audk/OvmfPkg/QemuVideoDxe/VbeShim.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

329 lines
10 KiB
C
Raw Normal View History

OvmfPkg: QemuVideoDxe: Int10h stub for Windows 7 & 2008 (stdvga, QXL) The Windows 2008 R2 SP1 (and Windows 7) UEFI guest's default video driver dereferences the real mode Int10h vector, loads the pointed-to handler code, and executes what it thinks to be VGA BIOS services in an internal real-mode emulator. Consequently, video mode switching doesn't work in Windows 2008 R2 SP1 when it runs on the pure UEFI build of OVMF, making the guest uninstallable. This patch adds a VGABIOS "shim" to QemuVideoDxe. For the first stdvga or QXL card bound, an extremely stripped down VGABIOS imitation is installed in the C segment. It provides a real implementation for the few services that are in fact necessary for the win2k8r2sp1 UEFI guest, plus some fakes that the guest invokes but whose effect is not important. The C segment is not present in the UEFI memory map prepared by OVMF. We never add memory space that would cover it (either in PEI, in the form of memory resource descriptor HOBs, or in DXE, via gDS->AddMemorySpace()). This way the handler body is invisible to all non-buggy UEFI guests, and the rest of edk2. The Int10h real-mode IVT entry is covered with a Boot Services Code page, making that too unaccessible to the rest of edk2. (Thus UEFI guest OSes different from the Windows 2008 family can reclaim the page. The Windows 2008 family accesses the page at zero regardless of the allocation type.) The patch is the result of collaboration: Initial proof of concept IVT entry installation and handler skeleton (in NASM) by Jordan Justen. Service tracing and implementation, data collection/analysis, and C coding by yours truly. Last minute changes by Gerd Hoffmann: - Use OEM mode number (0xf1) instead of standard 800x600 mode (0x143). The resolution of the OEM mode (0xf1) is not standardized; the guest can't expect anything from it in advance. - Use 1024x768 rather than 800x600 for more convenience in the Windows 2008 R2 SP1 guest during OS installation, and after normal boot until the QXL XDDM guest driver is installed. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15540 6f19259b-4bc3-4df7-8a09-765794883524
2014-05-20 18:33:00 +02:00
/** @file
Install a fake VGABIOS service handler (real mode Int10h) for the buggy
Windows 2008 R2 SP1 UEFI guest.
The handler is never meant to be directly executed by a VCPU; it's there for
the internal real mode emulator of Windows 2008 R2 SP1.
The code is based on Ralf Brown's Interrupt List:
<http://www.cs.cmu.edu/~ralf/files.html>
<http://www.ctyme.com/rbrown.htm>
Copyright (C) 2014, Red Hat, Inc.
Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
OvmfPkg: QemuVideoDxe: Int10h stub for Windows 7 & 2008 (stdvga, QXL) The Windows 2008 R2 SP1 (and Windows 7) UEFI guest's default video driver dereferences the real mode Int10h vector, loads the pointed-to handler code, and executes what it thinks to be VGA BIOS services in an internal real-mode emulator. Consequently, video mode switching doesn't work in Windows 2008 R2 SP1 when it runs on the pure UEFI build of OVMF, making the guest uninstallable. This patch adds a VGABIOS "shim" to QemuVideoDxe. For the first stdvga or QXL card bound, an extremely stripped down VGABIOS imitation is installed in the C segment. It provides a real implementation for the few services that are in fact necessary for the win2k8r2sp1 UEFI guest, plus some fakes that the guest invokes but whose effect is not important. The C segment is not present in the UEFI memory map prepared by OVMF. We never add memory space that would cover it (either in PEI, in the form of memory resource descriptor HOBs, or in DXE, via gDS->AddMemorySpace()). This way the handler body is invisible to all non-buggy UEFI guests, and the rest of edk2. The Int10h real-mode IVT entry is covered with a Boot Services Code page, making that too unaccessible to the rest of edk2. (Thus UEFI guest OSes different from the Windows 2008 family can reclaim the page. The Windows 2008 family accesses the page at zero regardless of the allocation type.) The patch is the result of collaboration: Initial proof of concept IVT entry installation and handler skeleton (in NASM) by Jordan Justen. Service tracing and implementation, data collection/analysis, and C coding by yours truly. Last minute changes by Gerd Hoffmann: - Use OEM mode number (0xf1) instead of standard 800x600 mode (0x143). The resolution of the OEM mode (0xf1) is not standardized; the guest can't expect anything from it in advance. - Use 1024x768 rather than 800x600 for more convenience in the Windows 2008 R2 SP1 guest during OS installation, and after normal boot until the QXL XDDM guest driver is installed. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15540 6f19259b-4bc3-4df7-8a09-765794883524
2014-05-20 18:33:00 +02:00
**/
#include <IndustryStandard/LegacyVgaBios.h>
#include <Library/DebugLib.h>
#include <Library/PciLib.h>
#include <Library/PrintLib.h>
OvmfPkg/QemuVideoDxe/VbeShim: handle PAM1 register on Q35 correctly In commit db27e9f3d8f0 ("OvmfPkg/LegacyRegion: Support legacy region manipulation of Q35", 2016-03-15), Ray extended the OvmfPkg/Csm/CsmSupportLib PAM register manipulation to Q35. However, we missed that the same should be done to the QemuVideoDxe VBE Shim as well. The omission has caused no problems in practice on Q35, because QEMU has let us write to the ROM area, regardless of the PAM1 setting, all this time. This has now changed with recent QEMU commit 208fa0e43645 ("pc: make 'pc.rom' readonly when machine has PCI enabled", 2017-07-28). The QEMU commit exposes the OVMF bug when Windows 7 is started on Q35, using QEMU 2.10 -- the VBE Shim is no longer put in place and Windows 7 cannot find it. To remedy this, assign the "Pam1Address" local variable a PciLib address that matches the board type (i440fx vs. q35). Regarding the PcdLib dependency: QemuVideoDxe already uses PcdLib, both directly (see "PcdDriverSupportedEfiVersion") and indirectly (e.g. via the DxePciLibI440FxQ35 PciLib instance). Add PcdLib to [LibraryClasses] for completeness. Cc: Aleksei Kovura <alex3kov@zoho.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Igor Mammedov <imammedo@redhat.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Ref: https://bugs.launchpad.net/qemu/+bug/1715700 Reported-by: Aleksei Kovura <alex3kov@zoho.com> Special-thanks-to: Gerd Hoffmann <kraxel@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Aleksei Kovura <alex3kov@zoho.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
2017-09-19 17:05:08 +02:00
#include <OvmfPlatforms.h>
OvmfPkg: QemuVideoDxe: Int10h stub for Windows 7 & 2008 (stdvga, QXL) The Windows 2008 R2 SP1 (and Windows 7) UEFI guest's default video driver dereferences the real mode Int10h vector, loads the pointed-to handler code, and executes what it thinks to be VGA BIOS services in an internal real-mode emulator. Consequently, video mode switching doesn't work in Windows 2008 R2 SP1 when it runs on the pure UEFI build of OVMF, making the guest uninstallable. This patch adds a VGABIOS "shim" to QemuVideoDxe. For the first stdvga or QXL card bound, an extremely stripped down VGABIOS imitation is installed in the C segment. It provides a real implementation for the few services that are in fact necessary for the win2k8r2sp1 UEFI guest, plus some fakes that the guest invokes but whose effect is not important. The C segment is not present in the UEFI memory map prepared by OVMF. We never add memory space that would cover it (either in PEI, in the form of memory resource descriptor HOBs, or in DXE, via gDS->AddMemorySpace()). This way the handler body is invisible to all non-buggy UEFI guests, and the rest of edk2. The Int10h real-mode IVT entry is covered with a Boot Services Code page, making that too unaccessible to the rest of edk2. (Thus UEFI guest OSes different from the Windows 2008 family can reclaim the page. The Windows 2008 family accesses the page at zero regardless of the allocation type.) The patch is the result of collaboration: Initial proof of concept IVT entry installation and handler skeleton (in NASM) by Jordan Justen. Service tracing and implementation, data collection/analysis, and C coding by yours truly. Last minute changes by Gerd Hoffmann: - Use OEM mode number (0xf1) instead of standard 800x600 mode (0x143). The resolution of the OEM mode (0xf1) is not standardized; the guest can't expect anything from it in advance. - Use 1024x768 rather than 800x600 for more convenience in the Windows 2008 R2 SP1 guest during OS installation, and after normal boot until the QXL XDDM guest driver is installed. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15540 6f19259b-4bc3-4df7-8a09-765794883524
2014-05-20 18:33:00 +02:00
#include "Qemu.h"
#include "VbeShim.h"
#pragma pack (1)
typedef struct {
UINT16 Offset;
UINT16 Segment;
} IVT_ENTRY;
#pragma pack ()
//
// This string is displayed by Windows 2008 R2 SP1 in the Screen Resolution,
// Advanced Settings dialog. It should be short.
