黑威联通QTS Model硬件定义笔记

威联通使用的是QTS系统，黑威联通关键的地方，除了需要了解嵌入式linux逆向工程之外，还需要针对不同的硬件设备或者不同的虚拟化平台做出Model文件里面的硬件定义内容。

由于Model的资料比较少，把自行记录的笔记整理一下，本文为黑威联通QTS Model硬件定义笔记(不完整版)。

本文案例设备：PVE宿主机、创建Q35虚拟机用作黑威联通系统，直通两个sata控制器（每控制器分别接入2个物理硬盘共4个硬盘）和一个物理网卡，引导盘使用虚拟硬盘

进入tc系统，使用lspci -vtnn查询PCI设备，提取硬盘控制器、引导、网卡等设备IO号

tc@box:~$ lspci -vtnn
-[0000:00]-+-00.0  Intel Corporation 82G33/G31/P35/P31 Express DRAM Controller [8086:29c0]
           +-01.0  Device [1234:1111]
           +-1a.0  Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #4 [8086:2937]
           +-1a.1  Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #5 [8086:2938]
           +-1a.2  Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #6 [8086:2939]
           +-1a.7  Intel Corporation 82801I (ICH9 Family) USB2 EHCI Controller #2 [8086:293c]
           +-1b.0  Intel Corporation 82801I (ICH9 Family) HD Audio Controller [8086:293e]
           +-1c.0-[01]----00.0  Intel Corporation Device [8086:31e3]
           +-1c.1-[02]----00.0  ASMedia Technology Inc. ASM1062 Serial ATA Controller [1b21:0612]
           +-1c.2-[03]----00.0  Realtek Semiconductor Co., Ltd. Device [10ec:8125]
           +-1c.3-[04]--
           +-1d.0  Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #1 [8086:2934]
           +-1d.1  Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #2 [8086:2935]
           +-1d.2  Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #3 [8086:2936]
           +-1d.7  Intel Corporation 82801I (ICH9 Family) USB2 EHCI Controller #1 [8086:293a]
           +-1e.0-[05-09]--+-01.0-[06]--+-03.0  Red Hat, Inc Virtio memory balloon [1af4:1002]
           |               |            +-07.0  Intel Corporation 82801IR/IO/IH (ICH9R/DO/DH) 6 port SATA Controller [AHCI mode] [8086:2922]
           |               |            \-12.0  Red Hat, Inc Virtio network device [1af4:1000]
           |               +-02.0-[07]--
           |               +-03.0-[08]--
           |               \-04.0-[09]--
           +-1f.0  Intel Corporation 82801IB (ICH9) LPC Interface Controller [8086:2918]
           +-1f.2  Intel Corporation 82801IR/IO/IH (ICH9R/DO/DH) 6 port SATA Controller [AHCI mode] [8086:2922]
           \-1f.3  Intel Corporation 82801I (ICH9 Family) SMBus Controller [8086:2930]
tc@box:~$

经过上述信息可得出以下信息：

#以上信息均补全硬件定义的开头
-[0000:00]-

#硬盘控制器有三个，01是主板板载sata控制器，02是ASM1062 sata控制器（个别主板可能是板载，也可能是扩展卡），第三个是虚拟sata控制器（注意最后的设备ID，lspci内出现了两次）
#前两个是物理控制器、第三个是虚拟控制器
-[0000:00]-+-1c.0-[01]----00.0  Intel Corporation Device [8086:31e3]
-[0000:00]-+-1c.1-[02]----00.0  ASMedia Technology Inc. ASM1062 Serial ATA Controller [1b21:0612]
-[0000:00]-+-1f.2  Intel Corporation 82801IR/IO/IH (ICH9R/DO/DH) 6 port SATA Controller [AHCI mode] [8086:2922]

#网卡有两个，第一个是物理网卡，第二个是Virtio虚拟网卡（类似的虚拟网卡还有常见的E1000、E1000e、RTL8139、vmxnet3等等）
-[0000:00]-+-1c.2-[03]----00.0  Realtek Semiconductor Co., Ltd. Device [10ec:8125]
-[0000:00]-+-1e.0-[05-09]--+-01.0-[06]--\-12.0  Red Hat, Inc Virtio network device [1af4:1000]

#启动盘，这里要根据实际的情况来提取，启动盘有USB、SATA硬盘等，本文的案例是虚拟硬盘作为引导，所以这里提取的虚拟硬盘控制器地址
-[0000:00]-+-1f.2  Intel Corporation 82801IR/IO/IH (ICH9R/DO/DH) 6 port SATA Controller [AHCI mode] [8086:2922]

重点来了，把提取出来的硬盘控制器、网卡、启动盘的IO地址转换为QTS可识别的地址

#硬盘控制器，每控制器最大可接入6个硬盘，本文的案例是每个物理控制器只接入2个硬盘共4个硬盘

#第一个控制器-板载sata控制器的硬盘定义，根据上述提取的“-[0000:00]-+-1c.0-[01]----00.0”转换而来，这里面要拆成两个信息
总线地址：[0000:00]-+-1c.0
子地址：[01]----00.0

