/* * Erik Arjan Hendriks * Copyright (C) 2000 Scyld. * Copyright (C) 2000 Scyld Computing Corporation * Copyright (C) 2001 University of California. LA-CC Number 01-67. * Copyright (C) 2005 Nick.Barker9@btinternet.com * Copyright (C) 2007-2009 coresystems GmbH * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * */ #include #include #include #include #if COREBOOT_V2 #include #include #define printk(lvl, x...) printk_debug(x) #else #include #include #endif /* The address arguments to this function are PHYSICAL ADDRESSES */ static void real_mode_switch_call_vga(unsigned long devfn) { __asm__ __volatile__ ( /* paranoia -- does ecx get saved? not sure. * This is the easiest safe thing to do. */ " pushal \n" /* save the stack */ " mov %esp, __stack \n" " jmp 1f \n" "__stack: .long 0 \n" "1:\n" /* get devfn into %ecx */ " movl %esp, %ebp \n" // FIXME: why is this 8? " movl 8(%ebp), %ecx \n" /* load 'our' gdt */ " lgdt %cs:__mygdtaddr \n" /* This configures CS properly for real mode. */ " ljmp $0x28, $__rms_16bit\n" "__rms_16bit: \n" " .code16 \n" /* 16 bit code from here on... */ /* Load the segment registers w/ properly configured * segment descriptors. They will retain these * configurations (limits, writability, etc.) once * protected mode is turned off. */ " mov $0x30, %ax \n" " mov %ax, %ds \n" " mov %ax, %es \n" " mov %ax, %fs \n" " mov %ax, %gs \n" " mov %ax, %ss \n" /* Turn off protection (bit 0 in CR0) */ " movl %cr0, %eax \n" " andl $0xFFFFFFFE, %eax \n" " movl %eax, %cr0 \n" /* Now really going into real mode */ " ljmp $0, $__rms_real\n" "__rms_real: \n" /* Setup a stack: Put the stack at the end of page zero. * That way we can easily share it between real and * protected, since the 16-bit ESP at segment 0 will * work for any case. */ " mov $0x0, %ax \n" " mov %ax, %ss \n" " movl $0x1000, %eax \n" " movl %eax, %esp \n" /* Load our 16 it idt */ " xor %ax, %ax \n" " mov %ax, %ds \n" " lidt __myidt \n" /* Dump zeros in the other segment registers */ " mov %ax, %es \n" " mov %ax, %fs \n" " mov %ax, %gs \n" " mov $0x40, %ax \n" " mov %ax, %ds \n" " mov %cx, %ax \n" /* run VGA BIOS at 0xc000:0003 */ " lcall $0xc000, $0x0003\n" /* If we got here, just about done. * Need to get back to protected mode */ " movl %cr0, %eax \n" " orl $0x0000001, %eax\n" /* PE = 1 */ " movl %eax, %cr0 \n" /* Now that we are in protected mode * jump to a 32 bit code segment. */ " data32 ljmp $0x10, $vgarestart\n" "vgarestart:\n" " .code32\n" " movw $0x18, %ax \n" " mov %ax, %ds \n" " mov %ax, %es \n" " mov %ax, %fs \n" " mov %ax, %gs \n" " mov %ax, %ss \n" /* restore proper gdt and idt */ " lgdt %cs:gdtarg \n" " lidt idtarg \n" ".globl vga_exit \n" "vga_exit: \n" " mov __stack, %esp \n" " popal \n" ); } // FIXME: drop this // __asm__ (".text\n""real_mode_switch_end:\n"); // extern char real_mode_switch_end[]; /* call vga bios int 10 function 0x4f14 to enable main console epia-m does not always autosence the main console so forcing it on is good !! */ void vga_enable_console(void) { __asm__ __volatile__ ( /* paranoia -- does ecx get saved? not sure. This is * the easiest safe thing to do. */ " pushal \n" /* save the stack */ " mov %esp, __stack \n" /* load 'our' gdt */ " lgdt %cs:__mygdtaddr \n" /* This configures CS properly for real mode. */ " ljmp $0x28, $__vga_ec_16bit\n" "__vga_ec_16bit: \n" " .code16 \n" /* 16 bit code from here on... */ /* Load the segment registers w/ properly configured segment * descriptors. They will retain these configurations (limits, * writability, etc.) once protected mode is turned off. */ " mov $0x30, %ax \n" " mov %ax, %ds \n" " mov %ax, %es \n" " mov %ax, %fs \n" " mov %ax, %gs \n" " mov %ax, %ss \n" /* Turn off protection (bit 0 in CR0) */ " movl %cr0, %eax \n" " andl $0xFFFFFFFE, %eax\n" " movl %eax, %cr0 \n" /* Now really going into real mode */ " ljmp $0, $__vga_ec_real \n" "__vga_ec_real: \n" /* put the stack at the end of page zero. * that way we can easily share it between real and protected, * since the 16-bit ESP at segment 0 will work for any case. */ /* Setup a stack */ " mov $0x0, %ax \n" " mov %ax, %ss \n" " movl $0x1000, %eax \n" " movl %eax, %esp \n" /* debugging for RGM */ " mov $0x11, %al \n" " outb %al, $0x80 \n" /* Load our 16 it idt */ " xor %ax, %ax \n" " mov %ax, %ds \n" " lidt __myidt \n" /* Dump zeros in the other segregs */ " mov %ax, %ds \n" " mov %ax, %es \n" " mov %ax, %fs \n" " mov %ax, %gs \n" /* ask bios to enable main console */ /* set up for int 10 call - values found from X server * bios call routines */ " movw $0x4f14,%ax \n" " movw $0x8003,%bx \n" " movw $1, %cx \n" " movw $0, %dx \n" " movw $0, %di \n" " int $0x10 \n" " movb $0x55, %al \n" " outb %al, $0x80 \n" /* if we got here, just about done. * Need to get back to protected mode */ " movl %cr0, %eax \n" " orl $0x0000001, %eax\n" /* PE = 1 */ " movl %eax, %cr0 \n" /* Now that we are in protected mode jump to a 32 bit code segment. */ " data32 ljmp $0x10, $vga_ec_restart\n" "vga_ec_restart:\n" " .code32\n" " movw $0x18, %ax \n" " mov %ax, %ds \n" " mov %ax, %es \n" " mov %ax, %fs \n" " mov %ax, %gs \n" " mov %ax, %ss \n" /* restore proper gdt and idt */ " lgdt %cs:gdtarg \n" " lidt idtarg \n" " .globl vga__ec_exit \n" "vga_ec_exit:\n" " mov __stack, %esp \n" " popal\n" ); } // we had hoped to avoid this. // this is a stub IDT only. It's main purpose is to ignore calls // to the BIOS. // no longer. Dammit. We have to respond to these. struct realidt { unsigned short offset, cs; }; // from a handy writeup that andrey found. // handler. // There are some assumptions we can make here. // First, the Top Of Stack (TOS) is located on the top of page zero. // we can share this stack between real and protected mode. // that simplifies a lot of things ... // we'll just push all the registers on the stack as longwords, // and pop to protected mode. // second, since this only ever runs as part of coreboot, // we know all the segment register values -- so we don't save any. // keep the handler that calls things small. It can do a call to // more complex code in coreboot itself. This helps a lot as we don't // have to do address fixup in this little stub, and calls are absolute // so the handler is relocatable. void handler(void) { __asm__ __volatile__ ( " .code16 \n" "idthandle: \n" " pushal \n" " movb $0, %al \n" " ljmp $0, $callbiosint16\n" "end_idthandle: \n" " .code32 \n" ); } void debughandler(void) { __asm__ __volatile__ ( " .code16 \n" "debughandle: \n" " pushw %cx \n" " movw $250, %cx \n" "dbh1: \n" " loop dbh1 \n" " popw %cx \n" " iret \n" "end_debughandle: \n" ".code32 \n" ); } // Calling conventions. The first C function is called with this stuff // on the stack. They look like value parameters, but note that if you // modify them they will go back to the INTx function modified. // the C function will call the biosint function with these as // REFERENCE parameters. In this way, we can easily get // returns back to the INTx caller (i.e. vgabios) void callbiosint(void) { __asm__ __volatile__ ( " .code16 \n" "callbiosint16: \n" " push %ds \n" " push %es \n" " push %fs \n" " push %gs \n" // clean up the int #. To save space we put it in the lower // byte. But the top 24 bits are junk. " andl $0xff, %eax\n" // this push does two things: // - put the INT # on the stack as a parameter // - provides us with a temp for the %cr0 mods. " pushl %eax \n" " movl %cr0, %eax\n" " orl $0x00000001, %eax\n" /* PE = 1 */ " movl %eax, %cr0\n" /* Now that we are in protected mode jump to a 32 bit code segment. */ " data32 ljmp $0x10, $biosprotect\n" "biosprotect: \n" " .code32 \n" " movw $0x18, %ax \n" " mov %ax, %ds \n" " mov %ax, %es \n" " mov %ax, %fs \n" " mov %ax, %gs \n" " mov %ax, %ss \n" " lidt idtarg \n" " call biosint \n" // back to real mode ... " ljmp $0x28, $__rms_16bit2\n" "__rms_16bit2: \n" " .code16 \n" /* 16 bit code from here on... */ /* Load the segment registers w/ properly configured segment * descriptors. They will retain these configurations (limits, * writability, etc.) once protected mode is turned off. */ " mov $0x30, %ax \n" " mov %ax, %ds \n" " mov %ax, %es \n" " mov %ax, %fs \n" " mov %ax, %gs \n" " mov %ax, %ss \n" /* Turn off protection (bit 0 in CR0) */ " movl %cr0, %eax \n" " andl $0xFFFFFFFE, %eax \n" " movl %eax, %cr0 \n" /* Now really going into real mode */ " ljmp $0, $__rms_real2 \n" "__rms_real2: \n" /* Setup a stack * FixME: where is esp? */ " mov $0x0, %ax \n" " mov %ax, %ss \n" /* ebugging for RGM */ " mov $0x11, %al \n" " outb %al, $0x80 \n" /* Load our 16 it idt */ " xor %ax, %ax \n" " mov %ax, %ds \n" " lidt __myidt \n" /* Dump zeros in the other segregs */ " mov %ax, %es \n" " mov %ax, %fs \n" " mov %ax, %gs \n" " mov $0x40, %ax \n" " mov %ax, %ds \n" /* pop the INT # that you pushed earlier */ " popl %eax \n" " pop %gs \n" " pop %fs \n" " pop %es \n" " pop %ds \n" " popal \n" " iret \n" " .code32 \n" ); } enum { PCIBIOS = 0x1a, MEMSIZE = 0x12 }; int pcibios(unsigned long *pedi, unsigned long *pesi, unsigned long *pebp, unsigned long *pesp, unsigned long *pebx, unsigned long *pedx, unsigned long *pecx, unsigned long *peax, unsigned long *pflags); int handleint21(unsigned long *pedi, unsigned long *pesi, unsigned long *pebp, unsigned long *pesp, unsigned long *pebx, unsigned long *pedx, unsigned long *pecx, unsigned long *peax, unsigned long *pflags ); extern void vga_exit(void); int __attribute__((regparm(0))) biosint(unsigned long intnumber, unsigned long gsfs, unsigned long dses, unsigned long edi, unsigned long esi, unsigned long ebp, unsigned long esp, unsigned long ebx, unsigned long edx, unsigned long ecx, unsigned long eax, unsigned long cs_ip, unsigned short stackflags) { unsigned long ip; unsigned long cs; unsigned long flags; int ret = -1; ip = cs_ip & 0xffff; cs = cs_ip >> 16; flags = stackflags; printk(BIOS_DEBUG, "biosint: INT# 0x%lx\n", intnumber); printk(BIOS_DEBUG, "biosint: eax 0x%lx ebx 0x%lx ecx 0x%lx edx 0x%lx\n", eax, ebx, ecx, edx); printk(BIOS_DEBUG, "biosint: ebp 0x%lx esp 0x%lx edi 0x%lx esi 0x%lx\n", ebp, esp, edi, esi); printk(BIOS_DEBUG, "biosint: ip 0x%lx cs 0x%lx flags 0x%lx\n", ip, cs, flags); // cases in a good compiler are just as good as your own tables. switch (intnumber) { case 0 ... 