Stezza88 Posted 12 hours ago Author Share Posted 12 hours ago (edited) I modified setupDisplayTiming because it's void and you did a return in the method, modified like this void Gen11::setupDisplayTiming (void *that,void *param_1, void *param_2){ auto displayTimingInfo = const_cast<IODetailedTimingInformationV2 *>(reinterpret_cast<const IODetailedTimingInformationV2 *>(param_2)); if (displayTimingInfo!=nullptr) displayTimingInfo->pixelClock = 785400000; FunctionCast(setupDisplayTiming, callback->osetupDisplayTiming)(that,param_1,param_2); /*auto ret= FunctionCast(setupDisplayTiming, callback->osetupDisplayTiming)(that,param_1,param_2);*/ //return ret; } then got kp always at "com.xxxxx.driver.AppleIntelTGLGraphicsFramebuffer : __ZN20IntelFBClientControl24vendor_doDeviceAttributeEjPmmS0_S0_P25IOExternalMethodArguments + 0x9f" Kernel-2024-11-23-184757.panikern_gen11.cpp Edited 11 hours ago by Stezza88 Link to comment Share on other sites More sharing options...
jalavoui Posted 11 hours ago Share Posted 11 hours ago (edited) nice seems your learning todo better code the vendor kp seems after call doAttribute(this,param_1,param_2,param_3,param_4,param_5,param_6); did you try to disable vendor_doDeviceAttribute()? do you have the IMEI device enabled in ioreg? this patch is for dsdt.aml with device name HECI disable uint32_t Gen11::validateDetailedTiming(void *that,void *param_1,unsigned long param_2) cause inside you have iVar4 = maxSupportedDepths((IODetailedTimingInformationV2 *)this); try patch Edited 11 hours ago by jalavoui Link to comment Share on other sites More sharing options...
Stezza88 Posted 11 hours ago Author Share Posted 11 hours ago (edited) I tryed to disable with releasedoorbell but have an other kp on "com.xxxxx.driver.AppleIntelTGLGraphicsFramebuffer : __ZN21AppleIntelFramebuffer16enableControllerEv + 0x1356" Kernel-2024-11-23-141607.panic after i disable this second kp with releasedoorbell too but i discovered now it has not a void return so i must apply isPanelPowerOn instead, my fault, now i try 15 minutes ago, jalavoui said: do you have the IMEI device enabled in ioreg? i don't know what it is Edited 11 hours ago by Stezza88 Link to comment Share on other sites More sharing options...
jalavoui Posted 11 hours ago Share Posted 11 hours ago (edited) that's kp at patch with find be 04 00 00 00 48 89 da 31 c9 e8 8c ac 04 00 rep be 04 00 00 00 48 89 da 31 c9 90 90 90 90 90 it's my old agdc disable patch try reenable vendor code but add this patch plus {"__ZN20IntelFBClientControl11doAttributeEjPmmS0_S0_P25IOExternalMethodArguments",wrapFBClientDoAttribute, this->orgFBClientDoAttribute}, maybe u still need vendor disable. just test it it's possible all this patches to IODetailedTimingInformationV2 are breaking agdc. but we got no better option so far Edited 11 hours ago by jalavoui Link to comment Share on other sites More sharing options...
Stezza88 Posted 11 hours ago Author Share Posted 11 hours ago (edited) patch with find be 04 00 00 00 48 89 da 31 c9 e8 8c ac 04 00 rep be 04 00 00 00 48 89 da 31 c9 90 90 90 90 90 plus {"__ZN20IntelFBClientControl11doAttributeEjPmmS0_S0_P25IOExternalMethodArguments",wrapFBClientDoAttribute, this->orgFBClientDoAttribute}, with this I got a bad kp at com.apple.iokit.IOGraphicsFamily : __ZN13IOFramebuffer4openEv + 0xb9f Kernel-2024-11-23-202343.panic Edited 11 hours ago by Stezza88 Link to comment Share on other sites More sharing options...
Stezza88 Posted 11 hours ago Author Share Posted 11 hours ago (edited) 34 minutes ago, jalavoui said: try reenable vendor code what? maybe I've understand.. all patches to pixelclock u mean I try this kern_gen11.cpp Edited 10 hours ago by Stezza88 Link to comment Share on other sites More sharing options...
