[Qemu-devel] [RFC] docs: describe QEMU's VMGenID design

[Qemu-devel] [RFC] docs: describe QEMU's VMGenID design

[Laszlo Ersek]

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Gal Hammer <ghammer@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---

Notes:
    This is based on the super long private email discussion we had two
    months ago, plus on the IRL discussion between Michael and myself @ the
    KVM Forum 2015.

 docs/specs/vmgenid.txt | 343 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 343 insertions(+)
 create mode 100644 docs/specs/vmgenid.txt

diff --git a/docs/specs/vmgenid.txt b/docs/specs/vmgenid.txt
new file mode 100644
index 0000000..d4bf132
--- /dev/null
+++ b/docs/specs/vmgenid.txt
@@ -0,0 +1,343 @@
+Virtual Machine Generation ID Device
+====================================
+
+The Microsoft specification entitled "Virtual Machine Generation ID",
+maintained at <http://go.microsoft.com/fwlink/?LinkId=260709>, defines an ACPI
+feature that allows the guest OSPM to recognize when it has been returned "to
+an earlier point in time", eg. by restoral from snapshot, or by incoming
+migration. Quoting the spec,
+
+    The virtual machine generation ID is a feature whereby the virtual machines
+    BIOS will expose a new ID. This is a 128-bit, cryptographically random
+    integer value identifier that will be different every time the virtual
+    machine executes from a different configuration file-such as executing from
+    a recovered snapshot, or executing after restoring from backup. [...]
+
+The document you are reading now extracts the requirements set forth by the
+VMGenID spec for hypervisors that intend to provide the feature, and describes
+QEMU's implementation. The design below targets both SeaBIOS and OVMF as
+compatible guest firmwares, without any changes to either of them.
+
+Requirements
+------------
+
+These requirements are extracted from the "How to implement virtual machine
+generation ID support in a virtualization platform" section of the
+specification, dated August 1, 2012.
+
+R1a. The generation ID shall live in an 8-byte aligned buffer.
+
+R1b. The buffer holding the generation ID shall be in guest RAM, ROM, or device
+     MMIO range.
+
+R1c. The buffer holding the generation ID shall be kept separate from areas
+     used by the operating system.
+
+R1d. The buffer shall not be covered by an AddressRangeMemory or
+     AddressRangeACPI entry in the E820 or UEFI memory map.
+
+R1e. The generation ID shall not live in a page frame that could be mapped with
+     caching disabled. (In other words, if the generation ID lives in RAM, then
+     it shall only be mapped as cacheable.)
+
+R2 to R5. [These AML requirements are isolated well enough in the Microsoft
+          specification for us to simply refer to them here.]
+
+R6. The hypervisor shall expose a _HID (hardware identifier) object in the
+    VMGenId device's scope that is unique to the hypervisor vendor.
+
+Generation ID buffer design
+---------------------------
+
+QEMU places the generation ID buffer inside a separate fw_cfg blob that is
+exposed to the guest OS with the ACPI linker/loader.
+
+The structure of the blob is as follows. Offsets, sizes and numeric values are
+given in decimal; furthermore the latter are encoded in little endian.
+
+  Offs  Field               Size  Value
+  ----  ------------------  ----  ------------------------------------
+     0  System Description    36
+        Table Header
+     0    Signature            4                                "UEFI"
+     4    Length               4                                    62
+     8    Revision             1                                     1
+     9    Checksum             1                                     0
+    10    OEMID                6        ACPI_BUILD_APPNAME6 ("BOCHS ")
+    16    OEM Table ID         8                            "QEMUPARM"
+    24    OEM Revision         4                                     1
+    28    Creator ID           4          ACPI_BUILD_APPNAME4 ("BXPC")
+    32    Creator Revision     4                                     1
+
+    36  UEFI Table            18
+        Sub-Header
+    36    Identifier          16  417a5dff-bf4b-4abc-a839-6593bb41f452
+    52    DataOffset           2                                    54
+
+    54  ADDR base pointer      8                                    62
+  ....................................................................
+    62  OVMF SDT Header       36                                zeroes
+        probe suppressor
+    98  VMGenID alignment      6                                zeroes
+        padding
+   104  generation ID         16                       128-bit VMGenID
+   120  fw_cfg blob         3976                                zeroes
+        padding
+  4096  <end of blob>
+
+The fw_cfg blob is divided in two parts conceptually (separated by the dotted
+line in the diagram). The first part, up to and excluding offset 62, is a
+"UEFI" ACPI Table, governed by the UEFI specification 2.5, Appendix O. The
+second part is mainly padding, but it also contains the generation ID.
+
+The "UEFI" ACPI Table -- in the first part -- is a "normal" ACPI table whose
+generic header is defined by the ACPI specification, but for which the UEFI
+spec defines the "UEFI" signature and adds two more fixed fields, "Identifier"
+and "DataOffset".
+
+- The Identifier field carries a 128-bit GUID, and enables firmware
+  implementors to install several "UEFI" tables with different internal
+  structures, enabling OSPM to tell them apart based on the (Type-)Identifier
+  GUID field.
+
+  For the purposes of QEMU's VMGenID implementation, we generated a new GUID
+  with the "uuidgen" utility. It should be different from all other
+  "Identifier" values, present and future, but otherwise no other software need
+  be aware of the concrete GUID value we generated.
+
+- The DataOffset field is just an offset into the table where the actual
+  (Identifier-specific) data starts.
+
+  For the purposes of QEMU's VMGenID implementation, we simply set it to the
+  next (QEMU-specific) field, "ADDR base pointer".
+
+Linker/loader commands
+----------------------
+
+The name of the fw_cfg blob is "etc/acpi/qemuparam". The ALLOCATE command that
+instructs the guest firmware to download this fw_cfg blob specifies an
+alignment of 4096, and the blob will have size 4096 too.
+
+An ADD_POINTER command links the "UEFI" ACPI Table at the start of the blob
+into the RSDT.
+
+Another ADD_POINTER command relocates the "ADDR base pointer" field to the
+absolute address of the "OVMF SDT Header probe suppressor" field, within the
+same blob.
+
+After this relocation, an ADD_CHECKSUM command updates the Checksum field,
+covering the entire "UEFI" ACPI Table (which extends up to and excluding offset
+62).
+
+Blob behavior under SeaBIOS
+---------------------------
+
+(Most of the complexity in the blob is ignored when the guest firmware is
+SeaBIOS.)
+
+- SeaBIOS's ACPI linker/loader client allocates the blob in normal RAM
+  (satisfying R1b).
+
+- Because the ALLOCATE command prescribes an alignment of 4KB, and the blob's
+  size is also 4KB, the allocation covers a standalone page frame in full
+  (satisfying R1e).
+
+- The 128-bit VMGenID field is located at offset 104 within that page,
+  resulting in a guest-physical address divisible by 8 (satisfying R1a).
+
+- The blob is marked as Reserved in the E820 map (satisfying R1c and R1d).
+
+- The "UEFI" ACPI Table at the start of the blob is linked into the RSDT,
+  in-place.
+
+- The "ADDR" AML method (see later) is allowed to refer to the "UEFI" ACPI
+  Table with the DataTableRegion operator, because the table is located in
+  memory marked as AddressRangeReserved.
+
+- The "ADDR base pointer" field points at "OVMF SDT Header probe suppressor",
+  which is right after the "UEFI" ACPI Table inside the blob. At OSPM runtime,
+  the "ADDR" AML method reads the "ADDR base pointer" field, and adds 42, to
+  arrive at the address of the VMGenID field.
+
+  blob @ page offset 0              RSDT
+  +-----------------------+         +-----+
+  | "UEFI" ACPI Table <---------+   | ... |
+  | +-------------------+ |     |   | ... |
+  | | ...               | |     +---- ... |
+  | | ...               | |         +-----+
+  | | ADDR base pointer -----+
+  | +-------------------+ |  |
+  | probe suppressor <-------+
+  | VMGenID @ offset 104  |
+  | padding               |
+  +-----------------------+
+
+Blob behavior under OVMF
+------------------------
+
+The complexity in the blob is required by the two-pass nature of OVMF's ACPI
+linker/loader client, which in turn comes from the fact that OVMF has to
+dissect blobs into individual ACPI tables vs. "other things", tracking the
+ADD_POINTER commands, so that tables can be installed individually, with
+EFI_ACPI_TABLE_PROTOCOL.
+
+- OVMF's ACPI linker/loader client allocates the blob in normal RAM (satisfying
+  R1b).
+
+- Because the ALLOCATE command prescribes an alignment of 4KB, and the blob's
+  size is also 4KB, the allocation covers a standalone page frame in full
+  (satisfying R1e).
+
+- The 128-bit VMGenID field is located at offset 104 within that page,
+  resulting in a guest-physical address divisible by 8 (satisfying R1a).
+
+- OVMF's ACPI linker/loader allocates the blob in EfiACPIMemoryNVS type memory,
+  therefore it is marked as such in the UEFI memmap (satisfying R1c and R1d).
+
+- OVMF identifies the "UEFI" ACPI Table at the start of the blob in the second
+  pass, following the ADD_POINTER command that is meant to link the table into
+  the RSDT. OVMF installs a *copy* of the "UEFI" ACPI Table with
+  EFI_ACPI_TABLE_PROTOCOL (linking the copy into both RSDT and XSDT). Given the
+  "UEFI" signature of the table, EFI_ACPI_TABLE_PROTOCOL places the copy of the
+  table in EfiACPIMemoryNVS type memory.
+
+- The "ADDR" AML method (see later) is allowed to refer to the "UEFI" ACPI
+  Table with the DataTableRegion operator, because the table is located in
+  memory marked as AddressRangeNVS.
+
+- The "ADDR base pointer" field inside the installed table points at "OVMF SDT
+  Header probe suppressor" in the original blob. Because this field is filled
+  with zeros, OVMF's table identification heuristics unconditionally reports a
+  negative when it tracks the relevant ADD_POINTER command to it in the second
+  pass. Therefore the blob is marked as "hosts something else than just ACPI
+  tables", and it is preserved permanently (in the same EfiACPIMemoryNVS type
+  memory where it has been originally allocated).
+
+  At OSPM runtime, the "ADDR" AML method reads the "ADDR base pointer" field,
+  and adds 42, to arrive at the address of the VMGenID field.
+
+  blob @ page offset 0               RSDT         XSDT
+  +-----------------------------+    +-----+      +-----+
+  | "UEFI" ACPI Table (in blob) |    | ... |      | ... |
+  | +-------------------------+ |    | ... ---+   | ... ---------------+
+  | |XXXXXXXXXXXXXXXXXXXXXXXXX| |    +-----+  |   +-----+              |
+  | |XXXXXXX [unused] XXXXXXXX| |             |                        |
+  | |XXXXXXXXXXXXXXXXXXXXXXXXX| |             +------------------------+
+  | +-------------------------+ |                                      |
+  | probe suppressor <-------------+  "UEFI" ACPI Table (installed) <--+
+  | VMGenID @ offset 104        |  |  +---------------------------+
+  | padding                     |  |  | ...                       |
+  +-----------------------------+  |  | ...                       |
+                                   +--- ADDR base pointer         |
+                                      +---------------------------+
+
+ACPI device, control methods
+----------------------------
+
+Requirements R2 through R6 of the VMGenID specification are satisfied with the
+following ACPI logic, exposed by QEMU's ACPI generator in one of the SSDTs, and
+installed by both guest firmwares as such.
+
+The basic idea is that, when the appropriate guest driver calls the ADDR method
+(see R4), OSPM locates the generation ID field in the 4KB blob that lives in
+E820 Reserved (SeaBIOS) or EfiACPIMemoryNVS type (OVMF) memory. The
+guest-physical address of the field is communicated to QEMU via IO ports
+[0x512..0x519] inclusive. Then QEMU is cued through IO port 0x51A to refresh
+(and keep refreshing when appropriate) the generation ID at the passed back
+address. Finally, the method returns the address to the guest driver too, in
+the format required by R4.
+
+    Scope(\_SB) {
+        Device (VMGI) {
+            /* satisfy R2 */
+            Name (_CID, "VM_Gen_Counter")
+
+            /* satisfy R3 */
+            Name (_DDN, "VM_Gen_Counter")
+
+            /* satisfy R6 */
+            Name (_HID, "QEMU0002")
+
+            /* the device owns this IO port range */
+            Name (_CRS, ResourceTemplate () {
+                IO (Decode16, 0x512, 0x512, 1, 9)
+            })
+
+            /* Device status: present, enabled & decoding resources, should be
+             * shown in the UI, functioning properly.
+             */
+            Name (_STA, 0xF)
+
+            /* Satisfy R4.
+             *
+             * This method is serialized because it creates named objects.
+             */
+            Method (ADDR, 0, Serialized) {
+                /* The 8-byte integer field defined as ADBP below is the
+                 * "ADDR base pointer" field in the UEFI ACPI Table.
+                 *
+                 * The DataTableRegion() operator locates that ACPI table by
+                 * scanning the RSDT/XSDT using the (SignatureString,
+                 * OemIDString, OemTableIDString) triplet as key.
+                 *
+                 * Windows XP would normally crash on the DataTableRegion()
+                 * operator, but it never calls the ADDR method, hence it never
+                 * reaches or evaluates DataTableRegion().
+                 */
+                DataTableRegion (TBLR, "UEFI", "BOCHS", "QEMUPARM")
+                Field (TBLR, AnyAcc, NoLock, Preserve) {
+                  Offset (54),
+                  ADBP, 64
+                }
+
+                /* This is the IO port range exposed in the _CRS above.
+                 *
+                 * The first two 4-byte ports are used to communicate the
+                 * 64-bit guest-physical address of the actual (relocated)
+                 * 128-bit generation ID field to QEMU, in little endian
+                 * encoding, so that QEMU can rewrite that field in guest RAM.
+                 *
+                 * A write to last 1-byte port signals that the address has
+                 * been written fully, and QEMU is free to dereference it.
+                 */
+                OperationRegion (VMGR, SystemIO, 0x512, 9)
+                Field (VMGR, DWordAcc, NoLock, Preserve) {
+                    PTLO, 32,
+                    PTHI, 32,
+                    AccessAs (ByteAcc),
+                    DONE, 8
+                }
+
+                /* The ADBP field points to the "OVMF SDT Header probe
+                 * suppressor" area in the blob, at offset 62. In order to
+                 * arrive at the generation ID field at offset 104, we must add
+                 * 42 dynamically.
+                 *
+                 * The RESU buffer below will contain the result of the
+                 * addition. The ADFU field exposes it as an 8-byte integer
+                 * (for storing the sum), while the ADLO and ADHI fields enable
+                 * us to access the result in two separate 4-byte integers.
+                 * This exact integer width is especially important for
+                 * composing the package object that the ADDR method must
+                 * return.
+                 */
+                Name (RESU, Buffer (8) {})
+                CreateQWordField (RESU, 0, ADFU)
+                CreateDWordField (RESU, 0, ADLO)
+                CreateDWordField (RESU, 4, ADHI)
+
+                Add (ADBP, 42, ADFU)
+                Store (ADLO, PTLO)
+                Store (ADHI, PTHI)
+                Store (0, DONE)
+                Return (Package (2) { ADLO, ADHI })
+            }
+        }
+    }
+
+    /* satisfy R5 */
+    Scope (\_GPE) {
+        Method (_E04) {
+            Notify (\_SB.VMGI, 0x80)
+        }
+    }
-- 
1.8.3.1

Re: [Qemu-devel] [RFC] docs: describe QEMU's VMGenID design

[Eric Blake]

[-- Attachment #1: Type: text/plain, Size: 2927 bytes --]

On 08/28/2015 02:18 PM, Laszlo Ersek wrote:
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Gal Hammer <ghammer@redhat.com>
> Cc: Igor Mammedov <imammedo@redhat.com>
> Cc: "Michael S. Tsirkin" <mst@redhat.com>
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> ---
> 
> Notes:
>     This is based on the super long private email discussion we had two
>     months ago, plus on the IRL discussion between Michael and myself @ the
>     KVM Forum 2015.
> 
>  docs/specs/vmgenid.txt | 343 +++++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 343 insertions(+)
>  create mode 100644 docs/specs/vmgenid.txt
> 

Grammar review; I may miss some technical details.

> diff --git a/docs/specs/vmgenid.txt b/docs/specs/vmgenid.txt
> new file mode 100644
> index 0000000..d4bf132
> --- /dev/null
> +++ b/docs/specs/vmgenid.txt
> @@ -0,0 +1,343 @@
> +Virtual Machine Generation ID Device
> +====================================

Is it worth a preamble giving a specific copyright/license for this
file? Without one, it inherits the default GPLv2+ from the top-level,
and there are some people (although I'm not one) that worry that an
independent implementation of a GPL'd spec must itself be GPL (that is,
specifically choosing a looser license for the spec may make it more
amenable to the OVMF folks).

> +
> +The Microsoft specification entitled "Virtual Machine Generation ID",
> +maintained at <http://go.microsoft.com/fwlink/?LinkId=260709>, defines an ACPI
> +feature that allows the guest OSPM to recognize when it has been returned "to
> +an earlier point in time", eg. by restoral from snapshot, or by incoming

s/eg./e.g./
s/restoral/restoring/

> +migration. Quoting the spec,

[I'm not sure that incoming migration is necessarily returning to an
earlier point in time; although I can certainly see that being the case
when repeatedly doing incoming migration from the same file]

> +
> +    The virtual machine generation ID is a feature whereby the virtual machines

s/machines/machine's/ [oh wait, you're quoting Microsoft's poor grammar]

> +    BIOS will expose a new ID. This is a 128-bit, cryptographically random
> +    integer value identifier that will be different every time the virtual
> +    machine executes from a different configuration file-such as executing from
> +    a recovered snapshot, or executing after restoring from backup. [...]
> +
> +The document you are reading now extracts the requirements set forth by the
> +VMGenID spec for hypervisors that intend to provide the feature, and describes
> +QEMU's implementation. The design below targets both SeaBIOS and OVMF as
> +compatible guest firmwares, without any changes to either of them.
> +

Otherwise, I didn't spot any obvious wording problems.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]

Re: [Qemu-devel] [RFC] docs: describe QEMU's VMGenID design

[Laszlo Ersek]

On 09/01/15 21:47, Eric Blake wrote:
> On 08/28/2015 02:18 PM, Laszlo Ersek wrote:
>> Cc: Paolo Bonzini <pbonzini@redhat.com>
>> Cc: Gal Hammer <ghammer@redhat.com>
>> Cc: Igor Mammedov <imammedo@redhat.com>
>> Cc: "Michael S. Tsirkin" <mst@redhat.com>
>> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
>> ---
>>
>> Notes:
>>     This is based on the super long private email discussion we had two
>>     months ago, plus on the IRL discussion between Michael and myself @ the
>>     KVM Forum 2015.
>>
>>  docs/specs/vmgenid.txt | 343 +++++++++++++++++++++++++++++++++++++++++++++++++
>>  1 file changed, 343 insertions(+)
>>  create mode 100644 docs/specs/vmgenid.txt
>>
> 
> Grammar review; I may miss some technical details.
> 
>> diff --git a/docs/specs/vmgenid.txt b/docs/specs/vmgenid.txt
>> new file mode 100644
>> index 0000000..d4bf132
>> --- /dev/null
>> +++ b/docs/specs/vmgenid.txt
>> @@ -0,0 +1,343 @@
>> +Virtual Machine Generation ID Device
>> +====================================
> 
> Is it worth a preamble giving a specific copyright/license for this
> file? Without one, it inherits the default GPLv2+ from the top-level,
> and there are some people (although I'm not one) that worry that an
> independent implementation of a GPL'd spec must itself be GPL (that is,
> specifically choosing a looser license for the spec may make it more
> amenable to the OVMF folks).

(1) Like you, I don't believe that the copyright license covering a
specification would automatically cover the source code written based on
the specification.

(2) If necessary I (wearing my red fedora) could just relicense this
stuff on the spot, as copyright holder, if the greater edk2 community
had concerns. But, OVMF patches will not be necessary at all, because...
see (3).

(3) I couldn't decide if this text file should go under docs/, or
docs/specs. The tricky fact about this specific vmgenid design is that
the guest will "know" about it, but no *specific* guest code needs to be
written for it.

First, the ACPI linker/loader clients in both SeaBIOS and OVMF should
"just work" (without any changes). In that sense the *specific* design
here is not guest ABI. The ACPI linker/loader is guest ABI instead; this
design is just a "clever" application of the ACPI linker/loader. (I can
call it clever, it's only in part my idea. :))

Second, guest operating systems will need drivers for this device
(obviously), but those drivers are ACPI based, and will have to consult
the Microsoft spec only, not this file.

Given the above two (ie. neither guest firmare developers nor guest OS
developers need read this text file), I'd say this is not guest ABI. It
is (detailed) documentation / specification for some QEMU internals.

Do you think the file should go under docs/, not docs/specs?

> 
>> +
>> +The Microsoft specification entitled "Virtual Machine Generation ID",
>> +maintained at <http://go.microsoft.com/fwlink/?LinkId=260709>, defines an ACPI
>> +feature that allows the guest OSPM to recognize when it has been returned "to
>> +an earlier point in time", eg. by restoral from snapshot, or by incoming
> 
> s/eg./e.g./

Good catch!

> s/restoral/restoring/

Okay.

> 
>> +migration. Quoting the spec,
> 
> [I'm not sure that incoming migration is necessarily returning to an
> earlier point in time; although I can certainly see that being the case
> when repeatedly doing incoming migration from the same file]

Yeah, I thought the same. The MS spec uses the word "replay" or some
such IIRC. I kinda accepted that this part wasn't going to be 100%
precise. :)

> 
>> +
>> +    The virtual machine generation ID is a feature whereby the virtual machines
> 
> s/machines/machine's/ [oh wait, you're quoting Microsoft's poor grammar]

Yep :) I noticed that. I resisted the urge to fix it. :)

> 
>> +    BIOS will expose a new ID. This is a 128-bit, cryptographically random
>> +    integer value identifier that will be different every time the virtual
>> +    machine executes from a different configuration file-such as executing from
>> +    a recovered snapshot, or executing after restoring from backup. [...]
>> +
>> +The document you are reading now extracts the requirements set forth by the
>> +VMGenID spec for hypervisors that intend to provide the feature, and describes
>> +QEMU's implementation. The design below targets both SeaBIOS and OVMF as
>> +compatible guest firmwares, without any changes to either of them.
>> +
> 
> Otherwise, I didn't spot any obvious wording problems.

Thanks for the review!
Laszlo

> 

Re: [Qemu-devel] [RFC] docs: describe QEMU's VMGenID design

[Eric Blake]

[-- Attachment #1: Type: text/plain, Size: 2360 bytes --]

On 09/01/2015 04:05 PM, Laszlo Ersek wrote:

> 
> (3) I couldn't decide if this text file should go under docs/, or
> docs/specs. The tricky fact about this specific vmgenid design is that
> the guest will "know" about it, but no *specific* guest code needs to be
> written for it.
> 
> First, the ACPI linker/loader clients in both SeaBIOS and OVMF should
> "just work" (without any changes). In that sense the *specific* design
> here is not guest ABI. The ACPI linker/loader is guest ABI instead; this
> design is just a "clever" application of the ACPI linker/loader. (I can
> call it clever, it's only in part my idea. :))
> 
> Second, guest operating systems will need drivers for this device
> (obviously), but those drivers are ACPI based, and will have to consult
> the Microsoft spec only, not this file.
> 
> Given the above two (ie. neither guest firmare developers nor guest OS
> developers need read this text file), I'd say this is not guest ABI. It
> is (detailed) documentation / specification for some QEMU internals.
> 
> Do you think the file should go under docs/, not docs/specs?

I don't know if there is a strong explanation for why we have the
separation, but given your argument, docs/ (all qemu-related
documentation that has no more specific location) indeed sounds slightly
better than docs/specs/ (files that independent implementations must pay
attention to).

>>> +migration. Quoting the spec,
>>

>>> +    The virtual machine generation ID is a feature whereby the virtual machines
>>
>> s/machines/machine's/ [oh wait, you're quoting Microsoft's poor grammar]
> 
> Yep :) I noticed that. I resisted the urge to fix it. :)

A pedantic editor might write "machines [sic] BIOS", but that just calls
attention to the blunder with an intent to appear snobbish.  You could
possibly get away with "whereby the virtual [machine's] BIOS" to make
the sentence grammatically correct while still marking your deviations
from the original, and without calling as much attention to the mistake,
but even that feels overboard.  So I agree with your decision to leave
it alone (we've already called enough attention to it in this thread
without needing any further time spent on it).

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]

Re: [Qemu-devel] [RFC] docs: describe QEMU's VMGenID design

[Paolo Bonzini]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



On 02/09/2015 00:22, Eric Blake wrote:
>> Do you think the file should go under docs/, not docs/specs?
> 
> I don't know if there is a strong explanation for why we have the 
> separation, but given your argument, docs/ (all qemu-related 
> documentation that has no more specific location) indeed sounds 
> slightly better than docs/specs/ (files that independent 
> implementations must pay attention to).

Fascinating distinction. :)  I think docs/ is clearer.

Paolo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJV7bumAAoJEL/70l94x66DO5oH/2N3gmhv6kyt3N9wAkdeO6Vm
NZ6jkmNB6QW7envzppWfGkzTvTyA+0LKw8Mh6D0VHxdo+b5nm4+K24Ox62Vs3Pgy
5LU2bffffepjv6Tni/Vs2+t/TF3RY2eFiYwHt6T30ZMit1nRwfkUfz1VMUV/macO
4IBu8RL2UJPeUL8U29OT6oFxhslcDbx9MYOHrfHqFVyyzfYkvmSQ7GYKwpXlVdNj
s88xJyyDmSaNNlLkl5H8ZA19EOwDfCfbNTh6vYx94vEftaiWXlSCBtsryr6SHEIx
LmQe5IjwkxeTixtH4EowDmwVjlodsTn16BMgJZLvKU69vStM0mIHtXETHTSwBmU=
=wdgK
-----END PGP SIGNATURE-----

Re: [Qemu-devel] [RFC] docs: describe QEMU's VMGenID design

[Michael S. Tsirkin]

On Fri, Aug 28, 2015 at 10:18:28PM +0200, Laszlo Ersek wrote:
> +R1e. The generation ID shall not live in a page frame that could be mapped with
> +     caching disabled. (In other words, if the generation ID lives in RAM, then
> +     it shall only be mapped as cacheable.)

