On 6/18/26 09:02, K S Maan wrote:
Tested-by: K S Maan<[email protected]>
Thanks, Shouldn't this series include a Resolves trailer for : https://gitlab.com/qemu-project/qemu/-/work_items/3093 What about : https://gitlab.com/qemu-project/qemu/-/work_items/3535 Should it be closed ? C.
On 6/17/26 3:36 PM, Tomita Moeko wrote:This series fixes the regression that on IGD passthrough with legacy BIOS boot and VBIOS, the screen is garbled during BIOS POST and GRUB (which uses standard VGA output routines), starting from QEMU 10.0. Though the kernel i915 driver still works, it reports an error about the initial GTT programmed by VBIOS is using invalid address. i915 0000:00:02.0: [drm] *ERROR* Initial plane programming using invalid range, dma_addr=0x00000000db200000 ((null) [0x00000000baf00000-0x00000000beefffff]) With the help of AI disassembling the VBIOS image dumped from host, it is found that the VBIOS itself implements a routine like: uint32_t get_BDSM() { static uint32_t saved = 0; if (saved != 0) { return saved; } return read_pci_config(BDSM_REG); } And the saved value is not cleared after initialization. Given that IGD devices don't have a real ROM BAR, the VBIOS image read by default from host is actually the VBIOS shadow RAM region, containing host-side modifications like the saved BDSM value above during POST. When the image is executed in guest, it still uses the saved host BDSM (HPA) instead of the value programmed by SeaBIOS in config space (GPA). This address mismatch leads to the garbled screen and i915 error. The previous solution, c4c45e943e51 ("vfio/pci: Intel graphics legacy mode assignment"), adjusts GTT entry addresses to (addr - host BDSM + guest BDSM) to workaround that. But it is removed in 5aed8b0f0be2 ("vfio/igd: Remove GTT write quirk in IO BAR 4") due to inconsistent values in MMIO BAR0 and IO BAR4. Considering it's unsafe to expose HPA to guest, a ROM quirk clearing the saved value in VBIOS image is introduced to fix the issue. During debugging, it is also found that IGD VBIOS ROM doesn't always match the actual IGD device ID, due to the fact that IGD of the same CPU family has multiple device IDs but shares the same ROM image. However, SeaBIOS checks the device ID strictly and refuses to run if IDs does not match. Currently only the default path, reading ROM from kernel patches the device ID, but the romfile path doesn't. So the ROM ID patching logic is also refactored in this patch series to also handle the romfile path. These changes are tested on Haswell platform with legacy BIOS boot, by K S Maan. Thanks to K S Maan for continuous help on locating and testing the issue! Resolves:https://gitlab.com/qemu-project/qemu/-/work_items/3093 Reported-by: K S Maan<[email protected]> Changelog: v3: * Refactor ROM checksum calculation and patching logic as Alex's comment * Fix boundary checks as comments in v2. Link:https://lore.kernel.org/all/[email protected]/t v2: * New patch 2/7 to fix regression with EFI option ROMs * Refine logic in ROM ID and checksum patching * Reorder patch 4 and 5 for cleaner bisection * Address comments from v1 Link:https://lore.kernel.org/all/[email protected]/t Tomita Moeko (7): hw/pci: Recalculate option ROM checksum before patching ID hw/pci: Skip EFI option ROM in pci_patch_ids() hw/pci: Introduce rom_need_patch_id flag in PCIDevice hw/pci: Promote pci_patch_ids() to public pci_rom_patch_ids() vfio/igd: Toggle rom_need_patch_id flag on IGD devices vfio/pci: Use pci_rom_patch_ids() for IGD ROM ID patching vfio/igd: Clear saved BDSM in legacy VBIOS ROM at load time hw/pci/pci.c | 57 ++++++++++------ hw/vfio/igd-stubs.c | 5 ++ hw/vfio/igd.c | 132 ++++++++++++++++++++++++++++++++++-- hw/vfio/pci-quirks.c | 5 ++ hw/vfio/pci.c | 33 ++------- hw/vfio/pci.h | 3 + hw/vfio/trace-events | 1 + include/hw/pci/pci.h | 3 + include/hw/pci/pci_device.h | 1 + 9 files changed, 186 insertions(+), 54 deletions(-)
