From: Kevin O'Connor <kevin@koconnor.net>
To: Alex Williamson <alex.williamson@redhat.com>
Cc: seabios@seabios.org, allen.m.kay@intel.com,
qemu-devel@nongnu.org, kvm@vger.kernel.org
Subject: Re: [RFC PATCH v3 3/3] fw/pci: Allocate IGD stolen memory
Date: Sat, 13 Feb 2016 13:18:39 -0500 [thread overview]
Message-ID: <20160213181838.GA8842@morn.lan> (raw)
In-Reply-To: <20160213081209.6e4342ab@t450s.home>
On Sat, Feb 13, 2016 at 08:12:09AM -0700, Alex Williamson wrote:
> On Fri, 12 Feb 2016 21:49:04 -0500
> "Kevin O'Connor" <kevin@koconnor.net> wrote:
> > On Fri, Feb 12, 2016 at 05:23:18PM -0700, Alex Williamson wrote:
> > > Intel IGD makes use of memory allocated and marked reserved by the
> > > BIOS as a stolen memory range. For the most part, guest drivers don't
> > > make use of this, but our achilles heel is the vBIOS. The vBIOS
> > > programs the device to use the host stolen memory range and it's used
> > > in the pre-boot environment. Generally the guest won't have access to
> > > the host stolen memory area, so these accesses either land in VM
> > > memory or unassigned space and generate IOMMU faults. By allocating
> > > this range in SeaBIOS and programming it into the device, QEMU (via
> > > vfio) can make sure this guest allocated stolen memory range is used
> > > instead.
> >
> > What does "vBIOS" mean in this context? Is it the video device option
> > rom or something else?
>
> vBIOS = video BIOS, you're correct, it's just the video device option
> ROM.
Is the problem from when the host runs the video option rom, or is the
problem from the guest (via SeaBIOS) running the video option rom? If
the guest is running the option rom, is it the first time the option
rom has been run for the machine (ie, was the option rom not executed
on the host when the host machine first booted)?
FWIW, many of the chromebooks use coreboot with Intel graphics and a
number of users have installed SeaBIOS (running natively) on their
machines. Running the intel video option rom more than once has been
known to cause issues.
[...]
> The write to 0x5C is used by QEMU code that traps writes to the device
> I/O port BAR and replaces the host stolen memory address with the new
> guest address generated here. 0x5C is initialized to 0x0 by kernel
> vfio code, so we can detect whether it has been written. If not
> written, QEMU has no place to redirect to for stolen memory and it will
> either overlap VM memory or an unassigned area. The former may corrupt
> VM memory, the latter throws host errors. We could in QEMU halt with a
> hardware error if 0x5C hasn't been programmed.
So, if I understand correctly, 0x5C is not a "real" register on the
hardware, but is instead just a mechanism to give QEMU the address of
some guest visible ram?
BTW, is 0xFC a "real" register in the hardware? How does the guest
find the location of the "OpRegion" if SeaBIOS allocates it?
-Kevin
WARNING: multiple messages have this Message-ID (diff)
From: Kevin O'Connor <kevin@koconnor.net>
To: Alex Williamson <alex.williamson@redhat.com>
Cc: seabios@seabios.org, allen.m.kay@intel.com,
qemu-devel@nongnu.org, kvm@vger.kernel.org
Subject: Re: [Qemu-devel] [RFC PATCH v3 3/3] fw/pci: Allocate IGD stolen memory
Date: Sat, 13 Feb 2016 13:18:39 -0500 [thread overview]
Message-ID: <20160213181838.GA8842@morn.lan> (raw)
In-Reply-To: <20160213081209.6e4342ab@t450s.home>
On Sat, Feb 13, 2016 at 08:12:09AM -0700, Alex Williamson wrote:
> On Fri, 12 Feb 2016 21:49:04 -0500
> "Kevin O'Connor" <kevin@koconnor.net> wrote:
> > On Fri, Feb 12, 2016 at 05:23:18PM -0700, Alex Williamson wrote:
> > > Intel IGD makes use of memory allocated and marked reserved by the
> > > BIOS as a stolen memory range. For the most part, guest drivers don't
> > > make use of this, but our achilles heel is the vBIOS. The vBIOS
> > > programs the device to use the host stolen memory range and it's used
> > > in the pre-boot environment. Generally the guest won't have access to
> > > the host stolen memory area, so these accesses either land in VM
> > > memory or unassigned space and generate IOMMU faults. By allocating
> > > this range in SeaBIOS and programming it into the device, QEMU (via
> > > vfio) can make sure this guest allocated stolen memory range is used
> > > instead.
> >
> > What does "vBIOS" mean in this context? Is it the video device option
> > rom or something else?
>
> vBIOS = video BIOS, you're correct, it's just the video device option
> ROM.
