OSDev.org

The Place to Start for Operating System Developers
http://f.osdev.org/

Interrupt crash from ring 3

http://f.osdev.org/viewtopic.php?t=27406

Page 1 of 2

Interrupt crash from ring 3

Posted: Sun Nov 17, 2013 6:31 am
by Zerkan
Hello,

I have some troubles to get interrupt working when I am in userland.
I got a triple fault from both bochs and qemu. Bochs being more verbose than qemu it tells me that :
interrupt(): SS selector null
interrupt(): SS selector null
interrupt(): SS selector null
I can't figure out why it tells me that since my TSS seems good.
Here is some of my code

The GDT part :

Code: Select all


# define GDT_SIZE 8

# define GDT_NULL_ENTRY 0x0
# define GDT_KERNEL_CODE_ENTRY 0x1
# define GDT_KERNEL_DATA_ENTRY 0x2
# define GDT_KERNEL_STACK_ENTRY 0x3
# define GDT_USER_CODE_ENTRY 0x4
# define GDT_USER_DATA_ENTRY 0x5
# define GDT_USER_STACK_ENTRY 0x6
# define GDT_TSS_ENTRY 0x7

struct tss os_tss;
struct gdt_ptr os_gdt;
struct gdt_entry os_gdt_entries[GDT_SIZE];

static void add_gdt_entry(uint8_t entry_num,
                          uint32_t base,
                          uint32_t limit,
                          uint8_t access,
                          uint8_t flags)
{
    struct gdt_entry *entry = &os_gdt_entries[entry_num];

    entry->limit1 = limit & 0xFFFF;
    entry->limit2 = (limit >> 16) & 0xF;
    entry->base1 = base & 0xFFFFF;
    entry->base2 = (base >> 24) & 0xFF;
    entry->flags = flags & 0xF;
    entry->access = access;
}

void setup_gdt(void)
{
    os_tss.debug_flag = 0x00;
    os_tss.io_map = 0x00;
    os_tss.esp0 = 0x20000;
    os_tss.ss0 = 0x18;

    add_gdt_entry(GDT_NULL_ENTRY, 0, 0, 0, 0);
    add_gdt_entry(GDT_KERNEL_CODE_ENTRY, 0, 0xFFFFF, 0x9B, 0xD);
    add_gdt_entry(GDT_KERNEL_DATA_ENTRY, 0, 0xFFFFF, 0x93, 0xD);
    add_gdt_entry(GDT_KERNEL_STACK_ENTRY, 0x0, 0x0, 0x97, 0x0D);
    add_gdt_entry(GDT_USER_CODE_ENTRY, 0x30000, 0x1, 0xFF, 0x0D);
    add_gdt_entry(GDT_USER_DATA_ENTRY, 0x30000, 0x1, 0xF3, 0x0D);
    add_gdt_entry(GDT_USER_STACK_ENTRY, 0x0, 0x0, 0xF7, 0x0D);
    add_gdt_entry(GDT_TSS_ENTRY, (uint32_t) &os_tss, 0x67, 0xE9, 0x00);

    os_gdt.size = sizeof (os_gdt_entries) - 1;
    os_gdt.ptr = (uint32_t) os_gdt_entries;

    __asm__ __volatile__ ("lgdtl %0" : : "m" (os_gdt));
}
The IDT:

Code: Select all

# define IDT_SIZE 255

# define INTERRUPT_GATE 0x8E00
# define TRAP_GATE 0xEF00

struct idt_ptr os_idt;
struct idt_entry os_entry_idt[IDT_SIZE];

static void add_idt_entry(uint8_t num, uint32_t offset, uint16_t type)
{
    struct idt_entry *entry = &os_entry_idt[num];

    entry->offset_low = offset & 0xFFFF;
    entry->offset_high = (offset >> 16) & 0xFFFF;
    entry->select = 0x8;
    entry->type = type;
}

void setup_idt(void)
{
    for (uint8_t i = 0; i < IDT_SIZE; ++i)
        add_idt_entry(i, (uint32_t)asm_irq_default, INTERRUPT_GATE);

    add_idt_entry(0x21, (uint32_t)asm_irq_keyboard, INTERRUPT_GATE);
    add_idt_entry(0x80, (uint32_t)asm_irq_syscall, TRAP_GATE);

    os_idt.size = sizeof (os_entry_idt) - 1;
    os_idt.ptr = (uint32_t)os_entry_idt;

