[Qemu-devel] [PATCH 0/6] Fix -kernel with SeaBIOS v2

[Qemu-devel] [PATCH 0/6] Fix -kernel with SeaBIOS v2

[Alexander Graf]

SeaBIOS clears RAM between we write our -kernel image to RAM and the int19
handler gets triggered.

So in order to work around that, I sat down and implemented Avi's suggestion
of "downloading" all blobs in runtime from the fw_cfg interface

Thanks to glommer who talked me into doing it ;-).

v1 -> v2:

  - rename copy_rom -> rom_copy
  - introduce fw_cfg compat loader for loadvm

Alexander Graf (6):
  Make fw_cfg interface 32-bit aware
  Introduce rom_rom
  Convert multiboot to fw_cfg backed data storage
  Move common option rom code to header file
  Convert linux bootrom to external rom and fw_cfg
  Add linuxboot to BLOBS

 Makefile                      |    2 +-
 hw/fw_cfg.c                   |   30 ++++++--
 hw/fw_cfg.h                   |   13 +++-
 hw/loader.c                   |   38 +++++++++
 hw/loader.h                   |    1 +
 hw/pc.c                       |  169 +++++++++++++----------------------------
 pc-bios/optionrom/Makefile    |    2 +-
 pc-bios/optionrom/linuxboot.S |  140 ++++++++++++++++++++++++++++++++++
 pc-bios/optionrom/multiboot.S |  108 ++++++++++-----------------
 pc-bios/optionrom/optionrom.h |  107 ++++++++++++++++++++++++++
 10 files changed, 416 insertions(+), 194 deletions(-)
 create mode 100644 pc-bios/optionrom/linuxboot.S
 create mode 100644 pc-bios/optionrom/optionrom.h

[Qemu-devel] [PATCH 1/6] Make fw_cfg interface 32-bit aware

[Alexander Graf]

The fw_cfg interface can only handle up to 16 bits of data for its streams.
While that isn't too much of a problem when handling integers, we would
like to stream full kernel images over that interface!

So let's extend it to 32 bit length variables.

Signed-off-by: Alexander Graf <agraf@suse.de>

---

v1 -> v2:

  - add savevm compat code (untested!)
---
 hw/fw_cfg.c |   30 ++++++++++++++++++++++++------
 hw/fw_cfg.h |    2 +-
 2 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/hw/fw_cfg.c b/hw/fw_cfg.c
index a6d811b..0cd6f68 100644
--- a/hw/fw_cfg.c
+++ b/hw/fw_cfg.c
@@ -39,7 +39,7 @@
 #define FW_CFG_SIZE 2
 
 typedef struct _FWCfgEntry {
-    uint16_t len;
+    uint32_t len;
     uint8_t *data;
     void *callback_opaque;
     FWCfgCallback callback;
@@ -48,7 +48,7 @@ typedef struct _FWCfgEntry {
 typedef struct _FWCfgState {
     FWCfgEntry entries[2][FW_CFG_MAX_ENTRY];
     uint16_t cur_entry;
-    uint16_t cur_offset;
+    uint32_t cur_offset;
 } FWCfgState;
 
 static void fw_cfg_write(FWCfgState *s, uint8_t value)
@@ -164,19 +164,37 @@ static void fw_cfg_reset(void *opaque)
     fw_cfg_select(s, 0);
 }
 
+static int fw_cfg_load_old(QEMUFile *f, void *opaque, int version_id)
+{
+    FWCfgState *s = opaque;
+    uint16_t cur_offset;
+
+    if (version_id != 1)
+        return -EINVAL;
+
+    qemu_get_be16s(f, &s->cur_entry);
+
+    /* Convert old 16 bit value to new 32 bit width */
+    qemu_get_be16s(f, &cur_offset);
+    s->cur_offset = cur_offset;
+
+    return 0;
+}
+
 static const VMStateDescription vmstate_fw_cfg = {
     .name = "fw_cfg",
-    .version_id = 1,
-    .minimum_version_id = 1,
+    .version_id = 2,
+    .minimum_version_id = 2,
     .minimum_version_id_old = 1,
+    .load_state_old = fw_cfg_load_old,
     .fields      = (VMStateField []) {
         VMSTATE_UINT16(cur_entry, FWCfgState),
-        VMSTATE_UINT16(cur_offset, FWCfgState),
+        VMSTATE_UINT32(cur_offset, FWCfgState),
         VMSTATE_END_OF_LIST()
     }
 };
 
-int fw_cfg_add_bytes(void *opaque, uint16_t key, uint8_t *data, uint16_t len)
+int fw_cfg_add_bytes(void *opaque, uint16_t key, uint8_t *data, uint32_t len)
 {
     FWCfgState *s = opaque;
     int arch = !!(key & FW_CFG_ARCH_LOCAL);
diff --git a/hw/fw_cfg.h b/hw/fw_cfg.h
index 30dfec7..359d45a 100644
--- a/hw/fw_cfg.h
+++ b/hw/fw_cfg.h
@@ -28,7 +28,7 @@
 #ifndef NO_QEMU_PROTOS
 typedef void (*FWCfgCallback)(void *opaque, uint8_t *data);
 
-int fw_cfg_add_bytes(void *opaque, uint16_t key, uint8_t *data, uint16_t len);
+int fw_cfg_add_bytes(void *opaque, uint16_t key, uint8_t *data, uint32_t len);
 int fw_cfg_add_i16(void *opaque, uint16_t key, uint16_t value);
 int fw_cfg_add_i32(void *opaque, uint16_t key, uint32_t value);
 int fw_cfg_add_i64(void *opaque, uint16_t key, uint64_t value);
-- 
1.6.0.2

[Qemu-devel] Re: [PATCH 1/6] Make fw_cfg interface 32-bit aware

[Glauber Costa]

On Thu, Nov 12, 2009 at 09:53:10PM +0100, Alexander Graf wrote:
> The fw_cfg interface can only handle up to 16 bits of data for its streams.
> While that isn't too much of a problem when handling integers, we would
> like to stream full kernel images over that interface!
> 
> So let's extend it to 32 bit length variables.
> 
> Signed-off-by: Alexander Graf <agraf@suse.de>
> 
> ---
> 
> v1 -> v2:
> 
>   - add savevm compat code (untested!)
> ---
>  hw/fw_cfg.c |   30 ++++++++++++++++++++++++------
>  hw/fw_cfg.h |    2 +-
>  2 files changed, 25 insertions(+), 7 deletions(-)
> 
> diff --git a/hw/fw_cfg.c b/hw/fw_cfg.c
> index a6d811b..0cd6f68 100644
> --- a/hw/fw_cfg.c
> +++ b/hw/fw_cfg.c
> @@ -39,7 +39,7 @@
>  #define FW_CFG_SIZE 2
>  
>  typedef struct _FWCfgEntry {
> -    uint16_t len;
> +    uint32_t len;
>      uint8_t *data;
>      void *callback_opaque;
>      FWCfgCallback callback;
> @@ -48,7 +48,7 @@ typedef struct _FWCfgEntry {
>  typedef struct _FWCfgState {
>      FWCfgEntry entries[2][FW_CFG_MAX_ENTRY];
>      uint16_t cur_entry;
> -    uint16_t cur_offset;
> +    uint32_t cur_offset;
>  } FWCfgState;
>  
>  static void fw_cfg_write(FWCfgState *s, uint8_t value)
> @@ -164,19 +164,37 @@ static void fw_cfg_reset(void *opaque)
>      fw_cfg_select(s, 0);
>  }
>  
> +static int fw_cfg_load_old(QEMUFile *f, void *opaque, int version_id)
> +{
> +    FWCfgState *s = opaque;
> +    uint16_t cur_offset;
> +
> +    if (version_id != 1)
> +        return -EINVAL;
> +
> +    qemu_get_be16s(f, &s->cur_entry);
> +
> +    /* Convert old 16 bit value to new 32 bit width */
> +    qemu_get_be16s(f, &cur_offset);
> +    s->cur_offset = cur_offset;
> +
> +    return 0;
> +}
> +
>  static const VMStateDescription vmstate_fw_cfg = {
>      .name = "fw_cfg",
> -    .version_id = 1,
> -    .minimum_version_id = 1,
> +    .version_id = 2,
> +    .minimum_version_id = 2,
>      .minimum_version_id_old = 1,
> +    .load_state_old = fw_cfg_load_old,
>      .fields      = (VMStateField []) {
>          VMSTATE_UINT16(cur_entry, FWCfgState),
> -        VMSTATE_UINT16(cur_offset, FWCfgState),
> +        VMSTATE_UINT32(cur_offset, FWCfgState),
>          VMSTATE_END_OF_LIST()
>      }
>  };

Why don't we just add another field for the upper bits, and add it through
VMSTATE_UINT16_V ?

