Reboot loop when enabling PAE

[cmr]

I'm getting a reboot in qemu when setting the PAE flag with paging off. It dies after the setcr4 at https://github.com/cmr/cmoss/blob/maste ... ader.c#L54. Afaict from the Intel and AMD manuals, just enabling PAE shouldn't cause problems when it doesn't dump the normal triple fault output and inspecting registers from the monitor doesn't show anything telling to me. Am I misunderstanding or doing something wrong?

[xenos]

Actually enabling PAE shouldn't do any harm - it looks rather similar in my kernel:

https://sourceforge.net/p/xenos/code/HE ... try.S#l113

Have you tried it in Bochs? Usually it gives you more information in its log file.

[cmr]

I got bochs up and running, but I can't quite figure out how to get it to emulate amd64. Do I need to manually set all the proper cpuid bits? Will that be enough?

[xenos]

You need a Bochs version which is compiled with --enable-x86-64 to emulate amd64 - it will then do so by default. Where did you get your version? If it's from a Linux repository, it might be outdated. I'm not quite sure whether the pre-compiled binaries at http://bochs.sourceforge.net/getcurrent.html have amd64 enabled - I rather compile it myself (actually several binaries with different configure parameters, depending on what I intend to emulate).

[cmr]

I built 2.6.2, and thought I had passed

Code: Select all

--enable-x86-64

. I'll recheck when I get home. I did have a

Code: Select all

cpuid: x86_64=1

line in my config, maybe that was throwing it off?

The condition at https://github.com/cmr/cmoss/blob/maste ... ader.c#L20 fails, which just checks cpuid (https://github.com/cmr/cmoss/blob/maste ... puid.h#L15)

[xenos]

Shouldn't that be a shift by 29 instead of 28? Besides, your code only tests whether there are bits set with relative bit offsets (19 - 10) and (28 - 19), so you need to add another & 1 to make sure it really tests only one bit. My code actually tests only bit 29 (long mode supported):

https://sourceforge.net/p/xenos/code/HE ... ntry.S#l79

Bochs gives me 0x2a100800 in EDX, so bit 29 is set. I don't recall the meaning of bits 10 and 19 right now, but they are not set. However, 11 and 20 are set, so actually your code should return 0x2.

[cmr]

Shouldn't that be a shift by 29 instead of 28?

Ah yes, it's bit 29, not the 29th bit. Poo! Thanks for pointing that out.

Besides, your code only tests whether there are bits set with relative bit offsets (19 - 10) and (28 - 19), so you need to add another & 1 to make sure it really tests only one bit.

Another good catch, thanks!

My code actually tests only bit 29 (long mode supported):

https://sourceforge.net/p/xenos/code/HE ... ntry.S#l79

Bochs gives me 0x2a100800 in EDX, so bit 29 is set. I don't recall the meaning of bits 10 and 19 right now, but they are not set. However, 11 and 20 are set, so actually your code should return 0x2.

I meant to check bit 11 and 20, which is syscall/sysret and the NX bit.

[xenos]

Ah, right. Maybe you could dump the contents of EDX? Just to see whether Bochs is really setting the correct bits in there, and whether your code is not finding them, or the other way round.

[cmr]

Ah, right. Maybe you could dump the contents of EDX? Just to see whether Bochs is really setting the correct bits in there, and whether your code is not finding them, or the other way round.

Well, this is discouraging. Dumping edx with:

Code: Select all

int x = cpuid(0x80000001).edx; 
char s[32];                    
itoa(x, s, 10);                
DIE(s);                        

gives me 705691648, which is 2A100000, or 101010000100000000000000000000, which has bit 11 clear... bochs is supposed to support syscall/sysret, isn't it?

[xenos]

This is strange, I get 0x2a100800... What does your bochsrc look like? And what are the complete configure parameters?

[cmr]

https://github.com/cmr/cmoss/blob/master/bochsrc

And the configure is:

Code: Select all

./configure --with-all-libs --enable-x86-debug --enable-cdrom --enable-avx --enable-fast-function-calls --enable-usb --enable-x86-64 --prefix=$HOME/.local                                           

[xenos]

Looks rather similar for me...

Code: Select all

./configure --with-x11 --with-sdl --enable-pci --enable-x86-64

And in my bochsrc there's nothing really exciting, only keyboard stuff, log options and choice of this BIOS:

Code: Select all

romimage: file="$BXSHARE/BIOS-bochs-latest", address=0xfffe0000
vgaromimage: file="$BXSHARE/VGABIOS-elpin-2.40"

Does your host CPU have this bit enabled? I'm not sure whether Bochs is reflecting the feature flags from the host here... Maybe the bochs devs can help on this.

I just saw that is what I get in my Bochs log file at startup:

Code: Select all

i00000000000:0000fff0[CPU0 ] CPUID[0x00000000]: 00000005 756e6547 6c65746e 49656e69
i00000000000:0000fff0[CPU0 ] CPUID[0x00000001]: 00000633 00010800 00002008 1fcbfbff
i00000000000:0000fff0[CPU0 ] CPUID[0x00000002]: 00410601 00000000 00000000 00000000
i00000000000:0000fff0[CPU0 ] CPUID[0x00000003]: 00000000 00000000 00000000 00000000
i00000000000:0000fff0[CPU0 ] CPUID[0x00000004]: 00000000 00000000 00000000 00000000
i00000000000:0000fff0[CPU0 ] CPUID[0x00000005]: 00000040 00000040 00000003 00000020
i00000000000:0000fff0[CPU0 ] CPUID[0x80000000]: 80000008 00000000 00000000 00000000
i00000000000:0000fff0[CPU0 ] CPUID[0x80000001]: 00000000 00000000 00000101 2a100000
i00000000000:0000fff0[CPU0 ] CPUID[0x80000002]: 20202020 20202020 20202020 6e492020
i00000000000:0000fff0[CPU0 ] CPUID[0x80000003]: 286c6574 50202952 69746e65 52286d75
i00000000000:0000fff0[CPU0 ] CPUID[0x80000004]: 20342029 20555043 20202020 00202020
i00000000000:0000fff0[CPU0 ] CPUID[0x80000005]: 01ff01ff 01ff01ff 40020140 40020140
i00000000000:0000fff0[CPU0 ] CPUID[0x80000006]: 00000000 42004200 02008140 00000000
i00000000000:0000fff0[CPU0 ] CPUID[0x80000007]: 00000000 00000000 00000000 00000000
i00000000000:0000fff0[CPU0 ] CPUID[0x80000008]: 00003028 00000000 00000000 00000000

Also there you can see 0x2a100000 in the line 0x80000001, just as you also get. But when I check it later (after enabling long mode and syscall/sysret), I get 0x2a100800. I'm not sure whether this is a bug or intentional...

[cmr]

I haven't been able to work out the cpuid thing yet, but commenting out that check, I did figure out that the problem with enabling PAE was 1. I had not GDT, 2. I had no IDT. Setting those both to dummy (but correct) values gets me at least into compatibility mode (according to bochs).

[cmr]

cpu_configurability.txt in the bochs source says "On Intel SYSCALL/SYSRET supported in long mode only, AMD allow protected mode as well," so maybe I don't need to check that it exists at all (isn't it defined as part of AMD64 and by extension EM64T?)

[xenos]

Yes, afaik it should be... That's why I'm surprised about these feature flags.