QEMU源码全解析 —— PCI设备模拟(7)

于 2024-01-13 07:51:54 发布
阅读量610 收藏
点赞数 13
分类专栏: QEMU/KVM KVM 文章标签: QEMU KVM PCI
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接: https://blog.csdn.net/phmatthaus/article/details/135547308
版权
QEMU/KVM 同时被 2 个专栏收录
123 篇文章 36 订阅 ¥49.90 ¥99.00
已订阅 8折续费
KVM
88 篇文章 19 订阅
订阅专栏
您已是超级会员,正在免费阅读会员专享内容
查看更多超级会员权益
本文深入解析QEMU中PCI设备模拟的MMIO读写回调函数,介绍了MemoryRegionOps结构及其实现的读写操作。在虚拟机访问设备MMIO时,QEMU会调用相应的回调函数进行模拟处理,如设置值、触发中断或进行DMA操作。
摘要由CSDN通过智能技术生成

接前一篇文章:

上一回讲解了pci_edu_realize函数中的pci_register_bar函数,本回开始对于edu设备的MMIO读写函数进行解析。

操作系统 与PCI设备交互的主要方式是PIO和MMIO。MMIO虽然是一段内存,但是其没有EPT映射,在 虚拟机 访问设备的MMIO时,会产生VM Exit;KVM识别此MMIO访问并且将该访问分派到应用层QEMU中;QEMU根据内存虚拟化的步骤进行分派,找到设备注册的MMIO读写回调函数;设备的MMIO读写回调函数根据设备的功能进行模拟,完成模拟之后可能会发送中断到虚拟机中,从而完成一些MMIO访问。

前文书( QEMU源码全解析 —— PCI设备模拟(5) )已经讲过,pci_edu_realize函数中调用memory_region_init_io函数,指定其读写函数是edu_mmio_ops。

edu_mmio_ops在hw/misc/edu中初始化,代码如下: 

  1. static const MemoryRegionOps edu_mmio_ops = {
  2.     .read = edu_mmio_read,
  3.     .write = edu_mmio_write,
  4.     .endianness = DEVICE_NATIVE_ENDIAN,
  5.     .valid = {
  6.         .min_access_size = 4,
  7.         .max_access_size = 8,
  8.     },
  9.     .impl = {
  10.         .min_access_size = 4,
  11.         .max_access_size = 8,
  12.     },
  13.  
  14. };

edu_mmio_ops的类型为MemoryRegionOps,此结构在include/exec/memory.h中定义,代码如下: 

typedef struct MemoryRegionOps MemoryRegionOps;

而struct MemoryRegionOps的定义也在include/exec/memory.h中,如下: 

