Forwarding to Kevin + seabios for their comments..
Thanks,
--nab
So this happens when SeaBIOS toggles BIOS memory between read-only and read-write. They are implemented in QEMU's hw/pam.c file and called from hw/piix_pci.c.
Il 28/03/2013 07:56, Nicholas A. Bellinger ha scritto:
Checking vq: 2 ring_phys: ed000 ring_size: 5124 >>>>>>>>>>>>>>>>>>. Calling l: 5124 for start_addr: c0000 for vq 2 Unable to map ring buffer for ring 2 l: 4096 ring_size: 5124
So the ring is from 0xed000 to 0xee404.
These are the PAM registers that SeaBIOS touches:
Calling pci_config_writeb(0x11): bdf: 0x0000 pam: 0x0000005a Calling pci_config_writeb(0x31): bdf: 0x0000 pam: 0x0000005b
These control 0xc0000 to 0x0xcffff: - all are readable (the low bit of each nybble) - 0xcc0000 to 0xcffff is also writable (that's bit 5 in 0x5b)
Calling pci_config_writeb(0x10): bdf: 0x0000 pam0: 0x00000059
Now 0xf0000 to 0xfffff is also readonly.
QEMU's "info mtree" matches this. At startup you get
00000000000c0000-00000000000c3fff (prio 1, RW): alias pam-pci @pci 00000000000c0000-00000000000c3fff 00000000000c4000-00000000000c7fff (prio 1, RW): alias pam-pci @pci 00000000000c4000-00000000000c7fff 00000000000c8000-00000000000cbfff (prio 1, RW): alias pam-pci @pci 00000000000c8000-00000000000cbfff 00000000000cc000-00000000000cffff (prio 1, RW): alias pam-pci @pci 00000000000cc000-00000000000cffff 00000000000d0000-00000000000d3fff (prio 1, RW): alias pam-pci @pci 00000000000d0000-00000000000d3fff 00000000000d4000-00000000000d7fff (prio 1, RW): alias pam-pci @pci 00000000000d4000-00000000000d7fff 00000000000d8000-00000000000dbfff (prio 1, RW): alias pam-pci @pci 00000000000d8000-00000000000dbfff 00000000000dc000-00000000000dffff (prio 1, RW): alias pam-pci @pci 00000000000dc000-00000000000dffff 00000000000e0000-00000000000e3fff (prio 1, RW): alias pam-pci @pci 00000000000e0000-00000000000e3fff 00000000000e4000-00000000000e7fff (prio 1, RW): alias pam-pci @pci 00000000000e4000-00000000000e7fff 00000000000e8000-00000000000ebfff (prio 1, RW): alias pam-pci @pci 00000000000e8000-00000000000ebfff 00000000000ec000-00000000000effff (prio 1, RW): alias pam-pci @pci 00000000000ec000-00000000000effff 00000000000f0000-00000000000fffff (prio 1, RW): alias pam-pci @pci 00000000000f0000-00000000000fffff
after BIOS has run:
00000000000c0000-00000000000c3fff (prio 1, R-): alias pam-rom @pc.ram 00000000000c0000-00000000000c3fff 00000000000c4000-00000000000c7fff (prio 1, R-): alias pam-rom @pc.ram 00000000000c4000-00000000000c7fff 00000000000c8000-00000000000cbfff (prio 1, R-): alias pam-rom @pc.ram 00000000000c8000-00000000000cbfff 00000000000ca000-00000000000ccfff (prio 1000, RW): alias kvmvapic-rom @pc.ram 00000000000ca000-00000000000ccfff 00000000000cc000-00000000000cffff (prio 1, R-): alias pam-rom @pc.ram 00000000000cc000-00000000000cffff 00000000000d0000-00000000000d3fff (prio 1, RW): alias pam-ram @pc.ram 00000000000d0000-00000000000d3fff 00000000000d4000-00000000000d7fff (prio 1, RW): alias pam-ram @pc.ram 00000000000d4000-00000000000d7fff 00000000000d8000-00000000000dbfff (prio 1, RW): alias pam-ram @pc.ram 00000000000d8000-00000000000dbfff 00000000000dc000-00000000000dffff (prio 1, RW): alias pam-ram @pc.ram 00000000000dc000-00000000000dffff 00000000000e0000-00000000000e3fff (prio 1, RW): alias pam-ram @pc.ram 00000000000e0000-00000000000e3fff 00000000000e4000-00000000000e7fff (prio 1, RW): alias pam-ram @pc.ram 00000000000e4000-00000000000e7fff 00000000000e8000-00000000000ebfff (prio 1, RW): alias pam-ram @pc.ram 00000000000e8000-00000000000ebfff 00000000000ec000-00000000000effff (prio 1, RW): alias pam-ram @pc.ram 00000000000ec000-00000000000effff 00000000000f0000-00000000000fffff (prio 1, R-): alias pam-rom @pc.ram 00000000000f0000-00000000000fffff
Apart from the new region at 0xca000 which is set up by other firmware than SeaBIOS's, it matches the expectations. Now, this does show another potential problem that you are not hitting yet: if the ring spanned two 16k areas, it would be a problem. But let's ignore this for now.
Now that we know where it is happening, let's focus the debugging on cpu_physical_memory_map and ignore all other QEMU/SeaBIOS debugging output. Please confirm that it is always called with addr = 0xed000, *plen = 5124 for vq 2. Then, I suggest that you debug what happens around qemu_ram_ptr_length (called from address_space_map, called from cpu_physical_memory_map). What is the value of rlen on entry and exit? The function is simple and the logic easy to follow.
So not being a seabios expert, this is as far as I've gotten.. One change that does appear to avoid this behavior is when vp_reset() is called right after virtio_scsi_scan_target() occurs. (See below)
This is not leftover PCI config space, it is because you've disabled virtio-scsi and thus vhost_verify_ring_mappings() does not run at all, I think.
Paolo
On Wed, Mar 27, 2013 at 11:56:52PM -0700, Nicholas A. Bellinger wrote:
Forwarding to Kevin + seabios for their comments..
The SeaBIOS log doesn't include the version of seabios used - can you extract that?
-Kevin
On Thu, 2013-03-28 at 08:55 -0400, Kevin O'Connor wrote:
On Wed, Mar 27, 2013 at 11:56:52PM -0700, Nicholas A. Bellinger wrote:
Forwarding to Kevin + seabios for their comments..
The SeaBIOS log doesn't include the version of seabios used - can you extract that?
Hi Kevin,
This is with commit b44a7be17b for the latest src/virtio-scsi.c changes from Asias.
--nab
-
Kevin O'Connor -
Nicholas A. Bellinger -
Paolo Bonzini