The descriptor table (also known as "queue") consists of descriptors. (The
corresponding type in the code is VRING_DESC.)
An individual descriptor describes a contiguous buffer, to be transferred
uni-directionally between host and guest.
Several descriptors in the descriptor table can be linked into a
descriptor chain, specifying a bi-directional scatter-gather transfer
between host and guest. Such a descriptor chain is also known as "virtio
request".
(The descriptor table can host sereval descriptor chains (in-flight virtio
requests) in parallel, but the OVMF driver supports at most one chain, at
any point in time.)
The first descriptor in any descriptor chain is called "head descriptor".
In order to submit a number of parallel requests (= a set of independent
descriptor chains) from the guest to the host, the guest must put *only*
the head descriptor of each separate chain onto the Available Ring.
VirtioLib currently places the head of its one descriptor chain onto the
Available Ring repeatedly, once for each single (head *or* dependent)
descriptor in said descriptor chain. If the descriptor chain comprises N
descriptors, this error amounts to submitting the same entire chain N
times in parallel.
Available Ring Descriptor table
Ptr to head ----> Desc#0 (head of chain)
Ptr to head --/ Desc#1 (next in same chain)
... / ...
Ptr to head / Desc#(N-1) (last in same chain)
Anatomy of a single virtio-blk READ request (a descriptor chain with three
descriptors):
virtio-blk request header, prepared by guest:
VirtioAppendDesc PhysAddr=3FBC6050 Size=16 Flags=1 Head=1232 Next=1232
payload to be filled in by host:
VirtioAppendDesc PhysAddr=3B934C00 Size=32768 Flags=3 Head=1232 Next=1233
host status, to be filled in by host:
VirtioAppendDesc PhysAddr=3FBC604F Size=1 Flags=2 Head=1232 Next=1234
Processing on the host side -- the descriptor chain is processed three
times in parallel (its head is available to virtqueue_pop() thrice); the
same chain is submitted/collected separately to/from AIO three times:
virtio_queue_notify vdev VDEV vq VQ#0
virtqueue_pop vq VQ#0 elem EL#0 in_num 2 out_num 1
bdrv_aio_readv bs BDRV sector_num 585792 nb_sectors 64 opaque REQ#0
virtqueue_pop vq VQ#0 elem EL#1 in_num 2 out_num 1
bdrv_aio_readv bs BDRV sector_num 585792 nb_sectors 64 opaque REQ#1
virtqueue_pop vq VQ#0 elem EL#2 in_num 2 out_num 1
bdrv_aio_readv bs BDRV sector_num 585792 nb_sectors 64 opaque REQ#2
virtio_blk_rw_complete req REQ#0 ret 0
virtio_blk_req_complete req REQ#0 status 0
virtio_blk_rw_complete req REQ#1 ret 0
virtio_blk_req_complete req REQ#1 status 0
virtio_blk_rw_complete req REQ#2 ret 0
virtio_blk_req_complete req REQ#2 status 0
On my Thinkpad T510 laptop with RHEL-6 as host, this probably leads to
simultaneous DMA transfers targeting the same RAM area. Even though the
source of each transfer is identical, the data is corrupted in the
destination buffer -- the CRC32 calculated over the buffer varies, even
though the origin of the transfers is the same, never rewritten LBA.
SynchronousRequest Lba=585792 BufSiz=32768 ReqIsWrite=0 Crc32=BF68A44D
The problem is invisible on my HP Z400 workstation.
Fix the request submission by:
- building the only one descriptor chain supported by VirtioLib always at
the beginning of the descriptor table,
- ensuring the head descriptor of this chain is put on the Available Ring
only once,
- requesting the virtio spec's language to be cleaned up
<http://lists.linuxfoundation.org/pipermail/virtualization/2013-April/024032.html>.
Available Ring Descriptor table
Ptr to head ----> Desc#0 (head of chain)
Desc#1 (next in same chain)
...