  1. /*
  2.  * Memory region callbacks
  3.  */
  4. struct MemoryRegionOps {
  5.     /* Read from the memory region. @addr is relative to @mr; @size is
  6.      * in bytes. */
  7.     uint64_t (*read)(void *opaque,
  8.                      hwaddr addr,
  9.                      unsigned size);
  10.     /* Write to the memory region. @addr is relative to @mr; @size is
  11.      * in bytes. */
  12.     void (*write)(void *opaque,
  13.                   hwaddr addr,
  14.                   uint64_t data,
  15.                   unsigned size);
  16.  
  17.     MemTxResult (*read_with_attrs)(void *opaque,
  18.                                    hwaddr addr,
  19.                                    uint64_t *data,
  20.                                    unsigned size,
  21.                                    MemTxAttrs attrs);
  22.     MemTxResult (*write_with_attrs)(void *opaque,
  23.                                     hwaddr addr,
  24.                                     uint64_t data,
  25.                                     unsigned size,
  26.                                     MemTxAttrs attrs);
  27.  
  28.     enum device_endian endianness;
  29.     /* Guest-visible constraints: */
  30.     struct {
  31.         /* If nonzero, specify bounds on access sizes beyond which a machine
  32.          * check is thrown.
  33.          */
  34.         unsigned min_access_size;
  35.         unsigned max_access_size;
  36.         /* If true, unaligned accesses are supported.  Otherwise unaligned
  37.          * accesses throw machine checks.
  38.          */
  39.          bool unaligned;
  40.         /*
  41.          * If present, and returns #false, the transaction is not accepted
  42.          * by the device (and results in machine dependent behaviour such
  43.          * as a machine check exception).
  44.          */
  45.         bool (*accepts)(void *opaque, hwaddr addr,
  46.                         unsigned size, bool is_write,
  47.                         MemTxAttrs attrs);
  48.     } valid;
  49.     /* Internal implementation constraints: */
  50.     struct {
  51.         /* If nonzero, specifies the minimum size implemented.  Smaller sizes
  52.          * will be rounded upwards and a partial result will be returned.
  53.          */
  54.         unsigned min_access_size;
  55.         /* If nonzero, specifies the maximum size implemented.  Larger sizes
  56.          * will be done as a series of accesses with smaller sizes.
  57.          */
  58.         unsigned max_access_size;
  59.         /* If true, unaligned accesses are supported.  Otherwise all accesses
  60.          * are converted to (possibly multiple) naturally aligned accesses.
  61.          */
  62.         bool unaligned;
  63.     } impl;
  64. };

其中的read和Write函数分别表示该MMIO的读写回调;endianness表示字节的大小端模式。

以write回调函数为例, 

  1.     /* Write to the memory region. @addr is relative to @mr; @size is
  2.      * in bytes. */
  3.     void (*write)(void *opaque,
  4.                   hwaddr addr,
  5.                   uint64_t data,
  6.                   unsigned size);
  1. static void edu_mmio_write(void *opaque, hwaddr addr, uint64_t val,
  2.                 unsigned size)

其原型中的opaque表示的是设备的对象;addr表示虚拟机读的地址在该MMIO中的偏移地址;data(val)表示要写入的值;size表示写入值的大小,通常由单字节、双字节、四字节以及八字节。

edu_mmio_write函数同样在hw/misc/edu.c中,代码如下: 

  1. static void edu_mmio_write(void *opaque, hwaddr addr, uint64_t val,
  2.                 unsigned size)
  3. {
  4.     EduState *edu = opaque;
  5.  
  6.     if (addr < 0x80 && size != 4) {
  7.         return;
  8.     }
  9.  
  10.     if (addr >= 0x80 && size != 4 && size != 8) {
  11.         return;
  12.     }
  13.  
  14.     switch (addr) {
  15.     case 0x04:
  16.         edu->addr4 = ~val;
  17.         break;
  18.     case 0x08:
  19.         if (qatomic_read(&edu->status) & EDU_STATUS_COMPUTING) {
  20.             break;
  21.         }
  22.         /* EDU_STATUS_COMPUTING cannot go 0->1 concurrently, because it is only
  23.          * set in this function and it is under the iothread mutex.
  24.          */
  25.         qemu_mutex_lock(&edu->thr_mutex);
  26.         edu->fact = val;
  27.         qatomic_or(&edu->status, EDU_STATUS_COMPUTING);
  28.         qemu_cond_signal(&edu->thr_cond);
  29.         qemu_mutex_unlock(&edu->thr_mutex);
  30.         break;
  31.     case 0x20:
  32.         if (val & EDU_STATUS_IRQFACT) {
  33.             qatomic_or(&edu->status, EDU_STATUS_IRQFACT);
  34.             /* Order check of the COMPUTING flag after setting IRQFACT.  */
  35.             smp_mb__after_rmw();
  36.         } else {
  37.             qatomic_and(&edu->status, ~EDU_STATUS_IRQFACT);
  38.         }
  39.         break;
  40.     case 0x60:
  41.         edu_raise_irq(edu, val);
  42.         break;
  43.     case 0x64:
  44.         edu_lower_irq(edu, val);
  45.         break;
  46.     case 0x80:
  47.         dma_rw(edu, true, &val, &edu->dma.src, false);
  48.         break;
  49.     case 0x88:
  50.         dma_rw(edu, true, &val, &edu->dma.dst, false);
  51.         break;
  52.     case 0x90:
  53.         dma_rw(edu, true, &val, &edu->dma.cnt, false);
  54.         break;
  55.     case 0x98:
  56.         if (!(val & EDU_DMA_RUN)) {
  57.             break;
  58.         }
  59.         dma_rw(edu, true, &val, &edu->dma.cmd, true);
  60.         break;
  61.     }
  62. }

