Xen devel - Nov 2012 - [PATCH] xen: find a better location for the real-mode trampoline

On some machines, the location at 0x40e does not point to the beginning
of the EBDA.  Rather, it points to the beginning of the BIOS-reserved
area of the EBDA, while the option ROMs place their data below that
segment.

For this reason, 0x413 is actually a better source than 0x40e to get
the location of the real-mode trampoline.  But it is even better to
fetch the information from the multiboot structure, where the boot
loader has placed the data for us already.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 xen/arch/x86/boot/head.S | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S
index 7efa155..1790462 100644
--- a/xen/arch/x86/boot/head.S
+++ b/xen/arch/x86/boot/head.S
@@ -78,16 +78,19 @@ __start:
         cmp     $0x2BADB002,%eax
         jne     not_multiboot
 
-        /* Set up trampoline segment 64k below EBDA */
-        movzwl  0x40e,%eax          /* EBDA segment */
-        cmp     $0xa000,%eax        /* sanity check (high) */
-        jae     0f
-        cmp     $0x4000,%eax        /* sanity check (low) */
-        jae     1f
-0:
-        movzwl  0x413,%eax          /* use base memory size on failure */
-        shl     $10-4,%eax
+        /* Set up trampoline segment just below end of base memory.
+         * Prefer to get this information from the multiboot
+         * structure, if available.
+         */
+        mov     4(%ebx),%eax        /* kb of low memory */
+        testb   $1,(%ebx)           /* test MBI_MEMLIMITS */
+        jnz     1f
+
+        movzwl  0x413,%eax          /* base memory size in kb */
 1:
+        shl     $10-4,%eax          /* convert to a segment number */
+
+        /* Reserve 64kb for the trampoline */
         sub     $0x1000,%eax
 
         /* From arch/x86/smpboot.c: start_eip had better be page-aligned! */
-- 
1.8.0

>>> On 29.11.12 at 18:34, Paolo Bonzini <pbonzini@redhat.com>
wrote:
> On some machines, the location at 0x40e does not point to the beginning
> of the EBDA.  Rather, it points to the beginning of the BIOS-reserved
> area of the EBDA, while the option ROMs place their data below that
> segment.
> 
> For this reason, 0x413 is actually a better source than 0x40e to get
> the location of the real-mode trampoline.  But it is even better to
> fetch the information from the multiboot structure, where the boot
> loader has placed the data for us already.
I think if anything we really should make this a minimum calculation
of all three (sanity checked) values, rather than throwing the other
sources out. It''s just not certain enough that we can trust all
multiboot implementations.

Of course, ideally we''d consult the memory map, but the E820 one
is unavailable at that point (and getting at it would create a
chicken-and-egg problem).

Jan
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  xen/arch/x86/boot/head.S | 21 ++++++++++++---------
>  1 file changed, 12 insertions(+), 9 deletions(-)
> 
> diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S
> index 7efa155..1790462 100644
> --- a/xen/arch/x86/boot/head.S
> +++ b/xen/arch/x86/boot/head.S
> @@ -78,16 +78,19 @@ __start:
>          cmp     $0x2BADB002,%eax
>          jne     not_multiboot
>  
> -        /* Set up trampoline segment 64k below EBDA */
> -        movzwl  0x40e,%eax          /* EBDA segment */
> -        cmp     $0xa000,%eax        /* sanity check (high) */
> -        jae     0f
> -        cmp     $0x4000,%eax        /* sanity check (low) */
> -        jae     1f
> -0:
> -        movzwl  0x413,%eax          /* use base memory size on failure */
> -        shl     $10-4,%eax
> +        /* Set up trampoline segment just below end of base memory.
> +         * Prefer to get this information from the multiboot
> +         * structure, if available.
> +         */
> +        mov     4(%ebx),%eax        /* kb of low memory */
> +        testb   $1,(%ebx)           /* test MBI_MEMLIMITS */
> +        jnz     1f
> +
> +        movzwl  0x413,%eax          /* base memory size in kb */
>  1:
> +        shl     $10-4,%eax          /* convert to a segment number */
> +
> +        /* Reserve 64kb for the trampoline */
>          sub     $0x1000,%eax
>  
>          /* From arch/x86/smpboot.c: start_eip had better be page-aligned!
*/
> -- 
> 1.8.0
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org 
> http://lists.xen.org/xen-devel

