[SeaBIOS] [Fwd: Re: [PATCH V3 WIP 3/3] disable vhost_verify_ring_mappings check]

Paolo Bonzini pbonzini at redhat.com
Thu Mar 28 10:51:44 CET 2013 

So this happens when SeaBIOS toggles BIOS memory between
read-only and read-write.  They are implemented in QEMU's
hw/pam.c file and called from hw/piix_pci.c.


Il 28/03/2013 07:56, Nicholas A. Bellinger ha scritto:
> Checking vq: 2 ring_phys: ed000 ring_size: 5124 >>>>>>>>>>>>>>>>>>.
> Calling l: 5124 for start_addr: c0000 for vq 2
> Unable to map ring buffer for ring 2
> l: 4096 ring_size: 5124

So the ring is from 0xed000 to 0xee404.

These are the PAM registers that SeaBIOS touches:

Calling pci_config_writeb(0x11): bdf: 0x0000 pam: 0x0000005a
Calling pci_config_writeb(0x31): bdf: 0x0000 pam: 0x0000005b

These control 0xc0000 to 0x0xcffff:
- all are readable (the low bit of each nybble)
- 0xcc0000 to 0xcffff is also writable (that's bit 5 in 0x5b)

Calling pci_config_writeb(0x10): bdf: 0x0000 pam0: 0x00000059

Now 0xf0000 to 0xfffff is also readonly.

QEMU's "info mtree" matches this.  At startup you get

  00000000000c0000-00000000000c3fff (prio 1, RW): alias pam-pci @pci 00000000000c0000-00000000000c3fff
  00000000000c4000-00000000000c7fff (prio 1, RW): alias pam-pci @pci 00000000000c4000-00000000000c7fff
  00000000000c8000-00000000000cbfff (prio 1, RW): alias pam-pci @pci 00000000000c8000-00000000000cbfff
  00000000000cc000-00000000000cffff (prio 1, RW): alias pam-pci @pci 00000000000cc000-00000000000cffff
  00000000000d0000-00000000000d3fff (prio 1, RW): alias pam-pci @pci 00000000000d0000-00000000000d3fff
  00000000000d4000-00000000000d7fff (prio 1, RW): alias pam-pci @pci 00000000000d4000-00000000000d7fff
  00000000000d8000-00000000000dbfff (prio 1, RW): alias pam-pci @pci 00000000000d8000-00000000000dbfff
  00000000000dc000-00000000000dffff (prio 1, RW): alias pam-pci @pci 00000000000dc000-00000000000dffff
  00000000000e0000-00000000000e3fff (prio 1, RW): alias pam-pci @pci 00000000000e0000-00000000000e3fff
  00000000000e4000-00000000000e7fff (prio 1, RW): alias pam-pci @pci 00000000000e4000-00000000000e7fff
  00000000000e8000-00000000000ebfff (prio 1, RW): alias pam-pci @pci 00000000000e8000-00000000000ebfff
  00000000000ec000-00000000000effff (prio 1, RW): alias pam-pci @pci 00000000000ec000-00000000000effff
  00000000000f0000-00000000000fffff (prio 1, RW): alias pam-pci @pci 00000000000f0000-00000000000fffff

after BIOS has run:

  00000000000c0000-00000000000c3fff (prio 1, R-): alias pam-rom @pc.ram 00000000000c0000-00000000000c3fff
  00000000000c4000-00000000000c7fff (prio 1, R-): alias pam-rom @pc.ram 00000000000c4000-00000000000c7fff
  00000000000c8000-00000000000cbfff (prio 1, R-): alias pam-rom @pc.ram 00000000000c8000-00000000000cbfff
  00000000000ca000-00000000000ccfff (prio 1000, RW): alias kvmvapic-rom @pc.ram 00000000000ca000-00000000000ccfff
  00000000000cc000-00000000000cffff (prio 1, R-): alias pam-rom @pc.ram 00000000000cc000-00000000000cffff
  00000000000d0000-00000000000d3fff (prio 1, RW): alias pam-ram @pc.ram 00000000000d0000-00000000000d3fff
  00000000000d4000-00000000000d7fff (prio 1, RW): alias pam-ram @pc.ram 00000000000d4000-00000000000d7fff
  00000000000d8000-00000000000dbfff (prio 1, RW): alias pam-ram @pc.ram 00000000000d8000-00000000000dbfff
  00000000000dc000-00000000000dffff (prio 1, RW): alias pam-ram @pc.ram 00000000000dc000-00000000000dffff
  00000000000e0000-00000000000e3fff (prio 1, RW): alias pam-ram @pc.ram 00000000000e0000-00000000000e3fff
  00000000000e4000-00000000000e7fff (prio 1, RW): alias pam-ram @pc.ram 00000000000e4000-00000000000e7fff
  00000000000e8000-00000000000ebfff (prio 1, RW): alias pam-ram @pc.ram 00000000000e8000-00000000000ebfff
  00000000000ec000-00000000000effff (prio 1, RW): alias pam-ram @pc.ram 00000000000ec000-00000000000effff
  00000000000f0000-00000000000fffff (prio 1, R-): alias pam-rom @pc.ram 00000000000f0000-00000000000fffff

Apart from the new region at 0xca000 which is set up by other firmware
than SeaBIOS's, it matches the expectations.  Now, this does show
another potential problem that you are not hitting yet: if the ring
spanned two 16k areas, it would be a problem.  But let's ignore this
for now.

Now that we know where it is happening, let's focus the debugging on
cpu_physical_memory_map and ignore all other QEMU/SeaBIOS debugging
output.  Please confirm that it is always called with addr = 0xed000,
*plen = 5124 for vq 2.  Then, I suggest that you debug what happens
around qemu_ram_ptr_length (called from address_space_map, called from
cpu_physical_memory_map).  What is the value of rlen on entry and
exit?  The function is simple and the logic easy to follow.

> So not being a seabios expert, this is as far as I've gotten..  One
> change that does appear to avoid this behavior is when vp_reset() is
> called right after virtio_scsi_scan_target() occurs.  (See below)

This is not leftover PCI config space, it is because you've disabled virtio-scsi
and thus vhost_verify_ring_mappings() does not run at all, I think.

Paolo

More information about the SeaBIOS mailing list