<好记性不如烂笔头> sw架构，ehci，dma地址申请超过32bit问题记录

[busuanzi] 2022-07-05

字数统计: 3.1k字 | 阅读时长≈ 17分

问题描述

问题描述：
设备寄存器中指定地址范围为32bit，实际dma申请到的内存地址，超过32bit

系统：
sw_64的kylin系统
linux-4.19.90-2003.4.0.0036.ky3.kb27.sw_64
配置改动，打开了EHCI和UVC的功能
参看 <巨人的肩膀> linux系统，开启驱动模块

日志

//file drivers/usb/host/ehci-q.c
//function submit_async
        struct usb_hcd hcd = ehci_to_hcd(ehci);
        printk("qh:%p, async:%p, hw:%p, dma:%llx",qh, ehci->async, ehci->async->hw, ehci->async->qh_dma);
        printk("self.sysdev:%p, dma_ops:%p,coherent_dma_mask%llx,dma_pfn_offset:%lx,r_ops:%p",
                hcd->self.sysdev, 
                hcd->self.sysdev->dma_ops,
                hcd->self.sysdev->coherent_dma_mask,
                hcd->self.sysdev->dma_pfn_offset,
                &dma_direct_ops);
        if (hcd->self.controller->dma_mask)
                printk("mask:%llx",*hcd->self.controller->dma_mask);
        else
                printk("no mask null");

详细日志如下

[  101.130000] usb usb5: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 4.19
[  101.130000] usb usb5: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[  101.130000] usb usb5: Product: EHCI Host Controller
[  101.130000] usb usb5: Manufacturer: Linux 4.19.90-2003.4.0.0036.ky3.kb28.sw_64-qemu ehci_hcd
[  101.130000] usb usb5: SerialNumber: 0000:08:00.0
[  101.130000] hub 5-0:1.0: USB hub found
[  101.130000] hub 5-0:1.0: 15 ports detected
[  106.850000] usb 5-6: new high-speed USB device number 2 using ehci-pci
[  106.850000] qh:00000000ee1ffd7a, async:00000000e48cc161, hw:00000000098c4365, dma:1e3814000
[  106.850000] self.sysdev:00000000b2db70ff, dma_ops:          (null),coherent_dma_maskffffffff,dma_pfn_offset:0,r_ops:00000000bc999dce
[  106.850000] mask:ffffffff
[  112.090000] usb 5-6: device descriptor read/64, error -60

排查

尝试设置32bit，确认正确设置了dma的地址掩码

ehci_caps::hcc_params ，这是一个32bit标志，最后1bit 表示是否支持64-bit地址
查看hcd-ehci的代码，发现只在发现支持64的时候，设置为64。尝试修改，在else中设置32bit（此时怀疑默认值是64）
1
2
3
4
}else{
printk("ehci enabled 32bit DMA\n");
dma_set_mask(hcd->self.controller, DMA_BIT_MASK(32));
}
修改后，尝试无效。
去除这段代码，dma_mask依然是0xffffffff，所以默认就是32bit不需要修改

排查过程用到的数据结构简单整理

classDiagram
        class device{
                +numa_node
                +dma_mask
                +dma_pool
                +id
        }
        class pci_dev{
                +dma_mask
                +sysdata
        }
        class usb_bus {
                +sysdev 
                +__usb_create_hcd()
        }
        class dma_map_ops{
                alloc()
                free()
                map_page()
                unmap_page()
                map_sg()
                unmap_sg()
                dma_supported()
                mapping_error()
        }
        device o-- dma_map_ops
        dma_map_ops --|> sw64_dma_direct_ops
        dma_map_ops --|> dma_direct_ops
        device --|> pci_dev
        pci_dev "1" .. "1" dma_map_ops
        pci_dev o-- pci_controller
        device --|> usb_bus
        usb_bus o-- pci_dev
        device --|> usb_device
        usb_device o-- usb_bus
        usb_bus --|> usb_hcd
        usb_hcd --|> ehci_hcd