[Qemu-devel] Re: [PATCH 1/6] Make fw_cfg interface 32-bit aware

[Alexander Graf]

On 13.11.2009, at 01:48, Glauber Costa wrote:

> On Thu, Nov 12, 2009 at 09:53:10PM +0100, Alexander Graf wrote:
>> The fw_cfg interface can only handle up to 16 bits of data for its  
>> streams.
>> While that isn't too much of a problem when handling integers, we  
>> would
>> like to stream full kernel images over that interface!
>>
>> So let's extend it to 32 bit length variables.
>>
>> Signed-off-by: Alexander Graf <agraf@suse.de>
>>
>> ---
>>
>> v1 -> v2:
>>
>>  - add savevm compat code (untested!)
>> ---
>> hw/fw_cfg.c |   30 ++++++++++++++++++++++++------
>> hw/fw_cfg.h |    2 +-
>> 2 files changed, 25 insertions(+), 7 deletions(-)
>>
>> diff --git a/hw/fw_cfg.c b/hw/fw_cfg.c
>> index a6d811b..0cd6f68 100644
>> --- a/hw/fw_cfg.c
>> +++ b/hw/fw_cfg.c
>> @@ -39,7 +39,7 @@
>> #define FW_CFG_SIZE 2
>>
>> typedef struct _FWCfgEntry {
>> -    uint16_t len;
>> +    uint32_t len;
>>     uint8_t *data;
>>     void *callback_opaque;
>>     FWCfgCallback callback;
>> @@ -48,7 +48,7 @@ typedef struct _FWCfgEntry {
>> typedef struct _FWCfgState {
>>     FWCfgEntry entries[2][FW_CFG_MAX_ENTRY];
>>     uint16_t cur_entry;
>> -    uint16_t cur_offset;
>> +    uint32_t cur_offset;
>> } FWCfgState;
>>
>> static void fw_cfg_write(FWCfgState *s, uint8_t value)
>> @@ -164,19 +164,37 @@ static void fw_cfg_reset(void *opaque)
>>     fw_cfg_select(s, 0);
>> }
>>
>> +static int fw_cfg_load_old(QEMUFile *f, void *opaque, int  
>> version_id)
>> +{
>> +    FWCfgState *s = opaque;
>> +    uint16_t cur_offset;
>> +
>> +    if (version_id != 1)
>> +        return -EINVAL;
>> +
>> +    qemu_get_be16s(f, &s->cur_entry);
>> +
>> +    /* Convert old 16 bit value to new 32 bit width */
>> +    qemu_get_be16s(f, &cur_offset);
>> +    s->cur_offset = cur_offset;
>> +
>> +    return 0;
>> +}
>> +
>> static const VMStateDescription vmstate_fw_cfg = {
>>     .name = "fw_cfg",
>> -    .version_id = 1,
>> -    .minimum_version_id = 1,
>> +    .version_id = 2,
>> +    .minimum_version_id = 2,
>>     .minimum_version_id_old = 1,
>> +    .load_state_old = fw_cfg_load_old,
>>     .fields      = (VMStateField []) {
>>         VMSTATE_UINT16(cur_entry, FWCfgState),
>> -        VMSTATE_UINT16(cur_offset, FWCfgState),
>> +        VMSTATE_UINT32(cur_offset, FWCfgState),
>>         VMSTATE_END_OF_LIST()
>>     }
>> };
>
> Why don't we just add another field for the upper bits, and add it  
> through
> VMSTATE_UINT16_V ?

Because that would mean I'd have to deal with it in the code later on  
and I don't see the point of writing code that's not in the load/save  
cycle because of limitations there.

Alex

[Qemu-devel] Re: [PATCH 1/6] Make fw_cfg interface 32-bit aware

[Juan Quintela]

Alexander Graf <agraf@suse.de> wrote:
> On 13.11.2009, at 01:48, Glauber Costa wrote:
> Because that would mean I'd have to deal with it in the code later on
> and I don't see the point of writing code that's not in the load/save
> cycle because of limitations there.

Hi

could you take a look at this one?

This don't use the old_state function and should work as well.
I haven't tested it yet (test machine down), but will do a bit later.

Later, Juan.

PD. Yeap, I would have to add the HACK types to hw.h as several places
    have decided to change the size of several fields.

>From 25f7a6e401d72a0584fa4630a9dc97ce34520f7b Mon Sep 17 00:00:00 2001
From: Juan Quintela <quintela@redhat.com>
Date: Fri, 13 Nov 2009 11:56:38 +0100
Subject: [PATCH] fw_cfg: change cur_offset to 32 bits


Signed-off-by: Juan Quintela <quintela@redhat.com>
---
 hw/fw_cfg.c |   44 +++++++++++++++++++++++++++++++++++++++-----
 hw/fw_cfg.h |    2 +-
 2 files changed, 40 insertions(+), 6 deletions(-)

diff --git a/hw/fw_cfg.c b/hw/fw_cfg.c
index a6d811b..b79d58f 100644
--- a/hw/fw_cfg.c
+++ b/hw/fw_cfg.c
@@ -39,7 +39,7 @@
 #define FW_CFG_SIZE 2

 typedef struct _FWCfgEntry {
-    uint16_t len;
+    uint32_t len;
     uint8_t *data;
     void *callback_opaque;
     FWCfgCallback callback;
@@ -48,7 +48,7 @@ typedef struct _FWCfgEntry {
 typedef struct _FWCfgState {
     FWCfgEntry entries[2][FW_CFG_MAX_ENTRY];
     uint16_t cur_entry;
-    uint16_t cur_offset;
+    uint32_t cur_offset;
 } FWCfgState;

 static void fw_cfg_write(FWCfgState *s, uint8_t value)
@@ -164,19 +164,53 @@ static void fw_cfg_reset(void *opaque)
     fw_cfg_select(s, 0);
 }

+/* Save restore 32 bit int as uint16_t
+   This is a Big hack, but it is how the old state did it.
+   Or we broke compatibility in the state, or we can't use struct tm
+ */
+
+static int get_uint32_as_uint16(QEMUFile *f, void *pv, size_t size)
+{
+    uint32_t *v = pv;
+    *v = qemu_get_be16(f);
+    return 0;
+}
+
+static void put_unused(QEMUFile *f, void *pv, size_t size)
+{
+    fprintf(stderr, "uint32_as_uint16 is only used for backward compatibilty.\n");
+    fprintf(stderr, "This functions shouldn't be called.\n");
+}
+
+const VMStateInfo vmstate_hack_uint32_as_uint16 = {
+    .name = "int32_as_uint16",
+    .get  = get_uint32_as_uint16,
+    .put  = put_unused,
+};
+
+#define VMSTATE_UINT16_HACK(_f, _s, _t)                                    \
+    VMSTATE_SINGLE_TEST(_f, _s, _t, 0, vmstate_hack_uint32_as_uint16, uint32_t)
+
+
+static bool is_version_1(void *opaque, int version_id)
+{
+    return version_id == 1;
+}
+
 static const VMStateDescription vmstate_fw_cfg = {
     .name = "fw_cfg",
-    .version_id = 1,
+    .version_id = 2,
     .minimum_version_id = 1,
     .minimum_version_id_old = 1,
     .fields      = (VMStateField []) {
         VMSTATE_UINT16(cur_entry, FWCfgState),
-        VMSTATE_UINT16(cur_offset, FWCfgState),
+        VMSTATE_UINT16_HACK(cur_offset, FWCfgState, is_version_1),
+        VMSTATE_UINT32_V(cur_offset, FWCfgState, 2),
         VMSTATE_END_OF_LIST()
     }
 };

-int fw_cfg_add_bytes(void *opaque, uint16_t key, uint8_t *data, uint16_t len)
+int fw_cfg_add_bytes(void *opaque, uint16_t key, uint8_t *data, uint32_t len)
 {
     FWCfgState *s = opaque;
     int arch = !!(key & FW_CFG_ARCH_LOCAL);
diff --git a/hw/fw_cfg.h b/hw/fw_cfg.h
index 30dfec7..359d45a 100644
--- a/hw/fw_cfg.h
+++ b/hw/fw_cfg.h
@@ -28,7 +28,7 @@
 #ifndef NO_QEMU_PROTOS
 typedef void (*FWCfgCallback)(void *opaque, uint8_t *data);

-int fw_cfg_add_bytes(void *opaque, uint16_t key, uint8_t *data, uint16_t len);
+int fw_cfg_add_bytes(void *opaque, uint16_t key, uint8_t *data, uint32_t len);
 int fw_cfg_add_i16(void *opaque, uint16_t key, uint16_t value);
 int fw_cfg_add_i32(void *opaque, uint16_t key, uint32_t value);
 int fw_cfg_add_i64(void *opaque, uint16_t key, uint64_t value);
-- 
1.6.2.5

[Qemu-devel] Re: [PATCH 1/6] Make fw_cfg interface 32-bit aware

[Alexander Graf]

Am 13.11.2009 um 11:59 schrieb Juan Quintela <quintela@redhat.com>:

> Alexander Graf <agraf@suse.de> wrote:
>> On 13.11.2009, at 01:48, Glauber Costa wrote:
>> Because that would mean I'd have to deal with it in the code later on
>> and I don't see the point of writing code that's not in the load/save
>> cycle because of limitations there.
>
> Hi
>
> could you take a look at this one?
>
> This don't use the old_state function and should work as well.
> I haven't tested it yet (test machine down), but will do a bit later.

Well I suppose your untested is better than my untested :-).


When it comes to save/restore please take anything from Juan rather  
than my patch.

I don't have access to a PC until Monday anyways and IMHO -kernel is a  
pretty important feature for developers that sholdn't stay vroken for  
too long in HEAD.

Alex 

[Qemu-devel] [PATCH 2/6] Introduce rom_rom

[Alexander Graf]

We have several rom helpers currently, but none of them can get us
code that spans several roms into a pointer.

This patch introduces a function that copies over rom contents.

