QEMU Source Code Study - KVM_RUN

QEMU Part

---

---

Like KVM_VCPU_CREATE(), kvm_cpu_exec() is also called by function "qemu_kvm_cpu_thread_fn(...)". For the execution process of qemu_kvm_cpu_thread_fn(...), please check the KVM_VCPU_CREATE() post.

---

kvm_vcpu_exec()

---

kvm_arch_pre_run(cpu, run)

struct kvm_run

---

KVM Part

---

---

kvm_vcpu_ioctl(...)

kvm_arch_vcpu_ioctl(filp, ioctl, arg)

vcpu_enter_guest(kvm_vcpu *vcpu)

vmx_vcpu_run( kvm_vcpu *vcpu)

vmx_handle_exit()

static int (*const kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu)

QEMU Source Code Study (3) - KVM_CREATE_VCPU

x86_cpu_register_types() ----> type_register_static(&x86_cpu_type_info) ----> TypeInfo x86_cpu_type_info.class_init = x86_cpu_common_class_init ----> x86_cpu_common_class_init(ObjectClass *oc, void *data) ----> dc->realize = x86_cpu_realizefn ----> x86_cpu_realizefn(DeviceState *dev, Error **error) ----> qemu_init_vcpu(cpu) ----> qemu_kvm_start_vcpu(cpu) ----> qemu_thread_create(cpu->thread, qemu_kvm_cpu_thread_fn, cpu) ----> nqemu_kvm_cpu_thread_fn(arg) ----> kvm_cpu_exec(cpu) ----> kvm_vcpu_ioctl(cpu, KVM_RUN, 0);


How to execute these object?

QEMU Part

---

---

kvm_init_vcpu(...)

KVM Part

---

---

kvm_vm_ioctl()

kvm_vm_ioctl_create_vcpu(kvm, id)

kvm_x86_ops

vmx_create_vcpu

QEMU Source Code Study (2) - KVM_init

At first, main() in vl.c will call configure_accelerator()

QEMU Part

---

---

configure_accelerator()

---

accel_list[]

kvm_init()

---

KVMState

kvm_ioctl(KVMState *s, int type, ...)

---

---

KVM Part

---

---

Register ioctl handler

---

vmx_init() -> kvm_init(...) -> misc_register(kvm_dev) -> kvm.&kvm_chardev_ops

kvm_dev

kvm_chardev_ops

KVM API

---

The "/dev/kvm" ioctl handler is as follows:

KVM_GET_API_VERSION

This API just return the API version of KVM. The handler just return he version of KVM. This parameter is defined in ./include/uapi/linux/kvm.h

KVM_CREATE_VM

This API is used by QEMU to ask KVM create VM. "KVM_CREATE_VM" definition is the same as KVM_GET_API_VERSION.

Binary Tree

Data Structure

---

Binary Tree Construction

---

• Recursive
• Iterative

Pre-Order

---

• Recursive
• Iterative

In-Order

---

• Recursive
• Iterative

Post-Order

---

• Recursive
• Iterative

Maximum Depth of Binary Tree

Question

---

Given a binary tree, find its maximum depth.
The maximum depth is the number of nodes along the longest path from the root node down to the farthest leaf node.

Solution

---

Use recursive method to solve this problem. Retrieve the left part of binary tree and then the right part of binary tree.

• If the node is empty then return 0
• If the node is not empty then retrieve left part then retrieve right part. The return value will be (the max path length between left and right) + 1.

Code

---

SeaBIOS - Interface_init

SeaBIOS - Source Code Study (2)

QEMU_PREINIT(void)

---

• qemu_detect(void)

dopost()

---

In this function, besides the qemu_preinit(). It will be responsible to allocate memory, init serial port, make BIOS writable, and start the main function in qemu: maininit()

maininit(): most important entrypoint for SeaBIOS

---

Single Number Problem

Question

---

Given an array of integers, every element appears twice except for one. Find that single one.
Note:
Your algorithm should have a linear runtime complexity. Could you implement it without using extra memory?

Solution

---

XOR satisfies communicative law and associative law. In other words,
X^X = 0 
0 ^X = X
(A^B)^(A^A^B)=A^B^B=A
Therefore,
If we XOR the element one by one, the result is the element which only appears once. If we assume the array is then A ^ B ^ A ^ B ^ C = (A ^ A) ^ (B ^ B) ^ C = C.
Note: Don't forget the case when there is only one element in the array.

Code

---

BIOS Boot Specification

Term

• IPL Device: Initial Program Load Device, basically, this is floppy drive or hard drive
• BAID: BIOS Aware IPL Device, which can boot OS but requires BIOS to support it. For example: CD-ROM
• BCV: Boot Connection Vector, which is a pointer to code inside the option ROM that perform device initialization, detect if a peripheral is attached, and hook INT 13h. 
• BEV: Bootstrap Entry Vector is a pointer that points to code inside an option ROM which load OS. BEV resides in PnP option ROM Expansion Header.

Overview

• BIOS creates and maintains a list of all IPL devices found in the system and stores this list in NV memory. 
• Support devices boot order.
• Defines the BCV priority. 
• BIOS will try each devices to boot OS. If none succeeds, wait for a key stroke then invoke INT 19 again.