edu_mmio_write函数展示了一个虚拟机在写设备MMIO地址时QEMU中设备模拟的典型行为。

(1)首先,需要检查读写地址以及大小是否在范围之内。代码片段如下: 

  1.     if (addr < 0x80 && size != 4) {
  2.         return;
  3.     }
  4.  
  5.     if (addr >= 0x80 && size != 4 && size != 8) {
  6.         return;
  7.     }

(2)然后,根据具体的地址来进行适当的行为。

这些行为可以是简单地设置一个值,如这里的写0x04地址,代码片段如下: 

  1.     case 0x04:
  2.         edu->addr4 = ~val;
  3.         break;

也可以是将中断设置为高电平(写0x60地址)或者设置为低电平(写0x64地址),代码片段如下: 

  1.     case 0x60:
  2.         edu_raise_irq(edu, val);
  3.         break;
  4.     case 0x64:
  5.         edu_lower_irq(edu, val);
  6.         break;

还可以是通过dma读写设备虚拟机的物理地址(写0x80地址),代码片段如下: 

  1.     case 0x80:
  2.         dma_rw(edu, true, &val, &edu->dma.src, false);
  3.         break;

对于read回调函数,也是类似的机制。这里仅给出edu_mmio_read函数源码,在hw/misc/edu.c中,代码如下: 

  1. static uint64_t edu_mmio_read(void *opaque, hwaddr addr, unsigned size)
  2. {
  3.     EduState *edu = opaque;
  4.     uint64_t val = ~0ULL;
  5.  
  6.     if (addr < 0x80 && size != 4) {
  7.         return val;
  8.     }
  9.  
  10.     if (addr >= 0x80 && size != 4 && size != 8) {
  11.         return val;
  12.     }
  13.  
  14.     switch (addr) {
  15.     case 0x00:
  16.         val = 0x010000edu;
  17.         break;
  18.     case 0x04:
  19.         val = edu->addr4;
  20.         break;
  21.     case 0x08:
  22.         qemu_mutex_lock(&edu->thr_mutex);
  23.         val = edu->fact;
  24.         qemu_mutex_unlock(&edu->thr_mutex);
  25.         break;
  26.     case 0x20:
  27.         val = qatomic_read(&edu->status);
  28.         break;
  29.     case 0x24:
  30.         val = edu->irq_status;
  31.         break;
  32.     case 0x80:
  33.         dma_rw(edu, false, &val, &edu->dma.src, false);
  34.         break;
  35.     case 0x88:
  36.         dma_rw(edu, false, &val, &edu->dma.dst, false);
  37.         break;
  38.     case 0x90:
  39.         dma_rw(edu, false, &val, &edu->dma.cnt, false);
  40.         break;
  41.     case 0x98:
  42.         dma_rw(edu, false, &val, &edu->dma.cmd, false);
  43.         break;
  44.     }
  45.  
  46.     return val;
  47. }

欲知后事如何,且看下回分解。

举报

选择你想要举报的内容(必选)
  • 内容涉黄
  • 政治相关
  • 内容抄袭
  • 涉嫌广告
  • 内容侵权
  • 侮辱谩骂
  • 样式问题
  • 其他

取消

确定