x86, pflash, unassigned memory access

[Alexey Kardashevskiy]

Hi!

I am trying qemu-system-x86_64 with OVMF with the q35 machine, the 
complete command line is below.

It works fine (including SEV on AMD EPYC), but these 2 parameters make 
me wonder if I miss something:

-drive 
if=pflash,format=raw,unit=0,file=/home/aik/OVMF_CODE.fd,readonly=on,id=MYPF 
\
-d guest_errors

With this, I see a bunch of
===
Invalid access at addr 0xFFC00000, size 1, region '(null)', reason: rejected
Invalid access at addr 0xFFC00001, size 1, region '(null)', reason: rejected
Invalid access at addr 0xFFC00002, size 1, region '(null)', reason: rejected
...
Invalid access at addr 0xFFC00FFF, size 1, region '(null)', reason: rejected
QEMU Flash: Failed to find probe location
QEMU flash was not detected. Writable FVB is not being installed.
===

These are the indication of unassigned memory access which always meant 
a bug in my past experience (which is POWERPC so not so relevant here 
but nevertheless).

OVMF is probing the flash at 0xFFC00000 (hardcoded in OVMF) in
https://github.com/tianocore/edk2/blob/master/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c#L65
but cannot succeed - "info mtree -f" says that at no point there is 
anything at 0xFFC00000:

===
...
00000000fed1c000-00000000fed1ffff (prio 1, i/o): lpc-rcrb-mmio
00000000fee00000-00000000feefffff (prio 4096, i/o): kvm-apic-msi
00000000ffc84000-00000000ffffffff (prio 0, romd): system.flash0 KVM
0000000800000000-0000000800000fff (prio 0, i/o): 
virtio-pci-common-virtio-net
...
===

hw/block/pflash_cfi01.c suggests QEMU implements this protocol via 
pflash_cfi01_ops but it is never called as:
- it is the same memory region as the OVMF code and
- it is mapped at 0xffc84000 (which is 4G - 
size("./Build/OvmfX64/DEBUG_GCC5/FV/OVMF_CODE.fd"), not where OVMF 
expects it) and
- it has romd==true, it is a KVM memory slot and IO is never emulated in 
QEMU.

Adding another IO memory region with pflash_cfi01_ops and mapping it at 
0xFFC00000 makes it loop in OVMF somewhere.

OVMF code is linked to hardcoded 0xffc84000 (FD_SIZE_IN_KB==4096).


So I wonder - are these illegal accesses a bug of some sort in QEMU or 
OVMF or command line? Thanks,




The complete command line is:

/home/aik/pbuild/qemu-snp-localhost-x86_64/qemu-system-x86_64 \
-enable-kvm \
-m 2G \
-smp 2 \
-netdev user,id=USER0,hostfwd=tcp::2223-:22 \
-device 
virtio-net-pci,id=vnet0,iommu_platform=on,disable-legacy=on,romfile=,netdev=USER0 
\
-machine q35 \
-device 
virtio-scsi-pci,id=vscsi0,iommu_platform=on,disable-modern=off,disable-legacy=on 
\
-drive 
id=DRIVE0,if=none,file=img/u2204_128G_aikbook_sev.qcow2,format=qcow2 \
-device scsi-hd,id=scsi-hd0,drive=DRIVE0 \
-drive 
if=pflash,format=raw,unit=0,file=/home/aik/OVMF_CODE.fd,readonly=on,id=MYPF 
\
-nographic \
-chardev stdio,id=STDIO0,signal=off,mux=on \
-device isa-serial,id=isa-serial0,chardev=STDIO0 \
-mon id=MON0,chardev=STDIO0,mode=readline \
-kernel /boot/vmlinuz \
-append console=ttyS0,115200n1 earlyprintk root=/dev/sda3 \
-d guest_errors


--
Alexey