//
STATIC CONST CHAR8 mProductRevision[] = "OVMF Int10h (fake)";
/**
Install the VBE Info and VBE Mode Info structures, and the VBE service
handler routine in the C segment. Point the real-mode Int10h interrupt vector
to the handler. The only advertised mode is 1024x768x32.
@param[in] CardName Name of the video card to be exposed in the
Product Name field of the VBE Info structure. The
parameter must originate from a
QEMU_VIDEO_CARD.Name field.
@param[in] FrameBufferBase Guest-physical base address of the video card's
frame buffer.
**/
VOID
InstallVbeShim (
IN CONST CHAR16 *CardName,
IN EFI_PHYSICAL_ADDRESS FrameBufferBase
)
{
EFI_PHYSICAL_ADDRESS Segment0, SegmentC, SegmentF;
UINTN Segment0Pages;
IVT_ENTRY *Int0x10;
EFI_STATUS Segment0AllocationStatus;
OvmfPkg/QemuVideoDxe/VbeShim: handle PAM1 register on Q35 correctly In commit db27e9f3d8f0 ("OvmfPkg/LegacyRegion: Support legacy region manipulation of Q35", 2016-03-15), Ray extended the OvmfPkg/Csm/CsmSupportLib PAM register manipulation to Q35. However, we missed that the same should be done to the QemuVideoDxe VBE Shim as well. The omission has caused no problems in practice on Q35, because QEMU has let us write to the ROM area, regardless of the PAM1 setting, all this time. This has now changed with recent QEMU commit 208fa0e43645 ("pc: make 'pc.rom' readonly when machine has PCI enabled", 2017-07-28). The QEMU commit exposes the OVMF bug when Windows 7 is started on Q35, using QEMU 2.10 -- the VBE Shim is no longer put in place and Windows 7 cannot find it. To remedy this, assign the "Pam1Address" local variable a PciLib address that matches the board type (i440fx vs. q35). Regarding the PcdLib dependency: QemuVideoDxe already uses PcdLib, both directly (see "PcdDriverSupportedEfiVersion") and indirectly (e.g. via the DxePciLibI440FxQ35 PciLib instance). Add PcdLib to [LibraryClasses] for completeness. Cc: Aleksei Kovura <alex3kov@zoho.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Igor Mammedov <imammedo@redhat.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Ref: https://bugs.launchpad.net/qemu/+bug/1715700 Reported-by: Aleksei Kovura <alex3kov@zoho.com> Special-thanks-to: Gerd Hoffmann <kraxel@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Aleksei Kovura <alex3kov@zoho.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
2017-09-19 17:05:08 +02:00
UINT16 HostBridgeDevId;
OvmfPkg: QemuVideoDxe: Int10h stub for Windows 7 & 2008 (stdvga, QXL) The Windows 2008 R2 SP1 (and Windows 7) UEFI guest's default video driver dereferences the real mode Int10h vector, loads the pointed-to handler code, and executes what it thinks to be VGA BIOS services in an internal real-mode emulator. Consequently, video mode switching doesn't work in Windows 2008 R2 SP1 when it runs on the pure UEFI build of OVMF, making the guest uninstallable. This patch adds a VGABIOS "shim" to QemuVideoDxe. For the first stdvga or QXL card bound, an extremely stripped down VGABIOS imitation is installed in the C segment. It provides a real implementation for the few services that are in fact necessary for the win2k8r2sp1 UEFI guest, plus some fakes that the guest invokes but whose effect is not important. The C segment is not present in the UEFI memory map prepared by OVMF. We never add memory space that would cover it (either in PEI, in the form of memory resource descriptor HOBs, or in DXE, via gDS->AddMemorySpace()). This way the handler body is invisible to all non-buggy UEFI guests, and the rest of edk2. The Int10h real-mode IVT entry is covered with a Boot Services Code page, making that too unaccessible to the rest of edk2. (Thus UEFI guest OSes different from the Windows 2008 family can reclaim the page. The Windows 2008 family accesses the page at zero regardless of the allocation type.) The patch is the result of collaboration: Initial proof of concept IVT entry installation and handler skeleton (in NASM) by Jordan Justen. Service tracing and implementation, data collection/analysis, and C coding by yours truly. Last minute changes by Gerd Hoffmann: - Use OEM mode number (0xf1) instead of standard 800x600 mode (0x143). The resolution of the OEM mode (0xf1) is not standardized; the guest can't expect anything from it in advance. - Use 1024x768 rather than 800x600 for more convenience in the Windows 2008 R2 SP1 guest during OS installation, and after normal boot until the QXL XDDM guest driver is installed. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15540 6f19259b-4bc3-4df7-8a09-765794883524
2014-05-20 18:33:00 +02:00
UINTN Pam1Address;
UINT8 Pam1;
UINTN SegmentCPages;
VBE_INFO *VbeInfoFull;
VBE_INFO_BASE *VbeInfo;
UINT8 *Ptr;
UINTN Printed;
VBE_MODE_INFO *VbeModeInfo;
if ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & (BIT0|BIT7)) == BIT0) {
DEBUG ((
DEBUG_WARN,
"%a: page 0 protected, not installing VBE shim\n",
__func__
));
DEBUG ((
DEBUG_WARN,
"%a: page 0 protection prevents Windows 7 from booting anyway\n",
__func__
));
return;
}
OvmfPkg: QemuVideoDxe: Int10h stub for Windows 7 & 2008 (stdvga, QXL) The Windows 2008 R2 SP1 (and Windows 7) UEFI guest's default video driver dereferences the real mode Int10h vector, loads the pointed-to handler code, and executes what it thinks to be VGA BIOS services in an internal real-mode emulator. Consequently, video mode switching doesn't work in Windows 2008 R2 SP1 when it runs on the pure UEFI build of OVMF, making the guest uninstallable. This patch adds a VGABIOS "shim" to QemuVideoDxe. For the first stdvga or QXL card bound, an extremely stripped down VGABIOS imitation is installed in the C segment. It provides a real implementation for the few services that are in fact necessary for the win2k8r2sp1 UEFI guest, plus some fakes that the guest invokes but whose effect is not important. The C segment is not present in the UEFI memory map prepared by OVMF. We never add memory space that would cover it (either in PEI, in the form of memory resource descriptor HOBs, or in DXE, via gDS->AddMemorySpace()). This way the handler body is invisible to all non-buggy UEFI guests, and the rest of edk2. The Int10h real-mode IVT entry is covered with a Boot Services Code page, making that too unaccessible to the rest of edk2. (Thus UEFI guest OSes different from the Windows 2008 family can reclaim the page. The Windows 2008 family accesses the page at zero regardless of the allocation type.) The patch is the result of collaboration: Initial proof of concept IVT entry installation and handler skeleton (in NASM) by Jordan Justen. Service tracing and implementation, data collection/analysis, and C coding by yours truly. Last minute changes by Gerd Hoffmann: - Use OEM mode number (0xf1) instead of standard 800x600 mode (0x143). The resolution of the OEM mode (0xf1) is not standardized; the guest can't expect anything from it in advance. - Use 1024x768 rather than 800x600 for more convenience in the Windows 2008 R2 SP1 guest during OS installation, and after normal boot until the QXL XDDM guest driver is installed. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15540 6f19259b-4bc3-4df7-8a09-765794883524
2014-05-20 18:33:00 +02:00
Segment0 = 0x00000;
SegmentC = 0xC0000;
SegmentF = 0xF0000;
//
// Attempt to cover the real mode IVT with an allocation. This is a UEFI
// driver, hence the arch protocols have been installed previously. Among
// those, the CPU arch protocol has configured the IDT, so we can overwrite
// the IVT used in real mode.
