QEMU Code Analysis: The BIOS loading process

Source: Internet
Author: User

Introduction to using BIOS in Http://www.ibm.com/developerworks/cn/linux/1410_qiaoly_qemubios/QEMU

The BIOS provides firmware information for the motherboard or video card as well as basic input and output functions, and QEMU uses some open source projects such as Bochs, Openbios, etc. The BIOS and part of the firmware used in QEMU are stored in binary files in the Pc-bios directory of the source tree. The Pc-bios directory contains the firmware used by QEMU, and some bios are stored in the QEMU repository in the form of Git source code submodule, and when the QEMU program is compiled, the binaries for these BIOS or firmware are also compiled. QEMU supports a variety of startup methods, such as EFI, PXE, etc., which are included in this directory, which require specific BIOS support.

Listing 1. BIOS files in the QEMU source tree
$ ls pc-bios/acpi-dsdt.aml efi-rtl8139.rom openbios-ppc pxe-e1000.rom qemu_logo_no_text.svg slof.bin BAMBOO.DTB Efi-virtio.rom openbios-sparc32 pxe-eepro100.rom qemu-nsis.bmp spapr-rtas bamboo.dts keymaps openbios-sparc64 pxe-ne2k _pci.rom qemu-nsis.ico spapr-rtas.bin bios.bin kvmvapic.bin optionrom pxe-pcnet.rom vgabios.bin efi-e1000.rom Linuxboot.bin  palcode-clipper pxe-rtl8139.rom  s390-ccwvgabios-cirrus.bin efi-eepro100.rom PETALOGIX-ML605.DTB  pxe-virtio.rom  s390-ccw.img  vgabios-qxl.bin efi-ne2k_pci.rom  multiboot.bin    petalogix-s3adsp1800.dtb  q35-acpi-dsdt.aml  s390-zipl.rom vgabios-stdvga.bin  efi-pcnet.rom Ohw.diff ppc_rom.bin qemu-icon.bmp sgabios.bin  vgabios-vmware.bin
Listing 2. The QEMU source tree saves BIOS code in submodule mode
-bash-4.1$ cat. Gitmodules[submodule "Roms/vgabios"] path = Roms/vgabios url = git: Git.qemu.org/vgabios.git/[submodule "Roms/seabios"] path = Roms/seabios URL = git://git.qemu.org/seabios.g        It/[submodule "Roms/slof"] path = Roms/slof url = git://git.qemu.org/slof.git[submodule "Roms/ipxe"] Path = roms/ipxe url = git://git.qemu.org/ipxe.git[submodule "Roms/openbios"] path = Roms/openbios ur L = git://git.qemu.org/openbios.git[submodule "Roms/qemu-palcode"] path = roms/qemu-palcode URL = git://gith Ub.com/rth7680/qemu-palcode.git[submodule "Roms/sgabios"] path = Roms/sgabios URL = Git://git.qemu.org/sgabi        Os.git[submodule "Pixman"] path = Pixman URL = git://anongit.freedesktop.org/pixman[submodule "DTC"] Path = DTC URL = git://git.qemu.org/dtc.git when we compile qemu from source code, QEMU's Makefile copies the binaries to the QEMU data file directory. 
Listing 3. Copy operation of the BIOS in QEMU's Makefile:
Ifneq ($ (BLOBS),)        set-e; for x in $ (BLOBS); do                 $ (install_data) $ (src_path)/pc-bios/$ $x "$ (DESTDIR) $ (qemu_ DataDir) ";         Done
QEMU Load BIOS Process Analysis

When the QEMU user space process starts, the QEMU process automatically loads the appropriate BIOS firmware based on the parameters passed and the current host platform type. The QEMU process starts the initial phase by registering all machine types supported by the platform through the Module_call_init function call Qemu_register_machine, and then calls Find_default_machine to select a default model for initialization. With the latest QEMU code (1.7.0) x86_64 platform as an example, the supported machine types are:

Listing 4. 1.7.0 version x86_64 types supported in QEMU
pc-q35-1.7 pc-q35-1.6 pc-q35-1.5 pc-q35-1.4 pc-i440fx-1.7 pc-i440fx-1.6 pc-i440fx-1.5pc-i440fx-1.4 pc-1.3 pc-1.2 pc-1.1 pc-1.0 pc-0.15 pc-0.14pc-0.13    pc-0.12    pc-0.11    pc-0.10    ISAPC

The default model used in the latest code is pc-i440fx-1.7, and the BIOS file used is:

Pc-bios/bios.bindefault Machine Name:pc-i440fx-1.7bios_name = Bios.bin

Pc-i440fx-1.7 explains that Qemu simulates INTEL's I440FX hardware chipset, and 1.7 is the version number of QEMU. After the default machine is found and the physical memory is initialized for it, QEMU first applies a piece of memory space to simulate the physical memory space of the virtual machine, and after requesting good memory, initializes the virtual machine's physical memory based on the parameters of the different platforms or the QEMU process. The specific function call procedure is shown in Figure 1.

Figure 1. QEMU Hardware initialization function call Flowchart:

In QEMU, the entire physical memory is represented as a struct struct memoryregion, as shown in Listing 5.

Listing 5. Memoryregion structure in QEMU
struct memoryregion {/* All fields is private-violators'll be prosecuted * * Const MEM    Oryregionops *ops;    Const Memoryregioniommuops *iommu_ops;    void *opaque;    struct Object *owner;    Memoryregion *parent;    Int128 size;    Hwaddr addr;    void (*destructor) (Memoryregion *mr);    ram_addr_t ram_addr;    BOOL subpage;    BOOL terminates;    BOOL Romd_mode;    BOOL Ram; BOOL ReadOnly;    /* For RAM regions */BOOL enabled;    BOOL Rom_device; BOOL warning_printed;    /* For reservations */bool Flush_coalesced_mmio;    Memoryregion *alias;    Hwaddr Alias_offset;    unsigned priority;    BOOL May_overlap;    Qtailq_head (subregions, memoryregion) subregions;    Qtailq_entry (memoryregion) Subregions_link;    Qtailq_head (Coalesced_ranges, Coalescedmemoryrange) Subregions_link;    const char *name;    uint8_t Dirty_log_mask;    unsigned ioeventfd_nb;    MEMORYREGIONIOEVENTFD *ioeventfds; Notifierlist iommu_notify;}; 

Each memoryregion represents a piece of memory area. Take a closer look at the member function of Memoryregion, which contains a member function of an Object to point to its owner, and a memoryregion member to point to his parent node (something like a linked list). In addition there are three tail queues (QTAILQ) subregions, Subregions_link, Subregions_link. That is, a memoryregion can contain more than one memory area, distinguishing the function of the memory domain according to different parameters. Before using memoryregion, allocate memory space for it and call Memory_region_init to do the necessary initialization. The BIOS is also indicated by a memoryregion structure. Its memoryregion.name is set to "Pc.bios" and the size is set to the BIOS file (an integer multiple of 65536). Then drop the rom_add_file_fixed to load its BIOS file into a global ROM queue.

Finally, back in the Old_pc_system_rom_init function, map the BIOS to the address space at the top of the memory.

Listing 6. The Old_pc_system_rom_init function maps the BIOS to the physical memory space code:
HW/I386/PC_SYSFW.C:    memory_region_add_subregion (Rom_memory,        (uint32_t) (-bios_size) BIOS);

(uint32_t) (-bios_size) is a 32-bit unsigned number, so the-bios_size corresponds to the FFFFFFFF minus the bios_size size. BIOS size is./pc-bios/bios.bin = 131072 (128KB) bytes, hexadecimal is represented as 0x20000, so the BIOS is in memory position as BIOS position = Fffe0000,bios in memory location It's 0xfffdffff~0xffffffff. The BIOS is now added to the physical memory address space of the virtual machine.

Finally QEMU calls the CPU reset function to reset the register value of Vcpus ip=0x0000fff0, cs=0xf000, CS. Base= 0xffff0000,cs. Limit=0xffff. The instruction starts from 0XFFFFFFF0 and is exactly where the ROM program begins. The virtual machine finds the entrance to the BIOS.

Back to top of page

Summary

By reading the source code of the QEMU program, the author details the BIOS files used in QEMU, how the physical memory is represented in QEMU, and how qemu steps through the process of loading the BIOS binary into the memory in a virtual machine created by QEMU.

QEMU Code Analysis: The BIOS loading process

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.