Signed-off-by: Alexander Graf <agraf@suse.de>

---

v1 -> v2:

  - rename copy_rom -> rom_copy
---
 hw/loader.c |   38 ++++++++++++++++++++++++++++++++++++++
 hw/loader.h |    1 +
 2 files changed, 39 insertions(+), 0 deletions(-)

diff --git a/hw/loader.c b/hw/loader.c
index 9153b38..d854947 100644
--- a/hw/loader.c
+++ b/hw/loader.c
@@ -701,6 +701,44 @@ static Rom *find_rom(target_phys_addr_t addr)
     return NULL;
 }
 
+int rom_copy(uint8_t *dest, target_phys_addr_t addr, size_t size)
+{
+    target_phys_addr_t end = addr + size;
+    uint8_t *s, *d = dest;
+    size_t l = 0;
+    Rom *rom;
+
+    QTAILQ_FOREACH(rom, &roms, next) {
+        if (rom->max)
+            continue;
+        if (rom->min > addr)
+            continue;
+        if (rom->min + rom->romsize < addr)
+            continue;
+        if (rom->min > end)
+            break;
+        if (!rom->data)
+            continue;
+
+        d = dest + (rom->min - addr);
+        s = rom->data;
+        l = rom->romsize;
+
+        if (rom->min < addr) {
+            d = dest;
+            s += (addr - rom->min);
+            l -= (addr - rom->min);
+        }
+        if ((d + l) > (dest + size)) {
+            l = dest - d;
+        }
+
+        memcpy(d, s, l);
+    }
+
+    return (d + l) - dest;
+}
+
 void *rom_ptr(target_phys_addr_t addr)
 {
     Rom *rom;
diff --git a/hw/loader.h b/hw/loader.h
index 67dae57..b3311a3 100644
--- a/hw/loader.h
+++ b/hw/loader.h
@@ -24,6 +24,7 @@ int rom_add_file(const char *file,
 int rom_add_blob(const char *name, const void *blob, size_t len,
                  target_phys_addr_t min, target_phys_addr_t max, int align);
 int rom_load_all(void);
+int rom_copy(uint8_t *dest, target_phys_addr_t addr, size_t size);
 void *rom_ptr(target_phys_addr_t addr);
 void do_info_roms(Monitor *mon);
 
-- 
1.6.0.2

[Qemu-devel] [PATCH 3/6] Convert multiboot to fw_cfg backed data storage

[Alexander Graf]

Right now we load the guest kernel to RAM, fire off the BIOS, hope it
doesn't clobber memory and run an option rom that jumps into the kernel.

That breaks with SeaBIOS, as that clears memory. So let's read all
kernel, module etc. data using the fw_cfg interface when in the int19
handler.

This patch implements said mechanism for multiboot.

Signed-off-by: Alexander Graf <agraf@suse.de>

---

v1 -> v2:

  - rename copy_rom -> rom_copy
---
 hw/fw_cfg.h                   |    5 ++-
 hw/pc.c                       |   43 ++++++++++++++++-------
 pc-bios/optionrom/multiboot.S |   77 ++++++++++++++++++++++++++++++++---------
 3 files changed, 94 insertions(+), 31 deletions(-)

diff --git a/hw/fw_cfg.h b/hw/fw_cfg.h
index 359d45a..1e004b7 100644
--- a/hw/fw_cfg.h
+++ b/hw/fw_cfg.h
@@ -17,7 +17,10 @@
 #define FW_CFG_NUMA             0x0d
 #define FW_CFG_BOOT_MENU        0x0e
 #define FW_CFG_MAX_CPUS         0x0f
-#define FW_CFG_MAX_ENTRY        0x10
+#define FW_CFG_KERNEL_ENTRY     0x10
+#define FW_CFG_KERNEL_DATA      0x11
+#define FW_CFG_INITRD_DATA      0x12
+#define FW_CFG_MAX_ENTRY        0x13
 
 #define FW_CFG_WRITE_CHANNEL    0x4000
 #define FW_CFG_ARCH_LOCAL       0x8000
diff --git a/hw/pc.c b/hw/pc.c
index bf4718e..55bd1a4 100644
--- a/hw/pc.c
+++ b/hw/pc.c
@@ -603,6 +603,8 @@ static int load_multiboot(void *fw_cfg,
     uint32_t mb_mod_end;
     uint8_t bootinfo[0x500];
     uint32_t cmdline = 0x200;
+    uint8_t *mb_kernel_data;
+    uint8_t *mb_bootinfo_data;
 
     /* Ok, let's see if it is a multiboot image.
        The header is 12x32bit long, so the latest entry may be 8192 - 48. */
@@ -643,6 +645,12 @@ static int load_multiboot(void *fw_cfg,
         mh_load_addr = mh_entry_addr = elf_entry;
         mb_kernel_size = kernel_size;
 
+        mb_kernel_data = qemu_malloc(mb_kernel_size);
+        if (rom_copy(mb_kernel_data, elf_entry, kernel_size) != kernel_size) {
+            fprintf(stderr, "Error while fetching elf kernel from rom\n");
+            exit(1);
+        }
+
 #ifdef DEBUG_MULTIBOOT
         fprintf(stderr, "qemu: loading multiboot-elf kernel (%#x bytes) with entry %#zx\n",
                 mb_kernel_size, (size_t)mh_entry_addr);
@@ -656,7 +664,6 @@ static int load_multiboot(void *fw_cfg,
         uint32_t mh_bss_end_addr = ldl_p(header+i+24);
 #endif
         uint32_t mb_kernel_text_offset = i - (mh_header_addr - mh_load_addr);
-        uint8_t *kernel;
 
         mh_entry_addr = ldl_p(header+i+28);
         mb_kernel_size = get_file_size(f) - mb_kernel_text_offset;
@@ -676,12 +683,9 @@ static int load_multiboot(void *fw_cfg,
                 mb_kernel_size, mh_load_addr);
 #endif
 
-        kernel = qemu_malloc(mb_kernel_size);
+        mb_kernel_data = qemu_malloc(mb_kernel_size);
         fseek(f, mb_kernel_text_offset, SEEK_SET);
-        fread(kernel, 1, mb_kernel_size, f);
-        rom_add_blob_fixed(kernel_filename, kernel, mb_kernel_size,
-                           mh_load_addr);
-        qemu_free(kernel);
+        fread(mb_kernel_data, 1, mb_kernel_size, f);
         fclose(f);
     }
 
@@ -732,9 +736,14 @@ static int load_multiboot(void *fw_cfg,
                 exit(1);
             }
             mb_mod_end = mb_mod_start + mb_mod_length;
-            rom_add_file_fixed(initrd_filename, mb_mod_start);
-
             mb_mod_count++;
+
+            /* append module data at the end of last module */
+            mb_kernel_data = qemu_realloc(mb_kernel_data,
+                                          mh_load_addr - mb_mod_end);
+            load_image(initrd_filename,
+                       mb_kernel_data + mb_mod_start - mh_load_addr);
+
             stl_p(bootinfo + mb_mod_info + 0, mb_mod_start);
             stl_p(bootinfo + mb_mod_info + 4, mb_mod_start + mb_mod_length);
             stl_p(bootinfo + mb_mod_info + 12, 0x0); /* reserved */
@@ -774,13 +783,21 @@ static int load_multiboot(void *fw_cfg,
     fprintf(stderr, "multiboot: mh_entry_addr = %#x\n", mh_entry_addr);
 #endif
 
+    /* save bootinfo off the stack */
+    mb_bootinfo_data = qemu_malloc(sizeof(bootinfo));
+    memcpy(mb_bootinfo_data, bootinfo, sizeof(bootinfo));
+
     /* Pass variables to option rom */
-    fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, mh_entry_addr);
-    fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_ADDR, mb_bootinfo);
-    fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_SIZE, mmap_addr);
+    fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ENTRY, mh_entry_addr);
+    fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, mh_load_addr);
+    fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, mb_mod_end - mh_load_addr);
+    fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA, mb_kernel_data,
+                     mb_mod_end - mh_load_addr);
 
-    rom_add_blob_fixed("multiboot-info", bootinfo, sizeof(bootinfo),
-                       mb_bootinfo);
+    fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_ADDR, mb_bootinfo);
+    fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_SIZE, sizeof(bootinfo));
+    fw_cfg_add_bytes(fw_cfg, FW_CFG_INITRD_DATA, mb_bootinfo_data,
+                     sizeof(bootinfo));
 
     option_rom[nb_option_roms] = "multiboot.bin";
     nb_option_roms++;
diff --git a/pc-bios/optionrom/multiboot.S b/pc-bios/optionrom/multiboot.S
index e6cbefd..dafac73 100644
--- a/pc-bios/optionrom/multiboot.S
+++ b/pc-bios/optionrom/multiboot.S
@@ -26,6 +26,14 @@
 
 #define MULTIBOOT_MAGIC		0x2badb002
 
+#define GS_PROT_JUMP		0
+#define GS_GDT_DESC		6
+
+/* Break the translation block flow so -d cpu shows us values */
+#define DEBUG_HERE \
+	jmp		1f;				\
+	1:
+	
 /* Read a variable from the fw_cfg device.
    Clobbers:	%edx
    Out:		%eax */
@@ -44,12 +52,31 @@
 	bswap		%eax
 .endm
 
+/*
+ * Read a blob from the fw_cfg device.
+ * Requires _ADDR, _SIZE and _DATA values for the parameter.
+ *
+ * Clobbers:	%eax, %edx, %es, %ecx, %edi
+ */
+#define read_fw_blob(var) \
+	read_fw		var ## _ADDR;			\
+	mov		%eax, %edi;			\
+	read_fw		var ## _SIZE;			\
+	mov		%eax, %ecx;			\
+	mov		$var ## _DATA, %ax;		\
+	mov		$BIOS_CFG_IOPORT_CFG, %edx;	\
+	outw		%ax, (%dx);			\
+	mov		$BIOS_CFG_IOPORT_DATA, %dx;	\
+	cld;						\
+	DEBUG_HERE \
+	rep insb	(%dx), %es:(%edi);
+
 .code16
 .text
 	.global 	_start
 _start:
 	.short		0xaa55
-	.byte		1 /* (_end - _start) / 512 */
+	.byte		(_end - _start) / 512
 	push		%eax
 	push		%ds
 
