[SeaBIOS] vga bios woes

Alex Williamson alex.williamson at redhat.com
Fri Jan 4 18:29:48 CET 2013 

On Thu, 2013-01-03 at 20:49 -0700, Alex Williamson wrote:
> On Thu, 2013-01-03 at 20:57 -0500, Kevin O'Connor wrote:
> > On Thu, Jan 03, 2013 at 06:41:35PM -0700, Alex Williamson wrote:
> > > Thanks for filling in that piece of the puzzle for me.  If the above is
> > > just a reporting problem, how do I fix it so I can actually step through
> > > the rom?  Thanks,
> > 
> > One other note - I think Darmawan may have been doing something
> > similar with PCI rom debugging - you may wish to reach out to him.
> 
> Thanks for the connection.  For now the link Daniel provided has given
> me enough to make progress.  It looks like this is a case where the VGA
> bios manages to get the physical address of the device through a legacy
> VGA register (0x3c3) and shoots itself by using that rather than the
> emulated address found through config space.  I can kludge the offset
> and get the VGA option rom to finish, but something is still wrong since
> it doesn't trigger the monitor to sync.  Still digging.  Thanks for the
> help,

I enabled unassigned memory debugging in qemu and get some peculiar
output during the vga bios execution.  Given this state:

---------------------------[ STACK ]---
6E02 4942 B5D4 B5E5 6DAE 6DB2 0000 0000 
B56A B572 6DBA 0000 6E0A 6DA6 8001 0000 
---------------------------[ DS:SI ]---
C0000000: 55 AA 75 E9 21 02 00 00 00 00 00 00 00 00 00 00  U.u.!...........
C0000010: 00 00 00 00 00 00 00 00 D4 01 00 00 00 00 49 42  ..............IB
C0000020: 4D 25 00 00 00 00 00 00 00 00 00 00 00 00 00 04  M%..............
C0000030: 20 37 36 31 32 39 35 35 32 30 00 00 00 00 00 00  .761295520......
---------------------------[ ES:DI ]---
00006E0A: 1A 6E 00 00 00 20 28 03 E8 FD 00 00 E8 FD 00 00  .n....(.........
00006E1A: 00 00 A4 0D 10 00 00 00 10 00 00 00 6E 02 28 17  ............n.(.
00006E2A: 00 00 90 D1 00 00 00 00 00 00 00 00 00 00 FF FF  ................
00006E3A: 00 00 FF FF 00 00 00 00 00 00 10 00 00 00 00 F0  ................
----------------------------[ CPU ]----
AX: 6DBA BX: B5E5 CX: 0000 DX: 0001
SI: 0000 DI: 6E0A SP: 6DA2 BP: 6E02
CS: C000 DS: C000 ES: 0000 SS: 0000

IP: 460E EIP:0000460E
CS:IP: C000:460E (0xC460E)
SS:SP: 0000:6DA2 (0x06DA2)
SS:BP: 0000:6E02 (0x06E02)
OF <0>  DF <0>  IF <1>  TF <0>  SF <1>  ZF <0>  AF <1>  PF <1>  CF <1>
ID <0>  VIP <0> VIF <0> AC <0>  VM <0>  RF <0>  NT <0>  IOPL <0>
---------------------------[ CODE ]----
   0xc460e:	mov    bp,sp
   0xc4610:	push   bx
   0xc4611:	push   cx
   0xc4612:	push   dx
   0xc4613:	push   di
   0xc4614:	push   ax
   0xc4615:	mov    bx,ax
   0xc4617:	mov    cx,ss
   0xc4619:	mov    es,cx
   0xc461b:	mov    si,WORD PTR es:[bx+0x2]

How does that mov generate this:

Unassigned mem read 00000000b5e5b5d4

Real-mode tcg bug?  Here's the next state:

---------------------------[ STACK ]---
6E02 4942 B5D4 B5E5 6DAE 6DB2 0000 0000 
B56A B572 6DBA 0000 6E0A 6DA6 8001 0000 
---------------------------[ DS:SI ]---
C0000000: 55 AA 75 E9 21 02 00 00 00 00 00 00 00 00 00 00  U.u.!...........
C0000010: 00 00 00 00 00 00 00 00 D4 01 00 00 00 00 49 42  ..............IB
C0000020: 4D 25 00 00 00 00 00 00 00 00 00 00 00 00 00 04  M%..............
C0000030: 20 37 36 31 32 39 35 35 32 30 00 00 00 00 00 00  .761295520......
---------------------------[ ES:DI ]---
00006E0A: 1A 6E 00 00 00 20 28 03 E8 FD 00 00 E8 FD 00 00  .n....(.........
00006E1A: 00 00 A4 0D 10 00 00 00 10 00 00 00 6E 02 28 17  ............n.(.
00006E2A: 00 00 90 D1 00 00 00 00 00 00 00 00 00 00 FF FF  ................
00006E3A: 00 00 FF FF 00 00 00 00 00 00 10 00 00 00 00 F0  ................
----------------------------[ CPU ]----
AX: 6DBA BX: B5E5 CX: 0000 DX: 0001
SI: 0000 DI: 6E0A SP: 6DA2 BP: 6DA2
CS: C000 DS: C000 ES: 0000 SS: 0000

