Hi,
I am working on a hypervisor and running coreboot as guest. During a VMExit, I am seeing coreboot RIPs. Since coreboot is mix of 16-bit/32-bit code and because of relocations, I not able to find the listing of the code at specific address.
For example, address is: 0x7f37806
I want to attach the coreboot binary to GDB and then do list *0x7f37806
How can I do that?
Regards Himanshu
On Fri, Mar 19, 2021 at 09:33:43PM +0530, Himanshu Chauhan wrote:
Hi,
I am working on a hypervisor and running coreboot as guest. During a VMExit, I am seeing coreboot RIPs. Since coreboot is mix of 16-bit/32-bit code and because of relocations, I not able to find the listing of the code at specific address.
For example, address is: 0x7f37806
I want to attach the coreboot binary to GDB and then do list *0x7f37806
BTW, I can see the post code of 0xf8. Does this mean that coreboot is done booting and its trying to load SeaBIOS? I see a CPUID request of 0x40000000. I can't see such request anywhere in coreboot. But there is one in SeaBIOS, to detect if its running on KVM.
I see that the RIP changes from 0x7f37827 to 0xf289e
I am not sure where SeaBios jumps and if its the right address. My coreboot rom size is 512K
Regards Himanshu
Hello Himanshu,
On 19.03.21 17:12, Himanshu Chauhan wrote:
On Fri, Mar 19, 2021 at 09:33:43PM +0530, Himanshu Chauhan wrote:
Hi,
I am working on a hypervisor and running coreboot as guest. During a VMExit, I am seeing coreboot RIPs. Since coreboot is mix of 16-bit/32-bit code and because of relocations, I not able to find the listing of the code at specific address.
For example, address is: 0x7f37806
I want to attach the coreboot binary to GDB and then do list *0x7f37806
there is almost no 16-bit code in coreboot. I guess we can ignore it for this matter. What is most important for coreboot addresses is the stage that is running. On x86, bootblock and romstage run XIP (execute in-place) from the BIOS ROM which is mapped directly below the 4GiB line. ramstage is relocated at runtime into RAM, which I assume is the address you see. Somewhere in the console output of coreboot it should print the relocation offset. As this is decided at runtime, I don't know any better way to obtain it.
When you know the offset it's a matter of loading build/cbfs/fallback/ramstage.debug into GDB and telling it the offset (alas, I don't remember the command but I'm rather sure that it worked once).
BTW, I can see the post code of 0xf8. Does this mean that coreboot is done booting and its trying to load SeaBIOS? I see a CPUID request of 0x40000000. I can't see such request anywhere in coreboot. But there is one in SeaBIOS, to detect if its running on KVM.
I see that the RIP changes from 0x7f37827 to 0xf289e
Indeed this looks like a transition from ramstage to SeaBIOS. 0xf289e is in the legacy f-segment that is reserved for BIOS code.
Hope that helps, Nico
Hi Nico,
Thanks for your reply.
On Fri, Mar 19, 2021 at 07:03:59PM +0100, Nico Huber wrote:
Hello Himanshu,
On 19.03.21 17:12, Himanshu Chauhan wrote:
On Fri, Mar 19, 2021 at 09:33:43PM +0530, Himanshu Chauhan wrote:
Hi,
I am working on a hypervisor and running coreboot as guest. During a VMExit, I am seeing coreboot RIPs. Since coreboot is mix of 16-bit/32-bit code and because of relocations, I not able to find the listing of the code at specific address.
For example, address is: 0x7f37806
I want to attach the coreboot binary to GDB and then do list *0x7f37806
there is almost no 16-bit code in coreboot. I guess we can ignore it for this matter. What is most important for coreboot addresses is the stage that is running. On x86, bootblock and romstage run XIP (execute in-place) from the BIOS ROM which is mapped directly below the 4GiB line. ramstage is relocated at runtime into RAM, which I assume is the address you see. Somewhere in the console output of coreboot it should print the relocation offset. As this is decided at runtime, I don't know any better way to obtain it.
When you know the offset it's a matter of loading build/cbfs/fallback/ramstage.debug into GDB and telling it the offset (alas, I don't remember the command but I'm rather sure that it worked once).
BTW, I can see the post code of 0xf8. Does this mean that coreboot is done booting and its trying to load SeaBIOS? I see a CPUID request of 0x40000000. I can't see such request anywhere in coreboot. But there is one in SeaBIOS, to detect if its running on KVM.
I see that the RIP changes from 0x7f37827 to 0xf289e
Indeed this looks like a transition from ramstage to SeaBIOS. 0xf289e is in the legacy f-segment that is reserved for BIOS code.
Sure. This helps! Just one more question, How is SeaBIOS boot as payload of coreboot different than it booting directly?
Regards Himanshu
Hope that helps, Nico