Does modern PC video hardware support VGA text mode in HW, or does the BIOS emulate it (with System Management Mode)?
Asked Answered
B

2

22

What really happens on modern PC hardware booted in 16-bit legacy BIOS MBR mode when you store a byte such as '1' (0x31) into the VGA text (mode 03) framebuffer at physical linear address B8000? How slow is a mov [es:di], eax store with the MTRR for that region set to UC? (Experimental testing on one Kaby Lake iGPU laptop indicates that clflushopt on WC was roughly the same speed as UC for VGA memory. But without clflushopt, mov stores to WC memory never leave the CPU and don't update the screen at all, running super fast.)

If it's not an SMI for every store, is there any way to approximate this cost on a chunk of WB memory in user-space, for performance experiments without actually rebooting into real mode? (e.g. using a BSS page as a pretend framebuffer that doesn't actually display anywhere).

The corresponding font glyph appears on screen in the next refresh, but is hardware scan-out really reading that ASCII char from VRAM (or DRAM for an iGPU) and mapping to bitmap font glyphs on the fly? Or is there some software interception on each store or once per vblank so the real hardware only has to handle a bitmapped framebuffer?


Legacy BIOS booting is well known to use System Management Mode (SMM) to emulate USB kbd/mouse as a PS/2 devices. I'm wondering if it's also used for the VGA text mode framebuffer. I assume it is used for VGA I/O ports for mode-setting but it's plausible that a text framebuffer could be supported by hardware. However, most computers spend all their time in graphics mode so leaving out HW support for text mode seems like something vendors might want to do. (OTOH this blog suggests that a homebrew verilog VGA controller can implement text mode fairly simply.)

I'm specifically interested in systems using the iGPU in Intel Skylake, but would be interested in earlier / later iGPUs from Intel and AMD, and new or old discrete GPUs.

(Including vendors other than AMD and NVidia; there are some Skylake motherboards with PCI slots, not PCIe. If modern GPU firmware drivers do emulate text mode, presumably there are some old PCI video cards with hardware VGA text mode. And maybe such a card could make stores just be a PCI transaction instead of an SMI.)

My own desktop is an i7-6700k in an Asus Z170 Pro Gaming mobo, no add-on cards just iGPU with a 1920x1200 monitor on the DVI-D output. I don't know the details of the Kaby Lake i5-7300HQ system @Eldan is testing on, only the CPU model.


I found Phoenix BIOS's patent US20120159520 from 2011, Emulating legacy video using uefi. Instead of requiring video hardware vendors to supply both UEFI and native 16-bit real mode option-ROM drivers, they propose a real-mode VGA driver (int 10h functions and so on) that calls a vendor-supplied UEFI video driver via SMM hooks.

Abstract
[...] The generic video option ROM notifies a generic video SMM driver of the request for video services. Such notification may be performed using a software system management interrupt (SMI). Upon notification, the generic video SMM driver notifies a third party UEFI video driver of the request for video services. The third party video driver provides the requested video services to the operating system. In this way, a third party UEFI graphics driver may support a wide variety of operating systems, even those that do not natively support the UEFI display protocols.

Much of the description covers handling int 10h calls and stuff like that which already obviously trap through the IVT, thus can easily run custom code that triggers an SMI on purpose. The relevant part is what they describe for direct stores into the text-mode framebuffer which need to work even for code that doesn't trigger any software or hardware interrupts. (Other than HW triggering SMI on such stores, which they say they can use if supported.)

Text Buffer Support

[0066] In certain embodiments, applications may manipulate the VGA's text buffer directly. In such an embodiment, generic video SMM driver 130 support this in one of two ways, depending on whether the hardware provides SMI trapping on read/write access to the 740 KB-768 KB memory region (where the text buffers are located).

[0067] When SMI trapping is available, the hardware generates an SMI on each read or write access. Using the trap address of the SMI trap, the exact text column and row may be calculated and the corresponding row and column in the virtual text screen accessed.

Alternately, normal memory is enabled for this region and, using a periodic SMI, generic video SMM driver 130 scans for changes in the emulated hardware text buffer and updates the corresponding virtual text screen maintained by the video driver. In both cases, when a change is detected, the character is redrawn on the virtual text screen.