Stezza88 Posted 10 hours ago Author Share Posted 10 hours ago (edited) I got this kp with last agdc patch plus the request ( {"__ZN20IntelFBClientControl11doAttributeEjPmmS0_S0_P25IOExternalMethodArguments",wrapFBClientDoAttribute, this->orgFBClientDoAttribute}, ) toggling all pixelclock patches (kern_gen11 above) com.apple.iokit.IOGraphicsFamily : __ZN13IOFramebuffer25extValidateDetailedTimingEP8OSObjectPvP25IOExternalMethodArguments + 0x57 Kernel-2024-11-23-204238.panic Edited 10 hours ago by Stezza88 Link to comment Share on other sites More sharing options...
Stezza88 Posted 10 hours ago Author Share Posted 10 hours ago (edited) One moment, but this you told me to use {"__ZN20IntelFBClientControl11doAttributeEjPmmS0_S0_P25IOExternalMethodArguments",wrapFBClientDoAttribute, this->orgFBClientDoAttribute}, is a different call, it not resolve the kp I had on "com.xxxxx.driver.AppleIntelTGLGraphicsFramebuffer : __ZN20IntelFBClientControl24vendor_doDeviceAttributeEjPmmS0_S0_P25IOExternalMethodArguments + 0x9f" Edited 10 hours ago by Stezza88 Link to comment Share on other sites More sharing options...
Stezza88 Posted 10 hours ago Author Share Posted 10 hours ago (edited) Resuming: it is {"__ZN21AppleIntelFramebuffer19validateDisplayModeEiPPKNS_15ModeDescriptionEPPK29IODetailedTimingInformationV2", validateDisplayMode, this->ovalidateDisplayMode}, uint8_t Gen11::validateDisplayMode(void *that, int param_1,void *param_2, void *param_3){ auto displayTimingInfo = const_cast<IODetailedTimingInformationV2 *>(reinterpret_cast<const IODetailedTimingInformationV2 *>(param_3)); if (displayTimingInfo!=nullptr) displayTimingInfo->pixelClock = 785400000; auto ret= FunctionCast(validateDisplayMode, callback->ovalidateDisplayMode)(that,param_1,param_2,param_3); return ret; } that make this kp at __ZN20IntelFBClientControl24vendor_doDeviceAttributeEjPmmS0_S0_P25IOExternalMethodArguments So, without it I got a new kp at com.xxxxx.driver.AppleIntelTGLGraphicsFramebuffer : __ZN21AppleIntelFramebuffer19getPixelInformationEiiiP18IOPixelInformation + 0x131 kern_gen11.cppKernel-2024-11-23-212319.panic Edited 10 hours ago by Stezza88 Link to comment Share on other sites More sharing options...
Stezza88 Posted 10 hours ago Author Share Posted 10 hours ago (edited) 1 hour ago, jalavoui said: nice seems your learning todo better code the vendor kp seems after call doAttribute(this,param_1,param_2,param_3,param_4,param_5,param_6); did you try to disable vendor_doDeviceAttribute()? do you have the IMEI device enabled in ioreg? this patch is for dsdt.aml with device name HECI disable uint32_t Gen11::validateDetailedTiming(void *that,void *param_1,unsigned long param_2) cause inside you have iVar4 = maxSupportedDepths((IODetailedTimingInformationV2 *)this); try patch I read this by now.. one moment.. now I try this way too instead of mine.. I removed heci to imei, disabled validateDetailedTiming and I did a simple void Gen11::SetupTimings(void *that, void *param_1, void *param_2, void *param_3, void *param_4){ FunctionCast(setupDisplayTiming, callback->osetupDisplayTiming)(that,param_1,param_2, param_3, param_4); } but in ida pro is 3 params AppleIntelBaseController::SetupTimings(AppleIntelFramebuffer *, AppleIntelDisplayPath *, IODetailedTimingInformationV2 const*, CRTCParams *) at __ZN24AppleIntelBaseController12SetupTimingsEP21AppleIntelFramebufferP21AppleIntelDisplayPathPK29IODetailedTimingInformationV2P10CRTCParams now I look in ghidra before test In ghidra i got so your is good void __thiscall AppleIntelBaseController::SetupTimings (undefined8 param_1_00,long param_2,undefined8 param_3_00,long param_4,long param_5) Edited 9 hours ago by Stezza88 Link to comment Share on other sites More sharing options...
