Vorago VA416x0: harden iram_write/iram_fill per review

Two follow-ups to the IRAM shadow update fix (da96f5a):

1. Mark the bulk-copy destination as volatile uint32_t * so the compiler
   cannot lower a 32-bit assignment into byte/halfword stores. Sub-word
   stores are silently dropped by the IRAM ECC, so a future codegen
   change could have broken the workaround.

2. Use (uintptr_t)3u / ~(uintptr_t)3u for alignment masking. On targets
   where uintptr_t is wider than unsigned int the bare ~3u would zero
   the high half of the address; harmless on Cortex-M4 today, but the
   helper pattern is easy to copy elsewhere.

The int len type is kept to match the wolfBoot ext_flash_* HAL signature
convention across all ports.

Verified with arm-none-eabi-objdump: aligned bulk path emits only 32-bit
str instructions (no strb/strh).

Author: dgarske

hal/va416x0.c

@@ -376,23 +376,25 @@ static void iram_write(void *dst, const void *src, int len)
 {
     uintptr_t d = (uintptr_t)dst;
     uintptr_t s = (uintptr_t)src;
-    /* Word-aligned bulk copy */
-    if (((d | s) & 3u) == 0u) {
-        uint32_t *wd = (uint32_t *)dst;
+    /* Word-aligned bulk copy. The destination is marked volatile so the
+     * compiler cannot lower a 32-bit assignment into byte/halfword stores
+     * (which would be silently dropped by the IRAM ECC machinery). */
+    if (((d | s) & (uintptr_t)3u) == 0u) {
+        volatile uint32_t *wd = (volatile uint32_t *)dst;
         const uint32_t *ws = (const uint32_t *)src;
         while (len >= 4) {
             *wd++ = *ws++;
             len -= 4;
         }
         /* Fall through with byte tail (typically zero on this target) */
-        dst = wd;
+        dst = (void *)wd;
         src = ws;
     }
     /* Byte tail/unaligned: do read-modify-write of the containing word
      * (sub-word stores are dropped by the hardware). */
     while (len > 0) {
-        uintptr_t addr = (uintptr_t)dst & ~3u;
-        uint32_t off = (uintptr_t)dst & 3u;
+        uintptr_t addr = (uintptr_t)dst & ~(uintptr_t)3u;
+        uint32_t off = (uint32_t)((uintptr_t)dst & (uintptr_t)3u);
         uint32_t word = *(volatile uint32_t *)addr;
         uint8_t *wp = (uint8_t *)&word;
         while (len > 0 && off < 4u) {
@@ -410,17 +412,18 @@ static void iram_fill(void *dst, uint8_t val, int len)
     uint32_t pattern = ((uint32_t)val << 24) | ((uint32_t)val << 16) |
                        ((uint32_t)val << 8)  |  (uint32_t)val;
     uintptr_t d = (uintptr_t)dst;
-    if ((d & 3u) == 0u) {
-        uint32_t *wd = (uint32_t *)dst;
+    /* Word-aligned bulk fill via volatile to guarantee 32-bit stores. */
+    if ((d & (uintptr_t)3u) == 0u) {
+        volatile uint32_t *wd = (volatile uint32_t *)dst;
         while (len >= 4) {
             *wd++ = pattern;
             len -= 4;
         }
-        dst = wd;
+        dst = (void *)wd;
     }
     while (len > 0) {
-        uintptr_t addr = (uintptr_t)dst & ~3u;
-        uint32_t off = (uintptr_t)dst & 3u;
+        uintptr_t addr = (uintptr_t)dst & ~(uintptr_t)3u;
+        uint32_t off = (uint32_t)((uintptr_t)dst & (uintptr_t)3u);
         uint32_t word = *(volatile uint32_t *)addr;
         uint8_t *wp = (uint8_t *)&word;
         while (len > 0 && off < 4u) {