Same if it's in ROM and MMIO.

The rest of it looks good to me.

Acked-by: Michael S. Tsirkin <mst@redhat.com>

Re: [Qemu-devel] [RFC] docs: describe QEMU's VMGenID design

[Laszlo Ersek]

On 09/03/15 15:49, Michael S. Tsirkin wrote:
> On Fri, Aug 28, 2015 at 10:18:28PM +0200, Laszlo Ersek wrote:
>> +R1e. The generation ID shall not live in a page frame that could be mapped with
>> +     caching disabled. (In other words, if the generation ID lives in RAM, then
>> +     it shall only be mapped as cacheable.)
> 
> Same if it's in ROM and MMIO.

Okay, I'll reword it as:

R1e. The generation ID shall not live in a page frame that could be
     mapped with caching disabled. (In other words, regardless of
     whether the generation ID lives in RAM, ROM or MMIO, it shall only
     be mapped as cacheable.)

> The rest of it looks good to me.
> 
> Acked-by: Michael S. Tsirkin <mst@redhat.com>

Thanks!
Laszlo

[Qemu-devel] Windows does not support DataTableRegion at all [was: docs: describe QEMU's VMGenID design]

[Laszlo Ersek]

As the subject suggests, I have terrible news.

I'll preserve the full context here, so that it's easy to scroll back to
the ASL for reference.

I'm also CC'ing edk2-devel, because a number of BIOS developers should
be congregating there.

On 08/28/15 22:18, Laszlo Ersek wrote:
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Gal Hammer <ghammer@redhat.com>
> Cc: Igor Mammedov <imammedo@redhat.com>
> Cc: "Michael S. Tsirkin" <mst@redhat.com>
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> ---
>
> Notes:
>     This is based on the super long private email discussion we had two
>     months ago, plus on the IRL discussion between Michael and myself @ the
>     KVM Forum 2015.
>
>  docs/specs/vmgenid.txt | 343 +++++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 343 insertions(+)
>  create mode 100644 docs/specs/vmgenid.txt
>
> diff --git a/docs/specs/vmgenid.txt b/docs/specs/vmgenid.txt
> new file mode 100644
> index 0000000..d4bf132
> --- /dev/null
> +++ b/docs/specs/vmgenid.txt
> @@ -0,0 +1,343 @@
> +Virtual Machine Generation ID Device
> +====================================
> +
> +The Microsoft specification entitled "Virtual Machine Generation ID",
> +maintained at <http://go.microsoft.com/fwlink/?LinkId=260709>, defines an ACPI
> +feature that allows the guest OSPM to recognize when it has been returned "to
> +an earlier point in time", eg. by restoral from snapshot, or by incoming
> +migration. Quoting the spec,
> +
> +    The virtual machine generation ID is a feature whereby the virtual machines
> +    BIOS will expose a new ID. This is a 128-bit, cryptographically random
> +    integer value identifier that will be different every time the virtual
> +    machine executes from a different configuration file-such as executing from
> +    a recovered snapshot, or executing after restoring from backup. [...]
> +
> +The document you are reading now extracts the requirements set forth by the
> +VMGenID spec for hypervisors that intend to provide the feature, and describes
> +QEMU's implementation. The design below targets both SeaBIOS and OVMF as
> +compatible guest firmwares, without any changes to either of them.
> +
> +Requirements
> +------------
> +
> +These requirements are extracted from the "How to implement virtual machine
> +generation ID support in a virtualization platform" section of the
> +specification, dated August 1, 2012.
> +
> +R1a. The generation ID shall live in an 8-byte aligned buffer.
> +
> +R1b. The buffer holding the generation ID shall be in guest RAM, ROM, or device
> +     MMIO range.
> +
> +R1c. The buffer holding the generation ID shall be kept separate from areas
> +     used by the operating system.
> +
> +R1d. The buffer shall not be covered by an AddressRangeMemory or
> +     AddressRangeACPI entry in the E820 or UEFI memory map.
> +
> +R1e. The generation ID shall not live in a page frame that could be mapped with
> +     caching disabled. (In other words, if the generation ID lives in RAM, then
> +     it shall only be mapped as cacheable.)
> +
> +R2 to R5. [These AML requirements are isolated well enough in the Microsoft
> +          specification for us to simply refer to them here.]
> +
> +R6. The hypervisor shall expose a _HID (hardware identifier) object in the
> +    VMGenId device's scope that is unique to the hypervisor vendor.
> +
> +Generation ID buffer design
> +---------------------------
> +
> +QEMU places the generation ID buffer inside a separate fw_cfg blob that is
> +exposed to the guest OS with the ACPI linker/loader.
> +
> +The structure of the blob is as follows. Offsets, sizes and numeric values are
> +given in decimal; furthermore the latter are encoded in little endian.
> +
> +  Offs  Field               Size  Value
> +  ----  ------------------  ----  ------------------------------------
> +     0  System Description    36
> +        Table Header
> +     0    Signature            4                                "UEFI"
> +     4    Length               4                                    62
> +     8    Revision             1                                     1
> +     9    Checksum             1                                     0
> +    10    OEMID                6        ACPI_BUILD_APPNAME6 ("BOCHS ")
> +    16    OEM Table ID         8                            "QEMUPARM"
> +    24    OEM Revision         4                                     1
> +    28    Creator ID           4          ACPI_BUILD_APPNAME4 ("BXPC")
> +    32    Creator Revision     4                                     1
> +
> +    36  UEFI Table            18
> +        Sub-Header
> +    36    Identifier          16  417a5dff-bf4b-4abc-a839-6593bb41f452
> +    52    DataOffset           2                                    54
> +
> +    54  ADDR base pointer      8                                    62
> +  ....................................................................
> +    62  OVMF SDT Header       36                                zeroes
> +        probe suppressor
> +    98  VMGenID alignment      6                                zeroes
> +        padding
> +   104  generation ID         16                       128-bit VMGenID
> +   120  fw_cfg blob         3976                                zeroes
> +        padding
> +  4096  <end of blob>
> +
> +The fw_cfg blob is divided in two parts conceptually (separated by the dotted
> +line in the diagram). The first part, up to and excluding offset 62, is a
> +"UEFI" ACPI Table, governed by the UEFI specification 2.5, Appendix O. The
> +second part is mainly padding, but it also contains the generation ID.
> +
> +The "UEFI" ACPI Table -- in the first part -- is a "normal" ACPI table whose
> +generic header is defined by the ACPI specification, but for which the UEFI
> +spec defines the "UEFI" signature and adds two more fixed fields, "Identifier"
> +and "DataOffset".
> +
> +- The Identifier field carries a 128-bit GUID, and enables firmware
> +  implementors to install several "UEFI" tables with different internal
> +  structures, enabling OSPM to tell them apart based on the (Type-)Identifier
> +  GUID field.
> +
> +  For the purposes of QEMU's VMGenID implementation, we generated a new GUID
> +  with the "uuidgen" utility. It should be different from all other
> +  "Identifier" values, present and future, but otherwise no other software need
> +  be aware of the concrete GUID value we generated.
> +
> +- The DataOffset field is just an offset into the table where the actual
> +  (Identifier-specific) data starts.
> +
> +  For the purposes of QEMU's VMGenID implementation, we simply set it to the
> +  next (QEMU-specific) field, "ADDR base pointer".
> +
> +Linker/loader commands
> +----------------------
> +
> +The name of the fw_cfg blob is "etc/acpi/qemuparam". The ALLOCATE command that
> +instructs the guest firmware to download this fw_cfg blob specifies an
> +alignment of 4096, and the blob will have size 4096 too.
> +
> +An ADD_POINTER command links the "UEFI" ACPI Table at the start of the blob
> +into the RSDT.
> +
> +Another ADD_POINTER command relocates the "ADDR base pointer" field to the
> +absolute address of the "OVMF SDT Header probe suppressor" field, within the
> +same blob.
> +
> +After this relocation, an ADD_CHECKSUM command updates the Checksum field,
> +covering the entire "UEFI" ACPI Table (which extends up to and excluding offset
> +62).
> +
> +Blob behavior under SeaBIOS
> +---------------------------
> +
> +(Most of the complexity in the blob is ignored when the guest firmware is
> +SeaBIOS.)
> +
> +- SeaBIOS's ACPI linker/loader client allocates the blob in normal RAM
> +  (satisfying R1b).
> +
> +- Because the ALLOCATE command prescribes an alignment of 4KB, and the blob's
> +  size is also 4KB, the allocation covers a standalone page frame in full
> +  (satisfying R1e).
> +
> +- The 128-bit VMGenID field is located at offset 104 within that page,
> +  resulting in a guest-physical address divisible by 8 (satisfying R1a).
> +
> +- The blob is marked as Reserved in the E820 map (satisfying R1c and R1d).
> +
> +- The "UEFI" ACPI Table at the start of the blob is linked into the RSDT,
> +  in-place.
> +
> +- The "ADDR" AML method (see later) is allowed to refer to the "UEFI" ACPI
> +  Table with the DataTableRegion operator, because the table is located in
> +  memory marked as AddressRangeReserved.
> +
> +- The "ADDR base pointer" field points at "OVMF SDT Header probe suppressor",
> +  which is right after the "UEFI" ACPI Table inside the blob. At OSPM runtime,
> +  the "ADDR" AML method reads the "ADDR base pointer" field, and adds 42, to
> +  arrive at the address of the VMGenID field.
> +
> +  blob @ page offset 0              RSDT
> +  +-----------------------+         +-----+
> +  | "UEFI" ACPI Table <---------+   | ... |
> +  | +-------------------+ |     |   | ... |
> +  | | ...               | |     +---- ... |
> +  | | ...               | |         +-----+
> +  | | ADDR base pointer -----+
> +  | +-------------------+ |  |
> +  | probe suppressor <-------+
> +  | VMGenID @ offset 104  |
> +  | padding               |
> +  +-----------------------+
> +
> +Blob behavior under OVMF
> +------------------------
> +
> +The complexity in the blob is required by the two-pass nature of OVMF's ACPI
> +linker/loader client, which in turn comes from the fact that OVMF has to
> +dissect blobs into individual ACPI tables vs. "other things", tracking the
> +ADD_POINTER commands, so that tables can be installed individually, with
> +EFI_ACPI_TABLE_PROTOCOL.
> +
> +- OVMF's ACPI linker/loader client allocates the blob in normal RAM (satisfying
> +  R1b).
> +
> +- Because the ALLOCATE command prescribes an alignment of 4KB, and the blob's
> +  size is also 4KB, the allocation covers a standalone page frame in full
> +  (satisfying R1e).
> +
> +- The 128-bit VMGenID field is located at offset 104 within that page,
> +  resulting in a guest-physical address divisible by 8 (satisfying R1a).
> +
> +- OVMF's ACPI linker/loader allocates the blob in EfiACPIMemoryNVS type memory,
> +  therefore it is marked as such in the UEFI memmap (satisfying R1c and R1d).
> +
> +- OVMF identifies the "UEFI" ACPI Table at the start of the blob in the second
> +  pass, following the ADD_POINTER command that is meant to link the table into
> +  the RSDT. OVMF installs a *copy* of the "UEFI" ACPI Table with
> +  EFI_ACPI_TABLE_PROTOCOL (linking the copy into both RSDT and XSDT). Given the
> +  "UEFI" signature of the table, EFI_ACPI_TABLE_PROTOCOL places the copy of the
> +  table in EfiACPIMemoryNVS type memory.
> +
> +- The "ADDR" AML method (see later) is allowed to refer to the "UEFI" ACPI
> +  Table with the DataTableRegion operator, because the table is located in
> +  memory marked as AddressRangeNVS.
> +
> +- The "ADDR base pointer" field inside the installed table points at "OVMF SDT
> +  Header probe suppressor" in the original blob. Because this field is filled
> +  with zeros, OVMF's table identification heuristics unconditionally reports a
> +  negative when it tracks the relevant ADD_POINTER command to it in the second
> +  pass. Therefore the blob is marked as "hosts something else than just ACPI
> +  tables", and it is preserved permanently (in the same EfiACPIMemoryNVS type
> +  memory where it has been originally allocated).
> +
> +  At OSPM runtime, the "ADDR" AML method reads the "ADDR base pointer" field,
> +  and adds 42, to arrive at the address of the VMGenID field.
> +
> +  blob @ page offset 0               RSDT         XSDT
> +  +-----------------------------+    +-----+      +-----+
> +  | "UEFI" ACPI Table (in blob) |    | ... |      | ... |
> +  | +-------------------------+ |    | ... ---+   | ... ---------------+
> +  | |XXXXXXXXXXXXXXXXXXXXXXXXX| |    +-----+  |   +-----+              |
> +  | |XXXXXXX [unused] XXXXXXXX| |             |                        |
> +  | |XXXXXXXXXXXXXXXXXXXXXXXXX| |             +------------------------+
> +  | +-------------------------+ |                                      |
> +  | probe suppressor <-------------+  "UEFI" ACPI Table (installed) <--+
> +  | VMGenID @ offset 104        |  |  +---------------------------+
> +  | padding                     |  |  | ...                       |
> +  +-----------------------------+  |  | ...                       |
> +                                   +--- ADDR base pointer         |
> +                                      +---------------------------+
> +
> +ACPI device, control methods
> +----------------------------
> +
> +Requirements R2 through R6 of the VMGenID specification are satisfied with the
> +following ACPI logic, exposed by QEMU's ACPI generator in one of the SSDTs, and
> +installed by both guest firmwares as such.
> +
> +The basic idea is that, when the appropriate guest driver calls the ADDR method
> +(see R4), OSPM locates the generation ID field in the 4KB blob that lives in
> +E820 Reserved (SeaBIOS) or EfiACPIMemoryNVS type (OVMF) memory. The
> +guest-physical address of the field is communicated to QEMU via IO ports
> +[0x512..0x519] inclusive. Then QEMU is cued through IO port 0x51A to refresh
> +(and keep refreshing when appropriate) the generation ID at the passed back
> +address. Finally, the method returns the address to the guest driver too, in
> +the format required by R4.
> +
> +    Scope(\_SB) {
> +        Device (VMGI) {
> +            /* satisfy R2 */
> +            Name (_CID, "VM_Gen_Counter")
> +
> +            /* satisfy R3 */
> +            Name (_DDN, "VM_Gen_Counter")
> +
> +            /* satisfy R6 */
> +            Name (_HID, "QEMU0002")
> +
> +            /* the device owns this IO port range */
> +            Name (_CRS, ResourceTemplate () {
> +                IO (Decode16, 0x512, 0x512, 1, 9)
> +            })
> +
> +            /* Device status: present, enabled & decoding resources, should be
> +             * shown in the UI, functioning properly.
> +             */
> +            Name (_STA, 0xF)
> +
> +            /* Satisfy R4.
> +             *
> +             * This method is serialized because it creates named objects.
> +             */
> +            Method (ADDR, 0, Serialized) {
> +                /* The 8-byte integer field defined as ADBP below is the
> +                 * "ADDR base pointer" field in the UEFI ACPI Table.
> +                 *
> +                 * The DataTableRegion() operator locates that ACPI table by
> +                 * scanning the RSDT/XSDT using the (SignatureString,
> +                 * OemIDString, OemTableIDString) triplet as key.
> +                 *
> +                 * Windows XP would normally crash on the DataTableRegion()
> +                 * operator, but it never calls the ADDR method, hence it never
> +                 * reaches or evaluates DataTableRegion().
> +                 */
> +                DataTableRegion (TBLR, "UEFI", "BOCHS", "QEMUPARM")
> +                Field (TBLR, AnyAcc, NoLock, Preserve) {
> +                  Offset (54),
> +                  ADBP, 64
> +                }
> +
> +                /* This is the IO port range exposed in the _CRS above.
> +                 *
> +                 * The first two 4-byte ports are used to communicate the
> +                 * 64-bit guest-physical address of the actual (relocated)
> +                 * 128-bit generation ID field to QEMU, in little endian
> +                 * encoding, so that QEMU can rewrite that field in guest RAM.
> +                 *
> +                 * A write to last 1-byte port signals that the address has
> +                 * been written fully, and QEMU is free to dereference it.
> +                 */
> +                OperationRegion (VMGR, SystemIO, 0x512, 9)
> +                Field (VMGR, DWordAcc, NoLock, Preserve) {
> +                    PTLO, 32,
> +                    PTHI, 32,
> +                    AccessAs (ByteAcc),
> +                    DONE, 8
> +                }
> +
> +                /* The ADBP field points to the "OVMF SDT Header probe
> +                 * suppressor" area in the blob, at offset 62. In order to
> +                 * arrive at the generation ID field at offset 104, we must add
> +                 * 42 dynamically.
> +                 *
> +                 * The RESU buffer below will contain the result of the
> +                 * addition. The ADFU field exposes it as an 8-byte integer
> +                 * (for storing the sum), while the ADLO and ADHI fields enable
> +                 * us to access the result in two separate 4-byte integers.
> +                 * This exact integer width is especially important for
> +                 * composing the package object that the ADDR method must
> +                 * return.
> +                 */
> +                Name (RESU, Buffer (8) {})
> +                CreateQWordField (RESU, 0, ADFU)
> +                CreateDWordField (RESU, 0, ADLO)
> +                CreateDWordField (RESU, 4, ADHI)
> +
> +                Add (ADBP, 42, ADFU)
> +                Store (ADLO, PTLO)
> +                Store (ADHI, PTHI)
> +                Store (0, DONE)
> +                Return (Package (2) { ADLO, ADHI })
> +            }
> +        }
> +    }
> +
> +    /* satisfy R5 */
> +    Scope (\_GPE) {
> +        Method (_E04) {
> +            Notify (\_SB.VMGI, 0x80)
> +        }
> +    }
>

In the last few days, I implemented all of the above (ie. all the ACPI
stuff, but not the actual device model). I was very excited about the
ACPI part, and figured I'd do that first, to see if Windows would like
it, and if so, do the device model as second (reusing as much of Gal's
work as possible).

I intend to post my current patches later, only as an FYI, for
posterity. I validated them extensively *outside of Windows* with the
following methods:

- I used the OVMF debug log to sanity check the linker/loader commands'
  execution, and to glean the actual allocation address of the fw_cfg
  blob containing the UEFI ACPI Data Table and the generation ID field.

- I used a Fedora guest to validate whether both the original allocation
  of the blob, and the UEFI ACPI Data Table separately installed with
  EFI_ACPI_TABLE_PROTOCOL, were in AcpiNVS type memory, according to the
  UEFI memory map. They were.

- I checked the dmesg.

- I used the ACPICA instance, wrapped with Python, and built into GRUB,
  from the BITS ISO (http://biosbits.org/download/), for dynamic
  verification.

  I've recently learned about this incredible tool from
  <http://lwn.net/Articles/655992/>. The killer feature of ACPI testing
  with BITS is that there is no interference from any OS at all, because
  there *is* no OS. BITS runs in a pure firmware environment, both on
  UEFI and on legacy BIOS -- it is ACPICA in Python in GRUB on top of
  the firmware.

  In a nutshell (hat tip to Josh Triplett for usage help), you boot the
  ISO, then select "Python Interpreter" from the GURB menu, then do the
  following:

  >>> import acpi
  >>> acpi.get_objpaths("ADDR")
  >>> acpi.evaluate("\\_SB_.VMGI.ADDR")

  The second command will locate the ADDR control method with full path
  (it performs a "wildcard" search in the ACPI namespace if you like),
  and the third command will actually call and evaluate that method, and
  print the return value.

  ("Unsafe" ioport access is not done by default, but one can pass the
  "unsafe_io=True" keyword arg to the Python method, and then the ioport
  accesses are done too. In any case, I didn't use that for now, because
  the actual device model was still missing, as I've said.)

  The above test proved that my code (and the design behind it) were
  sound; the UEFI ACPI Data Table was looked up just fine, the ADBP
  field was read out of it, incremented by 42 in AML, and the absolute
  address of the final generation ID field (which I cross-referenced
  with the OVMF debug log -- see the allocation address of the blob
  above) was *right*.

Pop the champagne, correct? Not so fast. I booted Windows Server 2012 R2
on top of this thing... and Device Manager showed the familiar yellow
triangle on the "Microsoft Hyper-V Generation Counter" system device.

I collected as much data as I could from Device Manager:

> General
> -------
> This device cannot find enough free resources that it can use. (Code
> 12)
>
> If you want to use this device, you will need to disable one of the
> other devices on this system.
>
> Events
> ------
> * Device configured (wgencounter.inf)
> Device ACPI\QEMU0002\2&daba3ff&1 was configured.
>
> Driver Name: wgencounter.inf
> Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
> Driver Date: 06/21/2006
> Driver Version: 6.3.9600.16384
> Driver Provider: Microsoft
> Driver Section: VmGenCounter.NT
> Driver Rank: 0xFF2001
> Matching Device Id: VM_Gen_Counter
> Outranked Drivers:
> Device Updated: false
>
> * Device not started (gencounter)
> Device ACPI\QEMU0002\2&daba3ff&1 had a problem starting.
>
> Driver Name: wgencounter.inf
> Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
> Service: gencounter
> Lower Filters:
> Upper Filters:
> Problem: 0xC
> Status: 0x0
>
> Resources
> ---------
> I/O Range 0512-051A
> Conflicting device list:
> No conflicts.
>
> Details
> -------
> *Problem status
> {Conflicting Address Range}
> The specified address range conflicts with the address space.
> C0000018

Note that there were *no* conflicting devices!

At this point I applied Gal's v15 from the mailing list archive to
Peter's one merge commit on master that just preceded Gal's posting of
v15 in April. That commit was 87a8adc087, and Gal's v15 applied to it
just fine. Then I rebased Gal's v15 to current master (where my own work
was based off of), namely commit fc04a730b7, fixed up the conflicts,
built it and tested it.

As I expected (because I was sure Gal had tested his work), the yellow
triangle was *not* there. So what was the difference? Well, with gradual
elimination of stuff, and parallel tweaking of Gal's work and mine, I
managed to meet in the middle, and ascertained the following facts:

- If you have no _CRS for VMGENID at all, that's fine.

- If you have a _CRS with nothing in it, that's fine too.

- If you have a _CRS with just a fixed memory32 descriptor in it, that's
  cool.

- If you have an IO descriptor in the _CRS (regardless of a present or
  absent memory descriptor "neighbor"), then the vmgenid driver in
  Windows chokes. In other words, exposing a truthful _CRS was "too
  honest" for Windows' VMGENID driver; we must not admit that we use IO
  ports in the ADDR method.

(Side note: this is not mentioned in the VMGENID spec...)

Anyhow, problem solved, right? Not so fast. When I removed the _CRS, the
error quoted above ("Conflicting Address Range") went away, but another
one popped up: "POWER FAILURE" (yellow triangle again).

(Side note again: I reproduced the same POWER FAILURE error with a
*SeaBIOS* Windows Server 2012 R2 guest as well. So it was not specific
to OVMF.)

I continued the tweaking and gradual isolation (I even tried to bump the
DSDT revision to 2, but that was useless too). Ultimately I was forced
to conclude that it was the DataTableRegion() operator that caused
Windows Server 2012 R2 to reject the device.

At this point let me remind you guys of my extensive, successful testing
of the code with ACPICA (which included BITS and a Fedora guest).
Knowing that Windows had its own ACPI interpreter, I started suspecting
that even *modern* Windows lacked support for DataTableRegion(). But, I
wanted more proof than "it works with ACPICA".

It turns out that you can debug ACPI with WinDbg. If the debuggee is a
debug checked build of Windows, or you install the debug checked
ACPI.SYS separately on a non-debug checked build of Windows, then
ACPI.SYS itself will include the AML debug agent, and you will be able
to talk to it from WinDbg.

I happened to have a debug checked build of Windows 8 lying around, and
it also reproduced the POWER FAILURE error, so it was ideal for the
debuggee role.

(1) In the debugger virtual machine (windows server 2012 r2), I
    installed WinDbg.

    https://msdn.microsoft.com/en-us/library/windows/hardware/ff551063

    "If you want to download only Debugging Tools for Windows, install
    the Windows SDK, and, during the installation, select the Debugging
    Tools for Windows box and clear all the other boxes."

    I also configured the symbol servers (to download the debug symbols
    from). I don't have the exact URLs that explain this, but it's easy
    to google and do.

(2) In the debuggee, I enabled kernel debugging, on the COM2 serial
    port. Note that the following command must be run from "cmd.exe" (as
    administrator); PowerShell will *not* work:

    bcdedit /dbgsettings serial debugport:2 baudrate:38400

    https://msdn.microsoft.com/en-us/library/windows/hardware/ff542187%28v=vs.85%29.aspx

    I chose 38400 as baud rate, because in the past I tried to use
    another debugger (the UDK debugger) through the virtual serial ports
    of QEMU, and the serial port timings were so distant from those of a
    physical serial port that the UDK debugger could never complete the
    handshake. So I intended to decrease "jitter" by choosing a
    relatively low baud rate.

    Further, I chose COM2 because all my guests are managed by libvirt,
    and libvirt kinda-sorta insists on associating COM1 with the
    "console" of the virtual machine, for historical reasons. It can be
    overridden from the command line with "virsh console --device", but
    I just wanted it to be separate, hence COM2. (Hat tip to Dan
    Berrange for explaining it to me earlier; I'm sure I paraphrased him
    incorrectly now. Sorry.)

(3) So, in the domain XML of the debuggee, I added

    <serial type='tcp'>
      <source mode='connect' host='127.0.0.1' service='12345'/>
      <protocol type='raw'/>
      <target port='1'/>
    </serial>

    (Hat tip again to DanPB for recommending TCP; it avoids any SELinux
    issues that pop up with Unix domain sockets.)