查看 ehci_qh_alloc

首先是ehci中，内存分配的逻辑如下获取的vaddr 给了qh->hw, dma_addr 给了 qh->qh_dma

//file drivers/usb/host/ehci-mem.c
static struct ehci_qh *ehci_qh_alloc (struct ehci_hcd *ehci, gfp_t flags)
{
        struct ehci_qh          *qh;
        dma_addr_t              dma;

        qh = kzalloc(sizeof *qh, GFP_ATOMIC);
        if (!qh)
                goto done;
        qh->hw = (struct ehci_qh_hw *)
                dma_pool_alloc(ehci->qh_pool, flags, &dma);
        if (!qh->hw)
                goto fail;
        memset(qh->hw, 0, sizeof *qh->hw);
        qh->qh_dma = dma;
        //...
}

查看 dma_pool_alloc

通过 pool_alloc_page 获取page，从page中获取虚拟内存地址和dma地址

// file mm/dmapool.c
/**
 * dma_pool_alloc - get a block of consistent memory
 * @pool: dma pool that will produce the block
 * @mem_flags: GFP_* bitmask
 * @handle: pointer to dma address of block
 *
 * Return: the kernel virtual address of a currently unused block,
 * and reports its dma address through the handle.
 * If such a memory block can't be allocated, %NULL is returned.
 */
void *dma_pool_alloc(struct dma_pool *pool, gfp_t mem_flags,
		     dma_addr_t *handle)
{
	unsigned long flags;
	struct dma_page *page;
	size_t offset;
	void *retval;

	might_alloc(mem_flags);

	spin_lock_irqsave(&pool->lock, flags);
	list_for_each_entry(page, &pool->page_list, page_list) {
		if (page->offset < pool->allocation)
			goto ready;
	}

	/* pool_alloc_page() might sleep, so temporarily drop &pool->lock */
	spin_unlock_irqrestore(&pool->lock, flags);

	page = pool_alloc_page(pool, mem_flags & (~__GFP_ZERO));
	if (!page)
		return NULL;

	spin_lock_irqsave(&pool->lock, flags);

	list_add(&page->page_list, &pool->page_list);
 ready:
	page->in_use++;
	offset = page->offset;
	page->offset = *(int *)(page->vaddr + offset);
	retval = offset + page->vaddr;
	*handle = offset + page->dma;
#ifdef	DMAPOOL_DEBUG
	{
		int i;
		u8 *data = retval;
		/* page->offset is stored in first 4 bytes */
		for (i = sizeof(page->offset); i < pool->size; i++) {
			if (data[i] == POOL_POISON_FREED)
				continue;
			if (pool->dev)
				dev_err(pool->dev, "%s %s, %p (corrupted)\n",
					__func__, pool->name, retval);
			else
				pr_err("%s %s, %p (corrupted)\n",
					__func__, pool->name, retval);

			/*
			 * Dump the first 4 bytes even if they are not
			 * POOL_POISON_FREED
			 */
			print_hex_dump(KERN_ERR, "", DUMP_PREFIX_OFFSET, 16, 1,
					data, pool->size, 1);
			break;
		}
	}
	if (!(mem_flags & __GFP_ZERO))
		memset(retval, POOL_POISON_ALLOCATED, pool->size);
#endif
	spin_unlock_irqrestore(&pool->lock, flags);

	if (want_init_on_alloc(mem_flags))
		memset(retval, 0, pool->size);

	return retval;
}

查看 pool_alloc_page

申请一个page
page的 vaddr和 dma 通过 dma_alloc_coherent 函数获取

// file mm/dmapool.c
static struct dma_page *pool_alloc_page(struct dma_pool *pool, gfp_t mem_flags)
{
        struct dma_page *page;

        page = kmalloc(sizeof(*page), mem_flags);
        if (!page)
                return NULL;
        page->vaddr = dma_alloc_coherent(pool->dev, pool->allocation,
                                         &page->dma, mem_flags);
        if (page->vaddr) {
#ifdef  DMAPOOL_DEBUG
                memset(page->vaddr, POOL_POISON_FREED, pool->allocation);
#endif
                pool_initialise_page(pool, page);
                page->in_use = 0;
                page->offset = 0;
        } else {
                kfree(page);
                page = NULL;
        }
        return page;
}

