From nobody Wed Feb  4 03:47:48 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of seabios.org designates
 78.46.105.101 as permitted sender) client-ip=78.46.105.101;
 envelope-from=seabios-bounces@seabios.org; helo=coreboot.org;
Received-SPF: pass (zohomail.com: domain of seabios.org designates
 78.46.105.101 as permitted sender) client-ip=78.46.105.101;
 envelope-from=seabios-bounces@seabios.org; helo=coreboot.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of seabios.org designates 78.46.105.101 as
 permitted sender)  smtp.mailfrom=seabios-bounces@seabios.org;
	dmarc=pass(p=reject dis=none)  header.from=seabios.org
ARC-Seal: i=1; a=rsa-sha256; t=1768989351; cv=none;
	d=zohomail.com; s=zohoarc;
	b=cGns21fCr5fsG4InhLoXEp7t1xf3AExS1B3JjCx+uOnO6DIixG7ihwsfzHVQrJoFVHB+m3+zFWVwO1CyankYdnL/9xDVeqNTfkvdnSigl4cLZ5f/9rKSbQLMSqpeqHvYBNIkXH/jTEHnSltO2V+5KgcSFHpMWhHjKKqiA6F1B6s=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1768989351;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:Subject:Subject:To:To:Message-Id;
	bh=P9Sp9SQEVlc672g6aLgMg6u4cD/BteY0l050vlshSEE=;
	b=InPo8B/Ong1tEpvXBm9yYjiZVCD/mVQ/wKkXzg5Ct5aZyFGMjs127Y+t0f8Rvzb3q0mHDtIIxJmz/SkJuz6FnDjvggqU9J/MIO9gNln1eWSF2PmiHd1PbWIGxseHzQdmQGP/KImi/yxS5xUdb3+PDNFIrN0po0ANJxj36RveRO8=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of seabios.org designates 78.46.105.101 as
 permitted sender)  smtp.mailfrom=seabios-bounces@seabios.org;
	dmarc=pass header.from=<seabios@seabios.org> (p=reject dis=none)
Return-Path: <seabios-bounces@seabios.org>
Received: from coreboot.org (mail.coreboot.org [78.46.105.101]) by
 mx.zohomail.com
	with SMTPS id 1768989351375534.314907714273;
 Wed, 21 Jan 2026 01:55:51 -0800 (PST)
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
	by coreboot.org (Postfix) with ESMTPA id B465C8177C;
	Wed, 21 Jan 2026 09:55:47 +0000 (UTC)
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
 (pdx-out-004.esa.us-west-2.outbound.mail-perimeter.amazon.com [44.246.77.92])
	by coreboot.org (Postfix) with ESMTP id 1C75C81745
	for <seabios@seabios.org>; Wed, 21 Jan 2026 09:55:29 +0000 (UTC)
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
 smtpout.naws.us-west-2.prod.farcaster.email.amazon.dev) ([10.5.9.48])
  by internal-pdx-out-004.esa.us-west-2.outbound.mail-perimeter.amazon.com
 with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2026 09:55:25 +0000
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
 by smtpin.naws.us-west-2.prod.farcaster.email.amazon.dev [10.0.14.244:2525]
 with esmtp (Farcaster)
 id b92a7529-92ea-49a2-9e94-08eafc3ba8dd;
 Wed, 21 Jan 2026 09:55:24 +0000 (UTC)
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
 EX19MTAUWB001.ant.amazon.com (10.250.64.248) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.35;
 Wed, 21 Jan 2026 09:55:24 +0000
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
 EX19D020UWC004.ant.amazon.com (10.13.138.149) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.35;
 Wed, 21 Jan 2026 09:55:23 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seabios.org; s=dkim;
	t=1768989348; h=from:from:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:in-reply-to:
	 references:list-id:list-owner:list-unsubscribe:list-subscribe:list-post;
	bh=P9Sp9SQEVlc672g6aLgMg6u4cD/BteY0l050vlshSEE=;
	b=xYRfvrObly4+NusTjm5XjCH88frbW+1QoVf3KQ5R2GLVuQJutcgxveAVSvjMtT3maTruZ3
	5zN2PwsYFJxYUfobLXAO6S5xipAT3Xn7TlUeqNA9+dJjGwmPfVSiH6Wgh23DxZqS1lFwHW
	zR6R5SNX4XNorOi5yswFnnQJgyBlUVw=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
  d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2;
  t=1768989329; x=1800525329;
  h=from:to:cc:subject:date:message-id:mime-version:
   content-transfer-encoding;
  bh=wgaRJUBAxH18Sq51wOx62IED2XMunBFBX16Z3X7p2K8=;
  b=PlabHPz6SWJkGXZoVeKqAdjXdy3Lwh7QJtIb0we1LQ8aLKYO6A7VCn1q
   v0EwyT+I06y3dB3a38f0KBwY53zmj1hgr+EOMriTT58I1WV7pwLmUUxCJ
   6GZEIF6FqDfTN6KMlnVU2AP8vch9Aanvie2hBRJc555ZWdejEs1sws3rb
   jw8PxLXeBLrYdnBgGMAIGHAJ3uNiBWenImZ8VNj0Gpi5oMfAh6KXGAO90
   tHeCGvlDd3BNNo55huHrcAXFFOjw4rzQcBgo9eSHQIUaAdVyY2iJ85JCP
   Ra53TtFaEXaD6g1cii20icPkJdUzwqdSXNWOw/aXgCdA6MYiyqmdvwvPN
   g==;
X-CSE-ConnectionGUID: 40O07T8yTEaCVP8L6U++4g==
X-CSE-MsgGUID: LgQch3PrSYWG19e4/kJEJw==
X-IronPort-AV: E=Sophos;i="6.21,242,1763424000";
   d="scan'208";a="11293010"
X-Farcaster-Flow-ID: b92a7529-92ea-49a2-9e94-08eafc3ba8dd
To: <seabios@seabios.org>
Date: Wed, 21 Jan 2026 09:55:21 +0000
Message-ID: <20260121095521.45512-1-graf@amazon.com>
MIME-Version: 1.0
X-ClientProxiedBy: EX19D039UWA002.ant.amazon.com (10.13.139.32) To
 EX19D020UWC004.ant.amazon.com (10.13.138.149)
Message-ID-Hash: SYBP6UFKYZBD5EE2YPC7KDXDX5INH4JE
X-Message-ID-Hash: SYBP6UFKYZBD5EE2YPC7KDXDX5INH4JE
X-MailFrom: prvs=474d9ad33=graf@amazon.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-seabios.seabios.org-0;
 header-match-seabios.seabios.org-1; emergency; member-moderation;
 nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size;
 news-moderation; no-subject; digests; suspicious-header
CC: Gerd Hoffmann <kraxel@redhat.com>, nh-open-source@amazon.com
X-Mailman-Version: 3.3.11b1
Precedence: list
Subject: [SeaBIOS] [PATCH v3] boot: Add boot failure catch-all handler to
 prevent VM
 crashes
List-Id: SeaBIOS mailing list <seabios.seabios.org>
Archived-At: 
 <https://mail.coreboot.org/archives/list/seabios@seabios.org/message/SYBP6UFKYZBD5EE2YPC7KDXDX5INH4JE/>
List-Archive: <https://mail.coreboot.org/archives/list/seabios@seabios.org/>
List-Help: <mailto:seabios-request@seabios.org?subject=help>
List-Owner: <mailto:seabios-owner@seabios.org>
List-Post: <mailto:seabios@seabios.org>
List-Subscribe: <mailto:seabios-join@seabios.org>
List-Unsubscribe: <mailto:seabios-leave@seabios.org>
From: Alexander Graf via SeaBIOS <seabios@seabios.org>
Reply-To: Alexander Graf <graf@amazon.com>
Content-Transfer-Encoding: quoted-printable
Authentication-Results: coreboot.org;
	auth=pass smtp.auth=mailman@coreboot.org
 smtp.mailfrom=seabios-bounces@seabios.org
X-Spamd-Bar: /
X-ZohoMail-DKIM: pass (identity @seabios.org)
X-ZM-MESSAGEID: 1768989353575154100
Content-Type: text/plain; charset="utf-8"