    The debuggee VM is the one that connects, because the debugger
    connection must me made early on during the boot process, and it is
    the debuggee that you might have to restart frequently. So it is the
    one that should initiate connections, and the long-running debugger
    VM should be there listening all the time.

(4) In the domain XML of the debugger, I added

    <serial type='tcp'>
      <source mode='bind' host='127.0.0.1' service='12345'/>
      <protocol type='raw'/>
      <target port='1'/>
    </serial>

That much about the configuration.

Now this is the interesting part. WinDbg has two modes of operation
while debugging a kernel:

https://msdn.microsoft.com/en-us/library/windows/hardware/ff558869%28v=vs.85%29.aspx

- "KD" mode:
  - you can call the AMLI (= AML debugger) *extensions* with the !amli
    prefix,
  - you can't call any AMLI *commands*,
  - you can call all KD commands,

- "AMLI" mode:
  - you can call the AMLI extensions *without* the !amli prefix,
  - you can call the AMLI commands without any prefixes too,
  - you cannot call KD commands; first you have to exit back to KD with
    the "q" command.

So, in the debugger VM, I started WinDbg, selected File | Kernel Debug,
specified COM2 and 38400, and clicked OK.

Then I started the debuggee VM. Here's the debug session transcript:

> ************* Symbol Path validation summary **************
> Response                         Time (ms)     Location
> Deferred                                       SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
> Waiting to reconnect...
> Connected to Windows 8 9200 x64 target at (Sun Sep 13 11:10:57.162 2015 (UTC + 2:00)), ptr64 TRUE
> Kernel Debugger connection established.
>
> ************* Symbol Path validation summary **************
> Response                         Time (ms)     Location
> Deferred                                       SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
> Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
> Executable search path is:
> Windows 8 Kernel Version 9200 MP (1 procs) Checked x64
> Built by: 9200.16384.amd64chk.win8_rtm.120725-1247
> Machine Name:
> Kernel base = 0xfffff800`76a02000 PsLoadedModuleList = 0xfffff800`77145ac0
> System Uptime: 0 days 0:00:00.041 (checked kernels begin at 49 days)
> nt!DebugService2+0x5:
> fffff800`76c34565 cc              int     3

This is when the connection between debugger and debuggee is
established, and the debug agent breaks into WinDbg as soon as possible.

At this point I tried to set the "verboseon", "traceon", and "errbrkon"
AMLI Debugger options (see
<https://msdn.microsoft.com/en-us/library/windows/hardware/ff538158%28v=vs.85%29.aspx>),
but the AMLI debug agent (part of ACPI.SYS on the debuggee) was not
available yet:

> kd> !amli set verboseon
> AMLI_DBGERR: failed to to get the address of ACPI!gDebugger 0
> AMLI_DBGERR: failed to to get the address of ACPI!gdwfAMLIInit 0

So I just let the debuggee continue, with the "g" command:

> kd> g

but right after entering that command, I clicked Debug | Break too.

Namely, if you allow the debuggee to continue from this point
undisturbed, it will *not* break into the debugger when the "error" in
the ADDR control method is encountered. It will simply boot to the full
GUI instead.

However, by clicking Debug | Break immediately, I *queued* a break for
the earliest next possibility. Which is not "right after"; the debuggee
actually runs for tens of seconds uninterrupted after the "g" command
above, before the break occurs. This is it (note "first chance"):

> Break instruction exception - code 80000003 (first chance)
> *******************************************************************************
> *                                                                             *
> *   You are seeing this message because you pressed either                    *
> *       CTRL+C (if you run console kernel debugger) or,                       *
> *       CTRL+BREAK (if you run GUI kernel debugger),                          *
> *   on your debugger machine's keyboard.                                      *
> *                                                                             *
> *                   THIS IS NOT A BUG OR A SYSTEM CRASH                       *
> *                                                                             *
> * If you did not intend to break into the debugger, press the "g" key, then   *
> * press the "Enter" key now.  This message might immediately reappear.  If it *
> * does, press "g" and "Enter" again.                                          *
> *                                                                             *
> *******************************************************************************
> nt!DbgBreakPointWithStatus:
> fffff800`76c34510 cc              int     3

Cool. So now I *can* set those AMLI debugger options:

> kd> !amli set verboseon
>
> kd> !amli set traceon
>
> kd> !amli set errbrkon

And then I allow the debuggee to continue.

> kd> g

It will print a bunch of debug messages that are not relevant now (side
giggle: notice all those virtio-win messages?)

> KDTARGET: Refreshing KD connection
> [ParaNdis_DebugInitialize] Crash callback registered
> [DriverEntry]=>
> Sep 26 2013 09:53:55built 6.30
> [ParaNdis6_AddDevice]=>
> [ParaNdis6_StartDevice]=>
> [ParaNdis6_Initialize]=>
> [ParaNdis_InitializeContext]=>
> Found IO ports at 0000C0C0(32)
> Found Interrupt vector -8, level 65536, affinity 0, flags 7
> Found Interrupt vector -9, level 65536, affinity 0, flags 7
> Found Interrupt vector -10, level 65536, affinity 0, flags 7
> [ParaNdis_InitializeContext] Message interrupt assigned
> [ParaNdis_ResetVirtIONetDevice] Done
> VirtIO Host Feature VIRTIO_NET_F_CSUM
> VirtIO Host Feature VIRTIO_NET_F_GUEST_CSUM
> VirtIO Host Feature VIRTIO_NET_F_MAC
> VirtIO Host Feature VIRTIO_NET_F_GSO
> VirtIO Host Feature VIRTIO_NET_F_GUEST_TSO4
> VirtIO Host Feature VIRTIO_NET_F_GUEST_TSO6
> VirtIO Host Feature VIRTIO_NET_F_GUEST_ECN
> VirtIO Host Feature VIRTIO_NET_F_GUEST_UFO
> VirtIO Host Feature VIRTIO_NET_F_HOST_TSO4
> VirtIO Host Feature VIRTIO_NET_F_HOST_TSO6
> VirtIO Host Feature VIRTIO_NET_F_HOST_ECN
> VirtIO Host Feature VIRTIO_NET_F_HOST_UFO
> VirtIO Host Feature VIRTIO_NET_F_MRG_RXBUF
> VirtIO Host Feature VIRTIO_NET_F_STATUS
> VirtIO Host Feature VIRTIO_NET_F_CTRL_VQ
> VirtIO Host Feature VIRTIO_NET_F_CTRL_RX
> VirtIO Host Feature VIRTIO_NET_F_CTRL_VLAN
> VirtIO Host Feature VIRTIO_NET_F_CTRL_RX_EXTRA
> VirtIO Host Feature VIRTIO_NET_F_CTRL_MAC_ADDR
> VirtIO Host Feature VIRTIO_F_INDIRECT
> VirtIO Host Feature VIRTIO_F_PUBLISH_INDICES
> [ParaNdis_InitializeContext] Link status on driver startup: 1
> Permanent device MAC: 52-54-00-59-1d-3e
> No valid MAC configured
> Actual MAC: 52-54-00-59-1d-3e
> [ParaNdis_InitializeContext]<=0x0
> [ParaNdis_FinishInitialization]=>
> [ParaNdis_FinishSpecificInitialization]=>
> [ParaNdis_FinishSpecificInitialization] SG recommended size 808
> [ConfigureMSIXVectors] Using MSIX interrupts (3 messages, irql 10)
> [ConfigureMSIXVectors] MSIX message0=000049A2=>FEE0300C
> [ConfigureMSIXVectors] MSIX message1=00004992=>FEE0300C
> [ConfigureMSIXVectors] MSIX message2=00004982=>FEE0300C
> [ConfigureMSIXVectors] Using message 0 for RX queue
> [ConfigureMSIXVectors] Using message 1 for TX queue
> [ConfigureMSIXVectors] Using message 2 for controls
> [ApplyOffloadConfiguration] Requested: V4:IPCS=TxRx,TCPCS=TxRx,UDPCS=TxRx V6:TCPCS=TxRx,UDPCS=TxRx
> [SetOffloadField] IN TxIPChecksum TX: current=-1 Supported TxRx Requested TxRx
> [SetOffloadField] OUT TxIPChecksum TX: new=1 (accepted)
> [SetOffloadField] IN TxTCPChecksum TX: current=-1 Supported TxRx Requested TxRx
> [SetOffloadField] OUT TxTCPChecksum TX: new=1 (accepted)
> [SetOffloadField] IN TxUDPChecksum TX: current=-1 Supported TxRx Requested TxRx
> [SetOffloadField] OUT TxUDPChecksum TX: new=1 (accepted)
> [SetOffloadField] IN RxIPChecksum RX: current=-1 Supported TxRx Requested TxRx
> [SetOffloadField] OUT RxIPChecksum RX: new=1 (accepted)
> [SetOffloadField] IN RxTCPChecksum RX: current=-1 Supported TxRx Requested TxRx
> [SetOffloadField] OUT RxTCPChecksum RX: new=1 (accepted)
> [SetOffloadField] IN RxUDPChecksum RX: current=-1 Supported TxRx Requested TxRx
> [SetOffloadField] OUT RxUDPChecksum RX: new=1 (accepted)
> [SetOffloadField] IN TxTCPv6Checksum TX: current=-1 Supported TxRx Requested TxRx
> [SetOffloadField] OUT TxTCPv6Checksum TX: new=1 (accepted)
> [SetOffloadField] IN TxUDPv6Checksum TX: current=-1 Supported TxRx Requested TxRx
> [SetOffloadField] OUT TxUDPv6Checksum TX: new=1 (accepted)
> [SetOffloadField] IN RxTCPv6Checksum RX: current=-1 Supported TxRx Requested TxRx
> [SetOffloadField] OUT RxTCPv6Checksum RX: new=1 (accepted)
> [SetOffloadField] IN RxUDPv6Checksum RX: current=-1 Supported TxRx Requested TxRx
> [SetOffloadField] OUT RxUDPv6Checksum RX: new=1 (accepted)
> [ApplyOffloadConfiguration] Result: TCPv4:TxRx,UDPv4:TxRx,IPCS:TxRx TCPv6:TxRx,UDPv6:TxRx
> [ApplyOffloadConfiguration] Result: LSO: v4 -1, v6 -1
> [ApplyOffloadConfiguration] Final: the request accepted
> [ParaNdis_FinishSpecificInitialization]<=0x0
> [ParaNdis_VirtIONetInit]=>
> VirtIODeviceQueryQueueAllocation: queue 0 requires 0x4000 for 256 entries
> VirtIODeviceQueryQueueAllocation: queue 1 requires 0x4000 for 256 entries
> VirtIODeviceQueryQueueAllocation: queue 2 requires 0x3000 for 64 entries
> Creating new virtqueue>>> size 256, pages FFFFF880032C1000
> [VirtIODevicePrepareQueue] queue phys.address 00000000:4f6a0000, pfn 4f6a0
> Creating new virtqueue>>> size 256, pages FFFFF880032C5000
> [VirtIODevicePrepareQueue] queue phys.address 00000000:4f69c000, pfn 4f69c
> Creating new virtqueue>>> size 64, pages FFFFF880032C9000
> [VirtIODevicePrepareQueue] queue phys.address 00000000:4f6bd000, pfn 4f6bd
> IntelPPM.sys: RegisterIdleStates() Failed! rc=0xc00000bb
> IntelPPM.sys: RegisterIdleStates() Failed! rc=0xc00000bb
> [PrepareTransmitBuffers] available 128 Tx descriptors, 256 hw buffers
> [PrepareReceiveBuffers] MaxReceiveBuffers 256
> Indicating Connected
> [ParaNdis_FinishInitialization]<=0x0
> [ParaNdis6_Restart]=>
> [ParaNdis_OnPnPEvent]=>
> [ParaNdis_OnPnPEvent] (NdisDevicePnPEventPowerProfileChanged)
>
> AMLI(? for help)->

Aaaand there we go. Because I set "errbrkon", "any AML error [would]
cause ACPI to break into the AMLI Debugger".

Then I called the "r" AMLI debugger extension (without the !amli prefix
because the mode was already "AMLI", not "KD"). It prints the ACPI
context
<https://msdn.microsoft.com/en-us/library/windows/hardware/ff562102%28v=vs.85%29.aspx>.

> r
>
> Context=fffffa800415d000*, Queue=0, ResList=fffffa800415d1c0
> ThreadID=fffffa8000fb5640, Flags=00000010, pbOp=fffffa8004057192:[\_SB.VMGI.ADDR+1]
> StackTop=fffffa800416ce30, UsedStackSize=464 bytes, FreeStackSize=64560 bytes
> LocalHeap=fffffa800415d168, CurrentHeap=fffffa800415d168, UsedHeapSize=152 bytes
> Object=\_SB.VMGI.ADDR, Scope=\_SB.VMGI.ADDR, ObjectOwner=fffffa800415d1e0, SyncLevel=0
> AsyncCallBack=fffff88000e5ce9c, CallBackData=fffff8a003458230, CallBackContext=fffff88001794c90
>
> MethodObject=\_SB.VMGI.ADDR
> fffffa800416ceb8: Local0=Unknown()
> fffffa800416cee0: Local1=Unknown()
> fffffa800416cf08: Local2=Unknown()
> fffffa800416cf30: Local3=Unknown()
> fffffa800416cf58: Local4=Unknown()
> fffffa800416cf80: Local5=Unknown()
> fffffa800416cfa8: Local6=Unknown()
> fffffa800416cfd0: Local7=Unknown()
> fffffa800415d080: RetObj=Unknown()
>
> Resources Owned:
>   ResType=Mutex, ResObj=fffffa80040570e0
>
> Next AML Pointer: fffffa8004057192:[\_SB.VMGI.ADDR+1]
>
> fffffa8004057192 : Index(TBLR, "UEFI", AMLI_DBGERR: UnAsmSuperName: invalid SuperName - 0x0d

Okay, so we are in \_SB.VMGI.ADDR, at byte offset one; there was an
error that has dropped us into the debugger; and the debugger
disassembles the offending AML as...

    Index(TBLR, "UEFI", ...

WHAT?! The code has no Index() operator whatsoever!

Also:

    ... AMLI_DBGERR: UnAsmSuperName: invalid SuperName - 0x0d

why does the AML disassembler report a byte stream decoding failure
*inside* the (in its own right unfathomable) Index() operator?!

Now, refer to the ACPI specification, revision 2.0 (July 27, 2000), for
seeing how the Index() ASL operator is compiled:

> 17.2.4.4 Type 2 Opcodes Encoding
>
> DefIndex  := IndexOp BuffPkgStrObj IndexValue Target
> IndexOp   := 0x88

Uh-oh. Now let's see how DataTableRegion() is compiled (note: my QEMU
code correctly generates that AML, and ACPICA agrees!):

> 17.2.4.2 Named Objects Encoding
>
> DefDataRegion := DataRegionOp NameString TermArg TermArg TermArg
> DataRegionOp  := ExOpPrefix 0x88

(On the side we have to note that there's a typo in the spec here (it
should be Ex[t]OpPrefix, not Ex[]OpPrefix), and that this typo lives on
in ACPI v6.0.)

Anyway, for completeness:

> 17.2.2 Data Objects Encoding
>
> ExtOpPrefix := 0x5b

Do you see it? DataRegionOp is encoded with 0x88, and IndexOp is *also*
encoded with 0x88. However, the former is *preceded* by 0x5b; this is
how AML interpreters are supposed to distinguish DataRegionOp from
IndexOp.

And while ACPICA does distinguish them, Windows does not.

ACPI.SYS happily strolls over the ExtOpPrefix (0x5b) that is at offset
#0 of the ADDR method's body, then misinterprets the following 0x88 as
an IndexOp. Then it believes to see a malformed DefIndex, instead of the
actual, well-formed DefDataRegion!

Thus, this is a bug in ACPI.SYS. (Remember: seeing this in Windows 8 and
Windows Server 2012 R2.)

"But", you ponder, "how do then the programmers that use Microsoft's ASL
compiler, ASL.exe, instead of Intel's iASL, employ DataTableRegion()? If
DataTableRegion() doesn't *run*, how and why can they *compile* it?"

They can't.

(Let me digress: why oh why must one download the ginormous Visual
Studio 2015 Community Edition, and then the WDK too, just to acquire a
comparatively tiny ASL compiler?

  https://msdn.microsoft.com/en-us/library/windows/hardware/dn551195%28v=vs.85%29.aspx
  https://msdn.microsoft.com/en-us/windows/hardware/dn913721.aspx

Well, thankfully there's a way around it. Comments in the edk2 source
file

  https://github.com/tianocore/edk2/blob/master/BaseTools/Conf/tools_def.template

contain this nice link:

  http://download.microsoft.com/download/2/c/1/2c16c7e0-96c1-40f5-81fc-3e4bf7b65496/microsoft_asl_compiler-v4-0-0.msi

Exactly what I needed. Note that this is an ACPI 4.0 compatible
compiler, and DataTableRegion() is from ACPI 2.0!)

So obviously I wrapped the entire AML code from "docs/specs/vmgenid.txt"
into a minimal definition block, and tried to compile it with
Microsoft's ASL.exe. (I had done the same with iASL before I posted the
RFC for "vmgenid.txt" -- that's how I had ensured that the ASL would be
*valid* and suitable for "vmgenid.txt" in the first place!)

Consistently with the ACPI.SYS failure (to both execute and disassemble
DataRegionOp), ASL.exe fails to *compile* DataTableRegion()!

> C:\Program Files (x86)\Microsoft ASL Compiler v4.0>asl.exe x.dsl
> Microsoft ACPI Source Language Assembler Version 4.0.0NT [Aug 28 2009, 18:36:36]
>
> Copyright (c) 1996,2009 Microsoft Corporation
> Compliant with the ACPI 4.0 Specification
>
> x.dsl:
>
>    49:                   Offset (54),
>                                    ^***
> x.dsl(49): error: field offset is exceeding operation region range (offset=0x36)
>
>
> C:\Program Files (x86)\Microsoft ASL Compiler v4.0>

(If you search this email for "Offset (54)", you will see where the
above comes from.)

Let me explain: when you define an OperationRegion() in the ASL source,
ASL.exe marks the size of the region. Then in referring Field()
definitions, it checks the end of each individual field against the size
of the region (to ensure, at compile time, that accessing the field at
runtime won't extend beyond the region).

However, the size of the SystemMemory operation region that is defined
with the DataTableRegion() operator is only available at runtime -- the
operator looks up the matching table linked into the RSDT/XSDT, and then
that table *becomes* the operation region. So the size of the region is
the size of the table, which can be looked up at runtime *only*.

ASL.exe apparently considers the size of any such operation region zero.

Consequently, ASL.exe considers *any* field definition for such a region
to be out of bounds -- I tried to move the ADBP field to offset zero,
just for checking the compiler, and it blows up just the same; it
reports that offset 8 (the end of ADBP, when it starts at zero) is out
of range.

Without fields, an operation region is unusable. It doesn't matter that
ASL.exe doesn't actually choke on DataTableRegion(), if you then can't
define any fields for it!

I challange you (the generic you) to find *one* physical computer that
runs Windows *and* has DataTableRegion() in its ACPI tables!

TL;DR:
- Windows cannot execute DataTableRegion(), including modern Windows
  releases,
- ASL.exe cannot (usably) compile DataTableRegion(),
- this is not documented *anywhere* on the web that Google can find, but
  (given DataTableRegion()'s obviously huge utility) it must be silent,
  "secret" knowledge for physical BIOS developers (well, not any longer
  ;)),
- our great idea that centered on DataTableRegion() is busted. :(

Laszlo

Re: [Qemu-devel] Windows does not support DataTableRegion at all [was: docs: describe QEMU's VMGenID design]

[Michael S. Tsirkin]

On Sun, Sep 13, 2015 at 01:56:44PM +0200, Laszlo Ersek wrote:
> As the subject suggests, I have terrible news.
> 
> I'll preserve the full context here, so that it's easy to scroll back to
> the ASL for reference.
> 
> I'm also CC'ing edk2-devel, because a number of BIOS developers should
> be congregating there.

Wow, bravo! It does look like we need to go back to
the drawing board.
The only crazy thing you didn't try is to use
an XSDT instead of the DSDT.
I find it unlikely that this will help ...

-- 
MST

Re: [Qemu-devel] Windows does not support DataTableRegion at all [was: docs: describe QEMU's VMGenID design]

[Laszlo Ersek]

On 09/13/15 14:34, Michael S. Tsirkin wrote:
> On Sun, Sep 13, 2015 at 01:56:44PM +0200, Laszlo Ersek wrote:
>> As the subject suggests, I have terrible news.
>>
>> I'll preserve the full context here, so that it's easy to scroll back to
>> the ASL for reference.
>>
>> I'm also CC'ing edk2-devel, because a number of BIOS developers should
>> be congregating there.
> 
> Wow, bravo! It does look like we need to go back to
> the drawing board.

Thank you. :)

> The only crazy thing you didn't try is to use
> an XSDT instead of the DSDT.
> I find it unlikely that this will help ...
> 

Actually, I forgot to mention it, but I *did* try to use XSDT, sort of automatically. I had mentioned earlier that EFI_ACPI_TABLE_PROTOCOL automatically links stuff into both RSDT and XSDT, and I verified in this case that the UEFI ACPI Data Table *was* linked into the XSDT.

----*----

[root@ovmf-fedora acpi.6]# dmesg | grep UEFI
[    0.000000] ACPI: UEFI 0x000000003E8F1000 00003E (v01 BOCHS  QEMUPARM 00000001 BXPC 00000001)

----*----

[root@ovmf-fedora acpi.6]# cat xsdt.dsl 
/*
 * Intel ACPI Component Architecture
 * AML/ASL+ Disassembler version 20150515-64
 * Copyright (c) 2000 - 2015 Intel Corporation
 * 
 * Disassembly of xsdt.dat, Sun Sep 13 14:54:17 2015
 *
 * ACPI Data Table [XSDT]
 *
 * Format: [HexOffset DecimalOffset ByteLength]  FieldName : FieldValue
 */

[000h 0000   4]                    Signature : "XSDT"    [Extended System Description Table]
[004h 0004   4]                 Table Length : 0000004C
[008h 0008   1]                     Revision : 01
[009h 0009   1]                     Checksum : 90
[00Ah 0010   6]                       Oem ID : "BOCHS "
[010h 0016   8]                 Oem Table ID : "BXPCFACP"
[018h 0024   4]                 Oem Revision : 00000001
[01Ch 0028   4]              Asl Compiler ID : "    "
[020h 0032   4]        Asl Compiler Revision : 01000013

[024h 0036   8]       ACPI Table Address   0 : 000000003FEF5000
[02Ch 0044   8]       ACPI Table Address   1 : 000000003FEF4000
[034h 0052   8]       ACPI Table Address   2 : 000000003FEF3000
[03Ch 0060   8]       ACPI Table Address   3 : 000000003FEF2000
[044h 0068   8]       ACPI Table Address   4 : 000000003E8F1000

Raw Table Data: Length 76 (0x4C)

  0000: 58 53 44 54 4C 00 00 00 01 90 42 4F 43 48 53 20  // XSDTL.....BOCHS 
  0010: 42 58 50 43 46 41 43 50 01 00 00 00 20 20 20 20  // BXPCFACP....    
  0020: 13 00 00 01 00 50 EF 3F 00 00 00 00 00 40 EF 3F  // .....P.?.....@.?
  0030: 00 00 00 00 00 30 EF 3F 00 00 00 00 00 20 EF 3F  // .....0.?..... .?
  0040: 00 00 00 00 00 10 8F 3E 00 00 00 00              // .......>....

----*----

See "ACPI Table Address 4", 3E8F1000.

Thanks!
Laszlo

Re: [Qemu-devel] Windows does not support DataTableRegion at all [was: docs: describe QEMU's VMGenID design]

[Igor Mammedov]

On Sun, 13 Sep 2015 15:34:51 +0300
"Michael S. Tsirkin" <mst@redhat.com> wrote:

> On Sun, Sep 13, 2015 at 01:56:44PM +0200, Laszlo Ersek wrote:
> > As the subject suggests, I have terrible news.
> > 
> > I'll preserve the full context here, so that it's easy to scroll back to
> > the ASL for reference.
> > 
> > I'm also CC'ing edk2-devel, because a number of BIOS developers should
> > be congregating there.
> 
> Wow, bravo! It does look like we need to go back to
> the drawing board.
I suggest we go back to the last Gal's series
which is though not universal but a simple and
straightforward solution.
That series with comments addressed probably
is what we need in the end.

> The only crazy thing you didn't try is to use
> an XSDT instead of the DSDT.
> I find it unlikely that this will help ...
> 

Re: [Qemu-devel] Windows does not support DataTableRegion at all [was: docs: describe QEMU's VMGenID design]

[Laszlo Ersek]

On 09/14/15 10:24, Igor Mammedov wrote:
> On Sun, 13 Sep 2015 15:34:51 +0300
> "Michael S. Tsirkin" <mst@redhat.com> wrote:
> 
>> On Sun, Sep 13, 2015 at 01:56:44PM +0200, Laszlo Ersek wrote:
>>> As the subject suggests, I have terrible news.
>>>
>>> I'll preserve the full context here, so that it's easy to scroll back to
>>> the ASL for reference.
>>>
>>> I'm also CC'ing edk2-devel, because a number of BIOS developers should
>>> be congregating there.
>>
>> Wow, bravo! It does look like we need to go back to
>> the drawing board.
> I suggest we go back to the last Gal's series
> which is though not universal but a simple and
> straightforward solution.
> That series with comments addressed probably
> is what we need in the end.

I agree (I commented the same on the RHBZ too). The only one requirement
we might not satisfy with that is that the page containing the
generation ID must always be mapped as cacheable. In practice it doesn't
seem to cause issues.