    __asm__ __volatile__ ("lidt %0" : : "m" (os_idt));
}
The asm handler code for interrupt:

Code: Select all

.macro SAVE_REGS
    pushal
    push %ds
    push %es
    push %fs
    push %gs
    push %ebx

    movw $0x10, %bx
    movw %bx, %ds

    pop %ebx
.endm

.macro RESTORE_REGS
    pop %gs
    pop %fs
    pop %es
    pop %ds
    popal
.endm

.macro IRQ_WRAPPER name
.global asm_irq_\name
.global handle_irq_\name
asm_irq_\name:
    SAVE_REGS
    call    handle_irq_\name
    mov     $0x20,  %al
    out     %al,    $0x20
    RESTORE_REGS
    iret
.endm

IRQ_WRAPPER default
IRQ_WRAPPER keyboard

.global handle_irq_syscall
.global asm_irq_syscall
asm_irq_syscall:
    SAVE_REGS
    push %eax
    call handle_irq_syscall
    pop %eax
    RESTORE_REGS
    iret
The LTR :

Code: Select all

__asm__ __volatile__ ("movw $0x38, %ax \n \
                           ltr %ax");

k_cons.puts("Jumping to protected mode\n");
jump_pm();
The jump_pm function :

Code: Select all

.global jump_pm
jump_pm:
    mov     %cr0,   %eax
    or      $1,     %ax
    mov     %eax,   %cr0
    ljmp    $0x08,  $pm
pm:
    movw    $0x10,  %ax
    movw    %ax,    %ds
    movw    %ax,    %es
    movw    %ax,    %fs
    movw    %ax,    %gs
The is no set of ss in the jump_pm since it is set just after with the above code.
And I did change TSS in protected mode, to be sure, with this code :

Code: Select all

__asm__ __volatile__("movw $0x18, %ax \n\
                                    movw %ax, %ss \n \
                                    movl $0x20000, %esp");

__asm__("movw %%ss, %0 \n \
                movl %%esp, %1" : "=m"(os_tss.ss0), "=m"(os_tss.esp0) : );
Finally, here is the piece of code that switch to a task located in 0x30000 (that task only perform an infinite loop).

Code: Select all

cli();

memcpy((char *) 0x30000, &userland_code, 100);

__asm__ __volatile__ ("push $0x33 \n\
                           push $0x30000 \n\
                           pushfl            \n \
                           popl %%eax        \n \
                           orl $0x200, %%eax \n \
                           and $0xffffbfff, %%eax \n \
                           push %%eax        \n \
                           push $0x23 \n \
                           push $0x0 \n\
                           movw $0x2B, %%ax \n \
                           movw %%ax, %%ds \n \
                           iret" : : );
Interrupts are working well in pure kernel land, without tasks in ring 3.
I don't understand why bochs is telling me SS is null since 0x18 is the valid segment for the kernel stack and 0x20000 is the actual address of the kernel stack.
To test it I only unmasked keyboard interrupt, the kernel does not crash until a key is pressed. So, I think that ring 3 switch works.

Thanks

Re: Interrupt crash from ring 3

Posted: Sun Nov 17, 2013 7:12 am
by Combuster
TSS seems good
That's the worst error in debugging: assuming. :wink:

In the parts you've posted I'm not spotting any obvious error. The IDT is a key part in interrupt handling and is missing from the description, as is the entire crashdump - although considering the circumstances I wouldn't expect to be able to lift important clues from that one. Also, I would need significantly more than just the key parts to be able to reproduce the problem locally.

The most effective thing you can do now is to get bochs' debugger, set a breakpoint in userland, then test the GDT, IDT and TSS if they have the values you expect. Either you'll spot the broken link in the chain, or it would be good information for further scrutiny. An adept bochs user would be able to significantly narrow the problem - if not finding the bug itself - in 15 minutes, so learning that tool is a worthwhile exercise.

Re: Interrupt crash from ring 3

Posted: Sun Nov 17, 2013 7:34 am
by Zerkan
I edited my post to had the piece of code you requested.

I am going to try bochs debugger and see what I can see from it.

Re: Interrupt crash from ring 3

Posted: Sun Nov 17, 2013 8:00 am
by Combuster
for (uint8_t i = 0; i < IDT_SIZE; ++i)
add_idt_entry(i, (uint32_t)asm_irq_default, INTERRUPT_GATE);
That snippet means that all cases, IRQs (requiring EOI), syscalls (requiring DPL 3, which is not explicit even for the case in question), exceptions (traps or faults, with or without error code), and spurious requests get the exact same treatment when they shouldn't. This is certainly going to bite you later, but it might have already become a part of the problem.