Is the problem from when the host runs the video option rom, or is the
problem from the guest (via SeaBIOS) running the video option rom? If
the guest is running the option rom, is it the first time the option
rom has been run for the machine (ie, was the option rom not executed
on the host when the host machine first booted)?
FWIW, many of the chromebooks use coreboot with Intel graphics and a
number of users have installed SeaBIOS (running natively) on their
machines. Running the intel video option rom more than once has been
known to cause issues.
[...]
> The write to 0x5C is used by QEMU code that traps writes to the device
> I/O port BAR and replaces the host stolen memory address with the new
> guest address generated here. 0x5C is initialized to 0x0 by kernel
> vfio code, so we can detect whether it has been written. If not
> written, QEMU has no place to redirect to for stolen memory and it will
> either overlap VM memory or an unassigned area. The former may corrupt
> VM memory, the latter throws host errors. We could in QEMU halt with a
> hardware error if 0x5C hasn't been programmed.
So, if I understand correctly, 0x5C is not a "real" register on the
hardware, but is instead just a mechanism to give QEMU the address of
some guest visible ram?
BTW, is 0xFC a "real" register in the hardware? How does the guest
find the location of the "OpRegion" if SeaBIOS allocates it?
-Kevin
next prev parent reply other threads:[~2016-02-13 18:18 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-13 0:23 [RFC PATCH v3 0/3] IGD assignment support for QEMU/vfio Alex Williamson
2016-02-13 0:23 ` [Qemu-devel] " Alex Williamson
2016-02-13 0:23 ` [RFC PATCH v3 1/3] fw/pci: Add support for mapping Intel IGD OpRegion via QEMU Alex Williamson
2016-02-13 0:23 ` [Qemu-devel] " Alex Williamson
2016-02-13 0:23 ` [RFC PATCH v3 2/3] Further increase maximum size of permanent high memory area Alex Williamson
2016-02-13 0:23 ` [Qemu-devel] " Alex Williamson
2016-02-13 0:23 ` [RFC PATCH v3 3/3] fw/pci: Allocate IGD stolen memory Alex Williamson
2016-02-13 0:23 ` [Qemu-devel] " Alex Williamson
2016-02-13 2:49 ` Kevin O'Connor
2016-02-13 2:49 ` [Qemu-devel] " Kevin O'Connor
2016-02-13 15:12 ` Alex Williamson
2016-02-13 15:12 ` [Qemu-devel] " Alex Williamson
2016-02-13 18:18 ` Kevin O'Connor [this message]
2016-02-13 18:18 ` Kevin O'Connor
2016-02-13 18:51 ` Alex Williamson
2016-02-13 18:51 ` [Qemu-devel] " Alex Williamson
2016-02-13 20:05 ` Kevin O'Connor
2016-02-13 20:05 ` [Qemu-devel] " Kevin O'Connor
2016-02-13 20:57 ` Alex Williamson
2016-02-13 20:57 ` [Qemu-devel] " Alex Williamson
2016-02-14 0:20 ` Kevin O'Connor
2016-02-14 0:20 ` [Qemu-devel] " Kevin O'Connor
2016-02-14 1:03 ` Alex Williamson
2016-02-14 1:03 ` [Qemu-devel] " Alex Williamson
2016-02-15 9:54 ` Igor Mammedov
2016-02-15 9:54 ` Igor Mammedov
2016-02-15 19:20 ` Alex Williamson
2016-02-15 19:20 ` Alex Williamson
2016-02-15 19:29 ` Michael S. Tsirkin
2016-02-15 19:29 ` Michael S. Tsirkin
2016-02-15 19:50 ` Kevin O'Connor
2016-02-15 19:50 ` Kevin O'Connor
2016-02-15 20:08 ` Michael S. Tsirkin
2016-02-15 20:08 ` Michael S. Tsirkin
2016-02-15 19:54 ` Alex Williamson
2016-02-15 19:54 ` Alex Williamson
2016-02-16 12:08 ` Gerd Hoffmann
2016-02-16 12:08 ` Gerd Hoffmann
2016-02-15 14:15 ` Kevin O'Connor
2016-02-15 14:15 ` [Qemu-devel] " Kevin O'Connor
2016-02-15 10:31 ` Gerd Hoffmann
2016-02-15 10:31 ` [Qemu-devel] " Gerd Hoffmann
2016-02-15 17:46 ` Alex Williamson
2016-02-15 17:46 ` [Qemu-devel] " Alex Williamson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160213181838.GA8842@morn.lan \
--to=kevin@koconnor.net \
--cc=alex.williamson@redhat.com \
--cc=allen.m.kay@intel.com \
--cc=kvm@vger.kernel.org \
--cc=qemu-devel@nongnu.org \
--cc=seabios@seabios.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.