We tried to play nice, but given that (a) the vmgenid doc doesn't
mention a real requirement about the _CRS -- ie. no IO descriptors are
allowed to be in it --, (b) Windows doesn't support DataTableRegion(), I
doubt we could cover our bases 100% anyway. There can be any number of
further hidden requirements, and hidden gaps in ACPI support too, so
it's just business as usual with Windows: whatever works, works, don't
ask why.

Just my opinion of course.

Laszlo

>> The only crazy thing you didn't try is to use
>> an XSDT instead of the DSDT.
>> I find it unlikely that this will help ...
>>
> 

Re: [Qemu-devel] [edk2] Windows does not support DataTableRegion at all [was: docs: describe QEMU's VMGenID design]

[Bill Paul]

Of all the gin joints in all the towns in all the world, Laszlo Ersek had to 
walk into mine at 03:24:42 on Monday 14 September 2015 and say:

> On 09/14/15 10:24, Igor Mammedov wrote:
> > On Sun, 13 Sep 2015 15:34:51 +0300
> > 
> > "Michael S. Tsirkin" <mst@redhat.com> wrote:
> >> On Sun, Sep 13, 2015 at 01:56:44PM +0200, Laszlo Ersek wrote:
> >>> As the subject suggests, I have terrible news.
> >>> 
> >>> I'll preserve the full context here, so that it's easy to scroll back
> >>> to the ASL for reference.
> >>> 
> >>> I'm also CC'ing edk2-devel, because a number of BIOS developers should
> >>> be congregating there.
> >> 
> >> Wow, bravo! It does look like we need to go back to
> >> the drawing board.

I read your original post on this with great interest, and I applaud your 
determination in tracking this down. Nice job. Sadly, it seems you too have 
fallen victim to the "If It Works With Windows, It Must Be Ok" syndrome.

Now, I realize that as far as this particular situation is concerned, even if 
Microsoft decided to add support for DataTableRegion() tomorrow, it wouldn't 
really help because there are too many different versions of Windows in the 
field and there's no way to retroactively patch them all. (Gee, that sounds 
familiar...)

Nevertheless, am I correct in saying that this is in fact a bug in Microsoft's 
ACPI implementation (both in their ASL compiler and in the AML parser)? Unless 
DataTableRegion() is specified to be optional in some way (I don't know if it 
is or not, but I doubt it), this sounds like an clear cut case of non-
compliance with the ACPI spec. And if that's true, isn't there any way to get 
Microsoft to fix it?

-Bill

> > I suggest we go back to the last Gal's series
> > which is though not universal but a simple and
> > straightforward solution.
> > That series with comments addressed probably
> > is what we need in the end.
> 
> I agree (I commented the same on the RHBZ too). The only one requirement
> we might not satisfy with that is that the page containing the
> generation ID must always be mapped as cacheable. In practice it doesn't
> seem to cause issues.
> 
> We tried to play nice, but given that (a) the vmgenid doc doesn't
> mention a real requirement about the _CRS -- ie. no IO descriptors are
> allowed to be in it --, (b) Windows doesn't support DataTableRegion(), I
> doubt we could cover our bases 100% anyway. There can be any number of
> further hidden requirements, and hidden gaps in ACPI support too, so
> it's just business as usual with Windows: whatever works, works, don't
> ask why.
> 
> Just my opinion of course.
> 
> Laszlo
> 
> >> The only crazy thing you didn't try is to use
> >> an XSDT instead of the DSDT.
> >> I find it unlikely that this will help ...
> 
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel

-- 
=============================================================================
-Bill Paul            (510) 749-2329 | Senior Member of Technical Staff,
                 wpaul@windriver.com | Master of Unix-Fu - Wind River Systems
=============================================================================
   "I put a dollar in a change machine. Nothing changed." - George Carlin
=============================================================================

Re: [Qemu-devel] [edk2] Windows does not support DataTableRegion at all [was: docs: describe QEMU's VMGenID design]

[Moore, Robert]

The Windows ACPI implementation doesn't even fully support ACPI 2.0 AFAIK, let alone other new things.

Rob Gough or Michael may know better than I do.


> -----Original Message-----
> From: Bill Paul [mailto:wpaul@windriver.com]
> Sent: Monday, September 14, 2015 9:53 AM
> To: edk2-devel@ml01.01.org
> Cc: Laszlo Ersek; Igor Mammedov; Michael S. Tsirkin; Josh Triplett; Gal
> Hammer; edk2-devel-01; Moore, Robert; qemu-devel@nongnu.org; Paolo Bonzini
> Subject: Re: [edk2] [Qemu-devel] Windows does not support DataTableRegion
> at all [was: docs: describe QEMU's VMGenID design]
> 
> Of all the gin joints in all the towns in all the world, Laszlo Ersek had
> to walk into mine at 03:24:42 on Monday 14 September 2015 and say:
> 
> > On 09/14/15 10:24, Igor Mammedov wrote:
> > > On Sun, 13 Sep 2015 15:34:51 +0300
> > >
> > > "Michael S. Tsirkin" <mst@redhat.com> wrote:
> > >> On Sun, Sep 13, 2015 at 01:56:44PM +0200, Laszlo Ersek wrote:
> > >>> As the subject suggests, I have terrible news.
> > >>>
> > >>> I'll preserve the full context here, so that it's easy to scroll
> > >>> back to the ASL for reference.
> > >>>
> > >>> I'm also CC'ing edk2-devel, because a number of BIOS developers
> > >>> should be congregating there.
> > >>
> > >> Wow, bravo! It does look like we need to go back to the drawing
> > >> board.
> 
> I read your original post on this with great interest, and I applaud your
> determination in tracking this down. Nice job. Sadly, it seems you too
> have fallen victim to the "If It Works With Windows, It Must Be Ok"
> syndrome.
> 
> Now, I realize that as far as this particular situation is concerned, even
> if Microsoft decided to add support for DataTableRegion() tomorrow, it
> wouldn't really help because there are too many different versions of
> Windows in the field and there's no way to retroactively patch them all.
> (Gee, that sounds
> familiar...)
> 
> Nevertheless, am I correct in saying that this is in fact a bug in
> Microsoft's ACPI implementation (both in their ASL compiler and in the AML
> parser)? Unless
> DataTableRegion() is specified to be optional in some way (I don't know if
> it is or not, but I doubt it), this sounds like an clear cut case of non-
> compliance with the ACPI spec. And if that's true, isn't there any way to
> get Microsoft to fix it?
> 
> -Bill
> 
> > > I suggest we go back to the last Gal's series which is though not
> > > universal but a simple and straightforward solution.
> > > That series with comments addressed probably is what we need in the
> > > end.
> >
> > I agree (I commented the same on the RHBZ too). The only one
> > requirement we might not satisfy with that is that the page containing
> > the generation ID must always be mapped as cacheable. In practice it
> > doesn't seem to cause issues.
> >
> > We tried to play nice, but given that (a) the vmgenid doc doesn't
> > mention a real requirement about the _CRS -- ie. no IO descriptors are
> > allowed to be in it --, (b) Windows doesn't support DataTableRegion(),
> > I doubt we could cover our bases 100% anyway. There can be any number
> > of further hidden requirements, and hidden gaps in ACPI support too,
> > so it's just business as usual with Windows: whatever works, works,
> > don't ask why.
> >
> > Just my opinion of course.
> >
> > Laszlo
> >
> > >> The only crazy thing you didn't try is to use an XSDT instead of
> > >> the DSDT.
> > >> I find it unlikely that this will help ...
> >
> > _______________________________________________
> > edk2-devel mailing list
> > edk2-devel@lists.01.org
> > https://lists.01.org/mailman/listinfo/edk2-devel
> 
> --
> ==========================================================================
> ===
> -Bill Paul            (510) 749-2329 | Senior Member of Technical Staff,
>                  wpaul@windriver.com | Master of Unix-Fu - Wind River
> Systems
> ==========================================================================
> ===
>    "I put a dollar in a change machine. Nothing changed." - George Carlin
> ==========================================================================
> ===

Re: [Qemu-devel] [edk2] Windows does not support DataTableRegion at all [was: docs: describe QEMU's VMGenID design]

[Walz, Michael C]

Who are the Microsoft representatives in the ASWG? Shouldn't this conversation be happening with them?

-----Original Message-----
From: Moore, Robert 
Sent: September 14, 2015 10:14
To: Bill Paul; edk2-devel@ml01.01.org
Cc: Laszlo Ersek; Igor Mammedov; Michael S. Tsirkin; Josh Triplett; Gal Hammer; edk2-devel-01; qemu-devel@nongnu.org; Paolo Bonzini; Gough, Robert; Walz, Michael C
Subject: RE: [edk2] [Qemu-devel] Windows does not support DataTableRegion at all [was: docs: describe QEMU's VMGenID design]

The Windows ACPI implementation doesn't even fully support ACPI 2.0 AFAIK, let alone other new things.

Rob Gough or Michael may know better than I do.


> -----Original Message-----
> From: Bill Paul [mailto:wpaul@windriver.com]
> Sent: Monday, September 14, 2015 9:53 AM
> To: edk2-devel@ml01.01.org
> Cc: Laszlo Ersek; Igor Mammedov; Michael S. Tsirkin; Josh Triplett; 
> Gal Hammer; edk2-devel-01; Moore, Robert; qemu-devel@nongnu.org; Paolo 
> Bonzini
> Subject: Re: [edk2] [Qemu-devel] Windows does not support 
> DataTableRegion at all [was: docs: describe QEMU's VMGenID design]
> 
> Of all the gin joints in all the towns in all the world, Laszlo Ersek 
> had to walk into mine at 03:24:42 on Monday 14 September 2015 and say:
> 
> > On 09/14/15 10:24, Igor Mammedov wrote:
> > > On Sun, 13 Sep 2015 15:34:51 +0300
> > >
> > > "Michael S. Tsirkin" <mst@redhat.com> wrote:
> > >> On Sun, Sep 13, 2015 at 01:56:44PM +0200, Laszlo Ersek wrote:
> > >>> As the subject suggests, I have terrible news.
> > >>>
> > >>> I'll preserve the full context here, so that it's easy to scroll 
> > >>> back to the ASL for reference.
> > >>>
> > >>> I'm also CC'ing edk2-devel, because a number of BIOS developers 
> > >>> should be congregating there.
> > >>
> > >> Wow, bravo! It does look like we need to go back to the drawing 
> > >> board.
> 
> I read your original post on this with great interest, and I applaud 
> your determination in tracking this down. Nice job. Sadly, it seems 
> you too have fallen victim to the "If It Works With Windows, It Must Be Ok"
> syndrome.
> 
> Now, I realize that as far as this particular situation is concerned, 
> even if Microsoft decided to add support for DataTableRegion() 
> tomorrow, it wouldn't really help because there are too many different 
> versions of Windows in the field and there's no way to retroactively patch them all.
> (Gee, that sounds
> familiar...)
> 
> Nevertheless, am I correct in saying that this is in fact a bug in 
> Microsoft's ACPI implementation (both in their ASL compiler and in the 
> AML parser)? Unless
> DataTableRegion() is specified to be optional in some way (I don't 
> know if it is or not, but I doubt it), this sounds like an clear cut 
> case of non- compliance with the ACPI spec. And if that's true, isn't 
> there any way to get Microsoft to fix it?
> 
> -Bill
> 
> > > I suggest we go back to the last Gal's series which is though not 
> > > universal but a simple and straightforward solution.
> > > That series with comments addressed probably is what we need in 
> > > the end.
> >
> > I agree (I commented the same on the RHBZ too). The only one 
> > requirement we might not satisfy with that is that the page 
> > containing the generation ID must always be mapped as cacheable. In 
> > practice it doesn't seem to cause issues.
> >
> > We tried to play nice, but given that (a) the vmgenid doc doesn't 
> > mention a real requirement about the _CRS -- ie. no IO descriptors 
> > are allowed to be in it --, (b) Windows doesn't support 
> > DataTableRegion(), I doubt we could cover our bases 100% anyway. 
> > There can be any number of further hidden requirements, and hidden 
> > gaps in ACPI support too, so it's just business as usual with 
> > Windows: whatever works, works, don't ask why.
> >
> > Just my opinion of course.
> >
> > Laszlo
> >
> > >> The only crazy thing you didn't try is to use an XSDT instead of 
> > >> the DSDT.
> > >> I find it unlikely that this will help ...
> >
> > _______________________________________________
> > edk2-devel mailing list
> > edk2-devel@lists.01.org
> > https://lists.01.org/mailman/listinfo/edk2-devel
> 
> --
> ======================================================================
> ====
> ===
> -Bill Paul            (510) 749-2329 | Senior Member of Technical Staff,
>                  wpaul@windriver.com | Master of Unix-Fu - Wind River 
> Systems 
> ======================================================================
> ====
> ===
>    "I put a dollar in a change machine. Nothing changed." - George 
> Carlin 
> ======================================================================
> ====
> ===

Re: [Qemu-devel] [edk2] Windows does not support DataTableRegion at all [was: docs: describe QEMU's VMGenID design]

[Moore, Robert]

I should say "some new things" are not supported, not all of them.


> -----Original Message-----
> From: Walz, Michael C
> Sent: Monday, September 14, 2015 10:24 AM
> To: Moore, Robert; Bill Paul; edk2-devel@ml01.01.org
> Cc: Laszlo Ersek; Igor Mammedov; Michael S. Tsirkin; Josh Triplett; Gal
> Hammer; edk2-devel-01; qemu-devel@nongnu.org; Paolo Bonzini; Gough, Robert
> Subject: RE: [edk2] [Qemu-devel] Windows does not support DataTableRegion
> at all [was: docs: describe QEMU's VMGenID design]
> 
> Who are the Microsoft representatives in the ASWG? Shouldn't this
> conversation be happening with them?
> 
> -----Original Message-----
> From: Moore, Robert
> Sent: September 14, 2015 10:14
> To: Bill Paul; edk2-devel@ml01.01.org
> Cc: Laszlo Ersek; Igor Mammedov; Michael S. Tsirkin; Josh Triplett; Gal
> Hammer; edk2-devel-01; qemu-devel@nongnu.org; Paolo Bonzini; Gough,
> Robert; Walz, Michael C
> Subject: RE: [edk2] [Qemu-devel] Windows does not support DataTableRegion
> at all [was: docs: describe QEMU's VMGenID design]
> 
> The Windows ACPI implementation doesn't even fully support ACPI 2.0 AFAIK,
> let alone other new things.
> 
> Rob Gough or Michael may know better than I do.
> 
> 
> > -----Original Message-----
> > From: Bill Paul [mailto:wpaul@windriver.com]
> > Sent: Monday, September 14, 2015 9:53 AM
> > To: edk2-devel@ml01.01.org
> > Cc: Laszlo Ersek; Igor Mammedov; Michael S. Tsirkin; Josh Triplett;
> > Gal Hammer; edk2-devel-01; Moore, Robert; qemu-devel@nongnu.org; Paolo
> > Bonzini
> > Subject: Re: [edk2] [Qemu-devel] Windows does not support
> > DataTableRegion at all [was: docs: describe QEMU's VMGenID design]
> >
> > Of all the gin joints in all the towns in all the world, Laszlo Ersek
> > had to walk into mine at 03:24:42 on Monday 14 September 2015 and say:
> >
> > > On 09/14/15 10:24, Igor Mammedov wrote:
> > > > On Sun, 13 Sep 2015 15:34:51 +0300
> > > >
> > > > "Michael S. Tsirkin" <mst@redhat.com> wrote:
> > > >> On Sun, Sep 13, 2015 at 01:56:44PM +0200, Laszlo Ersek wrote:
> > > >>> As the subject suggests, I have terrible news.
> > > >>>
> > > >>> I'll preserve the full context here, so that it's easy to scroll
> > > >>> back to the ASL for reference.
> > > >>>
> > > >>> I'm also CC'ing edk2-devel, because a number of BIOS developers
> > > >>> should be congregating there.
> > > >>
> > > >> Wow, bravo! It does look like we need to go back to the drawing
> > > >> board.
> >
> > I read your original post on this with great interest, and I applaud
> > your determination in tracking this down. Nice job. Sadly, it seems
> > you too have fallen victim to the "If It Works With Windows, It Must Be
> Ok"
> > syndrome.
> >
> > Now, I realize that as far as this particular situation is concerned,
> > even if Microsoft decided to add support for DataTableRegion()
> > tomorrow, it wouldn't really help because there are too many different
> > versions of Windows in the field and there's no way to retroactively
> patch them all.
> > (Gee, that sounds
> > familiar...)
> >
> > Nevertheless, am I correct in saying that this is in fact a bug in
> > Microsoft's ACPI implementation (both in their ASL compiler and in the
> > AML parser)? Unless
> > DataTableRegion() is specified to be optional in some way (I don't
> > know if it is or not, but I doubt it), this sounds like an clear cut
> > case of non- compliance with the ACPI spec. And if that's true, isn't
> > there any way to get Microsoft to fix it?
> >
> > -Bill
> >
> > > > I suggest we go back to the last Gal's series which is though not
> > > > universal but a simple and straightforward solution.
> > > > That series with comments addressed probably is what we need in
> > > > the end.
> > >
> > > I agree (I commented the same on the RHBZ too). The only one
> > > requirement we might not satisfy with that is that the page
> > > containing the generation ID must always be mapped as cacheable. In
> > > practice it doesn't seem to cause issues.
> > >
> > > We tried to play nice, but given that (a) the vmgenid doc doesn't
> > > mention a real requirement about the _CRS -- ie. no IO descriptors
> > > are allowed to be in it --, (b) Windows doesn't support
> > > DataTableRegion(), I doubt we could cover our bases 100% anyway.
> > > There can be any number of further hidden requirements, and hidden
> > > gaps in ACPI support too, so it's just business as usual with
> > > Windows: whatever works, works, don't ask why.
> > >
> > > Just my opinion of course.
> > >
> > > Laszlo
> > >
> > > >> The only crazy thing you didn't try is to use an XSDT instead of
> > > >> the DSDT.
> > > >> I find it unlikely that this will help ...
> > >
> > > _______________________________________________
> > > edk2-devel mailing list
> > > edk2-devel@lists.01.org
> > > https://lists.01.org/mailman/listinfo/edk2-devel
> >
> > --
> > ======================================================================
> > ====
> > ===
> > -Bill Paul            (510) 749-2329 | Senior Member of Technical Staff,
> >                  wpaul@windriver.com | Master of Unix-Fu - Wind River
> > Systems
> > ======================================================================
> > ====
> > ===
> >    "I put a dollar in a change machine. Nothing changed." - George
> > Carlin
> > ======================================================================
> > ====
> > ===

Re: [Qemu-devel] [edk2] Windows does not support DataTableRegion at all [was: docs: describe QEMU's VMGenID design]

[Laszlo Ersek]

On 09/14/15 19:23, Walz, Michael C wrote:
> Who are the Microsoft representatives in the ASWG? Shouldn't this conversation be happening with them?

Red Hat is represented in the ASWG, as far as I know, so if you guys
think this is appropriate to bring up there (ie. a specific product's
compliance), I can try talking to my peers. :)

Thanks
Laszlo

> 
> -----Original Message-----
> From: Moore, Robert 
> Sent: September 14, 2015 10:14
> To: Bill Paul; edk2-devel@ml01.01.org
> Cc: Laszlo Ersek; Igor Mammedov; Michael S. Tsirkin; Josh Triplett; Gal Hammer; edk2-devel-01; qemu-devel@nongnu.org; Paolo Bonzini; Gough, Robert; Walz, Michael C
> Subject: RE: [edk2] [Qemu-devel] Windows does not support DataTableRegion at all [was: docs: describe QEMU's VMGenID design]
> 
> The Windows ACPI implementation doesn't even fully support ACPI 2.0 AFAIK, let alone other new things.
> 
> Rob Gough or Michael may know better than I do.
> 
> 
>> -----Original Message-----
>> From: Bill Paul [mailto:wpaul@windriver.com]
>> Sent: Monday, September 14, 2015 9:53 AM
>> To: edk2-devel@ml01.01.org
>> Cc: Laszlo Ersek; Igor Mammedov; Michael S. Tsirkin; Josh Triplett; 
>> Gal Hammer; edk2-devel-01; Moore, Robert; qemu-devel@nongnu.org; Paolo 
>> Bonzini
>> Subject: Re: [edk2] [Qemu-devel] Windows does not support 
>> DataTableRegion at all [was: docs: describe QEMU's VMGenID design]
>>
>> Of all the gin joints in all the towns in all the world, Laszlo Ersek 
>> had to walk into mine at 03:24:42 on Monday 14 September 2015 and say:
>>
>>> On 09/14/15 10:24, Igor Mammedov wrote:
>>>> On Sun, 13 Sep 2015 15:34:51 +0300
>>>>
>>>> "Michael S. Tsirkin" <mst@redhat.com> wrote:
>>>>> On Sun, Sep 13, 2015 at 01:56:44PM +0200, Laszlo Ersek wrote:
>>>>>> As the subject suggests, I have terrible news.
>>>>>>
>>>>>> I'll preserve the full context here, so that it's easy to scroll 
>>>>>> back to the ASL for reference.
>>>>>>
>>>>>> I'm also CC'ing edk2-devel, because a number of BIOS developers 
>>>>>> should be congregating there.
>>>>>
>>>>> Wow, bravo! It does look like we need to go back to the drawing 
>>>>> board.
>>
>> I read your original post on this with great interest, and I applaud 
>> your determination in tracking this down. Nice job. Sadly, it seems 
>> you too have fallen victim to the "If It Works With Windows, It Must Be Ok"
>> syndrome.
>>
>> Now, I realize that as far as this particular situation is concerned, 
>> even if Microsoft decided to add support for DataTableRegion() 
>> tomorrow, it wouldn't really help because there are too many different 
>> versions of Windows in the field and there's no way to retroactively patch them all.
>> (Gee, that sounds
>> familiar...)
>>
>> Nevertheless, am I correct in saying that this is in fact a bug in 
>> Microsoft's ACPI implementation (both in their ASL compiler and in the 
>> AML parser)? Unless
>> DataTableRegion() is specified to be optional in some way (I don't 
>> know if it is or not, but I doubt it), this sounds like an clear cut 
>> case of non- compliance with the ACPI spec. And if that's true, isn't 
>> there any way to get Microsoft to fix it?
>>
>> -Bill
>>
>>>> I suggest we go back to the last Gal's series which is though not 
>>>> universal but a simple and straightforward solution.
>>>> That series with comments addressed probably is what we need in 
>>>> the end.
>>>
>>> I agree (I commented the same on the RHBZ too). The only one 
>>> requirement we might not satisfy with that is that the page 
>>> containing the generation ID must always be mapped as cacheable. In 
>>> practice it doesn't seem to cause issues.
>>>
>>> We tried to play nice, but given that (a) the vmgenid doc doesn't 
>>> mention a real requirement about the _CRS -- ie. no IO descriptors 
>>> are allowed to be in it --, (b) Windows doesn't support 
>>> DataTableRegion(), I doubt we could cover our bases 100% anyway. 
>>> There can be any number of further hidden requirements, and hidden 
>>> gaps in ACPI support too, so it's just business as usual with 
>>> Windows: whatever works, works, don't ask why.
>>>
>>> Just my opinion of course.
>>>
>>> Laszlo
>>>
>>>>> The only crazy thing you didn't try is to use an XSDT instead of 
>>>>> the DSDT.
>>>>> I find it unlikely that this will help ...
>>>
>>> _______________________________________________
>>> edk2-devel mailing list
>>> edk2-devel@lists.01.org
>>> https://lists.01.org/mailman/listinfo/edk2-devel
>>
>> --
>> ======================================================================
>> ====
>> ===
>> -Bill Paul            (510) 749-2329 | Senior Member of Technical Staff,
>>                  wpaul@windriver.com | Master of Unix-Fu - Wind River 
>> Systems 
>> ======================================================================
>> ====
>> ===
>>    "I put a dollar in a change machine. Nothing changed." - George 
>> Carlin 
>> ======================================================================
>> ====
>> ===

Re: [Qemu-devel] [edk2] Windows does not support DataTableRegion at all [was: docs: describe QEMU's VMGenID design]

[Laszlo Ersek]

On 09/14/15 19:23, Walz, Michael C wrote:
> Who are the Microsoft representatives in the ASWG? Shouldn't this conversation be happening with them?

I asked my colleague Al Stone @RH for help; he said he'd bring this up
at the next ASWG meeting. Thank you Al, and thank you Michael for the
suggestion.

