Re: [Qemu-devel] How does the QEMU load the binary files bios.bin and vgabios-cirrus.bin?

Re: [Qemu-devel] How does the QEMU load the binary files bios.bin and vgabios-cirrus.bin?

[Anthony Liguori]

On 04/07/2011 01:18 PM, Jordan Justen wrote:
> On Thu, Apr 7, 2011 at 09:08, Anthony Liguori<anthony@codemonkey.ws>  wrote:
>> On 04/07/2011 10:51 AM, Gleb Natapov wrote:
>>> That may seams to be impossible but it is how HW works. And this is how
>>> QEMU emulates it. Look at target-i386/helper.c:cpu_reset()
>>>
>>>      cpu_x86_load_seg_cache(env, R_CS, 0xf000, 0xffff0000, 0xffff,
>>>                             DESC_P_MASK | DESC_S_MASK | DESC_CS_MASK |
>>>                             DESC_R_MASK | DESC_A_MASK);
>>>
>>>      env->eip = 0xfff0;
>>>
>>> Don't know how a20 gate is handled btw.
>> I see that we use 0xf0000 in the kernel but this is because of a limitation
>> of VMX.
> I recently noticed that kvm does this.  It does not seem to be a big
> deal as firmware can easily deal with it, but I did find it odd that
> kvm had the csbase of 0xf0000 as processors generally use a csbase of
> 0xffff0000 initially.  (At least, this is what I've seen with Intel
> processors for the past 12 years.)
>
> How can this limitation exist with VMX if mode transitions are
> supported, in which case this type of csbase vs. real-mode segment
> mismatch can easily occur?

Mismatches between cached segment descriptors and the segment registers 
are not problematic in KVM per say.

The issue is that vm8086 mode doesn't allow for this and since KVM uses 
vm8086 to emulate real mode on processors that don't support whatever it 
is that Intel is calling it these days, we can't effectively support this.

>> I guess when 32-bit was introduced, this behavior was added.
>>
>>>> The CS base starts out at 0xf0000 and IP is 0xfff0.  That gives a
>>>> real address of 0xffff0.  This is usually a trampoline to somewhere
>>>> else in the space.
>>> CS descriptor and CS selector don't have to be in sync (big real mode).
>> Indeed.
> Another place this will often be seen is SMM, as the SMBASE can easily
> be>  1MB, but the SMM entry is in 16 bit mode.

KVM doesn't support SMM although that's not because of this.  KVM 
doesn't allow execution of ROM memory which makes it difficult to 
implement PAM in the way it's intended to be implemented.  This makes 
SMM a bit tricky to make work.  Since there's never really been a 
pressing need to support SMM, to my knowledge, noone has even tried.

Regards,

Anthony Liguori

> -Jordan
>

Re: [Qemu-devel] How does the QEMU load the binary files bios.bin and vgabios-cirrus.bin?

[Gleb Natapov]

On Thu, Apr 07, 2011 at 01:37:14PM -0500, Anthony Liguori wrote:
> >>>>The CS base starts out at 0xf0000 and IP is 0xfff0.  That gives a
> >>>>real address of 0xffff0.  This is usually a trampoline to somewhere
> >>>>else in the space.
> >>>CS descriptor and CS selector don't have to be in sync (big real mode).
> >>Indeed.
> >Another place this will often be seen is SMM, as the SMBASE can easily
> >be>  1MB, but the SMM entry is in 16 bit mode.
> 
> KVM doesn't support SMM although that's not because of this.  KVM
> doesn't allow execution of ROM memory which makes it difficult to
> implement PAM in the way it's intended to be implemented.  This
> makes SMM a bit tricky to make work.  Since there's never really
> been a pressing need to support SMM, to my knowledge, noone has even
> tried.
> 
KVM allows to execute ROM memory (BIOS and option roms run this way). It
just makes it indistinguishable from RAM, but read only memory slot
support shouldn't be too hard. Why ability to execute ROM memory is
needed to support SMM though?

--
			Gleb.

Re: [Qemu-devel] How does the QEMU load the binary files bios.bin and vgabios-cirrus.bin?

[Jordan Justen]

On Thu, Apr 7, 2011 at 11:44, Gleb Natapov <gleb@redhat.com> wrote:
> On Thu, Apr 07, 2011 at 01:37:14PM -0500, Anthony Liguori wrote:
>> >>>>The CS base starts out at 0xf0000 and IP is 0xfff0.  That gives a
>> >>>>real address of 0xffff0.  This is usually a trampoline to somewhere
>> >>>>else in the space.
>> >>>CS descriptor and CS selector don't have to be in sync (big real mode).
>> >>Indeed.
>> >Another place this will often be seen is SMM, as the SMBASE can easily
>> >be>  1MB, but the SMM entry is in 16 bit mode.
>>
>> KVM doesn't support SMM although that's not because of this.  KVM
>> doesn't allow execution of ROM memory which makes it difficult to
>> implement PAM in the way it's intended to be implemented.  This
>> makes SMM a bit tricky to make work.  Since there's never really
>> been a pressing need to support SMM, to my knowledge, noone has even
>> tried.
>>
> KVM allows to execute ROM memory (BIOS and option roms run this way). It
> just makes it indistinguishable from RAM, but read only memory slot
> support shouldn't be too hard. Why ability to execute ROM memory is
> needed to support SMM though?

