From 7bc2b9cd4da5020b9adff3b3c8fdc04d6bcde79a Mon Sep 17 00:00:00 2001
From: Avi Kivity <avi@redhat.com>
Date: Thu, 25 Aug 2011 14:56:14 +0300
Subject: [PATCH 1/3] memory: fix memory_region_init_rom_device() not
 initializing ->ops

Signed-off-by: Avi Kivity <avi@redhat.com>
---
 memory.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/memory.c b/memory.c
index 8e9ac460e8..b91c5da7b5 100644
--- a/memory.c
+++ b/memory.c
@@ -967,6 +967,7 @@ void memory_region_init_rom_device(MemoryRegion *mr,
                                    uint64_t size)
 {
     memory_region_init(mr, name, size);
+    mr->ops = ops;
     mr->terminates = true;
     mr->destructor = memory_region_destructor_rom_device;
     mr->ram_addr = qemu_ram_alloc(dev, name, size);

From 75f5941cb583712b37a557ce61b95eeba91f520e Mon Sep 17 00:00:00 2001
From: Avi Kivity <avi@redhat.com>
Date: Fri, 26 Aug 2011 00:35:15 +0300
Subject: [PATCH 2/3] memory: add opaque parameter to
 memory_region_init_rom_device()

The MemoryRegionOps callbacks expect it.

Signed-off-by: Avi Kivity <avi@redhat.com>
---
 memory.c | 2 ++
 memory.h | 1 +
 2 files changed, 3 insertions(+)

diff --git a/memory.c b/memory.c
index b91c5da7b5..1491a396ec 100644
--- a/memory.c
+++ b/memory.c
@@ -962,12 +962,14 @@ void memory_region_init_alias(MemoryRegion *mr,
 
 void memory_region_init_rom_device(MemoryRegion *mr,
                                    const MemoryRegionOps *ops,
+                                   void *opaque,
                                    DeviceState *dev,
                                    const char *name,
                                    uint64_t size)
 {
     memory_region_init(mr, name, size);
     mr->ops = ops;
+    mr->opaque = opaque;
     mr->terminates = true;
     mr->destructor = memory_region_destructor_rom_device;
     mr->ram_addr = qemu_ram_alloc(dev, name, size);
diff --git a/memory.h b/memory.h
index 0553cc7526..06b83ae76b 100644
--- a/memory.h
+++ b/memory.h
@@ -235,6 +235,7 @@ void memory_region_init_alias(MemoryRegion *mr,
  */
 void memory_region_init_rom_device(MemoryRegion *mr,
                                    const MemoryRegionOps *ops,
+                                   void *opaque,
                                    DeviceState *dev, /* FIXME: layering violation */
                                    const char *name,
                                    uint64_t size);

From b5fe14cc7efa4e3ef58f591728e69203287a9de4 Mon Sep 17 00:00:00 2001
From: Avi Kivity <avi@redhat.com>
Date: Mon, 29 Aug 2011 09:12:49 +0300
Subject: [PATCH 3/3] memory: fix rom_device I/O mode

When adding a rom_device in I/O mode, we incorrectly masked off the low
bits, resulting in a pure RAM map.  Fix my masking off the high bits and
IO_MEM_ROMD, yielding a pure I/O map.

Signed-off-by: Avi Kivity <avi@redhat.com>
---
 memory.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/memory.c b/memory.c
index 1491a396ec..eb31fa8e58 100644
--- a/memory.c
+++ b/memory.c
@@ -304,7 +304,7 @@ static void as_memory_range_add(AddressSpace *as, FlatRange *fr)
     }
 
     if (!fr->readable) {
-        phys_offset &= TARGET_PAGE_MASK;
+        phys_offset &= ~TARGET_PAGE_MASK & ~IO_MEM_ROMD;
     }
 
     cpu_register_physical_memory_log(fr->addr.start,