Re: Interrupt crash from ring 3

Posted: Sun Nov 17, 2013 8:10 am
by Zerkan
add_idt_entry(0x21, (uint32_t)asm_irq_keyboard, INTERRUPT_GATE);
add_idt_entry(0x80, (uint32_t)asm_irq_syscall, TRAP_GATE);
I know that I will have to implement more interrupt handler. For now, only the syscall and keyboard interrupt are handled properly.

I put the asm code snippet for interrupt handling.

Re: Interrupt crash from ring 3

Posted: Sun Nov 17, 2013 8:44 am
by Combuster
Your interrupt handler screws up the stack in case of exceptions with error codes, of which #SS in particular. Bochs' logging already demonstrates that that is also the exception thrown here. If you're not going to fix it, replace it with a cli;hlt; to eliminate it from contributing to the problem.

Re: Interrupt crash from ring 3

Posted: Sun Nov 17, 2013 8:51 am
by Zerkan
.macro SAVE_REGS
pushal
push %ds
push %es
push %fs
push %gs
push %ebx

movw $0x10, %bx
movw %bx, %ds

pop %ebx
.endm

.macro RESTORE_REGS
pop %gs
pop %fs
pop %es
pop %ds
popal
.endm
So you are saying that this code is my problem ?
What can I do about it ? I need to save registers to avoid problems back to the usercode after the interrupt happened, do I ?

Re: Interrupt crash from ring 3

Posted: Sun Nov 17, 2013 9:34 am
by Combuster
Combuster wrote:screws up the stack in case of exceptions with error codes
I think that's a nice search query for the manuals. How's your debugging going btw?

Re: Interrupt crash from ring 3

Posted: Sun Nov 17, 2013 10:02 am
by iansjack
Combuster wrote:How's your debugging going btw?
I am always puzzled by questions like the OP here. It is blindingly obvious that a few minutes with a debugger are going to pinpoint at least the area, and very likely the exact cause, of the problem and yet we go round and round with hypotheses and reams of code listing.

If people can't debug a simple error like this what hope have they got when faced with more arcane problems? Breakpoints and single-stepping will soon locate the exact instruction that is faulting and the rest should be easy.

Re: Interrupt crash from ring 3

Posted: Sun Nov 17, 2013 10:09 am
by Zerkan
Not very good. I found out that no irq code is even called when I press a key (default IRQ code, keyboard IRQ code). So the problem does not come (for the moment at least) from the IRQ code, it is somewhere else.

Re: Interrupt crash from ring 3

Posted: Sun Nov 17, 2013 10:17 am
by iansjack
You say the kernel crashes only when a key is pressed. The only logical explanation for that is that it is caused by the interrupt. And yet you say that your interrupt routine isn't called. Which means there is a fault in your IDT.

As already suggested, check that your IDT entries are what you expect them to be.

Re: Interrupt crash from ring 3

Posted: Sun Nov 17, 2013 10:59 am
by Zerkan
The problem is that bochs complains about SS being null.

I check by putting a break point in the userland. I dumped the tss and SS0 is 0x18 and esp0 is 0x20000, as they should be.

Here is what bochs says :
00089389000e[CPU0 ] interrupt(): SS selector null
00089389000e[CPU0 ] interrupt(): SS selector null
00089389000e[CPU0 ] interrupt(): SS selector null
00089389000i[CPU0 ] CPU is in protected mode (active)
00089389000i[CPU0 ] CS.mode = 32 bit
00089389000i[CPU0 ] SS.mode = 32 bit
00089389000i[CPU0 ] EFER = 0x00000000
00089389000i[CPU0 ] | EAX=0020002b EBX=00010000 ECX=00100818 EDX=00030063
00089389000i[CPU0 ] | ESP=0002fffc EBP=0002fffc ESI=00000000 EDI=00000000
00089389000i[CPU0 ] | IOPL=0 ID vip vif ac vm RF nt of df IF tf sf ZF af PF cf
00089389000i[CPU0 ] | SEG sltr(index|ti|rpl) base limit G D
00089389000i[CPU0 ] | CS:0023( 0004| 0| 3) 00030000 00001fff 1 1
00089389000i[CPU0 ] | DS:002b( 0005| 0| 3) 00030000 00001fff 1 1
00089389000i[CPU0 ] | SS:0033( 0006| 0| 3) 00000000 00000fff 1 1
00089389000i[CPU0 ] | ES:0000( 0002| 0| 0) 00000000 ffffffff 1 1
00089389000i[CPU0 ] | FS:0000( 0002| 0| 0) 00000000 ffffffff 1 1
00089389000i[CPU0 ] | GS:0000( 0002| 0| 0) 00000000 ffffffff 1 1
00089389000i[CPU0 ] | EIP=00000003 (00000003)
00089389000i[CPU0 ] | CR0=0x60000011 CR2=0x00000000
00089389000i[CPU0 ] | CR3=0x00000000 CR4=0x00000000
(0).[89389000] [0x000000030003] 0023:00000003 (unk. ctxt): jmp .-2 (0x00030003) ; ebfe
00089389000e[CPU0 ] exception(): 3rd (10) exception with no resolution, shutdown status is 00h, resetting

Re: Interrupt crash from ring 3

Posted: Sun Nov 17, 2013 11:05 am
by Combuster
... and the rest? I don't even see a demonstration of the TSS content, let alone the most likely culprit.

