LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH] x86-boot: don't request VBE2 information
@ 2008-03-06  9:56 Peter Korsgaard
  2008-03-06 10:24 ` Ingo Molnar
  2008-03-06 15:16 ` H. Peter Anvin
  0 siblings, 2 replies; 4+ messages in thread
From: Peter Korsgaard @ 2008-03-06  9:56 UTC (permalink / raw)
  To: hpa, linux-kernel; +Cc: Peter Korsgaard

The new x86 setup code (4fd06960f120) broke booting on an old P3/500MHz
with an onboard Voodoo3 of mine. After debugging it, it turned out
to be caused by the fact that the vesa probing now asks for VBE2 data.

Disassembing the video BIOS shows that it overflows the vesa_general_info
structure when VBE2 data is requested because the source addresses for the
information strings which get strcpy'ed to the buffer lie outside the 32K
BIOS code (and hence contain long sequences of 0xff's).

E.G.:

get_vbe_controller_info:
00002A9C  60                pushaw
00002A9D  1E                push ds
00002A9E  0E                push cs
00002A9F  1F                pop ds
00002AA0  2BC9              sub cx,cx
00002AA2  6626813D56424532  cmp dword [es:di],0x32454256 ; "VBE2"
00002AAA  7501              jnz .1
00002AAC  41                inc cx
.1:
00002AAD  51                push cx
00002AAE  B91400            mov cx,0x14
00002AB1  BED47F            mov si, controller_header
00002AB4  57                push di
00002AB5  F3A4              rep movsb ; copy vbe1.2 header

00002AB7  B9EC00            mov cx,0xec
00002ABA  2AC0              sub al,al
00002ABC  F3AA              rep stosb ; zero pad remainder

00002ABE  5F                pop di
00002ABF  E8EB0D            call word get_memory
00002AC2  C1E002            shl ax,0x2
00002AC5  26894512          mov [es:di+0x12],ax ; total memory
00002AC9  26C745040003      mov word [es:di+0x4],0x300 ; VBE version
00002ACF  268C4D08          mov [es:di+0x8],cs
00002AD3  268C4D10          mov [es:di+0x10],cs
00002AD7  59                pop cx
00002AD8  E361              jcxz .done ; VBE2 requested?
00002ADA  8D9D0001          lea bx,[di+0x100]
00002ADE  53                push bx
00002ADF  87DF              xchg bx,di ; di now points to 2nd half
00002AE1  26C747140001      mov word [es:bx+0x14],0x100 ; sw rev

00002AE7  26897F06          mov [es:bx+0x6],di		; oem string
00002AEB  268C4708          mov [es:bx+0x8],es
00002AEF  BE5280            mov si,0x8052 ; oem string
00002AF2  E87A1B            call word strcpy

00002AF5  26897F0E          mov [es:bx+0xe],di ; video mode list
00002AF9  268C4710          mov [es:bx+0x10],es
00002AFD  B91E00            mov cx,0x1e
00002B00  BEE87F            mov si,vidmodes
00002B03  F3A5              rep movsw

00002B05  26897F16          mov [es:bx+0x16],di ; oem vendor
00002B09  268C4718          mov [es:bx+0x18],es
00002B0D  BE2480            mov si,0x8024 ; oem vendor
00002B10  E85C1B            call word strcpy

00002B13  26897F1A          mov [es:bx+0x1a],di ; oem product
00002B17  268C471C          mov [es:bx+0x1c],es
00002B1B  BE3880            mov si,0x8038 ; oem product
00002B1E  E84E1B            call word strcpy

00002B21  26897F1E          mov [es:bx+0x1e],di ; oem product rev
00002B25  268C4720          mov [es:bx+0x20],es
00002B29  BE4580            mov si,0x8045 ; oem product rev
00002B2C  E8401B            call word strcpy

00002B2F  58                pop ax
00002B30  B90001            mov cx,0x100
00002B33  2BCF              sub cx,di
00002B35  03C8              add cx,ax
00002B37  2AC0              sub al,al
00002B39  F3AA              rep stosb ; zero pad
.done:
00002B3B  1F                pop ds
00002B3C  61                popaw
00002B3D  B84F00            mov ax,0x4f
00002B40  C3                ret

(The full BIOS can be found at http://peter.korsgaard.com/vgabios.bin
if interested).