查看 dma_alloc_coherent

dma_alloc_coherent ==> dma_alloc_attrs
尝试通过dma_alloc_from_dev_coherent获取dma_handle 和cpu_addr
失败的话就通过 ops->alloc 获取 dma_handle 和 cpu_addr

先看dma_alloc_from_dev_coherent

//file include/linux/dma-mapping.h
static inline void *dma_alloc_coherent(struct device *dev, size_t size,
                dma_addr_t *dma_handle, gfp_t flag)
{
        return dma_alloc_attrs(dev, size, dma_handle, flag, 0);
}

static inline void *dma_alloc_attrs(struct device *dev, size_t size,
                                       dma_addr_t *dma_handle, gfp_t flag,
                                       unsigned long attrs)
{
        const struct dma_map_ops *ops = get_dma_ops(dev);
        void *cpu_addr;

        BUG_ON(!ops);
        WARN_ON_ONCE(dev && !dev->coherent_dma_mask);

        if (dma_alloc_from_dev_coherent(dev, size, dma_handle, &cpu_addr))
                return cpu_addr;

        /* let the implementation decide on the zone to allocate from: */
        flag &= ~(__GFP_DMA | __GFP_DMA32 | __GFP_HIGHMEM);

        if (!arch_dma_alloc_attrs(&dev))
                return NULL;
        if (!ops->alloc)
                return NULL;

        cpu_addr = ops->alloc(dev, size, dma_handle, flag, attrs);
        debug_dma_alloc_coherent(dev, size, *dma_handle, cpu_addr);
        return cpu_addr;
}

dma_alloc_from_dev_coherent 需要CONFIG_HAVE_GENERIC_DMA_COHERENT配置支持
检查menuconfig，发现没有配置

#ifdef CONFIG_HAVE_GENERIC_DMA_COHERENT
/*
 * These three functions are only for dma allocator.
 * Don't use them in device drivers.
 */
int dma_alloc_from_dev_coherent(struct device *dev, ssize_t size,
                                       dma_addr_t *dma_handle, void **ret);
int dma_release_from_dev_coherent(struct device *dev, int order, void *vaddr);

int dma_mmap_from_dev_coherent(struct device *dev, struct vm_area_struct *vma,
                            void *cpu_addr, size_t size, int *ret);

void *dma_alloc_from_global_coherent(ssize_t size, dma_addr_t *dma_handle);
int dma_release_from_global_coherent(int order, void *vaddr);
int dma_mmap_from_global_coherent(struct vm_area_struct *vma, void *cpu_addr,
                                  size_t size, int *ret);

#else
#define dma_alloc_from_dev_coherent(dev, size, handle, ret) (0)
#define dma_release_from_dev_coherent(dev, order, vaddr) (0)
#define dma_mmap_from_dev_coherent(dev, vma, vaddr, order, ret) (0)

查看ops的实例是哪个
检查menuconfig CONFIG_HAS_DMA 配置开启
没找到调用set_dma_ops的地方
所以dev->dma_ops可能是NULL
通过日志打印，确认dma_ops 是NULL，所以这里用的是get_arch_dma_ops

//file include/linux/dma-mapping.h
#ifdef CONFIG_HAS_DMA
#include <asm/dma-mapping.h>
static inline const struct dma_map_ops *get_dma_ops(struct device *dev)
{
        if (dev && dev->dma_ops)
                return dev->dma_ops;
        return get_arch_dma_ops(dev ? dev->bus : NULL);
}

static inline void set_dma_ops(struct device *dev,
                               const struct dma_map_ops *dma_ops)
{
        dev->dma_ops = dma_ops;
}
#else

排查 get_arch_dma_ops

确认 CONFIG_DMA_NONCOHERENT_OPS 未开启

查看 dma_direct_ops

//file include/asm-generic/dma-mapping.h
static inline const struct dma_map_ops *get_arch_dma_ops(struct bus_type *bus)
{
        /*
         * Use the non-coherent ops if available.  If an architecture wants a
         * more fine-grained selection of operations it will have to implement
         * get_arch_dma_ops itself or use the per-device dma_ops.
         */
#ifdef CONFIG_DMA_NONCOHERENT_OPS
        return &dma_noncoherent_ops;
#else
        return &dma_direct_ops;
#endif
}

