OvmfPkg/Bhyve/BhyveRfbDxe/VbeShim.c

   1 /** @file
   2   Install a fake VGABIOS service handler (real mode Int10h) for the buggy
   3   Windows 2008 R2 SP1 UEFI guest.
   4
   5   The handler is never meant to be directly executed by a VCPU; it's there for
   6   the internal real mode emulator of Windows 2008 R2 SP1.
   7
   8   The code is based on Ralf Brown's Interrupt List:
   9   <http://www.cs.cmu.edu/~ralf/files.html>
  10   <http://www.ctyme.com/rbrown.htm>
  11
  12   Copyright (C) 2020, Rebecca Cran <rebecca@bsdio.com>
  13   Copyright (C) 2015, Nahanni Systems, Inc.
  14   Copyright (C) 2014, Red Hat, Inc.
  15   Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
  16
  17   SPDX-License-Identifier: BSD-2-Clause-Patent
  18
  19 **/
  20
  21 #include <IndustryStandard/LegacyVgaBios.h>
  22 #include <Library/DebugLib.h>
  23 #include <Library/PciLib.h>
  24 #include <Library/PrintLib.h>
  25
  26 #include "Gop.h"
  27 #include "VbeShim.h"
  28
  29 #pragma pack (1)
  30 typedef struct {
  31   UINT16    Offset;
  32   UINT16    Segment;
  33 } IVT_ENTRY;
  34 #pragma pack ()
  35
  36 //
  37 // This string is displayed by Windows 2008 R2 SP1 in the Screen Resolution,
  38 // Advanced Settings dialog. It should be short.
  39 //
  40 STATIC CONST CHAR8  mProductRevision[] = "2.0";
  41
  42 #define NUM_VBE_MODES  3
  43 STATIC CONST UINT16  vbeModeIds[] = {
  44   0x13f,  // 640x480x32
  45   0x140,  // 800x600x32
  46   0x141   // 1024x768x32
  47 };
  48
  49 // Modes can be toggled with bit-0
  50 #define VBE_MODE_ENABLED   0x00BB
  51 #define VBE_MODE_DISABLED  0x00BA
  52
  53 STATIC VBE2_MODE_INFO  vbeModes[] = {
  54   { // 0x13f 640x480x32
  55     // ModeAttr - BytesPerScanLine
  56     VBE_MODE_DISABLED, 0x07,   0x00, 0x40, 0x40, 0xA000, 0x00, 0x0000, 640*4,
  57     // Width, Height..., Vbe3
  58     640,               480,    16,   8,    1,    32,     1,    0x06,   0,     0,  1,
  59     // Masks
  60     0x08,              0x10,   0x08, 0x08, 0x08, 0x00,   0x08, 0x18,   0x00,
  61     // Framebuffer
  62     0xdeadbeef,        0x0000, 0x0000
  63   },
  64   { // 0x140 800x600x32
  65     // ModeAttr - BytesPerScanLine
  66     VBE_MODE_DISABLED, 0x07,   0x00, 0x40, 0x40, 0xA000, 0x00, 0x0000, 800*4,
  67     // Width, Height..., Vbe3
  68     800,               600,    16,   8,    1,    32,     1,    0x06,   0,     0,  1,
  69     // Masks
  70     0x08,              0x10,   0x08, 0x08, 0x08, 0x00,   0x08, 0x18,   0x00,
  71     // Framebuffer
  72     0xdeadbeef,        0x0000, 0x0000
  73   },
  74   { // 0x141 1024x768x32
  75     // ModeAttr - BytesPerScanLine
  76     VBE_MODE_ENABLED,  0x07,   0x00, 0x40, 0x40, 0xA000, 0x00, 0x0000, 1024*4,
  77     // Width, Height..., Vbe3
  78     1024,              768,    16,   8,    1,    32,     1,    0x06,   0,     0,  1,
  79     // Masks
  80     0x08,              0x10,   0x08, 0x08, 0x08, 0x00,   0x08, 0x18,   0x00,
  81     // Framebuffer
  82     0xdeadbeef,        0x0000, 0x0000
  83   }
  84 };
  85
  86 /**
  87   Install the VBE Info and VBE Mode Info structures, and the VBE service
  88   handler routine in the C segment. Point the real-mode Int10h interrupt vector
  89   to the handler. The only advertised mode is 1024x768x32.
