[Acer PT14-51 Laptop] HowTo

[Stezza88]

(AppleIntelTGLGraphicsFramebuffer) [IGFB][DEBUG][DISPLAY][AppleIntelController.cpp : 6001 ][hwCRTCToIODetailedTi] pixelClock = 785400000
(AppleIntelTGLGraphicsFramebuffer) [IGFB][DEBUG][DISPLAY][AppleIntelController.cpp : 6096 ][hwCRTCToIODetailedTi] return
(AppleIntelTGLGraphicsFramebuffer) [IGFB][DEBUG][DISPLAY][AppleIntelFB.cpp         : 2675 ][getCurrentDisplayMod] Current:
(AppleIntelTGLGraphicsFramebuffer) [IGFB][DEBUG][DISPLAY][AppleIntelFB.cpp         : 2675 ][getCurrentDisplayMod]  active h=2560, v=1600
(AppleIntelTGLGraphicsFramebuffer) [IGFB][DEBUG][DISPLAY][AppleIntelFB.cpp         : 2675 ][getCurrentDisplayMod]  scaled h=0, v=0
(AppleIntelTGLGraphicsFramebuffer) [IGFB][DEBUG][DISPLAY][AppleIntelFB.cpp         : 2675 ][getCurrentDisplayMod]  pixelClock 785400000
(AppleIntelTGLGraphicsFramebuffer) [IGFB][DEBUG][DISPLAY][AppleIntelFB.cpp         : 2675 ][getCurrentDisplayMod]  scalerFlags 0
(AppleIntelTGLGraphicsFramebuffer) [IGFB][DEBUG][DISPLAY][AppleIntelFB.cpp         : 2675 ][getCurrentDisplayMod]  signalConfig 0
(AppleIntelTGLGraphicsFramebuffer) [IGFB][DEBUG][DISPLAY][AppleIntelFB.cpp         : 2694 ][getCurrentDisplayMod] Mode:0x80001000
(AppleIntelTGLGraphicsFramebuffer) [IGFB][DEBUG][DISPLAY][AppleIntelFB.cpp         : 2694 ][getCurrentDisplayMod]  active h=2560, v=1600
(AppleIntelTGLGraphicsFramebuffer) [IGFB][DEBUG][DISPLAY][AppleIntelFB.cpp         : 2694 ][getCurrentDisplayMod]  scaled h=0, v=0
(AppleIntelTGLGraphicsFramebuffer) [IGFB][DEBUG][DISPLAY][AppleIntelFB.cpp         : 2694 ][getCurrentDisplayMod]  pixelClock 285600000

(AppleIntelTGLGraphicsFramebuffer) [IGFB][DEBUG][DISPLAY][AppleIntelFB.cpp : 2166 ][setDisplayMode ] FB0: fOnline=1 aw=2560, ah=1600, sw=0, sh=0, iw=0, ih=0 pixelClock=285600000 

Maybe other values are wrong so... I don't know if it will resolve my issue.. now boot with black screen and square mouse..

x.log

Edited November 23, 2024 by Stezza88

[Stezza88]

Have tried these call

{"__ZN19AppleIntelPowerWell22hwSetPowerWellStateAuxEbj",depthFromAttributes, this->odepthFromAttributes},

{"__ZN19AppleIntelPowerWell22hwSetPowerWellStateAuxEbj",maxSupportedDepths, this->omaxSupportedDepths},

{"__ZN19AppleIntelPowerWell22hwSetPowerWellStateAuxEbj",validateModeDepths, this->ovalidateModeDepths},

but it hangs and no kp report at next boot

 

And these data values.. you have the sources of the code?

kern_gen11.hppkern_gen11.cpp

Edited November 23, 2024 by Stezza88

[jalavoui]

decompiled code comes from ghidra. they panic cause youre using wrong names / function body vars

 

also remove the wrapConnectionProbe()

 

add this code for

__ZN21AppleIntelFramebuffer19validateDisplayModeEiPPKNS_15ModeDescriptionEPPK29IODetailedTimingInformationV2

 

 

uint8_t Gen11::validateDisplayMode(void *that, int param_1,void **param_2, void **param_3)

{

auto ret= FunctionCast(validateDisplayMode, callback->ovalidateDisplayMode)(that,param_1,param_2,param_);

auto displayTimingInfo = const_cast<IODetailedTimingInformationV2 *>(reinterpret_cast<const IODetailedTimingInformationV2 *>(param_3));

if (displayTimingInfo!=nullptr) displayTimingInfo->pixelClock = 787400000;

return ret;

}

 

maybe same modification logic is need here.

