qemu-discuss
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-discuss] Issues with IGD legacy passthrough with a HP Probook 430

From: Tony Cheneau
Subject: [Qemu-discuss] Issues with IGD legacy passthrough with a HP Probook 430 G4 and other hardware
Date: Thu, 26 Apr 2018 14:46:08 +0200
User-agent: Trojita/0.7; Qt/5.10.1; xcb; Linux; 
Hello folks,
A colleague and I are trying to get legacy passthrough to work with a HP 
Probook
430 G4 in BIOS mode. This is part of a "bigger" pet project where we are 
trying

to use legacy passthrough on all our laptop that have a working IOMMU and
compatible hardware. Ultimately, we trying to run a Windows 10 guest within 

that

VM.



We've experienced a success using a same generation IGD (on Lenovo Thinkpad
X260) where we got legacy passthrough to work and that encouraged us to 
push
things further. We're now asking for help because we can't seem to find how 

to

get it to work on an HP Probook G4. Qemu is stuck when loading the VBIOS.



Here is the command line for starting the VM:

$ qemu-system-x86_64 -D /var/log/qemu.log \

 -serial file:/root/serial.logs -monitor stdio \

 -bios /root/seabios-debug.bin -smbios type=0 \

 -m 6G -enable-kvm -machine pc,accel=kvm \

 -rtc driftfix=slew,base=localtime \
-cpu 
host,hv_relaxed,hv_reset,hv_vpindex,hv_runtime,hv_spinlocks=0x1fff,hv_vapic
,hv_time,kvm=off 
\

 -smp sockets=1,cores=2,threads=2 \

 -drive format=qcow2,file=/root/windows.qcow2,index=0,if=virtio \
-vga none -display none -device 
vfio-pci,host=00:02.0,id=hostdev0,bus=pci.0,addr=0x02,romfile=/root
/image.rom,x-igd-gms=1 
\
-device 
virtio-input-host-pci,evdev=/dev/input/by-path/platform-i8042-serio-0-event
-kbd 
\
-device 
virtio-input-host-pci,evdev=/dev/input/by-path/platform-i8042-serio-3-event
-mouse 
\
-net nic,model=virtio,addr=0x14 -net user 


The image.rom VBIOS image has been extracted from a firmware update for HP

laptop (using UEFI tool) and patched with rom-fixer. The firmware update is
confirmed to be compatible with this laptop (it applied without bricking 
the
laptop). We also tried using VBIOS from other hardware, but qemu then 
rejects it

("Turning on vga text mode console" error message).
We compiled a Seabios with a debug serial console and obtained the 
following output:

        Changing serial settings was 0/0 now 3/0

        SeaBIOS (version rel-1.11.0-25-g5adc8bd)
BUILD: gcc: (Ubuntu 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609 binutils: (GNU 

Binutils for Ubuntu) 2.26.1

        No Xen hypervisor found.

        enabling shadow ram

        RamSize: 0xc0000000 [cmos]

        malloc preinit

        Relocating init from 0x000d8160 to 0xbffada00 (size 75104)

        malloc init

        Found QEMU fw_cfg

        QEMU fw_cfg DMA interface supported

        Add romfile: etc/show-boot-menu (size=2)

        Add romfile: etc/irq0-override (size=1)

        Add romfile: etc/max-cpus (size=2)

        Add romfile: etc/numa-cpu-map (size=32)

        Add romfile: etc/numa-nodes (size=0)

        Add romfile: bootorder (size=0)

        Add romfile: etc/acpi/rsdp (size=36)

        Add romfile: etc/acpi/tables (size=131072)

        Add romfile: etc/boot-fail-wait (size=4)

        Add romfile: etc/e820 (size=60)

        Add romfile: etc/igd-bdsm-size (size=8)

        Add romfile: etc/igd-opregion (size=8192)

        Add romfile: etc/msr_feature_control (size=8)

        Add romfile: etc/smbios/smbios-anchor (size=31)

        Add romfile: etc/smbios/smbios-tables (size=387)

        Add romfile: etc/system-states (size=6)

        Add romfile: etc/table-loader (size=4096)

        Add romfile: etc/tpm/log (size=0)

        Add romfile: genroms/kvmvapic.bin (size=9216)

        RamBlock: addr 0x0000000000000000 len 0x00000000c0000000 [e820]

        RamBlock: addr 0x0000000100000000 len 0x00000000c0000000 [e820]

        Moving pm_base to 0x600

        init ivt

        init bda

        init bios32

        init PMM

        init PNPBIOS table

        init keyboard

        init mouse

        init pic

        math cp init

        pci setup

        === PCI bus & bridge init ===

        PCI: pci_bios_init_bus_rec bus = 0x0

        === PCI device probing ===

        PCI probe

        Found 14 PCI devices (max PCI bus is 00)

        === PCI new allocation pass #1 ===

        PCI: check devices

        === PCI new allocation pass #2 ===

        PCI: IO: c000 - c0ef

        PCI: 32: 00000000c0000000 - 00000000fec00000

        PCI: map device bdf=00:02.0  bar 4, addr 0000c000, size 00000040 [io]

        PCI: map device bdf=00:08.0  bar 0, addr 0000c040, size 00000040 [io]

        PCI: map device bdf=00:01.2  bar 4, addr 0000c080, size 00000020 [io]

        PCI: map device bdf=00:05.0  bar 0, addr 0000c0a0, size 00000020 [io]

        PCI: map device bdf=00:14.0  bar 0, addr 0000c0c0, size 00000020 [io]

        PCI: map device bdf=00:01.1  bar 4, addr 0000c0e0, size 00000010 [io]

