From owner-freebsd-bugs  Thu Nov 28 17:30:03 1996
Return-Path: owner-bugs
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id RAA21860
          for bugs-outgoing; Thu, 28 Nov 1996 17:30:03 -0800 (PST)
Received: (from gnats@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id RAA21854;
          Thu, 28 Nov 1996 17:30:02 -0800 (PST)
Resent-Date: Thu, 28 Nov 1996 17:30:02 -0800 (PST)
Resent-Message-Id: <199611290130.RAA21854@freefall.freebsd.org>
Resent-From: gnats (GNATS Management)
Resent-To: freebsd-bugs
Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, Tor.Egge@idt.ntnu.no
Received: from pat.idt.unit.no (pat.idt.unit.no [129.241.103.5])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id RAA21763
          for <FreeBSD-gnats-submit@freebsd.org>; Thu, 28 Nov 1996 17:27:24 -0800 (PST)
Received: from ikke.idt.unit.no (tegge@ikke.idt.unit.no [129.241.111.65]) by pat.idt.unit.no (8.8.3/8.8.3) with ESMTP id CAA06666 for <FreeBSD-gnats-submit@freebsd.org>; Fri, 29 Nov 1996 02:27:20 +0100 (MET)
Received: (from tegge@localhost) by ikke.idt.unit.no (8.8.3/8.8.3) id CAA12304; Fri, 29 Nov 1996 02:27:19 +0100 (MET)
Message-Id: <199611290127.CAA12304@ikke.idt.unit.no>
Date: Fri, 29 Nov 1996 02:27:19 +0100 (MET)
From: Tor Egge <Tor.Egge@idt.ntnu.no>
Reply-To: Tor.Egge@idt.ntnu.no
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: i386/2117: nb8390.com hangs with some BIOS combinations
Sender: owner-bugs@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


>Number:         2117
>Category:       i386
>Synopsis:       nb8390.com hangs with some BIOS combinations
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 28 17:30:01 PST 1996
>Last-Modified:
>Originator:     Tor Egge
>Organization:
Norwegian University of Science and Technology, Trondheim, Norway
>Release:        FreeBSD 3.0-CURRENT i386
>Environment:

	Intel motherboard (Neptune Chipset)
	NCR 53C815 SCSI controller

	AMIBIOS (C) 1992 American Megatrends, Inc.
	BIOS Version 1.00.16.AX1

	NCR SDMS (TM) V3.0 PCI SCSI BIOS, PCI Rev. 2.0
	Copyright 1993 NCR Corporation.
	NCRPCI04-3.04.00

	MS DOS 6.0 or PCDOS 7.0

	nb8390.com 

>Description:

	nb8390.com hangs when getting disk parameters from BIOS.

	This is probably due to a bug in the BIOS present on the
	NCR 53C815 SCSI controller.

>How-To-Repeat:

	Get a similar configuration.

>Fix:

The only critical part of this diff is clearing %ebp before 
calling int $0x13 and int $0x19. It may also be necessary to
clear %ebp in the BOOTROM case before exiting.

The changes are

  - clear %ebp before calling $int 0x13, to avoid hang at startup.

  - clear %ebp before calling $int 0x19, to avoid hang during boot
    from disk after the "Starting PC DOS..." message when using
    the diskboot command.

  - workarounds for other possible BIOS quirks by saving/restoring
    some registers which gcc expects to be unchanged.

  - use of smaller use16 segment during transition to real mode
    (64 KB in size, instead of 1 MB).

  - use of CR0_PE_ON and CR0_PE_OFF (as used by corresponding routines
    in biosboot/asm.S) instead of CR0_PE.

Index: start2.S
===================================================================
RCS file: /export/akg1/cvs/src/sys/i386/boot/netboot/start2.S,v
retrieving revision 1.4
diff -c -r1.4 start2.S
*** start2.S	1996/11/11 14:27:12	1.4
--- start2.S	1996/11/29 00:54:12
***************
*** 3,9 ****
  #define KERN_CODE_SEG	0x08
  #define KERN_DATA_SEG	0x10
  #define REAL_MODE_SEG	0x18
! #define CR0_PE		1
  
  #define opsize		.byte 0x66
  #define addrsize	.byte 0x67
--- 3,10 ----
  #define KERN_CODE_SEG	0x08
  #define KERN_DATA_SEG	0x10
  #define REAL_MODE_SEG	0x18
! CR0_PE_ON       = 	0x1
! CR0_PE_OFF	=	0xfffffffe
  
  #define opsize		.byte 0x66
  #define addrsize	.byte 0x67
***************
*** 117,122 ****
--- 118,125 ----
  	push	%eax
  	lret
  #else
+ 	opsize
+ 	xor     %ebp,%ebp
  	int	$0x19
  #endif
  
***************
*** 127,134 ****
  _currticks:
  	push	%ebp
  	mov	%esp,%ebp
! 	push	%ecx
! 	push	%edx
  	xor	%edx,%edx
  	call	_prot_to_real
  	xor	%eax,%eax
--- 130,138 ----
  _currticks:
  	push	%ebp
  	mov	%esp,%ebp
! 	push	%ebx
! 	push	%esi
! 	push	%edi
  	xor	%edx,%edx
  	call	_prot_to_real
  	xor	%eax,%eax
***************
*** 139,146 ****
  	shl	$16,%ecx
  	mov	%edx,%eax
  	or	%ecx,%eax
! 	pop	%edx
! 	pop	%ecx
  	pop	%ebp
  	ret
  
