From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:40841)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <lersek@redhat.com>) id 1WkDAN-0000JY-Qf
	for qemu-devel@nongnu.org; Tue, 13 May 2014 09:54:53 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <lersek@redhat.com>) id 1WkDAH-0004Ls-JZ
	for qemu-devel@nongnu.org; Tue, 13 May 2014 09:54:47 -0400
Received: from mx1.redhat.com ([209.132.183.28]:28194)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <lersek@redhat.com>) id 1WkDAH-0004Lj-B2
	for qemu-devel@nongnu.org; Tue, 13 May 2014 09:54:41 -0400
Message-ID: <5372241E.8090309@redhat.com>
Date: Tue, 13 May 2014 15:54:38 +0200
From: Laszlo Ersek <lersek@redhat.com>
MIME-Version: 1.0
References: <98.08.11443.AD612735@epcpsbgx3.samsung.com>
In-Reply-To: <98.08.11443.AD612735@epcpsbgx3.samsung.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] Where is vga-rom mapped in guest system memory?
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: jaeyong.yoo@samsung.com, qemu-devel@nongnu.org

On 05/13/14 14:58, Jaeyong Yoo wrote:
> Hello qemu!
> 
>  
> 
> I am currently writing a vga device emulator and need to debug vga-bios.
> 
> What I want is to set break-point on the entry of vga-bios and for this,
> 
> I'm reading qemu source around pci device and rom-related memory regions
> 
> to find out where should I set break point. And, sadly, got stuck.
> 
>  
> 
> Could you give me any advice about the memory-mapped address of vga-rom or
> 
> any pointers?

Some.

The vgabios binary is loaded from the file identified by the "romfile"
property of the VGA card that you select. For example,

  -device qxl-vga,romfile=...

or

  -vga qxl \
  -global qxl-vga.romfile=...

Of course the property has a default value for each VGA card. See the

  k->romfile = ...

assignments in:
- cirrus_vga_class_init() -- vgabios-cirrus.bin
- qxl_primary_class_init() -- vgabios-qxl.bin
- vga_class_init() -- vgabios-stdvga.bin

I think the oprom is loaded in

pci_qdev_init() [hw/pci/pci.c]
  pci_add_option_rom()

The vgabios oprom is shadowed from ROM (pci address space) to RAM by the
SeaBIOS initialization code, and then POSTed:

handle_post() [src/post.c]
  make_bios_writable() [src/fw/shadow.c]
    make_bios_writable_intel()
      __make_bios_writable_intel() -- shadows vgabios in C segment too
  dopost() [src/post.c]
    maininit()
      vgarom_setup() [src/optionroms.c]
        init_pcirom()
          init_optionrom()
            callrom()
              __callrom()
                _rom_header_entry [vgasrc/vgaentry.S]
                  vga_post() [vgasrc/vgainit.c]

You can instrument vga_post() in the SeaBIOS source [vgasrc/vgainit.c],
rebuild the vgabios binary, and load this binary with the video card's
romfile=... property on the qemu command line.

Laszlo

Laszlo