Re: Interrupt crash from ring 3

Posted: Sun Nov 17, 2013 11:16 am
by Zerkan
Sorry about that.

So here is the TSS (I checked the address with GDB) :
(0) Breakpoint 1, 0x00030000 in ?? ()
Next at t=113088763
(0) [0x000000030000] 0023:00000000 (unk. ctxt): push ebp ; 55
<bochs:5> xp /104bx 0x103020
[bochs]:
0x00103020 <bogus+ 0>: 0x00 0x00 0x00 0x00 0x00 0x00 0x02 0x00
0x00103028 <bogus+ 8>: 0x18 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00103030 <bogus+ 16>: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00103038 <bogus+ 24>: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00103040 <bogus+ 32>: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00103048 <bogus+ 40>: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00103050 <bogus+ 48>: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00103058 <bogus+ 56>: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00103060 <bogus+ 64>: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00103068 <bogus+ 72>: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00103070 <bogus+ 80>: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00103078 <bogus+ 88>: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00103080 <bogus+ 96>: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
And a full log from bochs
Please choose one: [2] 6
00000000000i[ ] installing x module as the Bochs GUI
00000000000i[ ] Bochs x86 Emulator 2.6.2.svn
00000000000i[ ] Built from SVN snapshot after release 2.6.2
00000000000i[ ] Compiled on Nov 17 2013 at 19:02:40
00000000000i[ ] System configuration
00000000000i[ ] processors: 1 (cores=1, HT threads=1)
00000000000i[ ] A20 line support: yes
00000000000i[ ] IPS is set to 4000000
00000000000i[ ] CPU configuration
00000000000i[ ] SMP support: no
00000000000i[ ] level: 6
00000000000i[ ] APIC support: xapic
00000000000i[ ] FPU support: yes
00000000000i[ ] MMX support: yes
00000000000i[ ] 3dnow! support: no
00000000000i[ ] SEP support: yes
00000000000i[ ] SIMD support: sse2
00000000000i[ ] XSAVE support: no
00000000000i[ ] AES support: no
00000000000i[ ] SHA support: no
00000000000i[ ] MOVBE support: no
00000000000i[ ] ADX support: no
00000000000i[ ] x86-64 support: no
00000000000i[ ] MWAIT support: yes
00000000000i[ ] Optimization configuration
00000000000i[ ] RepeatSpeedups support: no
00000000000i[ ] Fast function calls: no
00000000000i[ ] Handlers Chaining speedups: no
00000000000i[ ] Devices configuration
00000000000i[ ] NE2000 support: no
00000000000i[ ] PCI support: yes, enabled=yes
00000000000i[ ] SB16 support: no
00000000000i[ ] USB support: no
00000000000i[ ] VGA extension support: vbe
00000000000i[MEM0 ] allocated memory at 0x7fe1d4eb6010. after alignment, vector=0x7fe1d4eb7000
00000000000i[MEM0 ] 32.00MB
00000000000i[MEM0 ] mem block size = 0x00100000, blocks=32
00000000000i[MEM0 ] rom at 0xfffe0000/131072 ('/home/zerkan/local/share/bochs/BIOS-bochs-latest')
00000000000i[ ] init_dev of 'pci' plugin device by virtual method
00000000000i[DEV ] i440FX PMC present at device 0, function 0
00000000000i[ ] init_dev of 'pci2isa' plugin device by virtual method
00000000000i[DEV ] PIIX3 PCI-to-ISA bridge present at device 1, function 0
00000000000i[ ] init_dev of 'cmos' plugin device by virtual method
00000000000i[CMOS ] Using local time for initial clock
00000000000i[CMOS ] Setting initial clock to: Sun Nov 17 20:14:47 2013 (time0=1384715687)
00000000000i[ ] init_dev of 'dma' plugin device by virtual method
00000000000i[DMA ] channel 4 used by cascade
00000000000i[ ] init_dev of 'pic' plugin device by virtual method
00000000000i[ ] init_dev of 'pit' plugin device by virtual method
