Bug 4139 - Reading Video BIOS using xf86ReadPciBIOS results in system hang
Summary: Reading Video BIOS using xf86ReadPciBIOS results in system hang
Alias: None
Product: xorg
Classification: Unclassified
Component: Server/General (show other bugs)
Version: git
Hardware: x86 (IA32) Linux (All)
: high critical
Assignee: Xorg Project Team
QA Contact:
Depends on:
Blocks: 5041
  Show dependency treegraph
Reported: 2005-08-19 11:47 UTC by jon chaplick
Modified: 2006-05-18 16:53 UTC (History)
3 users (show)

See Also:
i915 platform:
i915 features:

Possible solution (9.39 KB, patch)
2005-11-30 05:08 UTC, Egbert Eich
no flags Details | Splinter Review
mssing file (see comment above) (259 bytes, text/plain)
2005-11-30 05:09 UTC, Egbert Eich
no flags Details
final fix for monolithic tree (12.84 KB, patch)
2006-03-09 22:27 UTC, Egbert Eich
no flags Details | Splinter Review

Description jon chaplick 2005-08-19 11:47:28 UTC
In /os-support/bus/Pci.c function handlePciBIOS line 1194 we see the

pciWriteLong (Tag, PCI_MEM_REG_START + (b_reg << 2) (CARD32)~0);

This is the call that remaps one of the BAR registers to the end of PCI
Configuration space. It would seem that the intention of doing this is
so that the PCI_MAP_ROM_REG and the BAR register will not overlap in PCI
Configuration space. However, this is assuming that either A. The end of
PCI Configuration space is B. If you have a conflict at that location for a
brief moment it will not destablize the system. In the problem case we have an
IDE controller at the end of PCI Configuration space and during the remapping
the grahpics card claims the transactions which belong to the IDE controller
causing a system hang and an IERR.
Comment 1 jon chaplick 2005-08-22 07:13:17 UTC
I tried testing basereg = -1 in hopes that the PCI Remapping could be avoided.
However, the logic of the of the handlePciBIOS routine and getValidBIOSBase
prevents this.

When you set basereg=-1 the first for loop will exit with b_reg= -1. Then the
getValidBIOSBase routine will be invoked and it will return false. This will
cause a continue and i will be incremeted. Eventually b_reg will get to the PCI
Remapping logic with value 1.
Comment 2 Kevin E. Martin 2005-09-02 11:33:55 UTC
Egbert, could you take a look at this one?  It's in a part of the code that I
think you originally wrote.  It seems like there should be a way to get around
the need to remap video mem.  Or, perhaps we should remap it to an area not
currently occupied.
Comment 3 Mike A. Harris 2005-10-18 23:57:52 UTC
Egbert - any comments?
Comment 4 Egbert Eich 2005-11-30 05:04:24 UTC
Yep. This is bad. I know. Changing this to a kernel supported method of reading
the BIOS is not really a short term (quick fix) kind of thing.
You can ask the system to find a range that's available by passing ROM_BASE_FIND
in the basereg argument.
I don't know if this will work for everybody. In our normal heuristics it is
used as the last fallback. 
Maybe we should find such a range to map the unused register to.
Comment 5 Egbert Eich 2005-11-30 05:08:50 UTC
Created attachment 3941 [details] [review]
Possible solution

One may try something like this. Please note: this is entirely untested. I
won't have time to test it until next week.
Also a little file for xfree86/dummylib/ is missing. I will attach it next. It
is newly created so this must be fixed in the modular build too.
Comment 6 Egbert Eich 2005-11-30 05:09:48 UTC
Created attachment 3942 [details]
mssing file (see comment above)
Comment 7 Egbert Eich 2006-03-09 22:27:20 UTC
Created attachment 4869 [details] [review]
final fix for monolithic tree
Comment 8 Mike A. Harris 2006-03-28 22:30:08 UTC
The patch in comment #7 applies to 6.9.0 only, however there have been various
changes to the code between 6.8.2 and 6.9.0 which cause the patch to not be
useable as-is with 6.8.x.

Code added from the SGI Altix support added to 6.9.0/7.0 are getting patched,
however it's not completely clear if we can just drop that part for 6.8.2,
or if further work is needed to make it work.

Any comments/suggestions for getting it working cleanly with 6.8.x?
Comment 9 Adam Jackson 2006-04-15 08:25:52 UTC
egbert: ping.  what's the status of this for 7.1?
Comment 10 Adam Jackson 2006-04-25 05:40:19 UTC
(In reply to comment #9)
> egbert: ping.  what's the status of this for 7.1?

egbert: PING.  what's the status of this for 7.1?
Comment 11 Egbert Eich 2006-04-25 23:22:27 UTC
I would like to see the attached patch applied. I will see if I can get around
to doing this tonight.
Comment 12 Dave Airlie 2006-05-02 09:17:09 UTC
On Linux my OS reading patch should avoid touching this code, of course it'll
only help if the user is a) running Linux, b) running a late enough linux with
rom reading in sysfs.
Comment 13 Adam Jackson 2006-05-19 09:53:29 UTC
applied, with minor massaging to account for bug #6377.  thanks!

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.