jalavoui Posted 9 hours ago Share Posted 9 hours ago (edited) try instead of ** call it with only * i mean remove double pointer AppleIntelFramebuffer::validateDisplayMode (AppleIntelFramebuffer *this,int param_1,ModeDescription *param_2, IODetailedTimingInformationV2 *param_3) doubt that helps ghidra gives better args void AppleIntelBaseController::SetupTimings (AppleIntelBaseController *this,AppleIntelFramebuffer *param_1, AppleIntelDisplayPath *param_2,IODetailedTimingInformationV2 *param_3,CRTCParams *param_4) var to change is IODetailedTimingInformationV2 *param_3 so it stays void Gen11::SetupTimings(void *that, void *param_1, void *param_2, void *param_3, void *param_4){ auto displayTimingInfo = const_cast<IODetailedTimingInformationV2 *>(reinterpret_cast<const IODetailedTimingInformationV2 *>(param_3)); if (displayTimingInfo!=nullptr) displayTimingInfo->pixelClock = 785400000; FunctionCast(setupDisplayTiming, callback->osetupDisplayTiming)(that,param_1,param_2, param_3, param_4); } the IMEI device is enabled on my system if you remove all pixel and agdc functions + new patches does it gives a full log ? better start this way then try reenable patches/functions if it doesnt give kp you need tobe sure the base version is stable so you can try new patches. do you need f19 and f13b patches for stable version? Edited 9 hours ago by jalavoui Link to comment Share on other sites More sharing options...
Stezza88 Posted 8 hours ago Author Share Posted 8 hours ago (edited) I'm restarting the resume : with this conf it boot with black screen and square mouse kern_gen11.cpp Adding {"__ZN21AppleIntelFramebuffer18maxSupportedDepthsEPK29IODetailedTimingInformationV2", maxSupportedDepths, this->omaxSupportedDepths}, {"__ZN21AppleIntelFramebuffer17validateModeDepthEPK29IODetailedTimingInformationV2j", validateModeDepth, this->ovalidateModeDepth}, got kp com.xxxxx.driver.AppleIntelTGLGraphicsFramebuffer : __ZN21AppleIntelFramebuffer19getPixelInformationEiiiP18IOPixelInformation + 0x131 Adding {"__ZN21AppleIntelFramebuffer19validateDisplayModeEiPPKNS_15ModeDescriptionEPPK29IODetailedTimingInformationV2", validateDisplayMode, this->ovalidateDisplayMode}, got kp "com.xxxxx.driver.AppleIntelTGLGraphicsFramebuffer : __ZN20IntelFBClientControl24vendor_doDeviceAttributeEjPmmS0_S0_P25IOExternalMethodArguments + 0x9f" 1 hour ago, jalavoui said: try instead of ** call it with only * I already changed it to single pointer Good log started at 22:46:37.072433+0100 x.log.zip Edited 8 hours ago by Stezza88 Link to comment Share on other sites More sharing options...
Stezza88 Posted 8 hours ago Author Share Posted 8 hours ago (edited) Implementing the method like you said in last post {"__ZN21AppleIntelFramebuffer18setupDisplayTimingEPK29IODetailedTimingInformationV2PS0_", setupDisplayTiming, this->osetupDisplayTiming}, void Gen11::setupDisplayTiming(void *that, void *param_1, void *param_2, void *param_3, void *param_4){ auto displayTimingInfo = const_cast<IODetailedTimingInformationV2 *>(reinterpret_cast<const IODetailedTimingInformationV2 *>(param_3)); if (displayTimingInfo!=nullptr) displayTimingInfo->pixelClock = 785400000; FunctionCast(setupDisplayTiming, callback->osetupDisplayTiming)(that,param_1,param_2, param_3, param_4); } got kp at "com.xxxxx.driver.AppleIntelTGLGraphicsFramebuffer : __ZN21AppleIntelFramebuffer14setDisplayModeEii + 0x5c5" Kernel-2024-11-23-230243.panic Implementing it like this {"__ZN21AppleIntelFramebuffer18setupDisplayTimingEPK29IODetailedTimingInformationV2PS0_", setupDisplayTiming, this->osetupDisplayTiming}, void Gen11::setupDisplayTiming (void *that,void *param_1, void *param_2){ auto displayTimingInfo = const_cast<IODetailedTimingInformationV2 *>(reinterpret_cast<const IODetailedTimingInformationV2 *>(param_2)); if (displayTimingInfo!=nullptr) displayTimingInfo->pixelClock = 785400000; FunctionCast(setupDisplayTiming, callback->osetupDisplayTiming)(that,param_1,param_2); } got no kp I think that these two methods are from two different requests Ghidra tells to me __ZN24AppleIntelBaseController12SetupTimingsEP21AppleIntelFramebufferP21AppleIntelDisplayPathPK29IODetailedTimingInformationV2P10CRTCParams /* WARNING: Globals starting with '_' overlap smaller symbols at the same address */ /* AppleIntelBaseController::SetupTimings(AppleIntelFramebuffer*, AppleIntelDisplayPath*, IODetailedTimingInformationV2 const*, CRTCParams*) */ void __thiscall AppleIntelBaseController::SetupTimings (undefined8 param_1_00,long param_2,undefined8 param_3_00,long param_4,long param_5) so i think it has only that + 3 params Edited 8 hours ago by Stezza88 Link to comment Share on other sites More sharing options...