This is just one BIOS vendor's patent, and doesn't tell us which way most hardware actually works, or if other vendors do different things. It does essentially confirm that some hardware exists which can trap on stores in that range, though. (Unless that's just a hypothetical possibility that they decided to cover in their patent.)

For the use-case I have in mind, trapping only on screen refresh would be vastly faster than trapping on every store so I'm curious which hardware / firmware works which way.


Motivation for this question

Optimizing an incrementing ASCII decimal counter in video RAM on 7th gen Intel Core - repeatedly storing new digits for an ASCII text counter into the same few bytes of video RAM.

I tested a version of the code in 32-bit user-space under Linux, on WB memory, hoping to approximate the situation with movnti and different ways of getting the CPU to sync its WC buffer to video RAM after each store (or perhaps occasionally in a timer interrupt). But this is not realistic if the real-mode bootloader situation isn't just storing to DRAM, but instead triggering an SMI.

On WB memory, flushing movnti stores with a lock xor byte [esp], 0 is somewhat faster than flushing with clflushopt. But @Eldan reports no speed improvement for those on VGA memory after programming an MTRR to make it WC. (And the same speed as for the original doing normal stores, indicating that by default the VGA framebuffer was UC. Some older BIOSes had an option to make VGA memory WC, which they called USWC = Uncached Speculative Write Combining.)

It's not a real-world problem so I'm not looking for actual workarounds; although it would be interesting to know if manually storing pixel bytes into a VGA graphics mode could be much faster.


Summary

  1. Do any / all real modern systems trigger an SMI on every store to the text-mode framebuffer?
  2. If no, can we approximate a WC store+clflush to the framebuffer, using a movnti + something in user-space on WB memory? So we can easily profile with perf for performance counters.
  3. If different BIOSes and/or hardware use different strategies, what are those strategies? (I don't want details, just a high level like "SMI every vblank to sync the VGA framebuffer to the actual hardware framebuffer")
  4. Would a PCIe or PCI video card with hardware VGA textmode be faster than whatever integrated GPUs actually do? I'm guessing an actual PCIe write transaction would be slower than waiting for a store to hit DRAM, but that a PCIe write would be cheaper than an SMI on every store. A ballpark / order of magnitude comparison would be interesting.

These questions are all highly related, but I can split this up if there isn't as much overlap as I expect.

Bourbonism answered 30/4, 2020 at 10:57 Comment(7)
Isn’t there a performance counter for SMIs?Friseur
@prl: yes, I think so. If I actually wrote a bootloader that programmed the perf counters, and collected + printed them after a test run, and then rebooted my desktop to run it, I could find out an answer for my own desktop. Obviously can't use perf because Linux isn't booted yet. Evaluating SMI (System Management Interrupt) latency on Linux-CentOS/Intel machine has some details on how you can count SMIs.Bourbonism
@prl: actually it's easier to count SMIs: apparently there's an MSR, not a perf counter, so just RDMSR for MSR_SMI_COUNT=0x34 without having to program a counter first.Bourbonism
That’s much easier than my other idea, which is to use the techniques described in section 34.15 to detect SMIs.Friseur
@prl: 34.15 of Intel's vol.3 SDM, I think you mean? xem.github.io/minix86/manual/intel-x86-and-64-manual-vol3/… seems to be describing counting cases where SMM causes or is involved in a VMEXIT, not just any old SMM on "bare metal". (Or the fake bare metal that legacy BIOS booting presents via SMM traps...) Anyway yeah, if I have time next time I don't mind rebooting my desktop, I might write a 16-bit bootloader and test it on my system... Or hopefully someone else is feeling keen and tests it for me.Bourbonism
Despite the patent you found I don't see SMM emulation of VGA being practical for anything other than onboard video, and even that it's dubious. Nvidia, AMD, and Intel (and others) all have working VGA implementations, both on the silicon and option ROM side, that they just need to cut and paste into new implementations. Implementing SMM emulation would be much more expensive and not really get them anything.Durr
This has been closed once as not focused, and reopened; if anyone has any suggestions for which parts I could leave out or split off to another question that would be good. My feeling is that the side questions about specifics help to focus the overall direction of what I'm asking; otherwise "how does modern VGA hardware work / perform" would be textbook too broad. And the close voters the first time around all had no significant asm / x86 tag score, so hopefully those of use who do find the general subject interesting think this is an ok question. I know it's not great. :/Bourbonism
G
11

Do any / all real modern systems trigger an SMI on every store to the text-mode framebuffer?