//
// The allocation request may fail, eg. if LegacyBiosDxe has already run.
//
Segment0Pages = 1;
Int0x10 = (IVT_ENTRY *)(UINTN)(Segment0 + 0x10 * sizeof (IVT_ENTRY));
Segment0AllocationStatus = gBS->AllocatePages (
AllocateAddress,
EfiBootServicesCode,
Segment0Pages,
&Segment0
);
if (EFI_ERROR (Segment0AllocationStatus)) {
OvmfPkg: QemuVideoDxe: Int10h stub for Windows 7 & 2008 (stdvga, QXL) The Windows 2008 R2 SP1 (and Windows 7) UEFI guest's default video driver dereferences the real mode Int10h vector, loads the pointed-to handler code, and executes what it thinks to be VGA BIOS services in an internal real-mode emulator. Consequently, video mode switching doesn't work in Windows 2008 R2 SP1 when it runs on the pure UEFI build of OVMF, making the guest uninstallable. This patch adds a VGABIOS "shim" to QemuVideoDxe. For the first stdvga or QXL card bound, an extremely stripped down VGABIOS imitation is installed in the C segment. It provides a real implementation for the few services that are in fact necessary for the win2k8r2sp1 UEFI guest, plus some fakes that the guest invokes but whose effect is not important. The C segment is not present in the UEFI memory map prepared by OVMF. We never add memory space that would cover it (either in PEI, in the form of memory resource descriptor HOBs, or in DXE, via gDS->AddMemorySpace()). This way the handler body is invisible to all non-buggy UEFI guests, and the rest of edk2. The Int10h real-mode IVT entry is covered with a Boot Services Code page, making that too unaccessible to the rest of edk2. (Thus UEFI guest OSes different from the Windows 2008 family can reclaim the page. The Windows 2008 family accesses the page at zero regardless of the allocation type.) The patch is the result of collaboration: Initial proof of concept IVT entry installation and handler skeleton (in NASM) by Jordan Justen. Service tracing and implementation, data collection/analysis, and C coding by yours truly. Last minute changes by Gerd Hoffmann: - Use OEM mode number (0xf1) instead of standard 800x600 mode (0x143). The resolution of the OEM mode (0xf1) is not standardized; the guest can't expect anything from it in advance. - Use 1024x768 rather than 800x600 for more convenience in the Windows 2008 R2 SP1 guest during OS installation, and after normal boot until the QXL XDDM guest driver is installed. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15540 6f19259b-4bc3-4df7-8a09-765794883524
2014-05-20 18:33:00 +02:00
EFI_PHYSICAL_ADDRESS Handler;
//
// Check if a video BIOS handler has been installed previously -- we
// shouldn't override a real video BIOS with our shim, nor our own shim if
// it's already present.
//
Handler = (Int0x10->Segment << 4) + Int0x10->Offset;
if ((Handler >= SegmentC) && (Handler < SegmentF)) {
DEBUG ((
DEBUG_INFO,
"%a: Video BIOS handler found at %04x:%04x\n",
__func__,
OvmfPkg: QemuVideoDxe: Int10h stub for Windows 7 & 2008 (stdvga, QXL) The Windows 2008 R2 SP1 (and Windows 7) UEFI guest's default video driver dereferences the real mode Int10h vector, loads the pointed-to handler code, and executes what it thinks to be VGA BIOS services in an internal real-mode emulator. Consequently, video mode switching doesn't work in Windows 2008 R2 SP1 when it runs on the pure UEFI build of OVMF, making the guest uninstallable. This patch adds a VGABIOS "shim" to QemuVideoDxe. For the first stdvga or QXL card bound, an extremely stripped down VGABIOS imitation is installed in the C segment. It provides a real implementation for the few services that are in fact necessary for the win2k8r2sp1 UEFI guest, plus some fakes that the guest invokes but whose effect is not important. The C segment is not present in the UEFI memory map prepared by OVMF. We never add memory space that would cover it (either in PEI, in the form of memory resource descriptor HOBs, or in DXE, via gDS->AddMemorySpace()). This way the handler body is invisible to all non-buggy UEFI guests, and the rest of edk2. The Int10h real-mode IVT entry is covered with a Boot Services Code page, making that too unaccessible to the rest of edk2. (Thus UEFI guest OSes different from the Windows 2008 family can reclaim the page. The Windows 2008 family accesses the page at zero regardless of the allocation type.) The patch is the result of collaboration: Initial proof of concept IVT entry installation and handler skeleton (in NASM) by Jordan Justen. Service tracing and implementation, data collection/analysis, and C coding by yours truly. Last minute changes by Gerd Hoffmann: - Use OEM mode number (0xf1) instead of standard 800x600 mode (0x143). The resolution of the OEM mode (0xf1) is not standardized; the guest can't expect anything from it in advance. - Use 1024x768 rather than 800x600 for more convenience in the Windows 2008 R2 SP1 guest during OS installation, and after normal boot until the QXL XDDM guest driver is installed. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15540 6f19259b-4bc3-4df7-8a09-765794883524
2014-05-20 18:33:00 +02:00
Int0x10->Segment,
Int0x10->Offset
));
return;
}
//
// Otherwise we'll overwrite the Int10h vector, even though we may not own
// the page at zero.
