valid function so we'll never try to do reads)
and it may miss some.

-- PMM

Re: [Qemu-devel] [PATCH] Bug Fix:Segmentation fault when use usb-ehci device

[Mike Qiu]

于 2013/7/19 22:32, Peter Maydell 写道:
> On 19 July 2013 15:12, Andreas Färber <afaerber@suse.de> wrote:
>> No, I don't. There were other segfault avoidance patches like yours over
>> the past months - they're all fixing individual segfault symptoms.
>> Question for Paolo is whether we want to continue to discover them one
>> by one or whether to implement a fallback inside memory code if .read or
>> .write is NULL.
> I think that the correct behaviour is "if neither
> .read nor .oldmmio.read[x] are set then behave as if
> .valid.accepts returned false" (ie "device has not responded
> to the read access, bus error").
>
> That said, if we want to add do-nothing functions instead,
> then (a) having memory.c provide a single set of nop functions
> that devices can use would be nicer than lots of individual
> nop functions and (b) a list to start with:
Yes, can we add one step in
memory_region_oldmmio_read_accessor() and
memory_region_oldmmio_write_accessor()
to check if the oldmmio read and write has been implement,
if no, for .write function, we just drop and do nothing,
for .read function, we drop read and return the value param
with 0xFF or other to show read fault.

Thus, we do not need to fix the segment fault in special field.

Thanks
Mike
>
> $ for f in $(find . -name '*.c'); do perl -e '$s = 0; while (<>) { if
> (/MemoryRegionOps (.*) =/) { $n = $1; $s = 1; next; } next if $s == 0;
> if (/\.read = /) { $s |= 2; } if (/\.write = /) { $s |= 4; } if (/;/)
> { print "$ARGV: $n: missing read\n" unless $s & 2; print "$ARGV: $n:
> missing write\n" unless $s & 4; $s = 0; }}' $f; done
> ./memory.c: unassigned_mem_ops: missing read
> ./memory.c: unassigned_mem_ops: missing write
> ./exec.c: notdirty_mem_ops: missing read
> ./hw/pci-host/prep.c: PPC_intack_ops: missing write
> ./hw/ssi/xilinx_spips.c: lqspi_ops: missing write
> ./hw/arm/omap1.c: omap_pwt_ops: missing read
> ./hw/arm/musicpal.c: mv88w8618_wlan_ops: missing write
> ./hw/scsi/megasas.c: megasas_queue_ops: missing write
> ./hw/usb/hcd-ehci.c: ehci_mmio_caps_ops: missing write
> ./hw/usb/hcd-uhci.c: uhci_ioport_ops: missing read
> ./hw/intc/openpic_kvm.c: kvm_openpic_mem_ops: missing read
> ./hw/intc/openpic.c: openpic_glb_ops_le: missing read
> ./hw/intc/openpic.c: openpic_glb_ops_be: missing read
> ./hw/intc/openpic.c: openpic_tmr_ops_le: missing read
> ./hw/intc/openpic.c: openpic_tmr_ops_be: missing read
> ./hw/intc/openpic.c: openpic_cpu_ops_le: missing read
> ./hw/intc/openpic.c: openpic_cpu_ops_be: missing read
> ./hw/intc/openpic.c: openpic_src_ops_le: missing read
> ./hw/intc/openpic.c: openpic_src_ops_be: missing read
> ./hw/pci/msix.c: msix_pba_mmio_ops: missing write
> ./hw/xen/xen_platform.c: xen_pci_io_ops: missing read
> ./hw/misc/lm32_sys.c: sys_ops: missing read
> ./hw/misc/pc-testdev.c: test_irq_ops: missing read
> ./hw/misc/pc-testdev.c: test_flush_ops: missing read
> ./hw/misc/vfio.c: vfio_ati_3c3_quirk: missing write
> ./hw/misc/debugexit.c: debug_exit_ops: missing read
> ./hw/net/lan9118.c: *mem_ops: missing read
> ./hw/net/lan9118.c: *mem_ops: missing write
> ./hw/char/grlib_apbuart.c: grlib_apbuart_ops: missing read
> ./hw/char/grlib_apbuart.c: grlib_apbuart_ops: missing write
> ./hw/isa/pc87312.c: pc87312_io_ops: missing read
> ./hw/nvram/fw_cfg.c: fw_cfg_ctl_mem_ops: missing read
>
> No doubt there are some false positives in there (eg fw_cfg.c
> provides a valid function so we'll never try to do reads)
> and it may miss some.
>
> -- PMM
>
>