'Re: [Bochs-developers] regression between 2.3.6 and 2.3.7/HEAD,'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bochs-dev
Subject:    Re: [Bochs-developers] regression between 2.3.6 and 2.3.7/HEAD,
From:       "Stanislav Shwartsman" <stlintel () gmail ! com>
Date:       2008-09-11 21:48:01
Message-ID: 000101c91458$125a86d0$370f9470$ () com
[Download RAW message or body]

It is might be hard to think about this scenario but imagine the following
code:

HARDWARE RESET - POWER ON
f000:fff0 (unk. ctxt): jmp far 0100:0000         ; ea00000001
0100:0000 (unk. ctxt): mov ax, 0x0200            ; b80002
0100:0003 (unk. ctxt): mov ds, ax                ; 8ed8
0100:0005 (unk. ctxt): mov ax, 0x0300            ; b80003
0100:0008 (unk. ctxt): mov ss, ax                ; 8ed0
0100:000a (unk. ctxt): mov esp, 0x00000100       ; 66bc00010000
0100:0010 (unk. ctxt): mov eax, cr0              ; 660f20c0
0100:0014 (unk. ctxt): or eax, 0x00000001        ; 660d01000000
0100:001a (unk. ctxt): mov cr0, eax              ; 660f22c0
0100:001e (unk. ctxt): mov ax, 0x0000            ; b80000
0100:0021 (unk. ctxt): mov ds, ax                ; 8ed8
0100:0023 (unk. ctxt): mov eax, cr0              ; 660f20c0
0100:0027 (unk. ctxt): and eax, 0xfffffffe       ; 6625feffffff
0100:002d (unk. ctxt): mov cr0, eax              ; 660f22c0
0100:0031 (unk. ctxt): mov ds, word ptr ds:0x1000 ; 8e1e0010
00000000014e[CPU0 ] read_virtual_checks(): segment descriptor not valid
CPU 0: Exception 0x0d - (#GP) general protection fault occured
(error_code=0x0000)
CPU 0: Interrupt 0x0d occured (error_code=0x0000)

This code sets protected mode, load the invalid segment selector to DS and
goes back to real mode.
Instruction 0100:0031 already executed in real mode, 16-bit real mode,
nothing special.
But attempting to execute the instruction 0100:0031 will crash with #GP
because of accessing invalidated segment selector (like in protected mode).
All segments have valid bit which is set to VALID when reset processor for
real mode or loading segment in real mode. But you load NULL selector in
protected mode the valid bit is not set. And even if you get back to real
mode you will keep crashing on invalid segment.

Stanislav

-----Original Message-----
From: David Laight [mailto:dsl@l8s.co.uk] On Behalf Of David Laight
Sent: Friday, September 12, 2008 12:06 AM
To: Andriy Gapon
Cc: Stanislav Shwartsman; bochs-developers@lists.sourceforge.net
Subject: Re: [Bochs-developers] regression between 2.3.6 and 2.3.7/HEAD, pls
help to debug

On Thu, Sep 11, 2008 at 11:50:57PM +0300, Andriy Gapon wrote:
> 
> BTW, I see that parse_selector() sets selector index to value >> 3, so 
> index gets to be zero if the value is zero. But I wonder why index is 
> non-zero (2) before SMM, SS selector value was zero then as well.
> Just a little bit puzzled.

Certainly SS==CS==DS==ES==0 is valid in real mode.
A lot of boot code will explicitly set them (just in case the
values passed by the BIOS are 'random'.

Maybe (somehow) the segment limit register has got to be other
than 0xffff ???

	David

-- 
David Laight: david@l8s.co.uk


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
bochs-developers mailing list
bochs-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bochs-developers
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic