memory: Assert that memory_region_init_rom_device() ops aren't NULL

It doesn't make sense to pass a NULL ops argument to
memory_region_init_rom_device(), because the effect will
be that if the guest tries to write to the memory region
then QEMU will segfault. Catch the bug earlier by sanity
checking the arguments to this function, and remove the
misleading documentation that suggests that passing NULL
might be sensible.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1467122287-24974-4-git-send-email-peter.maydell@linaro.org

diff --git a/include/exec/memory.h b/include/exec/memory.h
index 2d9ea3c088acec1ecaeea392d31a4a86c69f5ecc..3e4d4164cd45a159c487d930a4df04d2f4653923 100644 (file)
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -467,12 +467,9 @@ void memory_region_init_rom(MemoryRegion *mr,
  * memory_region_init_rom_device:  Initialize a ROM memory region.  Writes are
  *                                 handled via callbacks.
  *
- * If NULL callbacks pointer is given, then I/O space is not supposed to be
- * handled by QEMU itself. Any access via the memory API will cause an abort().
- *
  * @mr: the #MemoryRegion to be initialized.
  * @owner: the object that tracks the region's reference count
- * @ops: callbacks for write access handling.
+ * @ops: callbacks for write access handling (must not be NULL).
  * @name: the name of the region.
  * @size: size of the region.
  * @errp: pointer to Error*, to store an error if it happens.

diff --git a/memory.c b/memory.c
index ecb565ea8178527f6c9271515fd3d43c9f310371..0eb6895fe6a1535dd44a71e4b65221119b7df438 100644 (file)
--- a/memory.c
+++ b/memory.c
@@ -1399,6 +1399,7 @@ void memory_region_init_rom_device(MemoryRegion *mr,
                                    uint64_t size,
                                    Error **errp)
 {
+    assert(ops);
     memory_region_init(mr, owner, name, size);
     mr->ops = ops;
     mr->opaque = opaque;