00000000000i[ ] init_dev of 'floppy' plugin device by virtual method
00000000000i[DMA ] channel 2 used by Floppy Drive
00000000000i[ ] init_dev of 'vga' plugin device by virtual method
00000000000i[MEM0 ] Register memory access handlers: 0x0000000a0000 - 0x0000000bffff
00000000000i[VGA ] interval=200000
00000000000i[MEM0 ] Register memory access handlers: 0x0000e0000000 - 0x0000e0ffffff
00000000000i[BXVGA] VBE Bochs Display Extension Enabled
00000000000i[XGUI ] test_alloc_colors: 16 colors available out of 16 colors tried
00000000000i[XGUI ] font 8 wide x 16 high, display depth = 24
00000000000i[MEM0 ] rom at 0xc0000/41472 ('/home/zerkan/local/share/bochs/VGABIOS-lgpl-latest')
00000000000i[ ] init_dev of 'acpi' plugin device by virtual method
00000000000i[DEV ] ACPI Controller present at device 1, function 3
00000000000i[ ] init_dev of 'ioapic' plugin device by virtual method
00000000000i[IOAP ] initializing I/O APIC
00000000000i[MEM0 ] Register memory access handlers: 0x0000fec00000 - 0x0000fec00fff
00000000000i[IOAP ] IOAPIC enabled (base address = 0xfec00000)
00000000000i[ ] init_dev of 'keyboard' plugin device by virtual method
00000000000i[KBD ] will paste characters every 400 keyboard ticks
00000000000i[ ] init_dev of 'harddrv' plugin device by virtual method
00000000000i[HD ] CD on ata0-1: 'os.iso'
00000000000i[CD1 ] load cdrom with path=os.iso
00000000000i[CD1 ] Opening image file as a cd.
00000000000i[HD ] Media present in CD-ROM drive
00000000000i[HD ] Capacity is 8210 sectors (16.04 MB)
00000000000i[HD ] Using boot sequence cdrom, none, none
00000000000i[HD ] Floppy boot signature check is enabled
00000000000i[ ] init_dev of 'pci_ide' plugin device by virtual method
00000000000i[DEV ] PIIX3 PCI IDE controller present at device 1, function 1
00000000000i[ ] init_dev of 'unmapped' plugin device by virtual method
00000000000i[ ] init_dev of 'biosdev' plugin device by virtual method
00000000000i[ ] init_dev of 'speaker' plugin device by virtual method
00000000000e[SPEAK] Failed to open /dev/console: Permission denied
00000000000e[SPEAK] Deactivating beep on console
00000000000i[ ] init_dev of 'extfpuirq' plugin device by virtual method
00000000000i[ ] init_dev of 'parallel' plugin device by virtual method
00000000000i[PAR ] parallel port 1 at 0x0378 irq 7
00000000000i[ ] init_dev of 'serial' plugin device by virtual method
00000000000i[SER ] com1 at 0x03f8 irq 4 (mode: null)
00000000000i[ ] init_dev of 'iodebug' plugin device by virtual method
00000000000i[ ] register state of 'pci' plugin device by virtual method
00000000000i[ ] register state of 'pci2isa' plugin device by virtual method
00000000000i[ ] register state of 'cmos' plugin device by virtual method
00000000000i[ ] register state of 'dma' plugin device by virtual method
00000000000i[ ] register state of 'pic' plugin device by virtual method
00000000000i[ ] register state of 'pit' plugin device by virtual method
00000000000i[ ] register state of 'floppy' plugin device by virtual method
00000000000i[ ] register state of 'vga' plugin device by virtual method
00000000000i[ ] register state of 'unmapped' plugin device by virtual method
00000000000i[ ] register state of 'biosdev' plugin device by virtual method
00000000000i[ ] register state of 'speaker' plugin device by virtual method
00000000000i[ ] register state of 'extfpuirq' plugin device by virtual method
00000000000i[ ] register state of 'parallel' plugin device by virtual method
00000000000i[ ] register state of 'serial' plugin device by virtual method
00000000000i[ ] register state of 'iodebug' plugin device by virtual method
00000000000i[ ] register state of 'acpi' plugin device by virtual method
00000000000i[ ] register state of 'ioapic' plugin device by virtual method
00000000000i[ ] register state of 'keyboard' plugin device by virtual method
00000000000i[ ] register state of 'harddrv' plugin device by virtual method
00000000000i[ ] register state of 'pci_ide' plugin device by virtual method
00000000000i[SYS ] bx_pc_system_c::Reset(HARDWARE) called
00000000000i[CPU0 ] cpu hardware reset
00000000000i[APIC0] allocate APIC id=0 (MMIO enabled) to 0x0000fee00000
00000000000i[CPU0 ] CPUID[0x00000000]: 00000005 756e6547 6c65746e 49656e69
00000000000i[CPU0 ] CPUID[0x00000001]: 00000633 00010800 00000008 1fcbfbff
00000000000i[CPU0 ] CPUID[0x00000002]: 00410601 00000000 00000000 00000000
00000000000i[CPU0 ] CPUID[0x00000003]: 00000000 00000000 00000000 00000000
00000000000i[CPU0 ] CPUID[0x00000004]: 00000000 00000000 00000000 00000000
00000000000i[CPU0 ] CPUID[0x00000005]: 00000040 00000040 00000003 00000020
00000000000i[CPU0 ] CPUID[0x80000000]: 80000008 00000000 00000000 00000000
00000000000i[CPU0 ] CPUID[0x80000001]: 00000000 00000000 00000000 00000000
00000000000i[CPU0 ] CPUID[0x80000002]: 20202020 20202020 20202020 6e492020
00000000000i[CPU0 ] CPUID[0x80000003]: 286c6574 50202952 69746e65 52286d75
00000000000i[CPU0 ] CPUID[0x80000004]: 20342029 20555043 20202020 00202020
00000000000i[CPU0 ] CPUID[0x80000005]: 01ff01ff 01ff01ff 40020140 40020140
00000000000i[CPU0 ] CPUID[0x80000006]: 00000000 42004200 02008140 00000000
00000000000i[CPU0 ] CPUID[0x80000007]: 00000000 00000000 00000000 00000000
00000000000i[CPU0 ] CPUID[0x80000008]: 00002028 00000000 00000000 00000000
00000000000i[ ] reset of 'pci' plugin device by virtual method
00000000000i[ ] reset of 'pci2isa' plugin device by virtual method
00000000000i[ ] reset of 'cmos' plugin device by virtual method
00000000000i[ ] reset of 'dma' plugin device by virtual method
00000000000i[ ] reset of 'pic' plugin device by virtual method
00000000000i[ ] reset of 'pit' plugin device by virtual method
00000000000i[ ] reset of 'floppy' plugin device by virtual method
00000000000i[ ] reset of 'vga' plugin device by virtual method
00000000000i[ ] reset of 'acpi' plugin device by virtual method
00000000000i[ ] reset of 'ioapic' plugin device by virtual method
00000000000i[ ] reset of 'keyboard' plugin device by virtual method
00000000000i[ ] reset of 'harddrv' plugin device by virtual method
00000000000i[ ] reset of 'pci_ide' plugin device by virtual method
00000000000i[ ] reset of 'unmapped' plugin device by virtual method
00000000000i[ ] reset of 'biosdev' plugin device by virtual method
00000000000i[ ] reset of 'speaker' plugin device by virtual method
00000000000i[ ] reset of 'extfpuirq' plugin device by virtual method
00000000000i[ ] reset of 'parallel' plugin device by virtual method
00000000000i[ ] reset of 'serial' plugin device by virtual method
00000000000i[ ] reset of 'iodebug' plugin device by virtual method
00000000000i[XGUI ] Mouse capture off
00000000000i[ ] set SIGINT handler to bx_debug_ctrlc_handler
Next at t=0
(0) [0x0000fffffff0] f000:fff0 (unk. ctxt): jmpf 0xf000:e05b ; ea5be000f0
00000000000i[XGUI ] Mouse capture off
<bochs:1> b 0x30000
00000000000i[XGUI ] Mouse capture off
<bochs:2> bpe 1
00000000000i[XGUI ] Mouse capture off
<bochs:3> c
00000000025i[MEM0 ] allocate_block: block=0x0 used 0x1 of 0x20
00000004000e[XGUI ] xkeypress(): keysym ffeb unhandled!
00000004661i[BIOS ] $Revision: 11761 $ $Date: 2013-08-02 17:59:49 +0200 (Fr, 02. Aug 2013) $
00000318049i[KBD ] reset-disable command received
00000320821i[BIOS ] Starting rombios32