--- 143,151 ----
  	shl	$16,%ecx
  	mov	%edx,%eax
  	or	%ecx,%eax
! 	pop	%edi
! 	pop	%esi
! 	pop	%ebx
  	pop	%ebp
  	ret
  
***************
*** 151,158 ****
  _putchar:
  	push	%ebp
  	mov	%esp,%ebp
- 	push	%ecx
  	push	%ebx
  	movb	8(%ebp),%cl
  	call	_prot_to_real
  	opsize
--- 156,164 ----
  _putchar:
  	push	%ebp
  	mov	%esp,%ebp
  	push	%ebx
+ 	push	%esi
+ 	push    %edi
  	movb	8(%ebp),%cl
  	call	_prot_to_real
  	opsize
***************
*** 162,169 ****
  	int	$0x10
  	opsize
  	call	_real_to_prot
  	pop	%ebx
- 	pop	%ecx
  	pop	%ebp
  	ret
  
--- 168,176 ----
  	int	$0x10
  	opsize
  	call	_real_to_prot
+ 	pop	%edi
+ 	pop	%esi
  	pop	%ebx
  	pop	%ebp
  	ret
  
***************
*** 175,180 ****
--- 182,189 ----
  	push	%ebp
  	mov	%esp,%ebp
  	push	%ebx
+ 	push	%esi
+ 	push	%edi
  	call	_prot_to_real
  	movb	$0x0,%ah
  	int	$0x16
***************
*** 183,188 ****
--- 192,199 ----
  	call	_real_to_prot
  	xor	%eax,%eax
  	movb	%bl,%al
+ 	pop	%edi
+ 	pop	%esi
  	pop	%ebx
  	pop	%ebp
  	ret
***************
*** 195,200 ****
--- 206,213 ----
  	push	%ebp
  	mov	%esp,%ebp
  	push	%ebx
+ 	push	%esi
+ 	push	%edi
  	call	_prot_to_real
  	xor	%ebx,%ebx
  	movb	$0x1,%ah
***************
*** 207,212 ****
--- 220,227 ----
  	call	_real_to_prot
  	xor	%eax,%eax
  	movb	%bl,%al
+ 	pop	%edi
+ 	pop	%esi
  	pop	%ebx
  	pop	%ebp
  	ret
***************
*** 270,276 ****
  	lgdt	gdtarg-RELOC
  	mov	%cr0, %eax
  	opsize
! 	or	$CR0_PE, %eax
  	mov	%eax, %cr0		/* turn on protected mode */
  
  	/* jump to relocation, flush prefetch queue, and reload %cs */
--- 285,291 ----
  	lgdt	gdtarg-RELOC
  	mov	%cr0, %eax
  	opsize
! 	or	$CR0_PE_ON, %eax
  	mov	%eax, %cr0		/* turn on protected mode */
  
  	/* jump to relocation, flush prefetch queue, and reload %cs */
***************
*** 298,309 ****
  	sub	$RELOC,%eax		/* Adjust return address */
  	push	%eax
  	sub	$RELOC,%esp		/* Adjust stack pointer */
! 	ljmp	$REAL_MODE_SEG, $1f	/* jump to a 16 bit segment */
  1:
  	/* clear the PE bit of CR0 */
  	mov	%cr0, %eax
  	opsize
! 	andl 	$0!CR0_PE, %eax
  	mov	%eax, %cr0
  
  	/* make intersegment jmp to flush the processor pipeline
--- 313,324 ----
  	sub	$RELOC,%eax		/* Adjust return address */
  	push	%eax
  	sub	$RELOC,%esp		/* Adjust stack pointer */
! 	ljmp	$REAL_MODE_SEG, $1f-RELOC /* jump to a 16 bit segment */
  1:
  	/* clear the PE bit of CR0 */
  	mov	%cr0, %eax
  	opsize
! 	andl 	$CR0_PE_OFF, %eax
  	mov	%eax, %cr0
  
  	/* make intersegment jmp to flush the processor pipeline
***************
*** 346,351 ****
--- 361,367 ----
  	push	%edx
  
  	movb	0x8(%ebp), %dl		/* diskinfo(drive #) */
+ 	xor	%ebp,%ebp		/* AMIBIOS compatibility */
  	call	_prot_to_real		/* enter real mode */
  
  	movb	$0x8, %ah		/* ask for disk info */
***************
*** 418,425 ****
  	.byte	0, 0x93, 0xcf, 0
  
  	/* 16 bit real mode */
! 	.word	0xffff, 0
! 	.byte	0, 0x9b, 0x0f, 0
  
  	.align	4
  gdtarg:
--- 434,441 ----
  	.byte	0, 0x93, 0xcf, 0
  
  	/* 16 bit real mode */
! 	.word	0xffff, RELOC&0xffff
! 	.byte	(RELOC>>16), 0x9e, 0x00, (RELOC>>24)
  
  	.align	4
  gdtarg:
>Audit-Trail:
>Unformatted: