Shadow ROM memory PROBLEM
agnew at cs.umd.edu
Tue Oct 29 19:35:00 CET 2002
Hello. In our PCBIOS efforts, we're running into a snag.
We're experience corruption of our shadow memory region, even after we've
set it to read only (using the sis630).
mov eax, #0x80000070
mov dx, #0x0cf8
out dx, eax
mov eax, #0x0000FFFF
mov dx, #0x0cfc
out dx, eax
we're not doing any pci writes at this point (once we've set it to read
only), so does anyone else have any theories on what could cause this?
Here's an example of the insanity going on:
Here, the bios has finished and we're ready to run lilo. The shadow memory
000F3189L 260F015408 LGDT fword ptr ES:[SI]+08
000F318EL 2E0F011E69F8 LIDT fword ptr CS:[f869]
000F3194L B002 MOV AL,02
000F3196L E680 OUT 80,AL
Then, we run lilo and we load an unmodified linux kernel. After a random
amount of calls to int13 and int15 to copy the kernel into memory
(sometimes it just takes 20 or so, sometimes 58, and sometimes it doesn't
happen at all) the shadow memory gets corrupted. and we get stuff like
000F3199L 260F01B002E6 LMSW word ptr ES:[BX+SI]+e602
000F319FL 80011E ADD byte ptr [BX+DI],1e
000F31A2L 69F883C8 IMUL DI,AX,c883
As you see, its all scrambled. The op codes get into a weird order.
I'll try to illustrate with this mapping..
260F015408 2E0F011E69F8 B002 E680
1111111111 222222222222 3333 4444
260F01B002E6 80011E 69F883C8
111111333344 442222 2222
and the addresses in general are all shifted down.
Any ideas, suggestions, insights?
- Adam Agnew
More information about the coreboot