这里不太确定是否使用dma_direct_ops，还是sw64_dma_direct_ops

先排查 dma_direct_ops

按照这个逻辑一路排查，发现最后算出来dma_addr 和 vaddr 竟然相同，不符合我们的日志

//file kernel/dma/direct.c 
const struct dma_map_ops dma_direct_ops = {
        .alloc                  = dma_direct_alloc,
        .free                   = dma_direct_free,
        .map_page               = dma_direct_map_page,
        .map_sg                 = dma_direct_map_sg,
        .dma_supported          = dma_direct_supported,
        .mapping_error          = dma_direct_mapping_error,
};
EXPORT_SYMBOL(dma_direct_ops);

void *dma_direct_alloc(struct device *dev, size_t size, dma_addr_t *dma_handle,
                gfp_t gfp, unsigned long attrs)
{
        unsigned int count = PAGE_ALIGN(size) >> PAGE_SHIFT;
        int page_order = get_order(size);
        struct page *page = NULL;
        void *ret;

        /* we always manually zero the memory once we are done: */
        gfp &= ~__GFP_ZERO;

        /* GFP_DMA32 and GFP_DMA are no ops without the corresponding zones: */
        if (dev->coherent_dma_mask <= DMA_BIT_MASK(ARCH_ZONE_DMA_BITS))
                gfp |= GFP_DMA;
        if (dev->coherent_dma_mask <= DMA_BIT_MASK(32) && !(gfp & GFP_DMA))
                gfp |= GFP_DMA32;

again:  
        /* CMA can be used only in the context which permits sleeping */
        if (gfpflags_allow_blocking(gfp)) {
                page = dma_alloc_from_contiguous(dev, count, page_order,
                                                 gfp & __GFP_NOWARN); 
                if (page && !dma_coherent_ok(dev, page_to_phys(page), size)) {
                        dma_release_from_contiguous(dev, page, count);
                        page = NULL;
                }page_addressk(dev, page_to_phys(page), size)) {
                __free_pages(page, page_order);
                page = NULL;

                if (IS_ENABLED(CONFIG_ZONE_DMA32) &&
                    dev->coherent_dma_mask < DMA_BIT_MASK(64) &&
                    !(gfp & (GFP_DMA32 | GFP_DMA))) {
                        gfp |= GFP_DMA32;
                        goto again;
                }

                if (IS_ENABLED(CONFIG_ZONE_DMA) &&
                    dev->coherent_dma_mask < DMA_BIT_MASK(32) &&
                    !(gfp & GFP_DMA)) {
                        gfp = (gfp & ~GFP_DMA32) | GFP_DMA;
                        goto again;
                }
        }

        if (!page)
                return NULL;
        ret = page_address(page);
        if (force_dma_unencrypted()) {
                set_memory_decrypted((unsigned long)ret, 1 << page_order);
                *dma_handle = __phys_to_dma(dev, page_to_phys(page));
        } else {
                *dma_handle = phys_to_dma(dev, page_to_phys(page));
        }
        memset(ret, 0, size);
        return ret;
}

/*
 * For AMD SEV all DMA must be to unencrypted addresses.
 */
static inline bool force_dma_unencrypted(void)
{
        return sev_active();
}

page相关

//file include/asm-generic/page.h
#ifndef page_to_phys
#define page_to_phys(page)      ((dma_addr_t)page_to_pfn(page) << PAGE_SHIFT)
#endif

//file include/asm-generic/memory_model.h
/*
 * supports 3 memory models.
 */
#if defined(CONFIG_FLATMEM)

#define __pfn_to_page(pfn)      (mem_map + ((pfn) - ARCH_PFN_OFFSET))
#define __page_to_pfn(page)     ((unsigned long)((page) - mem_map) + \
                                 ARCH_PFN_OFFSET)
#elif defined(CONFIG_DISCONTIGMEM)