//
DEBUG ((
DEBUG_INFO,
"%a: failed to allocate page at zero: %r\n",
__func__,
Segment0AllocationStatus
));
OvmfPkg: QemuVideoDxe: Int10h stub for Windows 7 & 2008 (stdvga, QXL) The Windows 2008 R2 SP1 (and Windows 7) UEFI guest's default video driver dereferences the real mode Int10h vector, loads the pointed-to handler code, and executes what it thinks to be VGA BIOS services in an internal real-mode emulator. Consequently, video mode switching doesn't work in Windows 2008 R2 SP1 when it runs on the pure UEFI build of OVMF, making the guest uninstallable. This patch adds a VGABIOS "shim" to QemuVideoDxe. For the first stdvga or QXL card bound, an extremely stripped down VGABIOS imitation is installed in the C segment. It provides a real implementation for the few services that are in fact necessary for the win2k8r2sp1 UEFI guest, plus some fakes that the guest invokes but whose effect is not important. The C segment is not present in the UEFI memory map prepared by OVMF. We never add memory space that would cover it (either in PEI, in the form of memory resource descriptor HOBs, or in DXE, via gDS->AddMemorySpace()). This way the handler body is invisible to all non-buggy UEFI guests, and the rest of edk2. The Int10h real-mode IVT entry is covered with a Boot Services Code page, making that too unaccessible to the rest of edk2. (Thus UEFI guest OSes different from the Windows 2008 family can reclaim the page. The Windows 2008 family accesses the page at zero regardless of the allocation type.) The patch is the result of collaboration: Initial proof of concept IVT entry installation and handler skeleton (in NASM) by Jordan Justen. Service tracing and implementation, data collection/analysis, and C coding by yours truly. Last minute changes by Gerd Hoffmann: - Use OEM mode number (0xf1) instead of standard 800x600 mode (0x143). The resolution of the OEM mode (0xf1) is not standardized; the guest can't expect anything from it in advance. - Use 1024x768 rather than 800x600 for more convenience in the Windows 2008 R2 SP1 guest during OS installation, and after normal boot until the QXL XDDM guest driver is installed. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15540 6f19259b-4bc3-4df7-8a09-765794883524
2014-05-20 18:33:00 +02:00
} else {
//
// We managed to allocate the page at zero. SVN r14218 guarantees that it
// is NUL-filled.
//
ASSERT (Int0x10->Segment == 0x0000);
ASSERT (Int0x10->Offset == 0x0000);
}
//
// Put the shim in place first.
//
OvmfPkg/QemuVideoDxe/VbeShim: handle PAM1 register on Q35 correctly In commit db27e9f3d8f0 ("OvmfPkg/LegacyRegion: Support legacy region manipulation of Q35", 2016-03-15), Ray extended the OvmfPkg/Csm/CsmSupportLib PAM register manipulation to Q35. However, we missed that the same should be done to the QemuVideoDxe VBE Shim as well. The omission has caused no problems in practice on Q35, because QEMU has let us write to the ROM area, regardless of the PAM1 setting, all this time. This has now changed with recent QEMU commit 208fa0e43645 ("pc: make 'pc.rom' readonly when machine has PCI enabled", 2017-07-28). The QEMU commit exposes the OVMF bug when Windows 7 is started on Q35, using QEMU 2.10 -- the VBE Shim is no longer put in place and Windows 7 cannot find it. To remedy this, assign the "Pam1Address" local variable a PciLib address that matches the board type (i440fx vs. q35). Regarding the PcdLib dependency: QemuVideoDxe already uses PcdLib, both directly (see "PcdDriverSupportedEfiVersion") and indirectly (e.g. via the DxePciLibI440FxQ35 PciLib instance). Add PcdLib to [LibraryClasses] for completeness. Cc: Aleksei Kovura <alex3kov@zoho.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Igor Mammedov <imammedo@redhat.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Ref: https://bugs.launchpad.net/qemu/+bug/1715700 Reported-by: Aleksei Kovura <alex3kov@zoho.com> Special-thanks-to: Gerd Hoffmann <kraxel@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Aleksei Kovura <alex3kov@zoho.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
2017-09-19 17:05:08 +02:00
// Start by determining the address of the PAM1 register.
//
HostBridgeDevId = PcdGet16 (PcdOvmfHostBridgePciDevId);
switch (HostBridgeDevId) {
case INTEL_82441_DEVICE_ID:
Pam1Address = PMC_REGISTER_PIIX4 (PIIX4_PAM1);
break;
case INTEL_Q35_MCH_DEVICE_ID:
Pam1Address = DRAMC_REGISTER_Q35 (MCH_PAM1);
break;
case MICROVM_PSEUDO_DEVICE_ID:
return;
OvmfPkg/QemuVideoDxe/VbeShim: handle PAM1 register on Q35 correctly In commit db27e9f3d8f0 ("OvmfPkg/LegacyRegion: Support legacy region manipulation of Q35", 2016-03-15), Ray extended the OvmfPkg/Csm/CsmSupportLib PAM register manipulation to Q35. However, we missed that the same should be done to the QemuVideoDxe VBE Shim as well. The omission has caused no problems in practice on Q35, because QEMU has let us write to the ROM area, regardless of the PAM1 setting, all this time. This has now changed with recent QEMU commit 208fa0e43645 ("pc: make 'pc.rom' readonly when machine has PCI enabled", 2017-07-28). The QEMU commit exposes the OVMF bug when Windows 7 is started on Q35, using QEMU 2.10 -- the VBE Shim is no longer put in place and Windows 7 cannot find it. To remedy this, assign the "Pam1Address" local variable a PciLib address that matches the board type (i440fx vs. q35). Regarding the PcdLib dependency: QemuVideoDxe already uses PcdLib, both directly (see "PcdDriverSupportedEfiVersion") and indirectly (e.g. via the DxePciLibI440FxQ35 PciLib instance). Add PcdLib to [LibraryClasses] for completeness. Cc: Aleksei Kovura <alex3kov@zoho.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Igor Mammedov <imammedo@redhat.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Ref: https://bugs.launchpad.net/qemu/+bug/1715700 Reported-by: Aleksei Kovura <alex3kov@zoho.com> Special-thanks-to: Gerd Hoffmann <kraxel@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Aleksei Kovura <alex3kov@zoho.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
2017-09-19 17:05:08 +02:00
default:
DEBUG ((
DEBUG_ERROR,
"%a: unknown host bridge device ID: 0x%04x\n",
__func__,
OvmfPkg/QemuVideoDxe/VbeShim: handle PAM1 register on Q35 correctly In commit db27e9f3d8f0 ("OvmfPkg/LegacyRegion: Support legacy region manipulation of Q35", 2016-03-15), Ray extended the OvmfPkg/Csm/CsmSupportLib PAM register manipulation to Q35. However, we missed that the same should be done to the QemuVideoDxe VBE Shim as well. The omission has caused no problems in practice on Q35, because QEMU has let us write to the ROM area, regardless of the PAM1 setting, all this time. This has now changed with recent QEMU commit 208fa0e43645 ("pc: make 'pc.rom' readonly when machine has PCI enabled", 2017-07-28). The QEMU commit exposes the OVMF bug when Windows 7 is started on Q35, using QEMU 2.10 -- the VBE Shim is no longer put in place and Windows 7 cannot find it. To remedy this, assign the "Pam1Address" local variable a PciLib address that matches the board type (i440fx vs. q35). Regarding the PcdLib dependency: QemuVideoDxe already uses PcdLib, both directly (see "PcdDriverSupportedEfiVersion") and indirectly (e.g. via the DxePciLibI440FxQ35 PciLib instance). Add PcdLib to [LibraryClasses] for completeness. Cc: Aleksei Kovura <alex3kov@zoho.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Igor Mammedov <imammedo@redhat.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Ref: https://bugs.launchpad.net/qemu/+bug/1715700 Reported-by: Aleksei Kovura <alex3kov@zoho.com> Special-thanks-to: Gerd Hoffmann <kraxel@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Aleksei Kovura <alex3kov@zoho.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
2017-09-19 17:05:08 +02:00
HostBridgeDevId
));
ASSERT (FALSE);
