Re: [Qemu-devel] [PATCH] dma/rc4030: do multiple calls to address_space_rw when doing DMA transfers

Thu, 11 Jun 2015 16:31:28 -0700 

On 2015-06-11 22:30, Hervé Poussineau wrote:
> This workarounds a bug in memory management.
> 
> To reproduce the problem, try to start the Windows NT 4.0/MIPS installer.
> After loading some files, you should see a screen saying
> "To set up Windows NT now, press ENTER."
> However, you're welcomed with an IRQL_NOT_LESS_OR_EQUAL bugcheck or an
> Unknown Hard Error c0000221.
> 
> Signed-off-by: Hervé Poussineau <hpous...@reactos.org>
> ---
>  hw/dma/rc4030.c | 15 +++++++++++++++
>  1 file changed, 15 insertions(+)
> 
> diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c
> index 3efa6de..d265d6c 100644
> --- a/hw/dma/rc4030.c
> +++ b/hw/dma/rc4030.c
> @@ -681,6 +681,7 @@ static void rc4030_do_dma(void *opaque, int n, uint8_t 
> *buf, int len, int is_wri
>      rc4030State *s = opaque;
>      hwaddr dma_addr;
>      int dev_to_mem;
> +    int i;
>  
>      s->dma_regs[n][DMA_REG_ENABLE] &= ~(DMA_FLAG_TC_INTR | DMA_FLAG_MEM_INTR 
> | DMA_FLAG_ADDR_INTR);
>  
> @@ -699,8 +700,22 @@ static void rc4030_do_dma(void *opaque, int n, uint8_t 
> *buf, int len, int is_wri
>      dma_addr = s->dma_regs[n][DMA_REG_ADDRESS];
>  
>      /* Read/write data at right place */
> +#if 1 /* workaround for a bug in memory management */
> +    for (i = 0; i < len; ) {
> +        int ncpy = DMA_PAGESIZE - (dma_addr & (DMA_PAGESIZE - 1));
> +        if (ncpy > len - i) {
> +            ncpy = len - i;
> +        }
> +        address_space_rw(&s->dma_as, dma_addr, MEMTXATTRS_UNSPECIFIED,
> +                         buf + i, ncpy, is_write);
> +
> +        dma_addr += ncpy;
> +        i += ncpy;
> +    }
> +#else
>      address_space_rw(&s->dma_as, dma_addr, MEMTXATTRS_UNSPECIFIED,
>                       buf, len, is_write);
> +#endif

Hmm, basically your code splits the transfers so that they don't cross
DMA page boundaries. It seems that your DMA memory region is actually
made of small subregions of size DMA_PAGESIZE aliased to the RAM.

Now looking at the address_space_rw function, it seems it optimizes the
write to RAM case by calling address_space_translate() and then doing a
memcpy() of the whole region. It doesn't work given the memory region is
not linear.

That said address_space_translate is supposed to adjust the length if
needed, but does so only if iommu_ops is defined. I therefore wonder if
you therefore shouldn't model this DMA translation tables by using IOMMU
ops instead of subregions.

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurel...@aurel32.net                 http://www.aurel32.net

Reply via email to