The old setup code didn't ask for VBE2 info, and the new code doesn't
actually do anything with the extra information, so the fix is to simply
not request it. Other BIOS'es might have the same problem.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
---
 arch/x86/boot/vesa.h       |    9 +--------
 arch/x86/boot/video-vesa.c |    2 --
 2 files changed, 1 insertions(+), 10 deletions(-)

diff --git a/arch/x86/boot/vesa.h b/arch/x86/boot/vesa.h
index ff5b73c..468e444 100644
--- a/arch/x86/boot/vesa.h
+++ b/arch/x86/boot/vesa.h
@@ -26,17 +26,10 @@ struct vesa_general_info {
 	far_ptr video_mode_ptr;	/* 14 */
 	u16 total_memory;	/* 18 */
 
-	u16 oem_software_rev;	/* 20 */
-	far_ptr oem_vendor_name_ptr;	/* 22 */
-	far_ptr oem_product_name_ptr;	/* 26 */
-	far_ptr oem_product_rev_ptr;	/* 30 */
-
-	u8 reserved[222];	/* 34 */
-	u8 oem_data[256];	/* 256 */
+	u8 reserved[236];	/* 20 */
 } __attribute__ ((packed));
 
 #define VESA_MAGIC ('V' + ('E' << 8) + ('S' << 16) + ('A' << 24))
-#define VBE2_MAGIC ('V' + ('B' << 8) + ('E' << 16) + ('2' << 24))
 
 struct vesa_mode_info {
 	u16 mode_attr;		/* 0 */
diff --git a/arch/x86/boot/video-vesa.c b/arch/x86/boot/video-vesa.c
index 662dd2f..419b5c2 100644
--- a/arch/x86/boot/video-vesa.c
+++ b/arch/x86/boot/video-vesa.c
@@ -37,8 +37,6 @@ static int vesa_probe(void)
 
 	video_vesa.modes = GET_HEAP(struct mode_info, 0);
 
-	vginfo.signature = VBE2_MAGIC;
-
 	ax = 0x4f00;
 	di = (size_t)&vginfo;
 	asm(INT10
-- 
1.5.4.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] x86-boot: don't request VBE2 information
  2008-03-06  9:56 [PATCH] x86-boot: don't request VBE2 information Peter Korsgaard
@ 2008-03-06 10:24 ` Ingo Molnar
  2008-03-06 15:16 ` H. Peter Anvin
  1 sibling, 0 replies; 4+ messages in thread
From: Ingo Molnar @ 2008-03-06 10:24 UTC (permalink / raw)
  To: Peter Korsgaard; +Cc: hpa, linux-kernel, Thomas Gleixner


* Peter Korsgaard <jacmet@sunsite.dk> wrote:

> The new x86 setup code (4fd06960f120) broke booting on an old 
> P3/500MHz with an onboard Voodoo3 of mine. After debugging it, it 
> turned out to be caused by the fact that the vesa probing now asks for 
> VBE2 data.
> 
> Disassembing the video BIOS shows that it overflows the 
> vesa_general_info structure when VBE2 data is requested because the 
> source addresses for the information strings which get strcpy'ed to 
> the buffer lie outside the 32K BIOS code (and hence contain long 
> sequences of 0xff's).
> 
> E.G.:
> 
> get_vbe_controller_info:
> 00002A9C  60                pushaw
> 00002A9D  1E                push ds
> 00002A9E  0E                push cs
> 00002A9F  1F                pop ds
> 00002AA0  2BC9              sub cx,cx
> 00002AA2  6626813D56424532  cmp dword [es:di],0x32454256 ; "VBE2"
> 00002AAA  7501              jnz .1
> 00002AAC  41                inc cx
> .1:
> 00002AAD  51                push cx
> 00002AAE  B91400            mov cx,0x14
> 00002AB1  BED47F            mov si, controller_header
> 00002AB4  57                push di
> 00002AB5  F3A4              rep movsb ; copy vbe1.2 header
> 
> 00002AB7  B9EC00            mov cx,0xec
> 00002ABA  2AC0              sub al,al
> 00002ABC  F3AA              rep stosb ; zero pad remainder
> 
> 00002ABE  5F                pop di
> 00002ABF  E8EB0D            call word get_memory
> 00002AC2  C1E002            shl ax,0x2
> 00002AC5  26894512          mov [es:di+0x12],ax ; total memory
> 00002AC9  26C745040003      mov word [es:di+0x4],0x300 ; VBE version
> 00002ACF  268C4D08          mov [es:di+0x8],cs
> 00002AD3  268C4D10          mov [es:di+0x10],cs
> 00002AD7  59                pop cx
> 00002AD8  E361              jcxz .done ; VBE2 requested?
> 00002ADA  8D9D0001          lea bx,[di+0x100]
> 00002ADE  53                push bx
> 00002ADF  87DF              xchg bx,di ; di now points to 2nd half
> 00002AE1  26C747140001      mov word [es:bx+0x14],0x100 ; sw rev
> 
> 00002AE7  26897F06          mov [es:bx+0x6],di		; oem string
> 00002AEB  268C4708          mov [es:bx+0x8],es
> 00002AEF  BE5280            mov si,0x8052 ; oem string
> 00002AF2  E87A1B            call word strcpy
> 
> 00002AF5  26897F0E          mov [es:bx+0xe],di ; video mode list
> 00002AF9  268C4710          mov [es:bx+0x10],es
> 00002AFD  B91E00            mov cx,0x1e
> 00002B00  BEE87F            mov si,vidmodes
> 00002B03  F3A5              rep movsw
> 
> 00002B05  26897F16          mov [es:bx+0x16],di ; oem vendor
> 00002B09  268C4718          mov [es:bx+0x18],es
> 00002B0D  BE2480            mov si,0x8024 ; oem vendor
> 00002B10  E85C1B            call word strcpy
> 
> 00002B13  26897F1A          mov [es:bx+0x1a],di ; oem product
> 00002B17  268C471C          mov [es:bx+0x1c],es
> 00002B1B  BE3880            mov si,0x8038 ; oem product
> 00002B1E  E84E1B            call word strcpy
> 
> 00002B21  26897F1E          mov [es:bx+0x1e],di ; oem product rev
> 00002B25  268C4720          mov [es:bx+0x20],es
> 00002B29  BE4580            mov si,0x8045 ; oem product rev
> 00002B2C  E8401B            call word strcpy
> 
> 00002B2F  58                pop ax
> 00002B30  B90001            mov cx,0x100
> 00002B33  2BCF              sub cx,di
> 00002B35  03C8              add cx,ax
> 00002B37  2AC0              sub al,al
> 00002B39  F3AA              rep stosb ; zero pad
> .done:
> 00002B3B  1F                pop ds
> 00002B3C  61                popaw
> 00002B3D  B84F00            mov ax,0x4f
> 00002B40  C3                ret
> 
> (The full BIOS can be found at http://peter.korsgaard.com/vgabios.bin
> if interested).
> 
> The old setup code didn't ask for VBE2 info, and the new code doesn't 
> actually do anything with the extra information, so the fix is to 
> simply not request it. Other BIOS'es might have the same problem.

