From 6407d76eb4e5b5dd4af8613cef0162f31ff739ed Mon Sep 17 00:00:00 2001 From: "Gabriel L. Somlo" Date: Tue, 29 Sep 2015 12:29:01 -0400 Subject: fw_cfg: insert string blobs via qemu cmdline Allow users to provide custom fw_cfg blobs with ascii string payloads specified directly on the qemu command line. Suggested-by: Jordan Justen Suggested-by: Laszlo Ersek Signed-off-by: Gabriel Somlo Message-id: 1443544141-26568-1-git-send-email-somlo@cmu.edu Reviewd-by: Laszlo Ersek Signed-off-by: Gerd Hoffmann --- docs/specs/fw_cfg.txt | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'docs/specs') diff --git a/docs/specs/fw_cfg.txt b/docs/specs/fw_cfg.txt index 74351dd..c0e76aa 100644 --- a/docs/specs/fw_cfg.txt +++ b/docs/specs/fw_cfg.txt @@ -216,6 +216,21 @@ the following syntax: where is the fw_cfg item name, and is the location on the host file system of a file containing the data to be inserted. +Small enough items may be provided directly as strings on the command +line, using the syntax: + + -fw_cfg [name=],string= + +The terminating NUL character of the content will NOT be +included as part of the fw_cfg item data, which is consistent with +the absence of a NUL terminator for items inserted via the file option. + +Both and, if applicable, the content are passed +through by QEMU without any interpretation, expansion, or further +processing. Any such processing (potentially performed e.g., by the shell) +is outside of QEMU's responsibility; as such, using plain ASCII characters +is recommended. + NOTE: Users *SHOULD* choose item names beginning with the prefix "opt/" when using the "-fw_cfg" command line option, to avoid conflicting with item names used internally by QEMU. For instance: -- cgit v1.1 From 57c3d238a5ff7e7ad7aba098b5d55d8d89c2a6a1 Mon Sep 17 00:00:00 2001 From: "Gabriel L. Somlo" Date: Thu, 8 Oct 2015 17:02:53 +0200 Subject: fw_cfg: document fw_cfg_modify_iXX() update functions Document the behavior of fw_cfg_modify_iXX() for leak-less updating of integer-type blobs. Currently only fw_cfg_modify_i16() is coded, but 32- and 64-bit versions may be added later if necessary.. Signed-off-by: Gabriel Somlo Reviewed-by: Laszlo Ersek Signed-off-by: Gerd Hoffmann --- docs/specs/fw_cfg.txt | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'docs/specs') diff --git a/docs/specs/fw_cfg.txt b/docs/specs/fw_cfg.txt index c0e76aa..d5dee4b 100644 --- a/docs/specs/fw_cfg.txt +++ b/docs/specs/fw_cfg.txt @@ -159,6 +159,17 @@ will convert a 16-, 32-, or 64-bit integer to little-endian, then add a dynamically allocated copy of the appropriately sized item to fw_cfg under the given selector key value. +== fw_cfg_modify_iXX() == + +Modify the value of an XX-bit item (where XX may be 16, 32, or 64). +Similarly to the corresponding fw_cfg_add_iXX() function set, convert +a 16-, 32-, or 64-bit integer to little endian, create a dynamically +allocated copy of the required size, and replace the existing item at +the given selector key value with the newly allocated one. The previous +item, assumed to have been allocated during an earlier call to +fw_cfg_add_iXX() or fw_cfg_modify_iXX() (of the same width XX), is freed +before the function returns. + == fw_cfg_add_file() == Given a filename (i.e., fw_cfg item name), starting pointer, and size, -- cgit v1.1 From c9eae1d4b93695d98fa5306a28b7fb7acc34ae67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Mar=C3=AD?= Date: Thu, 8 Oct 2015 17:02:54 +0200 Subject: fw_cfg DMA interface documentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add fw_cfg DMA interface specification in the documentation. Based on Gerd Hoffman's initial implementation. Signed-off-by: Marc MarĂ­ Reviewed-by: Peter Maydell Reviewed-by: Laszlo Ersek Signed-off-by: Gerd Hoffmann --- docs/specs/fw_cfg.txt | 65 +++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 61 insertions(+), 4 deletions(-) (limited to 'docs/specs') diff --git a/docs/specs/fw_cfg.txt b/docs/specs/fw_cfg.txt index d5dee4b..536909a 100644 --- a/docs/specs/fw_cfg.txt +++ b/docs/specs/fw_cfg.txt @@ -76,6 +76,13 @@ increasing address order, similar to memcpy(). Selector Register IOport: 0x510 Data Register IOport: 0x511 +DMA Address IOport: 0x514 + +=== ARM Register Locations === + +Selector Register address: Base + 8 (2 bytes) +Data Register address: Base + 0 (8 bytes) +DMA Address address: Base + 16 (8 bytes) == Firmware Configuration Items == @@ -86,11 +93,12 @@ by selecting the "signature" item using key 0x0000 (FW_CFG_SIGNATURE), and reading four bytes from the data register. If the fw_cfg device is present, the four bytes read will contain the characters "QEMU". -=== Revision (Key 0x0001, FW_CFG_ID) === +=== Revision / feature bitmap (Key 0x0001, FW_CFG_ID) === -A 32-bit little-endian unsigned int, this item is used as an interface -revision number, and is currently set to 1 by QEMU when fw_cfg is -initialized. +A 32-bit little-endian unsigned int, this item is used to check for enabled +features. + - Bit 0: traditional interface. Always set. + - Bit 1: DMA interface. === File Directory (Key 0x0019, FW_CFG_FILE_DIR) === @@ -132,6 +140,55 @@ Selector Reg. Range Usage In practice, the number of allowed firmware configuration items is given by the value of FW_CFG_MAX_ENTRY (see fw_cfg.h). += Guest-side DMA Interface = + +If bit 1 of the feature bitmap is set, the DMA interface is present. This does +not replace the existing fw_cfg interface, it is an add-on. This interface +can be used through the 64-bit wide address register. + +The address register is in big-endian format. The value for the register is 0 +at startup and after an operation. A write to the least significant half (at +offset 4) triggers an operation. This means that operations with 32-bit +addresses can be triggered with just one write, whereas operations with +64-bit addresses can be triggered with one 64-bit write or two 32-bit writes, +starting with the most significant half (at offset 0). + +In this register, the physical address of a FWCfgDmaAccess structure in RAM +should be written. This is the format of the FWCfgDmaAccess structure: + +typedef struct FWCfgDmaAccess { + uint32_t control; + uint32_t length; + uint64_t address; +} FWCfgDmaAccess; + +The fields of the structure are in big endian mode, and the field at the lowest +address is the "control" field. + +The "control" field has the following bits: + - Bit 0: Error + - Bit 1: Read + - Bit 2: Skip + - Bit 3: Select. The upper 16 bits are the selected index. + +When an operation is triggered, if the "control" field has bit 3 set, the +upper 16 bits are interpreted as an index of a firmware configuration item. +This has the same effect as writing the selector register. + +If the "control" field has bit 1 set, a read operation will be performed. +"length" bytes for the current selector and offset will be copied into the +physical RAM address specified by the "address" field. + +If the "control" field has bit 2 set (and not bit 1), a skip operation will be +performed. The offset for the current selector will be advanced "length" bytes. + +To check the result, read the "control" field: + error bit set -> something went wrong. + all bits cleared -> transfer finished successfully. + otherwise -> transfer still in progress (doesn't happen + today due to implementation not being async, + but may in the future). + = Host-side API = The following functions are available to the QEMU programmer for adding -- cgit v1.1 From 2cc06a8843ace3d03464032eb3c74bc6e2b07579 Mon Sep 17 00:00:00 2001 From: Kevin O'Connor Date: Thu, 8 Oct 2015 17:02:58 +0200 Subject: fw_cfg: Define a static signature to be returned on DMA port reads Return a static signature ("QEMU CFG") if the guest does a read to the DMA address io register. Signed-off-by: Kevin O'Connor Reviewed-by: Laszlo Ersek Reviewed-by: Stefan Hajnoczi Signed-off-by: Gerd Hoffmann --- docs/specs/fw_cfg.txt | 3 +++ 1 file changed, 3 insertions(+) (limited to 'docs/specs') diff --git a/docs/specs/fw_cfg.txt b/docs/specs/fw_cfg.txt index 536909a..b8c794f 100644 --- a/docs/specs/fw_cfg.txt +++ b/docs/specs/fw_cfg.txt @@ -93,6 +93,9 @@ by selecting the "signature" item using key 0x0000 (FW_CFG_SIGNATURE), and reading four bytes from the data register. If the fw_cfg device is present, the four bytes read will contain the characters "QEMU". +If the DMA interface is available, then reading the DMA Address +Register returns 0x51454d5520434647 ("QEMU CFG" in big-endian format). + === Revision / feature bitmap (Key 0x0001, FW_CFG_ID) === A 32-bit little-endian unsigned int, this item is used to check for enabled -- cgit v1.1