Thanks!
Laszlo

> 
> -----Original Message-----
> From: Moore, Robert 
> Sent: September 14, 2015 10:14
> To: Bill Paul; edk2-devel@ml01.01.org
> Cc: Laszlo Ersek; Igor Mammedov; Michael S. Tsirkin; Josh Triplett; Gal Hammer; edk2-devel-01; qemu-devel@nongnu.org; Paolo Bonzini; Gough, Robert; Walz, Michael C
> Subject: RE: [edk2] [Qemu-devel] Windows does not support DataTableRegion at all [was: docs: describe QEMU's VMGenID design]
> 
> The Windows ACPI implementation doesn't even fully support ACPI 2.0 AFAIK, let alone other new things.
> 
> Rob Gough or Michael may know better than I do.
> 
> 
>> -----Original Message-----
>> From: Bill Paul [mailto:wpaul@windriver.com]
>> Sent: Monday, September 14, 2015 9:53 AM
>> To: edk2-devel@ml01.01.org
>> Cc: Laszlo Ersek; Igor Mammedov; Michael S. Tsirkin; Josh Triplett; 
>> Gal Hammer; edk2-devel-01; Moore, Robert; qemu-devel@nongnu.org; Paolo 
>> Bonzini
>> Subject: Re: [edk2] [Qemu-devel] Windows does not support 
>> DataTableRegion at all [was: docs: describe QEMU's VMGenID design]
>>
>> Of all the gin joints in all the towns in all the world, Laszlo Ersek 
>> had to walk into mine at 03:24:42 on Monday 14 September 2015 and say:
>>
>>> On 09/14/15 10:24, Igor Mammedov wrote:
>>>> On Sun, 13 Sep 2015 15:34:51 +0300
>>>>
>>>> "Michael S. Tsirkin" <mst@redhat.com> wrote:
>>>>> On Sun, Sep 13, 2015 at 01:56:44PM +0200, Laszlo Ersek wrote:
>>>>>> As the subject suggests, I have terrible news.
>>>>>>
>>>>>> I'll preserve the full context here, so that it's easy to scroll 
>>>>>> back to the ASL for reference.
>>>>>>
>>>>>> I'm also CC'ing edk2-devel, because a number of BIOS developers 
>>>>>> should be congregating there.
>>>>>
>>>>> Wow, bravo! It does look like we need to go back to the drawing 
>>>>> board.
>>
>> I read your original post on this with great interest, and I applaud 
>> your determination in tracking this down. Nice job. Sadly, it seems 
>> you too have fallen victim to the "If It Works With Windows, It Must Be Ok"
>> syndrome.
>>
>> Now, I realize that as far as this particular situation is concerned, 
>> even if Microsoft decided to add support for DataTableRegion() 
>> tomorrow, it wouldn't really help because there are too many different 
>> versions of Windows in the field and there's no way to retroactively patch them all.
>> (Gee, that sounds
>> familiar...)
>>
>> Nevertheless, am I correct in saying that this is in fact a bug in 
>> Microsoft's ACPI implementation (both in their ASL compiler and in the 
>> AML parser)? Unless
>> DataTableRegion() is specified to be optional in some way (I don't 
>> know if it is or not, but I doubt it), this sounds like an clear cut 
>> case of non- compliance with the ACPI spec. And if that's true, isn't 
>> there any way to get Microsoft to fix it?
>>
>> -Bill
>>
>>>> I suggest we go back to the last Gal's series which is though not 
>>>> universal but a simple and straightforward solution.
>>>> That series with comments addressed probably is what we need in 
>>>> the end.
>>>
>>> I agree (I commented the same on the RHBZ too). The only one 
>>> requirement we might not satisfy with that is that the page 
>>> containing the generation ID must always be mapped as cacheable. In 
>>> practice it doesn't seem to cause issues.
>>>
>>> We tried to play nice, but given that (a) the vmgenid doc doesn't 
>>> mention a real requirement about the _CRS -- ie. no IO descriptors 
>>> are allowed to be in it --, (b) Windows doesn't support 
>>> DataTableRegion(), I doubt we could cover our bases 100% anyway. 
>>> There can be any number of further hidden requirements, and hidden 
>>> gaps in ACPI support too, so it's just business as usual with 
>>> Windows: whatever works, works, don't ask why.
>>>
>>> Just my opinion of course.
>>>
>>> Laszlo
>>>
>>>>> The only crazy thing you didn't try is to use an XSDT instead of 
>>>>> the DSDT.
>>>>> I find it unlikely that this will help ...
>>>
>>> _______________________________________________
>>> edk2-devel mailing list
>>> edk2-devel@lists.01.org
>>> https://lists.01.org/mailman/listinfo/edk2-devel
>>
>> --
>> ======================================================================
>> ====
>> ===
>> -Bill Paul            (510) 749-2329 | Senior Member of Technical Staff,
>>                  wpaul@windriver.com | Master of Unix-Fu - Wind River 
>> Systems 
>> ======================================================================
>> ====
>> ===
>>    "I put a dollar in a change machine. Nothing changed." - George 
>> Carlin 
>> ======================================================================
>> ====
>> ===

Re: [Qemu-devel] [edk2] Windows does not support DataTableRegion at all [was: docs: describe QEMU's VMGenID design]

[Laszlo Ersek]

On 09/14/15 18:53, Bill Paul wrote:
> Of all the gin joints in all the towns in all the world, Laszlo Ersek had to 
> walk into mine at 03:24:42 on Monday 14 September 2015 and say:
> 
>> On 09/14/15 10:24, Igor Mammedov wrote:
>>> On Sun, 13 Sep 2015 15:34:51 +0300
>>>
>>> "Michael S. Tsirkin" <mst@redhat.com> wrote:
>>>> On Sun, Sep 13, 2015 at 01:56:44PM +0200, Laszlo Ersek wrote:
>>>>> As the subject suggests, I have terrible news.
>>>>>
>>>>> I'll preserve the full context here, so that it's easy to scroll back
>>>>> to the ASL for reference.
>>>>>
>>>>> I'm also CC'ing edk2-devel, because a number of BIOS developers should
>>>>> be congregating there.
>>>>
>>>> Wow, bravo! It does look like we need to go back to
>>>> the drawing board.
> 
> I read your original post on this with great interest, and I applaud your 
> determination in tracking this down. Nice job.

Thank you!

> Sadly, it seems you too have 
> fallen victim to the "If It Works With Windows, It Must Be Ok" syndrome.

Well, I'd put it like this: we've fallen victim to a publicly
undocumented feature gap / divergence from the ACPI spec in Windows'
ACPI.SYS.

> Now, I realize that as far as this particular situation is concerned, even if 
> Microsoft decided to add support for DataTableRegion() tomorrow, it wouldn't 
> really help because there are too many different versions of Windows in the 
> field and there's no way to retroactively patch them all. (Gee, that sounds 
> familiar...)

Correct.

> Nevertheless, am I correct in saying that this is in fact a bug in Microsoft's 
> ACPI implementation (both in their ASL compiler and in the AML parser)?

Absolutely. You are absolutely right.

We implemented the VMGENID spec with some undeniable creativity, but it
broke down because the AML interpreter in Windows does not support an
ACPI 2.0 feature.

(That interpreter is supposed to be ACPI 4.0 compliant, minimally; at
least if we can judge it after the "matching" AML.exe's stated
compatibility level, which is ACPI 4.0 in the standalone download, and
5.0 if you get it as part of the WDK.)

> Unless 
> DataTableRegion() is specified to be optional in some way (I don't know if it 
> is or not, but I doubt it),

It's not, to the best of my knowledge.

> this sounds like an clear cut case of non-
> compliance with the ACPI spec.

Yes, it's precisely that.

> And if that's true, isn't there any way to get 
> Microsoft to fix it?

I don't know. Is there?

Microsoft continue to release updates (KB*) for Windows 7, Windows 8,
Windows 10, and I think rolling a fix out for those would cover our
needs quite okay.

But:
- This would force QEMU/KVM host users to upgrade their Windows guest.
  Maybe not such a big hurdle, but I reckon Windows sysadmins are
  really conservative about installing updates. Perhaps we could solve
  this issue but documentation.

- More importantly, how do I even *report* this bug? How do I convince
  Microsoft to implement a whole missing feature in their ACPI compiler
  and interpreter? Can I demonstrate business justification?

  I'm doubtful especially because DataTableRegion's usefulness is quite
  apparent to the ACPI developer in search for parametrization options.
  DataTableRegion was published as part of ACPI 2.0, on July 27, 2000
  (more than fifteen years ago). I simply cannot imagine that in all
  that time *no* physical platform's firmware developer tried to use
  DataTableRegion.

  Therefore I can't help but assume that some big BIOS developer
  company has already reported this to Microsoft, and the feature
  request has been rejected. So what chance would I have?

Thanks
Laszlo

> 
> -Bill
> 
>>> I suggest we go back to the last Gal's series
>>> which is though not universal but a simple and
>>> straightforward solution.
>>> That series with comments addressed probably
>>> is what we need in the end.
>>
>> I agree (I commented the same on the RHBZ too). The only one requirement
>> we might not satisfy with that is that the page containing the
>> generation ID must always be mapped as cacheable. In practice it doesn't
>> seem to cause issues.
>>
>> We tried to play nice, but given that (a) the vmgenid doc doesn't
>> mention a real requirement about the _CRS -- ie. no IO descriptors are
>> allowed to be in it --, (b) Windows doesn't support DataTableRegion(), I
>> doubt we could cover our bases 100% anyway. There can be any number of
>> further hidden requirements, and hidden gaps in ACPI support too, so
>> it's just business as usual with Windows: whatever works, works, don't
>> ask why.
>>
>> Just my opinion of course.
>>
>> Laszlo
>>
>>>> The only crazy thing you didn't try is to use
>>>> an XSDT instead of the DSDT.
>>>> I find it unlikely that this will help ...
>>
>> _______________________________________________
>> edk2-devel mailing list
>> edk2-devel@lists.01.org
>> https://lists.01.org/mailman/listinfo/edk2-devel
> 

Re: [Qemu-devel] [edk2] Windows does not support DataTableRegion at all [was: docs: describe QEMU's VMGenID design]

[Bill Paul]

Of all the gin joints in all the towns in all the world, Laszlo Ersek had to 
walk into mine at 11:20:28 on Monday 14 September 2015 and say:

> On 09/14/15 18:53, Bill Paul wrote:
> > Of all the gin joints in all the towns in all the world, Laszlo Ersek had
> > to
> > 
> > walk into mine at 03:24:42 on Monday 14 September 2015 and say:
> >> On 09/14/15 10:24, Igor Mammedov wrote:
> >>> On Sun, 13 Sep 2015 15:34:51 +0300
> >>> 
> >>> "Michael S. Tsirkin" <mst@redhat.com> wrote:
> >>>> On Sun, Sep 13, 2015 at 01:56:44PM +0200, Laszlo Ersek wrote:
> >>>>> As the subject suggests, I have terrible news.
> >>>>> 
> >>>>> I'll preserve the full context here, so that it's easy to scroll back
> >>>>> to the ASL for reference.
> >>>>> 
> >>>>> I'm also CC'ing edk2-devel, because a number of BIOS developers
> >>>>> should be congregating there.
> >>>> 
> >>>> Wow, bravo! It does look like we need to go back to
> >>>> the drawing board.
> > 
> > I read your original post on this with great interest, and I applaud your
> > determination in tracking this down. Nice job.
> 
> Thank you!
> 
> > Sadly, it seems you too have
> > fallen victim to the "If It Works With Windows, It Must Be Ok" syndrome.
> 
> Well, I'd put it like this: we've fallen victim to a publicly
> undocumented feature gap / divergence from the ACPI spec in Windows'
> ACPI.SYS.
> 
> > Now, I realize that as far as this particular situation is concerned,
> > even if Microsoft decided to add support for DataTableRegion() tomorrow,
> > it wouldn't really help because there are too many different versions of
> > Windows in the field and there's no way to retroactively patch them all.
> > (Gee, that sounds familiar...)
> 
> Correct.
> 
> > Nevertheless, am I correct in saying that this is in fact a bug in
> > Microsoft's ACPI implementation (both in their ASL compiler and in the
> > AML parser)?
> 
> Absolutely. You are absolutely right.
> 
> We implemented the VMGENID spec with some undeniable creativity, but it
> broke down because the AML interpreter in Windows does not support an
> ACPI 2.0 feature.
> 
> (That interpreter is supposed to be ACPI 4.0 compliant, minimally; at
> least if we can judge it after the "matching" AML.exe's stated
> compatibility level, which is ACPI 4.0 in the standalone download, and
> 5.0 if you get it as part of the WDK.)
> 
> > Unless
> > DataTableRegion() is specified to be optional in some way (I don't know
> > if it is or not, but I doubt it),
> 
> It's not, to the best of my knowledge.
> 
> > this sounds like an clear cut case of non-
> > compliance with the ACPI spec.
> 
> Yes, it's precisely that.
> 
> > And if that's true, isn't there any way to get
> > Microsoft to fix it?
> 
> I don't know. Is there?

You would think that someone at Intel would know someone at Microsoft that 
could put some wheels in motion. (All this technology and still we have 
trouble communicating. :P )
 
> Microsoft continue to release updates (KB*) for Windows 7, Windows 8,
> Windows 10, and I think rolling a fix out for those would cover our
> needs quite okay.
> 
> But:
> - This would force QEMU/KVM host users to upgrade their Windows guest.
>   Maybe not such a big hurdle, but I reckon Windows sysadmins are
>   really conservative about installing updates. Perhaps we could solve
>   this issue but documentation.

I agree with you that it's a hassle, but so is patching any other Windows bug. 
And while this particular use of DataTableRegion() affects VMs, it has bearing 
on bare metal installations too.
 
> - More importantly, how do I even *report* this bug? How do I convince
>   Microsoft to implement a whole missing feature in their ACPI compiler
>   and interpreter? Can I demonstrate business justification?
>
>   I'm doubtful especially because DataTableRegion's usefulness is quite
>   apparent to the ACPI developer in search for parametrization options.
>   DataTableRegion was published as part of ACPI 2.0, on July 27, 2000
>   (more than fifteen years ago). I simply cannot imagine that in all
>   that time *no* physical platform's firmware developer tried to use
>   DataTableRegion.
> 
>   Therefore I can't help but assume that some big BIOS developer
>   company has already reported this to Microsoft, and the feature
>   request has been rejected. So what chance would I have?

I understand what you're saying. But, there has to be some way to deal with 
these sorts of things. If everyone thinks and acts that way, then that's 
effectively letting Microsoft control the ACPI standard by "embracing and 
extending" it. (Or in this case I guess it's embracing and constricting it.)

I think a major part of the problem is that the only standard with which the 
big BIOS developers feel they must comply is the Windows Logo program. The x86 
market is still dominated by Windows users, and getting that Windows badge 
onto the machines is still top priority. If there was a UEFI Forum Logo 
program to which they had to adhere instead, things might be different. But 
even if you created one today, as long as the Windows Logo program is still 
around, I doubt the BIOS developers would bother with it, because the majority 
of the end users don't know or care if their PC actually complies with the 
UEFI or ACPI specs. Years of clever marketing have convinced them that If It 
Works With Windows, It Must Be Ok. That's what dictates how they spend their 
money, which is what dictates how much money the hardware vendors make, which 
is what dictates how much money the BIOS developers make, which is what makes 
time travel possible.

Or something like that.

Also, if you want to talk business cases, I'm assuming that somewhere 
Microsoft claims ACPI compliance. If so, then clearly that claim is untrue, 
and I'd be willing to bet this isn't the only place where their implementation 
deviates from the spec either. It's bad for business to claim compliance with 
an industry standard and then very obviously (and maybe even deliberately) not 
comply with it. (If, as you say, this has already been reported and Microsoft 
decided not to fix it, then it's no longer just a good faith mistake.) It's 
even worse to do that while also being a prominent member of the very same 
industry committee responsible for defining the standard in the first place.

In any case, bugs are bugs. You shouldn't need a justification to fix them, 
especially with iron-clad proof of their existence like you have here.

All that aside, I don't know who to report it to either. Maybe this is a good 
time to establish a way to do that, because I doubt this will be the last time 
it will be necessary.

-Bill

> Thanks
> Laszlo
> 
> > -Bill
> > 
> >>> I suggest we go back to the last Gal's series
> >>> which is though not universal but a simple and
> >>> straightforward solution.
> >>> That series with comments addressed probably
> >>> is what we need in the end.
> >> 
> >> I agree (I commented the same on the RHBZ too). The only one requirement
> >> we might not satisfy with that is that the page containing the
> >> generation ID must always be mapped as cacheable. In practice it doesn't
> >> seem to cause issues.
> >> 
> >> We tried to play nice, but given that (a) the vmgenid doc doesn't
> >> mention a real requirement about the _CRS -- ie. no IO descriptors are
> >> allowed to be in it --, (b) Windows doesn't support DataTableRegion(), I
> >> doubt we could cover our bases 100% anyway. There can be any number of
> >> further hidden requirements, and hidden gaps in ACPI support too, so
> >> it's just business as usual with Windows: whatever works, works, don't
> >> ask why.
> >> 
> >> Just my opinion of course.
> >> 
> >> Laszlo
> >> 
> >>>> The only crazy thing you didn't try is to use
> >>>> an XSDT instead of the DSDT.
> >>>> I find it unlikely that this will help ...
> >> 
> >> _______________________________________________
> >> edk2-devel mailing list
> >> edk2-devel@lists.01.org
> >> https://lists.01.org/mailman/listinfo/edk2-devel

-- 
=============================================================================
-Bill Paul            (510) 749-2329 | Senior Member of Technical Staff,
                 wpaul@windriver.com | Master of Unix-Fu - Wind River Systems
=============================================================================
   "I put a dollar in a change machine. Nothing changed." - George Carlin
=============================================================================

Re: [Qemu-devel] [edk2] Windows does not support DataTableRegion at all [was: docs: describe QEMU's VMGenID design]

[Laszlo Ersek]

On 09/14/15 23:12, Bill Paul wrote:

[snip -- see my other email too]

> Also, if you want to talk business cases, I'm assuming that somewhere 
> Microsoft claims ACPI compliance.

Correct; this page:

<https://msdn.microsoft.com/en-us/library/windows/hardware/dn551195%28v=vs.85%29.aspx>

states

    Version 5.0 of the Microsoft ACPI source language (ASL) compiler
    supports the features in the Advanced Configuration and Power
    Interface Specification, Revision 5.0 [...]

And the separately downloadable ASL.exe that I tried starts with a banner that claims ACPI 4.0 compliance:

> C:\Program Files (x86)\Microsoft ASL Compiler v4.0>asl.exe x.dsl
> Microsoft ACPI Source Language Assembler Version 4.0.0NT [Aug 28 2009, 18:36:36]
> 
> Copyright (c) 1996,2009 Microsoft Corporation
> Compliant with the ACPI 4.0 Specification
> 
> [...]

The DataTableRegion() operator is from ACPI 2.0.

In ACPI 6.0 (the most recent release), it is still there.

(And, logically, if you can compile DataTableRegion() from ASL to AML (-> DefDataRegion), then your AML interpreter should also be able to parse and execute the binary DefDataRegion encoding codified by the standard.)

> If so, then clearly that claim is untrue,

Let's say, "not precise".

I think such gaps in support for various industry standards are not uncommon, but I believe they should be publicly documented. Using Google, I couldn't find a trace of this limitation. If there had been public documentation about this (or maybe a public bug tracker, or just a tech support forum post...), it would have saved us many many hours, at minimum.

(At this point though, the best for us would be if Microsoft decided to implement DataTableRegion() in ACPI.SYS, and push it out as KBxxxxx.)
 
> and I'd be willing to bet this isn't the only place where their implementation 
> deviates from the spec either.

I assume that's likely, yes.

> It's bad for business to claim compliance with 
> an industry standard and then very obviously (and maybe even deliberately) not 
> comply with it.

The inaccurate claim about compliance is certainly confusing.

Establishing the non-compliance (from the oustide anyway) was anything but obvious. But, now that we've seen the evidence, it's quite factual.

> (If, as you say, this has already been reported and Microsoft 
> decided not to fix it, then it's no longer just a good faith mistake.)

I didn't try to state that as a fact, I just opined that in the 15 years since the release of the ACPI 2.0 revision, someone must surely have tried DataTableRegion(). Assuming that programmer worked for a big BIOS company (which I think is a safe assumption -- before virtualization has become commonplace, who else looked into *writing* ACPI tables?), it seems to follow that a bug would be reported in some way.

> It's 
> even worse to do that while also being a prominent member of the very same 
> industry committee responsible for defining the standard in the first place.

Right, it's strange.

> In any case, bugs are bugs. You shouldn't need a justification to fix them, 
> especially with iron-clad proof of their existence like you have here.

Bugfixing has costs. That's what I'm worried about a little bit. I don't know what to put in the other side of the balance. "Improving compliance" should have marketing value, minimally. Then, "helping QEMU developers implement Microsoft's VMGENID spec, thereby improving Windows guest utility on QEMU" should ultimately translate to wider Windows guest adoption.

> All that aside, I don't know who to report it to either. Maybe this is a good 
> time to establish a way to do that, because I doubt this will be the last time 
> it will be necessary.

I'm hopeful about the ASWG connection.

Thanks!
Laszlo

> -Bill
> 
>> Thanks
>> Laszlo
>>
>>> -Bill
>>>
>>>>> I suggest we go back to the last Gal's series
>>>>> which is though not universal but a simple and
>>>>> straightforward solution.
>>>>> That series with comments addressed probably
>>>>> is what we need in the end.
>>>>
>>>> I agree (I commented the same on the RHBZ too). The only one requirement
>>>> we might not satisfy with that is that the page containing the
>>>> generation ID must always be mapped as cacheable. In practice it doesn't
>>>> seem to cause issues.
>>>>
>>>> We tried to play nice, but given that (a) the vmgenid doc doesn't
>>>> mention a real requirement about the _CRS -- ie. no IO descriptors are
>>>> allowed to be in it --, (b) Windows doesn't support DataTableRegion(), I
>>>> doubt we could cover our bases 100% anyway. There can be any number of
>>>> further hidden requirements, and hidden gaps in ACPI support too, so
>>>> it's just business as usual with Windows: whatever works, works, don't
>>>> ask why.
>>>>
>>>> Just my opinion of course.
>>>>
>>>> Laszlo
>>>>
>>>>>> The only crazy thing you didn't try is to use
>>>>>> an XSDT instead of the DSDT.
>>>>>> I find it unlikely that this will help ...
>>>>
>>>> _______________________________________________
>>>> edk2-devel mailing list
>>>> edk2-devel@lists.01.org
>>>> https://lists.01.org/mailman/listinfo/edk2-devel
> 

Re: [Qemu-devel] [edk2] Windows does not support DataTableRegion at all [was: docs: describe QEMU's VMGenID design]

[Moore, Robert]

I can't speak to the MS interpreter, but the iASL compiler does indeed support DataTableRegion (as well as the ACPICA interpreter). It may be worth an experiment to build an AML table with the iASL compiler that contains a DataTableRegion, and try it out on Win.

Also, newer versions of the MS ASL compiler (at least 5.0), are a bit harder to obtain. It appears to now be part of the WDK:

"The ASL compiler is distributed with the Windows Driver Kit (WDK) 8.1. Look for the Asl.exe executable file in the Tools\arm\ACPIVerify, Tools\x86\ACPIVerify, or Tools\x64\ACPIVerify directory of your installed WDK."

However, I would suggest that you use the iASL compiler, it is actively maintained and has enhanced error detection. It is available at:

https://www.acpica.org/downloads/binary-tools

Bob



> -----Original Message-----
> From: Laszlo Ersek [mailto:lersek@redhat.com]
> Sent: Tuesday, September 15, 2015 3:49 AM
> To: Bill Paul
> Cc: edk2-devel@ml01.01.org; Igor Mammedov; Michael S. Tsirkin; Josh
> Triplett; Gal Hammer; Moore, Robert; qemu-devel@nongnu.org; Paolo Bonzini
> Subject: Re: [edk2] [Qemu-devel] Windows does not support DataTableRegion
> at all [was: docs: describe QEMU's VMGenID design]
> 
> On 09/14/15 23:12, Bill Paul wrote:
> 
> [snip -- see my other email too]
> 
> > Also, if you want to talk business cases, I'm assuming that somewhere
> > Microsoft claims ACPI compliance.
> 
> Correct; this page:
> 
> <https://msdn.microsoft.com/en-
> us/library/windows/hardware/dn551195%28v=vs.85%29.aspx>
> 
> states
> 
>     Version 5.0 of the Microsoft ACPI source language (ASL) compiler
>     supports the features in the Advanced Configuration and Power
>     Interface Specification, Revision 5.0 [...]
> 
> And the separately downloadable ASL.exe that I tried starts with a banner
> that claims ACPI 4.0 compliance:
> 
> > C:\Program Files (x86)\Microsoft ASL Compiler v4.0>asl.exe x.dsl
> > Microsoft ACPI Source Language Assembler Version 4.0.0NT [Aug 28 2009,
> > 18:36:36]
> >
> > Copyright (c) 1996,2009 Microsoft Corporation Compliant with the ACPI
> > 4.0 Specification
> >
> > [...]
> 
> The DataTableRegion() operator is from ACPI 2.0.
> 
> In ACPI 6.0 (the most recent release), it is still there.
> 
> (And, logically, if you can compile DataTableRegion() from ASL to AML (->
> DefDataRegion), then your AML interpreter should also be able to parse and
> execute the binary DefDataRegion encoding codified by the standard.)
> 
> > If so, then clearly that claim is untrue,
> 
> Let's say, "not precise".
> 
> I think such gaps in support for various industry standards are not
> uncommon, but I believe they should be publicly documented. Using Google,
> I couldn't find a trace of this limitation. If there had been public
> documentation about this (or maybe a public bug tracker, or just a tech
> support forum post...), it would have saved us many many hours, at
> minimum.
> 
> (At this point though, the best for us would be if Microsoft decided to
> implement DataTableRegion() in ACPI.SYS, and push it out as KBxxxxx.)
> 
> > and I'd be willing to bet this isn't the only place where their
> > implementation deviates from the spec either.
> 
> I assume that's likely, yes.
> 
> > It's bad for business to claim compliance with an industry standard
> > and then very obviously (and maybe even deliberately) not comply with
> > it.
> 
> The inaccurate claim about compliance is certainly confusing.
> 
> Establishing the non-compliance (from the oustide anyway) was anything but
> obvious. But, now that we've seen the evidence, it's quite factual.
> 
> > (If, as you say, this has already been reported and Microsoft decided
> > not to fix it, then it's no longer just a good faith mistake.)
> 
> I didn't try to state that as a fact, I just opined that in the 15 years
> since the release of the ACPI 2.0 revision, someone must surely have tried
> DataTableRegion(). Assuming that programmer worked for a big BIOS company
> (which I think is a safe assumption -- before virtualization has become
> commonplace, who else looked into *writing* ACPI tables?), it seems to
> follow that a bug would be reported in some way.
> 
> > It's
> > even worse to do that while also being a prominent member of the very
> > same industry committee responsible for defining the standard in the
> first place.
> 
> Right, it's strange.
> 
> > In any case, bugs are bugs. You shouldn't need a justification to fix
> > them, especially with iron-clad proof of their existence like you have
> here.
> 
> Bugfixing has costs. That's what I'm worried about a little bit. I don't
> know what to put in the other side of the balance. "Improving compliance"
> should have marketing value, minimally. Then, "helping QEMU developers
> implement Microsoft's VMGENID spec, thereby improving Windows guest
> utility on QEMU" should ultimately translate to wider Windows guest
> adoption.
> 
> > All that aside, I don't know who to report it to either. Maybe this is
> > a good time to establish a way to do that, because I doubt this will
> > be the last time it will be necessary.
> 
> I'm hopeful about the ASWG connection.
> 
> Thanks!
> Laszlo
> 
> > -Bill
> >
> >> Thanks
> >> Laszlo
> >>
> >>> -Bill
> >>>
> >>>>> I suggest we go back to the last Gal's series which is though not
> >>>>> universal but a simple and straightforward solution.
> >>>>> That series with comments addressed probably is what we need in
> >>>>> the end.
> >>>>
> >>>> I agree (I commented the same on the RHBZ too). The only one
> >>>> requirement we might not satisfy with that is that the page
> >>>> containing the generation ID must always be mapped as cacheable. In
> >>>> practice it doesn't seem to cause issues.
> >>>>
> >>>> We tried to play nice, but given that (a) the vmgenid doc doesn't
> >>>> mention a real requirement about the _CRS -- ie. no IO descriptors
> >>>> are allowed to be in it --, (b) Windows doesn't support
> >>>> DataTableRegion(), I doubt we could cover our bases 100% anyway.
> >>>> There can be any number of further hidden requirements, and hidden
> >>>> gaps in ACPI support too, so it's just business as usual with
> >>>> Windows: whatever works, works, don't ask why.
> >>>>
> >>>> Just my opinion of course.
> >>>>
> >>>> Laszlo
> >>>>
> >>>>>> The only crazy thing you didn't try is to use an XSDT instead of
> >>>>>> the DSDT.
> >>>>>> I find it unlikely that this will help ...
> >>>>
> >>>> _______________________________________________
> >>>> edk2-devel mailing list
> >>>> edk2-devel@lists.01.org
> >>>> https://lists.01.org/mailman/listinfo/edk2-devel
> >

Re: [Qemu-devel] [edk2] Windows does not support DataTableRegion at all [was: docs: describe QEMU's VMGenID design]

[Laszlo Ersek]

On 09/15/15 15:45, Moore, Robert wrote:
> I can't speak to the MS interpreter, but the iASL compiler does
> indeed support DataTableRegion

Yes, that was the very first thing I tested. That was a prerequisite for
writing the design doc (which contained ASL code).