On Fri, Nov 30, 2012 at 08:33:34AM +0000, Jan Beulich
wrote:
> >>> On 29.11.12 at 18:34, Paolo Bonzini
<pbonzini@redhat.com> wrote:
> > On some machines, the location at 0x40e does not point to the
beginning
> > of the EBDA.  Rather, it points to the beginning of the BIOS-reserved
> > area of the EBDA, while the option ROMs place their data below that
> > segment.
> > 
> > For this reason, 0x413 is actually a better source than 0x40e to get
> > the location of the real-mode trampoline.  But it is even better to
> > fetch the information from the multiboot structure, where the boot
> > loader has placed the data for us already.
> 
> I think if anything we really should make this a minimum calculation
> of all three (sanity checked) values, rather than throwing the other
> sources out. It''s just not certain enough that we can trust all
> multiboot implementations.
> 
> Of course, ideally we''d consult the memory map, but the E820 one
> is unavailable at that point (and getting at it would create a
> chicken-and-egg problem).
Can we scan the memory for the possible EBDA regions? There is an
"EBDA" type header in those regions, if I
recall?
> 
> Jan
> 
> > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> > ---
> >  xen/arch/x86/boot/head.S | 21 ++++++++++++---------
> >  1 file changed, 12 insertions(+), 9 deletions(-)
> > 
> > diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S
> > index 7efa155..1790462 100644
> > --- a/xen/arch/x86/boot/head.S
> > +++ b/xen/arch/x86/boot/head.S
> > @@ -78,16 +78,19 @@ __start:
> >          cmp     $0x2BADB002,%eax
> >          jne     not_multiboot
> >  
> > -        /* Set up trampoline segment 64k below EBDA */
> > -        movzwl  0x40e,%eax          /* EBDA segment */
> > -        cmp     $0xa000,%eax        /* sanity check (high) */
> > -        jae     0f
> > -        cmp     $0x4000,%eax        /* sanity check (low) */
> > -        jae     1f
> > -0:
> > -        movzwl  0x413,%eax          /* use base memory size on
failure */
> > -        shl     $10-4,%eax
> > +        /* Set up trampoline segment just below end of base memory.
> > +         * Prefer to get this information from the multiboot
> > +         * structure, if available.
> > +         */
> > +        mov     4(%ebx),%eax        /* kb of low memory */
> > +        testb   $1,(%ebx)           /* test MBI_MEMLIMITS */
> > +        jnz     1f
> > +
> > +        movzwl  0x413,%eax          /* base memory size in kb */
> >  1:
> > +        shl     $10-4,%eax          /* convert to a segment number */
> > +
> > +        /* Reserve 64kb for the trampoline */
> >          sub     $0x1000,%eax
> >  
> >          /* From arch/x86/smpboot.c: start_eip had better be
page-aligned! */
> > -- 
> > 1.8.0
> > 
> > 
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.xen.org 
> > http://lists.xen.org/xen-devel 
> 
> 
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel
>

>>> On 07.12.12 at 22:23, Konrad Rzeszutek Wilk
<konrad@kernel.org> wrote:
> On Fri, Nov 30, 2012 at 08:33:34AM +0000, Jan Beulich wrote:
>> >>> On 29.11.12 at 18:34, Paolo Bonzini
<pbonzini@redhat.com> wrote:
>> > On some machines, the location at 0x40e does not point to the
beginning
>> > of the EBDA.  Rather, it points to the beginning of the
BIOS-reserved
>> > area of the EBDA, while the option ROMs place their data below
that
>> > segment.
>> > 
>> > For this reason, 0x413 is actually a better source than 0x40e to
get
>> > the location of the real-mode trampoline.  But it is even better
to
>> > fetch the information from the multiboot structure, where the boot
>> > loader has placed the data for us already.
>> 
>> I think if anything we really should make this a minimum calculation
>> of all three (sanity checked) values, rather than throwing the other
>> sources out. It''s just not certain enough that we can trust
all
>> multiboot implementations.
>> 
>> Of course, ideally we''d consult the memory map, but the E820
one
>> is unavailable at that point (and getting at it would create a
>> chicken-and-egg problem).
> 
> Can we scan the memory for the possible EBDA regions? There is an
> "EBDA" type header in those regions, if I recall?
I don''t think there are any signatures - the value at (real mode)
0040:000e has to be relied upon.

Jan

>>> On 30.11.12 at 09:33, "Jan Beulich"
<JBeulich@suse.com> wrote:
>>>> On 29.11.12 at 18:34, Paolo Bonzini <pbonzini@redhat.com>
wrote:
>> On some machines, the location at 0x40e does not point to the beginning
>> of the EBDA.  Rather, it points to the beginning of the BIOS-reserved
>> area of the EBDA, while the option ROMs place their data below that
>> segment.
>> 
>> For this reason, 0x413 is actually a better source than 0x40e to get
>> the location of the real-mode trampoline.  But it is even better to
>> fetch the information from the multiboot structure, where the boot
>> loader has placed the data for us already.
> 
> I think if anything we really should make this a minimum calculation
> of all three (sanity checked) values, rather than throwing the other
> sources out. It''s just not certain enough that we can trust all
> multiboot implementations.
I never saw a response from you on this one - were you
intending to follow up, or did you (silently) expect us to sort
this out?

Jan
> Of course, ideally we''d consult the memory map, but the E820 one
> is unavailable at that point (and getting at it would create a
> chicken-and-egg problem).
> 
> Jan
> 
>> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
>> ---
>>  xen/arch/x86/boot/head.S | 21 ++++++++++++---------
>>  1 file changed, 12 insertions(+), 9 deletions(-)
>> 
>> diff --git a/xen/arch/x86/boot/head.S b/xen/arch/x86/boot/head.S
>> index 7efa155..1790462 100644
>> --- a/xen/arch/x86/boot/head.S
>> +++ b/xen/arch/x86/boot/head.S
>> @@ -78,16 +78,19 @@ __start:
>>          cmp     $0x2BADB002,%eax
>>          jne     not_multiboot
>>  
>> -        /* Set up trampoline segment 64k below EBDA */
>> -        movzwl  0x40e,%eax          /* EBDA segment */
>> -        cmp     $0xa000,%eax        /* sanity check (high) */
>> -        jae     0f
>> -        cmp     $0x4000,%eax        /* sanity check (low) */
>> -        jae     1f
>> -0:
>> -        movzwl  0x413,%eax          /* use base memory size on failure
*/
>> -        shl     $10-4,%eax
>> +        /* Set up trampoline segment just below end of base memory.
>> +         * Prefer to get this information from the multiboot
>> +         * structure, if available.
>> +         */
>> +        mov     4(%ebx),%eax        /* kb of low memory */
>> +        testb   $1,(%ebx)           /* test MBI_MEMLIMITS */
>> +        jnz     1f
>> +
>> +        movzwl  0x413,%eax          /* base memory size in kb */
>>  1:
>> +        shl     $10-4,%eax          /* convert to a segment number */
>> +
>> +        /* Reserve 64kb for the trampoline */
>>          sub     $0x1000,%eax
>>  
>>          /* From arch/x86/smpboot.c: start_eip had better be
page-aligned! */
>> -- 
>> 1.8.0
>> 
>> 
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@lists.xen.org 
>> http://lists.xen.org/xen-devel 
> 
> 
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org 
> http://lists.xen.org/xen-devel

Il 18/12/2012 14:07, Jan Beulich ha scritto:
>>>> On 30.11.12 at 09:33, "Jan Beulich"
<JBeulich@suse.com> wrote:
>>>>> On 29.11.12 at 18:34, Paolo Bonzini
<pbonzini@redhat.com> wrote:
>>> On some machines, the location at 0x40e does not point to the
beginning
>>> of the EBDA.  Rather, it points to the beginning of the
BIOS-reserved
>>> area of the EBDA, while the option ROMs place their data below that
>>> segment.
>>>
>>> For this reason, 0x413 is actually a better source than 0x40e to
get
>>> the location of the real-mode trampoline.  But it is even better to
>>> fetch the information from the multiboot structure, where the boot
>>> loader has placed the data for us already.
>>
>> I think if anything we really should make this a minimum calculation
>> of all three (sanity checked) values, rather than throwing the other
>> sources out. It''s just not certain enough that we can trust
all
>> multiboot implementations.
> 
> I never saw a response from you on this one - were you
> intending to follow up, or did you (silently) expect us to sort
> this out?
No, just busy.  I agree that checking all three is best.  However, there
is at least one known case where 0x40e doesn''t work, so 0x413 and
multiboot should be enough.

Paolo

>>> On 18.12.12 at 14:22, Paolo Bonzini <pbonzini@redhat.com>
wrote:
> Il 18/12/2012 14:07, Jan Beulich ha scritto:
>>>>> On 30.11.12 at 09:33, "Jan Beulich"
<JBeulich@suse.com> wrote:
>>>>>> On 29.11.12 at 18:34, Paolo Bonzini
<pbonzini@redhat.com> wrote:
>>>> On some machines, the location at 0x40e does not point to the
beginning
>>>> of the EBDA.  Rather, it points to the beginning of the
BIOS-reserved
>>>> area of the EBDA, while the option ROMs place their data below
that
>>>> segment.
>>>>
>>>> For this reason, 0x413 is actually a better source than 0x40e
to get
>>>> the location of the real-mode trampoline.  But it is even
better to
>>>> fetch the information from the multiboot structure, where the
boot
>>>> loader has placed the data for us already.
>>>
>>> I think if anything we really should make this a minimum
calculation
>>> of all three (sanity checked) values, rather than throwing the
other
>>> sources out. It''s just not certain enough that we can
trust all
>>> multiboot implementations.
>> 
>> I never saw a response from you on this one - were you
>> intending to follow up, or did you (silently) expect us to sort
>> this out?
> 
> No, just busy.  I agree that checking all three is best.  However, there
> is at least one known case where 0x40e doesn''t work, so 0x413 and
> multiboot should be enough.
Can you provide more detail about this specific case? In
particular, what value 0x40e in fact has there?

Jan

Il 18/12/2012 14:27, Jan Beulich ha scritto:
>>>> On 18.12.12 at 14:22, Paolo Bonzini <pbonzini@redhat.com>
wrote:
>> Il 18/12/2012 14:07, Jan Beulich ha scritto:
>>>>>> On 30.11.12 at 09:33, "Jan Beulich"
<JBeulich@suse.com> wrote:
>>>>>>> On 29.11.12 at 18:34, Paolo Bonzini
<pbonzini@redhat.com> wrote:
>>>>> On some machines, the location at 0x40e does not point to
the beginning
>>>>> of the EBDA.  Rather, it points to the beginning of the
BIOS-reserved
>>>>> area of the EBDA, while the option ROMs place their data
below that
>>>>> segment.
>>>>>
>>>>> For this reason, 0x413 is actually a better source than
0x40e to get
>>>>> the location of the real-mode trampoline.  But it is even
better to
>>>>> fetch the information from the multiboot structure, where
the boot
>>>>> loader has placed the data for us already.
>>>>
>>>> I think if anything we really should make this a minimum
calculation
>>>> of all three (sanity checked) values, rather than throwing the
other
>>>> sources out. It''s just not certain enough that we can
trust all
>>>> multiboot implementations.
>>>
>>> I never saw a response from you on this one - were you
>>> intending to follow up, or did you (silently) expect us to sort
>>> this out?
>>
>> No, just busy.  I agree that checking all three is best.  However,
there
>> is at least one known case where 0x40e doesn''t work, so 0x413
and
>> multiboot should be enough.
> 
> Can you provide more detail about this specific case? In
> particular, what value 0x40e in fact has there?
Sure.  0x40e did point to the beginning of the EBDA (around 635k), but
an option ROM was reserving memory below there by lowering 0x413.
That''s the "on some machines" in the commit message.

