Re: Question about (and problem with) pflash data access

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Guenter Roeck <linux@roeck-us.net>
To: "Philippe Mathieu-Daudé" <philmd@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>,
	Peter Maydell <peter.maydell@linaro.org>,
	Qemu-block <qemu-block@nongnu.org>,
	Alexey Kardashevskiy <aik@ozlabs.ru>,
	QEMU Developers <qemu-devel@nongnu.org>,
	Max Reitz <mreitz@redhat.com>, qemu-arm <qemu-arm@nongnu.org>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Subject: Re: Question about (and problem with) pflash data access
Date: Thu, 13 Feb 2020 08:21:35 -0800	[thread overview]
Message-ID: <20200213162135.GA16294@roeck-us.net> (raw)
In-Reply-To: <ff42c7de-ef78-a0e5-9abe-9343947ff6d6@redhat.com>

On Thu, Feb 13, 2020 at 04:24:24PM +0100, Philippe Mathieu-Daudé wrote:
> On 2/13/20 3:39 PM, Peter Maydell wrote:
> > On Thu, 13 Feb 2020 at 14:26, Guenter Roeck <linux@roeck-us.net> wrote:
> > > What really puzzles me is that there is no trace output for
> > > flash data accesses (trace_pflash_data_read and trace_pflash_data_write),
> > > meaning the actual flash data access must be handled elsewhere.
> > > Can someone give me a hint where that might be ?
> 
> If you can share built kernel/dtb/rootfs for this machine I can have a look
> at it.
> 
> > > Clearly I am missing something about inner workings of qemu.
> 
> You can see all the pflash events using '-trace pflash*'.
> 
Yes, I got that much ;-).

> > 
> > Probably the device is in 'romd' mode. A QEMU MemoryRegion
> > can be:
> >   * RAM (includes ROM for these purposes) -- backed by host
> >     memory, reads and writes (if permitted) go straight to
> >     the host memory via fastpath accesses
> 
> No tracing here.
> 
> >   * MMIO -- backed by a read and write accessor function,
> >     all accesses go to these functions
> >   * "ROM device" -- a mix of the above where there is a
> >     backing bit of host memory but also accessor functions.
> >     When the device is in "romd" mode, reads go direct to
> >     host memory, and writes still go to the accessor function.
> >     When the device is not in "romd" mode, reads also go
> >     to the accessor function.
> > 
> > We use this in the pflash devices to make the common case
> > ("just read the flash") fast. When the guest makes a write
> > to flash that puts it into programming mode, we call
> > memory_region_rom_device_set_romd(..., false) so we can
> > intercept reads and make them do the right thing for
> > programming mode.
> > 

Disabling the calls to memory_region_rom_device_set_romd(..., true)
got me the trace output I was looking for. Turns out that reads
which supposedly are from the beginning of the flash start at offset
0x180000 instead of 0. This explains the "corruption", since that is
exactly the data in my test file at that offset. Adding debug output
to the Linux kernel confirms that this offset originates from the Linux
kernel.

Taking a closer look into the kernel source shows that the flash partitions
for SX1 indeed start at offset 0x180000 in the flash, not at 0. Bummer.

Sorry for all the noise. I should have paid closer attention to the
kernel source. Oh well, at least I learned a lot about qemu.

Thanks,
Guenter

     prev parent reply	other threads:[~2020-02-13 16:22 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-12 18:46 Question about (and problem with) pflash data access Guenter Roeck
2020-02-12 21:39 ` Philippe Mathieu-Daudé
2020-02-12 23:09   ` Guenter Roeck
2020-02-12 23:50     ` Philippe Mathieu-Daudé
2020-02-13  7:40       ` Alexey Kardashevskiy
2020-02-13  9:51         ` Paolo Bonzini
2020-02-13 14:26           ` Guenter Roeck
2020-02-13 14:39             ` Peter Maydell
2020-02-13 15:24               ` Philippe Mathieu-Daudé
2020-02-13 16:21                 ` Guenter Roeck [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200213162135.GA16294@roeck-us.net \
    --to=linux@roeck-us.net \
    --cc=aik@ozlabs.ru \
    --cc=kwolf@redhat.com \
    --cc=mreitz@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=peter.maydell@linaro.org \
    --cc=philmd@redhat.com \
    --cc=plagnioj@jcrosoft.com \
    --cc=qemu-arm@nongnu.org \
    --cc=qemu-block@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).