Implement catch-all mechanism to handle invalid boot loaders that execute
random instructions and reach the VGA hole at 0xa0000, which would lead to
VM crashes with KVM_INTERNAL_ERROR.

When a BIOS boot loader gets corrupted, it can end up jumping across
address space and execute stray code. The typical symptom of that is
that it executes 0x0 (addw) instructions until the code reaches an MMIO
region, such as the VGA window. When running in KVM, attempting to
execute code from the MMIO window results in KVM_INTERNAL_ERROR exits
which crash the VM.

To prevent VM crashes before we reach such an MMIO window, place
trampoline code into a special panic handler at strategic locations that
should never get executed in the first place. When we now have stray code
executing, the trampoline jumps to the panic handler which causes an
emergency print of "BIOS failed to boot volume" and cleanly shuts down the
machine.

This is a nicer experience for users as it prints out why their system
broke and in addition it avoids KVM_INTERNAL_ERROR calls when a virtual
machine attempts to execute from MMIO because of a broken boot loader.

Signed-off-by: Alexander Graf <graf@amazon.com>

Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de>
---

v1 -> v2:

  - Clarify error message
  - Move 32bit handler entry to similar other interrupt code

v2 -> v3:

  - Replace int logic with a ljmp trampoline
  - Use assembler instead of hard coding opcodes
  - Make naming more consistent
  - Simplify installation logic
---
 src/boot.c      | 25 +++++++++++++++++++++++++
 src/post.c      |  1 +
 src/romlayout.S | 11 +++++++++++
 src/util.h      |  1 +
 4 files changed, 38 insertions(+)

diff --git a/src/boot.c b/src/boot.c
index 5c37dafd..5c0c8f4c 100644
--- a/src/boot.c
+++ b/src/boot.c
@@ -1044,3 +1044,28 @@ handle_19(void)
     BootSequence =3D 0;
     do_boot(0);
 }
+
+void VISIBLE32FLAT
+panic_bootfail_catchall(void)
+{
+    printf("\n\nBIOS failed to boot volume. The boot loader may be corrupt=
ed.\n\n ");
+
+    /* Try to shut down. Will busy loop on failure to shut down. */
+    apm_shutdown();
+}
+
+/*
+ * Install the catch-all trampoline just before VGA hole at 0xa0000 and at=
 the end
+ * of the PMM zero region.
+ */
+void
+install_bootfail_catchall(void)
+{
+    extern u8 bootfail_catchall_trampoline[], bootfail_catchall_trampoline=
_end[];
+    int len =3D (long)bootfail_catchall_trampoline_end - (long)bootfail_ca=
tchall_trampoline;
+
+    /* Install just before the VGA hole */
+    memcpy((u8*)BUILD_LOWRAM_END - len, bootfail_catchall_trampoline, len);
+    /* and after the PMM zero region */
+    memcpy((u8*)BUILD_EBDA_MINIMUM, bootfail_catchall_trampoline, len);
+}
diff --git a/src/post.c b/src/post.c
index f93106a1..026e2cd9 100644
--- a/src/post.c
+++ b/src/post.c
@@ -115,6 +115,7 @@ interface_init(void)
=20
     // Other interfaces
     boot_init();
+    install_bootfail_catchall();
     bios32_init();
     pmm_init();
     pnp_init();
diff --git a/src/romlayout.S b/src/romlayout.S
index c4a4635e..d37ffbd4 100644
--- a/src/romlayout.S
+++ b/src/romlayout.S
@@ -580,6 +580,17 @@ entry_19:
 entry_18:
         ENTRY_INTO32 _cfunc32flat_handle_18
=20
+        // We jump here with ljmp from the catch-all trampoline code
+	DECLFUNC bootfail_catchall_16
+bootfail_catchall_16:
+        ENTRY_INTO32 _cfunc32flat_panic_bootfail_catchall
+
+	// This code gets copied into the respective target locations
+	DECLFUNC bootfail_catchall_trampoline
+bootfail_catchall_trampoline:
+        ljmpw $SEG_BIOS, $bootfail_catchall_16
+.global bootfail_catchall_trampoline_end
+bootfail_catchall_trampoline_end:
=20
 /****************************************************************
  * Fixed position entry points
diff --git a/src/util.h b/src/util.h
index aff8e888..3c5d075c 100644
--- a/src/util.h
+++ b/src/util.h
@@ -47,6 +47,7 @@ int boot_lchs_find_scsi_device(struct pci_device *pci, in=
t target, int lun,
                                struct chs_s *chs);
 int boot_lchs_find_ata_device(struct pci_device *pci, int chanid, int slav=
e,
                               struct chs_s *chs);
+void install_bootfail_catchall(void);
=20
 // bootsplash.c
 void enable_vga_console(void);
--=20
2.47.1




Amazon Web Services Development Center Germany GmbH
Tamara-Danz-Str. 13
10243 Berlin
Geschaeftsfuehrung: Christof Hellmis, Andreas Stieger
Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B
Sitz: Berlin
Ust-ID: DE 365 538 597

_______________________________________________
SeaBIOS mailing list -- seabios@seabios.org
To unsubscribe send an email to seabios-leave@seabios.org