#define __pfn_to_page(pfn)                      \
({      unsigned long __pfn = (pfn);            \
        unsigned long __nid = arch_pfn_to_nid(__pfn);  \
        NODE_DATA(__nid)->node_mem_map + arch_local_page_offset(__pfn, __nid);\
})

#define __page_to_pfn(pg)                                               \
({      const struct page *__pg = (pg);                                 \
        struct pglist_data *__pgdat = NODE_DATA(page_to_nid(__pg));     \
        (unsigned long)(__pg - __pgdat->node_mem_map) +                 \
         __pgdat->node_start_pfn;                                       \
})

#elif defined(CONFIG_SPARSEMEM_VMEMMAP)

/* memmap is virtually contiguous.  */
#define __pfn_to_page(pfn)      (vmemmap + (pfn))
#define __page_to_pfn(page)     (unsigned long)((page) - vmemmap)

#elif defined(CONFIG_SPARSEMEM)
/*
 * Note: section's mem_map is encoded to reflect its start_pfn.
 * section[i].section_mem_map == mem_map's address - start_pfn;
 */
#define __page_to_pfn(pg)                                       \
({      const struct page *__pg = (pg);                         \
        int __sec = page_to_section(__pg);                      \
        (unsigned long)(__pg - __section_mem_map_addr(__nr_to_section(__sec))); \
})

#define __pfn_to_page(pfn)                              \
({      unsigned long __pfn = (pfn);                    \
        struct mem_section *__sec = __pfn_to_section(__pfn);    \
        __section_mem_map_addr(__sec) + __pfn;          \
})
#endif /* CONFIG_FLATMEM/DISCONTIGMEM/SPARSEMEM */

/*
 * Convert a physical address to a Page Frame Number and back
 */
#define __phys_to_pfn(paddr)    PHYS_PFN(paddr)
#define __pfn_to_phys(pfn)      PFN_PHYS(pfn)

#define page_to_pfn __page_to_pfn
#define pfn_to_page __pfn_to_page

经过检查，开启的是CONFIG_DISCONTIGMEM配置

//file include/linux/mem_encrypt.h
#ifdef CONFIG_ARCH_HAS_MEM_ENCRYPT

#include <asm/mem_encrypt.h>

#else   /* !CONFIG_ARCH_HAS_MEM_ENCRYPT */

#define sme_me_mask     0ULL

static inline bool sme_active(void) { return false; }
static inline bool sev_active(void) { return false; }

#endif  /* CONFIG_ARCH_HAS_MEM_ENCRYPT */

CONFIG_ARCH_HAS_MEM_ENCRYPT 没有配置

#ifdef CONFIG_ARCH_HAS_PHYS_TO_DMA
#include <asm/dma-direct.h>
#else
static inline dma_addr_t __phys_to_dma(struct device *dev, phys_addr_t paddr)
{
        dma_addr_t dev_addr = (dma_addr_t)paddr;

        return dev_addr - ((dma_addr_t)dev->dma_pfn_offset << PAGE_SHIFT);
}
//...

/*
 * If memory encryption is supported, phys_to_dma will set the memory encryption
 * bit in the DMA address, and dma_to_phys will clear it.  The raw __phys_to_dma
 * and __dma_to_phys versions should only be used on non-encrypted memory for
 * special occasions like DMA coherent buffers.
 */
static inline dma_addr_t phys_to_dma(struct device *dev, phys_addr_t paddr)
{
        return __sme_set(__phys_to_dma(dev, paddr));
}

static inline phys_addr_t dma_to_phys(struct device *dev, dma_addr_t daddr)
{
        return __sme_clr(__dma_to_phys(dev, daddr));
}
//...
#endif

#ifdef CONFIG_AMD_MEM_ENCRYPT
/*
 * The __sme_set() and __sme_clr() macros are useful for adding or removing
 * the encryption mask from a value (e.g. when dealing with pagetable
 * entries).
 */
#define __sme_set(x)            ((x) | sme_me_mask)
#define __sme_clr(x)            ((x) & ~sme_me_mask)
#else
#define __sme_set(x)            (x)
#define __sme_clr(x)            (x)
#endif

