Page 1 of 1
Page fault on instruction fetch after iret
Posted: Wed Apr 13, 2005 9:29 pm
by Guest
As a test I decide I'll try making an infinite loop in user mode.
So, I allocate a page frame, page it in (user, rw, present) to 0x10000, and copy two bytes to it, 0xeb and 0xfe (jmp $).
I then allocate another page frame, page it in (user, rw, supervisor) to 0x20000, and set the ss0 and esp0 values in my TSS to refer to it. (0x10:0x20FFF)
I then push the following onto the stack:
0x23 (user ss)
0x10FFF (user esp)
0x2 (eflags)
0x1b (user cs)
0x10000 (user eip)
I then perform an iret.
Immediately after my kernel reports a page fault, eip and cr2 = 0x10000. This confuses me. Any really dumb common ultra-beginner mistake I'm making here?
Re:Page fault on instruction fetch after iret
Posted: Thu Apr 14, 2005 2:05 am
by Pype.Clicker
there's at least one ?ber-newbie mistake: your stack pointer should be aligned on a dword. make it 0x20FFC rather than 0x20FFF.
With 0x20FFF who knows if the cpu will not try to access 0x21001..0x21003 ... Honnestly i cannot remind whether ESP is decremented _prior_ or _after_ value is pushed.
Re:Page fault on instruction fetch after iret
Posted: Thu Apr 14, 2005 4:23 am
by AR
ESP is decremented before (according to Bochs). ESP actually points to the last item on the stack, not empty space... so 0x20FFF is perfectly valid.
The usual suspect when stuff like that happens is the paging code, make sure the page table entry is valid and you didn't miss something and that the page directory entry is set correctly as well.
Re:Page fault on instruction fetch after iret
Posted: Thu Apr 14, 2005 4:33 am
by Guest
Alright, aligned to dwords. Although since the decrement is first: 0x21000, yes? I tried 20FFC, too, seems to work the same. Either way the CPU resets (rather than showing the page fault) if I deliberately make it so that there is a page fault when the ring 0 ISR starts pushing stuff (with say, esp = 0x21001). With 0x21000 and 0x20FFC, it spits out the fault message just fine.
Even so, there's still the original page fault in user mode.
Re:Page fault on instruction fetch after iret
Posted: Thu Apr 14, 2005 5:04 am
by AR
Guest wrote:
Alright, aligned to dwords. Although since the decrement is first: 0x21000, yes?
No, 0x0 to 0xFFF = 4096 bytes, 0x20000 to 0x21000 = 4097 bytes, addresses are 0 not 1 based. (Which is how 0xFFFFFFFF = 4GB even though it looks like 4GB-1byte) It should be 0x20FFF.
I'd suggest not moving the stack at all, if the stack is valid then it should be fine using the one it was already using for the time being.
Re:Page fault on instruction fetch after iret
Posted: Thu Apr 14, 2005 5:50 am
by richie
Hi
Perhaps you should print out the errorcode the cpu pushes on the stack when a page fault occures. There you can see what exactly went wrong.
It seems that something with the access right went wrong. Did you have set the U/S Bit in both the page table and the page directory?
Re:Page fault on instruction fetch after iret
Posted: Thu Apr 14, 2005 6:01 am
by Pype.Clicker
Guest wrote:
Even so, there's still the original page fault in user mode.
any chance you're missing proper 'User' bit set in the page
directory entry ?
Re:Page fault on instruction fetch after iret
Posted: Thu Apr 14, 2005 11:57 am
by Guest
Pype.Clicker wrote:
any chance you're missing proper 'User' bit set in the page directory entry ?
Whoa. Yes, come to think of it, that's probably the problem. I'll just have to fix that when I get home. Thank you for mentioning that.