On 01/11/22 09:19, Laszlo Ersek wrote:

> Here's a rough call tree (for the non-SMM case, updating a
> non-authenticated non-volatile variable):
>
>   VariableServiceSetVariable()                             [MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c]
>     UpdateVariable()                                       [MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c]
>       UpdateVariableStore()                                [MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c]
>         FvbProtocolWrite()                                 [OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c]
>           QemuFlashWrite()                                 [OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c]
>
>             QemuFlashPtrWrite (WRITE_BYTE_CMD /* 0x10 */)
>                QEMU:
>                 pflash_write()                             [hw/block/pflash_cfi01.c]
>                   (wcycle == 0)
>                   memory_region_rom_device_set_romd(false) [softmmu/memory.c]
>                     ...
>                       kvm_region_del()                     [accel/kvm/kvm-all.c]
>                         kvm_set_phys_mem(false)            [accel/kvm/kvm-all.c]
>                           /* unregister the slot */
>
>                   /* Single Byte Program */
>                   wcycle++
>
>             QemuFlashPtrWrite (Buffer[Loop])
>               QEMU:
>                 pflash_write()                             [hw/block/pflash_cfi01.c]
>                   (wcycle == 1)
>                   /* Single Byte Program */
>                   pflash_data_write()                      [hw/block/pflash_cfi01.c]
>                   pflash_update()                          [hw/block/pflash_cfi01.c]
>                     blk_pwrite()                           [block/block-backend.c]
>                   wcycle = 0
>
>             QemuFlashPtrWrite (READ_ARRAY_CMD /* 0xff */)
>               QEMU:
>                 pflash_write()                             [hw/block/pflash_cfi01.c]
>                   (wcycle == 0)
>                   memory_region_rom_device_set_romd(false) [softmmu/memory.c]
>                     /* no actual change */
>                   /* Read Array */
>                   memory_region_rom_device_set_romd(true)  [softmmu/memory.c]
>                     kvm_region_add()                       [accel/kvm/kvm-all.c]
>                       kvm_set_phys_mem(true)               [accel/kvm/kvm-all.c]
>                         /* register the new slot */
>                         kvm_mem_flags()                    [accel/kvm/kvm-all.c]
>                           ... memory_region_is_romd() ...  [include/exec/memory.h]
>                           flags |= KVM_MEM_READONLY

In that call tree, I ignored Reclaim()
[MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c]; Reclaim() is
called from more places than just from UpdateVariable().

In Reclaim(), we (roughly) have

  Reclaim()              [MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c]
    FtwVariableSpace()   [MdeModulePkg/Universal/Variable/RuntimeDxe/Reclaim.c]
      FtwWrite()         [MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWrite.c]
        QemuFlashWrite() [OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c]

For a bit more info on the internals of FtwWrite(), see the attached
message (I'd provide a URL, but Intel had killed the edk2-devel archives
on lists.01.org, and the other archives don't go back to 2014...)

Thanks
Laszlo