IP: 4610 EIP:00004610
CS:IP: C000:4610 (0xC4610)
SS:SP: 0000:6DA2 (0x06DA2)
SS:BP: 0000:6DA2 (0x06DA2)
OF <0>  DF <0>  IF <1>  TF <0>  SF <1>  ZF <0>  AF <1>  PF <1>  CF <1>
ID <0>  VIP <0> VIF <0> AC <0>  VM <0>  RF <0>  NT <0>  IOPL <0>
---------------------------[ CODE ]----
   0xc4610:	push   bx
   0xc4611:	push   cx
   0xc4612:	push   dx
   0xc4613:	push   di
   0xc4614:	push   ax
   0xc4615:	mov    bx,ax
   0xc4617:	mov    cx,ss
   0xc4619:	mov    es,cx
   0xc461b:	mov    si,WORD PTR es:[bx+0x2]
   0xc461f:	mov    si,WORD PTR es:[si+0x2]

Here's another odd one, this state:

---------------------------[ STACK ]---
6E02 4942 B5D4 B5E7 6DAE 6DB2 0000 0000 
B56A B572 6DBA 0000 6E0A 6DA6 8001 0000 
---------------------------[ DS:SI ]---
C0000004: 21 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00  !...............
C0000014: 00 00 00 00 D4 01 00 00 00 00 49 42 4D 25 00 00  ..........IBM%..
C0000024: 00 00 00 00 00 00 00 00 00 00 00 04 20 37 36 31  .............761
C0000034: 32 39 35 35 32 30 00 00 00 00 00 00 19 02 00 00  295520..........
---------------------------[ ES:DI ]---
00006E0A: 1A 6E 00 00 00 20 28 03 E8 FD 00 00 E8 FD 00 00  .n....(.........
00006E1A: 00 00 A4 0D 10 00 00 00 10 00 00 00 6E 02 28 17  ............n.(.
00006E2A: 00 00 90 D1 00 00 00 00 00 00 00 00 00 00 FF FF  ................
00006E3A: 00 00 FF FF 00 00 00 00 00 00 10 00 00 00 00 F0  ................
----------------------------[ CPU ]----
AX: 0001 BX: B5E5 CX: 0000 DX: 0001
SI: 0004 DI: 6E0A SP: 6DA2 BP: 6DA2
CS: C000 DS: C000 ES: 0000 SS: 0000

IP: 4785 EIP:00004785
CS:IP: C000:4785 (0xC4785)
SS:SP: 0000:6DA2 (0x06DA2)
SS:BP: 0000:6DA2 (0x06DA2)
OF <0>  DF <0>  IF <1>  TF <0>  SF <0>  ZF <0>  AF <0>  PF <0>  CF <0>
ID <0>  VIP <0> VIF <0> AC <0>  VM <0>  RF <0>  NT <0>  IOPL <0>
---------------------------[ CODE ]----
   0xc4785:	pop    bp
   0xc4786:	ret    
   0xc4787:	push   bx
   0xc4788:	push   si
   0xc4789:	mov    bx,ax
   0xc478b:	mov    si,WORD PTR es:[bx+0x2]
   0xc478f:	mov    ax,si
   0xc4791:	mov    si,WORD PTR [si+0x48]
   0xc4794:	add    si,ax
   0xc4796:	mov    bx,ax

Generates:

Unassigned mem read 00000000f000c000

Next state:

---------------------------[ STACK ]---
4942 B5D4 B5E7 6DAE 6DB2 0000 0000 B56A 
B572 6DBA 0000 6E0A 6DA6 8001 0000 8001 
---------------------------[ DS:SI ]---
C0000004: 21 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00  !...............
C0000014: 00 00 00 00 D4 01 00 00 00 00 49 42 4D 25 00 00  ..........IBM%..
C0000024: 00 00 00 00 00 00 00 00 00 00 00 04 20 37 36 31  .............761
C0000034: 32 39 35 35 32 30 00 00 00 00 00 00 19 02 00 00  295520..........
---------------------------[ ES:DI ]---
00006E0A: 1A 6E 00 00 00 20 28 03 E8 FD 00 00 E8 FD 00 00  .n....(.........
00006E1A: 00 00 A4 0D 10 00 00 00 10 00 00 00 6E 02 28 17  ............n.(.
00006E2A: 00 00 90 D1 00 00 00 00 00 00 00 00 00 00 FF FF  ................
00006E3A: 00 00 FF FF 00 00 00 00 00 00 10 00 00 00 00 F0  ................
----------------------------[ CPU ]----
AX: 0001 BX: B5E5 CX: 0000 DX: 0001
SI: 0004 DI: 6E0A SP: 6DA4 BP: 6E02
CS: C000 DS: C000 ES: 0000 SS: 0000

IP: 4786 EIP:00004786
CS:IP: C000:4786 (0xC4786)
SS:SP: 0000:6DA4 (0x06DA4)
SS:BP: 0000:6E02 (0x06E02)
OF <0>  DF <0>  IF <1>  TF <0>  SF <0>  ZF <0>  AF <0>  PF <0>  CF <0>
ID <0>  VIP <0> VIF <0> AC <0>  VM <0>  RF <0>  NT <0>  IOPL <0>
---------------------------[ CODE ]----
   0xc4786:	ret    
   0xc4787:	push   bx
   0xc4788:	push   si
   0xc4789:	mov    bx,ax
   0xc478b:	mov    si,WORD PTR es:[bx+0x2]
   0xc478f:	mov    ax,si
   0xc4791:	mov    si,WORD PTR [si+0x48]
   0xc4794:	add    si,ax
   0xc4796:	mov    bx,ax
   0xc4798:	mov    si,WORD PTR [si+0x1e]


It looks like maybe these innocuous since the next state looks correct.
Again, thanks for any insight you might have into this,

Alex

More information about the SeaBIOS mailing list