@@ -57,10 +84,6 @@ _start:
 	xor		%ax, %ax
 	mov		%ax, %ds
 
-	/* save old int 19 */
-	mov		(0x19*4), %eax
-	mov		%eax, %cs:old_int19
-
 	/* install our int 19 handler */
 	movw		$int19_handler, (0x19*4)
 	mov		%cs, (0x19*4+2)
@@ -84,15 +107,34 @@ run_multiboot:
 	mov		%cs, %eax
 	shl		$0x4, %eax
 
-	/* fix the gdt descriptor to be PC relative */
-	mov		(gdt_desc+2), %ebx
-	add		%eax, %ebx
-	mov		%ebx, (gdt_desc+2)
+	/* set up a long jump descriptor that is PC relative */
 
-	/* fix the prot mode indirect jump to be PC relative */
+	/* move stack memory to %gs */
+	mov		%ss, %ecx
+	shl		$0x4, %ecx
+	mov		%esp, %ebx
+	add		%ebx, %ecx
+	sub		$0x20, %ecx
+	sub		$0x30, %esp
+	shr		$0x4, %ecx
+	mov		%cx, %gs
+
+	/* now push the indirect jump decriptor there */
 	mov		(prot_jump), %ebx
 	add		%eax, %ebx
-	mov		%ebx, (prot_jump)
+	movl		%ebx, %gs:GS_PROT_JUMP
+	mov		$8, %bx
+	movw		%bx, %gs:GS_PROT_JUMP + 4
+
+	/* fix the gdt descriptor to be PC relative */
+	movw		(gdt_desc), %bx
+	movw		%bx, %gs:GS_GDT_DESC
+	movl		(gdt_desc+2), %ebx
+	add		%eax, %ebx
+	movl		%ebx, %gs:GS_GDT_DESC + 2
+
+	/* Read the bootinfo struct into RAM */
+	read_fw_blob(FW_CFG_INITRD)
 
 	/* FS = bootinfo_struct */
 	read_fw		FW_CFG_INITRD_ADDR
@@ -100,7 +142,7 @@ run_multiboot:
 	mov		%ax, %fs
 
 	/* ES = mmap_addr */
-	read_fw		FW_CFG_INITRD_SIZE
+	mov		%eax, %fs:0x48
 	shr		$4, %eax
 	mov		%ax, %es
 
@@ -144,7 +186,7 @@ mmap_done:
 real_to_prot:
 	/* Load the GDT before going into protected mode */
 lgdt:
-	data32 lgdt	%cs:gdt_desc
+	data32 lgdt	%gs:GS_GDT_DESC
 
 	/* get us to protected mode now */
 	movl		$1, %eax
@@ -152,7 +194,7 @@ lgdt:
 
 	/* the LJMP sets CS for us and gets us to 32-bit */
 ljmp:
-	data32 ljmp	*%cs:prot_jump
+	data32 ljmp	*%gs:GS_PROT_JUMP
 
 prot_mode:
 .code32
@@ -165,8 +207,11 @@ prot_mode:
 	movl		%eax, %fs
 	movl		%eax, %gs
 
+	/* Read the kernel and modules into RAM */
+	read_fw_blob(FW_CFG_KERNEL)
+
 	/* Jump off to the kernel */
-	read_fw		FW_CFG_KERNEL_ADDR
+	read_fw		FW_CFG_KERNEL_ENTRY
 	mov		%eax, %ecx
 
 	/* EBX contains a pointer to the bootinfo struct */
@@ -180,8 +225,6 @@ ljmp2:
 
 /* Variables */
 .align 4, 0
-old_int19:	.long 0
-
 prot_jump:	.long prot_mode
 		.short 8
 
-- 
1.6.0.2

[Qemu-devel] [PATCH 4/6] Move common option rom code to header file

[Alexander Graf]

We will have a linux boot option rom soon, so let's take all functionality
that might be useful for both to a header file that both roms can include.

That way we only have to write fw_cfg access code once.

Signed-off-by: Alexander Graf <agraf@suse.de>
---
 pc-bios/optionrom/multiboot.S |   79 +-----------------------------
 pc-bios/optionrom/optionrom.h |  107 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 110 insertions(+), 76 deletions(-)
 create mode 100644 pc-bios/optionrom/optionrom.h

diff --git a/pc-bios/optionrom/multiboot.S b/pc-bios/optionrom/multiboot.S
index dafac73..be5c9fc 100644
--- a/pc-bios/optionrom/multiboot.S
+++ b/pc-bios/optionrom/multiboot.S
@@ -18,86 +18,15 @@
  *   Authors: Alexander Graf <agraf@suse.de>
  */
 
-#define NO_QEMU_PROTOS
-#include "../../hw/fw_cfg.h"
-
-#define BIOS_CFG_IOPORT_CFG	0x510
-#define BIOS_CFG_IOPORT_DATA	0x511
+#include "optionrom.h"
 
 #define MULTIBOOT_MAGIC		0x2badb002
 
 #define GS_PROT_JUMP		0
 #define GS_GDT_DESC		6
 
-/* Break the translation block flow so -d cpu shows us values */
-#define DEBUG_HERE \
-	jmp		1f;				\
-	1:
-	
-/* Read a variable from the fw_cfg device.
-   Clobbers:	%edx
-   Out:		%eax */
-.macro read_fw VAR
-	mov		$\VAR, %ax
-	mov		$BIOS_CFG_IOPORT_CFG, %dx
-	outw		%ax, (%dx)
-	mov		$BIOS_CFG_IOPORT_DATA, %dx
-	inb		(%dx), %al
-	shl		$8, %eax
-	inb		(%dx), %al
-	shl		$8, %eax
-	inb		(%dx), %al
-	shl		$8, %eax
-	inb		(%dx), %al
-	bswap		%eax
-.endm
 
-/*
- * Read a blob from the fw_cfg device.
- * Requires _ADDR, _SIZE and _DATA values for the parameter.
- *
- * Clobbers:	%eax, %edx, %es, %ecx, %edi
- */
-#define read_fw_blob(var) \
-	read_fw		var ## _ADDR;			\
-	mov		%eax, %edi;			\
-	read_fw		var ## _SIZE;			\
-	mov		%eax, %ecx;			\
-	mov		$var ## _DATA, %ax;		\
-	mov		$BIOS_CFG_IOPORT_CFG, %edx;	\
-	outw		%ax, (%dx);			\
-	mov		$BIOS_CFG_IOPORT_DATA, %dx;	\
-	cld;						\
-	DEBUG_HERE \
-	rep insb	(%dx), %es:(%edi);
-
-.code16
-.text
-	.global 	_start
-_start:
-	.short		0xaa55
-	.byte		(_end - _start) / 512
-	push		%eax
-	push		%ds
-
-	/* setup ds so we can access the IVT */
-	xor		%ax, %ax
-	mov		%ax, %ds
-
-	/* install our int 19 handler */
-	movw		$int19_handler, (0x19*4)
-	mov		%cs, (0x19*4+2)
-
-	pop		%ds
-	pop		%eax
-	lret
-
-int19_handler:
-	/* DS = CS */
-	movw		%cs, %ax
-	movw		%ax, %ds
-
-	/* fall through */
+BOOT_ROM_START
 
 run_multiboot:
 
@@ -249,6 +178,4 @@ gdt_desc:
 .short	(5 * 8) - 1
 .long	gdt
 
-.align 512, 0
-_end:
-
+BOOT_ROM_END
diff --git a/pc-bios/optionrom/optionrom.h b/pc-bios/optionrom/optionrom.h
new file mode 100644
index 0000000..34d69af
--- /dev/null
+++ b/pc-bios/optionrom/optionrom.h
@@ -0,0 +1,107 @@
+/*
+ * Common Option ROM Functions
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * Copyright Novell Inc, 2009
+ *   Authors: Alexander Graf <agraf@suse.de>
+ */
+
+
+#define NO_QEMU_PROTOS
+#include "../../hw/fw_cfg.h"
+
+#define BIOS_CFG_IOPORT_CFG	0x510
+#define BIOS_CFG_IOPORT_DATA	0x511
+
+/* Break the translation block flow so -d cpu shows us values */
+#define DEBUG_HERE \
+	jmp		1f;				\
+	1:
+	
+/*
+ * Read a variable from the fw_cfg device.
+ * Clobbers:	%edx
+ * Out:		%eax
+ */
+.macro read_fw VAR
+	mov		$\VAR, %ax
+	mov		$BIOS_CFG_IOPORT_CFG, %dx
+	outw		%ax, (%dx)
+	mov		$BIOS_CFG_IOPORT_DATA, %dx
+	inb		(%dx), %al
+	shl		$8, %eax
+	inb		(%dx), %al
+	shl		$8, %eax
+	inb		(%dx), %al
+	shl		$8, %eax
+	inb		(%dx), %al
+	bswap		%eax
+.endm
+
+/*
+ * Read a blob from the fw_cfg device.
+ * Requires _ADDR, _SIZE and _DATA values for the parameter.
+ *
+ * Clobbers:	%eax, %edx, %es, %ecx, %edi
+ */
+#define read_fw_blob(var)				\
+	read_fw		var ## _ADDR;			\
+	mov		%eax, %edi;			\
+	read_fw		var ## _SIZE;			\
+	mov		%eax, %ecx;			\
+	mov		$var ## _DATA, %ax;		\
+	mov		$BIOS_CFG_IOPORT_CFG, %edx;	\
+	outw		%ax, (%dx);			\
+	mov		$BIOS_CFG_IOPORT_DATA, %dx;	\
+	cld;						\
+	rep insb	(%dx), %es:(%edi);
+
+#define OPTION_ROM_START					\
+    .code16;						\
+    .text;						\
+	.global 	_start;				\
+    _start:;						\
+	.short		0xaa55;				\
+	.byte		(_end - _start) / 512;
+
+#define BOOT_ROM_START					\
+	OPTION_ROM_START				\
+	push		%eax;				\
+	push		%ds;				\
+							\
+	/* setup ds so we can access the IVT */		\
+	xor		%ax, %ax;			\
+	mov		%ax, %ds;			\
+							\
+	/* install our int 19 handler */		\
+	movw		$int19_handler, (0x19*4);	\
+	mov		%cs, (0x19*4+2);		\
+							\
+	pop		%ds;				\
+	pop		%eax;				\
+	lret;						\
+							\
+    int19_handler:;					\
+	/* DS = CS */					\
+	movw		%cs, %ax;			\
+	movw		%ax, %ds;
+
+#define OPTION_ROM_END					\
+    .align 512, 0;					\
+    _end:
+
+#define BOOT_ROM_END					\
+	OPTION_ROM_END
+
-- 
1.6.0.2

[Qemu-devel] [PATCH 5/6] Convert linux bootrom to external rom and fw_cfg

[Alexander Graf]

We already have a working multiboot implementation that uses fw_cfg to get
its kernel module etc. data in int19 runtime now.