再排查 sw64_dma_direct_ops

const struct dma_map_ops sw64_dma_direct_ops = {
        .alloc = sw64_direct_alloc_coherent,
        .free = sw64_direct_free_coherent,
        .map_page = sw64_direct_map_page,
        .unmap_page = sw64_direct_unmap_page,
        .map_sg = sw64_direct_map_sg,
        .unmap_sg = sw64_direct_unmap_sg,
        .dma_supported = sw64_direct_supported,
        .mapping_error = sw64_direct_mapping_error,
};

/* Allocate and map kernel buffer using consistent mode DMA for PCI
 * device.  Returns non-NULL cpu-view pointer to the buffer if
 * successful and sets *DMA_ADDRP to the pci side dma address as well,
 * else DMA_ADDRP is undefined.
 */

static void *sw64_direct_alloc_coherent(struct device *dev, size_t size,
                dma_addr_t *dma_addrp, gfp_t gfp,
                unsigned long attrs)
{
        struct pci_dev *pdev = sw64_direct_gendev_to_pci(dev);
        void *cpu_addr;
        long order = get_order(size);

        gfp &= ~GFP_DMA;

#ifdef CONFIG_ZONE_DMA
        if (dev->coherent_dma_mask < DMA_BIT_MASK(32))
                gfp |= GFP_DMA;
#endif

try_again:
        cpu_addr = (void *)__get_free_pages(gfp, order);
        if (!cpu_addr) {
                pr_info("pci_alloc_consistent: get_free_pages failed from %ps\n",
                                __builtin_return_address(0));
                /* ??? Really atomic allocation?  Otherwise we could play
                 * with vmalloc and sg if we can't find contiguous memory.
                 */
                return NULL;
        }
        memset(cpu_addr, 0, size);

        *dma_addrp = pci_direct_map_single_1(pdev, cpu_addr);
        if (*dma_addrp == 0) {
                free_pages((unsigned long)cpu_addr, order);
                if (gfp & GFP_DMA)
                        return NULL;
                /* The address doesn't fit required mask and we
                 * do not have iommu. Try again with GFP_DMA.
                 */
                gfp |= GFP_DMA;
                goto try_again;
        }

        DBGA2("pci_alloc_consistent: %zx -> [%p,%llx] from %ps\n",
                        size, cpu_addr, *dma_addrp, __builtin_return_address(0));

        return cpu_addr;
}

/* Helper for generic DMA-mapping functions. */
static struct pci_dev *sw64_direct_gendev_to_pci(struct device *dev)
{
        if (dev && dev->bus == &pci_bus_type)
                return to_pci_dev(dev);

        if (*dev->dma_mask >= 0xffffff) {
#ifdef CONFIG_SICH
                if (dev->parent) {
                        if (dev->parent->bus == &pci_bus_type)
                                return to_pci_dev(dev->parent);
                        if (dev->parent->parent) {
                                if (dev->parent->parent->bus == &pci_bus_type)
                                        return to_pci_dev(dev->parent->parent);
                        }
                }
#endif
        }

        /* This assumes ISA bus master with dma_mask 0xffffff. */
        return NULL;
}

/*
 * Map a single buffer of the indicated size for PCI DMA in streaming
 * mode.  The 32-bit PCI bus mastering address to use is returned.
 * Once the device is given the dma address, the device owns this memory
 * until either pci_unmap_single or pci_dma_sync_single is performed.
 */

static dma_addr_t
pci_direct_map_single_1(struct pci_dev *pdev, void *cpu_addr)
{
        struct pci_controller *hose = pdev->sysdata;
        unsigned long paddr;
        unsigned long dma_offset;

        if (hose == NULL) {
                pr_err("%s: hose does not exist!\n", __func__);
                return 0;
        }

        read_piu_ior0(hose->node, hose->index, EPDMABAR, &dma_offset);
        paddr = __pa(cpu_addr) + dma_offset;
        return paddr;
}

//file arch/sw_64/include/asm/pci.h

struct pci_controller {
        struct pci_controller *next;
        struct pci_bus *bus;
        struct resource *io_space;
        struct resource *mem_space;
        struct resource *pre_mem_space;
        struct resource *busn_space;
        unsigned long sparse_mem_base;
        unsigned long dense_mem_base;
        unsigned long sparse_io_base;
        unsigned long dense_io_base;