jalavoui Posted 8 hours ago Share Posted 8 hours ago (edited) you found a bug this as 3 params only. nice fix if all is working guess only question is validateDisplayMode() correct declaration bninja doesnt help vs so i solve this using wg code static IOReturn validateDisplayMode(IOService *framebuffer, uint32_t mode, void const **modeDescription, IODetailedTimingInformationV2 **timing) { also add code to change pixel inside this Edited 8 hours ago by jalavoui Link to comment Share on other sites More sharing options...
jalavoui Posted 8 hours ago Share Posted 8 hours ago (edited) yes the names are similiar SetupTimings (5 params) and setupDisplayTiming (3 params) check wg code i just posted. you can use void instead of typed names like ioservice, etc) IOReturn validateDisplayMode(void *framebuffer, uint32_t mode, void const **modeDescription, void **timing) Edited 8 hours ago by jalavoui Link to comment Share on other sites More sharing options...
Stezza88 Posted 7 hours ago Author Share Posted 7 hours ago (edited) @jalavoui Implemented like this IOReturn Gen11::validateDisplayMode(void *framebuffer, uint32_t mode, void const **modeDescription, void **timing){ auto displayTimingInfo = const_cast<IODetailedTimingInformationV2 *>(reinterpret_cast<IODetailedTimingInformationV2 *>(timing)); if (displayTimingInfo!=nullptr) displayTimingInfo->pixelClock = 785400000; auto ret =FunctionCast(validateDisplayMode,callback->ovalidateDisplayMode)(framebuffer,mode,modeDescription,timing); return ret; } got kp at "com.xxxxx.driver.AppleIntelTGLGraphicsFramebuffer : __ZN20IntelFBClientControl24vendor_doDeviceAttributeEjPmmS0_S0_P25IOExternalMethodArguments + 0x9f" like always Kernel-2024-11-24-001723.panic Edited 7 hours ago by Stezza88 Link to comment Share on other sites More sharing options...
jalavoui Posted 7 hours ago Share Posted 7 hours ago (edited) try double pointer call at auto displayTimingInfo = const_cast<IODetailedTimingInformationV2 *>(reinterpret_cast<IODetailedTimingInformationV2 *>(timing)); or just disable for now the pixel var displayTimingInfo to check if the function call works - means parameters are well defined nblue as code to load adlp firmware. Edited 7 hours ago by jalavoui Link to comment Share on other sites More sharing options...
Stezza88 Posted 6 hours ago Author Share Posted 6 hours ago Disabling IOReturn Gen11::validateDisplayMode(void *framebuffer, uint32_t mode, void const **modeDescription, void **timing){ //auto displayTimingInfo = const_cast<IODetailedTimingInformationV2 *>(reinterpret_cast<IODetailedTimingInformationV2 *>(timing)); //if (displayTimingInfo!=nullptr) displayTimingInfo->pixelClock = 785400000; auto ret =FunctionCast(validateDisplayMode,callback->ovalidateDisplayMode)(framebuffer,mode,modeDescription,timing); return ret; } it boot always black screen and square mouse, so the call it works.. Now, I try this IOReturn Gen11::validateDisplayMode(void *framebuffer, uint32_t mode, void const **modeDescription, void **timing){ auto displayTimingInfo = const_cast<IODetailedTimingInformationV2 **>(reinterpret_cast<IODetailedTimingInformationV2 **>(timing)); if (displayTimingInfo!=nullptr) (*displayTimingInfo)->pixelClock = 785400000; auto ret =FunctionCast(validateDisplayMode,callback->ovalidateDisplayMode)(framebuffer,mode,modeDescription,timing); return ret; } Link to comment Share on other sites More sharing options...
jalavoui Posted 6 hours ago Share Posted 6 hours ago can you try call with this check to skip if pw=pg2 ? void Gen11::hwSetPowerWellStatePG(void *that,bool param_1,uint param_2) { getMember<void *>(that, 0x78) = ccont; if (((param_2 & 8 != 0) return; FunctionCast(hwSetPowerWellStatePG, callback->ohwSetPowerWellStatePG)(that,param_1,param_2); } Link to comment Share on other sites More sharing options...