So what's missing is a working linux boot option rom. While at it I figured it
would be a good idea to take the opcode generator out of pc.c and instead use
a proper option rom, like we do with multiboot.

So here it is - an fw_cfg using option rom for -kernel with linux!

Signed-off-by: Alexander Graf <agraf@suse.de>
---
 hw/fw_cfg.h                   |    8 ++-
 hw/pc.c                       |  126 +++++++------------------------------
 pc-bios/optionrom/Makefile    |    2 +-
 pc-bios/optionrom/linuxboot.S |  140 +++++++++++++++++++++++++++++++++++++++++
 4 files changed, 172 insertions(+), 104 deletions(-)
 create mode 100644 pc-bios/optionrom/linuxboot.S

diff --git a/hw/fw_cfg.h b/hw/fw_cfg.h
index 1e004b7..7070c94 100644
--- a/hw/fw_cfg.h
+++ b/hw/fw_cfg.h
@@ -20,7 +20,13 @@
 #define FW_CFG_KERNEL_ENTRY     0x10
 #define FW_CFG_KERNEL_DATA      0x11
 #define FW_CFG_INITRD_DATA      0x12
-#define FW_CFG_MAX_ENTRY        0x13
+#define FW_CFG_CMDLINE_ADDR     0x13
+#define FW_CFG_CMDLINE_SIZE     0x14
+#define FW_CFG_CMDLINE_DATA     0x15
+#define FW_CFG_SETUP_ADDR       0x16
+#define FW_CFG_SETUP_SIZE       0x17
+#define FW_CFG_SETUP_DATA       0x18
+#define FW_CFG_MAX_ENTRY        0x19
 
 #define FW_CFG_WRITE_CHANNEL    0x4000
 #define FW_CFG_ARCH_LOCAL       0x8000
diff --git a/hw/pc.c b/hw/pc.c
index 55bd1a4..7c791c4 100644
--- a/hw/pc.c
+++ b/hw/pc.c
@@ -487,85 +487,6 @@ static void *bochs_bios_init(void)
     return fw_cfg;
 }
 
-/* Generate an initial boot sector which sets state and jump to
-   a specified vector */
-static void generate_bootsect(uint32_t gpr[8], uint16_t segs[6], uint16_t ip)
-{
-    uint8_t rom[512], *p, *reloc;
-    uint8_t sum;
-    int i;
-
-    memset(rom, 0, sizeof(rom));
-
-    p = rom;
-    /* Make sure we have an option rom signature */
-    *p++ = 0x55;
-    *p++ = 0xaa;
-
-    /* ROM size in sectors*/
-    *p++ = 1;
-
-    /* Hook int19 */
-
-    *p++ = 0x50;		/* push ax */
-    *p++ = 0x1e;		/* push ds */
-    *p++ = 0x31; *p++ = 0xc0;	/* xor ax, ax */
-    *p++ = 0x8e; *p++ = 0xd8;	/* mov ax, ds */
-
-    *p++ = 0xc7; *p++ = 0x06;   /* movvw _start,0x64 */
-    *p++ = 0x64; *p++ = 0x00;
-    reloc = p;
-    *p++ = 0x00; *p++ = 0x00;
-
-    *p++ = 0x8c; *p++ = 0x0e;   /* mov cs,0x66 */
-    *p++ = 0x66; *p++ = 0x00;
-
-    *p++ = 0x1f;		/* pop ds */
-    *p++ = 0x58;		/* pop ax */
-    *p++ = 0xcb;		/* lret */
-
-    /* Actual code */
-    *reloc = (p - rom);
-
-    *p++ = 0xfa;		/* CLI */
-    *p++ = 0xfc;		/* CLD */
-
-    for (i = 0; i < 6; i++) {
-	if (i == 1)		/* Skip CS */
-	    continue;
-
-	*p++ = 0xb8;		/* MOV AX,imm16 */
-	*p++ = segs[i];
-	*p++ = segs[i] >> 8;
-	*p++ = 0x8e;		/* MOV <seg>,AX */
-	*p++ = 0xc0 + (i << 3);
-    }
-
-    for (i = 0; i < 8; i++) {
-	*p++ = 0x66;		/* 32-bit operand size */
-	*p++ = 0xb8 + i;	/* MOV <reg>,imm32 */
-	*p++ = gpr[i];
-	*p++ = gpr[i] >> 8;
-	*p++ = gpr[i] >> 16;
-	*p++ = gpr[i] >> 24;
-    }
-
-    *p++ = 0xea;		/* JMP FAR */
-    *p++ = ip;			/* IP */
-    *p++ = ip >> 8;
-    *p++ = segs[1];		/* CS */
-    *p++ = segs[1] >> 8;
-
-    /* sign rom */
-    sum = 0;
-    for (i = 0; i < (sizeof(rom) - 1); i++)
-        sum += rom[i];
-    rom[sizeof(rom) - 1] = -sum;
-
-    rom_add_blob("linux-bootsect", rom, sizeof(rom),
-                 PC_ROM_MIN_OPTION, PC_ROM_MAX, PC_ROM_ALIGN);
-}
-
 static long get_file_size(FILE *f)
 {
     long where, size;
@@ -812,12 +733,9 @@ static void load_linux(void *fw_cfg,
                        target_phys_addr_t max_ram_size)
 {
     uint16_t protocol;
-    uint32_t gpr[8];
-    uint16_t seg[6];
-    uint16_t real_seg;
     int setup_size, kernel_size, initrd_size = 0, cmdline_size;
     uint32_t initrd_max;
-    uint8_t header[8192], *setup, *kernel;
+    uint8_t header[8192], *setup, *kernel, *initrd_data;
     target_phys_addr_t real_addr, prot_addr, cmdline_addr, initrd_addr = 0;
     FILE *f;
     char *vmode;
@@ -886,9 +804,11 @@ static void load_linux(void *fw_cfg,
     if (initrd_max >= max_ram_size-ACPI_DATA_SIZE)
     	initrd_max = max_ram_size-ACPI_DATA_SIZE-1;
 
-    /* kernel command line */
-    rom_add_blob_fixed("cmdline", kernel_cmdline,
-                       strlen(kernel_cmdline)+1, cmdline_addr);
+    fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_ADDR, cmdline_addr);
+    fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_SIZE, strlen(kernel_cmdline)+1);
+    fw_cfg_add_bytes(fw_cfg, FW_CFG_CMDLINE_DATA,
+                     (uint8_t*)strdup(kernel_cmdline),
+                     strlen(kernel_cmdline)+1);
 
     if (protocol >= 0x202) {
 	stl_p(header+0x228, cmdline_addr);
@@ -937,7 +857,13 @@ static void load_linux(void *fw_cfg,
 
 	initrd_size = get_image_size(initrd_filename);
         initrd_addr = (initrd_max-initrd_size) & ~4095;
-        rom_add_file_fixed(initrd_filename, initrd_addr);
+
+        initrd_data = qemu_malloc(initrd_size);
+        load_image(initrd_filename, initrd_data);
+
+        fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_ADDR, initrd_addr);
+        fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_SIZE, initrd_size);
+        fw_cfg_add_bytes(fw_cfg, FW_CFG_INITRD_DATA, initrd_data, initrd_size);
 
 	stl_p(header+0x218, initrd_addr);
 	stl_p(header+0x21c, initrd_size);
@@ -957,21 +883,17 @@ static void load_linux(void *fw_cfg,
     fread(kernel, 1, kernel_size, f);
     fclose(f);
     memcpy(setup, header, MIN(sizeof(header), setup_size));
-    rom_add_blob_fixed("linux-setup", setup,
-                       setup_size, real_addr);
-    rom_add_blob_fixed(kernel_filename, kernel,
-                       kernel_size, prot_addr);
-    qemu_free(setup);
-    qemu_free(kernel);
-
-    /* generate bootsector to set up the initial register state */
-    real_seg = real_addr >> 4;
-    seg[0] = seg[2] = seg[3] = seg[4] = seg[4] = real_seg;
-    seg[1] = real_seg+0x20;	/* CS */
-    memset(gpr, 0, sizeof gpr);
-    gpr[4] = cmdline_addr-real_addr-16;	/* SP (-16 is paranoia) */
-
-    generate_bootsect(gpr, seg, 0);
+
+    fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, prot_addr);
+    fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size);
+    fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA, kernel, kernel_size);
+
+    fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_ADDR, real_addr);
+    fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_SIZE, setup_size);
+    fw_cfg_add_bytes(fw_cfg, FW_CFG_SETUP_DATA, setup, setup_size);
+
+    option_rom[nb_option_roms] = "linuxboot.bin";
+    nb_option_roms++;
 }
 
 static const int ide_iobase[2] = { 0x1f0, 0x170 };
diff --git a/pc-bios/optionrom/Makefile b/pc-bios/optionrom/Makefile
index b01a54e..54db882 100644
--- a/pc-bios/optionrom/Makefile
+++ b/pc-bios/optionrom/Makefile
@@ -13,7 +13,7 @@ CFLAGS += -I$(SRC_PATH)
 CFLAGS += $(call cc-option, $(CFLAGS), -fno-stack-protector)
 QEMU_CFLAGS = $(CFLAGS)
 
