From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=37324 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1OanNN-0000Or-BZ
	for qemu-devel@nongnu.org; Mon, 19 Jul 2010 06:15:10 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <rjones@redhat.com>) id 1OanNM-0006qu-7O
	for qemu-devel@nongnu.org; Mon, 19 Jul 2010 06:15:09 -0400
Received: from mx1.redhat.com ([209.132.183.28]:4138)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <rjones@redhat.com>) id 1OanNL-0006nw-Vk
	for qemu-devel@nongnu.org; Mon, 19 Jul 2010 06:15:08 -0400
Date: Mon, 19 Jul 2010 11:15:04 +0100
From: "Richard W.M. Jones" <rjones@redhat.com>
Message-ID: <20100719101504.GA5216@amd.home.annexia.org>
References: <20100717133930.GC19767@amd.home.annexia.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20100717133930.GC19767@amd.home.annexia.org>
Subject: [Qemu-devel] [PATCH 0/2 version 2] fw_cfg: Implement fast
	"DMA"-type operation
	for rapidly copying in kernel, initrd [etc] into the guest
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: agraf@suse.de, Gleb Natapov <gleb@redhat.com>


This is the second version of the patch.

We don't use the word "blit" any more, instead this is replaced with
"DMA", even though it's not quite like a DMA operation on physical
hardware.

The guest writes the physical address and size to two 32 bit fw_cfg
variables.  Then when the guest issues an ordinary read operation with
the extra FW_CFG_DMA flag set, instead of returning a single byte,
qemu "DMA"s the requested data into the guest memory.

The guest shouldn't be able to request a dma_size larger than the
amount of data in the entry.  The patch checks this and adjusts
dma_size.

The guest might select a dma_addr which does not correspond to
physical memory (or dma_addr + dma_size).  Reading the code it seems
to be that cpu_physical_memory_write catches this case and will
abort() (so the guest is only harming itself).  However I'd quite like
an expert opinion on this ...

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://et.redhat.com/~rjones/virt-top