15: // These are not BIOS service, but the CPU-generated exceptions printk(BIOS_INFO, "biosint: Oops, exception %lu\n", intnumber); if (esp < 0x1000) { printk(BIOS_DEBUG, "Stack contents: "); while (esp < 0x1000) { printk(BIOS_DEBUG, "0x%04x ", *(unsigned short *) esp); esp += 2; } printk(BIOS_DEBUG, "\n"); } printk(BIOS_DEBUG, "biosint: Bailing out\n"); // "longjmp" vga_exit(); break; case PCIBIOS: ret = pcibios( &edi, &esi, &ebp, &esp, &ebx, &edx, &ecx, &eax, &flags); break; case MEMSIZE: // who cares. eax = 64 * 1024; ret = 0; break; case 0x15: ret=handleint21( &edi, &esi, &ebp, &esp, &ebx, &edx, &ecx, &eax, &flags); break; default: printk(BIOS_INFO, "BIOSINT: Unsupport int #0x%lx\n", intnumber); break; } if (ret) flags |= 1; // carry flags else flags &= ~1; stackflags = flags; return ret; } void setup_realmode_idt(void) { extern unsigned char idthandle, end_idthandle; #if 0 extern unsigned char debughandle, end_debughandle; #endif int i; struct realidt *idts = (struct realidt *) 0; int codesize = &end_idthandle - &idthandle; unsigned char *intbyte, *codeptr; // for each int, we create a customized little handler // that just pushes %ax, puts the int # in %al, // then calls the common interrupt handler. // this necessitated because intel didn't know much about // architecture when they did the 8086 (it shows) // (hmm do they know anymore even now :-) // obviously you can see I don't really care about memory // efficiency. If I did I would probe back through the stack // and get it that way. But that's really disgusting. for (i = 0; i < 256; i++) { idts[i].cs = 0; codeptr = (unsigned char *) 4096 + i * codesize; idts[i].offset = (unsigned) codeptr; memcpy(codeptr, &idthandle, codesize); intbyte = codeptr + 3; *intbyte = i; } // fixed entry points // VGA BIOSes tend to hardcode f000:f065 as the previous handler of // int10. // calling convention here is the same as INTs, we can reuse // the int entry code. codeptr = (unsigned char *) 0xff065; memcpy(codeptr, &idthandle, codesize); intbyte = codeptr + 3; *intbyte = 0x42; /* int42 is the relocated int10 */ /* The source of the following code is not yet known. * We feel it may be useful someday, but right now it * scribbles over code space. We are leaving it here as a * "Living comment" since it may at some point be needed * again. It is a very intriguing idea -- one could run * vm86 code with TF set and set programmable times * between instructions to slow them down. For those who * recall the "turbo" switch on old PCs, this is the * software equivalent. */ #if 0 /* debug handler - useful to set a programmable delay between instructions if the TF bit is set upon call to real mode */ idts[1].cs = 0; idts[1].offset = 16384; memcpy((void *)16384, &debughandle, &end_debughandle - &debughandle); #endif } void run_bios(struct device *dev, unsigned long addr) { int i; /* clear vga bios data area */ for (i = 0x400; i < 0x500; i++) { *(unsigned char *) i = 0; } setup_realmode_idt(); real_mode_switch_call_vga((dev->bus->secondary << 8) | dev->path.pci.devfn); } enum { CHECK = 0xb001, FINDDEV = 0xb102, READCONFBYTE = 0xb108, READCONFWORD = 0xb109, READCONFDWORD = 0xb10a, WRITECONFBYTE = 0xb10b, WRITECONFWORD = 0xb10c, WRITECONFDWORD = 0xb10d }; // errors go in AH. Just set these up so that word assigns // will work. KISS. enum { PCIBIOS_NODEV = 0x8600, PCIBIOS_BADREG = 0x8700 }; int pcibios(unsigned long *pedi, unsigned long *pesi, unsigned long *pebp, unsigned long *pesp, unsigned long *pebx, unsigned long *pedx, unsigned long *pecx, unsigned long *peax, unsigned long *pflags) { unsigned short func = (unsigned short) *peax; int retval = 0; unsigned short devid, vendorid, devfn; /* Use short to get rid of gabage in upper half of 32-bit register */ short devindex; unsigned char bus; struct device *dev; switch(func) { case CHECK: *pedx = 0x4350; *pecx = 0x2049; retval = 0; break; case FINDDEV: { devid = *pecx; vendorid = *pedx; devindex = *pesi; dev = 0; #if COREBOOT_V2 while ((dev = dev_find_device(vendorid, devid, dev))) { #else while ((dev = dev_find_pci_device(vendorid, devid, dev))) { #endif if (devindex <= 0) break; devindex--; } if (dev) { unsigned short busdevfn; *peax = 0; // busnum is an unsigned char; // devfn is an int, so we mask it off. busdevfn = (dev->bus->secondary << 8) | (dev->path.pci.devfn & 0xff); printk(BIOS_DEBUG, "0x%x: return 0x%x\n", func, busdevfn); *pebx = busdevfn; retval = 0; } else { *peax = PCIBIOS_NODEV; retval = -1; } } break; case READCONFDWORD: case READCONFWORD: case READCONFBYTE: case WRITECONFDWORD: case WRITECONFWORD: case WRITECONFBYTE: { unsigned long dword; unsigned short word; unsigned char byte; unsigned char reg; devfn = *pebx & 0xff; bus = *pebx >> 8; reg = *pedi; dev = dev_find_slot(bus, devfn); if (! dev) { printk(BIOS_DEBUG, "0x%x: BAD DEVICE bus %d devfn 0x%x\n", func, bus, devfn); // idiots. the pcibios guys assumed you'd never pass a bad bus/devfn! *peax = PCIBIOS_BADREG; retval = -1; } switch(func) { case READCONFBYTE: byte = pci_read_config8(dev, reg); *pecx = byte; break; case READCONFWORD: word = pci_read_config16(dev, reg); *pecx = word; break; case READCONFDWORD: dword = pci_read_config32(dev, reg); *pecx = dword; break; case WRITECONFBYTE: byte = *pecx; pci_write_config8(dev, reg, byte); break; case WRITECONFWORD: word = *pecx; pci_write_config16(dev, reg, word); break; case WRITECONFDWORD: dword = *pecx; pci_write_config32(dev, reg, dword); break; } if (retval) retval = PCIBIOS_BADREG; printk(BIOS_DEBUG, "0x%x: bus %d devfn 0x%x reg 0x%x val 0x%lx\n", func, bus, devfn, reg, *pecx); *peax = 0; retval = 0; } break; default: printk(BIOS_ERR, "UNSUPPORTED PCIBIOS FUNCTION 0x%x\n", func); break; } return retval; } int handleint21(unsigned long *edi, unsigned long *esi, unsigned long *ebp, unsigned long *esp, unsigned long *ebx, unsigned long *edx, unsigned long *ecx, unsigned long *eax, unsigned long *flags) { int res=-1; switch(*eax&0xffff) { case 0x5f19: break; case 0x5f18: *eax=0x5f; *ebx=0x545; // MCLK = 133, 32M frame buffer, 256 M main memory *ecx=0x060; res=0; break; case 0x5f00: *eax = 0x8600; break; case 0x5f01: *eax = 0x5f; *ecx = (*ecx & 0xffffff00 ) | 2; // panel type = 2 = 1024 * 768 res = 0; break; case 0x5f02: *eax=0x5f; *ebx= (*ebx & 0xffff0000) | 2; *ecx= (*ecx & 0xffff0000) | 0x401; // PAL + crt only *edx= (*edx & 0xffff0000) | 0; // TV Layout - default res=0; break; case 0x5f0f: *eax=0x860f; break; } return res; }