From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1KLau3-0003nS-4b
	for qemu-devel@nongnu.org; Wed, 23 Jul 2008 05:44:59 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1KLau1-0003mG-8I
	for qemu-devel@nongnu.org; Wed, 23 Jul 2008 05:44:58 -0400
Received: from [199.232.76.173] (port=47110 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1KLau0-0003m8-V3
	for qemu-devel@nongnu.org; Wed, 23 Jul 2008 05:44:57 -0400
Received: from smtp-out-01.utu.fi ([130.232.202.171]:13918)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <jarraj@utu.fi>) id 1KLau0-0001Rq-9W
	for qemu-devel@nongnu.org; Wed, 23 Jul 2008 05:44:56 -0400
Received: from [192.168.255.4]
	(a91-152-236-80.elisa-laajakaista.fi [91.152.236.80])
	by smtp01.mess.utu.fi (Sun Java System Messaging Server 6.2-4.03 (built
	Sep 22
	2005)) with ESMTPSA id <0K4G00FOZDQOKD30@smtp01.mess.utu.fi> for
	qemu-devel@nongnu.org; Wed, 23 Jul 2008 12:44:49 +0300 (EEST)
Date: Wed, 23 Jul 2008 12:44:48 +0300
From: Jarno Rajala <jarraj@utu.fi>
Message-id: <4886FD90.6040409@utu.fi>
MIME-version: 1.0
Content-type: text/plain; charset=ISO-8859-1; format=flowed
Content-transfer-encoding: 7BIT
Subject: [Qemu-devel] [BUG] QEMU BIOS - El Torito no emulation boot address
	incorrect seg:off
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Hello

I believe I've located a minor bug in QEMU BIOS. According to the El 
Torito specification the no emulation mode should load the boot code to 
the real mode address seg:0 and start executing from there. However, 
QEMU jumps to 0:seg*16, which is the same absolute address, but wrong 
segment:offset.

The QEMU BIOS version I have is

QEMU BIOS - build: 02/13/08
$Revision: 1.194 $ $Date: 2007/12/23 19:46:27 $
Options: apmbios pcibios eltorito rombios32

The following boot code illustrates the problem. It prints JJ to the top 
of the screen on a real PC, but prints JA instead on QEMU. (The boot 
image is set to load into the segment 0x7c8)

test_code:
    call .call
.call:
    pop bx
    mov ax,cs
    shl ax,4
    add ax,bx
   
.l1
    cmp ax,0x7c83
    jne .l1
   
    mov ax,0xb800
    mov es,ax
    mov [es:0],word 0x074a
   
    mov ax,cs
    cmp ax,0x7c8
    jne .l2
    mov [es:2],word 0x074a
    jmp .loopy
.l2
    cmp ax,0
    jne .loopy
    mov [es:2],word 0x0741
   
   
.loopy:
    jmp .loopy

Jarno Rajala