Changeset 82


Ignore:
Timestamp:
Dec 2, 2009, 3:29:32 PM (6 years ago)
Author:
stepan
Message:

LUA update:

  • Fix IOAPIC and Local APIC handling by always sending the APIC writes to the CPU. Attention: This means that multi CPU/core startup commands (IPI) to be filtered (or CPUID needs to be filtered to tell the BIOS that there is only a single CPU/core)
  • Don't log ROM accesses per default (makes logs easier to read)
  • Catch the end of RAM initialization (mainboard AND BIOS specific) and let RAM accesses go to Qemu instead of the target once the RAM is initialized. Right now this is only tested on one board with i945 and Phoenix BIOS. This patch incredibly speeds up SerialICE once memory is there. Within a few hours I was able to produce a 5.5GB log file whereas before a 10MB log file took two full days.
  • Don't log RAM accesses once RAM is there... Fills up your hard drive far too quickly.
  • Remove a number of semicolons as they're not needed by LUA
  • return 0xff instead of 0x00 on fake serial accesses
  • don't write to Qemu anymore per default, as there's nothing there per default anymore.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/SerialICE/scripts/serialice.lua

    r54 r82  
    3333end
    3434
     35
     36-- In the beginning, during RAM initialization, it is essential that
     37-- all DRAM accesses are handled by the target, or RAM will not work
     38-- correctly. After RAM initialization, RAM access has no "special"
     39-- meaning anymore, so we can just use Qemu's memory (and thus get
     40-- an incredible speed-up)
     41
     42ram_is_initialized = false
     43
     44-- Whether to log read access (code fetches) to 0xe0000 to 0xfffff
     45
     46log_rom_access = false
     47
     48-- Remember the PCI device selected via IO CF8
     49
    3550SerialICE_pci_device = 0
    3651
     
    6277
    6378        if port >= 0x3f8 and port <= 0x3ff then
    64                 printf("serial I/O (filtered)\n")
    65                 data = 0x00
     79                printf("Serial I/O read (filtered)\n")
     80                data = 0xff
    6681                caught = true
    6782        end
     
    111126                -- Catch PCIe base address
    112127                if SerialICE_pci_device == 0x80000048 then
    113                         PCIe_bar  = bit.band(0xfc000000,data);
    114                         PCIe_size = 64 * 1024; -- hard coded for now.
    115                         printf("PCIe BAR set up: 0x%08x\n", PCIe_bar);
     128                        PCIe_bar  = bit.band(0xfc000000,data)
     129                        PCIe_size = 64 * 1024 -- hard coded for now.
     130                        printf("PCIe BAR set up: 0x%08x\n", PCIe_bar)
    116131                end
    117132
     
    197212                printf("COM1: %c\n", data)
    198213                return true, data
     214        end
     215
     216        -- **********************************************************
     217        --
     218        -- Intel 82945 (reference BIOS) RAM switch
     219        --
     220
     221        -- The RAM initialization code for the i945 used by AMI and
     222        -- Phoenix uses the same POST codes. We use this to determine
     223        -- when RAM init is done on that chipset.
     224        -- Not catching the end of RAM init is not problematic, except
     225        -- that it makes decompression of the BIOS core to RAM incredibly
     226        -- slow as the decompressor inner loop has to be fetched
     227        -- permanently from the target (several reads/writes per
     228        -- decompressed byte).
     229
     230        if port == 0x80 and data == 0xff37 then
     231                ram_is_initialized = true
     232                -- Register low RAM 0x00000000 - 0x000dffff
     233                SerialICE_register_physical(0x00000000, 0xa0000)
     234                -- SMI/VGA memory should go to the target...
     235                SerialICE_register_physical(0x000c0000, 0x20000)
     236                printf("\nLow RAM accesses are now directed to Qemu.\n")
    199237        end
    200238
     
    246284                -- We should avoid that someone wakes up cores
    247285                -- on the target system that go wild.
    248                 return false, true, 0 -- Handle by Qemu for now
     286                return true, false, 0 -- XXX Handled by target
    249287        elseif  addr >= 0xfec00000 and addr <= 0xfecfffff then
    250288                -- IO APIC.. Hm, not sure what to do here.
    251                 return false, true, 0 -- Handle by Qemu for now
     289                return true, false, 0 -- XXX Handled by target
    252290        elseif  addr >= 0xfed40000 and addr <= 0xfed45000 then
    253291                -- ICH7 TPM
    254292                -- Phoenix "Secure" Core bails out if we don't pass this on ;-)
    255293                return true, false, 0
    256         elseif  addr >= 0x000c0000 and addr <= 0x000fffff then
     294        elseif  addr >= 0x000e0000 and addr <= 0x000fffff then
    257295                -- Low ROM accesses go to Qemu memory
    258296                return false, true, 0
    259         elseif  addr >= 0x00000000 and addr <= 0x000bffff then
     297        elseif  addr >= 0x000a0000 and addr <= 0x000affff then
     298                -- SMI/VGA go to target
     299                return true, false, 0
     300        elseif  addr >= 0x00000000 and addr <= 0x000dffff then
    260301                -- RAM access. This is handled by SerialICE
    261302                -- but *NOT* exclusively. Writes should end
    262303                -- up in Qemu memory, too
    263                 return true, false, 0
     304                if not ram_is_initialized then
     305                        -- RAM init has not not been marked done yet.
     306                        -- so send reads to the target only.
     307                        return true, false, 0
     308                end
     309                -- RAM init is done. Send all RAM accesses
     310                -- to Qemu. Using the target as storage would
     311                -- only slow execution down.
     312                -- TODO handle VGA / SMI memory correctly
     313                return false, true, 0
    264314        elseif  addr >= 0x00100000 and addr <= 0xcfffffff then
    265                 -- 3.25GB RAM. This is handled by SerialICE
    266                 -- but *NOT* exclusively. Writes should end
    267                 -- up in Qemu memory, too
     315                -- 3.25GB RAM. This is handled by SerialICE.
     316                -- We refrain from backing up this memory in Qemu
     317                -- because Qemu would need 3.25G RAM on the host
     318                -- and firmware usually does not intensively use
     319                -- high memory anyways.
    268320                return true, false, 0
    269321        else
     