  90
  91   @param[in] CardName         Name of the video card to be exposed in the
  92                               Product Name field of the VBE Info structure.
  93   @param[in] FrameBufferBase  Guest-physical base address of the video card's
  94                               frame buffer.
  95 **/
  96 VOID
  97 InstallVbeShim (
  98   IN CONST CHAR16          *CardName,
  99   IN EFI_PHYSICAL_ADDRESS  FrameBufferBase
 100   )
 101 {
 102   EFI_PHYSICAL_ADDRESS  Segment0, SegmentC, SegmentF;
 103   UINTN                 Segment0Pages;
 104   IVT_ENTRY             *Int0x10;
 105   EFI_STATUS            Status;
 106   UINTN                 Pam1Address;
 107   UINT8                 Pam1;
 108   UINTN                 SegmentCPages;
 109   VBE_INFO              *VbeInfoFull;
 110   VBE_INFO_BASE         *VbeInfo;
 111   UINT8                 *Ptr;
 112   UINTN                 Printed;
 113   VBE_MODE_INFO         *VbeModeInfo;
 114   UINTN                 i;
 115
 116   Segment0 = 0x00000;
 117   SegmentC = 0xC0000;
 118   SegmentF = 0xF0000;
 119
 120   //
 121   // Attempt to cover the real mode IVT with an allocation. This is a UEFI
 122   // driver, hence the arch protocols have been installed previously. Among
 123   // those, the CPU arch protocol has configured the IDT, so we can overwrite
 124   // the IVT used in real mode.
 125   //
 126   // The allocation request may fail, eg. if LegacyBiosDxe has already run.
 127   //
 128   Segment0Pages = 1;
 129   Int0x10       = (IVT_ENTRY *)(UINTN)Segment0 + 0x10;
 130   Status        = gBS->AllocatePages (
 131                          AllocateAddress,
 132                          EfiBootServicesCode,
 133                          Segment0Pages,
 134                          &Segment0
 135                          );
 136
 137   if (EFI_ERROR (Status)) {
 138     EFI_PHYSICAL_ADDRESS  Handler;
 139
 140     //
 141     // Check if a video BIOS handler has been installed previously -- we
 142     // shouldn't override a real video BIOS with our shim, nor our own shim if
 143     // it's already present.
 144     //
 145     Handler = (Int0x10->Segment << 4) + Int0x10->Offset;
 146     if ((Handler >= SegmentC) && (Handler < SegmentF)) {
 147       DEBUG ((
 148         DEBUG_VERBOSE,
 149         "%a: Video BIOS handler found at %04x:%04x\n",
 150         __FUNCTION__,
 151         Int0x10->Segment,
 152         Int0x10->Offset
 153         ));
 154       return;
 155     }
 156
 157     //
 158     // Otherwise we'll overwrite the Int10h vector, even though we may not own
 159     // the page at zero.
 160     //
 161     DEBUG ((
 162       DEBUG_VERBOSE,
 163       "%a: failed to allocate page at zero: %r\n",
 164       __FUNCTION__,
 165       Status
 166       ));
 167   } else {
 168     //
 169     // We managed to allocate the page at zero. SVN r14218 guarantees that it
 170     // is NUL-filled.
 171     //
 172     ASSERT (Int0x10->Segment == 0x0000);
 173     ASSERT (Int0x10->Offset  == 0x0000);
 174   }
 175
 176   //
 177   // Put the shim in place first.
 178   //
 179   Pam1Address = PCI_LIB_ADDRESS (0, 0, 0, 0x5A);
 180   //
 181   // low nibble covers 0xC0000 to 0xC3FFF
 182   // high nibble covers 0xC4000 to 0xC7FFF
 183   // bit1 in each nibble is Write Enable
 184   // bit0 in each nibble is Read Enable
 185   //
 186   Pam1 = PciRead8 (Pam1Address);
 187   PciWrite8 (Pam1Address, Pam1 | (BIT1 | BIT0));
 188
 189   //
 190   // We never added memory space durig PEI or DXE for the C segment, so we
 191   // don't need to (and can't) allocate from there. Also, guest operating
 192   // systems will see a hole in the UEFI memory map there.