IPL Devices

• Includes hard drives, CD-ROM devices ,etc,. 
• Falls into three categories: BAID, Legacy (dead) and PnP (plug and play).
• BIOS defines INT 18 as recover vector for failed boot attempt.
• IPL tables includes: identification information, pointers to description strings, and pointers to handler.
• Product Name String in PnP Expansion Header is very meaningful to indicate manufacturer information. Only first 32 Bytes are used.
• Each BAID will have an entry in the IPL Table. INT 19h handler will read this table and boot OS from BAID. BAID doesn't have option ROM.
• IPL Table and BCV Table Entry Data Structure

• All IPL devices with option ROMs must contain a valid option ROM header which resides between C0000h and EFFFFh and begin with 55AAh. The address of PnP Expansion Header is within option ROM header at offset (C0000h-EFFFFh)  + 1Ah. PnP Expansion Header contains pointers to code in device's option ROM (BCV or BEV). 

• BEV: is booted by the BIOS making a far call directly
• BCV: typically SCSI controller is not directly bootable. Rather, it merely adds drives to the system by hooking into the BIOS's INT 13h services and appending drive numbers to existing drives.
• Identifying IPL Devices:

            BAIDs are automatically identified by BIOS
            PnP Card is defined by having PnP Expansion Header in option ROM. BEV device will be included in the IPL Priority. BCV device will be called.
            PCI devices with option ROM behave like IPL devices.

IPL Priority

• An IPL Priority ordinal value is the index of a BAID or BEV device entry in the IPL table.
• When INT 19h handler gains control, the first IPL device in IPL priority is used to boot.
• BIOS only recognize a change in the number of BEV devices rather than the type of BEV devices. 
• For example, when you change your network card,  in IPL priority the ordinal value is not changed, but the entry of IPL table is changed.

BCV Priority

• The first type of entry in the BCV Table is BIOS's own INT 13h services for ATA drives. 
• PnP Cards with BCV are the second type of entry in BCV Table.

   

SeaBIOS - Source Code Study (1)

---

SeaBIOS handle fw_cfg

---

entry_elf -> handle_post() -> dopost() -> maininit() -> interface_init() -> qemu_cfg_init()

ENTRY(entry_elf)

SeaBIOS serial port configuration

---

Serial Port Information is listed as follows:

• debug_serial_preinit()
DebugOutputPort = 0x402

Make BIOS Writable

---

BDF Architecture is blow:
bus << 16 | device << 11 | function << 8 | offset
But in SeaBIOS:
bus << 8 | dev << 3 | fn
Because when out 0xcf8 port, bdf will be << 8

• foreachbdf(BDF, BUS)
• pci_bus_devfn_to_bdf(bus, devfn)
• pci_next(int bdf, int bus)
• pci_config_readb(u16, bdf, u32 addr)

SeaBIOS - MakeFile

• Object
SRCBOTH is basics source file object. However, there are two objects based on SRCBOTH: SRC16 and SRC32FLAT. The other object is SRC32SEG.
• Flag
Note: cc-option function. Basic Flag Parameter is COMMONCFLAGS. According to different Objects, there are other flags: CFLAGS32FLAT, CFLAGSSEG, CFLAGS32SEG, CFLAGS16INC, CFLAGS16  Note: If you place "@" before a makefile command, this command will not be displayed in the screen.
• Target
Final target: target-y
• Rules
Note: $< is the set of files in the right part, $> is the file in the left part
• bios.bin
• rom.o (required by bios.bin)
• rom16.o (required by rom.o)
• rom32seg.o (required by rom.o)
• Note:
rom.o requires rom16.strip.o, rom32seg.strip.o and code32flat.o rather than rom16.o and rom32seg.o. Check the following, I can find rom16.strip.o and rom32seg.strip.o generated by rom16.o and rom32seg.o. In addition,ccode16.o, code32seg.o are used to generate rom16.o and rom32seg.o. ccode32flat.o is used to generate code32flat.o
• ccode16.o (required by rom16.o)
• code32seg.o (required by rom32seg.o)
• ccode32flat.o (required by code32flat.o)
• romlayout.o (required by rom16.o)

SeaBIOS - Basic

Background

• BIOS will enumerate all PCI devices in POST stage.
• The details about POST stage can be found here

Compile

• SeaBIOS is Kconfig style, so run make menuconfig
• Choose the options you want in the pop-up menu
• A new file ".config" will be generated after you exit the menu.
• Finally, Just make

To learn how to launch your first BIOS, please follow this

Q&A

1. How QEMU communicate with SeaBIOS?
A: fw_cfg:
• Emulated IO ports 0x510 (address) and 0x511 (data)
• Used to communicate various tables to the qemu BIOS (e820 map,ACPI tables, etc)
• Also provides support for exporting writable tables to the BIOS.
2. Where is option ROM?
A: /usr/share/qemu/

QEMU Source Code Study - 1

The entry point of QEMU is int main in vl.c

MODULE_INIT_TYPE (Code1-1)

Four types Module Definition

module_init()

register_module_init()

module_call_init(...)

TypeInfo

The basic parameter used to restore QEMU Object.