#进制转换(16进制 -> 10进制)，定义QTS能识别的地址
00.1c.0 -> B00:D28:F0
01.00.0 -> B01:D00:F0

#最终，注意个别序号从0/1开始，别搞混
[System Disk 1]    #该sata控制器接入两个硬盘，这里是物理机的第一个硬盘
DEV_BUS=B00:D28:F0    #总线地址
DEV_PORT = 0    #每sata有0-5号，0是该控制器的第一个硬盘，最大支持6个硬盘
DEV_BRIDGE_BUS = B01:D00:F0    #子地址
[System Disk 2]    #该sata控制器的第二个硬盘，这里是物理机的第二个硬盘
DEV_BUS=B00:D28:F0    #总线地址，由于同一个sata控制器故和上述一致
DEV_PORT = 1    #注意这里是1，因为从0开始计算
DEV_BRIDGE_BUS = B01:D00:F0    #子地址，由于同一个sata控制器故和上述一致

#后续的控制器、网卡、启动盘等定义方法，均参考上述第一个控制器的硬盘定义即可，不再啰嗦

#第二个控制器-ASM1062 sata控制器的硬盘定义，根据上述提取的“-[0000:00]-+-1c.1-[02]----00.0”转换而来
[System Disk 3]
DEV_BUS=B00:D28:F1
DEV_PORT = 0
DEV_BRIDGE_BUS = B02:D00:F0
[System Disk 4]
DEV_BUS=B00:D28:F1
DEV_PORT = 1
DEV_BRIDGE_BUS = B02:D00:F0

#网卡定义，，根据上述提取的“-[0000:00]-+-1c.2-[03]----00.0”转换而来
[System Network 1]
DEV_BUS=B00:D28:F2
DEV_PORT = 0
DEV_BRIDGE_BUS = B03:D00:F0

#启动盘定义，根据上述提取的“-[0000:00]-+-1f.2”转换而来
#进制转换(16进制 -> 10进制)
00.1f.2 -> B00:D31:F2

[Boot Disk 1]    第一个启动盘
DISK_DRV_TYPE = ATA    #定义启动盘为sata引导的类型
DEV_BUS = B00:D31:F2
DEV_PORT = 0

题外话，新手可忽略这段：总线地址、子地址只有两层，还有子子地址这种三层的PCI设备

-[0000:00]-+-1f.2  Intel Corporation 82801IR/IO/IH (ICH9R/DO/DH) 6 port SATA Controller [AHCI mode] [8086:2922]
-[0000:00]-+-1c.2-[03]----00.0  Realtek Semiconductor Co., Ltd. Device [10ec:8125]
-[0000:00]-+-1e.0-[05-09]--+-01.0-[06]--\-12.0  Red Hat, Inc Virtio network device [1af4:1000]

#第一行：总线地址
#第二行：总线地址-子地址
#第三行：总线地址-子地址-子子地址（为了便于理解……你也可以理解为：爷爷-父亲-孙子……）

#前两个，在上一段已经给出定义方法，但是带有孙子……额……口误，带有子子地址这种的定义方法还未知如何定义
#第三行这种情况，出现在amd个别设备或者pve分配pci设备时不含“pcie=1”时会出现，pve可通过给pcie设备增加“pcie=1”参数解决，其余平台自行研究