-build-all: multiboot.bin
+build-all: multiboot.bin linuxboot.bin
 
 %.img: %.o
 	$(call quiet-command,$(LD) -Ttext 0 -e _start -s -o $@ $<,"  Building $(TARGET_DIR)$@")
diff --git a/pc-bios/optionrom/linuxboot.S b/pc-bios/optionrom/linuxboot.S
new file mode 100644
index 0000000..842dd3d
--- /dev/null
+++ b/pc-bios/optionrom/linuxboot.S
@@ -0,0 +1,140 @@
+/*
+ * Linux Boot Option ROM
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * Copyright Novell Inc, 2009
+ *   Authors: Alexander Graf <agraf@suse.de>
+ *
+ * Based on code in hw/pc.c.
+ */
+
+#include "optionrom.h"
+
+BOOT_ROM_START
+
+run_linuxboot:
+
+	cli
+	cld
+
+	jmp		copy_kernel
+boot_kernel:
+
+	read_fw		FW_CFG_SETUP_ADDR
+
+	mov		%eax, %ebx
+	shr		$4, %ebx
+
+	/* All segments contain real_addr */
+	mov		%bx, %ds
+	mov		%bx, %es
+	mov		%bx, %fs
+	mov		%bx, %gs
+	mov		%bx, %ss
+
+	/* CX = CS we want to jump to */
+	add		$0x20, %bx
+	mov		%bx, %cx
+
+	/* SP = cmdline_addr-real_addr-16 */
+	read_fw		FW_CFG_CMDLINE_ADDR
+	mov		%eax, %ebx
+	read_fw		FW_CFG_SETUP_ADDR
+	sub		%eax, %ebx
+	sub		$16, %ebx
+	mov		%ebx, %esp
+
+	/* Build indirect retf descriptor */
+	pushw		%cx		/* CS */
+	xor		%ax, %ax
+	pushw		%ax		/* IP = 0 */
+
+	/* Clear registers */
+	xor		%eax, %eax
+	xor		%ebx, %ebx
+	xor		%ecx, %ecx
+	xor		%edx, %edx
+	xor		%edi, %edi
+	xor		%ebp, %ebp
+
+	/* Jump to Linux */
+	retf
+
+
+copy_kernel:
+
+	/* We need to load the kernel into memory we can't access in 16 bit
+	   mode, so let's get into 32 bit mode, write the kernel and jump
+	   back again. */
+
+	/* Set DS to SS+SP - 0x10, so we can write our GDT descriptor there */
+	mov		%ss, %eax
+	shl		$4, %eax
+	add		%esp, %eax
+	sub		$0x10, %eax
+	shr		$4, %eax
+
+	/* Now create the GDT descriptor */
+	mov		%cs, %eax
+	shl		$4, %eax
+	movw		$((3 * 8) - 1), %bx
+	movw		%bx, %gs:0
+	movl		$gdt, %ebx
+	add		%eax, %ebx
+	movl		%ebx, %gs:2
+
+	/* And load the GDT */
+	data32 lgdt	%gs:0
+
+	/* Get us to protected mode now */
+	mov		$1, %eax
+	mov		%eax, %cr0
+
+	/* So we can set DS to a 32-bit segment */
+	mov		$0x10, %eax
+	mov		%eax, %ds
+
+	/* We're now running in 16-bit CS, but 32-bit DS! */
+
+	/* Load kernel and initrd */
+	read_fw_blob(FW_CFG_KERNEL)
+	read_fw_blob(FW_CFG_INITRD)
+	read_fw_blob(FW_CFG_CMDLINE)
+	read_fw_blob(FW_CFG_SETUP)
+
+	/* And now jump into Linux! */
+	mov		$0, %eax
+	mov		%eax, %cr0
+
+	/* DS = CS */
+	mov		%cs, %ax
+	mov		%ax, %ds
+
+	jmp		boot_kernel
+
+/* Variables */
+
+.align 4, 0
+gdt:
+	/* 0x00 */
+.byte	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+
+	/* 0x08: code segment (base=0, limit=0xfffff, type=32bit code exec/read, DPL=0, 4k) */
+.byte	0xff, 0xff, 0x00, 0x00, 0x00, 0x9a, 0xcf, 0x00
+
+	/* 0x10: data segment (base=0, limit=0xfffff, type=32bit data read/write, DPL=0, 4k) */
+.byte	0xff, 0xff, 0x00, 0x00, 0x00, 0x92, 0xcf, 0x00
+
+BOOT_ROM_END
-- 
1.6.0.2

[Qemu-devel] Re: [PATCH 5/6] Convert linux bootrom to external rom and fw_cfg

[Paolo Bonzini]

On 11/12/2009 09:53 PM, Alexander Graf wrote:
> +	/* Set DS to SS+SP - 0x10, so we can write our GDT descriptor there */
> +	mov		%ss, %eax
> +	shl		$4, %eax
> +	add		%esp, %eax
> +	sub		$0x10, %eax
> +	shr		$4, %eax

Dead code?  Or wrong comment and missing mov %eax, %gs?

Also, I know this is running with disabled interrupts, but why set %gs 
just below the stack instead of decrementing %esp?

> +	/* Now create the GDT descriptor */
> +	mov		%cs, %eax

Paolo

Re: [Qemu-devel] Re: [PATCH 5/6] Convert linux bootrom to external rom and fw_cfg

[Alexander Graf]

On 13.11.2009, at 07:37, Paolo Bonzini wrote:

> On 11/12/2009 09:53 PM, Alexander Graf wrote:
>> +	/* Set DS to SS+SP - 0x10, so we can write our GDT descriptor there */
>> +	mov		%ss, %eax
>> +	shl		$4, %eax
>> +	add		%esp, %eax
>> +	sub		$0x10, %eax
>> +	shr		$4, %eax
> 
> Dead code?  Or wrong comment and missing mov %eax, %gs?

The latter.

> Also, I know this is running with disabled interrupts, but why set %gs just below the stack instead of decrementing %esp?

Uh. Decrementing %esp should work too I guess. That's just what I came up with.

Alex

[Qemu-devel] [PATCH] Fix thinko in linuxboot.S

[Paolo Bonzini]

The %gs segment that was used was not matching the comments.
I just moved the GDT descriptor on the stack instead.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 pc-bios/optionrom/linuxboot.S |   20 ++++++++------------
 1 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/pc-bios/optionrom/linuxboot.S b/pc-bios/optionrom/linuxboot.S
index b3c90e3..14e1ae8 100644
--- a/pc-bios/optionrom/linuxboot.S
+++ b/pc-bios/optionrom/linuxboot.S
@@ -79,24 +79,20 @@ copy_kernel:
 	   mode, so let's get into 32 bit mode, write the kernel and jump
 	   back again. */
 
-	/* Set DS to SS+SP - 0x10, so we can write our GDT descriptor there */
-	mov		%ss, %eax
-	shl		$4, %eax
-	add		%esp, %eax
-	sub		$0x10, %eax
-	shr		$4, %eax
+	/* Reserve space on the stack for our GDT descriptor. */
+	mov		%esp, %ebp
+	sub		$16, %esp
 
 	/* Now create the GDT descriptor */
+	movw		$((3 * 8) - 1), -16(%bp)
 	mov		%cs, %eax
 	shl		$4, %eax
-	movw		$((3 * 8) - 1), %bx
-	movw		%bx, %gs:0
-	movl		$gdt, %ebx
-	add		%eax, %ebx
-	movl		%ebx, %gs:2
+	addl		$gdt, %ebx
+	movl		%ebx, -14(%bp)
 
 	/* And load the GDT */
-	data32 lgdt	%gs:0
+	data32 lgdt	-16(%bp)
+	mov		%ebp, %esp
 
 	/* Get us to protected mode now */
 	mov		$1, %eax
-- 
1.6.5.2

[Qemu-devel] Re: [PATCH] Fix thinko in linuxboot.S

[Alexander Graf]

On 25.11.2009, at 13:49, Paolo Bonzini wrote:

> The %gs segment that was used was not matching the comments.
> I just moved the GDT descriptor on the stack instead.
> 
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Looks good. Have you verified it works? :-)

Alex

[Qemu-devel] Re: [PATCH] Fix thinko in linuxboot.S

[Paolo Bonzini]

On 11/25/2009 01:53 PM, Alexander Graf wrote:
>
> On 25.11.2009, at 13:49, Paolo Bonzini wrote:
>
>> The %gs segment that was used was not matching the comments.
>> I just moved the GDT descriptor on the stack instead.
>>
>> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

> Looks good. Have you verified it works? :-)

Yes. :-)

Paolo

[Qemu-devel] [PATCH 6/6] Add linuxboot to BLOBS

[Alexander Graf]

We should install linuxboot.bin too, so let's add it to the to-be-installed
blobs.