00000321255i[BIOS ] Shutdown flag 0
00000321850i[BIOS ] ram_size=0x02000000
00000322271i[BIOS ] ram_end=32MB
00000362764i[BIOS ] Found 1 cpu(s)
00000376961i[BIOS ] bios_table_addr: 0x000fa468 end=0x000fcc00
00000704758i[PCI ] i440FX PMC write to PAM register 59 (TLB Flush)
00001032685i[P2I ] PCI IRQ routing: PIRQA# set to 0x0b
00001032704i[P2I ] PCI IRQ routing: PIRQB# set to 0x09
00001032723i[P2I ] PCI IRQ routing: PIRQC# set to 0x0b
00001032742i[P2I ] PCI IRQ routing: PIRQD# set to 0x09
00001032752i[P2I ] write: ELCR2 = 0x0a
00001033518i[BIOS ] PIIX3/PIIX4 init: elcr=00 0a
00001041191i[BIOS ] PCI: bus=0 devfn=0x00: vendor_id=0x8086 device_id=0x1237 class=0x0600
00001043461i[BIOS ] PCI: bus=0 devfn=0x08: vendor_id=0x8086 device_id=0x7000 class=0x0601
00001045570i[BIOS ] PCI: bus=0 devfn=0x09: vendor_id=0x8086 device_id=0x7010 class=0x0101
00001045799i[PIDE ] new BM-DMA address: 0xc000
00001046416i[BIOS ] region 4: 0x0000c000
00001048441i[BIOS ] PCI: bus=0 devfn=0x0b: vendor_id=0x8086 device_id=0x7113 class=0x0680
00001048674i[ACPI ] new irq line = 11
00001048686i[ACPI ] new irq line = 9
00001048715i[ACPI ] new PM base address: 0xb000
00001048729i[ACPI ] new SM base address: 0xb100
00001048757i[PCI ] setting SMRAM control register to 0x4a
00001212848i[CPU0 ] Enter to System Management Mode
00001212859i[CPU0 ] RSM: Resuming from System Management Mode
00001376877i[PCI ] setting SMRAM control register to 0x0a
00001391770i[BIOS ] MP table addr=0x000fa540 MPC table addr=0x000fa470 size=0xc8
00001393526i[BIOS ] SMBIOS table addr=0x000fa550
00001393584i[MEM0 ] allocate_block: block=0x1f used 0x2 of 0x20
00001395721i[BIOS ] ACPI tables: RSDP addr=0x000fa670 ACPI DATA addr=0x01ff0000 size=0xf72
00001398918i[BIOS ] Firmware waking vector 0x1ff00cc
00001400716i[PCI ] i440FX PMC write to PAM register 59 (TLB Flush)
00001401444i[BIOS ] bios_table_cur_addr: 0x000fa694
00001529061i[VBIOS] VGABios $Id: vgabios.c,v 1.75 2011/10/15 14:07:21 vruppert Exp $
00001529132i[BXVGA] VBE known Display Interface b0c0
00001529164i[BXVGA] VBE known Display Interface b0c5
00001532089i[VBIOS] VBE Bios $Id: vbe.c,v 1.64 2011/07/19 18:25:05 vruppert Exp $
00001600000i[XGUI ] charmap update. Font Height is 16
00005372000e[XGUI ] xkeypress(): keysym ffeb unhandled!
00005694403i[BIOS ] IDE time out
00017844610i[BIOS ] Booting from 07c0:0000
00017853976i[MEM0 ] allocate_block: block=0x1 used 0x3 of 0x20
00048485165i[MEM0 ] allocate_block: block=0x1e used 0x4 of 0x20
(0) Breakpoint 1, 0x00030000 in ?? ()
Next at t=79601108
(0) [0x000000030000] 0023:00000000 (unk. ctxt): push ebp ; 55
00079601108i[XGUI ] Mouse capture off
<bochs:4> c
00079604000e[XGUI ] xkeypress(): keysym ffeb unhandled!
00079605000e[CPU0 ] interrupt(): SS selector null
00079605000e[CPU0 ] interrupt(): SS selector null
00079605000e[CPU0 ] interrupt(): SS selector null
00079605000i[CPU0 ] CPU is in protected mode (active)
00079605000i[CPU0 ] CS.mode = 32 bit
00079605000i[CPU0 ] SS.mode = 32 bit
00079605000i[CPU0 ] EFER = 0x00000000
00079605000i[CPU0 ] | EAX=0020002b EBX=00010000 ECX=00100818 EDX=00030063
00079605000i[CPU0 ] | ESP=0002fffc EBP=0002fffc ESI=00000000 EDI=00000000
00079605000i[CPU0 ] | IOPL=0 ID vip vif ac vm RF nt of df IF tf sf ZF af PF cf
00079605000i[CPU0 ] | SEG sltr(index|ti|rpl) base limit G D
00079605000i[CPU0 ] | CS:0023( 0004| 0| 3) 00030000 00001fff 1 1
00079605000i[CPU0 ] | DS:002b( 0005| 0| 3) 00030000 00001fff 1 1
00079605000i[CPU0 ] | SS:0033( 0006| 0| 3) 00000000 00000fff 1 1
00079605000i[CPU0 ] | ES:002b( 0005| 0| 3) 00030000 00001fff 1 1
00079605000i[CPU0 ] | FS:002b( 0005| 0| 3) 00030000 00001fff 1 1