完整版model.conf - 已移除LED、FAN等参数

[System Enclosure]
VENDOR = QNAP
MODEL = TS-653B
CAP=0x161cdb9c
MAX_DISK_NUM = 6
MAX_TEMP_NUM = 2
MAX_NET_PORT_NUM = 10
INTERNAL_NET_PORT_NUM = 3
MAX_PCIE_SLOT = 1
CPU_TEMP_UNIT = DTS:1
SYSTEM_TEMP_UNIT=EC
SIO_DEVICE = IT8528
PWR_RECOVERY_UNIT = EC
PWR_RECOVERY_CMOS_STORE = 0x70,0x61
BUZZER_CMOS_STORE = 0x70,0x63
BOARD_SN_DEVICE = VPD:BP
ETH_MAC_DEVICE = NET
DISK_DRV_TYPE = ATA
DISK_DEFAULT_MAX_LINK_SPEED = PD_SATA_SAS_6G
SYSTEM_DISK_CACHEABLE_BITMAP = 0x7E
SS_MAX_CHANNELS = 40
SS_FREE_CHANNELS = 4
EUP_STATUS = EC
QA_PORT_SUPPORT = 1
LCM_BAUDRATE = 115200
HEAT_SOURCE = SYS, CPU, DISK
[System I2C]
DEV_BUS = B00:D31:F1
DEV_PORT = 0
[System EDID 1]
DEV_BUS = B00:D02:F0
DEV_PORT = 1
[System EDID 2]
DEV_BUS = B00:D02:F0
DEV_PORT = 0
[System IO]
RESET_BUTTON = EC
USB_COPY_BUTTON = EC
VPD_MB = EC
VPD_BP = EC
EDID_COUNT=2
VOICE_ALERT_SUPPORT = 1
[System Disk 1]
DEV_BUS=B00:D28:F0
DEV_PORT = 0
DEV_BRIDGE_BUS = B01:D00:F0
[System Disk 2]
DEV_BUS=B00:D28:F0
DEV_PORT = 1
DEV_BRIDGE_BUS = B01:D00:F0
[System Disk 3]
DEV_BUS=B00:D28:F1
DEV_PORT = 0
DEV_BRIDGE_BUS = B02:D00:F0
[System Disk 4]
DEV_BUS=B00:D28:F1
DEV_PORT = 1
DEV_BRIDGE_BUS = B02:D00:F0
[System Network 1]
DEV_BUS = B00:D19:F2
PCI_SWITCH_PORT = 7
DEV_PORT = 0
[System Network 2]
DEV_BUS = B00:D19:F2
PCI_SWITCH_PORT = 3
DEV_PORT = 0
[System Network 3]
DEV_BUS = B00:D19:F3
DEV_PORT = 0
QA_PORT = YES
[System PCIE SLOT 1]
DEV_BUS = B00:D20:F0
MAX_PCIE_LINK_WIDTH = 2
[Usb Enclosure]
VENDOR = QNAP
MODEL = USB
MAX_PORT_NUM = 7
USB3_PORT_BITMAP = 0xFE
EXT_PORT_NUM = 2
[Usb Port 1]
DEV_BUS = B00:D21:F0
DEV_PORT = 1
[Usb Port 2]
DEV_BUS = B00:D21:F0
IN_HUB = 1
DEV_PORT = 4
HUB_PORT = 2
[Usb Port 3]
DEV_BUS = B00:D21:F0
IN_HUB = 1
DEV_PORT = 3
HUB_PORT = 2
[Usb Port 4]
DEV_BUS = B00:D21:F0
IN_HUB = 1
DEV_PORT = 2
HUB_PORT = 2
[Usb Port 5]
DEV_BUS = B00:D21:F0
IN_HUB = 1
DEV_PORT = 1
HUB_PORT = 2
[Usb Port 6]
DEV_BUS = B00:D20:F0
DEV_PORT_SS = 2
[Usb Port 7]
DEV_BUS = B00:D20:F0
DEV_PORT_SS = 1
[MMC Port 1]
DEV_BUS = B00:D27:F0
[Boot Enclosure]
VENDOR = QNAP
MODEL = BOOT
MAX_DISK_NUM = 1
[Boot Disk 1]
DISK_DRV_TYPE = MMC
DEV_BUS = B00:D28:F0
[System Memory]
MAX_CHANNEL_NUM = 2
MAX_SLOT_NUM = 2
SLOT1_ADDR = 1, 0x50
SLOT2_ADDR = 2, 0x52

精简版model.conf - 只提取我们需要的部分和修正部分关键硬件IO号：系统定义、磁盘定义、网络定义、启动盘定义

[System Enclosure]
VENDOR = QNAP
MODEL = TS-653B
CAP=0x161cdb9c
MAX_DISK_NUM = 6
MAX_TEMP_NUM = 2
DISK_DRV_TYPE = ATA
[System Disk 1]
DEV_BUS=B00:D28:F0
DEV_PORT = 0
DEV_BRIDGE_BUS = B01:D00:F0
[System Disk 2]
DEV_BUS=B00:D28:F0
DEV_PORT = 1
DEV_BRIDGE_BUS = B01:D00:F0
[System Disk 3]
DEV_BUS=B00:D28:F1
DEV_PORT = 0
DEV_BRIDGE_BUS = B02:D00:F0
[System Disk 4]
DEV_BUS=B00:D28:F1
DEV_PORT = 1
DEV_BRIDGE_BUS = B02:D00:F0
[System Network 1]
DEV_BUS=B00:D28:F2
DEV_PORT = 0
DEV_BRIDGE_BUS = B03:D00:F0
[Boot Enclosure]
VENDOR = QNAP
MODEL = BOOT
MAX_DISK_NUM = 1
[Boot Disk 1]
DISK_DRV_TYPE = ATA
DEV_BUS = B00:D31:F2
DEV_PORT = 0

把制作好的model.conf文件上传至tc内的mymodel目录覆盖后，执行命令重新编译后重启进入查看即可

sudo cp -f ./mymodel/* ./initrd/etc/  &&  sudo ./re_packing && sudo reboot

本文只解决QTS的Model硬件定义部分，其余可参考老骥伏枥的黑威联通帖子

【老骥伏枥-狗年大礼包】嵌入式linux逆向工程，手把手教你作黑Q：http://www.nasyun.com/thread-39736-1-1.html