Finding nv28 PGRAPH context init
Take an MmioTrace, where you start X, run glxgears few seconds and shutdown X. Remember to inject markers "X running", "X still running", "going to start gears", "gears running", "gears stopped", "X dead", in that order.
Parse your log with Rules-ng.
Grep for NV10_PGRAPH_CHANNEL_CTX_TABLE, there should be just one or two writes to it. Take the hex value written, shift 4 bits to left (i.e. add a hex zero), and you have the offset into the PGRAPH context table. The table has 32 entries each 32 bits wide. Let's call these entries as the handles.
To ease the following parsing, let's add temporary stuff into nvregisters.xml which is in Rules-ng database directory. Find the definition of NV_PRAMIN and change into to something like this:
<array name="NV_PRAMIN" offset="0x00700000" stride="0x00100000"
length="1">
<array name="CTX_TABLE" offset="XXX" stride="0x4"
length="32">
<reg32 name="handle" offset="0x0" />
</array>
</array>Replace the XXX with the offset you just found out.
Reparse your log. You can also ignore all 8 bit memory operations and all reads, as they will not be useful and you will get a considerably smaller log. Those are easy to grep out from the raw mmio-trace log, but remember to preserve all PCIDEV and MAP lines. Also, we are interested only in NV_PRAMIN events. You can actually use the PGRAPH context table addresse as the starting address. I used this to filter the addresses:
awk '/W 4 / { adr=strtonum($5); if (adr >= 0xfb73ce40 && adr < 0xfb800000) print; }' raw-no8wronly > raw-myraminAfterwards you have to re-add PCIDEV and MAP lines. Adjust the physical addresses properly before running that.
Next you should notice first a zero-out of the PGRAPH context table and later non-zero writes into it. Again, take these non-zero handles, left-shift by 4, and you have the starting offset of a PGRAPH context! Now you just need to know how long they are.
For me, there were three PGRAPH contexts, plus the one created for glxgears. Take the minimum of the differences of these offsets as your first guess. Lets add stuff into nvregisters.xml again:
<array name="NV_PRAMIN" offset="0x00700000" stride="0x00100000"
length="1">
<array name="CTX_TABLE" offset="0x3ce40" stride="0x4"
length="32">
<reg32 name="handle" offset="0x0" />
</array>
<array name="GRCTX30" offset="0x3cf60" stride="14116" length="1"/>
<array name="GRCTX0" offset="0x40720" stride="14116" length="1"/>
<array name="GRCTX1" offset="0x44390" stride="14116" length="1"/>
<array name="GRCTX2" offset="0x47bc0" stride="14116" length="1"/>
</array>This is how the addresses were for me. The GRCTX# names were chosen based on which PGRAPH context table entry the handle was written into.
Reparse your log again. Now you should easily find where the blob zeros out the PGRAPH context area. Look for a big zero-writing block starting at NV_PRAMIN.GRCTX0 for instance. The size of this block should be the size of PGRAPH context, so go fix nvregisters.xml and reparse.
Now you can start to figure out what values actually write into the context in your init routines.