> (as well as the ACPICA interpreter).

Right, our code worked right there.

> It may be worth an experiment to build an AML table with the iASL
> compiler that contains a DataTableRegion, and try it out on Win.

That wouldn't add much info now.

QEMU generates binary AML in C source code, to be exposed by the guest
firmware to the guest OS. Beyond the fact that ACPICA's AML interpreter
executes that AML correctly, I also decompiled the same AML with
"acpidump -b" + "iasl -d" within the guest, and verified the decompiled
ASL. It looks 100% fine, and as expected.

The issue is *really* that ACPI.SYS cannot distinguish

  <ExtOpPrefix 0x88>

which is DataRegionOp, from

  <0x88>

which is IndexOp.

In turn this bug causes ACPI.SYS to mis-interpret DefDataRegion (which
starts with DataRegionOp) as DefIndex (which starts with IndexOp).

Whether this is the consequence of a "simple" AML parsing error in
ACPI.SYS, or the complete lack of DataTableRegion support, I can't tell.

> Also, newer versions of the MS ASL compiler (at least 5.0), are a bit
> harder to obtain. It appears to now be part of the WDK:
> 
> "The ASL compiler is distributed with the Windows Driver Kit (WDK)
> 8.1. Look for the Asl.exe executable file in the
> Tools\arm\ACPIVerify, Tools\x86\ACPIVerify, or Tools\x64\ACPIVerify
> directory of your installed WDK."

Yeah, I tried that in a Windows VM, but when I saw that the WDK
installer wanted to download about 10 to 20 GB of stuff, I looked after
other possibilities. (And found the standalone 4.0 compiler.)

> However, I would suggest that you use the iASL compiler, it is
> actively maintained and has enhanced error detection. It is available
> at:
> 
> https://www.acpica.org/downloads/binary-tools

Whenever we compile ASL to AML (as opposed to dynamically generating AML
in our own C code, with Igor's AML generator API), we use iasl exclusively.

The only reason I checked the Microsoft ASL.exe compiler was to see if
that tool was *bug-consistent* with ACPI.SYS. And it was; Windows tools
can neither compile, nor execute, nor decompile (in WinDbg) DataRegionOp.

Thanks
Laszlo

> 
> Bob
> 
> 
> 
>> -----Original Message-----
>> From: Laszlo Ersek [mailto:lersek@redhat.com]
>> Sent: Tuesday, September 15, 2015 3:49 AM
>> To: Bill Paul
>> Cc: edk2-devel@ml01.01.org; Igor Mammedov; Michael S. Tsirkin; Josh
>> Triplett; Gal Hammer; Moore, Robert; qemu-devel@nongnu.org; Paolo Bonzini
>> Subject: Re: [edk2] [Qemu-devel] Windows does not support DataTableRegion
>> at all [was: docs: describe QEMU's VMGenID design]
>>
>> On 09/14/15 23:12, Bill Paul wrote:
>>
>> [snip -- see my other email too]
>>
>>> Also, if you want to talk business cases, I'm assuming that somewhere
>>> Microsoft claims ACPI compliance.
>>
>> Correct; this page:
>>
>> <https://msdn.microsoft.com/en-
>> us/library/windows/hardware/dn551195%28v=vs.85%29.aspx>
>>
>> states
>>
>>     Version 5.0 of the Microsoft ACPI source language (ASL) compiler
>>     supports the features in the Advanced Configuration and Power
>>     Interface Specification, Revision 5.0 [...]
>>
>> And the separately downloadable ASL.exe that I tried starts with a banner
>> that claims ACPI 4.0 compliance:
>>
>>> C:\Program Files (x86)\Microsoft ASL Compiler v4.0>asl.exe x.dsl
>>> Microsoft ACPI Source Language Assembler Version 4.0.0NT [Aug 28 2009,
>>> 18:36:36]
>>>
>>> Copyright (c) 1996,2009 Microsoft Corporation Compliant with the ACPI
>>> 4.0 Specification
>>>
>>> [...]
>>
>> The DataTableRegion() operator is from ACPI 2.0.
>>
>> In ACPI 6.0 (the most recent release), it is still there.
>>
>> (And, logically, if you can compile DataTableRegion() from ASL to AML (->
>> DefDataRegion), then your AML interpreter should also be able to parse and
>> execute the binary DefDataRegion encoding codified by the standard.)
>>
>>> If so, then clearly that claim is untrue,
>>
>> Let's say, "not precise".
>>
>> I think such gaps in support for various industry standards are not
>> uncommon, but I believe they should be publicly documented. Using Google,
>> I couldn't find a trace of this limitation. If there had been public
>> documentation about this (or maybe a public bug tracker, or just a tech
>> support forum post...), it would have saved us many many hours, at
>> minimum.
>>
>> (At this point though, the best for us would be if Microsoft decided to
>> implement DataTableRegion() in ACPI.SYS, and push it out as KBxxxxx.)
>>
>>> and I'd be willing to bet this isn't the only place where their
>>> implementation deviates from the spec either.
>>
>> I assume that's likely, yes.
>>
>>> It's bad for business to claim compliance with an industry standard
>>> and then very obviously (and maybe even deliberately) not comply with
>>> it.
>>
>> The inaccurate claim about compliance is certainly confusing.
>>
>> Establishing the non-compliance (from the oustide anyway) was anything but
>> obvious. But, now that we've seen the evidence, it's quite factual.
>>
>>> (If, as you say, this has already been reported and Microsoft decided
>>> not to fix it, then it's no longer just a good faith mistake.)
>>
>> I didn't try to state that as a fact, I just opined that in the 15 years
>> since the release of the ACPI 2.0 revision, someone must surely have tried
>> DataTableRegion(). Assuming that programmer worked for a big BIOS company
>> (which I think is a safe assumption -- before virtualization has become
>> commonplace, who else looked into *writing* ACPI tables?), it seems to
>> follow that a bug would be reported in some way.
>>
>>> It's
>>> even worse to do that while also being a prominent member of the very
>>> same industry committee responsible for defining the standard in the
>> first place.
>>
>> Right, it's strange.
>>
>>> In any case, bugs are bugs. You shouldn't need a justification to fix
>>> them, especially with iron-clad proof of their existence like you have
>> here.
>>
>> Bugfixing has costs. That's what I'm worried about a little bit. I don't
>> know what to put in the other side of the balance. "Improving compliance"
>> should have marketing value, minimally. Then, "helping QEMU developers
>> implement Microsoft's VMGENID spec, thereby improving Windows guest
>> utility on QEMU" should ultimately translate to wider Windows guest
>> adoption.
>>
>>> All that aside, I don't know who to report it to either. Maybe this is
>>> a good time to establish a way to do that, because I doubt this will
>>> be the last time it will be necessary.
>>
>> I'm hopeful about the ASWG connection.
>>
>> Thanks!
>> Laszlo
>>
>>> -Bill
>>>
>>>> Thanks
>>>> Laszlo
>>>>
>>>>> -Bill
>>>>>
>>>>>>> I suggest we go back to the last Gal's series which is though not
>>>>>>> universal but a simple and straightforward solution.
>>>>>>> That series with comments addressed probably is what we need in
>>>>>>> the end.
>>>>>>
>>>>>> I agree (I commented the same on the RHBZ too). The only one
>>>>>> requirement we might not satisfy with that is that the page
>>>>>> containing the generation ID must always be mapped as cacheable. In
>>>>>> practice it doesn't seem to cause issues.
>>>>>>
>>>>>> We tried to play nice, but given that (a) the vmgenid doc doesn't
>>>>>> mention a real requirement about the _CRS -- ie. no IO descriptors
>>>>>> are allowed to be in it --, (b) Windows doesn't support
>>>>>> DataTableRegion(), I doubt we could cover our bases 100% anyway.
>>>>>> There can be any number of further hidden requirements, and hidden
>>>>>> gaps in ACPI support too, so it's just business as usual with
>>>>>> Windows: whatever works, works, don't ask why.
>>>>>>
>>>>>> Just my opinion of course.
>>>>>>
>>>>>> Laszlo
>>>>>>
>>>>>>>> The only crazy thing you didn't try is to use an XSDT instead of
>>>>>>>> the DSDT.
>>>>>>>> I find it unlikely that this will help ...
>>>>>>
>>>>>> _______________________________________________
>>>>>> edk2-devel mailing list
>>>>>> edk2-devel@lists.01.org
>>>>>> https://lists.01.org/mailman/listinfo/edk2-devel
>>>
> 

[Qemu-devel] [PATCH FYI 00/13] ACPI stuff for the DataTableRegion()-based VMGenID

[Laszlo Ersek]

So, as I wrote in the parent, this does not actually work in Windows,
because Windows doesn't support the DataTableRegion() operator; not even
modern Windows versions.

I'm nonetheless posting the series for the following purposes:

- Posterity. I think the series is worth preserving in the mailing list
  archive.

- Testing by others, if anyone is so inclined. (Should someone come back
  here later: the series applies to commit
  fc04a730b7e60f4a62d6260d4eb9c537d1d3643f.)

- I think that several patches from the series would be worth merging in
  their own right.

Anatomy of the FYI series:

- Patch 01 is known from the RFC posting; it has seen a number of
  changes. Those are all noted on the patch itself.

- Patch 02 is not related to ACPI, but it was the first one I wrote,
  while trying to attack this series, so I'm including it here anyway.

- Patches 03 to 08 add generic code for, and then introduce, the UEFI
  ACPI Data Table, described in patch 01.

- Patches 09 to 13 add helper functions for, and then generate, the VMGI
  device's AML.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Gal Hammer <ghammer@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Shannon Zhao <shannon.zhao@linaro.org>

Thanks
Laszlo

Laszlo Ersek (13):
  docs: describe QEMU's VMGenID design
  hw/acpi: add i386 callbacks for injecting GPE 04 when the VMGENID
    changes
  hw/acpi: rename "AcpiBuildTables.table_data" to "main_blob"
  hw/acpi: allow RSDT entries to be relocated to various fw_cfg blobs
  hw/acpi: add more flexible acpi_add_table() and build_header()
    variants
  hw/acpi: introduce ACPI_BUILD_QEMUPARAM_FILE
  hw/acpi: introduce the AcpiQemuParamTable structure
  hw/i386: build UEFI ACPI Data Table for VMGENID in the dedicated blob
    (WIP)
  hw/acpi: expose more parameters for aml_method()
  hw/acpi: add AML generator function for DataTableRegion()
  hw/acpi: add AML generator function for AccessAs()
  hw/acpi: add AML generator function for CreateQWordField()
  hw/i386: generate AML for the VMGENID device (WIP)

 include/hw/acpi/acpi.h               |   1 +
 include/hw/acpi/acpi_dev_interface.h |   4 +
 include/hw/acpi/aml-build.h          |  23 ++-
 include/hw/acpi/ich9.h               |   1 +
 include/hw/acpi/vmgenid.h            |  72 ++++++++
 hw/acpi/aml-build.c                  | 135 ++++++++++++--
 hw/acpi/ich9.c                       |   8 +
 hw/acpi/piix4.c                      |   8 +
 hw/arm/virt-acpi-build.c             |  11 +-
 hw/i386/acpi-build.c                 | 159 ++++++++++++++++-
 hw/isa/lpc_ich9.c                    |   1 +
 docs/vmgenid.txt                     | 336 +++++++++++++++++++++++++++++++++++
 12 files changed, 738 insertions(+), 21 deletions(-)
 create mode 100644 include/hw/acpi/vmgenid.h
 create mode 100644 docs/vmgenid.txt

-- 
1.8.3.1

[Qemu-devel] [PATCH FYI 01/13] docs: describe QEMU's VMGenID design

[Laszlo Ersek]

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Gal Hammer <ghammer@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
---

Notes:
    fyi:
    - move from docs/specs/ to docs/ [Eric, Paolo]
    - fix grammar [Eric]
    - clarify that requirement R1e covers ROM and MMIO too [Michael]
    - replace '"BOCHS"' with '"BOCHS "' in the DataTableRegion operator, so
      that the OEM ID argument matches ACPI_BUILD_APPNAME6 exactly
    - remove the _CRS with the IO descriptor in it, because Windows' VMGENID
      driver chokes on that (but is okay with the absence of the _CRS). See
      <http://thread.gmane.org/gmane.comp.emulators.qemu/357940/focus=2232>
      for more.
    
    rfc:
    - This is based on the super long private email discussion we had two
      months ago, plus on the IRL discussion between Michael and myself @
      the KVM Forum 2015.

 docs/vmgenid.txt | 336 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 336 insertions(+)
 create mode 100644 docs/vmgenid.txt

diff --git a/docs/vmgenid.txt b/docs/vmgenid.txt
new file mode 100644
index 0000000..4a9c1d0
--- /dev/null
+++ b/docs/vmgenid.txt
@@ -0,0 +1,336 @@
+Virtual Machine Generation ID Device
+====================================
+
+The Microsoft specification entitled "Virtual Machine Generation ID",
+maintained at <http://go.microsoft.com/fwlink/?LinkId=260709>, defines an ACPI
+feature that allows the guest OSPM to recognize when it has been returned "to
+an earlier point in time", e.g. by restoring from snapshot, or by incoming
+migration. Quoting the spec,
+
+    The virtual machine generation ID is a feature whereby the virtual machines
+    BIOS will expose a new ID. This is a 128-bit, cryptographically random
+    integer value identifier that will be different every time the virtual
+    machine executes from a different configuration file-such as executing from
+    a recovered snapshot, or executing after restoring from backup. [...]
+
+The document you are reading now extracts the requirements set forth by the
+VMGenID spec for hypervisors that intend to provide the feature, and describes
+QEMU's implementation. The design below targets both SeaBIOS and OVMF as
+compatible guest firmwares, without any changes to either of them.
+
+Requirements
+------------
+
+These requirements are extracted from the "How to implement virtual machine
+generation ID support in a virtualization platform" section of the
+specification, dated August 1, 2012.
+
+R1a. The generation ID shall live in an 8-byte aligned buffer.
+
+R1b. The buffer holding the generation ID shall be in guest RAM, ROM, or device
+     MMIO range.
+
+R1c. The buffer holding the generation ID shall be kept separate from areas
+     used by the operating system.
+
+R1d. The buffer shall not be covered by an AddressRangeMemory or
+     AddressRangeACPI entry in the E820 or UEFI memory map.
+
+R1e. The generation ID shall not live in a page frame that could be mapped with
+     caching disabled. (In other words, regardless of whether the generation ID
+     lives in RAM, ROM or MMIO, it shall only be mapped as cacheable.)
+
+R2 to R5. [These AML requirements are isolated well enough in the Microsoft
+          specification for us to simply refer to them here.]
+
+R6. The hypervisor shall expose a _HID (hardware identifier) object in the
+    VMGenId device's scope that is unique to the hypervisor vendor.
+
+Generation ID buffer design
+---------------------------
+
+QEMU places the generation ID buffer inside a separate fw_cfg blob that is
+exposed to the guest OS with the ACPI linker/loader.
+
+The structure of the blob is as follows. Offsets, sizes and numeric values are
+given in decimal; furthermore the latter are encoded in little endian.
+
+  Offs  Field               Size  Value
+  ----  ------------------  ----  ------------------------------------
+     0  System Description    36
+        Table Header
+     0    Signature            4                                "UEFI"
+     4    Length               4                                    62
+     8    Revision             1                                     1
+     9    Checksum             1                                     0
+    10    OEMID                6        ACPI_BUILD_APPNAME6 ("BOCHS ")
+    16    OEM Table ID         8                            "QEMUPARM"
+    24    OEM Revision         4                                     1
+    28    Creator ID           4          ACPI_BUILD_APPNAME4 ("BXPC")
+    32    Creator Revision     4                                     1
+
+    36  UEFI Table            18
+        Sub-Header
+    36    Identifier          16  417a5dff-bf4b-4abc-a839-6593bb41f452
+    52    DataOffset           2                                    54
+
+    54  ADDR base pointer      8                                    62
+  ....................................................................
+    62  OVMF SDT Header       36                                zeroes
+        probe suppressor
+    98  VMGenID alignment      6                                zeroes
+        padding
+   104  generation ID         16                       128-bit VMGenID
+   120  fw_cfg blob         3976                                zeroes
+        padding
+  4096  <end of blob>
+
+The fw_cfg blob is divided in two parts conceptually (separated by the dotted
+line in the diagram). The first part, up to and excluding offset 62, is a
+"UEFI" ACPI Table, governed by the UEFI specification 2.5, Appendix O. The
+second part is mainly padding, but it also contains the generation ID.
+
+The "UEFI" ACPI Table -- in the first part -- is a "normal" ACPI table whose
+generic header is defined by the ACPI specification, but for which the UEFI
+spec defines the "UEFI" signature and adds two more fixed fields, "Identifier"
+and "DataOffset".
+
+- The Identifier field carries a 128-bit GUID, and enables firmware
+  implementors to install several "UEFI" tables with different internal
+  structures, enabling OSPM to tell them apart based on the (Type-)Identifier
+  GUID field.
+
+  For the purposes of QEMU's VMGenID implementation, we generated a new GUID
+  with the "uuidgen" utility. It should be different from all other
+  "Identifier" values, present and future, but otherwise no other software need
+  be aware of the concrete GUID value we generated.
+
+- The DataOffset field is just an offset into the table where the actual
+  (Identifier-specific) data starts.
+
+  For the purposes of QEMU's VMGenID implementation, we simply set it to the
+  next (QEMU-specific) field, "ADDR base pointer".
+
+Linker/loader commands
+----------------------
+
+The name of the fw_cfg blob is "etc/acpi/qemuparam". The ALLOCATE command that
+instructs the guest firmware to download this fw_cfg blob specifies an
+alignment of 4096, and the blob will have size 4096 too.
+
+An ADD_POINTER command links the "UEFI" ACPI Table at the start of the blob
+into the RSDT.
+
+Another ADD_POINTER command relocates the "ADDR base pointer" field to the
+absolute address of the "OVMF SDT Header probe suppressor" field, within the
+same blob.
+
+After this relocation, an ADD_CHECKSUM command updates the Checksum field,
+covering the entire "UEFI" ACPI Table (which extends up to and excluding offset
+62).
+
+Blob behavior under SeaBIOS
+---------------------------
+
+(Most of the complexity in the blob is ignored when the guest firmware is
+SeaBIOS.)
+
+- SeaBIOS's ACPI linker/loader client allocates the blob in normal RAM
+  (satisfying R1b).
+
+- Because the ALLOCATE command prescribes an alignment of 4KB, and the blob's
+  size is also 4KB, the allocation covers a standalone page frame in full
+  (satisfying R1e).
+
+- The 128-bit VMGenID field is located at offset 104 within that page,
+  resulting in a guest-physical address divisible by 8 (satisfying R1a).
+
+- The blob is marked as Reserved in the E820 map (satisfying R1c and R1d).
+
+- The "UEFI" ACPI Table at the start of the blob is linked into the RSDT,
+  in-place.
+
+- The "ADDR" AML method (see later) is allowed to refer to the "UEFI" ACPI
+  Table with the DataTableRegion operator, because the table is located in
+  memory marked as AddressRangeReserved.
+
+- The "ADDR base pointer" field points at "OVMF SDT Header probe suppressor",
+  which is right after the "UEFI" ACPI Table inside the blob. At OSPM runtime,
+  the "ADDR" AML method reads the "ADDR base pointer" field, and adds 42, to
+  arrive at the address of the VMGenID field.
+
+  blob @ page offset 0              RSDT
+  +-----------------------+         +-----+
+  | "UEFI" ACPI Table <---------+   | ... |
+  | +-------------------+ |     |   | ... |
+  | | ...               | |     +---- ... |
+  | | ...               | |         +-----+
+  | | ADDR base pointer -----+
+  | +-------------------+ |  |
+  | probe suppressor <-------+
+  | VMGenID @ offset 104  |
+  | padding               |
+  +-----------------------+
+
+Blob behavior under OVMF
+------------------------
+
+The complexity in the blob is required by the two-pass nature of OVMF's ACPI
+linker/loader client, which in turn comes from the fact that OVMF has to
+dissect blobs into individual ACPI tables vs. "other things", tracking the
+ADD_POINTER commands, so that tables can be installed individually, with
+EFI_ACPI_TABLE_PROTOCOL.
+
+- OVMF's ACPI linker/loader client allocates the blob in normal RAM (satisfying
+  R1b).
+
+- Because the ALLOCATE command prescribes an alignment of 4KB, and the blob's
+  size is also 4KB, the allocation covers a standalone page frame in full
+  (satisfying R1e).
+
+- The 128-bit VMGenID field is located at offset 104 within that page,
+  resulting in a guest-physical address divisible by 8 (satisfying R1a).
+
+- OVMF's ACPI linker/loader allocates the blob in EfiACPIMemoryNVS type memory,
+  therefore it is marked as such in the UEFI memmap (satisfying R1c and R1d).
+
+- OVMF identifies the "UEFI" ACPI Table at the start of the blob in the second
+  pass, following the ADD_POINTER command that is meant to link the table into
+  the RSDT. OVMF installs a *copy* of the "UEFI" ACPI Table with
+  EFI_ACPI_TABLE_PROTOCOL (linking the copy into both RSDT and XSDT). Given the
+  "UEFI" signature of the table, EFI_ACPI_TABLE_PROTOCOL places the copy of the
+  table in EfiACPIMemoryNVS type memory.
+
+- The "ADDR" AML method (see later) is allowed to refer to the "UEFI" ACPI
+  Table with the DataTableRegion operator, because the table is located in
+  memory marked as AddressRangeNVS.
+
+- The "ADDR base pointer" field inside the installed table points at "OVMF SDT
+  Header probe suppressor" in the original blob. Because this field is filled
+  with zeros, OVMF's table identification heuristics unconditionally reports a
+  negative when it tracks the relevant ADD_POINTER command to it in the second
+  pass. Therefore the blob is marked as "hosts something else than just ACPI
+  tables", and it is preserved permanently (in the same EfiACPIMemoryNVS type
+  memory where it has been originally allocated).
+
+  At OSPM runtime, the "ADDR" AML method reads the "ADDR base pointer" field,
+  and adds 42, to arrive at the address of the VMGenID field.
+
+  blob @ page offset 0               RSDT         XSDT
+  +-----------------------------+    +-----+      +-----+
+  | "UEFI" ACPI Table (in blob) |    | ... |      | ... |
+  | +-------------------------+ |    | ... ---+   | ... ---------------+
+  | |XXXXXXXXXXXXXXXXXXXXXXXXX| |    +-----+  |   +-----+              |
+  | |XXXXXXX [unused] XXXXXXXX| |             |                        |
+  | |XXXXXXXXXXXXXXXXXXXXXXXXX| |             +------------------------+
+  | +-------------------------+ |                                      |
+  | probe suppressor <-------------+  "UEFI" ACPI Table (installed) <--+
+  | VMGenID @ offset 104        |  |  +---------------------------+
+  | padding                     |  |  | ...                       |
+  +-----------------------------+  |  | ...                       |
+                                   +--- ADDR base pointer         |
+                                      +---------------------------+
+
+ACPI device, control methods
+----------------------------
+
+Requirements R2 through R6 of the VMGenID specification are satisfied with the
+following ACPI logic, exposed by QEMU's ACPI generator in one of the SSDTs, and
+installed by both guest firmwares as such.
+
+The basic idea is that, when the appropriate guest driver calls the ADDR method
+(see R4), OSPM locates the generation ID field in the 4KB blob that lives in
+E820 Reserved (SeaBIOS) or EfiACPIMemoryNVS type (OVMF) memory. The
+guest-physical address of the field is communicated to QEMU via IO ports
+[0x512..0x519] inclusive. Then QEMU is cued through IO port 0x51A to refresh
+(and keep refreshing when appropriate) the generation ID at the passed back
+address. Finally, the method returns the address to the guest driver too, in
+the format required by R4.
+
+    Scope(\_SB) {
+        Device (VMGI) {
+            /* satisfy R2 */
+            Name (_CID, "VM_Gen_Counter")
+
+            /* satisfy R3 */
+            Name (_DDN, "VM_Gen_Counter")
+
+            /* satisfy R6 */
+            Name (_HID, "QEMU0002")
+
+            /* Device status: present, enabled & decoding resources, should be
+             * shown in the UI, functioning properly.
+             */
+            Name (_STA, 0xF)
+
+            /* Satisfy R4.
+             *
+             * This method is serialized because it creates named objects.
+             */
+            Method (ADDR, 0, Serialized) {
+                /* The 8-byte integer field defined as ADBP below is the
+                 * "ADDR base pointer" field in the UEFI ACPI Table.
+                 *
+                 * The DataTableRegion() operator locates that ACPI table by
+                 * scanning the RSDT/XSDT using the (SignatureString,
+                 * OemIDString, OemTableIDString) triplet as key.
+                 *
+                 * Windows XP would normally crash on the DataTableRegion()
+                 * operator, but it never calls the ADDR method, hence it never
+                 * reaches or evaluates DataTableRegion().
+                 */
+                DataTableRegion (TBLR, "UEFI", "BOCHS ", "QEMUPARM")
+                Field (TBLR, AnyAcc, NoLock, Preserve) {
+                  Offset (54),
+                  ADBP, 64
+                }
+
+                /* The first two 4-byte ports are used to communicate the
+                 * 64-bit guest-physical address of the actual (relocated)
+                 * 128-bit generation ID field to QEMU, in little endian
+                 * encoding, so that QEMU can rewrite that field in guest RAM.
+                 *
+                 * A write to last 1-byte port signals that the address has
+                 * been written fully, and QEMU is free to dereference it.
+                 */
+                OperationRegion (VMGR, SystemIO, 0x512, 9)
+                Field (VMGR, DWordAcc, NoLock, Preserve) {
+                    PTLO, 32,
+                    PTHI, 32,
+                    AccessAs (ByteAcc),
+                    DONE, 8
+                }
+
+                /* The ADBP field points to the "OVMF SDT Header probe
+                 * suppressor" area in the blob, at offset 62. In order to
+                 * arrive at the generation ID field at offset 104, we must add
+                 * 42 dynamically.
+                 *
+                 * The RESU buffer below will contain the result of the
+                 * addition. The ADFU field exposes it as an 8-byte integer
+                 * (for storing the sum), while the ADLO and ADHI fields enable
+                 * us to access the result in two separate 4-byte integers.
+                 * This exact integer width is especially important for
+                 * composing the package object that the ADDR method must
+                 * return.
+                 */
+                Name (RESU, Buffer (8) {})
+                CreateQWordField (RESU, 0, ADFU)
+                CreateDWordField (RESU, 0, ADLO)
+                CreateDWordField (RESU, 4, ADHI)
+
+                Add (ADBP, 42, ADFU)
+                Store (ADLO, PTLO)
+                Store (ADHI, PTHI)
+                Store (0, DONE)
+                Return (Package (2) { ADLO, ADHI })
+            }
+        }
+    }
+
+    /* satisfy R5 */
+    Scope (\_GPE) {
+        Method (_E04) {
+            Notify (\_SB.VMGI, 0x80)
+        }
+    }
-- 
1.8.3.1

[Qemu-devel] [PATCH FYI 02/13] hw/acpi: add i386 callbacks for injecting GPE 04 when the VMGENID changes

[Laszlo Ersek]

Add a new method called "vm_generation_id_changed" to the
AcpiDeviceIfClass interface. The new method sends an ACPI notfication when
the VM generation ID is changed. This contributes to the implementation of
requirement R5, from "docs/vmgenid.txt".

