On Thu, 2013-01-03 at 20:49 -0700, Alex Williamson wrote: > On Thu, 2013-01-03 at 20:57 -0500, Kevin O'Connor wrote: > > On Thu, Jan 03, 2013 at 06:41:35PM -0700, Alex Williamson wrote: > > > Thanks for filling in that piece of the puzzle for me. If the above is > > > just a reporting problem, how do I fix it so I can actually step through > > > the rom? Thanks, > > > > One other note - I think Darmawan may have been doing something > > similar with PCI rom debugging - you may wish to reach out to him. > > Thanks for the connection. For now the link Daniel provided has given > me enough to make progress. It looks like this is a case where the VGA > bios manages to get the physical address of the device through a legacy > VGA register (0x3c3) and shoots itself by using that rather than the > emulated address found through config space. I can kludge the offset > and get the VGA option rom to finish, but something is still wrong since > it doesn't trigger the monitor to sync. Still digging. Thanks for the > help,
I enabled unassigned memory debugging in qemu and get some peculiar output during the vga bios execution. Given this state: ---------------------------[ STACK ]--- 6E02 4942 B5D4 B5E5 6DAE 6DB2 0000 0000 B56A B572 6DBA 0000 6E0A 6DA6 8001 0000 ---------------------------[ DS:SI ]--- C0000000: 55 AA 75 E9 21 02 00 00 00 00 00 00 00 00 00 00 U.u.!........... C0000010: 00 00 00 00 00 00 00 00 D4 01 00 00 00 00 49 42 ..............IB C0000020: 4D 25 00 00 00 00 00 00 00 00 00 00 00 00 00 04 M%.............. C0000030: 20 37 36 31 32 39 35 35 32 30 00 00 00 00 00 00 .761295520...... ---------------------------[ ES:DI ]--- 00006E0A: 1A 6E 00 00 00 20 28 03 E8 FD 00 00 E8 FD 00 00 .n....(......... 00006E1A: 00 00 A4 0D 10 00 00 00 10 00 00 00 6E 02 28 17 ............n.(. 00006E2A: 00 00 90 D1 00 00 00 00 00 00 00 00 00 00 FF FF ................ 00006E3A: 00 00 FF FF 00 00 00 00 00 00 10 00 00 00 00 F0 ................ ----------------------------[ CPU ]---- AX: 6DBA BX: B5E5 CX: 0000 DX: 0001 SI: 0000 DI: 6E0A SP: 6DA2 BP: 6E02 CS: C000 DS: C000 ES: 0000 SS: 0000 IP: 460E EIP:0000460E CS:IP: C000:460E (0xC460E) SS:SP: 0000:6DA2 (0x06DA2) SS:BP: 0000:6E02 (0x06E02) OF <0> DF <0> IF <1> TF <0> SF <1> ZF <0> AF <1> PF <1> CF <1> ID <0> VIP <0> VIF <0> AC <0> VM <0> RF <0> NT <0> IOPL <0> ---------------------------[ CODE ]---- 0xc460e: mov bp,sp 0xc4610: push bx 0xc4611: push cx 0xc4612: push dx 0xc4613: push di 0xc4614: push ax 0xc4615: mov bx,ax 0xc4617: mov cx,ss 0xc4619: mov es,cx 0xc461b: mov si,WORD PTR es:[bx+0x2] How does that mov generate this: Unassigned mem read 00000000b5e5b5d4 Real-mode tcg bug? Here's the next state: ---------------------------[ STACK ]--- 6E02 4942 B5D4 B5E5 6DAE 6DB2 0000 0000 B56A B572 6DBA 0000 6E0A 6DA6 8001 0000 ---------------------------[ DS:SI ]--- C0000000: 55 AA 75 E9 21 02 00 00 00 00 00 00 00 00 00 00 U.u.!........... C0000010: 00 00 00 00 00 00 00 00 D4 01 00 00 00 00 49 42 ..............IB C0000020: 4D 25 00 00 00 00 00 00 00 00 00 00 00 00 00 04 M%.............. C0000030: 20 37 36 31 32 39 35 35 32 30 00 00 00 00 00 00 .761295520...... ---------------------------[ ES:DI ]--- 00006E0A: 1A 6E 00 00 00 20 28 03 E8 FD 00 00 E8 FD 00 00 .n....(......... 00006E1A: 00 00 A4 0D 10 00 00 00 10 00 00 00 6E 02 28 17 ............n.(. 00006E2A: 00 00 90 D1 00 00 00 00 00 00 00 00 00 00 FF FF ................ 00006E3A: 00 00 FF FF 00 00 00 00 00 00 10 00 00 00 00 F0 ................ ----------------------------[ CPU ]---- AX: 6DBA BX: B5E5 CX: 0000 DX: 0001 SI: 0000 DI: 6E0A SP: 6DA2 BP: 6DA2 CS: C000 DS: C000 ES: 0000 SS: 0000 IP: 4610 EIP:00004610 CS:IP: C000:4610 (0xC4610) SS:SP: 0000:6DA2 (0x06DA2) SS:BP: 0000:6DA2 (0x06DA2) OF <0> DF <0> IF <1> TF <0> SF <1> ZF <0> AF <1> PF <1> CF <1> ID <0> VIP <0> VIF <0> AC <0> VM <0> RF <0> NT <0> IOPL <0> ---------------------------[ CODE ]---- 0xc4610: push bx 0xc4611: push cx 0xc4612: push dx 0xc4613: push di 0xc4614: push ax 0xc4615: mov bx,ax 0xc4617: mov cx,ss 0xc4619: mov es,cx 0xc461b: mov si,WORD PTR es:[bx+0x2] 0xc461f: mov si,WORD PTR es:[si+0x2] Here's another odd one, this state: ---------------------------[ STACK ]--- 6E02 4942 B5D4 B5E7 6DAE 6DB2 0000 0000 B56A B572 6DBA 0000 6E0A 6DA6 8001 0000 ---------------------------[ DS:SI ]--- C0000004: 21 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 !............... C0000014: 00 00 00 00 D4 01 00 00 00 00 49 42 4D 25 00 00 ..........IBM%.. C0000024: 00 00 00 00 00 00 00 00 00 00 00 04 20 37 36 31 .............761 C0000034: 32 39 35 35 32 30 00 00 00 00 00 00 19 02 00 00 295520.......... ---------------------------[ ES:DI ]--- 00006E0A: 1A 6E 00 00 00 20 28 03 E8 FD 00 00 E8 FD 00 00 .n....(......... 00006E1A: 00 00 A4 0D 10 00 00 00 10 00 00 00 6E 02 28 17 ............n.(. 00006E2A: 00 00 90 D1 00 00 00 00 00 00 00 00 00 00 FF FF ................ 00006E3A: 00 00 FF FF 00 00 00 00 00 00 10 00 00 00 00 F0 ................ ----------------------------[ CPU ]---- AX: 0001 BX: B5E5 CX: 0000 DX: 0001 SI: 0004 DI: 6E0A SP: 6DA2 BP: 6DA2 CS: C000 DS: C000 ES: 0000 SS: 0000 IP: 4785 EIP:00004785 CS:IP: C000:4785 (0xC4785) SS:SP: 0000:6DA2 (0x06DA2) SS:BP: 0000:6DA2 (0x06DA2) OF <0> DF <0> IF <1> TF <0> SF <0> ZF <0> AF <0> PF <0> CF <0> ID <0> VIP <0> VIF <0> AC <0> VM <0> RF <0> NT <0> IOPL <0> ---------------------------[ CODE ]---- 0xc4785: pop bp 0xc4786: ret 0xc4787: push bx 0xc4788: push si 0xc4789: mov bx,ax 0xc478b: mov si,WORD PTR es:[bx+0x2] 0xc478f: mov ax,si 0xc4791: mov si,WORD PTR [si+0x48] 0xc4794: add si,ax 0xc4796: mov bx,ax Generates: Unassigned mem read 00000000f000c000 Next state: ---------------------------[ STACK ]--- 4942 B5D4 B5E7 6DAE 6DB2 0000 0000 B56A B572 6DBA 0000 6E0A 6DA6 8001 0000 8001 ---------------------------[ DS:SI ]--- C0000004: 21 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 !............... C0000014: 00 00 00 00 D4 01 00 00 00 00 49 42 4D 25 00 00 ..........IBM%.. C0000024: 00 00 00 00 00 00 00 00 00 00 00 04 20 37 36 31 .............761 C0000034: 32 39 35 35 32 30 00 00 00 00 00 00 19 02 00 00 295520.......... ---------------------------[ ES:DI ]--- 00006E0A: 1A 6E 00 00 00 20 28 03 E8 FD 00 00 E8 FD 00 00 .n....(......... 00006E1A: 00 00 A4 0D 10 00 00 00 10 00 00 00 6E 02 28 17 ............n.(. 00006E2A: 00 00 90 D1 00 00 00 00 00 00 00 00 00 00 FF FF ................ 00006E3A: 00 00 FF FF 00 00 00 00 00 00 10 00 00 00 00 F0 ................ ----------------------------[ CPU ]---- AX: 0001 BX: B5E5 CX: 0000 DX: 0001 SI: 0004 DI: 6E0A SP: 6DA4 BP: 6E02 CS: C000 DS: C000 ES: 0000 SS: 0000 IP: 4786 EIP:00004786 CS:IP: C000:4786 (0xC4786) SS:SP: 0000:6DA4 (0x06DA4) SS:BP: 0000:6E02 (0x06E02) OF <0> DF <0> IF <1> TF <0> SF <0> ZF <0> AF <0> PF <0> CF <0> ID <0> VIP <0> VIF <0> AC <0> VM <0> RF <0> NT <0> IOPL <0> ---------------------------[ CODE ]---- 0xc4786: ret 0xc4787: push bx 0xc4788: push si 0xc4789: mov bx,ax 0xc478b: mov si,WORD PTR es:[bx+0x2] 0xc478f: mov ax,si 0xc4791: mov si,WORD PTR [si+0x48] 0xc4794: add si,ax 0xc4796: mov bx,ax 0xc4798: mov si,WORD PTR [si+0x1e] It looks like maybe these innocuous since the next state looks correct. Again, thanks for any insight you might have into this, Alex _______________________________________________ SeaBIOS mailing list SeaBIOS@seabios.org http://www.seabios.org/mailman/listinfo/seabios