@@ -266,6 +266,8 @@ PCIBus *i440fx_init(const char *host_type, const char *pci_type,
d = pci_create_simple(b, 0, pci_type);
*pi440fx_state = I440FX_PCI_DEVICE(d);
f = *pi440fx_state;
+ address_space_init(&f->memory_address_space, ram_memory,
+ "i440FX-RAM");
f->system_memory = address_space_mem;
f->pci_address_space = pci_address_space;
f->ram_memory = ram_memory;
@@ -295,12 +297,13 @@ PCIBus *i440fx_init(const char *host_type, const char *pci_type,
object_property_add_const_link(qdev_get_machine(), "smram",
OBJECT(&f->smram));
- init_pam(dev, f->ram_memory, f->system_memory, f->pci_address_space,
- &f->pam_regions[0], PAM_BIOS_BASE, PAM_BIOS_SIZE);
+ init_pam(dev, &f->memory_address_space, f->system_memory,
+ f->pci_address_space, &f->pam_regions[0], PAM_BIOS_BASE,
+ PAM_BIOS_SIZE);
for (i = 0; i < ARRAY_SIZE(f->pam_regions) - 1; ++i) {
- init_pam(dev, f->ram_memory, f->system_memory, f->pci_address_space,
- &f->pam_regions[i+1], PAM_EXPAN_BASE + i * PAM_EXPAN_SIZE,
- PAM_EXPAN_SIZE);
+ init_pam(dev, &f->memory_address_space, f->system_memory,
+ f->pci_address_space, &f->pam_regions[i + 1],
+ PAM_EXPAN_BASE + i * PAM_EXPAN_SIZE, PAM_EXPAN_SIZE);
}
ram_size = ram_size / 8 / 1024 / 1024;
@@ -28,43 +28,138 @@
*/
#include "qemu/osdep.h"
+#include "qapi/error.h"
#include "hw/pci-host/pam.h"
-void init_pam(DeviceState *dev, MemoryRegion *ram_memory,
- MemoryRegion *system_memory, MemoryRegion *pci_address_space,
- PAMMemoryRegion *mem, uint32_t start, uint32_t size)
+static void
+pam_rmem_write(void *opaque, hwaddr addr, uint64_t val, unsigned int size)
{
+ PAMMemoryRegion * const pam = (PAMMemoryRegion *)opaque;
+
+ (void)memory_region_dispatch_write(pam->pci_mr, pam->offset + addr,
+ val, size_memop(size), MEMTXATTRS_UNSPECIFIED);
+}
+
+static uint64_t
+pam_wmem_read(void *opaque, hwaddr addr, unsigned int size)
+{
+ PAMMemoryRegion * const pam = (PAMMemoryRegion *)opaque;
+ uint64_t val = (uint64_t)~0;
+
+ (void)memory_region_dispatch_read(pam->pci_mr, pam->offset + addr,
+ &val, size_memop(size), MEMTXATTRS_UNSPECIFIED);
+
+ return val;
+}
+
+static void
+pam_wmem_write(void *opaque, hwaddr addr, uint64_t val, unsigned int size)
+{
+ PAMMemoryRegion * const pam = (PAMMemoryRegion *)opaque;
+
+ switch (size) {
+ case 1:
+ stb_phys(pam->ram_as, pam->offset + addr, val);
+ break;
+ case 2:
+ stw_le_phys(pam->ram_as, pam->offset + addr, val);
+ break;
+ case 4:
+ stl_le_phys(pam->ram_as, pam->offset + addr, val);
+ break;
+ case 8:
+ stq_le_phys(pam->ram_as, pam->offset + addr, val);
+ break;
+ default:
+ g_assert_not_reached();
+ }
+}
+
+static const MemoryRegionOps pam_rmem_ops = {
+ .write = pam_rmem_write,
+};
+
+static const MemoryRegionOps pam_wmem_ops = {
+ .read = pam_wmem_read,
+ .write = pam_wmem_write,
+ .valid = {
+ .min_access_size = 1,
+ .max_access_size = 8,
+ .unaligned = true,
+ },
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 8,
+ .unaligned = true,
+ },
+};
+
+void init_pam(DeviceState *dev, AddressSpace *ram,
+ MemoryRegion *system, MemoryRegion *pci,
+ PAMMemoryRegion *pam, uint32_t start, uint32_t size)
+{
+ char name[12] = "pam-splitr";
int i;
- /* RAM */
- memory_region_init_alias(&mem->alias[3], OBJECT(dev), "pam-ram", ram_memory,
- start, size);
- /* ROM (XXX: not quite correct) */
- memory_region_init_alias(&mem->alias[1], OBJECT(dev), "pam-rom", ram_memory,