Stezza88 Posted 6 hours ago Author Share Posted 6 hours ago (edited) BTW, got kp at "com.xxxxx.driver.AppleIntelTGLGraphicsFramebuffer : __ZN24AppleIntelBaseController13GetLinkConfigEP16AGDCLinkConfig_tS1_ + 0x492" Kernel-2024-11-24-010949.panic now try this void Gen11::hwSetPowerWellStatePG(void *that,bool param_1,uint param_2) { getMember<void *>(that, 0x78) = ccont; if((param_2 & 8) != 0) return; FunctionCast(hwSetPowerWellStatePG, callback->ohwSetPowerWellStatePG)(that,param_1,param_2); } Edited 6 hours ago by Stezza88 Link to comment Share on other sites More sharing options...
jalavoui Posted 6 hours ago Share Posted 6 hours ago (edited) AppleGraphicsDeviceControl doesnt like you. maybe cause you patched agdc call with bytes at enablecontroller ? also check if you still need to disable this code cause here the lcd-powerstate is changed Edited 6 hours ago by jalavoui Link to comment Share on other sites More sharing options...
Stezza88 Posted 6 hours ago Author Share Posted 6 hours ago (edited) 6 minutes ago, Stezza88 said: void Gen11::hwSetPowerWellStatePG(void *that,bool param_1,uint param_2) { getMember<void *>(that, 0x78) = ccont; if((param_2 & 8) != 0) return; FunctionCast(hwSetPowerWellStatePG, callback->ohwSetPowerWellStatePG)(that,param_1,param_2); } It doesn't skip, got vertical bars Edited 6 hours ago by Stezza88 Link to comment Share on other sites More sharing options...
jalavoui Posted 6 hours ago Share Posted 6 hours ago (edited) your link panic is here. after this call means the function call is bugged. wrong parameters type or pointers in function? if the hwSetPowerWellStatePG() fix doesnt kp keep it. cause the remaining code of the function is now working the firmware hang at hwConfigureCustomAUX() need tobe fixed. gonna updated nblue to call by default. try test with adl code maybe the linkconfig and others calls pass zero to modedescript and a pointer to iodetailedtimmg so try this IOReturn Gen11::validateDisplayMode(void *framebuffer, uint32_t mode, void const **modeDescription, void **timing){ if (modeDescription!=nullptr) { auto displayTimingInfo = const_cast<IODetailedTimingInformationV2 **>(reinterpret_cast<IODetailedTimingInformationV2 **>(timing)); if (displayTimingInfo!=nullptr) (*displayTimingInfo)->pixelClock = 785400000; } auto ret =FunctionCast(validateDisplayMode,callback->ovalidateDisplayMode)(framebuffer,mode,modeDescription,timing); return ret; } Edited 5 hours ago by jalavoui Link to comment Share on other sites More sharing options...
Stezza88 Posted 6 hours ago Author Share Posted 6 hours ago 12 minutes ago, jalavoui said: if the hwSetPowerWellStatePG() fix doesnt kp keep it. hwSetPowerWellStatePG() fix did a kp with vertical bars Link to comment Share on other sites More sharing options...
jalavoui Posted 6 hours ago Share Posted 6 hours ago (edited) ok you can disable and try to fix later with this logic -check kernel panic log line found the bug of validateDisplayMode here the value is passed at function call end so the patch as tobe at function end IOReturn Gen11::validateDisplayMode(void *framebuffer, uint32_t mode, void const **modeDescription, void **timing){ auto ret =FunctionCast(validateDisplayMode,callback->ovalidateDisplayMode)(framebuffer,mode,modeDescription,timing); if (timing != (IODetailedTimingInformationV2 **)0x0) { auto displayTimingInfo = const_cast<IODetailedTimingInformationV2 **>(reinterpret_cast<IODetailedTimingInformationV2 **>(timing)); (*displayTimingInfo)->pixelClock = 785400000; // not sure if (*displayTimingInfo) works maybe just displayTimingInfo } return ret; } Edited 5 hours ago by jalavoui Link to comment Share on other sites More sharing options...
Recommended Posts