[SeaBIOS] vga bios woes

[Alex Williamson]

On Thu, 2013-01-03 at 19:13 -0500, Kevin O'Connor wrote:
> On Thu, Jan 03, 2013 at 02:31:43PM -0700, Alex Williamson wrote:
> > Hi,
> > 
> > I was playing a bit with vfio-based PCI device assignment of VGA in qemu
> > and I seem to be hitting a wall just trying to jump into the VGA BIOS.
> > I'm booting qemu with -vga none and assigning a radeon hd5450 via
> > vfio-pci with some extra code to handle passing legacy accesses through
> > to the host.  Legacy access hardly seems to matter though as the
> > experiment quickly dies when the vcpu starts executing zero'd memory.
> > gdb shows me something like this:
> > 
> [...]
> > 0x000fbd20:	66 ea 26 bd 28 00	ljmpw  $0x28,$0xbd26
> > 0x0000bd26:	00 00	add    %al,(%eax)
> 
> Everything looks okay except for here.  I'd guess it's likely just a
> reporting issue.  The code being run is actually at 0xfbd26 - as part
> of jumping into real-mode, the code has a segment offset (0xf0000)
> that must be added in.
> 
> > Trying to follow the code into __callrom(), I'm really confused how the
> > option rom init vector is actually used since callrom() passes the
> > option rom header offset to the init vector rather than anything
> > actually resembling the value of the init vector.  I really don't know
> > x86 though, so maybe I'm missing something.
> 
> The option rom should actually have code (eg, a jmp instruction) at
> offset 3 of the option rom.  So, the goal really is to jump to the 3rd
> byte of the option rom to execute it.

Yes!

(gdb) x/i 0xc0003
   0xc0003:	jmp    0xc0229

(gdb) x/10i 0xc0229
   0xc0229:	push   %ax
   0xc022b:	push   %cx
   0xc022d:	push   %dx
   0xc022f:	push   %bx
   0xc0231:	push   %bp
   0xc0233:	push   %si
   0xc0235:	push   %di
   0xc0237:	push   %cs
   0xc0238:	pop    %ds
   0xc0239:	mov    %eax,0xe8c01c2

Thanks for filling in that piece of the puzzle for me.  If the above is
just a reporting problem, how do I fix it so I can actually step through
the rom?  Thanks,

Alex