OvmfPkg/QemuVideoDxe/VbeShim: handle PAM1 register on Q35 correctly In commit db27e9f3d8f0 ("OvmfPkg/LegacyRegion: Support legacy region manipulation of Q35", 2016-03-15), Ray extended the OvmfPkg/Csm/CsmSupportLib PAM register manipulation to Q35. However, we missed that the same should be done to the QemuVideoDxe VBE Shim as well. The omission has caused no problems in practice on Q35, because QEMU has let us write to the ROM area, regardless of the PAM1 setting, all this time. This has now changed with recent QEMU commit 208fa0e43645 ("pc: make 'pc.rom' readonly when machine has PCI enabled", 2017-07-28). The QEMU commit exposes the OVMF bug when Windows 7 is started on Q35, using QEMU 2.10 -- the VBE Shim is no longer put in place and Windows 7 cannot find it. To remedy this, assign the "Pam1Address" local variable a PciLib address that matches the board type (i440fx vs. q35). Regarding the PcdLib dependency: QemuVideoDxe already uses PcdLib, both directly (see "PcdDriverSupportedEfiVersion") and indirectly (e.g. via the DxePciLibI440FxQ35 PciLib instance). Add PcdLib to [LibraryClasses] for completeness. Cc: Aleksei Kovura <alex3kov@zoho.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Igor Mammedov <imammedo@redhat.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Ref: https://bugs.launchpad.net/qemu/+bug/1715700 Reported-by: Aleksei Kovura <alex3kov@zoho.com> Special-thanks-to: Gerd Hoffmann <kraxel@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Aleksei Kovura <alex3kov@zoho.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
2017-09-19 17:05:08 +02:00
if (!EFI_ERROR (Segment0AllocationStatus)) {
gBS->FreePages (Segment0, Segment0Pages);
}
OvmfPkg/QemuVideoDxe/VbeShim: handle PAM1 register on Q35 correctly In commit db27e9f3d8f0 ("OvmfPkg/LegacyRegion: Support legacy region manipulation of Q35", 2016-03-15), Ray extended the OvmfPkg/Csm/CsmSupportLib PAM register manipulation to Q35. However, we missed that the same should be done to the QemuVideoDxe VBE Shim as well. The omission has caused no problems in practice on Q35, because QEMU has let us write to the ROM area, regardless of the PAM1 setting, all this time. This has now changed with recent QEMU commit 208fa0e43645 ("pc: make 'pc.rom' readonly when machine has PCI enabled", 2017-07-28). The QEMU commit exposes the OVMF bug when Windows 7 is started on Q35, using QEMU 2.10 -- the VBE Shim is no longer put in place and Windows 7 cannot find it. To remedy this, assign the "Pam1Address" local variable a PciLib address that matches the board type (i440fx vs. q35). Regarding the PcdLib dependency: QemuVideoDxe already uses PcdLib, both directly (see "PcdDriverSupportedEfiVersion") and indirectly (e.g. via the DxePciLibI440FxQ35 PciLib instance). Add PcdLib to [LibraryClasses] for completeness. Cc: Aleksei Kovura <alex3kov@zoho.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Igor Mammedov <imammedo@redhat.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Ref: https://bugs.launchpad.net/qemu/+bug/1715700 Reported-by: Aleksei Kovura <alex3kov@zoho.com> Special-thanks-to: Gerd Hoffmann <kraxel@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Tested-by: Aleksei Kovura <alex3kov@zoho.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
2017-09-19 17:05:08 +02:00
return;
}
OvmfPkg: QemuVideoDxe: Int10h stub for Windows 7 & 2008 (stdvga, QXL) The Windows 2008 R2 SP1 (and Windows 7) UEFI guest's default video driver dereferences the real mode Int10h vector, loads the pointed-to handler code, and executes what it thinks to be VGA BIOS services in an internal real-mode emulator. Consequently, video mode switching doesn't work in Windows 2008 R2 SP1 when it runs on the pure UEFI build of OVMF, making the guest uninstallable. This patch adds a VGABIOS "shim" to QemuVideoDxe. For the first stdvga or QXL card bound, an extremely stripped down VGABIOS imitation is installed in the C segment. It provides a real implementation for the few services that are in fact necessary for the win2k8r2sp1 UEFI guest, plus some fakes that the guest invokes but whose effect is not important. The C segment is not present in the UEFI memory map prepared by OVMF. We never add memory space that would cover it (either in PEI, in the form of memory resource descriptor HOBs, or in DXE, via gDS->AddMemorySpace()). This way the handler body is invisible to all non-buggy UEFI guests, and the rest of edk2. The Int10h real-mode IVT entry is covered with a Boot Services Code page, making that too unaccessible to the rest of edk2. (Thus UEFI guest OSes different from the Windows 2008 family can reclaim the page. The Windows 2008 family accesses the page at zero regardless of the allocation type.) The patch is the result of collaboration: Initial proof of concept IVT entry installation and handler skeleton (in NASM) by Jordan Justen. Service tracing and implementation, data collection/analysis, and C coding by yours truly. Last minute changes by Gerd Hoffmann: - Use OEM mode number (0xf1) instead of standard 800x600 mode (0x143). The resolution of the OEM mode (0xf1) is not standardized; the guest can't expect anything from it in advance. - Use 1024x768 rather than 800x600 for more convenience in the Windows 2008 R2 SP1 guest during OS installation, and after normal boot until the QXL XDDM guest driver is installed. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15540 6f19259b-4bc3-4df7-8a09-765794883524
2014-05-20 18:33:00 +02:00
//
// low nibble covers 0xC0000 to 0xC3FFF
// high nibble covers 0xC4000 to 0xC7FFF
// bit1 in each nibble is Write Enable
// bit0 in each nibble is Read Enable
//
Pam1 = PciRead8 (Pam1Address);
PciWrite8 (Pam1Address, Pam1 | (BIT1 | BIT0));
//
// We never added memory space during PEI or DXE for the C segment, so we
OvmfPkg: QemuVideoDxe: Int10h stub for Windows 7 & 2008 (stdvga, QXL) The Windows 2008 R2 SP1 (and Windows 7) UEFI guest's default video driver dereferences the real mode Int10h vector, loads the pointed-to handler code, and executes what it thinks to be VGA BIOS services in an internal real-mode emulator. Consequently, video mode switching doesn't work in Windows 2008 R2 SP1 when it runs on the pure UEFI build of OVMF, making the guest uninstallable. This patch adds a VGABIOS "shim" to QemuVideoDxe. For the first stdvga or QXL card bound, an extremely stripped down VGABIOS imitation is installed in the C segment. It provides a real implementation for the few services that are in fact necessary for the win2k8r2sp1 UEFI guest, plus some fakes that the guest invokes but whose effect is not important. The C segment is not present in the UEFI memory map prepared by OVMF. We never add memory space that would cover it (either in PEI, in the form of memory resource descriptor HOBs, or in DXE, via gDS->AddMemorySpace()). This way the handler body is invisible to all non-buggy UEFI guests, and the rest of edk2. The Int10h real-mode IVT entry is covered with a Boot Services Code page, making that too unaccessible to the rest of edk2. (Thus UEFI guest OSes different from the Windows 2008 family can reclaim the page. The Windows 2008 family accesses the page at zero regardless of the allocation type.) The patch is the result of collaboration: Initial proof of concept IVT entry installation and handler skeleton (in NASM) by Jordan Justen. Service tracing and implementation, data collection/analysis, and C coding by yours truly. Last minute changes by Gerd Hoffmann: - Use OEM mode number (0xf1) instead of standard 800x600 mode (0x143). The resolution of the OEM mode (0xf1) is not standardized; the guest can't expect anything from it in advance. - Use 1024x768 rather than 800x600 for more convenience in the Windows 2008 R2 SP1 guest during OS installation, and after normal boot until the QXL XDDM guest driver is installed. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15540 6f19259b-4bc3-4df7-8a09-765794883524
2014-05-20 18:33:00 +02:00
// don't need to (and can't) allocate from there. Also, guest operating
// systems will see a hole in the UEFI memory map there.