__ZN21AppleIntelFramebuffer18setupDisplayTimingEPK29IODetailedTimingInformationV2PS0_

 

actually this function is used on some places. so try using same logic

__ZN21AppleIntelFramebuffer18maxSupportedDepthsEPK29IODetailedTimingInformationV2

uint8_t Gen11::maxSupportedDepths(void *param_1)

 

same here

__ZN21AppleIntelFramebuffer17validateModeDepthEPK29IODetailedTimingInformationV2j

uint8_t Gen11::validateModeDepth (void *that,void *param_1,unsigned int param_2)

 

 

this is bs code. why ? cause the function head as wrong parameters...

 

i think you got it. hope you can write the functions without bugs

Edited November 23, 2024 by jalavoui

[Stezza88]

Got a kp at "com.xxxxx.driver.AppleIntelTGLGraphicsFramebuffer : __ZN20IntelFBClientControl24vendor_doDeviceAttributeEjPmmS0_S0_P25IOExternalMethodArguments + 0x9f"

I putted displayTimingInfo->pixelClock = 785400000;

Kernel-2024-11-23-140703.panickern_gen11.cpp

Edited November 23, 2024 by Stezza88

[jalavoui]

fix the other functions. they are related

or maybe the order is wrong. try change the value before calling the function. yes this matters a lot but depends on each function

so you just have to find best way to call it - before or after main function

 

in theory this sould be correct

 

uint8_t Gen11::validateDisplayMode(void *that, int param_1,void **param_2, void **param_3){

auto displayTimingInfo = const_cast<IODetailedTimingInformationV2 *>(reinterpret_cast<const IODetailedTimingInformationV2 *>(param_3));

if (displayTimingInfo!=nullptr) displayTimingInfo->pixelClock = 785400000;

    auto ret= FunctionCast(validateDisplayMode, callback->ovalidateDisplayMode)(that,param_1,param_2,param_3);

return ret;

}

 

make sure you changing the right IODetailedTimingInformationV2 var. in this case it's param_3

in validateModeDepth() it's param_1

 

i often do this mistake. and this cause all sort of errors

the function needs tobe uint32_t and i do a mistake and set it to uint8_t

ofc this will fail

hope it's not the case

Edited November 23, 2024 by jalavoui

[Stezza88]

With the new fun always kp at __ZN20IntelFBClientControl24vendor_doDeviceAttributeEjPmmS0_S0_P25IOExternalMethodArguments + 0x9f

 

For the functions,, they are related to

{"__ZN19AppleIntelPowerWell21hwSetPowerWellStatePGEbj",hwSetPowerWellStatePG, this->ohwSetPowerWellStatePG},

but I'm using my bad hack to test

{"__ZN19AppleIntelPowerWell21hwSetPowerWellStatePGEbj",releaseDoorbell},

 

Now Itry to do a fun returning uint32_t 

Edited November 23, 2024 by Stezza88

[jalavoui]

yes use your hack or you get hangs. i think u used 2 hacks on previous nblue versions

finish all functions. they are related: validateModeDepth, maxSupportedDepths, setupDisplayTiming, validateDisplayMode

 

agdc is almost showing correct values. exception is link

 

 

think with a bit more work this will allow the frame to load

 

don't try to do a fun returning uint32_t if it expects tobe uint8_t

i sayd this is a mistake i often do

...