This patch is a slight modification of Gal Hammer's

  [PATCH V15 2/5] acpi: add a vm_generation_id_changed method
  http://thread.gmane.org/gmane.comp.emulators.qemu/332451/focus=332453

(for which reason his S-o-b is preserved in the first position). The
changes are (and should be captured in the commit message):

- There's no need for the helper function acpi_vm_generation_id_changed():
  acpi_send_gpe_event() already does the right thing and is at the right
  abstraction level.

- The next available GPE status bit is bit 4 (value 16); less significant
  bits (bits 1 through 3) are already used for PCI, CPU, and memory
  hotplug.

  Furthermore, bit 0 (value 1) is not available (the _L00 method already
  exist in the DSDTs, with empty body as a precaution); probably because
  the ACPI spec (section "Queuing the Matching Control Method for
  Execution") reserves response code 0 for "no outstanding events". In
  other words, _E00 / _L00 can never be queued.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Gal Hammer <ghammer@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Signed-off-by: Gal Hammer <ghammer@redhat.com>
[lersek@redhat.com: see changes above, plus extended commit message]
Signed-off-by: Laszlo Ersek <lersek@redhat.com>

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---

Notes:
    fyi:
    - This patch is not actually related to the ACPI work, but this was the
      first one I wrote, when I was still trying to figure out the right
      order to go about this series. So I'm including it here.

 include/hw/acpi/acpi.h               | 1 +
 include/hw/acpi/acpi_dev_interface.h | 4 ++++
 include/hw/acpi/ich9.h               | 1 +
 hw/acpi/ich9.c                       | 8 ++++++++
 hw/acpi/piix4.c                      | 8 ++++++++
 hw/isa/lpc_ich9.c                    | 1 +
 6 files changed, 23 insertions(+)

diff --git a/include/hw/acpi/acpi.h b/include/hw/acpi/acpi.h
index b20bd55..d46095d 100644
--- a/include/hw/acpi/acpi.h
+++ b/include/hw/acpi/acpi.h
@@ -96,6 +96,7 @@ typedef enum {
     ACPI_PCI_HOTPLUG_STATUS = 2,
     ACPI_CPU_HOTPLUG_STATUS = 4,
     ACPI_MEMORY_HOTPLUG_STATUS = 8,
+    ACPI_VMGENID_CHANGED_STATUS = 16,
 } AcpiGPEStatusBits;
 
 /* structs */
diff --git a/include/hw/acpi/acpi_dev_interface.h b/include/hw/acpi/acpi_dev_interface.h
index f245f8d..d0f210f 100644
--- a/include/hw/acpi/acpi_dev_interface.h
+++ b/include/hw/acpi/acpi_dev_interface.h
@@ -28,6 +28,9 @@ typedef struct AcpiDeviceIf {
  * ospm_status: returns status of ACPI device objects, reported
  *              via _OST method if device supports it.
  *
+ * vm_generation_id_changed: notify the guest that its generation ID has been
+ *                           changed.
+ *
  * Interface is designed for providing unified interface
  * to generic ACPI functionality that could be used without
  * knowledge about internals of actual device that implements
@@ -39,5 +42,6 @@ typedef struct AcpiDeviceIfClass {
 
     /* <public> */
     void (*ospm_status)(AcpiDeviceIf *adev, ACPIOSTInfoList ***list);
+    void (*vm_generation_id_changed)(AcpiDeviceIf *adev);
 } AcpiDeviceIfClass;
 #endif
diff --git a/include/hw/acpi/ich9.h b/include/hw/acpi/ich9.h
index 345fd8d..e656f59 100644
--- a/include/hw/acpi/ich9.h
+++ b/include/hw/acpi/ich9.h
@@ -77,4 +77,5 @@ void ich9_pm_device_unplug_cb(ICH9LPCPMRegs *pm, DeviceState *dev,
                               Error **errp);
 
 void ich9_pm_ospm_status(AcpiDeviceIf *adev, ACPIOSTInfoList ***list);
+void ich9_vm_generation_id_changed(AcpiDeviceIf *adev);
 #endif /* HW_ACPI_ICH9_H */
diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
index 1c7fcfa..bd7214e 100644
--- a/hw/acpi/ich9.c
+++ b/hw/acpi/ich9.c
@@ -482,3 +482,11 @@ void ich9_pm_ospm_status(AcpiDeviceIf *adev, ACPIOSTInfoList ***list)
 
     acpi_memory_ospm_status(&s->pm.acpi_memory_hotplug, list);
 }
+
+void ich9_vm_generation_id_changed(AcpiDeviceIf *adev)
+{
+    ICH9LPCState *s = ICH9_LPC_DEVICE(adev);
+    ICH9LPCPMRegs *pm = &s->pm;
+
+    acpi_send_gpe_event(&pm->acpi_regs, pm->irq, ACPI_VMGENID_CHANGED_STATUS);
+}
diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index 2cd2fee..d83957c 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -583,6 +583,13 @@ static void piix4_ospm_status(AcpiDeviceIf *adev, ACPIOSTInfoList ***list)
     acpi_memory_ospm_status(&s->acpi_memory_hotplug, list);
 }
 
+static void piix4_vm_generation_id_changed(AcpiDeviceIf *adev)
+{
+    PIIX4PMState *s = PIIX4_PM(adev);
+
+    acpi_send_gpe_event(&s->ar, s->irq, ACPI_VMGENID_CHANGED_STATUS);
+}
+
 static Property piix4_pm_properties[] = {
     DEFINE_PROP_UINT32("smb_io_base", PIIX4PMState, smb_io_base, 0),
     DEFINE_PROP_UINT8(ACPI_PM_PROP_S3_DISABLED, PIIX4PMState, disable_s3, 0),
@@ -621,6 +628,7 @@ static void piix4_pm_class_init(ObjectClass *klass, void *data)
     hc->unplug_request = piix4_device_unplug_request_cb;
     hc->unplug = piix4_device_unplug_cb;
     adevc->ospm_status = piix4_ospm_status;
+    adevc->vm_generation_id_changed = piix4_vm_generation_id_changed;
 }
 
 static const TypeInfo piix4_pm_info = {
diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
index 360699f..bc6b737 100644
--- a/hw/isa/lpc_ich9.c
+++ b/hw/isa/lpc_ich9.c
@@ -724,6 +724,7 @@ static void ich9_lpc_class_init(ObjectClass *klass, void *data)
     hc->unplug_request = ich9_device_unplug_request_cb;
     hc->unplug = ich9_device_unplug_cb;
     adevc->ospm_status = ich9_pm_ospm_status;
+    adevc->vm_generation_id_changed = ich9_vm_generation_id_changed;
 }
 
 static const TypeInfo ich9_lpc_info = {
-- 
1.8.3.1

[Qemu-devel] [PATCH FYI 03/13] hw/acpi: rename "AcpiBuildTables.table_data" to "main_blob"

[Laszlo Ersek]

The identifier "table_data" is used in wildly different name spaces and
scopes, which makes it practically impossible to grep for uses of
"AcpiBuildTables.table_data" specifically. Rename the field to "main_blob"
(which is a unique identifier across the tree), and update all references
with the help of the compiler.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Gal Hammer <ghammer@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
 include/hw/acpi/aml-build.h | 2 +-
 hw/acpi/aml-build.c         | 4 ++--
 hw/arm/virt-acpi-build.c    | 6 +++---
 hw/i386/acpi-build.c        | 6 +++---
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index e3afa13..7d89c40 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -151,7 +151,7 @@ typedef enum {
 
 typedef
 struct AcpiBuildTables {
-    GArray *table_data;
+    GArray *main_blob;
     GArray *rsdp;
     GArray *tcpalog;
     GArray *linker;
diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 0d4b324..2c7d59d 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -1178,7 +1178,7 @@ void acpi_add_table(GArray *table_offsets, GArray *table_data)
 void acpi_build_tables_init(AcpiBuildTables *tables)
 {
     tables->rsdp = g_array_new(false, true /* clear */, 1);
-    tables->table_data = g_array_new(false, true /* clear */, 1);
+    tables->main_blob = g_array_new(false, true /* clear */, 1);
     tables->tcpalog = g_array_new(false, true /* clear */, 1);
     tables->linker = bios_linker_loader_init();
 }
@@ -1188,7 +1188,7 @@ void acpi_build_tables_cleanup(AcpiBuildTables *tables, bool mfre)
     void *linker_data = bios_linker_loader_cleanup(tables->linker);
     g_free(linker_data);
     g_array_free(tables->rsdp, true);
-    g_array_free(tables->table_data, true);
+    g_array_free(tables->main_blob, true);
     g_array_free(tables->tcpalog, mfre);
 }
 
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 9088248..fcbb2d7 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -552,7 +552,7 @@ void virt_acpi_build(VirtGuestInfo *guest_info, AcpiBuildTables *tables)
     GArray *table_offsets;
     unsigned dsdt, rsdt;
     VirtAcpiCpuInfo cpuinfo;
-    GArray *tables_blob = tables->table_data;
+    GArray *tables_blob = tables->main_blob;
 
     virt_acpi_get_cpu_info(&cpuinfo);
 
@@ -631,7 +631,7 @@ static void virt_acpi_build_update(void *build_opaque, uint32_t offset)
 
     virt_acpi_build(build_state->guest_info, &tables);
 
-    acpi_ram_update(build_state->table_mr, tables.table_data);
+    acpi_ram_update(build_state->table_mr, tables.main_blob);
     acpi_ram_update(build_state->rsdp_mr, tables.rsdp);
     acpi_ram_update(build_state->linker_mr, tables.linker);
 
@@ -685,7 +685,7 @@ void virt_acpi_setup(VirtGuestInfo *guest_info)
     virt_acpi_build(build_state->guest_info, &tables);
 
     /* Now expose it all to Guest */
-    build_state->table_mr = acpi_add_rom_blob(build_state, tables.table_data,
+    build_state->table_mr = acpi_add_rom_blob(build_state, tables.main_blob,
                                                ACPI_BUILD_TABLE_FILE,
                                                ACPI_BUILD_TABLE_MAX_SIZE);
     assert(build_state->table_mr != NULL);
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 95e0c65..2cd8891 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -1670,7 +1670,7 @@ void acpi_build(PcGuestInfo *guest_info, AcpiBuildTables *tables)
     PcPciInfo pci;
     uint8_t *u;
     size_t aml_len = 0;
-    GArray *tables_blob = tables->table_data;
+    GArray *tables_blob = tables->main_blob;
 
     acpi_get_cpu_info(&cpu);
     acpi_get_pm_info(&pm);
@@ -1833,7 +1833,7 @@ static void acpi_build_update(void *build_opaque, uint32_t offset)
 
     acpi_build(build_state->guest_info, &tables);
 
-    acpi_ram_update(build_state->table_mr, tables.table_data);
+    acpi_ram_update(build_state->table_mr, tables.main_blob);
 
     if (build_state->rsdp) {
         memcpy(build_state->rsdp, tables.rsdp->data, acpi_data_len(tables.rsdp));
@@ -1899,7 +1899,7 @@ void acpi_setup(PcGuestInfo *guest_info)
     acpi_build(build_state->guest_info, &tables);
 
     /* Now expose it all to Guest */
-    build_state->table_mr = acpi_add_rom_blob(build_state, tables.table_data,
+    build_state->table_mr = acpi_add_rom_blob(build_state, tables.main_blob,
                                                ACPI_BUILD_TABLE_FILE,
                                                ACPI_BUILD_TABLE_MAX_SIZE);
     assert(build_state->table_mr != NULL);
-- 
1.8.3.1

[Qemu-devel] [PATCH FYI 04/13] hw/acpi: allow RSDT entries to be relocated to various fw_cfg blobs

[Laszlo Ersek]

The build_rsdt() function can relocate RSDT entries only to ACPI tables
that exist inside the same ACPI_BUILD_TABLE_FILE blob.

In order to relax this limitation, change the element type of the
"table_offsets" array from plain offset (always into
ACPI_BUILD_TABLE_FILE) to a (pointed-to-blob, offset) pair.

For compatibility with the current callers of acpi_add_table() and
build_rsdt(), acpi_add_table() will hard-code ACPI_BUILD_TABLE_FILE as
pointed-to-blob. However, the pointed-to-blob can now be determined when
adding an ACPI table, case by case, not when building the RSDT.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Gal Hammer <ghammer@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
 include/hw/acpi/aml-build.h |  6 ++++++
 hw/acpi/aml-build.c         | 16 ++++++++++------
 hw/arm/virt-acpi-build.c    |  2 +-
 hw/i386/acpi-build.c        |  2 +-
 4 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index 7d89c40..7518659 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -276,6 +276,12 @@ Aml *aml_varpackage(uint32_t num_elements);
 Aml *aml_touuid(const char *uuid);
 Aml *aml_unicode(const char *str);
 
+struct BlobOffset {
+    const char *blob_name; /* no ownership; set from ACPI_BUILD_*_FILE  */
+    uint32_t offset;       /* offset into blob named @blob_name */
+};
+typedef struct BlobOffset BlobOffset;
+
 void
 build_header(GArray *linker, GArray *table_data,
              AcpiTableHeader *h, const char *sig, int len, uint8_t rev);
diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 2c7d59d..60c7c2e 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -1171,8 +1171,11 @@ unsigned acpi_data_len(GArray *table)
 
 void acpi_add_table(GArray *table_offsets, GArray *table_data)
 {
-    uint32_t offset = cpu_to_le32(table_data->len);
-    g_array_append_val(table_offsets, offset);
+    BlobOffset blob_offset = {
+        .blob_name = ACPI_BUILD_TABLE_FILE,
+        .offset = cpu_to_le32(table_data->len)
+    };
+    g_array_append_val(table_offsets, blob_offset);
 }
 
 void acpi_build_tables_init(AcpiBuildTables *tables)
@@ -1199,16 +1202,17 @@ build_rsdt(GArray *table_data, GArray *linker, GArray *table_offsets)
     AcpiRsdtDescriptorRev1 *rsdt;
     size_t rsdt_len;
     int i;
-    const int table_data_len = (sizeof(uint32_t) * table_offsets->len);
 
-    rsdt_len = sizeof(*rsdt) + table_data_len;
+    rsdt_len = sizeof(*rsdt) + sizeof(uint32_t) * table_offsets->len;
     rsdt = acpi_data_push(table_data, rsdt_len);
-    memcpy(rsdt->table_offset_entry, table_offsets->data, table_data_len);
     for (i = 0; i < table_offsets->len; ++i) {
+        BlobOffset *blob_offset = (BlobOffset *)table_offsets->data + i;
+
+        rsdt->table_offset_entry[i] = blob_offset->offset;
         /* rsdt->table_offset_entry to be filled by Guest linker */
         bios_linker_loader_add_pointer(linker,
                                        ACPI_BUILD_TABLE_FILE,
-                                       ACPI_BUILD_TABLE_FILE,
+                                       blob_offset->blob_name,
                                        table_data, &rsdt->table_offset_entry[i],
                                        sizeof(uint32_t));
     }
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index fcbb2d7..5725994 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -557,7 +557,7 @@ void virt_acpi_build(VirtGuestInfo *guest_info, AcpiBuildTables *tables)
     virt_acpi_get_cpu_info(&cpuinfo);
 
     table_offsets = g_array_new(false, true /* clear */,
-                                        sizeof(uint32_t));
+                                        sizeof(BlobOffset));
 
     bios_linker_loader_alloc(tables->linker, ACPI_BUILD_TABLE_FILE,
                              64, false /* high memory */);
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 2cd8891..baebfcc 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -1679,7 +1679,7 @@ void acpi_build(PcGuestInfo *guest_info, AcpiBuildTables *tables)
     acpi_get_pci_info(&pci);
 
     table_offsets = g_array_new(false, true /* clear */,
-                                        sizeof(uint32_t));
+                                        sizeof(BlobOffset));
     ACPI_BUILD_DPRINTF("init ACPI tables\n");
 
     bios_linker_loader_alloc(tables->linker, ACPI_BUILD_TABLE_FILE,
-- 
1.8.3.1

[Qemu-devel] [PATCH FYI 05/13] hw/acpi: add more flexible acpi_add_table() and build_header() variants

[Laszlo Ersek]

acpi_add_table() and build_header() hardcode a number of traits that we'd
like to pass in later on, on a table-by-table basis. These are:

- The fw_cfg file name of the blob that contains the ACPI table.
  ACPI_BUILD_TABLE_FILE is hard-coded at the moment.

- The OEM Table ID field. Due to the way the DataTableRegion() operator
  works, the OEM Table ID field is our only possibility to ensure a unique
  lookup for DataTableRegion(), since we don't populate (Signature, OEM
  ID) uniquely. However, currently OEM Table ID is directly derived from
  Signature. Unicity for DataTableRegion() requires making OEM Table ID
  independent.

Expose the internals of the functions that we have now, so that callers
can control the above traits.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Gal Hammer <ghammer@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
 include/hw/acpi/aml-build.h |  6 +++++
 hw/acpi/aml-build.c         | 53 +++++++++++++++++++++++++++++++++++++++++----
 2 files changed, 55 insertions(+), 4 deletions(-)

diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index 7518659..47d28c9 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -285,9 +285,15 @@ typedef struct BlobOffset BlobOffset;
 void
 build_header(GArray *linker, GArray *table_data,
              AcpiTableHeader *h, const char *sig, int len, uint8_t rev);
+void
+build_header2(GArray *linker, GArray *table_data, const char *blob_name,
+              AcpiTableHeader *h, const char *sig, const char *oem_table_id,
+              int len, uint8_t rev);
 void *acpi_data_push(GArray *table_data, unsigned size);
 unsigned acpi_data_len(GArray *table);
 void acpi_add_table(GArray *table_offsets, GArray *table_data);
+void acpi_add_table2(GArray *table_offsets, GArray *table_data,
+                     const char *blob_name);
 void acpi_build_tables_init(AcpiBuildTables *tables);
 void acpi_build_tables_cleanup(AcpiBuildTables *tables, bool mfre);
 void
diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 60c7c2e..03111a3 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -1139,18 +1139,48 @@ void
 build_header(GArray *linker, GArray *table_data,
              AcpiTableHeader *h, const char *sig, int len, uint8_t rev)
 {
+    char oem_table_id[8];
+
+    memcpy(oem_table_id, ACPI_BUILD_APPNAME4, 4);
+    memcpy(oem_table_id + 4, sig, 4);
+    build_header2(linker, table_data, ACPI_BUILD_TABLE_FILE, h, sig,
+                  oem_table_id, len, rev);
+}
+
+/* Fill in the SDT header of an ACPI table, and add a linker command to update
+ * its checksum.
+ *
+ * @linker: The linker/loader command file. This will receive the checksum
+ *          update command.
+ * @table_data: The blob in which the ACPI table is embedded.
+ * @blob_name: The fw_cfg file name of the blob under which @table_data will be
+ *             exposed later.
+ * @h: Pointer to the ACPI table header. Must reside within @table_data.
+ * @sig: Signature to place into the ACPI table header. Exactly four bytes will
+ *       be copied.
+ * @oem_table_id: OEM Table ID to place into the ACPI table header. Exactly
+ *                eight bytes will be copied.
+ * @len: Length of the ACPI table, including the SDT header. This determines
+ *       the length field in the header itself, and the number of bytes the
+ *       checksum will cover.
+ * @rev: Revision to place into the ACPI table header.
+ */
+void
+build_header2(GArray *linker, GArray *table_data, const char *blob_name,
+              AcpiTableHeader *h, const char *sig, const char *oem_table_id,
+              int len, uint8_t rev)
+{
     memcpy(&h->signature, sig, 4);
     h->length = cpu_to_le32(len);
     h->revision = rev;
     memcpy(h->oem_id, ACPI_BUILD_APPNAME6, 6);
-    memcpy(h->oem_table_id, ACPI_BUILD_APPNAME4, 4);
-    memcpy(h->oem_table_id + 4, sig, 4);
+    memcpy(h->oem_table_id, oem_table_id, 8);
     h->oem_revision = cpu_to_le32(1);
     memcpy(h->asl_compiler_id, ACPI_BUILD_APPNAME4, 4);
     h->asl_compiler_revision = cpu_to_le32(1);
     h->checksum = 0;
     /* Checksum to be filled in by Guest linker */
-    bios_linker_loader_add_checksum(linker, ACPI_BUILD_TABLE_FILE,
+    bios_linker_loader_add_checksum(linker, blob_name,
                                     table_data->data, h, len, &h->checksum);
 }
 
@@ -1171,8 +1201,23 @@ unsigned acpi_data_len(GArray *table)
 
 void acpi_add_table(GArray *table_offsets, GArray *table_data)
 {
+    acpi_add_table2(table_offsets, table_data, ACPI_BUILD_TABLE_FILE);
+}
+
+/* Register an ACPI table to be referenced from the RSDT.
+ *
+ * @table_offsets: The array collecting the registrations, with element type
+ *                 BlobOffset.
+ * @table_data: The blob to which the caller will append the ACPI table, after
+ *              this function returns.
+ * @blob_name: The fw_cfg file name of the blob under which @table_data will be
+ *             exposed later.
+ */
+void acpi_add_table2(GArray *table_offsets, GArray *table_data,
+                     const char *blob_name)
+{
     BlobOffset blob_offset = {
-        .blob_name = ACPI_BUILD_TABLE_FILE,
+        .blob_name = blob_name,
         .offset = cpu_to_le32(table_data->len)
     };
     g_array_append_val(table_offsets, blob_offset);
-- 
1.8.3.1

[Qemu-devel] [PATCH FYI 06/13] hw/acpi: introduce ACPI_BUILD_QEMUPARAM_FILE

[Laszlo Ersek]

We'll build the UEFI ACPI Data Table for the VMGENID device in a separate
fw_cfg blob (see "docs/vmgenid.txt").

When introducing a new fw_cfg blob for ACPI linker/loader purposes, we
have to decide first if the new blob will be subject to patching on first
guest access.

(1) If so, then the blob must be backed by a RAMBlock, so that the patched
    contents can be migrated, for the case when migration occurs while the
    guest is reading the patched blob.

(2) If the blob is not subject to patching on first guest access, then it
    doesn't have to be migrated in a RAMBlock; the target host can rebuild
    the blob identically from scratch (assuming the same machine type of
    course), and the migrated guest can continue reading that.

