From owner-freebsd-stable@FreeBSD.ORG Fri Jun 17 16:01:43 2011 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D0637106564A for ; Fri, 17 Jun 2011 16:01:43 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 6D34B8FC08 for ; Fri, 17 Jun 2011 16:01:43 +0000 (UTC) Received: from bigwig.baldwin.cx (66.111.2.69.static.nyinternet.net [66.111.2.69]) by cyrus.watson.org (Postfix) with ESMTPSA id 1761446B23; Fri, 17 Jun 2011 12:01:43 -0400 (EDT) Received: from jhbbsd.localnet (unknown [209.249.190.124]) by bigwig.baldwin.cx (Postfix) with ESMTPSA id 967008A01F; Fri, 17 Jun 2011 12:01:42 -0400 (EDT) From: John Baldwin To: Guido Falsi Date: Fri, 17 Jun 2011 12:01:33 -0400 User-Agent: KMail/1.13.5 (FreeBSD/8.2-CBSD-20110325; KDE/4.5.5; amd64; ; ) References: <20110609152820.GC57263@megatron.madpilot.net> <201106131145.08185.jhb@freebsd.org> <20110617153028.GB37006@megatron.madpilot.net> In-Reply-To: <20110617153028.GB37006@megatron.madpilot.net> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201106171201.34037.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.6 (bigwig.baldwin.cx); Fri, 17 Jun 2011 12:01:42 -0400 (EDT) Cc: freebsd-stable@freebsd.org Subject: Re: BTX loader problem on specific hardware X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jun 2011 16:01:43 -0000 On Friday, June 17, 2011 11:30:28 am Guido Falsi wrote: > On Mon, Jun 13, 2011 at 11:45:07AM -0400, John Baldwin wrote: > > > > Ouch. Well, these can be a PITA to disassemble. ndisasm from the devel/nasm > > port is a good x86 disassembler that you can use. You will need to use dd > > on /dev/mem to extract INT 15's entry point from the IDT. For example: > > > > # dd if=/dev/mem bs=4 iseek=0x15 count=1 | hd > > 1+0 records in > > 1+0 records out > > 4 bytes transferred in 0.000021 secs (190650 bytes/sec) > > 00000000 59 f8 00 f0 |Y...| > > 00000004 > > > > On this machine that gives a pointer of 0xf000:f859 which is a raw physical > > address of '0xff859'. You can then grab a block of that to disassemble like > > so: > > > > # dd if=/dev/mem bs=1 iseek=0xff859 count=100 | ndisasm - > > 00000000 EB00 jmp short 0x2 > > 00000002 80FC87 cmp ah,0x87 > > 00000005 7503 jnz 0xa > > 00000007 E94CF9 jmp word 0xf956 > > .... > > > > In this case I'd then need to look at what was at 0xff956, etc. > > Following your suggestions I finally got through that code. I could > understand just part of it. As I said I have almost no experience > with ASM. > > I also disassebled the same function from another PC (same manufacturer) > on which BTX/loader works. > > Only thing I could make out is that the 6005Pro BIOS has a part of it's > code where it touches the cr[034] and msr registers. This code if > surrounded by a check on a memory location which, when I dump it, makes > the code run. I don't know if at machine boot this byte has a different > value. There is an instruction near there which makes the code what I > see it, but it's not in the code path from the bios function in > question. > > I see that older BTX used to emulate all the operations on CR and MSR > registers, so maybe that's why it went through. Any idea or help on a > possible workaround? > > I'm not sure, but maybe rdmsr or wrmsr are generating exceptions which > are not managed by BTX? I could be wrong, I really dont' know that much > about the internals of CPUs. Well, the old BTX didn't allow full access to CR registers. Running in real mode, there should be no problems with any MSR accesses though in the new BTX. > I obviously have the disassembled code available, but not posting it > here because I'm not sure what policies there are about disassembled > code on the lists. You can post a URL perhaps (or just send it to me directly if you wish). -- John Baldwin