GeodeLX freeze with General Software BIOS saga continues

Bart Trojanowski bart at jukie.net
Thu Jan 10 19:30:50 PST 2008


[[ For reference see... 
   https://bugs.launchpad.net/ubuntu/+source/xserver-xorg-video-amd/+bug/140051 ]]

So far, I have been able to narrow down the freeze to one instruction
executed by either the x86emu or the vm86 while in the xserver-core
1.3.0 or 1.2.0.  The instruction is an OUT on port 0x20, and is
triggered when the video-amd driver tries to perform a DDC probe.

I think freezes are very bad, so my long term goal is to produce an
instruction-blacklisting-patch for x86emu.  But first, I want to know
why this is happening.  Let's continue...

The BIOS service routine that is called is:

    INT 10 AX=4f00 BX=0000 CX=0000 DX=0000
           SI=0000 DI=2000 ES=0000 BP=0000
           FLAGS=0000

followed by

    INT 10 AX=4f15 BX=0000 CX=0000 DX=0000
           SI=0000 DI=0000 ES=0000 BP=0000
           FLAGS=3200

In this second INT 10 call the system freezes.

Gideon told me about ddcprobe from the xresprobe package.  I had a look
at its code.  ddcprobe seems to have a fork of the x86emu emulator for
the purpose of running the VGA BIOS code.  Running ddcprobe on the Geode
LX results in no freeze (EDID test does fail, and no timing info is
shown).

I figured that if ddcprobe x86emu does not freeze then there had to be a
bug in the xserver's x86emu.

I hacked a bit on the hw/xfree86/x86emu/decode.c and /ops.c to be able
to trace every instruction and register value that is being emulated.
Similarly, I modified the ddcprobe/x86emu to print out all instructions
and register values. In both cases I prefixed each emulated instruction
with the CS:IP register pair.

I compared both traces and found that they were almost identical.

The xserver x86emu dies on this sequence...

[e000:10e2] MOV DX=0004,SI=0000
[e000:10e4] ADD DX=0000,20
[e000:10e7] DATA:
[e000:10e8] MOV EAX,18
[e000:10ed] DATA:
[e000:10ee] OUT DX=0020,EAX=00000018            <-- freeze

This is bad because 0x20 is the PIC control register.  I believe that
this cuts the kernels scheduler tick and nothing else can run after
that.

Now, what is interesting is that ddcprobe does not die here, and here is
the output from ddcprobe's trace...

[e000:10e2] MOV DX=f004,SI=f000
[e000:10e4] ADD DX=f000,20
[e000:10e7] DATA:
[e000:10e8] MOV EAX,18
[e000:10ed] DATA:
[e000:10ee] OUT DX=f020,EAX=00000018

Note that here DX is 0xF020.  This smells like a bug.  At some point
above the xserver's emulator sets SI to ZERO and things go sour.

I have not looked far enough to see why SI is 0.  I will continue with
this to see where we start to go wrong, but I feel I am onto something.

More to come tomorrow.

-Bart

-- 
				WebSig: http://www.jukie.net/~bart/sig/



More information about the xorg mailing list