From: Laurent Vivier <lvivier@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>, qemu-devel@nongnu.org
Cc: agraf@suse.de
Subject: Re: [Qemu-devel] [PATCH] exec: skip MMIO regions correctly in cpu_physical_memory_write_rom_internal
Date: Sat, 04 Jul 2015 01:00:15 +0200 [thread overview]
Message-ID: <559713FF.4010601@redhat.com> (raw)
In-Reply-To: <1435963378-22229-1-git-send-email-pbonzini@redhat.com>
On 04/07/2015 00:42, Paolo Bonzini wrote:
> Loading the BIOS in the mac99 machine is interesting, because there is a
> PROM in the middle of the BIOS region (from 16K to 32K). Before memory
> region accesses were clamped, when QEMU was asked to load a BIOS from
> 0xfff00000 to 0xffffffff it would put even those 16K from the BIOS file
> into the region. This is weird because those 16K were not actually
> visible between 0xfff04000 and 0xfff07fff. However, it worked.
>
> After clamping was added, this also worked. In this case, the
> cpu_physical_memory_write_rom_internal function split the write in
> three parts: the first 16K were copied, the PROM area (second 16K) were
> ignored, then the rest was copied.
>
> Problems then started with commit 965eb2f (exec: do not clamp accesses
> to MMIO regions, 2015-06-17). Clamping accesses is not done for MMIO
> regions because they can overlap wildly, and MMIO registers can be
> expected to perform full-width accesses based only on their address
> (with no respect for adjacent registers that could decode to completely
> different MemoryRegions). However, this lack of clamping also applied
> to the PROM area! cpu_physical_memory_write_rom_internal thus failed
> to copy the third range above, i.e. only copied the first 16K of the BIOS.
>
> In effect, address_space_translate is expecting _something else_ to do
> the clamping for MMIO regions if the incoming length is large. This
> "something else" is memory_access_size in the case of address_space_rw,
> so use the same logic in cpu_physical_memory_write_rom_internal.
>
> The fix is just one line, but also add a comment explaining why there
> is no clamping for MMIO regions, and what it means for the callers.
>
> Reported-by: Alexander Graf <agraf@redhat.com>
> Fixes: 965eb2f
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Tested-by: Laurent Vivier <lvivier@redhat.com>
next prev parent reply other threads:[~2015-07-03 23:00 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-03 22:42 [Qemu-devel] [PATCH] exec: skip MMIO regions correctly in cpu_physical_memory_write_rom_internal Paolo Bonzini
2015-07-03 23:00 ` Laurent Vivier [this message]
2015-07-06 8:51 ` Alexander Graf
2015-07-06 8:55 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=559713FF.4010601@redhat.com \
--to=lvivier@redhat.com \
--cc=agraf@suse.de \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.