In the first case, the new blob has to follow the pattern seen with
"main_blob", "rsdp" and "linker":

- In acpi_build_tables_cleanup(), the direct output of the AML generator
  should be freed unconditionally, because that output has been copied
  into a RAMBlock both at startup (with acpi_add_rom_blob()) and on
  patching too (with acpi_ram_update()).

- Therefore the "mfre" parameter is not considered for such blobs in
  acpi_build_tables_cleanup().

In the second case, the new blob has to follow the pattern seen with
"tcpalog":

- In acpi_build_tables_cleanup(), the direct output of the AML generator
  must not be freed on startup (because that output is linked by fw_cfg).

- However on patching (which affects only *other* blobs), the fresh blob
  contents out of the AML generator are identical to the original contents
  (which are still linked by fw_cfg), thus the fresh output should be
  simply thrown away.

- Hence the "mfre" parameter must be considered for such blobs in
  acpi_build_tables_cleanup().

Now that we're introducing the ACPI_BUILD_QEMUPARAM_FILE blob (without any
contents as yet), only for the purposes of the VMGENID device, we can see
(from "docs/vmgenid.txt") that this blob won't need any patching, in
response to guest actions that occur before the guest first downloads the
blob. For that reason we follow pattern (2).

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Gal Hammer <ghammer@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
 include/hw/acpi/aml-build.h | 2 ++
 hw/acpi/aml-build.c         | 2 ++
 hw/arm/virt-acpi-build.c    | 3 +++
 hw/i386/acpi-build.c        | 3 +++
 4 files changed, 10 insertions(+)

diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index 47d28c9..ee54242 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -16,6 +16,7 @@
 #define ACPI_BUILD_TABLE_FILE "etc/acpi/tables"
 #define ACPI_BUILD_RSDP_FILE "etc/acpi/rsdp"
 #define ACPI_BUILD_TPMLOG_FILE "etc/tpm/log"
+#define ACPI_BUILD_QEMUPARAM_FILE "etc/acpi/qemuparam"
 
 typedef enum {
     AML_NO_OPCODE = 0,/* has only data */
@@ -154,6 +155,7 @@ struct AcpiBuildTables {
     GArray *main_blob;
     GArray *rsdp;
     GArray *tcpalog;
+    GArray *qemuparam_blob;
     GArray *linker;
 } AcpiBuildTables;
 
diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 03111a3..7d58483 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -1228,6 +1228,7 @@ void acpi_build_tables_init(AcpiBuildTables *tables)
     tables->rsdp = g_array_new(false, true /* clear */, 1);
     tables->main_blob = g_array_new(false, true /* clear */, 1);
     tables->tcpalog = g_array_new(false, true /* clear */, 1);
+    tables->qemuparam_blob = g_array_new(false, true /* clear */, 1);
     tables->linker = bios_linker_loader_init();
 }
 
@@ -1238,6 +1239,7 @@ void acpi_build_tables_cleanup(AcpiBuildTables *tables, bool mfre)
     g_array_free(tables->rsdp, true);
     g_array_free(tables->main_blob, true);
     g_array_free(tables->tcpalog, mfre);
+    g_array_free(tables->qemuparam_blob, mfre);
 }
 
 /* Build rsdt table */
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 5725994..8b6856e 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -695,6 +695,9 @@ void virt_acpi_setup(VirtGuestInfo *guest_info)
 
     fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_TPMLOG_FILE,
                     tables.tcpalog->data, acpi_data_len(tables.tcpalog));
+    fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_QEMUPARAM_FILE,
+                    tables.qemuparam_blob->data,
+                    acpi_data_len(tables.qemuparam_blob));
 
     build_state->rsdp_mr = acpi_add_rom_blob(build_state, tables.rsdp,
                                               ACPI_BUILD_RSDP_FILE, 0);
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index baebfcc..045015e 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -1909,6 +1909,9 @@ void acpi_setup(PcGuestInfo *guest_info)
 
     fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_TPMLOG_FILE,
                     tables.tcpalog->data, acpi_data_len(tables.tcpalog));
+    fw_cfg_add_file(guest_info->fw_cfg, ACPI_BUILD_QEMUPARAM_FILE,
+                    tables.qemuparam_blob->data,
+                    acpi_data_len(tables.qemuparam_blob));
 
     if (!guest_info->rsdp_in_ram) {
         /*
-- 
1.8.3.1

[Qemu-devel] [PATCH FYI 07/13] hw/acpi: introduce the AcpiQemuParamTable structure

[Laszlo Ersek]

This ACPI table is supposed to carry various parameters for OSPM. We
introduce it with a single parameter field, "vmgenid_addr_base_ptr", which
is described as ADBP / "ADDR base pointer" in "docs/vmgenid.txt" (along
with the general structure of the table).

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Gal Hammer <ghammer@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
 include/hw/acpi/vmgenid.h | 72 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)
 create mode 100644 include/hw/acpi/vmgenid.h

diff --git a/include/hw/acpi/vmgenid.h b/include/hw/acpi/vmgenid.h
new file mode 100644
index 0000000..07e813a
--- /dev/null
+++ b/include/hw/acpi/vmgenid.h
@@ -0,0 +1,72 @@
+/*
+ * ACPI definitions related to the VMGENID device (see "docs/vmgenid.txt").
+ *
+ * Copyright (C) 2015 Red Hat, Inc.
+ *
+ * Authors:
+ *   Laszlo Ersek <lersek@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef HW_ACPI_VMGENID_H
+#define HW_ACPI_VMGENID_H
+
+#include "hw/acpi/acpi-defs.h"
+
+#define ACPI_UEFI_IDENT_SIZE 16
+
+struct AcpiQemuParamTable {
+    /* ACPI common table header */
+    ACPI_TABLE_HEADER_DEF
+
+    /*
+     * UEFI ACPI Data Table Sub-Header.
+     *
+     * The "UEFI" signature is reserved for this table header starting with
+     * ACPI 4.0. The header structure is described in the UEFI Specification,
+     * version 2.3 or later, in Appendix O.
+
+     * These fields are harmless for SeaBIOS, but ensure unicity in OVMF
+     * ("UEFI" is a multi-instance table type).
+     */
+    uint8_t identifier[ACPI_UEFI_IDENT_SIZE];
+    uint16_t data_offset;
+
+    /* QEMU-specific fields start here. */
+
+    /* Base pointer for the VMGENID device's ADDR control method. */
+    uint64_t vmgenid_addr_base_ptr;
+} QEMU_PACKED;
+typedef struct AcpiQemuParamTable AcpiQemuParamTable;
+
+/* Aggregate initializer for "AcpiQemuParamTable.identifier". */
+#define QEMU_PARAM_TABLE_GUID { 0xFF, 0x5D, 0x7A, 0x41, 0x4B, 0xBF, 0xBC, 0x4A, \
+                                0xA8, 0x39, 0x65, 0x93, 0xBB, 0x41, 0xF4, 0x52 }
+
+/*
+ * This offset points into the fw_cfg blob that contains both
+ * AcpiQemuParamTable and the "live" generation ID after it. The offset points
+ * at the generation ID field, skipping over the "OVMF SDT Header probe
+ * suppressor" and "VMGenID alignment padding" fields in the blob (which are
+ * located right after AcpiQemuParamTable).
+ *
+ * This is an integer constant expression.
+ */
+#define VM_GENERATION_ID_OFFSET \
+    ROUND_UP(sizeof(AcpiQemuParamTable) + sizeof(AcpiTableHeader), 8)
+
+#define VM_GENERATION_ID_SIZE 16
+
+#endif /* HW_ACPI_VMGENID_H */
-- 
1.8.3.1

[Qemu-devel] [PATCH FYI 08/13] hw/i386: build UEFI ACPI Data Table for VMGENID in the dedicated blob (WIP)

[Laszlo Ersek]

Using the tools
- acpi_add_table2(),
- build_header2()

and the blob
- ACPI_BUILD_QEMUPARAM_FILE

that have been added in the previous patches, we can now implement the
UEFI ACPI Data Table (and the related linker/loader commands) that are
specified in "docs/vmgenid.txt".

At this point the UEFI ACPI Data Table becomes visible to the guest, but
it is never used, because we don't reference it yet from the AML in the
SSDT.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Gal Hammer <ghammer@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
 hw/i386/acpi-build.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 045015e..a742f25 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -41,6 +41,7 @@
 #include "hw/acpi/memory_hotplug.h"
 #include "sysemu/tpm.h"
 #include "hw/acpi/tpm.h"
+#include "hw/acpi/vmgenid.h"
 #include "sysemu/tpm_backend.h"
 
 /* Supported chipsets: */
@@ -1658,6 +1659,69 @@ static bool acpi_has_iommu(void)
     return intel_iommu && !ambiguous;
 }
 
+static void
+build_qemuparam(GArray *qemuparam_blob, GArray *linker)
+{
+    AcpiQemuParamTable *param_table;
+    static const uint8_t ident[ACPI_UEFI_IDENT_SIZE] = QEMU_PARAM_TABLE_GUID;
+
+    /*
+     * The generation ID field -- which lives outside of AcpiQemuParamTable --
+     * must fit in the 4KB blob.
+     */
+    QEMU_BUILD_BUG_ON(VM_GENERATION_ID_OFFSET + VM_GENERATION_ID_SIZE > 4096);
+
+    param_table = acpi_data_push(qemuparam_blob, 4096);
+
+    /* set up the UEFI ACPI Data Table Sub-Header */
+    memcpy(param_table->identifier, ident, ACPI_UEFI_IDENT_SIZE);
+    param_table->data_offset =
+        cpu_to_le16(offsetof(AcpiQemuParamTable, data_offset) +
+                    sizeof param_table->data_offset);
+
+    /* set up the QEMU parameters */
+    param_table->vmgenid_addr_base_ptr = cpu_to_le64(sizeof *param_table);
+
+    /* Prepare linker/loader commands. We handle the allocation of the blob and
+     * the relocation of the "ADDR base pointer" field here. The linking into
+     * the RSDT has already been queued by acpi_add_table2(), whereas
+     * @param_table will be checksummed by build_header2() internally.
+     */
+    bios_linker_loader_alloc(linker,
+                             ACPI_BUILD_QEMUPARAM_FILE,
+                             4096, /* alloc_align */
+                             false /* ie. it can be in high memory */);
+
+    bios_linker_loader_add_pointer(linker,
+                                   /* name of blob containing pointer */
+                                   ACPI_BUILD_QEMUPARAM_FILE,
+                                   /* name of blob being pointed to */
+                                   ACPI_BUILD_QEMUPARAM_FILE,
+                                   /* blob containing pointer */
+                                   qemuparam_blob,
+                                   /* address of pointer */
+                                   &param_table->vmgenid_addr_base_ptr,
+                                   /* size of pointer */
+                                   sizeof param_table->vmgenid_addr_base_ptr);
+
+    build_header2(/* @linker receives the ADD_CHECKSUM command */
+                  linker,
+                  /* the blob in which the ACPI table is embedded */
+                  qemuparam_blob,
+                  /* fw_cfg name of the same */
+                  ACPI_BUILD_QEMUPARAM_FILE,
+                  /* SDT header of ACPI table, residing in the blob */
+                  (AcpiTableHeader *)param_table,
+                  /* ACPI Signature */
+                  "UEFI",
+                  /* ACPI OEM Table ID */
+                  "QEMUPARM",
+                  /* size of ACPI table */
+                  sizeof *param_table,
+                  /* ACPI table revision */
+                  1);
+}
+
 static
 void acpi_build(PcGuestInfo *guest_info, AcpiBuildTables *tables)
 {
@@ -1741,6 +1805,11 @@ void acpi_build(PcGuestInfo *guest_info, AcpiBuildTables *tables)
         acpi_add_table(table_offsets, tables_blob);
         build_dmar_q35(tables_blob, tables->linker);
     }
+    if (true /* lersek: misc.vmgenid_iobase */) {
+        acpi_add_table2(table_offsets, tables->qemuparam_blob,
+                        ACPI_BUILD_QEMUPARAM_FILE);
+        build_qemuparam(tables->qemuparam_blob, tables->linker);
+    }
 
     /* Add tables supplied by user (if any) */
     for (u = acpi_table_first(); u; u = acpi_table_next(u)) {
-- 
1.8.3.1

[Qemu-devel] [PATCH FYI 09/13] hw/acpi: expose more parameters for aml_method()

[Laszlo Ersek]

ACPI 1.0b defines the SerializeFlag in MethodFlags. We have not exposed
this until now, but serializing methods that create named objects is
warmly recommended by (recent versions of) the ACPI spec, and recent iasl
actually warns about it. Therefore expose SerializeFlag in a new function.
The old aml_method() function is preserved for old callers' sake.

While at it, expose the SyncLevel bitfield of MethodFlags as well. Because
that was introduced in ACPI 2.0, add a separate function for it. This
allows us to provide one comprehensive DefMethod implementation.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Gal Hammer <ghammer@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
 include/hw/acpi/aml-build.h |  3 +++
 hw/acpi/aml-build.c         | 26 +++++++++++++++++++++++++-
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index ee54242..f8f96ec 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -266,6 +266,9 @@ Aml *aml_qword_memory(AmlDecode dec, AmlMinFixed min_fixed,
 Aml *aml_scope(const char *name_format, ...) GCC_FMT_ATTR(1, 2);
 Aml *aml_device(const char *name_format, ...) GCC_FMT_ATTR(1, 2);
 Aml *aml_method(const char *name, int arg_count);
+Aml *aml_method_serialized(const char *name, int arg_count, bool serialized);
+Aml *aml_method_flags(const char *name, int arg_count, bool serialized,
+                      int sync_level);
 Aml *aml_if(Aml *predicate);
 Aml *aml_else(void);
 Aml *aml_while(Aml *predicate);
diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 7d58483..a0f187e 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -698,9 +698,33 @@ Aml *aml_while(Aml *predicate)
 /* ACPI 1.0b: 16.2.5.2 Named Objects Encoding: DefMethod */
 Aml *aml_method(const char *name, int arg_count)
 {
+    return aml_method_serialized(name, arg_count, false);
+}
+
+/* ACPI 1.0b: 16.2.5.2 Named Objects Encoding: DefMethod */
+Aml *aml_method_serialized(const char *name, int arg_count, bool serialized)
+{
+    return aml_method_flags(name, arg_count, serialized, 0);
+}
+
+/* ACPI 2.0: 17.2.4.2 Named Objects Encoding: DefMethod */
+Aml *aml_method_flags(const char *name, int arg_count, bool serialized,
+                      int sync_level)
+{
     Aml *var = aml_bundle(0x14 /* MethodOp */, AML_PACKAGE);
     build_append_namestring(var->buf, "%s", name);
-    build_append_byte(var->buf, arg_count); /* MethodFlags: ArgCount */
+
+    assert(arg_count >= 0);
+    assert(arg_count <= 7);
+    if (serialized) {
+        assert(sync_level >= 0x00);
+        assert(sync_level <= 0x0f);
+    } else {
+        assert(sync_level == 0);
+    }
+
+    build_append_byte(var->buf,
+                      arg_count | (serialized << 3) | (sync_level << 4));
     return var;
 }
 
-- 
1.8.3.1

[Qemu-devel] [PATCH FYI 10/13] hw/acpi: add AML generator function for DataTableRegion()

[Laszlo Ersek]

This ASL operator (and the underlying AML) enables named ACPI data tables
to be located from AML code, and to be accessed field-wise, like an
operation region. This is useful for passing down "parameter tables" to
the guest; the ACPI linker/loader can relocate pointers in them, and then
the AML code can read valid pointer values from the fields in the tables.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Gal Hammer <ghammer@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
 include/hw/acpi/aml-build.h |  2 ++
 hw/acpi/aml-build.c         | 14 ++++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index f8f96ec..dc4d215 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -225,6 +225,8 @@ Aml *aml_io(AmlIODecode dec, uint16_t min_base, uint16_t max_base,
             uint8_t aln, uint8_t len);
 Aml *aml_operation_region(const char *name, AmlRegionSpace rs,
                           uint32_t offset, uint32_t len);
+Aml *aml_data_table_region(const char *name, Aml *sig, Aml *oem_id,
+                           Aml *oem_table_id);
 Aml *aml_irq_no_flags(uint8_t irq);
 Aml *aml_named_field(const char *name, unsigned length);
 Aml *aml_reserved_field(unsigned length);
diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index a0f187e..2dd2f33 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -788,6 +788,20 @@ Aml *aml_operation_region(const char *name, AmlRegionSpace rs,
     return var;
 }
 
+/* ACPI 2.0: 17.2.4.2 Named Objects Encoding: DefDataRegion */
+Aml *aml_data_table_region(const char *name, Aml *sig, Aml *oem_id,
+                           Aml *oem_table_id)
+{
+    Aml *var = aml_alloc();
+    build_append_byte(var->buf, 0x5B); /* ExtOpPrefix */
+    build_append_byte(var->buf, 0x88); /* DataRegionOp */
+    build_append_namestring(var->buf, "%s", name);
+    aml_append(var, sig);
+    aml_append(var, oem_id);
+    aml_append(var, oem_table_id);
+    return var;
+}
+
 /* ACPI 1.0b: 16.2.5.2 Named Objects Encoding: NamedField */
 Aml *aml_named_field(const char *name, unsigned length)
 {
-- 
1.8.3.1

[Qemu-devel] [PATCH FYI 11/13] hw/acpi: add AML generator function for AccessAs()

[Laszlo Ersek]

The AccessAs(AccessType) macro can be used inside the Field() operator in
ASL, for diverging from the Field's default access type, for the fields
that follow AccessAs(). The new helper function allows us to generate the
matching AML.

The AccessAttribute parameter of the macro (described in the spec) is not
exposed because it is reserved for all spaces except SMBus device space,
and we don't use that.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Gal Hammer <ghammer@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
 include/hw/acpi/aml-build.h |  1 +
 hw/acpi/aml-build.c         | 11 +++++++++++
 2 files changed, 12 insertions(+)

diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index dc4d215..32e49b3 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -230,6 +230,7 @@ Aml *aml_data_table_region(const char *name, Aml *sig, Aml *oem_id,
 Aml *aml_irq_no_flags(uint8_t irq);
 Aml *aml_named_field(const char *name, unsigned length);
 Aml *aml_reserved_field(unsigned length);
+Aml *aml_access_field(AmlAccessType type);
 Aml *aml_local(int num);
 Aml *aml_string(const char *name_format, ...) GCC_FMT_ATTR(1, 2);
 Aml *aml_lnot(Aml *arg);
diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 2dd2f33..5aeb289 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -821,6 +821,17 @@ Aml *aml_reserved_field(unsigned length)
     return var;
 }
 
+/* ACPI 1.0b: 16.2.5.2 Named Objects Encoding: AccessField */
+Aml *aml_access_field(AmlAccessType type)
+{
+    Aml *var = aml_alloc();
+    /* AccessField := 0x01 AccessType AccessAttrib */
+    build_append_byte(var->buf, 0x01);
+    build_append_byte(var->buf, type);
+    build_append_byte(var->buf, 0x00 /* reserved outside SMBus dev space */);
+    return var;
+}
+
 /* ACPI 1.0b: 16.2.5.2 Named Objects Encoding: DefField */
 Aml *aml_field(const char *name, AmlAccessType type, AmlUpdateRule rule)
 {
-- 
1.8.3.1

[Qemu-devel] [PATCH FYI 12/13] hw/acpi: add AML generator function for CreateQWordField()

[Laszlo Ersek]

It follows the pattern of CreateDWordField() / aml_create_dword_field().

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Gal Hammer <ghammer@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
 include/hw/acpi/aml-build.h |  1 +
 hw/acpi/aml-build.c         | 11 +++++++++++
 2 files changed, 12 insertions(+)

diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index 32e49b3..4f6a2be 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -280,6 +280,7 @@ Aml *aml_buffer(int buffer_size, uint8_t *byte_list);
 Aml *aml_resource_template(void);
 Aml *aml_field(const char *name, AmlAccessType type, AmlUpdateRule rule);
 Aml *aml_create_dword_field(Aml *srcbuf, Aml *index, const char *name);
+Aml *aml_create_qword_field(Aml *srcbuf, Aml *index, const char *name);
 Aml *aml_varpackage(uint32_t num_elements);
 Aml *aml_touuid(const char *uuid);
 Aml *aml_unicode(const char *str);
diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 5aeb289..ca5bcd7 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -854,6 +854,17 @@ Aml *aml_create_dword_field(Aml *srcbuf, Aml *index, const char *name)
     return var;
 }
 
+/* ACPI 2.0: 17.2.4.2 Named Objects Encoding: DefCreateQWordField */
+Aml *aml_create_qword_field(Aml *srcbuf, Aml *index, const char *name)
+{
+    Aml *var = aml_alloc();
+    build_append_byte(var->buf, 0x8F); /* DefCreateQWordField */
+    aml_append(var, srcbuf);
+    aml_append(var, index);
+    build_append_namestring(var->buf, "%s", name);
+    return var;
+}
+
 /* ACPI 1.0b: 16.2.3 Data Objects Encoding: String */
 Aml *aml_string(const char *name_format, ...)
 {
-- 
1.8.3.1

[Qemu-devel] [PATCH FYI 13/13] hw/i386: generate AML for the VMGENID device (WIP)

[Laszlo Ersek]

This patch implements the "ACPI device, control methods" section of
"docs/vmgenid.txt", with dynamic AML generation.

A small portion of this patch was inspired by Gal Hammer's

  [PATCH V15 4/5] i386: add a Virtual Machine Generation ID device
  http://thread.gmane.org/gmane.comp.emulators.qemu/332451/focus=332454

TODO: the ACPICA instance that is built into the Linux kernel warns about
the fact that both _L04 and _E04 are provided by GPE 04, when the code in
this patch is active. Therefore this patch should also conditionalize _L04
(ATM in "hw/i386/acpi-dsdt.dsl" and "hw/i386/q35-acpi-dsdt.dsl"), so that
they are only generated when VMGENID is *not* active.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Gal Hammer <ghammer@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
 hw/i386/acpi-build.c | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 79 insertions(+)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index a742f25..67be94a 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -1126,6 +1126,85 @@ build_ssdt(GArray *table_data, GArray *linker,
         aml_append(ssdt, scope);
     }
 
+    if (true /* lersek: misc->vmgenid_iobase */) {
+        unsigned adbp_offset;
+        size_t genid_incr;
+
+        scope = aml_scope("\\_SB");
+        dev = aml_device("VMGI");
+
+        aml_append(dev, aml_name_decl("_CID", aml_string("VM_Gen_Counter")));
+        aml_append(dev, aml_name_decl("_DDN", aml_string("VM_Gen_Counter")));
+        aml_append(dev, aml_name_decl("_HID", aml_string("QEMU0002")));
+
+        aml_append(dev, aml_name_decl("_STA", aml_int(0xF)));
+
+        method = aml_method_serialized("ADDR", 0, true);
+
+        aml_append(method,
+                   aml_data_table_region("TBLR",
+                                         aml_string("UEFI"),
+                                         aml_string("%s", ACPI_BUILD_APPNAME6),
+                                         aml_string("QEMUPARM")));
+        field = aml_field("TBLR", AML_ANY_ACC, AML_PRESERVE);
+        adbp_offset = offsetof (AcpiQemuParamTable, vmgenid_addr_base_ptr);
+        /* Offset() before ADBP, expressed in bits */
+        aml_append(field, aml_reserved_field(adbp_offset * 8));
+        aml_append(field, aml_named_field("ADBP", 64));
+        aml_append(method, field);
+
+        aml_append(method,
+                   aml_operation_region("VMGR", AML_SYSTEM_IO,
+                                        0x512 /* lersek: misc->vmgenid_iobase */,
+                                        9));
+        field = aml_field("VMGR", AML_DWORD_ACC, AML_PRESERVE);
+        aml_append(field, aml_named_field("PTLO", 32));
+        aml_append(field, aml_named_field("PTHI", 32));
+        aml_append(field, aml_access_field(AML_BYTE_ACC));
+        aml_append(field, aml_named_field("DONE", 8));
+        aml_append(method, field);
+
+        aml_append(method, aml_name_decl("RESU", aml_buffer(8, NULL)));
+        aml_append(method,
+                  aml_create_qword_field(aml_name("RESU"), aml_int(0),
+                                         "ADFU"));
+        aml_append(method,
+                  aml_create_dword_field(aml_name("RESU"), aml_int(0),
+                                         "ADLO"));
+        aml_append(method,
+                  aml_create_dword_field(aml_name("RESU"), aml_int(4),
+                                         "ADHI"));
+
+        /*
+         * Offset increment from the end of the parameter table (ie. where ADBP
+         * points to) until the generation ID field, skipping over the "OVMF
+         * SDT Header probe suppressor" and "VMGenID alignment padding" fields
+         * in the blob.
+         */
+        genid_incr = VM_GENERATION_ID_OFFSET - sizeof(AcpiQemuParamTable);
+        aml_append(method, aml_store(aml_add(aml_name("ADBP"),
+                                             aml_int(genid_incr)),
+                                     aml_name("ADFU")));
+        aml_append(method, aml_store(aml_name("ADLO"), aml_name("PTLO")));
+        aml_append(method, aml_store(aml_name("ADHI"), aml_name("PTHI")));
+        aml_append(method, aml_store(aml_int(0), aml_name("DONE")));
+
+        pkg = aml_package(2);
+        aml_append(pkg, aml_name("ADLO"));
+        aml_append(pkg, aml_name("ADHI"));
+        aml_append(method, aml_return(pkg));
+
+        aml_append(dev, method);
+        aml_append(scope, dev);
+        aml_append(ssdt, scope);
+
+        scope = aml_scope("\\_GPE");
+        method = aml_method("_E04", 0);
+        aml_append(method, aml_notify(aml_name("\\_SB.VMGI"), aml_int(0x80)));
+        aml_append(scope, method);
+        aml_append(ssdt, scope);
+    }
+
     sb_scope = aml_scope("\\_SB");
     {
         /* create PCI0.PRES device and its _CRS to reserve CPU hotplug MMIO */
-- 
1.8.3.1