The Nouveau Trello board contains a list of known things which still needs to be implemented or fixed.
Here there are mainly two kinds of issues tracked
kernel https://bugs.freedesktop.org/buglist.cgi?component=Driver%2Fnouveau&list_id=600638&product=xorg&resolution=---
All bugs related to the kernel modules are found here
mesa: https://bugs.freedesktop.org/buglist.cgi?component=Drivers%2FDRI%2Fnouveau&list_id=600639&product=Mesa&resolution=---
All bugs related to the userspace parts are found here
see https://en.wikipedia.org/wiki/Power-on_self-test
Nvalist prints a list of all available devices, which can be used to identify, which number has to be passed to the -c flags of most nva tools:
$index: more information
$index is the number to use for the -c flag
0: (pci) 0000:02:00.0 MCP79 0ac080b1
1: (pci) 0000:00:03.5 SMU
2: (pci) 0000:00:0a.0 ETH
The MMIO registers are used to communicate with the actual hardware. Envytools contains a database with all known registers.
Reads out the given MMIO register (range).
Writes the given value into the given register (range).
This is a XML based databse with all known MMIO registers. Files are located in envytools.git/rnndb and should be extended whenever something new is found out.
Can be used to force the GPU to return the given temperature on MMIO register read outs. 0 to disable the override.
NOTICE: Due to secure boot, won't work on GM200+ GPUs
Contains the manufacturer-provided GPU model specifications. Nvbios can be used to parse parts of the vbios, which were already reverse engineered. Look there for information related to power management, connectors, clocks, memory, init scripts, gpios, external devices and many other things.
WARNING: Some data may depend on the value of the strap MMIO register (0x101000), which allow manufacturers to share the same vbios with multiple revisions of a GPU. Information such as the memory information may be indexed based on this value, check out the uses of the strap_peek in nvbios for more information.
INFO: Nouveau developers have access to a repository of user vbioses, ask for it if you feel like you need it.
While running nouveau, the vbios can be extracted through debugfs quite easily. The file is located at /sys/kernel/debug/dri/x/vbios.rom, where x represant the drm id of the device.
Can be used to extract the vbios from the device without requiring any drivers. Not as reliable as using Nouveau, because nvagetbios only supports prom (on chip vbios) and pramin (vbios in vram). Doesn't support ACPI embedded vbios.
parses the given vbios.rom file. The -v flag also prints the actual hex values under the parsed rows.
Uploads the given vbios file on the GPU. The GPU has to be POSTed, otherwise random memory corruption will occur and most likely the system will crash. The easiest way to POST the card is to load any video driver for it and unload it again, preferable nvidia.
If the 0x619f04 MMIO register isn't set to a sane value after POSTing the card (bytes 32-8 are 0), it needs to be adjusted with nvapoke according to this formula:
((VRAM size * 0x10 - 2) * 0x100) | 0x9
example with 3072MB vram:
((3072 * 0x10 - 2) * 0x100) | 0x9 = 0xbffe09 means you have to nvapoke 0x619f04 0xbffe09
The -eEwWlL flags can be used to directly modify bytes within the vbios
- e: 8bit hex
- E: 8bit dec
- w: 16bit hex
- W: 16bit dec
- l: 32bit hex
- L: 32bit dec
example: nvafakebios -w 100:4ff vbios.rom will turn byte 0x100 into 0xff and 0x101 into 0x04
Combined with the modprobe.d.nvidia-rmmod.conf file put into /etc/modprobe.d/nvidia-rmmod.conf provides an easy way to unload nvidia and all modules depending on it.
For this to work, nvidia has to be loaded through anything which parses modeprobe.d files like modprobe.
Nouveau can be compiled as a library from the top level directory of the Nouveau git repository. This library is usefull to write tools based on the current Nouveau code to get access to most of the subdevs from nvkm. See the Nouveau Kernel Module Documentation for more details.
With this it is possible to write a tool, which can be run alongside Nvidia to test Nouveau against Nvidia.
Be aware that Nouveau won't read the faked vbios.
Actually it is possible to modify the vbios while uploading it with nvafakebios, but a HEX editor provides a more comfortable way to modify multiple bytes at once
- Adjust your vbios
- run nvafakebios
- load Nvidia, start X
- collect data
- unload Nvidia/reboot
- repeat
It is recommended to write a script using envytools or a tool based on the Nouveau Userspace Library to have a reproduciable tests to verify and reproduce changes.
If the function of bits/bytes in the vbios isn't clear, try to collect enough data to be able to make data driven assumptions. They can be approved or disproved later on through the same means as above.
Be aware that Nvidia may fail to load if something important was changed.
#!/bin/sh
# reads out PWM0 and PWM1 state to detect changes (maybe fans are controlled through them?)
echo old state
nvapeek 0x200c4 0x18
echo lower temperature
nvaforcetemp 1
nvapeek 0x200c4 0x18
sleep 2
nvapeek 0x200c4 0x18
raise temperature
nvaforcetemp 95
nvapeek 0x200c4 0x18
sleep 2
nvapeek 0x200c4 0x18
echo reset temperature
nvaforecetemp 0initial set-up, power management
A Linux kernel module, which traces register accesses inside the MMIO space by acting as a page fault handler.
More information can be found on the ubuntu wiki: https://wiki.ubuntu.com/X/MMIOTracing
Warning: Only limited support for repeate instructions, so consecutive reads/writes aren't cought.
demmio is used to make an mmiotrace more human readable by enhancing it with known register from rnndb and also parse embedded scripts like HWSQ or SEQ ones, which are used for memory reclocking.
User-space == Per-client work, command submission (link to pfifo's documentation), OpenGL, OpenCL, etc... is implemented there
Microcodes: NVIDIA is known to use a lot of different microcodes. You may use nvdis to de-assemble them
On Optimus setups it is possible to unload the nvidia/nouveau driver and even fully reset your GPU without the need of rebooting makeing reverse engineering much faster on such systems.
bbswitch is a kernel module used alongside bumblebee to turn on/off the GPU without the need of the actual GPU driver supporting this. Just echo "ON" or "OFF" into /proc/acpi/bbswitch.
the xorg.conf.d.nouveau.conf file prevents the main X server of claiming the GPU with any driver. This way even if Nouveau gets loaded at runtime, Xorg won't claim a reference, so Nouveau can be unloaded even while X is still running.