Desc#(N-1) (last in same chain)
VirtioAppendDesc PhysAddr=3FBC6040 Size=16 Flags=1 Head=0 Next=0
VirtioAppendDesc PhysAddr=3B934C00 Size=32768 Flags=3 Head=0 Next=1
VirtioAppendDesc PhysAddr=3FBC603F Size=1 Flags=2 Head=0 Next=2
virtio_queue_notify vdev VDEV vq VQ#0
virtqueue_pop vq VQ#0 elem EL#0 in_num 2 out_num 1
bdrv_aio_readv bs BDRV sector_num 585792 nb_sectors 64 opaque REQ#0
virtio_blk_rw_complete req REQ#0 ret 0
virtio_blk_req_complete req REQ#0 status 0
SynchronousRequest Lba=585792 BufSiz=32768 ReqIsWrite=0 Crc32=1EEB2B07
(The Crc32 was double-checked with edk2's and Linux's guest IDE driver.)
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14356 6f19259b-4bc3-4df7-8a09-765794883524
Also, add a small delay after the 0xCF9 hard reset request -- on qemu/kvm the
port access is translated to the qemu-internal system reset request by the CPU
thread, and it might progress some more before the IO thread acts upon the
system reset request.
MicroSecondDelay() is implemented by OvmfPkg's own AcpiTimerLib.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14158 6f19259b-4bc3-4df7-8a09-765794883524
The reset requested via the keyboard controller (port 0x64) is actually a
soft reset, but qemu has supported it since forever (plus qemu has not
distinguished between hard reset and soft reset, although this is changing
now). Therefore leave the current IoWrite() in place for compatibility.
On qemu versions with commit 1ec4ba74 ("PIIX3: reset the VM when the Reset
Control Register's RCPU bit gets set"), use the PIIX3 RCR as first choice.
In the future qemu will act differently on soft vs. hard reset requests,
and we should honor that in ResetCold().
Writing to ioport 0xCF9 on qemu builds prior to commit 1ec4ba74 should
have no effect. Access to the PCI host config register went through
several implementations in qemu. Commit 9f6f0423 ("pci_host: rewrite
using rwhandler") seems safe, both before and after.
Commit d0ed8076 ("pci_host: convert conf index and data ports to memory
API") inadvertently dropped the alignment/size check, causing a boot
regression on NetBSD. It was fixed about six months later in commit
cdde6ffc, which is current. Translating that to qemu releases, the bug
was visible from v1.0 to v1.1.0.
On physical hardware cycling between reset methods is sometimes necessary
<http://mjg59.dreamwidth.org/3561.html>. On qemu the port access should
trap immediately.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14157 6f19259b-4bc3-4df7-8a09-765794883524
Usage of the EFI entry point was made feasible in the kernel
x64 boot protocol 2.12 where a 32-bit & 64-bit entry point
became well defined.
http://git.kernel.org/linus/09c205af
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14132 6f19259b-4bc3-4df7-8a09-765794883524
The Xcode assembler is much pickier than GCC. Also the 64-bit
linker is not a fan of relocations so it is better to us IP
relative code, but at least it removes a relocation entry.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Andrew Fish <afish@apple.com>
[jordan.l.justen@intel.com: use .byte for retfq rather than lret]
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14055 6f19259b-4bc3-4df7-8a09-765794883524
We're supposed to zero everything in the kernel bootparams that we don't
explicitly initialise, other than the setup_header from 0x1f1 onwards
for a precisely defined length, which is copied from the bzImage.
We're *not* supposed to just pass the garbage that we happened to find
in the bzImage file surrounding the setup_header.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14052 6f19259b-4bc3-4df7-8a09-765794883524
Boot protocol 2.05 just means that the relocatable_kernel field is present
in the header. We should actually check that it's *set*.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14051 6f19259b-4bc3-4df7-8a09-765794883524
We currently just jump to offset 0x200 in the kernel image, in 64-bit
mode. This is completely broken. If it's a 32-bit kernel, we'll be
jumping into the compressed data payload.
If it's a 64-bit kernel, it'll work... but the 0x200 offset is
explicitly marked as 'may change in the future', has already changed
from 0x100 to 0x200 in the past with no fanfare, and bootloaders are
instructed that they should look at the ELF header to find the offset.
So although it does actually work today, it's still broken in the
"someone needs to whipped for doing it this way" sense of the word.
In fact, the same bug exists in other bootloaders so the 0x200 offset
probably *is* now set in stone. But still it's only valid to use it if
we *know* it's a 64-bit kernel. And we don't. There *is* no ELF header
that we can look at when we're booting a bzImage, and we can't rely on
it having a PE/COFF header either.