True.

The only possible requirement is to 'hide SMRAM' when not in SMM mode.
 Even this is chipset specific, and arguable depending on the goals of
SMM support in that system.  (Although, generally, hiding SMRAM is a
requirement. :)

But, Anthony's point ('there's never really been a pressing need to
support SMM') is probably the most important here, as I can't see a
compelling use for SMM in QEMU.

-Jordan

Re: [Qemu-devel] How does the QEMU load the binary files bios.bin and vgabios-cirrus.bin?

[Gleb Natapov]

On Thu, Apr 07, 2011 at 12:03:41PM -0700, Jordan Justen wrote:
> On Thu, Apr 7, 2011 at 11:44, Gleb Natapov <gleb@redhat.com> wrote:
> > On Thu, Apr 07, 2011 at 01:37:14PM -0500, Anthony Liguori wrote:
> >> >>>>The CS base starts out at 0xf0000 and IP is 0xfff0.  That gives a
> >> >>>>real address of 0xffff0.  This is usually a trampoline to somewhere
> >> >>>>else in the space.
> >> >>>CS descriptor and CS selector don't have to be in sync (big real mode).
> >> >>Indeed.
> >> >Another place this will often be seen is SMM, as the SMBASE can easily
> >> >be>  1MB, but the SMM entry is in 16 bit mode.
> >>
> >> KVM doesn't support SMM although that's not because of this.  KVM
> >> doesn't allow execution of ROM memory which makes it difficult to
> >> implement PAM in the way it's intended to be implemented.  This
> >> makes SMM a bit tricky to make work.  Since there's never really
> >> been a pressing need to support SMM, to my knowledge, noone has even
> >> tried.
> >>
> > KVM allows to execute ROM memory (BIOS and option roms run this way). It
> > just makes it indistinguishable from RAM, but read only memory slot
> > support shouldn't be too hard. Why ability to execute ROM memory is
> > needed to support SMM though?
> 
> True.
> 
> The only possible requirement is to 'hide SMRAM' when not in SMM mode.
>  Even this is chipset specific, and arguable depending on the goals of
> SMM support in that system.  (Although, generally, hiding SMRAM is a
> requirement. :)
> 
> But, Anthony's point ('there's never really been a pressing need to
> support SMM') is probably the most important here, as I can't see a
> compelling use for SMM in QEMU.
> 
Yeah, that is probably the main reason. Although lately there was a
proposition to use SMM in seabios to access MMIO bar of USB device from
16bit mode. Do not remember details exactly. But I, personally, will be
very glad to not implement SMM support for KVM ;)

--
			Gleb.

Re: [Qemu-devel] How does the QEMU load the binary files bios.bin and vgabios-cirrus.bin?

[Anthony Liguori]

On 04/07/2011 01:44 PM, Gleb Natapov wrote:
>> KVM doesn't support SMM although that's not because of this.  KVM
>> doesn't allow execution of ROM memory which makes it difficult to
>> implement PAM in the way it's intended to be implemented.  This
>> makes SMM a bit tricky to make work.  Since there's never really
>> been a pressing need to support SMM, to my knowledge, noone has even
>> tried.
>>
> KVM allows to execute ROM memory (BIOS and option roms run this way). It
> just makes it indistinguishable from RAM, but read only memory slot
> support shouldn't be too hard. Why ability to execute ROM memory is
> needed to support SMM though?

QEMU does the leg work already to support SMM.  It doesn't work with KVM 
because we treat SMM as ROM memory and trap read/write access.

To make it work with KVM, you'd have to hack things around to switch the 
VGA space to RAM in order to the let the SMM code run.  It's not 
impossible, but that's the main reason it doesn't Just Work.

Regards,

Anthony Liguori

> --
> 			Gleb.
>

Re: [Qemu-devel] How does the QEMU load the binary files bios.bin and vgabios-cirrus.bin?

[Olivier Galibert]

On Thu, Apr 07, 2011 at 12:03:41PM -0700, Jordan Justen wrote:
> But, Anthony's point ('there's never really been a pressing need to
> support SMM') is probably the most important here, as I can't see a
> compelling use for SMM in QEMU.

Running real biosen instead of seabios?  Of course that's mostly
useful when reverse-engineering devices, which is a borderline use of
kvm.

  OG.

Re: [Qemu-devel] How does the QEMU load the binary files bios.bin and vgabios-cirrus.bin?