Paolo

>>> On 18.12.12 at 14:28, Paolo Bonzini <pbonzini@redhat.com>
wrote:
> Il 18/12/2012 14:27, Jan Beulich ha scritto:
>>>>> On 18.12.12 at 14:22, Paolo Bonzini
<pbonzini@redhat.com> wrote:
>>> Il 18/12/2012 14:07, Jan Beulich ha scritto:
>>>>>>> On 30.11.12 at 09:33, "Jan Beulich"
<JBeulich@suse.com> wrote:
>>>>>>>> On 29.11.12 at 18:34, Paolo Bonzini
<pbonzini@redhat.com> wrote:
>>>>>> On some machines, the location at 0x40e does not point
to the beginning
>>>>>> of the EBDA.  Rather, it points to the beginning of the
BIOS-reserved
>>>>>> area of the EBDA, while the option ROMs place their
data below that
>>>>>> segment.
>>>>>>
>>>>>> For this reason, 0x413 is actually a better source than
0x40e to get
>>>>>> the location of the real-mode trampoline.  But it is
even better to
>>>>>> fetch the information from the multiboot structure,
where the boot
>>>>>> loader has placed the data for us already.
>>>>>
>>>>> I think if anything we really should make this a minimum
calculation
>>>>> of all three (sanity checked) values, rather than throwing
the other
>>>>> sources out. It''s just not certain enough that we
can trust all
>>>>> multiboot implementations.
>>>>
>>>> I never saw a response from you on this one - were you
>>>> intending to follow up, or did you (silently) expect us to sort
>>>> this out?
>>>
>>> No, just busy.  I agree that checking all three is best.  However,
there
>>> is at least one known case where 0x40e doesn''t work, so
0x413 and
>>> multiboot should be enough.
>> 
>> Can you provide more detail about this specific case? In
>> particular, what value 0x40e in fact has there?
> 
> Sure.  0x40e did point to the beginning of the EBDA (around 635k), but
> an option ROM was reserving memory below there by lowering 0x413.
> That''s the "on some machines" in the commit message.
That wouldn''t preclude the suggested sanity-checked-minimum
solution.

Jan

Il 18/12/2012 14:36, Jan Beulich ha scritto:
>>>> >>> No, just busy.  I agree that checking all three is
best.  However, there
>>>> >>> is at least one known case where 0x40e
doesn''t work, so 0x413 and
>>>> >>> multiboot should be enough.
>>> >> 
>>> >> Can you provide more detail about this specific case? In
>>> >> particular, what value 0x40e in fact has there?
>> > 
>> > Sure.  0x40e did point to the beginning of the EBDA (around 635k),
but
>> > an option ROM was reserving memory below there by lowering 0x413.
>> > That''s the "on some machines" in the commit
message.
> That wouldn''t preclude the suggested sanity-checked-minimum
> solution.
Yes, on the other hand [0x413] should always be less than or equal to
[0x40e] << 6.  Otherwise for example DOS would not work on that system.

Paolo