    287339function SerialICE_memory_write_filter(addr, size, data)
    288340        if      addr >= 0xfff00000 and addr <= 0xffffffff then
    289                 io.write("\nWARNING: write access to ROM?\n")
     341                printf("\nWARNING: write access to ROM?\n")
    290342                -- ROM accesses go to Qemu only
    291343                return false, true, data
     
    311363                -- We should avoid that someone wakes up cores
    312364                -- on the target system that go wild.
    313                 return false, true, data
     365                return true, false, data
    314366        elseif  addr >= 0xfec00000 and addr <= 0xfecfffff then
    315367                -- IO APIC.. Hm, not sure what to do here.
    316                 return false, true, data
     368                return true, false, data
    317369        elseif  addr >= 0xfed40000 and addr <= 0xfed45000 then
    318370                -- ICH7 TPM
    319371                return true, false, data
    320         elseif  addr >= 0x000c0000 and addr <= 0x000fffff then
     372        elseif  addr >= 0x000e0000 and addr <= 0x000fffff then
    321373                -- Low ROM accesses go to Qemu memory
    322374                return false, true, data
    323         elseif  addr >= 0x00000000 and addr <= 0x000bffff then
    324                 -- RAM access. This is handled by SerialICE
    325                 return true, false, data
     375        elseif  addr >= 0x000a0000 and addr <= 0x000affff then
     376                -- SMI/VGA go to target
     377                return true, true, data
     378        elseif  addr >= 0x00000000 and addr <= 0x000dffff then
     379                -- RAM access. This is handled by SerialICE during
     380                -- RAM initialization and by Qemu later on.
     381                if not ram_is_initialized then
     382                        return true, true, data
     383                end
     384                -- Don't send writes to the target for speed reasons.
     385                return false, true, data
    326386        elseif  addr >= 0x00100000 and addr <= 0xcfffffff then
    327387                -- 3.25 GB RAM ... This is handled by SerialICE
     
    329389        else
    330390                printf("\nWARNING: undefined store operation @%08x\n", addr)
    331                 -- Fall through, send to both Qemu and SerialICE
    332         end
    333 
    334         return true, true, data
     391                -- Fall through, send to SerialICE
     392        end
     393
     394        return true, false, data
    335395end
    336396
     
    360420
    361421function SerialICE_memory_write_log(addr, size, data, target)
     422        if addr >= 0x00000000 and addr <= 0x0009ffff and ram_is_initialized then
     423                return
     424        end
     425        if addr >= 0x000c0000 and addr <= 0x000dffff and ram_is_initialized then
     426                return
     427        end
     428
    362429        if size == 1 then       printf("MEM: writeb %08x <= %02x", addr, data)
    363430        elseif size == 2 then   printf("MEM: writew %08x <= %04x", addr, data)
     
    365432        end
    366433        if target then
    367                 printf(" *");
    368         end
    369         printf("\n");
     434                printf(" *")
     435        end
     436        printf("\n")
    370437
    371438        -- **********************************************************
     
    382449
    383450function SerialICE_memory_read_log(addr, size, data, target)
     451        if addr >= 0x00000000 and addr <= 0x0009ffff and ram_is_initialized then
     452                return
     453        end
     454        if addr >= 0x000c0000 and addr <= 0x000dffff and ram_is_initialized then
     455                return
     456        end
     457        if addr >= 0xe0000 and addr <= 0xfffff and not log_rom_access then
     458                return
     459        end
     460        if addr >= 0xfff00000 and addr <= 0xffffffff and not log_rom_access then
     461                return
     462        end
     463
    384464        if size == 1 then       printf("MEM:  readb %08x => %02x", addr, data)
    385465        elseif size == 2 then   printf("MEM:  readw %08x => %04x", addr, data)
     
    387467        end
    388468        if target then
    389                 printf(" *");
    390         end
    391         printf("\n");
     469                printf(" *")
     470        end
     471        printf("\n")
    392472
    393473        -- **********************************************************
Note: See TracChangeset for help on using the changeset viewer.