From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=35314 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Q7rl3-0004ya-Bm
	for qemu-devel@nongnu.org; Thu, 07 Apr 2011 12:08:37 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1Q7rkv-0003Yi-2a
	for qemu-devel@nongnu.org; Thu, 07 Apr 2011 12:08:30 -0400
Received: from mail-yx0-f173.google.com ([209.85.213.173]:64042)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1Q7rku-0003YX-W8
	for qemu-devel@nongnu.org; Thu, 07 Apr 2011 12:08:25 -0400
Received: by yxk8 with SMTP id 8so1332184yxk.4
	for <qemu-devel@nongnu.org>; Thu, 07 Apr 2011 09:08:24 -0700 (PDT)
Message-ID: <4D9DE166.9080001@codemonkey.ws>
Date: Thu, 07 Apr 2011 11:08:06 -0500
From: Anthony Liguori <anthony@codemonkey.ws>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] How does the QEMU load the binary files bios.bin
	and vgabios-cirrus.bin?
References: <BANLkTiniHnWOAhhs4kz60dWOnVPO1x0GBw@mail.gmail.com>	<4D9DBC05.8010400@codemonkey.ws>
	<20110407153106.GA7100@redhat.com>	<4D9DDB80.8090905@codemonkey.ws>
	<20110407155142.GB7100@redhat.com>
In-Reply-To: <20110407155142.GB7100@redhat.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Gleb Natapov <gleb@redhat.com>
Cc: Bei Guan <gbtju85@gmail.com>, QEMU Developers <qemu-devel@nongnu.org>

On 04/07/2011 10:51 AM, Gleb Natapov wrote:
> On Thu, Apr 07, 2011 at 10:42:56AM -0500, Anthony Liguori wrote:
>> On 04/07/2011 10:31 AM, Gleb Natapov wrote:
>>> On Thu, Apr 07, 2011 at 08:28:37AM -0500, Anthony Liguori wrote:
>>>> On 04/07/2011 03:22 AM, Bei Guan wrote:
>>>>> Hi,
>>>>>
>>>>> I have some questions about the qemu's bios. How does the QEMU
>>>>> load the binary files bios.bin and vgabios-cirrus.bin? Which
>>>>> function or code file need I to pay more attention to?
>>>>>
>>>>> For the loading of vgabios-cirrus.bin and bios.bin, I just trace
>>>>> them into the same funciton rom_add_file() in hw/loader.c. Is it
>>>>> the right function, which loads the bioses?
>>>>>
>>>>> And then another question, how qemu give the control to bios when
>>>>> the bios file is loaded? Maybe this question is not in the scope
>>>>> of qemu, however, can you give me some cue point.
>>>> I had some stuff written up locally so I posted it to the wiki at
>>>> http://wiki.qemu.org/Documentation/Platforms/PC
>>>>
>>>> The x86 architecture defines the initial state of the chip to have
>>>> the CS register have a base of 0xF000 and an IP of 0xFFF0.  The
>>>> result is that the actual memory address of the first instruction
>>>> falls at the end of the BIOS ROM segment.  This is the entry point
>>>> to the BIOS.
>>>>
>>> Actually after reset on x86 IP=0x0000fff0, CS=0xf000, CS.BASE= 0xffff0000,
>>> CS.LIMIT=0xffff. So the execution begins at 0xfffffff0 where ROM is
>>> mapped initially.
>> That impossible because 1) the processor starts in 16 bit mode so
>> such an address cannot be generated 2) the processor has a20 held to
>> zero which makes that the processor cannot generate a load to an
>> address with the 20th bit set to anything but zero.
>>
> That may seams to be impossible but it is how HW works. And this is how
> QEMU emulates it. Look at target-i386/helper.c:cpu_reset()
>
>      cpu_x86_load_seg_cache(env, R_CS, 0xf000, 0xffff0000, 0xffff,
>                             DESC_P_MASK | DESC_S_MASK | DESC_CS_MASK |
>                             DESC_R_MASK | DESC_A_MASK);
>
>      env->eip = 0xfff0;
>
> Don't know how a20 gate is handled btw.

I see that we use 0xf0000 in the kernel but this is because of a 
limitation of VMX.

I guess when 32-bit was introduced, this behavior was added.

>> The CS base starts out at 0xf0000 and IP is 0xfff0.  That gives a
>> real address of 0xffff0.  This is usually a trampoline to somewhere
>> else in the space.
> CS descriptor and CS selector don't have to be in sync (big real mode).

Indeed.

Regards,

Anthony Liguori

>> The mapping of BIOS to the top of 4GB is just a convention that
>> modern BIOSes use because the legacy space isn't big enough for most
>> modern BIOSes.
>>
>> Regards,
>>
>> Anthony Liguori
>>
>>>> The VGABIOS is treated like any other option ROM and is initialized
>>>> during option ROM scanning.
>>>>
>>>> Regards,
>>>>
>>>> Anthony Liguori
>>>>
>>>>> Any reply are appreciated. Thanks.
>>>>>
>>>>> Gavin
>>>>>
>>>>>
>>>>>
>>>>>
>>> --
>>> 			Gleb.
>>>
> --
> 			Gleb.
>