[Gleb Natapov]

On Thu, Apr 07, 2011 at 02:21:16PM -0500, Anthony Liguori wrote:
> On 04/07/2011 01:44 PM, Gleb Natapov wrote:
> >>KVM doesn't support SMM although that's not because of this.  KVM
> >>doesn't allow execution of ROM memory which makes it difficult to
> >>implement PAM in the way it's intended to be implemented.  This
> >>makes SMM a bit tricky to make work.  Since there's never really
> >>been a pressing need to support SMM, to my knowledge, noone has even
> >>tried.
> >>
> >KVM allows to execute ROM memory (BIOS and option roms run this way). It
> >just makes it indistinguishable from RAM, but read only memory slot
> >support shouldn't be too hard. Why ability to execute ROM memory is
> >needed to support SMM though?
> 
> QEMU does the leg work already to support SMM.  It doesn't work with
> KVM because we treat SMM as ROM memory and trap read/write access.
> 
> To make it work with KVM, you'd have to hack things around to switch
> the VGA space to RAM in order to the let the SMM code run.  It's not
> impossible, but that's the main reason it doesn't Just Work.
> 
Remapping part is easy. As you are saying QEMU already does remapping,
the only thing missing is creating/destroying/remapping KVM memory slot
(with SMP it is slightly more complicated, but doable). But after doing
this SMM will not Just Work in KVM on Intel because VMX does not support
SMM mode and it can't be approximated by vm86, so KVM will have to emulate
every single instruction while in SMM mode and this like will not work.

--
			Gleb.

Re: [Qemu-devel] How does the QEMU load the binary files bios.bin and vgabios-cirrus.bin?

[Jordan Justen]

On Thu, Apr 7, 2011 at 12:21, Anthony Liguori <anthony@codemonkey.ws> wrote:
> QEMU does the leg work already to support SMM.  It doesn't work with KVM
> because we treat SMM as ROM memory and trap read/write access.
>
> To make it work with KVM, you'd have to hack things around to switch the VGA
> space to RAM in order to the let the SMM code run.  It's not impossible, but
> that's the main reason it doesn't Just Work.

Ah, SMM ASEG/BSEG?  I think most recent firmware ignore that, use TSEG
(some higher up memory) and run in protected mode.

But, based on Gleb's other response, there are other, bigger issues as well...

-Jordan

Re: [Qemu-devel] How does the QEMU load the binary files bios.bin and vgabios-cirrus.bin?

[Jordan Justen]

On Thu, Apr 7, 2011 at 12:24, Olivier Galibert <galibert@pobox.com> wrote:
> On Thu, Apr 07, 2011 at 12:03:41PM -0700, Jordan Justen wrote:
>> But, Anthony's point ('there's never really been a pressing need to
>> support SMM') is probably the most important here, as I can't see a
>> compelling use for SMM in QEMU.
>
> Running real biosen instead of seabios?  Of course that's mostly
> useful when reverse-engineering devices, which is a borderline use of
> kvm.

:)

Regarding QEMU, the only thing I can thing of (and this is a stretch)
is USB legacy support.  In other words, being able to drop PS2
keyboard/mouse for USB, but still supporting legacy software via SMM.
This doesn't seem worth the effort by a long shot.

Another take on removing PS2 sounds more interesting to me: a
legacy-free PC qemu hardware skew, with a legacy-free firmware (OVMF
:) and only supporting legacy-free compatible OS's.

-Jordan

Re: [Qemu-devel] How does the QEMU load the binary files bios.bin and vgabios-cirrus.bin?

[Anthony Liguori]

On 04/07/2011 02:31 PM, Gleb Natapov wrote:
>
> Remapping part is easy. As you are saying QEMU already does remapping,

Yes.

> the only thing missing is creating/destroying/remapping KVM memory slot
> (with SMP it is slightly more complicated, but doable).

Yup.  It's not impossible but not free.

>   But after doing
> this SMM will not Just Work in KVM on Intel because VMX does not support
> SMM mode and it can't be approximated by vm86, so KVM will have to emulate
> every single instruction while in SMM mode and this like will not work.

Isn't everyone using Westmere's at this point with unrestricted guest 
mode :-)

BTW, I assume that there's some kernel logic needed to enable SMM 
intercepts but I'm not entirely sure what's involved there.

Regards,

Anthony Liguori

> --
> 			Gleb.
>

Re: [Qemu-devel] How does the QEMU load the binary files bios.bin and vgabios-cirrus.bin?

[Gleb Natapov]

On Thu, Apr 07, 2011 at 04:34:38PM -0500, Anthony Liguori wrote:
> On 04/07/2011 02:31 PM, Gleb Natapov wrote:
> >
> >Remapping part is easy. As you are saying QEMU already does remapping,
> 
> Yes.
> 
> >the only thing missing is creating/destroying/remapping KVM memory slot
> >(with SMP it is slightly more complicated, but doable).
> 
> Yup.  It's not impossible but not free.
> 
> >  But after doing
> >this SMM will not Just Work in KVM on Intel because VMX does not support
> >SMM mode and it can't be approximated by vm86, so KVM will have to emulate
> >every single instruction while in SMM mode and this like will not work.
> 
> Isn't everyone using Westmere's at this point with unrestricted
> guest mode :-)
> 
> BTW, I assume that there's some kernel logic needed to enable SMM
> intercepts but I'm not entirely sure what's involved there.
> 
Vcpu needs to know that it is in SMM mode and memory slot logic should
be changed to lookup slots according to vcpu mode. This is needed
because the same physical address can be treated as frame buffer by one
cpu and as a regular memory by other simultaneously in SMP system.

--
			Gleb.