thanks Peter, very nice debugging! I've applied your fix.

	Ingo

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] x86-boot: don't request VBE2 information
  2008-03-06  9:56 [PATCH] x86-boot: don't request VBE2 information Peter Korsgaard
  2008-03-06 10:24 ` Ingo Molnar
@ 2008-03-06 15:16 ` H. Peter Anvin
  2008-03-06 16:16   ` Peter Korsgaard
  1 sibling, 1 reply; 4+ messages in thread
From: H. Peter Anvin @ 2008-03-06 15:16 UTC (permalink / raw)
  To: Peter Korsgaard; +Cc: linux-kernel

Peter Korsgaard wrote:
> The new x86 setup code (4fd06960f120) broke booting on an old P3/500MHz
> with an onboard Voodoo3 of mine. After debugging it, it turned out
> to be caused by the fact that the vesa probing now asks for VBE2 data.
> 
> Disassembing the video BIOS shows that it overflows the vesa_general_info
> structure when VBE2 data is requested because the source addresses for the
> information strings which get strcpy'ed to the buffer lie outside the 32K
> BIOS code (and hence contain long sequences of 0xff's).
> 

I'm slightly concerned about this, because we *do* use VBE2 data - just 
not the stuff that this particular BIOS seems to key on (and break.)

On the other hand, until we get an example on something that breaks with 
the change, we might as well try it, since we have an example on 
something that breaks with it.  We should monitor carefully, though.

	-hpa

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] x86-boot: don't request VBE2 information
  2008-03-06 15:16 ` H. Peter Anvin
@ 2008-03-06 16:16   ` Peter Korsgaard
  0 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2008-03-06 16:16 UTC (permalink / raw)
  To: H. Peter Anvin; +Cc: linux-kernel

>>>>> "H" == H Peter Anvin <hpa@zytor.com> writes:

 >> Disassembing the video BIOS shows that it overflows the vesa_general_info
 >> structure when VBE2 data is requested because the source addresses for the
 >> information strings which get strcpy'ed to the buffer lie outside the 32K
 >> BIOS code (and hence contain long sequences of 0xff's).
 >> 

 H> I'm slightly concerned about this, because we *do* use VBE2 data -
 H> just not the stuff that this particular BIOS seems to key on (and
 H> break.)

Well, we use the version info to know if we can request EDID data, but
otherwise I don't see any VBE2 stuff in vesa_general_info used.

A VBE2+ compatible BIOS should still put the correct version number in
the VBE info block even if you don't request VBE2 data (E.G. the
version gets set to 3.0 independently of VBE2 or not in the disasm I
sent).

 H> On the other hand, until we get an example on something that breaks
 H> with the change, we might as well try it, since we have an example on
 H> something that breaks with it.  We should monitor carefully, though.

Great. This was how the old asm version used to do it as well.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2008-03-06 16:17 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-03-06  9:56 [PATCH] x86-boot: don't request VBE2 information Peter Korsgaard
2008-03-06 10:24 ` Ingo Molnar
2008-03-06 15:16 ` H. Peter Anvin
2008-03-06 16:16   ` Peter Korsgaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).