The 32-bit entry point is always guaranteed to work, and we need to
support it anyway. So let's just *always* use it, in 32-bit mode, and
then we don't have to make up some horrible heuristics for detecting
32-bit vs. 64-bit kernels.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14045 6f19259b-4bc3-4df7-8a09-765794883524
If QEMU's -kernel parameter was used, then download the
kernel from the FwCfg interface, and launch it. (See -kernel,
-initrd, -append) The application uses the LoadLinuxLib to boot
the kernel image.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13923 6f19259b-4bc3-4df7-8a09-765794883524
This code is based on efilinux's bzimage support.
git://git.kernel.org/pub/scm/boot/efilinux/efilinux.git
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Matt Fleming <matt.fleming@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13922 6f19259b-4bc3-4df7-8a09-765794883524
AppendDesc() should have a prefix implying its containing library,
VirtioLib. Update its sole client VirtioBlkDxe.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13843 6f19259b-4bc3-4df7-8a09-765794883524
Introduce a new library called VirtioLib, for now only collecting the
following reusable functions with as little changes as possible:
- VirtioWrite()
- VirtioRead()
- VirtioRingInit()
- VirtioRingUninit()
- AppendDesc()
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13842 6f19259b-4bc3-4df7-8a09-765794883524
2 nodes in an OpenFirmware device path are sufficient for the generic
check at the beginning of TranslateOfwNodes(). The driver specific
branches check for the necessary nodes individually.
The number of nodes saved for examination is unchanged.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13800 6f19259b-4bc3-4df7-8a09-765794883524
The TimerLib in the OvmfPkg uses a global variable called mPmba and depends on that global being updated. This works for modules loaded into memory, but not XIP modules in ROM/FLASH.
This patch removes the mPmba global variable and instead reads the PIIX4 Power Management Base Address from PCI configuration space when it is needed. This patch also simplifies the initialization logic in the constructor and introduces #defines to eliminate hard coded values in the function implementations. According to the PIIX4 documentation, the IO Space enable bit in the PCI Command Register does not have to be set for the Power Management Base Address to be decoded, so that one op has been removed from the constructor.
I have tested this patch with QEMU and verified that the UDK Debugger us functional when SOURCE_DEBUG_ENABLE is set.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
I also tested it with RHEL-6.3 guest boot/shutdown, Fedora 18 Alpha XFCE
guest boot/shutdown, and Windows 8 Consumer Preview guest
boot/reboot/shutdown. (RHEL-6.3 host.) I didn't notice any adverse effects.
Tested-by: Laszlo Ersek <lersek@redhat.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13783 6f19259b-4bc3-4df7-8a09-765794883524
The Index Register Base Address bitfield is selected by the binary mask
00000000 00000000 11111111 11000000, 0xFFC0; fix the typo.
Reported-by: Gleb Natapov <gleb@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13720 6f19259b-4bc3-4df7-8a09-765794883524
Set the boot order based on configuration retrieved from QEMU.
Attempt to retrieve the "bootorder" fw_cfg file from QEMU. Translate the
OpenFirmware device paths therein to UEFI device path fragments. Match the
translated fragments against the enumerated BootOptionList, and rewrite
the BootOrder NvVar so that it corresponds to the order described in
fw_cfg.
The user is expected to configure working boot options first.
Tested via virt-manager's boot order widget.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13683 6f19259b-4bc3-4df7-8a09-765794883524
This patch adds support for a debug console on the same port that is used
by SeaBIOS. This makes it easier to debug OVMF, because it does not mix
debug and serial output on the same device. It also makes it easier to
leave some of the debug messages on even in release builds.
To enable it, pass "-debugcon stdio -global isa-debugcon.iobase=0x402" to
QEMU.
The new mechanism is enabled by default, but a regular serial console can
be chosen by adding -D DEBUG_ON_SERIAL_PORT to the build options.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
[jordan.l.justen@intel.com: MAX_DEBUG_MESSAGE_LENGTH=>0x100, p=>Ptr]
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13562 6f19259b-4bc3-4df7-8a09-765794883524
Tested with the "bootorder" fw_cfg file. Example contents (leading space
added and line terminators transcribed for readability):
/pci@i0cf8/ide@1,1/drive@0/disk@0<LF>
/pci@i0cf8/ide@1,1/drive@1/disk@0<LF>
/pci@i0cf8/ethernet@3/ethernet-phy@0<NUL>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13549 6f19259b-4bc3-4df7-8a09-765794883524
Older QEMU versions would load vgabios-cirrus.bin at 0xc0000 in
system RAM. We would then find this ROM, and try to run it, since
it would be our QEMU Video driver.
Now, the QEMU Video driver is just merged into the main OVMF
firmware image, so this support is unused.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13522 6f19259b-4bc3-4df7-8a09-765794883524
0xb000 is the address normally used with QEMU.
0x400 also appears to conflict with some debug I/O ports
used by QEMU.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Erik Bjorge <erik.c.bjorge@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Bei Guan <gbtju85@gmail.com>
Reviewed-by: Bei Guan <gbtju85@gmail.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13279 6f19259b-4bc3-4df7-8a09-765794883524
If the bit is not set, then the only method ACPI defines
for setting it is to use the SMI SCI enable code path.
Since OVMF does not support SMM, we must enable the
bit during boot.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Erik Bjorge <erik.c.bjorge@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Bei Guan <gbtju85@gmail.com>
Reviewed-by: Bei Guan <gbtju85@gmail.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13278 6f19259b-4bc3-4df7-8a09-765794883524
If –D SECURE_BOOT_ENABLE is specified with the build command, Secure Boot support is enabled including custom mode setup.
This allows Secure Boot to be configured through setup allowing OvmfPkgX64, OvmfPkgIa32 and OvmfPkg3264 to be a fully functional Secure Boot reference platforms.
Remove redundant library class definitions for BaseCryptLib and OpenSslLib.
Signed-off-by: Lee Rosenbaum <lee.g.rosenbaum@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Erik Bjorge <erik.c.bjorge@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13160 6f19259b-4bc3-4df7-8a09-765794883524
For the first instance of the library that runs, the
base is initialized to 0x400, but we access it at 0x401.
Signed-off-by: jljusten
Reviewed-by: niruiyu
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12121 6f19259b-4bc3-4df7-8a09-765794883524
If PIIX4 Power Management Base Address (PMBA) is already
programmed, then read and use it's current setting.
Signed-off-by: Andrei Warkentin <andreiw@motorola.com>
Reviewed-by: gavinguan
Signed-off-by: jljusten
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12053 6f19259b-4bc3-4df7-8a09-765794883524
This call can cause a reset, and is most critical for ACPI S3/S4
resume situations. OVMF does not support S3/S4.
OVMF does not have true non-volatile variable support, so
this call could cause a continuous reset situation in certain
scenarios. (The BdsLibSaveMemoryTypeInformation may set an
non-volatile variable, and then reset with the assumption that
the variable will still exist during the next boot.)
Additionally, some version of QEMU appear to hang when the
port 64 reset is initiated.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10927 6f19259b-4bc3-4df7-8a09-765794883524
Note:
* This only works before ExitBootServices
* For OVMF, variables are only preserved on the disk if there
is a hard disk connected which has a writeable FAT file system.
The Ovmf/Library/EmuVariableFvbLib library will look for the
gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent PCD to be set to
a non-zero value. If set, it is treated as an event handle, and
each write to the EmuVariableFvb will cause the event to be
signaled.
In this change, the OVMF platform BDS library sets up this event,
and sets the PCD so that after each write to the EMU Variable FVB,
the non-volatile variables will be saved out to the file system.
The end result is that NV variables that are written prior to the
ExitBootServices call should be preserved by storing them on the
disk.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@9318 6f19259b-4bc3-4df7-8a09-765794883524
This library provides an interface where variables can be saved and restored
using a file in a file system accessible to the firmware. It is expected
that a platform BDS library will use this library. The platform BDS
implementation can decide which devices to connect and then to attempt to use
for saving and restoring NV variables.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@9272 6f19259b-4bc3-4df7-8a09-765794883524
QEMU will automatically fill the video BIOS image into memory at the
legacy video BIOS memory location (0xc0000). This code will look
there for a EFI option rom image, and load it if it found. This
allows the video option ROM to be separated out from the main system
firmware image.
QEMU does not appear to emulate the PCI rom expansion method
for making the video BIOS available to the system.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8942 6f19259b-4bc3-4df7-8a09-765794883524
It is not proper for a library implementation to assume the names of function in a parent module.
Instead, they must be designed as the pointers to these two BdsDxe functions and passed in.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8931 6f19259b-4bc3-4df7-8a09-765794883524