Emulation Error (QEMU) while accessing memory

[Qeroq]

Hello.

When I'm trying to write a byte to 0x101A4E in 32bit protected mode (paging disabled) QEMU prints out an emulation failure and my kernel starts to behave strangely.

QEMU emulation failure:

rax 0000000000104020 rbx 000000000010cca8 rcx 0000000000101b46 rdx 0000000064001025
rsi 000000000002be9b rdi 000000000002be9c rsp 000000000010cbdc rbp 000000000010cc08
r8 0000000000000000 r9 000000000000ffff r10 0000000000000000 r11 000000000000ffff
r12 0000000060000010 r13 0000000000000000 r14 00007ff6d2267e98 r15 00007ff6d28aa970
rip 0000000064001025 rflags 00010016
cs 0008 (00000000/ffffffff p 1 dpl 0 db 1 s 1 type b l 0 g 1 avl 0)
ds 0010 (00000000/ffffffff p 1 dpl 0 db 1 s 1 type 3 l 0 g 1 avl 0)
es 0010 (00000000/ffffffff p 1 dpl 0 db 1 s 1 type 3 l 0 g 1 avl 0)
ss 0010 (00000000/ffffffff p 1 dpl 0 db 1 s 1 type 3 l 0 g 1 avl 0)
fs 0010 (00000000/ffffffff p 1 dpl 0 db 1 s 1 type 3 l 0 g 1 avl 0)
gs 0010 (00000000/ffffffff p 1 dpl 0 db 1 s 1 type 3 l 0 g 1 avl 0)
tr 0000 (00000000/0000ffff p 1 dpl 0 db 0 s 0 type b l 0 g 0 avl 0)
ldt 0000 (00000000/0000ffff p 1 dpl 0 db 0 s 0 type 2 l 0 g 0 avl 0)
gdt 104c64/27
idt 104044/5ff
cr0 11 cr2 0 cr3 0 cr4 0 cr8 0 efer 0
emulation failure, check dmesg for details

My memory map (retrieved from GRUB):

Start Length End
0x00000000 0x0009F400 0x0009F400 Available
0x0009F400 0x00000C00 0x000A0000 Unavailable
0x000F0000 0x00010000 0x00100000 Unavailable
0x00100000 0x01EFD000 0x01FFD000 Available
0x01FFD000 0x00003000 0x02000000 Unavailable
0xFFFBC000 0x00044000 0x00000000 Unavailable

From this map 0x101A4E should be accessible or is there an "untracked" memory hole at this position for some reason? If yes, how could I detect this?

Edit: For some reason, the error does not occur if i access this byte directly, but only when I'm looping from the position of a pointer to this location this way:

Code: Select all

((char *) kernelDirectory)[i] = 0;

Edit 2: Obviously, this is nothing about memory holes or the like, now it does not crash with 0x101A4E anymore but with 0x101A9E....

Edit 3: And for some reason this error only occurs when I'm printing out the individual writes. When I don't, the os just freezes without any error message from qemu...

Rgds, Farok

[Owen]

emulation failure, check dmesg for details

[Qeroq]

In the case QEMU REALLY logged to dmesg, this would be kinda helpful.

[Owen]

It sounds to me a lot like an error from KVM, so I would expect KVM to dump some form of error somewhere. Nothing in the syslog either?

[Qeroq]

No nothing kvm related in syslog either.

Edit: Switched of kvm (-no-kvm) and qemu gives me more of an usable error message: "Trying to execute code outside RAM or ROM at 0x20001027". Well, I'm not loading anything beyond 512M, I always stayed in the first 2M! So does QEMU mean that it is trying to write to this location on my physical machine? But what's wrong about that in a 6GB RAM 64bit system. No I guess it's the virtualized memory but why does qemu think I would want to write to this address or even execute code in there?

Edit2: Also bochs is crashing there...

[xenos]

rip 0000000064001025

Looks like your code is running in wasteland.

[Qeroq]

But why would it run there? Is this some linking-related error?
(No attempts made for higher-half kernel or the like...)

Edit: Looks like, for some reason, the linker writes to address 0x53E58955 (at least this is what I get when I print out the address of a label set at the beginning of my kernel...)

Edit 2: No the linker writes to the right address (0x100000, i.e. 1MB) but for some reason the code is not loaded to where it's supposed to be.

Edit 3: Ah, I see was happened: I'm loading my kernel code to 0x100000 but the linker sets the 'end' label I'm using to 0x0, so my code assumed that I can write my data to 0x100000...