Device Memory, MMIO and SSE instruction set

Introduction

- This blogpost is going to summarized my recent research and idea between PCI Device, MMIO, SSE instruction set. Recently, I have a research topic that require to access and copy the device memory (BAR memory). For my previous knowledge , BAR memory is actually as same as the physical memory, but somehow it is mapped to the devices.

However, I changed my thought after I met a problem when coping device memory by kernel optimized memcpy. I used memcpy for memory-mapped space, it all return 0xFF, however, it works great I copy it by normal pointer, it stimulate me to dig inside, what's happening.

PCI Device

A device that meet PCI specification, in PCI device spec, there's one great point that enable you could easier communicate with the device, it called Mapped Memory I/O, MMIO. 

PCI device has it's own device memory and register inside the hardware, for the register is always responsible for communication from external device , like the device driver, such as, SPI Controller, Keyboard, USB Controller, etc. For the register, it should be 1,2,4,8byte size.

Mapped Memory I/O (MMIO) and Base Address Register(BAR)

MMIO provides a convenient approach for accessing and communicating with device, but how does it work? what behind that? In PCI spec, BAR provide an ability that can intercept the address decoding process by attaching onto address bus, after BIOS programmed the BAR for each device, they would have a memory window for memory base access. It's interesting that the reserved physical memory space is no more useful, and it is completely transparent to the OS, considering the following instruction that talk to device

mov [mmio_space] , 0x1

It's very simple instruction that writing 0x1 into mmio_space, however, by assumption that mmio_space is pointing to the BAR,  it isn't magically mapped the actual memory to device register, instead, it is redirection, when address decoder meet BAR device address, found the I/O device number, it won't send the address to memory controller, however, it send to I/O controller of the device. 

In summary, when we access the MMIO address via mov, it's actually not moving the memory, it's a different approach that send I/O request to device instead of using IN / OUT instruction, this makes faster and easier for kernel programmer.

SSE2 Instruction

It's optimized instruction for moving memory at once, it is SIMD based instruction set, it support at minimal size at 128-bit , and maximum at 512-bit at once.

Conflict

As far as I know, the device's register could either be 1, 2, 4, 8 byte width, if you request the data size over the width, it may turn out an unexpected result, for my case, using optimized version of memcpy, that read 128-bit at once by SSE2 instruction, it returned all 0xFF for me. 

Reference


Comments

Post a Comment

Popular posts from this blog

Android Kernel Development - Kernel compilation and Hello World

Image
Introduction Due to the lack of the material that clearly kick off the  android kernel development , hopefully it will gives the clearer  guide to develop your own android driver and debugging it. p.s. Due to the version differential, this article  is not ensure all of the Android Version , SDK version,  source  code , and   Emulator is compatible , however,  the door of   research is always opened,   just   feel   free   to contact me  and play together :P All the materials   are also  saved   in   the VM  ,   you can just directly leverage  the  existing VM Image for  development or  alternatively, as a research and studying, follow the following guide  to create your own workplace.  Android kernel didn't have dynamically insmod like the other linux, so this tutorial is trying to build a new Android Kernel and make test our kernel driver as well. Material Ubuntu 18.04.2 LTS  Android studio Android ndk-r10 Android SDK Goldfish v3.10 VMWare 15   
Read more

How does Nested-Virtualization works?

Image
What is Nested virtualization? ----------------------------------------------------------------------------------------------------- Nowadays, Software Security is becoming more important criteria in the industry, and in recent years, virtualization as a popular topic for protecting / attacking a software, however, most of the virtualization technology framework (bluepill-liked) is not provide an ability that let a guest virtualize one more layer, we called it "Nested Virtualization", level 2. Basic Virtual Machine Monitor Architecture ------------------------------------------------------------------------------------------------------ Figure[1] Host VMM trap any type of event which wants to monitor, such as, Interrupt, exception, privileged register access, one of this event is VMX instruction, after VMM loaded, VMM can always monitor a any one of the  VMX instructions, which provide a good chance for us. As following chart: Figure[2] VMM Life Cycle
Read more

Understanding ACPI and Device Tree

Image
This blog document and help to understand how ACPI works AML (ACPI Machine Language) AML is compiled binary that written in the ACPI Source Language (ASL) and it is interpreted binary that interpreted by AML interpreter during OS runtime. AML is provided by hardware manufacture and embedded in the firmware, it provides the entire device base hierarchy (all thing that equipped on your motherboard, and cannot be removed.) and function to OS that could interface the dedicated hardware, like PCI-ISA bridge or processor, controlling the power, turn on/off, etc. AML operated by different object type, and defined in definition block in firmware table (DSDT / SSDT) AML object type Scope String   Constant Package Control Method Device   ACPI Object  Naming Convention 1. All object names are 32 bits long. 2. The first byte of a name must be one of 'A' - 'Z', '_'. 3. Each of the remaining bytes of a name must be one of 'A' - 'Z', '0' - '
Read more