On Thu, 2013-01-03 at 19:13 -0500, Kevin O'Connor wrote: > On Thu, Jan 03, 2013 at 02:31:43PM -0700, Alex Williamson wrote: > > Hi, > > > > I was playing a bit with vfio-based PCI device assignment of VGA in qemu > > and I seem to be hitting a wall just trying to jump into the VGA BIOS. > > I'm booting qemu with -vga none and assigning a radeon hd5450 via > > vfio-pci with some extra code to handle passing legacy accesses through > > to the host. Legacy access hardly seems to matter though as the > > experiment quickly dies when the vcpu starts executing zero'd memory. > > gdb shows me something like this: > > > [...] > > 0x000fbd20: 66 ea 26 bd 28 00 ljmpw $0x28,$0xbd26 > > 0x0000bd26: 00 00 add %al,(%eax) > > Everything looks okay except for here. I'd guess it's likely just a > reporting issue. The code being run is actually at 0xfbd26 - as part > of jumping into real-mode, the code has a segment offset (0xf0000) > that must be added in. > > > Trying to follow the code into __callrom(), I'm really confused how the > > option rom init vector is actually used since callrom() passes the > > option rom header offset to the init vector rather than anything > > actually resembling the value of the init vector. I really don't know > > x86 though, so maybe I'm missing something. > > The option rom should actually have code (eg, a jmp instruction) at > offset 3 of the option rom. So, the goal really is to jump to the 3rd > byte of the option rom to execute it.
Yes! (gdb) x/i 0xc0003 0xc0003: jmp 0xc0229 (gdb) x/10i 0xc0229 0xc0229: push %ax 0xc022b: push %cx 0xc022d: push %dx 0xc022f: push %bx 0xc0231: push %bp 0xc0233: push %si 0xc0235: push %di 0xc0237: push %cs 0xc0238: pop %ds 0xc0239: mov %eax,0xe8c01c2 Thanks for filling in that piece of the puzzle for me. If the above is just a reporting problem, how do I fix it so I can actually step through the rom? Thanks, Alex _______________________________________________ SeaBIOS mailing list [email protected] http://www.seabios.org/mailman/listinfo/seabios