//
SegmentCPages = 4;
ASSERT (sizeof mVbeShim <= EFI_PAGES_TO_SIZE (SegmentCPages));
CopyMem ((VOID *)(UINTN)SegmentC, mVbeShim, sizeof mVbeShim);
//
// Fill in the VBE INFO structure.
//
VbeInfoFull = (VBE_INFO *)(UINTN)SegmentC;
VbeInfo = &VbeInfoFull->Base;
Ptr = VbeInfoFull->Buffer;
CopyMem (VbeInfo->Signature, "VESA", 4);
VbeInfo->VesaVersion = 0x0300;
VbeInfo->OemNameAddress = (UINT32)SegmentC << 12 | (UINT16)(UINTN)Ptr;
OvmfPkg: QemuVideoDxe: Int10h stub for Windows 7 & 2008 (stdvga, QXL) The Windows 2008 R2 SP1 (and Windows 7) UEFI guest's default video driver dereferences the real mode Int10h vector, loads the pointed-to handler code, and executes what it thinks to be VGA BIOS services in an internal real-mode emulator. Consequently, video mode switching doesn't work in Windows 2008 R2 SP1 when it runs on the pure UEFI build of OVMF, making the guest uninstallable. This patch adds a VGABIOS "shim" to QemuVideoDxe. For the first stdvga or QXL card bound, an extremely stripped down VGABIOS imitation is installed in the C segment. It provides a real implementation for the few services that are in fact necessary for the win2k8r2sp1 UEFI guest, plus some fakes that the guest invokes but whose effect is not important. The C segment is not present in the UEFI memory map prepared by OVMF. We never add memory space that would cover it (either in PEI, in the form of memory resource descriptor HOBs, or in DXE, via gDS->AddMemorySpace()). This way the handler body is invisible to all non-buggy UEFI guests, and the rest of edk2. The Int10h real-mode IVT entry is covered with a Boot Services Code page, making that too unaccessible to the rest of edk2. (Thus UEFI guest OSes different from the Windows 2008 family can reclaim the page. The Windows 2008 family accesses the page at zero regardless of the allocation type.) The patch is the result of collaboration: Initial proof of concept IVT entry installation and handler skeleton (in NASM) by Jordan Justen. Service tracing and implementation, data collection/analysis, and C coding by yours truly. Last minute changes by Gerd Hoffmann: - Use OEM mode number (0xf1) instead of standard 800x600 mode (0x143). The resolution of the OEM mode (0xf1) is not standardized; the guest can't expect anything from it in advance. - Use 1024x768 rather than 800x600 for more convenience in the Windows 2008 R2 SP1 guest during OS installation, and after normal boot until the QXL XDDM guest driver is installed. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15540 6f19259b-4bc3-4df7-8a09-765794883524
2014-05-20 18:33:00 +02:00
CopyMem (Ptr, "QEMU", 5);
Ptr += 5;
VbeInfo->Capabilities = BIT0; // DAC can be switched into 8-bit mode
VbeInfo->ModeListAddress = (UINT32)SegmentC << 12 | (UINT16)(UINTN)Ptr;
OvmfPkg: QemuVideoDxe: Int10h stub for Windows 7 & 2008 (stdvga, QXL) The Windows 2008 R2 SP1 (and Windows 7) UEFI guest's default video driver dereferences the real mode Int10h vector, loads the pointed-to handler code, and executes what it thinks to be VGA BIOS services in an internal real-mode emulator. Consequently, video mode switching doesn't work in Windows 2008 R2 SP1 when it runs on the pure UEFI build of OVMF, making the guest uninstallable. This patch adds a VGABIOS "shim" to QemuVideoDxe. For the first stdvga or QXL card bound, an extremely stripped down VGABIOS imitation is installed in the C segment. It provides a real implementation for the few services that are in fact necessary for the win2k8r2sp1 UEFI guest, plus some fakes that the guest invokes but whose effect is not important. The C segment is not present in the UEFI memory map prepared by OVMF. We never add memory space that would cover it (either in PEI, in the form of memory resource descriptor HOBs, or in DXE, via gDS->AddMemorySpace()). This way the handler body is invisible to all non-buggy UEFI guests, and the rest of edk2. The Int10h real-mode IVT entry is covered with a Boot Services Code page, making that too unaccessible to the rest of edk2. (Thus UEFI guest OSes different from the Windows 2008 family can reclaim the page. The Windows 2008 family accesses the page at zero regardless of the allocation type.) The patch is the result of collaboration: Initial proof of concept IVT entry installation and handler skeleton (in NASM) by Jordan Justen. Service tracing and implementation, data collection/analysis, and C coding by yours truly. Last minute changes by Gerd Hoffmann: - Use OEM mode number (0xf1) instead of standard 800x600 mode (0x143). The resolution of the OEM mode (0xf1) is not standardized; the guest can't expect anything from it in advance. - Use 1024x768 rather than 800x600 for more convenience in the Windows 2008 R2 SP1 guest during OS installation, and after normal boot until the QXL XDDM guest driver is installed. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15540 6f19259b-4bc3-4df7-8a09-765794883524
2014-05-20 18:33:00 +02:00
*(UINT16 *)Ptr = 0x00f1; // mode number
Ptr += 2;
*(UINT16 *)Ptr = 0xFFFF; // mode list terminator
Ptr += 2;
VbeInfo->VideoMem64K = (UINT16)((1024 * 768 * 4 + 65535) / 65536);
VbeInfo->OemSoftwareVersion = 0x0000;
VbeInfo->VendorNameAddress = (UINT32)SegmentC << 12 | (UINT16)(UINTN)Ptr;
OvmfPkg: QemuVideoDxe: Int10h stub for Windows 7 & 2008 (stdvga, QXL) The Windows 2008 R2 SP1 (and Windows 7) UEFI guest's default video driver dereferences the real mode Int10h vector, loads the pointed-to handler code, and executes what it thinks to be VGA BIOS services in an internal real-mode emulator. Consequently, video mode switching doesn't work in Windows 2008 R2 SP1 when it runs on the pure UEFI build of OVMF, making the guest uninstallable. This patch adds a VGABIOS "shim" to QemuVideoDxe. For the first stdvga or QXL card bound, an extremely stripped down VGABIOS imitation is installed in the C segment. It provides a real implementation for the few services that are in fact necessary for the win2k8r2sp1 UEFI guest, plus some fakes that the guest invokes but whose effect is not important. The C segment is not present in the UEFI memory map prepared by OVMF. We never add memory space that would cover it (either in PEI, in the form of memory resource descriptor HOBs, or in DXE, via gDS->AddMemorySpace()). This way the handler body is invisible to all non-buggy UEFI guests, and the rest of edk2. The Int10h real-mode IVT entry is covered with a Boot Services Code page, making that too unaccessible to the rest of edk2. (Thus UEFI guest OSes different from the Windows 2008 family can reclaim the page. The Windows 2008 family accesses the page at zero regardless of the allocation type.) The patch is the result of collaboration: Initial proof of concept IVT entry installation and handler skeleton (in NASM) by Jordan Justen. Service tracing and implementation, data collection/analysis, and C coding by yours truly. Last minute changes by Gerd Hoffmann: - Use OEM mode number (0xf1) instead of standard 800x600 mode (0x143). The resolution of the OEM mode (0xf1) is not standardized; the guest can't expect anything from it in advance. - Use 1024x768 rather than 800x600 for more convenience in the Windows 2008 R2 SP1 guest during OS installation, and after normal boot until the QXL XDDM guest driver is installed. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15540 6f19259b-4bc3-4df7-8a09-765794883524
2014-05-20 18:33:00 +02:00
CopyMem (Ptr, "OVMF", 5);
Ptr += 5;
VbeInfo->ProductNameAddress = (UINT32)SegmentC << 12 | (UINT16)(UINTN)Ptr;
OvmfPkg: QemuVideoDxe: Int10h stub for Windows 7 & 2008 (stdvga, QXL) The Windows 2008 R2 SP1 (and Windows 7) UEFI guest's default video driver dereferences the real mode Int10h vector, loads the pointed-to handler code, and executes what it thinks to be VGA BIOS services in an internal real-mode emulator. Consequently, video mode switching doesn't work in Windows 2008 R2 SP1 when it runs on the pure UEFI build of OVMF, making the guest uninstallable. This patch adds a VGABIOS "shim" to QemuVideoDxe. For the first stdvga or QXL card bound, an extremely stripped down VGABIOS imitation is installed in the C segment. It provides a real implementation for the few services that are in fact necessary for the win2k8r2sp1 UEFI guest, plus some fakes that the guest invokes but whose effect is not important. The C segment is not present in the UEFI memory map prepared by OVMF. We never add memory space that would cover it (either in PEI, in the form of memory resource descriptor HOBs, or in DXE, via gDS->AddMemorySpace()). This way the handler body is invisible to all non-buggy UEFI guests, and the rest of edk2. The Int10h real-mode IVT entry is covered with a Boot Services Code page, making that too unaccessible to the rest of edk2. (Thus UEFI guest OSes different from the Windows 2008 family can reclaim the page. The Windows 2008 family accesses the page at zero regardless of the allocation type.) The patch is the result of collaboration: Initial proof of concept IVT entry installation and handler skeleton (in NASM) by Jordan Justen. Service tracing and implementation, data collection/analysis, and C coding by yours truly. Last minute changes by Gerd Hoffmann: - Use OEM mode number (0xf1) instead of standard 800x600 mode (0x143). The resolution of the OEM mode (0xf1) is not standardized; the guest can't expect anything from it in advance. - Use 1024x768 rather than 800x600 for more convenience in the Windows 2008 R2 SP1 guest during OS installation, and after normal boot until the QXL XDDM guest driver is installed. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15540 6f19259b-4bc3-4df7-8a09-765794883524
2014-05-20 18:33:00 +02:00
Printed = AsciiSPrint (
(CHAR8 *)Ptr,
sizeof VbeInfoFull->Buffer - (Ptr - VbeInfoFull->Buffer),
"%s",
CardName
);
Ptr += Printed + 1;
VbeInfo->ProductRevAddress = (UINT32)SegmentC << 12 | (UINT16)(UINTN)Ptr;
OvmfPkg: QemuVideoDxe: Int10h stub for Windows 7 & 2008 (stdvga, QXL) The Windows 2008 R2 SP1 (and Windows 7) UEFI guest's default video driver dereferences the real mode Int10h vector, loads the pointed-to handler code, and executes what it thinks to be VGA BIOS services in an internal real-mode emulator. Consequently, video mode switching doesn't work in Windows 2008 R2 SP1 when it runs on the pure UEFI build of OVMF, making the guest uninstallable. This patch adds a VGABIOS "shim" to QemuVideoDxe. For the first stdvga or QXL card bound, an extremely stripped down VGABIOS imitation is installed in the C segment. It provides a real implementation for the few services that are in fact necessary for the win2k8r2sp1 UEFI guest, plus some fakes that the guest invokes but whose effect is not important. The C segment is not present in the UEFI memory map prepared by OVMF. We never add memory space that would cover it (either in PEI, in the form of memory resource descriptor HOBs, or in DXE, via gDS->AddMemorySpace()). This way the handler body is invisible to all non-buggy UEFI guests, and the rest of edk2. The Int10h real-mode IVT entry is covered with a Boot Services Code page, making that too unaccessible to the rest of edk2. (Thus UEFI guest OSes different from the Windows 2008 family can reclaim the page. The Windows 2008 family accesses the page at zero regardless of the allocation type.) The patch is the result of collaboration: Initial proof of concept IVT entry installation and handler skeleton (in NASM) by Jordan Justen. Service tracing and implementation, data collection/analysis, and C coding by yours truly. Last minute changes by Gerd Hoffmann: - Use OEM mode number (0xf1) instead of standard 800x600 mode (0x143). The resolution of the OEM mode (0xf1) is not standardized; the guest can't expect anything from it in advance. - Use 1024x768 rather than 800x600 for more convenience in the Windows 2008 R2 SP1 guest during OS installation, and after normal boot until the QXL XDDM guest driver is installed. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15540 6f19259b-4bc3-4df7-8a09-765794883524
2014-05-20 18:33:00 +02:00
CopyMem (Ptr, mProductRevision, sizeof mProductRevision);
Ptr += sizeof mProductRevision;
ASSERT (sizeof VbeInfoFull->Buffer >= Ptr - VbeInfoFull->Buffer);
ZeroMem (Ptr, sizeof VbeInfoFull->Buffer - (Ptr - VbeInfoFull->Buffer));
//
// Fil in the VBE MODE INFO structure.