For video cards, I very much doubt it. Video card manufacturers have had the "get pixel data from char+attribute" logic built into hardware since the 1980s (it predates VGA and hasn't changed much since CGA), and just cut&paste that logic into each newer design without caring much about it.

For things that are not video cards at all (e.g. remote system management tools using LAN) I don't know but suspect not (often they use a special management CPU rather than the main CPU/s so that it works even if the computer is turned "off").

If no, can we approximate a WC store+clflush to the framebuffer, using a movnti + something in user-space on WB memory?

If you're not in user-space, you can change MTTRs (on all CPUs - MTRRs must match and there's a special sequence involved) to make an area of RAM "uncached"; or use PAT in the page tables (much easier than messing with MTRRs, especially if you're using paging anyway, but slightly different behavior due to still needing cache coherency). If you are in user-space then you will have to rely on whatever the OS/kernel provides, and (depending on which OS it is) the OS/kernel may not provide any way to do this at all.

However; even if you find a way to make (an area of) RAM uncached it still won't be very similar, because you'll be writing directly to something attached to a memory controller built into the CPU (that CPU can write to extremely quickly) instead of talking to something at the other end of a PCI link (that will have higher latency and lower bandwidth from CPU's side). Even for integrated video (where it's technically the same RAM chips in the end) writes to VRAM go through a very different path (subject to remapping/GART/paging in the video card, effected by a "write mode" VGA register, effected by bit/plane mask VGA registers, etc).

Would a PCIe or PCI video card with hardware VGA textmode be faster than whatever integrated GPUs actually do?

For writes from CPU to VRAM; typically integrated video is significantly faster than discrete cards (at least for plain writes from CPU to linear frame buffers where none of the VGA's "write logic" is involved).

For extremely rough ballpark estimates; I'd expect a single write to RAM to be around 150 cycles and a single write to PCI to be close to 1000 cycles. For SMI I'd expect a few hundred cycles of latency before SMI arrives at CPU, then the cost of CPU pipeline flush, then about 500 cycles to save CPU's state (and same loading state on the return path); then the firmware's code would have to find the cause of the SMI (another few hundred cycles?) before it could know it was a write to VRAM and not something else; then it'd have to examine the saved CPU state and find and decode the instruction that made the write (because it can't know what data was being written, if it was a byte/word/dword write, etc) while taking into account previous CPU state (which mode CPU was in, code size, etc) and keeping track of how emulating the instruction effects the future CPU state (advancing RIP, etc - don't forget that they'll be emulating every instruction that can cause a write, including things like XADD, etc). Next it would have to analyze the state of (emulated) VGA registers (write mode, write mask, plane enable, whatever controls which 64 KiB bank is mapped into the legacy area, font height, ...). Basically; for SMI emulation of a write to text mode frame buffer; I'd expect it to take tens of thousands of cycles before the firmware's code overlooks a minor but important detail buried among a huge amount of complexity, causing it to do the wrong thing and be unusably broken.

Other Notes

I found Phoenix BIOS's patent US20120159520 from 2011, Emulating legacy video using uefi.

I doubt this was ever implemented, because I doubt it can ever work. There's far too many (common and obscure) things you can do with the legacy interfaces (e.g. detect vertical refresh, setup non-standard video modes like "mode X", fiddle with "display start" to implement smooth scrolling and/or page flipping, use "CRTC info" in VBE to alter video timings, etc) that isn't supported by UEFI and can't be done via. a third party video driver for UEFI.

Instead, video card manufacturers didn't bother providing UEFI drivers for about 10 years and UEFI firmware used the legacy interface to emulate UEFI services (often breaking secure boot while they were at it); until almost everything was UEFI anyway.

I assume it (SMM) is used for VGA I/O ports for mode-setting.

I assume not. The only thing vaguely related to video that I'd suspect SMM may be used for is controlling the brightness of the screen's backlight in laptops (especially for older laptops, and especially for "lid open/close events") during early boot (before OS takes over).

