Re: [Qemu-devel] [PATCH v2] PAM: make PAM emulation closer to documentation

["Ефимов Василий" <real@ispras.ru>]

07.09.2015 15:50, Paolo Bonzini пишет:
>
> Hi Vasily,
>
> I agree that this patch is an improvement compared to the earlier
> versions, but it's still a bit of an abstraction violation and I'm not
> sure if it works with KVM.
It does not work with KVM. BIOS freezes on 0xCAA26 on
mov %ax,%es
instruction (according to QEMU disassembler).

Last debug messages are:

Booting from ROM...
Booting from ca80:003c

So, a lot of BIOS code is executed. I will investigate the problem.
>
> Let's see if we can improve things.  Please correct me on the following:
>
> 1) For the "Make current PAM region a ROM" case, we can get the
> ram_addr_t directly from the pc.bios and pc.rom MemoryRegions, and poke
> into pam->region[1] and pam->region[2] when we create them.
Yes, we can. But what if another region is at the address? The -pflash
option is an example.

By default and with -bios option mtree is:

address-space: memory
   0000000000000000-ffffffffffffffff (prio 0, RW): system
     0000000000000000-0000000007ffffff (prio 0, RW): alias ram-below-4g
                                @pc.ram 0000000000000000-0000000007ffffff
     0000000000000000-ffffffffffffffff (prio -1, RW): pci
       00000000000c0000-00000000000dffff (prio 1, RW): pc.rom
       00000000000e0000-00000000000fffff (prio 1, R-): alias isa-bios
                               @pc.bios 0000000000020000-000000000003ffff
       00000000fffc0000-00000000ffffffff (prio 0, R-): pc.bios

With -pflash option mtree is:

address-space: memory
   0000000000000000-ffffffffffffffff (prio 0, RW): system
     0000000000000000-0000000007ffffff (prio 0, RW): alias ram-below-4g
                                @pc.ram 0000000000000000-0000000007ffffff
     0000000000000000-ffffffffffffffff (prio -1, RW): pci
       00000000000c0000-00000000000dffff (prio 1, RW): pc.rom
       00000000000e0000-00000000000fffff (prio 1, R-): isa-bios
     00000000fffc0000-00000000ffffffff (prio 0, R-): system.flash0

There is significant difference about isa-bios at least.

In general, new PAM redirects access to region at the address but
not exactly to pc.bios/isa-bios or pc.rom.

In other words, I suggest more generic solution.

We also can set up redirection at machine initialization, but using of
listener makes sure redirection is actual at runtime. I do not know
case in which regions at the PAM addresses are changed dynamically
during guest work. But even during machine initialization the memory
tree is changed multiple times. So, listener at least ensures the last
version of tree is used for redirection choice.
>
> 2) For the "Make current PAM region an I/O region" case, you could add
> an IOMMU region that to 0xc0000-0xfffff.  The listener would disable
> pam->region[1] if address_space_translate returns an I/O region and
> enable it if it returns RAM/ROM.
As I see, IOMMU cannot be used for CPU access to memory because of
assertion (!section->mr->iommu_ops) in
exec.c: address_space_translate_for_iotlb
IOMMU is used for redirection of device and debug access through
address_space_translate. Please correct me if I miss something.
> However, I cannot understand or
> remember what is the case where you get an I/O region.
There is no known case in which an I/O region is at PAM addresses.
But it is theoretically possible. Hence, I decide to implement it
instead of insert an assertion. Also note, the code also covers
case of simple container memory region at the address.
>
> Paolo
>