Re: qemu oddness with isolinux vesamenu.c32

public inbox for kvm@vger.kernel.org
 help / color / mirror / Atom feed

From: "H. Peter Anvin" <hpa@zytor.com>
To: Matt_Domsch@Dell.com
Cc: pjones@redhat.com, kvm@vger.kernel.org,
	Anthony Liguori <aliguori@us.ibm.com>
Subject: Re: qemu oddness with isolinux vesamenu.c32
Date: Fri, 18 Jul 2008 09:25:23 -0700	[thread overview]
Message-ID: <4880C3F3.6010202@zytor.com> (raw)
In-Reply-To: <48800A9D.1080403@zytor.com>

[Resend corrected destinations]

H. Peter Anvin wrote:
>>
>> hope this helps
> 
> Cc: the kvm-devel list in the hope that they might be able to shed some 
> light on this.
> 
> What this means is that an expansion ROM located in the ISA expansion 
> area at segment D000 tried to call the DOS interrupt INT 2Ch with 
> AX=42C4h.  I believe INT 2Ch is a no-op in DOS, but does something in 
> the NT kernel.
> 
> The CS:IP of the call was D000:04F0.
> 
> I have no idea what would do this; nothing in the command line list 
> stands out as anything which would install an expansion ROM image into 
> the VM.
> 
> Either way, it would be good to find out what the idea of calling INT 
> 2Ch here is.
> 

Never mind, I tracked it down; it's the extboot extension to KVM.

         /* save old int 19 at int 2b */
[...]
         /* save old int 13 to int 2c */

This is highly unsafe behaviour, *especially* given the choice of
vectors (int 20-3f are used by any DOS-like operating system, and
Syslinux uses them for compatibility with DOS.)

Some BIOSes do this kind of things, but they use vectors in the range
0xc0-0xef.  The use of these vectors is platform-dependent, but since
KVM controls the platform, that is relatively safe.

Furthermore, it is completely unnecessary.  Instead of stuffing the old
pointer in an interupt vector and using the INT instruction, stuff it in
a variable in the local code segment, and use the following sequence:

	pushf
	lcallw *%cs:old_vector

In order to do this it needs, of course, to be able to write to its own
memory, which I'm not sure if qemu-kvm allows by default.  If so, this
is actually a defect in qemu-kvm, since modern expansion "ROMs" *do*
expect to be able to write to their own memory areas during
initialization; see the PnPBIOS spec, Appendix B; support for this
specification is mandatory for PCI systems.

	-hpa

next      parent reply	other threads:[~2008-07-18 16:26 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <E9909A75A543064DB66E55B8E3BE41EC72701C@ausx3mps307.aus.amer.dell.com>
     [not found] ` <48800A9D.1080403@zytor.com>
2008-07-18 16:25   ` H. Peter Anvin [this message]
2008-07-18 16:53     ` qemu oddness with isolinux vesamenu.c32 H. Peter Anvin
2008-07-19  7:37     ` Avi Kivity
2008-07-19 18:29       ` H. Peter Anvin
2008-07-20  1:45         ` H. Peter Anvin
2008-07-21  9:43           ` Avi Kivity
2008-07-21 12:51             ` H. Peter Anvin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4880C3F3.6010202@zytor.com \
    --to=hpa@zytor.com \
    --cc=Matt_Domsch@Dell.com \
    --cc=aliguori@us.ibm.com \
    --cc=kvm@vger.kernel.org \
    --cc=pjones@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox