V86 breaks at every instruction

[Guest]

Hello, i am writing a V86 Monitor but i have problems because V86 breaks at every instruction.
For example it calls a GPF at instructions like 0x80, 0x55...
I tried V86 and CR4.VME in VMware and all works.
But Qemu and some CPUs doesnt support VME so.....
Does anyone know whats wrong ?

[Pype.Clicker]

well, when no VME is available, instructions such as "INT nn" needs to be emulated. What exactly is the buggy setup ? are you assuming VME enabled for non-VME cpus ?

You certainly know IOPL and the IOMAP will have an impact on your V86 task ...

[Guest]

Heres the setup code.

Code: Select all

u8 *ptr = (u8*)0x1000;
   *ptr++ = 0xcd; // int 0x10
   *ptr++ = 0x10;
   *ptr++ = 0xf4; // hlt


   vm86.ss0 = vm86.ss1 = vm86.ss2 = 0x10;
   vm86.esp0 = vm86.esp1 = vm86.esp2 = 0xA000;
   vm86.ebp = vm86.esp = 0x900;
   vm86.eflags = EFLAGS_VM | EFLAGS_1;
   vm86.es = 0;
   vm86.cs = 0;
   vm86.ds = 0;
   vm86.ss = 0;
   vm86.eip = 0x1000;
   vm86.eax = 0x13;
   vm86.trace = 0;
   vm86.cr3 = 0x100000;
   vm86.io_map_base = sizeof(TaskStateSegment) - 32/*redirection bitmap for  vme*/ - IO_MAP_BYTES;


   __asm__("ljmp $0x40, $0");

I know that it calls a GPF on instructions like cli, sti....
But the problem is that it for example calls a GPF on
"OR" instruction.

[Pype.Clicker]

well, if it was raising a page fault (rather than a GPF), i'd say you forgot to grant user priviledges to the BIOS and other pages, but a GPF ...

All i can guess is that somehow the code you're running is actually using a 32bit offset that goes beyond 64K, but that sounds awkward. I suggest you use the debugging mode of QEMU, set a breakpoint where you're supposed to start VM86 operations and execute things step by step from there to see what's wrong ...

[Guest]

I think i know the error now !
First i set the code at 0x1000 to int 0x66 (0xcd, 0x66).
Then i hooked int 0x66 in my monitor to set the code at 0x1000
to "jmp $ (0xeb, 0xfe)" and set vm86.eip to 0x1000.
When it now returns to V86 task it calls again a GPF with with instruction 0xeb. So i think when it jumps back to the V86 task there is a GPF and my code handles it like V86 GPF.
So is there something special to do when returning from GPF handler to V86 Task ?

[Guest]

Btw, does the V86 GPF handler need to be a task gate ?

[Pype.Clicker]

Afaik, you could perfectly use a "regular" interrupt gate for handling GPF. You have to do the choice once, btw: if you go for task gate, every GPF (be it from VM86, from user programs or from kernel) will cause a hardware task switch.

I couldn't tell for sure. Honnestly, the implementation of VM86 support in the OSLIB was rather good ... and it works, as soon as you have the paging-related stuff fixed.

It might well be a good idea to give a look at it.

Btw, i'm not 100% sure i got what you meant about modifying the code at 0x1000 and stuff ... Do you mean you try to replace the instruction so that you can tell if you managed to return from the trap or not ?

[Guest]

Yes. I replaced the instruction to "jmp $" so that i know that i successful returned. But on the return i get a GPF.

Do you mean http://oslib.sourceforge.net/ this OSLib ?

[Pype.Clicker]

yeah. that one. the VM monitor & setup is in the xlib. btw, have you managed to run the code in some "debugging mode" to see when things go wrong ?
And more precisely, if the processor reaches the "jmp $" address before it raises another GPF or if a new GPF arise _while handling the first one_ ?

[Guest]

Ok, it works now with a task gate.