From: Alex Williamson <alex@shazbot.org>
To: Tomita Moeko <tomitamoeko@gmail.com>
Cc: alex@shazbot.org, qemu-devel@nongnu.org,
"Cédric Le Goater" <clg@redhat.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
"K S Maan" <kirandeepmaan45@gmail.com>
Subject: Re: [PATCH v3 0/7] vfio/igd: Fix garbled screen on IGD passthrough with legacy VBIOS
Date: Tue, 23 Jun 2026 15:32:11 -0600 [thread overview]
Message-ID: <20260623153211.37c6857a@shazbot.org> (raw)
In-Reply-To: <20260617100646.28326-1-tomitamoeko@gmail.com>
On Wed, 17 Jun 2026 18:06:37 +0800
Tomita Moeko <tomitamoeko@gmail.com> wrote:
> This series fixes the regression that on IGD passthrough with legacy
> BIOS boot and VBIOS, the screen is garbled during BIOS POST and GRUB
> (which uses standard VGA output routines), starting from QEMU 10.0.
> Though the kernel i915 driver still works, it reports an error about
> the initial GTT programmed by VBIOS is using invalid address.
>
> i915 0000:00:02.0: [drm] *ERROR* Initial plane programming using invalid range, dma_addr=0x00000000db200000 ((null) [0x00000000baf00000-0x00000000beefffff])
>
> With the help of AI disassembling the VBIOS image dumped from host, it
> is found that the VBIOS itself implements a routine like:
>
> uint32_t get_BDSM() {
> static uint32_t saved = 0;
> if (saved != 0) {
> return saved;
> }
> return read_pci_config(BDSM_REG);
> }
>
> And the saved value is not cleared after initialization. Given that IGD
> devices don't have a real ROM BAR, the VBIOS image read by default from
> host is actually the VBIOS shadow RAM region, containing host-side
> modifications like the saved BDSM value above during POST. When the
> image is executed in guest, it still uses the saved host BDSM (HPA)
> instead of the value programmed by SeaBIOS in config space (GPA). This
> address mismatch leads to the garbled screen and i915 error.
>
> The previous solution, c4c45e943e51 ("vfio/pci: Intel graphics legacy
> mode assignment"), adjusts GTT entry addresses to (addr - host BDSM +
> guest BDSM) to workaround that. But it is removed in 5aed8b0f0be2
> ("vfio/igd: Remove GTT write quirk in IO BAR 4") due to inconsistent
> values in MMIO BAR0 and IO BAR4. Considering it's unsafe to expose HPA
> to guest, a ROM quirk clearing the saved value in VBIOS image is
> introduced to fix the issue.
>
> During debugging, it is also found that IGD VBIOS ROM doesn't always
> match the actual IGD device ID, due to the fact that IGD of the same
> CPU family has multiple device IDs but shares the same ROM image.
> However, SeaBIOS checks the device ID strictly and refuses to run if
> IDs does not match. Currently only the default path, reading ROM from
> kernel patches the device ID, but the romfile path doesn't. So the ROM
> ID patching logic is also refactored in this patch series to also handle
> the romfile path.
>
> These changes are tested on Haswell platform with legacy BIOS boot, by
> K S Maan. Thanks to K S Maan for continuous help on locating and testing
> the issue!
>
> Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3093
> Reported-by: K S Maan <kirandeepmaan45@gmail.com>
>
> Changelog:
> v3:
> * Refactor ROM checksum calculation and patching logic as Alex's comment
> * Fix boundary checks as comments in v2.
> Link: https://lore.kernel.org/all/20260608134559.23971-1-tomitamoeko@gmail.com/t
>
> v2:
> * New patch 2/7 to fix regression with EFI option ROMs
> * Refine logic in ROM ID and checksum patching
> * Reorder patch 4 and 5 for cleaner bisection
> * Address comments from v1
> Link: https://lore.kernel.org/all/20260603173355.36121-1-tomitamoeko@gmail.com/t
>
> Tomita Moeko (7):
> hw/pci: Recalculate option ROM checksum before patching ID
> hw/pci: Skip EFI option ROM in pci_patch_ids()
> hw/pci: Introduce rom_need_patch_id flag in PCIDevice
> hw/pci: Promote pci_patch_ids() to public pci_rom_patch_ids()
> vfio/igd: Toggle rom_need_patch_id flag on IGD devices
> vfio/pci: Use pci_rom_patch_ids() for IGD ROM ID patching
> vfio/igd: Clear saved BDSM in legacy VBIOS ROM at load time
>
> hw/pci/pci.c | 57 ++++++++++------
> hw/vfio/igd-stubs.c | 5 ++
> hw/vfio/igd.c | 132 ++++++++++++++++++++++++++++++++++--
> hw/vfio/pci-quirks.c | 5 ++
> hw/vfio/pci.c | 33 ++-------
> hw/vfio/pci.h | 3 +
> hw/vfio/trace-events | 1 +
> include/hw/pci/pci.h | 3 +
> include/hw/pci/pci_device.h | 1 +
> 9 files changed, 186 insertions(+), 54 deletions(-)
Reviewed-by: Alex Williamson <alex@shazbot.org>
next prev parent reply other threads:[~2026-06-23 21:33 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-17 10:06 [PATCH v3 0/7] vfio/igd: Fix garbled screen on IGD passthrough with legacy VBIOS Tomita Moeko
2026-06-17 10:06 ` [PATCH v3 1/7] hw/pci: Recalculate option ROM checksum before patching ID Tomita Moeko
2026-06-26 10:23 ` Michael S. Tsirkin
2026-06-17 10:06 ` [PATCH v3 2/7] hw/pci: Skip EFI option ROM in pci_patch_ids() Tomita Moeko
2026-06-26 10:29 ` Michael S. Tsirkin
2026-06-17 10:06 ` [PATCH v3 3/7] hw/pci: Introduce rom_need_patch_id flag in PCIDevice Tomita Moeko
2026-06-26 10:30 ` Michael S. Tsirkin
2026-06-17 10:06 ` [PATCH v3 4/7] hw/pci: Promote pci_patch_ids() to public pci_rom_patch_ids() Tomita Moeko
2026-06-26 10:30 ` Michael S. Tsirkin
2026-06-17 10:06 ` [PATCH v3 5/7] vfio/igd: Toggle rom_need_patch_id flag on IGD devices Tomita Moeko
2026-06-17 10:06 ` [PATCH v3 6/7] vfio/pci: Use pci_rom_patch_ids() for IGD ROM ID patching Tomita Moeko
2026-06-17 10:06 ` [PATCH v3 7/7] vfio/igd: Clear saved BDSM in legacy VBIOS ROM at load time Tomita Moeko
2026-06-18 6:42 ` [PATCH v3 0/7] vfio/igd: Fix garbled screen on IGD passthrough with legacy VBIOS Cédric Le Goater
2026-06-18 7:02 ` K S Maan
2026-06-18 8:34 ` Cédric Le Goater
2026-06-18 10:21 ` K S Maan
2026-06-18 10:36 ` Cédric Le Goater
2026-06-18 10:40 ` Cédric Le Goater
2026-06-23 21:32 ` Alex Williamson [this message]
2026-06-24 6:28 ` Cédric Le Goater
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260623153211.37c6857a@shazbot.org \
--to=alex@shazbot.org \
--cc=clg@redhat.com \
--cc=kirandeepmaan45@gmail.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=tomitamoeko@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.