On Thu, Apr 07, 2011 at 10:42:56AM -0500, Anthony Liguori wrote:
On 04/07/2011 10:31 AM, Gleb Natapov wrote:
On Thu, Apr 07, 2011 at 08:28:37AM -0500, Anthony Liguori wrote:
On 04/07/2011 03:22 AM, Bei Guan wrote:
Hi,
I have some questions about the qemu's bios. How does the QEMU
load the binary files bios.bin and vgabios-cirrus.bin? Which
function or code file need I to pay more attention to?
For the loading of vgabios-cirrus.bin and bios.bin, I just trace
them into the same funciton rom_add_file() in hw/loader.c. Is it
the right function, which loads the bioses?
And then another question, how qemu give the control to bios when
the bios file is loaded? Maybe this question is not in the scope
of qemu, however, can you give me some cue point.
I had some stuff written up locally so I posted it to the wiki at
http://wiki.qemu.org/Documentation/Platforms/PC
The x86 architecture defines the initial state of the chip to have
the CS register have a base of 0xF000 and an IP of 0xFFF0. The
result is that the actual memory address of the first instruction
falls at the end of the BIOS ROM segment. This is the entry point
to the BIOS.
Actually after reset on x86 IP=0x0000fff0, CS=0xf000, CS.BASE= 0xffff0000,
CS.LIMIT=0xffff. So the execution begins at 0xfffffff0 where ROM is
mapped initially.
That impossible because 1) the processor starts in 16 bit mode so
such an address cannot be generated 2) the processor has a20 held to
zero which makes that the processor cannot generate a load to an
address with the 20th bit set to anything but zero.
That may seams to be impossible but it is how HW works. And this is how
QEMU emulates it. Look at target-i386/helper.c:cpu_reset()
cpu_x86_load_seg_cache(env, R_CS, 0xf000, 0xffff0000, 0xffff,
DESC_P_MASK | DESC_S_MASK | DESC_CS_MASK |
DESC_R_MASK | DESC_A_MASK);
env->eip = 0xfff0;
Don't know how a20 gate is handled btw.