        /* This one's for the kernel only.  It's in KSEG somewhere.  */
        unsigned long ep_config_space_base;
        unsigned long rc_config_space_base;

        unsigned long index;
        unsigned long node;
        DECLARE_BITMAP(piu_msiconfig, 256);
        int int_irq;
        /* For compatibility with current (as of July 2003) pciutils
           and XFree86. Eventually will be removed. */
        unsigned int need_domain_info;

        struct pci_iommu_arena *sg_pci;
        struct pci_iommu_arena *sg_isa;

        bool iommu_enable;
        struct sunway_iommu *pci_iommu;
        int first_busno;
        int last_busno;
        int self_busno;
        void *sysdata;
};

# file arch/sw_64/chip/Makefile
obj-$(CONFIG_SW64_CHIP2)        := chip2/
obj-$(CONFIG_SW64_CHIP3)        := chip3/
obj-$(CONFIG_SW64_CHIP_QEMU)    := chip_qemu/

检查配置，发现使用的是CONFIG_SW64_CHIP_QEMU

// file arch/sw_64/chip/chip_qemu/chip_qemu.c
static inline
unsigned long get_RC_config(unsigned long node, unsigned long rc_index)
{
        return PAGE_OFFSET | IO_BASE | PCI_BASE | PCI_RC_CFG;
}

static inline
unsigned long get_PIU_PCI_IOR0(unsigned long node, unsigned long rc_index)
{
        return PAGE_OFFSET | IO_BASE | PCI_BASE | PCI_IO_PIU0;
}

static inline
unsigned long get_PIU_PCI_IOR1(unsigned long node, unsigned long rc_index)
{
        return PAGE_OFFSET | IO_BASE | PCI_BASE | PCI_IO_PIU1;
}

void read_rc_conf(unsigned long node, unsigned long rc_index,
                unsigned int conf_offset, volatile unsigned int *data)
{
        unsigned long addr;

        addr = get_RC_config(node, rc_index) | conf_offset;
        *data = *(unsigned int *)addr;
        mb();
}

void write_rc_conf(unsigned long node, unsigned long rc_index,
                unsigned int conf_offset, unsigned int data)
{
        unsigned long addr;

        addr = get_RC_config(node, rc_index) | conf_offset;
        *(unsigned int *)addr = data;
        mb();
}

void read_piu_ior0(unsigned long node, unsigned long rc_index,
                unsigned int reg, volatile unsigned long *value)
{
        unsigned long addr;

        addr = get_PIU_PCI_IOR0(node, rc_index) + reg;
        *value = *(unsigned long __iomem *)addr;
        mb();
}

arch/sw_64/include/asm/chip_qemu_io.h:74:	EPDMABAR =		0x80UL,
arch/sw_64/include/asm/pgtable-4level.h:28:#define PAGE_OFFSET	0xfff0000000000000
arch/sw_64/include/asm/chip_qemu_io.h:6:#define IO_BASE			(0x1UL << 47)
arch/sw_64/include/asm/chip_qemu_io.h:7:#define PCI_BASE		(0x1UL << 43)
arch/sw_64/include/asm/chip_qemu_io.h:10:#define PCI_IO_PIU1		(0x3UL << 32)

1 2	// file arch/sw_64/include/asm/page.h #define __pa(x) __phys_addr((unsigned long)(x))

所以 addr = 0xfff0880300000000 + 0x80UL
按着个计算下来，很有问题，数字太大，并且关系也和实际日志不太符合

规避

受限于时间进度问题，我没有在对这个问题进行跟进
后来整理资料的时候，发现一个规避方法，如果物理内存总共只有4G，那么dma地址无论如何，不会超过32bit。
所以，只要虚拟机内存分配只给4G，那么就没有问题

本文作者： crazyboy
本文链接： http://crazyboy.www.crazyboy.info/blog/blog/2022/07/05/it/linux/qemu/usb/ehci/debug/dma/
版权声明： 本博客所有文章除特别声明外，均采用 MIT 许可协议。转载请注明出处！