        PCI: map device bdf=00:02.0  bar 0, addr fd000000, size 01000000 [mem]

        PCI: map device bdf=00:14.0  bar 6, addr fe000000, size 00040000 [mem]

        PCI: map device bdf=00:02.0  bar 6, addr fe040000, size 00010000 [mem]

        PCI: map device bdf=00:06.0  bar 0, addr fe050000, size 00004000 [mem]

        PCI: map device bdf=00:03.0  bar 1, addr fe054000, size 00001000 [mem]

        PCI: map device bdf=00:04.0  bar 1, addr fe055000, size 00001000 [mem]

        PCI: map device bdf=00:05.0  bar 1, addr fe056000, size 00001000 [mem]

        PCI: map device bdf=00:07.0  bar 0, addr fe057000, size 00001000 [mem]

        PCI: map device bdf=00:08.0  bar 1, addr fe058000, size 00001000 [mem]

        PCI: map device bdf=00:14.0  bar 1, addr fe059000, size 00001000 [mem]

        PCI: map device bdf=00:02.0  bar 2, addr e0000000, size 10000000 [prefme
m]

        PCI: map device bdf=00:03.0  bar 4, addr f0000000, size 00004000 [prefme
m]

        PCI: map device bdf=00:04.0  bar 4, addr f0004000, size 00004000 [prefme
m]

        PCI: map device bdf=00:05.0  bar 4, addr f0008000, size 00004000 [prefme
m]

        PCI: map device bdf=00:08.0  bar 4, addr f000c000, size 00004000 [prefme
m]

        PCI: map device bdf=00:14.0  bar 4, addr f0010000, size 00004000 [prefme
m]

        PCI: init bdf=00:00.0 id=8086:1237

        PCI: init bdf=00:01.0 id=8086:7000

        PIIX3/PIIX4 init: elcr=00 0c

        PCI: init bdf=00:01.1 id=8086:7010

        PCI: init bdf=00:01.2 id=8086:7020

        PCI: init bdf=00:01.3 id=8086:7113

        Using pmtimer, ioport 0x608

        PCI: init bdf=00:02.0 id=8086:5916

        Intel IGD OpRegion enabled at 0xbfffe000, size 8KB, dev 00:02.0

        Intel IGD BDSM enabled at 0xbf700000, size 8MB, dev 00:02.0

        PCI: init bdf=00:03.0 id=1af4:1052

        PCI: init bdf=00:04.0 id=1af4:1052

        PCI: init bdf=00:05.0 id=1af4:1012

        PCI: init bdf=00:06.0 id=8086:293e

        PCI: init bdf=00:07.0 id=1b36:0007

        PCI: init bdf=00:08.0 id=1af4:1001

        PCI: init bdf=00:14.0 id=1af4:1000

        PCI: init bdf=00:1f.0 id=8086:9d58

        PCI: Using 00:02.0 for primary VGA

        init smm

        init mtrr

        handle_smp: apic_id=0x1

        handle_smp: apic_id=0x3

        handle_smp: apic_id=0x2

        Found 4 cpu(s) max supported 4 cpu(s)

        init PIR table

        Copying PIR from 0xbffbfcc0 to 0x000f4ea0

        init MPTable

        Copying MPTABLE from 0x00006e60/bffa4470 to 0x000f4d80

        Copying SMBIOS entry point from 0x00006e60 to 0x000f4bd0

        load ACPI tables

        init timer

        WARNING - Timeout at wait_reg8:81!

        Scan for VGA option rom

        Running option rom at c000:0003
Attaching gdb on qemu only confirmed that we were looping "somewhere" in 
the

guest VM BIOS (judging from the address space between 0x6702 and 0x670C).
As a side note, we never managed to get the UPT mode to output on the 
displays
(even on the Thinkpad X260, where legacy PT works). Perhaps because we 
tried on
a Q35/UEFI platform back then. On the guest, we got rid of the "error 43" 
in
Windows after updating to the latest intel driver. Also, it always indicates the presence of a second monitor in the configuration dialogs (even without 

the
x-igd-opregion=on option which make me doubt the actual screen is even 
detected).

On the Lenovo X260, we were luckier with the Q35/Seabios combo: we managed
once to get the external display to work and even then the internal display 

had

brightness issues and was unreadable.



We identified some differences between our test hardware:
- HP Probook's processor is a i3-7100U (Kabylake), graphic chip is a Intel 

HD Graphics 620 (8086:5916)
- Lenovo X260's processor is a i3-6100U (Skylake), graphic chip is a Intel 

HD Graphics 520 GT2 (8086:1916)



On the Linux host, we are using:
- a mix of linux Kernel 4.15.15 (for some early tests) and 4.16 (for all 
the debug output in the email)

- Qemu 2.12 or git master (HEAD of master on 4/25/2018)



We believe that Qemu could currently be lacking support for Gen9 KBL_GT2
graphics chips and that some memory regions need to be "reserved/mapped" or 

some

"stolen memory" should be declared (we are clearly not expert here, we just
looked at how the previous commits on pci_quirks.c handled newer generation 

IGD
hardware in Qemu). We haven't ruled out yet that an interrupt could be 
triggered
and we would be enterring an interrupt loop. We are a little at odds on how 

to

direct our debug next:
- do you know ways to check for memory write error in Qemu (in case the 
device

 is trying to communicate with a memory region that have not been mapped)?

- how do we check for interrupt loop?



We are also more than open to other suggestions. :-)



Best regards,

Tony Cheneau
reply via email to
[Prev in Thread] Current Thread [Next in Thread]