 

example:

AppleIntelFramebuffer::validateModeDepth
          (AppleIntelFramebuffer *this,IODetailedTimingInformationV2 *param_1,unsigned int param_2)

 

and cause u suck at coding u do this

 

AppleIntelFramebuffer::validateModeDepth
          (AppleIntelFramebuffer *this,IODetailedTimingInformationV2 *param_1,uint64_t param_2)

 

ofc doing this bad things will happen

 

why this {censored} happen? well cause ghidra, ida pro, bninja often decompiles and gives wrong types for variables

 

 

i think this function also need a patch

void Gen11::hwCRTCToIODetailedTimingInformation (void *that,void *param_1,void *param_2)

IODetailedTimingInformationV2  is *param_2

Edited November 23, 2024 by jalavoui

[Stezza88]

Adding these bad hacks to resolve kp collection

{"__ZN20IntelFBClientControl24vendor_doDeviceAttributeEjPmmS0_S0_P25IOExternalMethodArguments", releaseDoorbell},
{"__ZN21AppleIntelFramebuffer16enableControllerEv", releaseDoorbell},

got half log in all cases with validateDisplayMode fun, load of fb which crashes without report

x.log

Edited November 23, 2024 by Stezza88

[jalavoui]

are you nuts?

 

you can't disable those functions... well maybe just the vendor function but the enableController() is key

 

write the code for the functions i sayd above

Edited November 23, 2024 by jalavoui

[Stezza88]

32 minutes ago, jalavoui said:

i think this function also need a patch

void Gen11::hwCRTCToIODetailedTimingInformation (void *that,void *param_1,void *param_2)

IODetailedTimingInformationV2  is *param_2

 

this I told you me too 😛

3 minutes ago, jalavoui said:

are you nuts?

 

you can't disable those functions...

 

Finally you told me the meaning of releasedoorbell 😛

[jalavoui]

hmm right. well it's also on genx code

 

it's used to disable functions that return void()

goal is disable functions that crash

 

example this1

 

uint8_t Gen11::isPanelPowerOn()

{

return 1;

}

 

if you have a function that returns uint8_t and you want to force it return 1 ignoring the code inside you can use this

 

the problem of patching functions is that all it takes to make it wrong is a bad variable type

that's very annoying

Edited November 23, 2024 by jalavoui

[Stezza88]

One moment that for "depthFromAttributes" I must look in ghidra in windows to see the parameters

kern_gen11.cpp

Edited November 23, 2024 by Stezza88

[jalavoui]

 

i think this doesnt need a patch

 

now the vendor function is interesting cause it as a similiar patch in nred

goal is to force agdc detect card as igpu

maybe i look at it later

 

but yeah take you time

once you have all the functions patched the driver will be stable

 

and if you need a panic you can always hack with this

PANIC_COND(1==1, "nblue","xxxx %x",ret);

Edited November 23, 2024 by jalavoui

[Stezza88]

7 minutes ago, jalavoui said:

and if you need a panic you can always hack with this

PANIC_COND(1==1, "nblue","xxxx %x",ret);

 

But sometimes i've found that a kind of panic like this is not displayed or reported, it just hangs.. i think is cause multicore multithread programming, this source code driver is not synchronized, no? ...

Edited November 23, 2024 by Stezza88

[Stezza88]

On 11/21/2024 at 1:05 PM, Stezza88 said:

 

With

{"__ZN19AppleIntelPowerWell21hwSetPowerWellStatePGEbj", validateModeDepth, this->ovalidateModeDepth },

I got this on screen and no kp report

 

And got the same with "maxSupportedDepths" ...

Edited November 23, 2024 by Stezza88

[jalavoui]

why are you calling ??

{"__ZN19AppleIntelPowerWell21hwSetPowerWellStatePGEbj", validateModeDepth, this->ovalidateModeDepth },

 

if you want to disable use

 

{"__ZN19AppleIntelPowerWell21hwSetPowerWellStatePGEbj",releaseDoorbell},

 

why ? cause hwSetPowerWellStatePG returns void so

 

 

you call releaseDoorbell todo nothing

 

now this call returns undefined8 = uint8_t

 

if u wanna ignore the code and return 1 use something like this

 

 

question: why would i do this? well i won't do it unless i have a good reason

 

get nblue latest source code

dont change info.plist

upload kern_gen11.cpp when you have fixed all functions

Edited November 23, 2024 by jalavoui

[Stezza88]

kern_gen11.cpp

[jalavoui]

ok use this

fix the header missing defs gen11.hpp

 

kern_gen11.cpp

Edited November 23, 2024 by jalavoui

[Stezza88]

.