00079605000i[CPU0 ] | GS:002b( 0005| 0| 3) 00030000 00001fff 1 1
00079605000i[CPU0 ] | EIP=00000003 (00000003)
00079605000i[CPU0 ] | CR0=0x60000011 CR2=0x00000000
00079605000i[CPU0 ] | CR3=0x00000000 CR4=0x00000000
(0).[79605000] [0x000000030003] 0023:00000003 (unk. ctxt): jmp .-2 (0x00030003) ; ebfe
00079605000e[CPU0 ] exception(): 3rd (10) exception with no resolution, shutdown status is 00h, resetting
00079605000i[SYS ] bx_pc_system_c::Reset(HARDWARE) called
00079605000i[CPU0 ] cpu hardware reset
00079605000i[APIC0] allocate APIC id=0 (MMIO enabled) to 0x0000fee00000
00079605000i[CPU0 ] CPUID[0x00000000]: 00000005 756e6547 6c65746e 49656e69
00079605000i[CPU0 ] CPUID[0x00000001]: 00000633 00010800 00000008 1fcbfbff
00079605000i[CPU0 ] CPUID[0x00000002]: 00410601 00000000 00000000 00000000
00079605000i[CPU0 ] CPUID[0x00000003]: 00000000 00000000 00000000 00000000
00079605000i[CPU0 ] CPUID[0x00000004]: 00000000 00000000 00000000 00000000
00079605000i[CPU0 ] CPUID[0x00000005]: 00000040 00000040 00000003 00000020
00079605000i[CPU0 ] CPUID[0x80000000]: 80000008 00000000 00000000 00000000
00079605000i[CPU0 ] CPUID[0x80000001]: 00000000 00000000 00000000 00000000
00079605000i[CPU0 ] CPUID[0x80000002]: 20202020 20202020 20202020 6e492020
00079605000i[CPU0 ] CPUID[0x80000003]: 286c6574 50202952 69746e65 52286d75
00079605000i[CPU0 ] CPUID[0x80000004]: 20342029 20555043 20202020 00202020
00079605000i[CPU0 ] CPUID[0x80000005]: 01ff01ff 01ff01ff 40020140 40020140
00079605000i[CPU0 ] CPUID[0x80000006]: 00000000 42004200 02008140 00000000
00079605000i[CPU0 ] CPUID[0x80000007]: 00000000 00000000 00000000 00000000
00079605000i[CPU0 ] CPUID[0x80000008]: 00002028 00000000 00000000 00000000
00079605000i[ ] reset of 'pci' plugin device by virtual method
00079605000i[ ] reset of 'pci2isa' plugin device by virtual method
00079605000i[ ] reset of 'cmos' plugin device by virtual method
00079605000i[ ] reset of 'dma' plugin device by virtual method
00079605000i[ ] reset of 'pic' plugin device by virtual method
00079605000i[ ] reset of 'pit' plugin device by virtual method
00079605000i[ ] reset of 'floppy' plugin device by virtual method
00079605000i[ ] reset of 'vga' plugin device by virtual method
00079605000i[ ] reset of 'acpi' plugin device by virtual method
00079605000i[ ] reset of 'ioapic' plugin device by virtual method
00079605000i[ ] reset of 'keyboard' plugin device by virtual method
00079605000i[ ] reset of 'harddrv' plugin device by virtual method
00079605000i[ ] reset of 'pci_ide' plugin device by virtual method
00079605000i[ ] reset of 'unmapped' plugin device by virtual method
00079605000i[ ] reset of 'biosdev' plugin device by virtual method
00079605000i[ ] reset of 'speaker' plugin device by virtual method
00079605000i[ ] reset of 'extfpuirq' plugin device by virtual method
00079605000i[ ] reset of 'parallel' plugin device by virtual method
00079605000i[ ] reset of 'serial' plugin device by virtual method
00079605000i[ ] reset of 'iodebug' plugin device by virtual method

Re: Interrupt crash from ring 3

Posted: Sun Nov 17, 2013 11:26 am
by Combuster
Zerkan wrote:So here is the TSS (I checked the address with GDB)
Two errors here. You're
1) taking the least practical way of getting a specific structure. (use info gdt/tss/idt/... for such queries)
2) Assuming :evil: the CPU looks for the TSS in the exact same spot as where some linker assigned it, and therefore, that all intermediate code is working as expected - something of which we know isn't true since post 1.
All times are UTC-06:00
Page 1 of 2

Powered by phpBB® Forum Software © phpBB Limited