- start, size);
- memory_region_set_readonly(&mem->alias[1], true);
+ name[10] = (start >> 14) + 17;
+ name[11] = '\0';
- /* XXX: should distinguish read/write cases */
- memory_region_init_alias(&mem->alias[0], OBJECT(dev), "pam-pci", pci_address_space,
- start, size);
- memory_region_init_alias(&mem->alias[2], OBJECT(dev), "pam-pci", ram_memory,
- start, size);
+ /* Forward all memory accesses to the bus. */
+ memory_region_init_alias(&pam->alias[0], OBJECT(dev), "pam-pci",
+ pci, start, size);
+ /* Split modes */
+ /* Forward reads to RAM, writes to the bus. */
+ memory_region_init_rom_device(&pam->alias[1], OBJECT(dev),
+ &pam_rmem_ops, pam, name, size,
+ &error_fatal);
+
+ /* Forward writes to RAM, reads to the bus. */
+ name[9] = 'w';
+ memory_region_init_io(&pam->alias[2], OBJECT(dev), &pam_wmem_ops,
+ pam, name, size);
+
+ pam->current = 0;
memory_region_transaction_begin();
- for (i = 0; i < 4; ++i) {
- memory_region_set_enabled(&mem->alias[i], false);
- memory_region_add_subregion_overlap(system_memory, start,
- &mem->alias[i], 1);
+ for (i = 0; i < ARRAY_SIZE(pam->alias); ++i) {
+ memory_region_set_enabled(&pam->alias[i], i == pam->current);
+ memory_region_add_subregion_overlap(system, start,
+ &pam->alias[i], 1);
}
memory_region_transaction_commit();
- mem->current = 0;
+
+ pam->ram_as = ram;
+ pam->pci_mr = pci;
+ pam->offset = start;
}
-void pam_update(PAMMemoryRegion *pam, int idx, uint8_t val)
+void pam_update(PAMMemoryRegion *pam, uint8_t idx, uint8_t val)
{
- assert(0 <= idx && idx < PAM_REGIONS_COUNT);
+ uint8_t ai;
+ assert(idx < PAM_REGIONS_COUNT);
+ ai = (val >> ((!(idx & 1)) * 4)) & PAM_ATTR_MASK;
+
+ if (ai == pam->current) {
+ return;
+ }
+
+ /* The caller is responsible for setting up a transaction. */
memory_region_set_enabled(&pam->alias[pam->current], false);
- pam->current = (val >> ((!(idx & 1)) * 4)) & PAM_ATTR_MASK;
- memory_region_set_enabled(&pam->alias[pam->current], true);
+ switch (ai) {
+ case 1: {
+ const hwaddr pamsize = memory_region_size(&pam->alias[ai]);
+
+ (void)address_space_read(pam->ram_as, pam->offset,
+ MEMTXATTRS_UNSPECIFIED,
+ memory_region_get_ram_ptr(&pam->alias[ai]),
+ pamsize);
+ memory_region_flush_rom_device(&pam->alias[ai], 0, pamsize);
+ }
+ /* FALLTHROUGH */
+ case 0:
+ case 2:
+ memory_region_set_enabled(&pam->alias[ai], true);
+ pam->current = ai;
+ }
}
@@ -644,12 +644,16 @@ static void mch_realize(PCIDevice *d, Error **errp)
object_property_add_const_link(qdev_get_machine(), "smram",
OBJECT(&mch->smram));
- init_pam(DEVICE(mch), mch->ram_memory, mch->system_memory,
- mch->pci_address_space, &mch->pam_regions[0],
- PAM_BIOS_BASE, PAM_BIOS_SIZE);
+ address_space_init(&mch->memory_address_space, mch->ram_memory,
+ "ich9-ram");
+
+ init_pam(DEVICE(mch), &mch->memory_address_space,
+ mch->system_memory, mch->pci_address_space,
+ &mch->pam_regions[0], PAM_BIOS_BASE, PAM_BIOS_SIZE);
for (i = 0; i < ARRAY_SIZE(mch->pam_regions) - 1; ++i) {
- init_pam(DEVICE(mch), mch->ram_memory, mch->system_memory,
- mch->pci_address_space, &mch->pam_regions[i+1],
+ init_pam(DEVICE(mch), &mch->memory_address_space,
+ mch->system_memory, mch->pci_address_space,
+ &mch->pam_regions[i + 1],
PAM_EXPAN_BASE + i * PAM_EXPAN_SIZE, PAM_EXPAN_SIZE);
}
}
@@ -25,6 +25,7 @@ struct PCII440FXState {
