new in a module causes page fault

[AlfaOmega08]

Do you have any idea of why the following code causes a page fault:

Code: Select all

PCI *bus = new PCI;

The page fault is at 0xFFFFFFFF! The PCI class does not have a constructor. The code is in a module loaded at runtime by the kernel.
If I instead write:

Code: Select all

PCI *bus = (PCI *) malloc(sizeof(PCI));

it works.

My code for new is:

Code: Select all

void *operator new(size_t n) {
	void *data = malloc(n);
	if (data)
		memset(data, 0, n);
	return data;
}

Thanks in advance

Edit: both EIP and CR2 are 0xFFFFFFFF

[pcmattman]

The PCI class does not have a constructor

Not even a stubbed out constructor that does nothing? Can you post the class?

[Grunt]

Not even a stubbed out constructor that does nothing?

The compiler creates one if there's no definition.

[aeritharcanum]

...The compiler instantiates one. And only if it is implicitly referenced.

[donkeeland]

The only difference between your new and malloc is one function call and the

Code: Select all

memset(data, 0, n);

Try to comment the memset and see if it fail again !

[AlfaOmega08]

Commenting the memset did not work. However the PCI class is:

Code: Select all

class PCI : public BusBase {
public:
	struct Bus {
		int PrimaryBus;
		int SecondaryBus;
	};

	struct Entry {
		int Bus;
		int Device;
		int Function;

		word VendorID;
		word DeviceID;
		word Command;
		word Status;
		byte RevisionID;
		byte ClassApi;
		byte ClassBase;
		byte ClassSub;
		byte CacheLineSize;
		byte LatencyTimer;
		byte HeaderType;
		byte SelfTestResult;
		dword AGPMode;

		dword Base0;
		dword Base1;
		dword Base2;
		dword Base3;
		dword Base4;
		dword Base5;
		dword CISPointer;
		word SubSysVendorID;
		word SubSysID;
		dword ExpROMAddr;
		byte CapabilityList;
		byte InterruptLine;
		byte InterruptPin;
		byte MinDMATime;
		byte MaxDMALatency;
		byte AGPStatus;
		byte AGPCommand;

		int Handle;
	};

	dword ReadConfig(int Bus, int Dev, int Fnc, int Offset, int Size);
	int WriteConfig(int Bus, int Dev, int Fnc, int Offset, int Size, dword Value);
	void ScanBus(int, int);
	int ReadHeader(Entry *Info, int BusNum, int DevNum, int FncNum);
	void SetMethod(int);

private:
	Spinlock PCILock;
	int Method;
};

Where the public Bus above references to:

Code: Select all

class BusBase {
};

However both classes do not have a constructor.

[AlfaOmega08]

I've added empty constructors to both PCI and BusBase. Nothing has changed. However I reduced the Init function of the module to:

Code: Select all

int Init() {
     new PCI;
}

The disassembly is:

Code: Select all

c01014d0:	55                   	push   %ebp
c01014d1:	89 e5                	mov    %esp,%ebp
c01014d3:	57                   	push   %edi
c01014d4:	56                   	push   %esi
c01014d5:	53                   	push   %ebx
c01014d6:	83 ec 1c             	sub    $0x1c,%esp
c01014d9:	c7 04 24 0c 00 00 00 	movl   $0xc,(%esp)
c01014e0:	e8 fc ff ff ff       	call   c01014e1 <_Z4Initv+0x11>
c01014e5:	89 c3                	mov    %eax,%ebx
c01014e7:	89 d8                	mov    %ebx,%eax
c01014e9:	89 04 24             	mov    %eax,(%esp)
c01014ec:	e8 fc ff ff ff       	call   c01014ed <_Z4Initv+0x1d>
c01014f1:	b8 00 00 00 00       	mov    $0x0,%eax
c01014f6:	83 c4 1c             	add    $0x1c,%esp
c01014f9:	5b                   	pop    %ebx
c01014fa:	5e                   	pop    %esi
c01014fb:	5f                   	pop    %edi
c01014fc:	5d                   	pop    %ebp
c01014fd:	c3                   	ret    
c01014fe:	89 d6                	mov    %edx,%esi
c0101500:	89 c7                	mov    %eax,%edi
c0101502:	89 1c 24             	mov    %ebx,(%esp)
c0101505:	e8 fc ff ff ff       	call   c0101506 <_Z4Initv+0x36>
c010150a:	89 f8                	mov    %edi,%eax
c010150c:	89 f2                	mov    %esi,%edx
c010150e:	89 04 24             	mov    %eax,(%esp)
c0101511:	e8 fc ff ff ff       	call   c0101512 <_Z4Initv+0x42>

I noticed this line:

Code: Select all

c01014e0:	e8 fc ff ff ff       	call   c01014e1 <_Z4Initv+0x11>

This is the one which causes the pf. However I don't know why is there...

May I have mistaken something when relocating the module?

[natp]

All of your CALL instructions are followed by the same displacement value: 0xFFFFFFFC

Is this is a disassembly of an object (.o) file?