Signed-off-by: Alexander Graf <agraf@suse.de>
---
 Makefile |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/Makefile b/Makefile
index 30f1c9d..a6647c2 100644
--- a/Makefile
+++ b/Makefile
@@ -256,7 +256,7 @@ video.x openbios-sparc32 openbios-sparc64 openbios-ppc \
 pxe-ne2k_pci.bin pxe-rtl8139.bin pxe-pcnet.bin pxe-e1000.bin \
 pxe-virtio.bin pxe-eepro100.bin pxe-pcnet.bin \
 bamboo.dtb petalogix-s3adsp1800.dtb \
-multiboot.bin
+multiboot.bin linuxboot.bin
 else
 BLOBS=
 endif
-- 
1.6.0.2

Re: [Qemu-devel] [PATCH 0/6] Fix -kernel with SeaBIOS v2

[Christoph Hellwig]

It seems like this series is now in qemu.git, but I still can't boot
using -kernel.

I'm starting qemu as:

/opt/qemu/bin/qemu-system-x86_64 \
	-m 1500 -enable-kvm \
	-kernel arch/x86/boot/bzImage \
	-drive file=/dev/vg00/qemu-root,if=virtio,media=disk,cache=none,aio=threads \
	-drive file=/dev/vg00/qemu-data,if=virtio,media=disk,cache=none,aio=threads \
	-drive file=/root/test1.img,if=scsi,media=disk,cache=none \
	-append "root=/dev/vda console=tty0 console=ttyS0,38400n8"

and it simply hangs with a black screen once the SDL window opens

Re: [Qemu-devel] [PATCH 0/6] Fix -kernel with SeaBIOS v2

[Anthony Liguori]

Christoph Hellwig wrote:
> It seems like this series is now in qemu.git, but I still can't boot
> using -kernel.
>
> I'm starting qemu as:
>
> /opt/qemu/bin/qemu-system-x86_64 \
> 	-m 1500 -enable-kvm \
> 	-kernel arch/x86/boot/bzImage \
> 	-drive file=/dev/vg00/qemu-root,if=virtio,media=disk,cache=none,aio=threads \
> 	-drive file=/dev/vg00/qemu-data,if=virtio,media=disk,cache=none,aio=threads \
> 	-drive file=/root/test1.img,if=scsi,media=disk,cache=none \
> 	-append "root=/dev/vda console=tty0 console=ttyS0,38400n8"
>   

Did you rebuild qemu and make sure the new BIOS/roms were installed?

> and it simply hangs with a black screen once the SDL window opens
>   

I had this problem because I had not rebuilt qemu.

Regards,

Anhtony Liguori

Re: [Qemu-devel] [PATCH 0/6] Fix -kernel with SeaBIOS v2

[Christoph Hellwig]

On Wed, Nov 18, 2009 at 01:55:48PM -0600, Anthony Liguori wrote:
> Did you rebuild qemu and make sure the new BIOS/roms were installed?
> 
> >and it simply hangs with a black screen once the SDL window opens
> >  
> 
> I had this problem because I had not rebuilt qemu.

I did a make clean; ./configure; make; make install over a previously
working backrev installation.  Anything special require in addition to
that?

Re: [Qemu-devel] [PATCH 0/6] Fix -kernel with SeaBIOS v2

[Anthony Liguori]

Christoph Hellwig wrote:
> On Wed, Nov 18, 2009 at 01:55:48PM -0600, Anthony Liguori wrote:
>   
>> Did you rebuild qemu and make sure the new BIOS/roms were installed?
>>
>>     
>>> and it simply hangs with a black screen once the SDL window opens
>>>  
>>>       
>> I had this problem because I had not rebuilt qemu.
>>     
>
> I did a make clean; ./configure; make; make install over a previously
> working backrev installation.  Anything special require in addition to
> that?
>   

I assume you set prefix with your configure as opposed to make install 
DESTDIR?  If so, can you post your kernel/initrd somewhere so we can try 
to reproduce?

Regards,

Anthony Liguori

Re: [Qemu-devel] [PATCH 0/6] Fix -kernel with SeaBIOS v2

[Christoph Hellwig]

On Wed, Nov 18, 2009 at 04:06:34PM -0600, Anthony Liguori wrote:
> I assume you set prefix with your configure as opposed to make install 
> DESTDIR?

Yes.  It's configured the following way:

./configure \
        --target-list=x86_64-softmmu \
	--kerneldir=/home/hch/work/linux-2.6 \
	--prefix=/opt/qemu

> If so, can you post your kernel/initrd somewhere so we can try 
> to reproduce?

No initrd, and the kernel is here:

	http://www.kernel.org/pub/linux/kernel/people/hch/misc/bzImage

Re: [Qemu-devel] [PATCH 0/6] Fix -kernel with SeaBIOS v2

[Alexander Graf]

On 20.11.2009, at 10:12, Christoph Hellwig wrote:

> On Wed, Nov 18, 2009 at 04:06:34PM -0600, Anthony Liguori wrote:
>> I assume you set prefix with your configure as opposed to make  
>> install
>> DESTDIR?
>
> Yes.  It's configured the following way:
>
> ./configure \
>        --target-list=x86_64-softmmu \
> 	--kerneldir=/home/hch/work/linux-2.6 \
> 	--prefix=/opt/qemu
>
>> If so, can you post your kernel/initrd somewhere so we can try
>> to reproduce?
>
> No initrd, and the kernel is here:
>
> 	http://www.kernel.org/pub/linux/kernel/people/hch/misc/bzImage
>
>

Works great here:

./x86_64-softmmu/qemu-system-x86_64 -nographic -kernel ../bzImage - 
append console=ttyS0 -L pc-bios

Are you sure you also have the follow-up linuxboot patch applied? The  
one "fixing BOCHS bios support". If it still doesn't work, make sure  
booting works at all without -kernel.


Alex

Re: [Qemu-devel] [PATCH 0/6] Fix -kernel with SeaBIOS v2

[Christoph Hellwig]

On Fri, Nov 20, 2009 at 11:53:41AM +0100, Alexander Graf wrote:
> Works great here:
> 
> ./x86_64-softmmu/qemu-system-x86_64 -nographic -kernel ../bzImage - 
> append console=ttyS0 -L pc-bios
> 
> Are you sure you also have the follow-up linuxboot patch applied? The  
> one "fixing BOCHS bios support". If it still doesn't work, make sure  
> booting works at all without -kernel.

Hmm.  Tried without -enable-kvm and then it works, so it seems it's only
broken when using KVM support.

Btw, it seems like seabios takes quite a bit longer than pc bios to load
the kernel, mostly while the gPXE line is displayed.

Re: [Qemu-devel] [PATCH 0/6] Fix -kernel with SeaBIOS v2

[Alexander Graf]

On 20.11.2009, at 12:31, Christoph Hellwig wrote:

> On Fri, Nov 20, 2009 at 11:53:41AM +0100, Alexander Graf wrote:
>> Works great here:
>>
>> ./x86_64-softmmu/qemu-system-x86_64 -nographic -kernel ../bzImage -
>> append console=ttyS0 -L pc-bios
>>
>> Are you sure you also have the follow-up linuxboot patch applied? The
>> one "fixing BOCHS bios support". If it still doesn't work, make sure
>> booting works at all without -kernel.
>
> Hmm.  Tried without -enable-kvm and then it works, so it seems it's  
> only
> broken when using KVM support.

Works here as well:

agraf@busu:~/work/qemu-late-int19/qemu> ./x86_64-softmmu/qemu-system- 
x86_64 -nographic -kernel ../bzImage -append console=ttyS0 -L pc-bios - 
enable-kvm
[    0.000000] Linux version 2.6.32-rc7 (hch@brick) (gcc version 4.3.4  
(Debian 4.3.4-5) ) #448 SMP Wed Nov 18 18:01:25 CET 2009


> Btw, it seems like seabios takes quite a bit longer than pc bios to  
> load
> the kernel, mostly while the gPXE line is displayed.

Yeah, I really wish we could disable gPXE for default boots. Usually  
nobody wants to -boot n anyways, and if they do they can specify that  
IMHO.


Alex

Re: [Qemu-devel] [PATCH 0/6] Fix -kernel with SeaBIOS v2

[Anthony Liguori]

Alexander Graf wrote:
>> Btw, it seems like seabios takes quite a bit longer than pc bios to load
>> the kernel, mostly while the gPXE line is displayed.
>
> Yeah, I really wish we could disable gPXE for default boots. Usually 
> nobody wants to -boot n anyways, and if they do they can specify that 
> IMHO.

Time it with and without gPXE roms getting loaded and if there's a 
significant difference, it's worth thinking about.

Regards,

Anthony Liguori
>
> Alex

Re: [Qemu-devel] [PATCH 0/6] Fix -kernel with SeaBIOS v2

[Christoph Hellwig]

On Fri, Nov 20, 2009 at 12:34:29PM +0100, Alexander Graf wrote:
> agraf@busu:~/work/qemu-late-int19/qemu> ./x86_64-softmmu/qemu-system- 
> x86_64 -nographic -kernel ../bzImage -append console=ttyS0 -L pc-bios - 
> enable-kvm
> [    0.000000] Linux version 2.6.32-rc7 (hch@brick) (gcc version 4.3.4  
> (Debian 4.3.4-5) ) #448 SMP Wed Nov 18 18:01:25 CET 2009

Is this on an x86_64 box or i386?  I can boot the same kernel with
upstream qemu on another box with an x86_64 kernel and qemu.

Re: [Qemu-devel] [PATCH 0/6] Fix -kernel with SeaBIOS v2

[Alexander Graf]

Am 23.11.2009 um 21:21 schrieb Christoph Hellwig <hch@lst.de>:

> On Fri, Nov 20, 2009 at 12:34:29PM +0100, Alexander Graf wrote:
>> agraf@busu:~/work/qemu-late-int19/qemu> ./x86_64-softmmu/qemu-system-
>> x86_64 -nographic -kernel ../bzImage -append console=ttyS0 -L pc- 
>> bios -
>> enable-kvm
>> [    0.000000] Linux version 2.6.32-rc7 (hch@brick) (gcc version  
>> 4.3.4
>> (Debian 4.3.4-5) ) #448 SMP Wed Nov 18 18:01:25 CET 2009
>
> Is this on an x86_64 box or i386?  I can boot the same kernel with
> upstream qemu on another box with an x86_64 kernel and qemu.

