[SeaBIOS] vga bios woes
Alex Williamson
alex.williamson at redhat.com
Thu Jan 3 22:31:43 CET 2013
Hi,
I was playing a bit with vfio-based PCI device assignment of VGA in qemu
and I seem to be hitting a wall just trying to jump into the VGA BIOS.
I'm booting qemu with -vga none and assigning a radeon hd5450 via
vfio-pci with some extra code to handle passing legacy accesses through
to the host. Legacy access hardly seems to matter though as the
experiment quickly dies when the vcpu starts executing zero'd memory.
gdb shows me something like this:
0x000f257c <__callrom+72>: 66 c7 44 24 16 ff ff movw $0xffff,0x16(%esp)
0x000f2583 <__callrom+79>: 66 c7 44 24 1a ff ff movw $0xffff,0x1a(%esp)
0x000f258a <__callrom+86>: 66 c7 44 24 08 00 f0 movw $0xf000,0x8(%esp)
0x000f2591 <__callrom+93>: b8 80 d1 0f 00 mov $0xfd180,%eax
0x000f2596 <__callrom+98>: 66 89 44 24 0a mov %ax,0xa(%esp)
0x000f259b <__callrom+103>: c1 e5 10 shl $0x10,%ebp
0x000f259e <__callrom+106>: 0f b7 d7 movzwl %di,%edx
0x000f25a1 <__callrom+109>: 09 ea or %ebp,%edx
0x000f25a3 <__callrom+111>: 89 54 24 26 mov %edx,0x26(%esp)
0x000f25a7 <__callrom+115>: 89 e0 mov %esp,%eax
0x000f25a9 <__callrom+117>: 3d 00 70 00 00 cmp $0x7000,%eax
0x000f25ae <__callrom+122>: 76 0a jbe 0xf25ba <__callrom+134>
0x000f25ba <__callrom+134>: 89 f0 mov %esi,%eax
0x000f25bc <__callrom+136>: bb 58 68 00 00 mov $0x6858,%ebx
0x000f25c1 <__callrom+141>: e8 31 98 00 00 call 0xfbdf7
0x000fbdf7: ba 01 be 00 00 mov $0xbe01,%edx
0x000fbdfc: e9 0e ff ff ff jmp 0xfbd0f
0x000fbd0f: 89 c1 mov %eax,%ecx
0x000fbd11: b8 30 00 00 00 mov $0x30,%eax
0x000fbd16: 8e d8 mov %eax,%ds
0x000fbd18: 8e c0 mov %eax,%es
0x000fbd1a: 8e d0 mov %eax,%ss
0x000fbd1c: 8e e0 mov %eax,%fs
0x000fbd1e: 8e e8 mov %eax,%gs
0x000fbd20: 66 ea 26 bd 28 00 ljmpw $0x28,$0xbd26
0x0000bd26: 00 00 add %al,(%eax)
(qemu) xp /16x 0x0000bd26
000000000000bd26: 0x00000000 0x00000000 0x00000000 0x00000000
000000000000bd36: 0x00000000 0x00000000 0x00000000 0x00000000
000000000000bd46: 0x00000000 0x00000000 0x00000000 0x00000000
000000000000bd56: 0x00000000 0x00000000 0x00000000 0x00000000
(qemu) xp /16x 0x000c0000
00000000000c0000: 0xe975aa55 0x00000221 0x00000000 0x00000000
00000000000c0010: 0x00000000 0x00000000 0x000001d4 0x42490000
00000000000c0020: 0x0000254d 0x00000000 0x00000000 0x04000000
00000000000c0030: 0x31363720 0x35353932 0x00003032 0x00000000
Trying to follow the code into __callrom(), I'm really confused how the
option rom init vector is actually used since callrom() passes the
option rom header offset to the init vector rather than anything
actually resembling the value of the init vector. I really don't know
x86 though, so maybe I'm missing something.
The option rom is loaded as a PCI expansion rom from the device, it
appears to be non-PnP. The seabios log shows this:
Scan for VGA option rom
Attempting to init PCI bdf 00:02.0 (vd 1002:68f9)
Attempting to map option rom on dev 00:02.0
Option rom sizing returned febe0000 fffe0000
Inspecting possible rom at 0xfebe0000 (vd=1002:68f9 bdf=00:02.0)
Copying option rom (size 59904) from 0xfebe0000 to 0x000c0000
handle_08
Checking rom 0x000c0000 (sig aa55 size 117)
Running option rom at c000:0003
<here we go into the weeds, I'll continue to see periodic handle_08 if I let it run>
Appreciate any hints to make this work. Thanks,
Alex
More information about the SeaBIOS
mailing list