Re: [Qemu-devel] Where is vga-rom mapped in guest system memory?

[Laszlo Ersek]

On 05/13/14 14:58, Jaeyong Yoo wrote:
> Hello qemu!
> 
>  
> 
> I am currently writing a vga device emulator and need to debug vga-bios.
> 
> What I want is to set break-point on the entry of vga-bios and for this,
> 
> I'm reading qemu source around pci device and rom-related memory regions
> 
> to find out where should I set break point. And, sadly, got stuck.
> 
>  
> 
> Could you give me any advice about the memory-mapped address of vga-rom or
> 
> any pointers?

Some.

The vgabios binary is loaded from the file identified by the "romfile"
property of the VGA card that you select. For example,

  -device qxl-vga,romfile=...

or

  -vga qxl \
  -global qxl-vga.romfile=...

Of course the property has a default value for each VGA card. See the

  k->romfile = ...

assignments in:
- cirrus_vga_class_init() -- vgabios-cirrus.bin
- qxl_primary_class_init() -- vgabios-qxl.bin
- vga_class_init() -- vgabios-stdvga.bin

I think the oprom is loaded in

pci_qdev_init() [hw/pci/pci.c]
  pci_add_option_rom()

The vgabios oprom is shadowed from ROM (pci address space) to RAM by the
SeaBIOS initialization code, and then POSTed:

handle_post() [src/post.c]
  make_bios_writable() [src/fw/shadow.c]
    make_bios_writable_intel()
      __make_bios_writable_intel() -- shadows vgabios in C segment too
  dopost() [src/post.c]
    maininit()
      vgarom_setup() [src/optionroms.c]
        init_pcirom()
          init_optionrom()
            callrom()
              __callrom()
                _rom_header_entry [vgasrc/vgaentry.S]
                  vga_post() [vgasrc/vgainit.c]

You can instrument vga_post() in the SeaBIOS source [vgasrc/vgainit.c],
rebuild the vgabios binary, and load this binary with the video card's
romfile=... property on the qemu command line.

Laszlo

Laszlo