PCIDevice parent_obj;
/*< public >*/
+ AddressSpace memory_address_space;
MemoryRegion *system_memory;
MemoryRegion *pci_address_space;
MemoryRegion *ram_memory;
@@ -83,12 +83,18 @@
#define PAM_REGIONS_COUNT 13
typedef struct PAMMemoryRegion {
- MemoryRegion alias[4]; /* index = PAM value */
+ MemoryRegion alias[3]; /* index = PAM value */
unsigned current;
+ ram_addr_t offset;
+ AddressSpace *ram_as;
+ MemoryRegion *pci_mr;
} PAMMemoryRegion;
-void init_pam(DeviceState *dev, MemoryRegion *ram, MemoryRegion *system,
- MemoryRegion *pci, PAMMemoryRegion *mem, uint32_t start, uint32_t size);
-void pam_update(PAMMemoryRegion *mem, int idx, uint8_t val);
+void init_pam(DeviceState *dev, AddressSpace *ram_as,
+ MemoryRegion *system, MemoryRegion *pci,
+ PAMMemoryRegion *pam, uint32_t start, uint32_t size);
+
+/* The caller is responsible for setting up a memory transaction. */
+void pam_update(PAMMemoryRegion *pam, uint8_t idx, uint8_t val);
#endif /* QEMU_PAM_H */
@@ -40,6 +40,7 @@ struct MCHPCIState {
PCIDevice parent_obj;
/*< public >*/
+ AddressSpace memory_address_space;
MemoryRegion *ram_memory;
MemoryRegion *pci_address_space;
MemoryRegion *system_memory;
The Programmable Attribute Registers (PAM) of QEMU's emulated i440FX chipset now fully support the exclusive Read Enable (RE) and Write Enable (WE) modes by forwarding reads of the applicable PAM region to RAM and writes to the bus or vice versa, respectively. This chipset functionality is often used by x86 firmware for shadowing ROM. The prior behavior for the RE case was to setup a RAM alias and mark it read-only, but writes were not forwarded to the bus and read-only aliases of RAM do not prevent writes. Programs running on operating systems without memory protection could potentially overwrite shadowed ROMS. Now, pam.c creates a ROMD region (backed by its own allocated memory) coupled with a memory operation that forwards writes to the bus. For the WE case, a RAM alias was created, but reads were not forwarded to the bus. This prevents the classic BIOS shadowing mechanism, which is executing from flash ROM while copying the contents to RAM. pam.c now creates a MMIO region that writes directly to the chipset's RAM address space (bypassing the PAM region) and forwards reads to the bus. Additional changes: - Change parameter names from mem to pam. - Change the pam_update parameter idx to type uint8_t, eliminating an assert check. - pam_update: Return quickly if the PAM attributes are unchanged. - Remove the fourth PAM alias, for normal RAM-based reads and writes of PAM regions, saving memory and clutter in mtree output. Tested with SeaBIOS and AMIBIOS. Signed-off-by: Lev Kujawski <lkujaw@member.fsf.org> --- (v3) Relocate ownership of the RAM address space into the respective PAM chipsets. Eliminates the mtree duplicates. Avoid changing the PAM region if possible. Flush ROM after writing. (v2) Write to an AddressSpace mapped over ram_memory instead of using a pointer, as it suprisingly may not be backed by RAM on, e.g., NUMA configurations. hw/pci-host/i440fx.c | 13 ++-- hw/pci-host/pam.c | 143 +++++++++++++++++++++++++++++------ hw/pci-host/q35.c | 14 ++-- include/hw/pci-host/i440fx.h | 1 + include/hw/pci-host/pam.h | 14 +++- include/hw/pci-host/q35.h | 1 + 6 files changed, 148 insertions(+), 38 deletions(-)