This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


RE: [Xen-devel] VT/ioemu: vga memory access?

To: "Gerd Hoffmann" <kraxel@xxxxxxx>
Subject: RE: [Xen-devel] VT/ioemu: vga memory access?
From: "Petersson, Mats" <Mats.Petersson@xxxxxxx>
Date: Tue, 16 May 2006 18:20:28 +0200
Cc: Xen devel list <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 16 May 2006 09:20:06 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcZ5A+8ZRxWvad4tRACSQZLNLun3UgAAJkvg
Thread-topic: [Xen-devel] VT/ioemu: vga memory access?
> -----Original Message-----
> From: Gerd Hoffmann [mailto:kraxel@xxxxxxx] 
> Sent: 16 May 2006 16:57
> To: Petersson, Mats
> Cc: Xen devel list
> Subject: Re: [Xen-devel] VT/ioemu: vga memory access?
>   Hi,
> >> How is vga vram access handled in the device model?  Is there some 
> >> kind of notification system, by mapping those pages 
> read-only, then 
> >> trap and forward any write access to qemu-dm?
> > 
> > Actually, xen HVM handles all memory mapped IO in the same 
> way - pages 
> > are not present, causing a page-fault and then checking the address 
> > against a "memory mapped IO range" in the function
> > mmio_space() [I haven't looked inside this function], and if it's a 
> > match it's passed to QEMU via handle_mmio().
> I think I found the bug.  It's actually in handle_mmio() ;)  
> The "case INSTR_MOVS" has code which deals with page 
> boundaries.  The code allways _adds_ the count (ecx) to 
> figure whenever the "repz movsb" crosses a page boundary or 
> not.  In case the direction flag is set this isn't correct, 
> it should subtract instead.  Subsequently it mis-calculates 
> count, making it _larger_ than it was because the copy 
> wouldn't have crossed a page boundary, leading to the 
> negative ecx value in the register dump ...

I think you're right... 

I'll write some simple test code to check it out, and let you know... 

> cheers,
>   Gerd
> --
> Gerd Hoffmann <kraxel@xxxxxxx>
> Erst mal heiraten, ein, zwei Kinder, und wenn alles läuft 
> geh' ich nach drei Jahren mit der Familie an die Börse.
> http://www.suse.de/~kraxel/julika-dora.jpeg

Xen-devel mailing list