I only test things on x86_64. so you're saying it breaks on an i586  
host?

Alex
>

Re: [Qemu-devel] [PATCH 0/6] Fix -kernel with SeaBIOS v2

[Christoph Hellwig]

On Mon, Nov 23, 2009 at 10:28:44PM +0100, Alexander Graf wrote:
> >Is this on an x86_64 box or i386?  I can boot the same kernel with
> >upstream qemu on another box with an x86_64 kernel and qemu.
> 
> I only test things on x86_64. so you're saying it breaks on an i586  
> host?

Yes, both guest and host are 32 bit.

Re: [Qemu-devel] [PATCH 0/6] Fix -kernel with SeaBIOS v2

[Alexander Graf]

Christoph Hellwig wrote:
> On Mon, Nov 23, 2009 at 10:28:44PM +0100, Alexander Graf wrote:
>   
>>> Is this on an x86_64 box or i386?  I can boot the same kernel with
>>> upstream qemu on another box with an x86_64 kernel and qemu.
>>>       
>> I only test things on x86_64. so you're saying it breaks on an i586  
>> host?
>>     
>
> Yes, both guest and host are 32 bit.
>   

Ok I just tried to reproduce this using my netbook (32 bits only) and
your kernel:

alex@linux-dpw4:~/git/qemu> uname -a
Linux linux-dpw4 2.6.27.37-0.1-pae #1 SMP 2009-10-15 14:56:58 +0200 i686
i686 i386 GNU/Linux
alex@linux-dpw4:~/git/qemu> ./i386-softmmu/qemu -enable-kvm -kernel
/tmp/bzImage -append "console=ttyS0" -nographic -L pc-bios
[    0.000000] Linux version 2.6.32-rc7 (hch@brick) (gcc version 4.3.4
(Debian 4.3.4-5) ) #448 SMP Wed Nov 18 18:01:25 CET 2009
[    0.000000] KERNEL supported cpus:
[    0.000000]   Intel GenuineIntel
[    0.000000]   AMD AuthenticAMD
[    0.000000]   NSC Geode by NSC
[    0.000000]   Cyrix CyrixInstead
[    0.000000]   Centaur CentaurHauls
[    0.000000]   Transmeta GenuineTMx86
[    0.000000]   Transmeta TransmetaCPU
[    0.000000]   UMC UMC UMC UMC
[    0.000000] BIOS-provided physical RAM map:
[    0.000000]  BIOS-e820: 0000000000000000 - 000000000009f400 (usable)
[    0.000000]  BIOS-e820: 000000000009f400 - 00000000000a0000 (reserved)
[    0.000000]  BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved)
[    0.000000]  BIOS-e820: 0000000000100000 - 0000000007ffd000 (usable)
[    0.000000]  BIOS-e820: 0000000007ffd000 - 0000000008000000 (reserved)
[    0.000000]  BIOS-e820: 00000000fffc0000 - 0000000100000000 (reserved)
[    0.000000] DMI 2.4 present.
...


I don't see any breakage here.


Alex

Re: [Qemu-devel] [PATCH 0/6] Fix -kernel with SeaBIOS v2

[Christoph Hellwig]

On Wed, Nov 25, 2009 at 10:58:45AM +0100, Alexander Graf wrote:
> Ok I just tried to reproduce this using my netbook (32 bits only) and
> your kernel:

Still seeing it using latests qemu.git.  Any idea about other information that
might help sorting it out?

I'm running Linux 2.6.31 on the host, btw.

Re: [Qemu-devel] [PATCH 0/6] Fix -kernel with SeaBIOS v2

[Alexander Graf]

Christoph Hellwig wrote:
> On Wed, Nov 25, 2009 at 10:58:45AM +0100, Alexander Graf wrote:
>   
>> Ok I just tried to reproduce this using my netbook (32 bits only) and
>> your kernel:
>>     
>
> Still seeing it using latests qemu.git.  Any idea about other information that
> might help sorting it out?
>   

Hm - are you using -L pc-bios? Also, maybe there's something in dmesg
telling you about an invalid instruction or the likes?

Alex

Re: [Qemu-devel] [PATCH 0/6] Fix -kernel with SeaBIOS v2

[Christoph Hellwig]

On Thu, Nov 26, 2009 at 01:00:25PM +0100, Alexander Graf wrote:
> Hm - are you using -L pc-bios?

No.  I use an installed qemu (./configure --prefix=/opt/qemu) and
there's no pc-bios directorie in my kernel source tree where I start it
from.

> Also, maybe there's something in dmesg
> telling you about an invalid instruction or the likes?

[ 5928.948615] kvm: 14584: cpu0 unhandled wrmsr: 0xc0000083 data 0
[ 5929.309486] kvm: 14584: cpu0 unhandled wrmsr: 0xc0000083 data 0
[ 5929.309530] kvm: 14584: cpu0 unhandled rdmsr: 0xc0000083
[ 5929.311763] kvm: 14584: cpu0 unhandled wrmsr: 0xc0000083 data 0
[ 5929.311856] kvm: 14584: cpu0 unhandled wrmsr: 0xc0000083 data 0
[ 5929.311899] kvm: 14584: cpu0 unhandled rdmsr: 0xc0000083
[ 5929.313408] kvm: 14584: cpu0 unhandled wrmsr: 0xc0000083 data 0

Re: [Qemu-devel] [PATCH 0/6] Fix -kernel with SeaBIOS v2

[Alexander Graf]

Christoph Hellwig wrote:
> On Thu, Nov 26, 2009 at 01:00:25PM +0100, Alexander Graf wrote:
>   
>> Hm - are you using -L pc-bios?
>>     
>
> No.  I use an installed qemu (./configure --prefix=/opt/qemu) and
> there's no pc-bios directorie in my kernel source tree where I start it
> from.
>   

Hm - maybe worth a try to give it a -L to the source pc-bios directory
anyways.

>> Also, maybe there's something in dmesg
>> telling you about an invalid instruction or the likes?
>>     
>
> [ 5928.948615] kvm: 14584: cpu0 unhandled wrmsr: 0xc0000083 data 0
> [ 5929.309486] kvm: 14584: cpu0 unhandled wrmsr: 0xc0000083 data 0
> [ 5929.309530] kvm: 14584: cpu0 unhandled rdmsr: 0xc0000083
> [ 5929.311763] kvm: 14584: cpu0 unhandled wrmsr: 0xc0000083 data 0
> [ 5929.311856] kvm: 14584: cpu0 unhandled wrmsr: 0xc0000083 data 0
> [ 5929.311899] kvm: 14584: cpu0 unhandled rdmsr: 0xc0000083
> [ 5929.313408] kvm: 14584: cpu0 unhandled wrmsr: 0xc0000083 data 0
>   

/include/asm/msr-index.h:#define MSR_CSTAR        0xc0000083 /* compat
mode SYSCALL target */

Sounds like your guest kernel is trying to access an x86_64 register?

You can of cause try insmod'ing kvm.ko with ignore_msrs=1. You hopefully
don't need syscalls until you get into user space.

Alex

Re: [Qemu-devel] [PATCH 0/6] Fix -kernel with SeaBIOS v2

[Christoph Hellwig]

On Thu, Nov 26, 2009 at 01:24:22PM +0100, Alexander Graf wrote:
> Hm - maybe worth a try to give it a -L to the source pc-bios directory
> anyways.

Doesn't change a thing.

> Sounds like your guest kernel is trying to access an x86_64 register?
> 
> You can of cause try insmod'ing kvm.ko with ignore_msrs=1. You hopefully
> don't need syscalls until you get into user space.

The option doesn't exist yet in 2.6.31 which I'm running on this box
because 2.6.32-rc has massive regressions for my workload.  I booted
into it again anyway to test the option - and interestingly enough
qemu with -enable-kvm boots just fine even without ignore_msrs=1.

Looks like the problem only happens with older kernels.

Re: [Qemu-devel] [PATCH 0/6] Fix -kernel with SeaBIOS v2

[Avi Kivity]

On 11/30/2009 08:50 PM, Christoph Hellwig wrote:
>
>> Sounds like your guest kernel is trying to access an x86_64 register?
>>
>> You can of cause try insmod'ing kvm.ko with ignore_msrs=1. You hopefully
>> don't need syscalls until you get into user space.
>>      
> The option doesn't exist yet in 2.6.31 which I'm running on this box
> because 2.6.32-rc has massive regressions for my workload.  I booted
> into it again anyway to test the option - and interestingly enough
> qemu with -enable-kvm boots just fine even without ignore_msrs=1.
>
> Looks like the problem only happens with older kernels.
>    

Strange - qemu -kernel has zero interaction with the host kernel.  It's 
a totally normal boot process.


-- 
Do not meddle in the internals of kernels, for they are subtle and quick to panic.

Re: [Qemu-devel] [PATCH 0/6] Fix -kernel with SeaBIOS v2

[Christoph Hellwig]

On Mon, Nov 30, 2009 at 08:54:42PM +0200, Avi Kivity wrote:
> Strange - qemu -kernel has zero interaction with the host kernel.  It's 
> a totally normal boot process.

Well, it's entirely reproducable.  Any idea how to make progress on
this?  It really keeps me from making progress on doing any qemu
development.  Note that simply reverting bios.bin and pcbios.bin to
the old pcbios binaries does not fix the latests git tree anymore.