Edited November 23, 2024 by Stezza88

[Stezza88]

I modified setupDisplayTiming because it's void and you did a return in the method, modified like this

void Gen11::setupDisplayTiming (void *that,void *param_1, void *param_2){
    auto displayTimingInfo = const_cast<IODetailedTimingInformationV2 *>(reinterpret_cast<const IODetailedTimingInformationV2 *>(param_2));
    if (displayTimingInfo!=nullptr) displayTimingInfo->pixelClock = 785400000;
	FunctionCast(setupDisplayTiming, callback->osetupDisplayTiming)(that,param_1,param_2);
    /*auto ret= FunctionCast(setupDisplayTiming, callback->osetupDisplayTiming)(that,param_1,param_2);*/
    //return ret;
}

then got kp always at

"com.xxxxx.driver.AppleIntelTGLGraphicsFramebuffer : __ZN20IntelFBClientControl24vendor_doDeviceAttributeEjPmmS0_S0_P25IOExternalMethodArguments + 0x9f"

Kernel-2024-11-23-184757.panikern_gen11.cpp

Edited November 23, 2024 by Stezza88

[jalavoui]

nice seems your learning todo better code

 

the vendor kp seems after call

doAttribute(this,param_1,param_2,param_3,param_4,param_5,param_6);

 

did you try to disable vendor_doDeviceAttribute()?

 

do you have the IMEI device enabled in ioreg? this patch is for dsdt.aml with device name HECI

 

disable uint32_t Gen11::validateDetailedTiming(void *that,void *param_1,unsigned long param_2)

cause inside you have 

iVar4 = maxSupportedDepths((IODetailedTimingInformationV2 *)this);

 

try patch

Edited November 23, 2024 by jalavoui

[Stezza88]

I tryed to disable with releasedoorbell but have an other kp on

"com.xxxxx.driver.AppleIntelTGLGraphicsFramebuffer : __ZN21AppleIntelFramebuffer16enableControllerEv + 0x1356"

Kernel-2024-11-23-141607.panic

 

after i disable this second kp with releasedoorbell too but i discovered now it has not a void return so i must apply isPanelPowerOn instead, my fault, now i try

 

15 minutes ago, jalavoui said:

do you have the IMEI device enabled in ioreg?

 

i don't know what it is

Edited November 23, 2024 by Stezza88

[jalavoui]

that's kp at

 

 

patch with

find

be 04 00 00 00 48 89 da 31 c9 e8 8c ac 04 00

rep

be 04 00 00 00 48 89 da 31 c9 90 90 90 90 90

 

it's my old agdc disable patch

 

try reenable vendor code but add this patch plus

{"__ZN20IntelFBClientControl11doAttributeEjPmmS0_S0_P25IOExternalMethodArguments",wrapFBClientDoAttribute, this->orgFBClientDoAttribute},

maybe u still need vendor disable. just test it

 

it's possible all this patches to IODetailedTimingInformationV2 are breaking agdc. but we got no better option so far

Edited November 23, 2024 by jalavoui

[Stezza88]

patch with

find

be 04 00 00 00 48 89 da 31 c9 e8 8c ac 04 00

rep

be 04 00 00 00 48 89 da 31 c9 90 90 90 90 90

plus

{"__ZN20IntelFBClientControl11doAttributeEjPmmS0_S0_P25IOExternalMethodArguments",wrapFBClientDoAttribute, this->orgFBClientDoAttribute},

with this I got a bad kp at com.apple.iokit.IOGraphicsFamily : __ZN13IOFramebuffer4openEv + 0xb9f

Kernel-2024-11-23-202343.panic

Edited November 23, 2024 by Stezza88

[Stezza88]

34 minutes ago, jalavoui said:

try reenable vendor code

 

what? maybe I've understand.. all patches to pixelclock u mean

 

I try this

kern_gen11.cpp

Edited November 23, 2024 by Stezza88