 193   //
 194   SegmentCPages = 4;
 195
 196   ASSERT (sizeof mVbeShim <= EFI_PAGES_TO_SIZE (SegmentCPages));
 197   CopyMem ((VOID *)(UINTN)SegmentC, mVbeShim, sizeof mVbeShim);
 198
 199   //
 200   // Fill in the VBE INFO structure.
 201   //
 202   VbeInfoFull = (VBE_INFO *)(UINTN)SegmentC;
 203   VbeInfo     = &VbeInfoFull->Base;
 204   Ptr         = VbeInfoFull->Buffer;
 205
 206   CopyMem (VbeInfo->Signature, "VESA", 4);
 207   VbeInfo->VesaVersion = 0x0200;
 208
 209   VbeInfo->OemNameAddress = (UINT32)SegmentC << 12 | (UINT16)((UINTN)Ptr-SegmentC);
 210   CopyMem (Ptr, "FBSD", 5);
 211   Ptr += 5;
 212
 213   VbeInfo->Capabilities = BIT1 | BIT0; // DAC can be switched into 8-bit mode
 214
 215   VbeInfo->ModeListAddress = (UINT32)SegmentC << 12 | (UINT16)((UINTN)Ptr-SegmentC);
 216   for (i = 0; i < NUM_VBE_MODES; i++) {
 217     *(UINT16 *)Ptr = vbeModeIds[i];  // mode number
 218     Ptr           += 2;
 219   }
 220
 221   *(UINT16 *)Ptr = 0xFFFF; // mode list terminator
 222   Ptr           += 2;
 223
 224   VbeInfo->VideoMem64K        = (UINT16)((1024 * 768 * 4 + 65535) / 65536);
 225   VbeInfo->OemSoftwareVersion = 0x0200;
 226
 227   VbeInfo->VendorNameAddress = (UINT32)SegmentC << 12 | (UINT16)((UINTN)Ptr-SegmentC);
 228   CopyMem (Ptr, "FBSD", 5);
 229   Ptr += 5;
 230
 231   VbeInfo->ProductNameAddress = (UINT32)SegmentC << 12 | (UINT16)((UINTN)Ptr-SegmentC);
 232   Printed                     = AsciiSPrint (
 233                                   (CHAR8 *)Ptr,
 234                                   sizeof VbeInfoFull->Buffer - (Ptr - VbeInfoFull->Buffer),
 235                                   "%s",
 236                                   CardName
 237                                   );
 238   Ptr += Printed + 1;
 239
 240   VbeInfo->ProductRevAddress = (UINT32)SegmentC << 12 | (UINT16)((UINTN)Ptr-SegmentC);
 241   CopyMem (Ptr, mProductRevision, sizeof mProductRevision);
 242   Ptr += sizeof mProductRevision;
 243
 244   ASSERT (sizeof VbeInfoFull->Buffer >= Ptr - VbeInfoFull->Buffer);
 245   ZeroMem (Ptr, sizeof VbeInfoFull->Buffer - (Ptr - VbeInfoFull->Buffer));
 246
 247   //
 248   // Fill in the VBE MODE INFO structure list
 249   //
 250   VbeModeInfo = (VBE_MODE_INFO *)(VbeInfoFull + 1);
 251   Ptr         = (UINT8 *)VbeModeInfo;
 252   for (i = 0; i < NUM_VBE_MODES; i++) {
 253     vbeModes[i].LfbAddress = (UINT32)FrameBufferBase;
 254     CopyMem (Ptr, &vbeModes[i], 0x32);
 255     Ptr += 0x32;
 256   }
 257
 258   ZeroMem (Ptr, 56);     // Clear remaining bytes
 259
 260   //
 261   // Clear Write Enable (bit1), keep Read Enable (bit0) set
 262   //
 263   PciWrite8 (Pam1Address, (Pam1 & ~BIT1) | BIT0);
 264
 265   //
 266   // Second, point the Int10h vector at the shim.
 267   //
 268   Int0x10->Segment = (UINT16)((UINT32)SegmentC >> 4);
 269   Int0x10->Offset  = (UINT16)((UINTN)(VbeModeInfo + 1) - SegmentC);
 270
 271   DEBUG ((
 272     DEBUG_INFO,
 273     "%a: VBE shim installed to %x:%x\n",
 274     __FUNCTION__,
 275     Int0x10->Segment,
 276     Int0x10->Offset
 277     ));
 278 }