//
VbeModeInfo = (VBE_MODE_INFO *)(VbeInfoFull + 1);
//
// bit0: mode supported by present hardware configuration
// bit1: optional information available (must be =1 for VBE v1.2+)
// bit3: set if color, clear if monochrome
// bit4: set if graphics mode, clear if text mode
// bit5: mode is not VGA-compatible
// bit7: linear framebuffer mode supported
//
VbeModeInfo->ModeAttr = BIT7 | BIT5 | BIT4 | BIT3 | BIT1 | BIT0;
//
// bit0: exists
// bit1: bit1: readable
// bit2: writeable
//
VbeModeInfo->WindowAAttr = BIT2 | BIT1 | BIT0;
VbeModeInfo->WindowBAttr = 0x00;
VbeModeInfo->WindowGranularityKB = 0x0040;
VbeModeInfo->WindowSizeKB = 0x0040;
VbeModeInfo->WindowAStartSegment = 0xA000;
VbeModeInfo->WindowBStartSegment = 0x0000;
VbeModeInfo->WindowPositioningAddress = 0x0000;
VbeModeInfo->BytesPerScanLine = 1024 * 4;
VbeModeInfo->Width = 1024;
VbeModeInfo->Height = 768;
VbeModeInfo->CharCellWidth = 8;
VbeModeInfo->CharCellHeight = 16;
VbeModeInfo->NumPlanes = 1;
VbeModeInfo->BitsPerPixel = 32;
VbeModeInfo->NumBanks = 1;
VbeModeInfo->MemoryModel = 6; // direct color
VbeModeInfo->BankSizeKB = 0;
VbeModeInfo->NumImagePagesLessOne = 0;
VbeModeInfo->Vbe3 = 0x01;
VbeModeInfo->RedMaskSize = 8;
VbeModeInfo->RedMaskPos = 16;
VbeModeInfo->GreenMaskSize = 8;
VbeModeInfo->GreenMaskPos = 8;
VbeModeInfo->BlueMaskSize = 8;
VbeModeInfo->BlueMaskPos = 0;
VbeModeInfo->ReservedMaskSize = 8;
VbeModeInfo->ReservedMaskPos = 24;
//
// bit1: Bytes in reserved field may be used by application
//
VbeModeInfo->DirectColorModeInfo = BIT1;
VbeModeInfo->LfbAddress = (UINT32)FrameBufferBase;
VbeModeInfo->OffScreenAddress = 0;
VbeModeInfo->OffScreenSizeKB = 0;
VbeModeInfo->BytesPerScanLineLinear = 1024 * 4;
VbeModeInfo->NumImagesLessOneBanked = 0;
VbeModeInfo->NumImagesLessOneLinear = 0;
VbeModeInfo->RedMaskSizeLinear = 8;
VbeModeInfo->RedMaskPosLinear = 16;
VbeModeInfo->GreenMaskSizeLinear = 8;
VbeModeInfo->GreenMaskPosLinear = 8;
VbeModeInfo->BlueMaskSizeLinear = 8;
VbeModeInfo->BlueMaskPosLinear = 0;
VbeModeInfo->ReservedMaskSizeLinear = 8;
VbeModeInfo->ReservedMaskPosLinear = 24;
VbeModeInfo->MaxPixelClockHz = 0;
ZeroMem (VbeModeInfo->Reserved, sizeof VbeModeInfo->Reserved);
//
// Clear Write Enable (bit1), keep Read Enable (bit0) set
//
PciWrite8 (Pam1Address, (Pam1 & ~BIT1) | BIT0);
//
// Second, point the Int10h vector at the shim.
//
Int0x10->Segment = (UINT16)((UINT32)SegmentC >> 4);
Int0x10->Offset = (UINT16)((UINTN)(VbeModeInfo + 1) - SegmentC);
OvmfPkg: QemuVideoDxe: Int10h stub for Windows 7 & 2008 (stdvga, QXL) The Windows 2008 R2 SP1 (and Windows 7) UEFI guest's default video driver dereferences the real mode Int10h vector, loads the pointed-to handler code, and executes what it thinks to be VGA BIOS services in an internal real-mode emulator. Consequently, video mode switching doesn't work in Windows 2008 R2 SP1 when it runs on the pure UEFI build of OVMF, making the guest uninstallable. This patch adds a VGABIOS "shim" to QemuVideoDxe. For the first stdvga or QXL card bound, an extremely stripped down VGABIOS imitation is installed in the C segment. It provides a real implementation for the few services that are in fact necessary for the win2k8r2sp1 UEFI guest, plus some fakes that the guest invokes but whose effect is not important. The C segment is not present in the UEFI memory map prepared by OVMF. We never add memory space that would cover it (either in PEI, in the form of memory resource descriptor HOBs, or in DXE, via gDS->AddMemorySpace()). This way the handler body is invisible to all non-buggy UEFI guests, and the rest of edk2. The Int10h real-mode IVT entry is covered with a Boot Services Code page, making that too unaccessible to the rest of edk2. (Thus UEFI guest OSes different from the Windows 2008 family can reclaim the page. The Windows 2008 family accesses the page at zero regardless of the allocation type.) The patch is the result of collaboration: Initial proof of concept IVT entry installation and handler skeleton (in NASM) by Jordan Justen. Service tracing and implementation, data collection/analysis, and C coding by yours truly. Last minute changes by Gerd Hoffmann: - Use OEM mode number (0xf1) instead of standard 800x600 mode (0x143). The resolution of the OEM mode (0xf1) is not standardized; the guest can't expect anything from it in advance. - Use 1024x768 rather than 800x600 for more convenience in the Windows 2008 R2 SP1 guest during OS installation, and after normal boot until the QXL XDDM guest driver is installed. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15540 6f19259b-4bc3-4df7-8a09-765794883524
2014-05-20 18:33:00 +02:00
DEBUG ((DEBUG_INFO, "%a: VBE shim installed\n", __func__));
OvmfPkg: QemuVideoDxe: Int10h stub for Windows 7 & 2008 (stdvga, QXL) The Windows 2008 R2 SP1 (and Windows 7) UEFI guest's default video driver dereferences the real mode Int10h vector, loads the pointed-to handler code, and executes what it thinks to be VGA BIOS services in an internal real-mode emulator. Consequently, video mode switching doesn't work in Windows 2008 R2 SP1 when it runs on the pure UEFI build of OVMF, making the guest uninstallable. This patch adds a VGABIOS "shim" to QemuVideoDxe. For the first stdvga or QXL card bound, an extremely stripped down VGABIOS imitation is installed in the C segment. It provides a real implementation for the few services that are in fact necessary for the win2k8r2sp1 UEFI guest, plus some fakes that the guest invokes but whose effect is not important. The C segment is not present in the UEFI memory map prepared by OVMF. We never add memory space that would cover it (either in PEI, in the form of memory resource descriptor HOBs, or in DXE, via gDS->AddMemorySpace()). This way the handler body is invisible to all non-buggy UEFI guests, and the rest of edk2. The Int10h real-mode IVT entry is covered with a Boot Services Code page, making that too unaccessible to the rest of edk2. (Thus UEFI guest OSes different from the Windows 2008 family can reclaim the page. The Windows 2008 family accesses the page at zero regardless of the allocation type.) The patch is the result of collaboration: Initial proof of concept IVT entry installation and handler skeleton (in NASM) by Jordan Justen. Service tracing and implementation, data collection/analysis, and C coding by yours truly. Last minute changes by Gerd Hoffmann: - Use OEM mode number (0xf1) instead of standard 800x600 mode (0x143). The resolution of the OEM mode (0xf1) is not standardized; the guest can't expect anything from it in advance. - Use 1024x768 rather than 800x600 for more convenience in the Windows 2008 R2 SP1 guest during OS installation, and after normal boot until the QXL XDDM guest driver is installed. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15540 6f19259b-4bc3-4df7-8a09-765794883524
2014-05-20 18:33:00 +02:00
}