.. leaving out HW support for text mode seems like something vendors might want to do

I still believe that the (eventual, after the already too long "hybrid BIOS+UEFI" transition phase) removal of 30+ years of accumulated legacy mess (A20, VGA, PS/2, PIT, PIC, ...) from hardware is one of the main reasons hardware manufacturers (Intel) are/have been pushing for UEFI adoption.

Gunlock answered 30/4, 2020 at 23:53 Comment(3)
Seemingly, the legacy VGA range is just decoded by the L3 cache slice directly to processor graphics, DMI or a PCIe link based on VGA steering bits in configuration registers. I'm not sure how what the processor graphics does with this range if there is no VGA; possibly it just buffers and translates it to a HDMI framebuffer and sends it to the HDMI FDI pipe but I haven't got a clueGlimmer
Thanks, I'd overlooked the possibility of still being HW supported but going through a slower path in the system agent than just straight to memory controllers. That and defeating memory controller write coalescing so we bottleneck on actual DRAM throughput not just core -> uncore -> memory controller ring bus throughput could explain VGA writes totally dominating the run-time and hiding any differences between clflushopt vs. lock xor byte [esp], 0 for triggering flushes.Bourbonism
Your point about having to emulate x86 in any mode to get the store data is a good one, that does make it fairly implausible, and the performance would be unacceptable or at least noticeable for scrolling on a text console that used VGA text mode instead of whatever Linux does by default these days with a framebuffer console. I was forgetting that VGA text mode has to keep working even after an OS brings up all the cores on a multi-core system.Bourbonism
D
7

Reading through various modern Intel CPU and Platform Controller Hub (PCH) datasheets, it doesn't appear that the necessary hardware is implemented. There doesn't seem to be any way to generate an SMI (System Management Interrupt) in response to processor accesses of the VGA frame buffer (physical addresses 0xA0000 - 0xBFFFF).

The memory controller in the CPU will either route accesses to VGA frame buffer to the integrated graphics controller, the PCI Express port connected directly to the CPU, or the DMI interface connecting the CPU to the PCH. While it's possible route parts VGA frame buffer separately, this appears only meant to support a separate MDA (Monochrome Display Adapter) device. The integrated graphics controller is not well documented so it's possible that it can be configured to generate an SMI on VGA frame buffer accesses, but this seems unlikely. In any case, it wouldn't work with discrete graphics.

Intel PCH's also don't seem to have any support for generating SMIs in response to VGA frame buffer accesses. This would be the most natural place for it, as it already has support for generating SMIs in response to I/O accesses to the keyboard controller, IDE controller and other legacy devices. It possible that there's some undocumented feature that does this, but it's not included in the lists of possible SMI sources given in the PCH datasheets.

Theoretically, it would be possible for a motherboard manufacture to connect a fake VGA device to the PCH through a PCI Express port and then generate SMIs using a PCH GPIO pin. However, I'm not sure this will work in practice. By the time the CPU gets the SMI it could have moved on to executing other instructions and it wouldn't be possible to examine the CPU state at the time of the frame buffer access.

(A similar problem happened with SoundBlaster 16 emulation on the SoundBlaster Live. It would generate a PCI SERR# when the legacy SoundBlaster ports were accessed, which would generate a NMI on the CPU. Unfortunately the emulation would break on many Pentium 4 motherboards because the NMI would arrive on the next or subsequent instruction.)

Durr answered 1/5, 2020 at 20:37 Comment(2)
Thanks for checking on that. This doesn't rule out an SMI handler once per vblank syncing / rendering the VGA text framebuffer into a real pixel framebuffer (the other mechanism the patent proposed), but it does rule out an SMI per store. An out instruction is kind of synchronous and mostly serializing, but a UC store still goes through the store buffer and will have retired before the store commits, I think. If an out port access was a problem on P4, a plain store would be a disaster.Bourbonism
If a system did use an SMI handler to scan the text framebuffer, that would imply that it could be WB cacheable and still update the screen, even with cli normal interrupts disabled. So that would be something testable we could use to rule out or mostly confirm the other possibility.Bourbonism

© 2022 - 2024 — McMap. All rights reserved.