crush system when try to enable paging

[Shvets04]

hi, when i try to enable paging, qemu just turn off with error "Trying to execute code outside RAM or ROM at 0xefffff54"
What could be the problem?
And did I create the page table correctly?

my bootloader:

Code: Select all

bits 32

        ;multiboot spec
        align 4
        dd 0x1BADB002            ;magic
        dd 0x00                  ;flags
        dd - (0x1BADB002 + 0x00) ;checksum. m+f+c should be zero


global page_directory

section .text
global start
extern kmain	        ;kmain is defined in the c file



start:
        cli 			;block interrupts
        xor eax, eax
        mov ds, eax
        mov esp, stack_space


        mov eax, 0x0
        mov ebx, 0x0


        .fill_table0:
            mov    ecx, ebx
            or     ecx, 3              ; Present; Supervisor;
            mov    [page_table0+eax*4], ecx
            add    ebx, 4096
            inc    eax
            cmp    eax, 1024            ; 1024 frames = 4MB
            je     .end0
            jmp    .fill_table0
        .end0:


        mov     eax, 0x0
        mov     ebx, 0x100000
        .fill_table:
            mov    ecx, ebx
            or     ecx, 3              ; Present; Supervisor; R/W;
            mov    [page_table768+eax*4], ecx
            add    ebx, 4096
            inc    eax
            cmp    eax, 1024
            je     .end
            jmp    .fill_table
        .end:

        mov     eax, page_table0
        and     eax, 0xFFFFF000
        or      eax, 3
        mov     ebx, page_directory
        mov     [ebx], eax


        mov     eax, page_table768
        and     eax, 0xFFFFF000
        or      eax, 3
        mov     ebx, page_directory
        mov     [ebx], eax ; 0xC0000000 

        
        and     eax, 0xFFFFF000

        ;or      eax, 3
        mov     eax, page_directory
        mov     cr3, eax
        mov     eax, cr0
        or      eax, 0x80000001

        mov     cr0, eax

        mov eax, cr0
        or eax, 1
        mov cr0, eax ; <-- cause a crush

        mov ecx, eax 
  

    call kmain
    hlt		 	

page_directory:
    resb  0x1000
page_table0:
    resb  0x1000
page_table768:
    resb  0x1000

section .bss
resb 8192		;8KB for stack
stack_space:

CPU dump

Code: Select all

EAX=f000001a EBX=f000ff53 ECX=00000040 EDX=00000037
ESI=f000e2c3 EDI=f000ff53 EBP=f000ff53 ESP=ffff0018
EIP=f000ff54 EFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0040 00000400 0000ffff 00009300
CS =f000 ffff0000 0000ffff 00009b00
SS =0000 00000000 0000ffff 00009300
DS =0000 00000000 0000ffff 00009300
FS =0000 00000000 0000ffff 00009300
GS =0000 00000000 0000ffff 00009300
LDT=0000 00000000 0000ffff 00008200
TR =0000 00000000 0000ffff 00008b00
GDT=     00000000 0000ffff
IDT=     00000000 0000ffff
CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
DR0=00000000 DR1=00000000 DR2=00000000 DR3=00000000 
DR6=ffff0ff0 DR7=00000400
CCS=ffff0000 CCD=00000000 CCO=LOGICW  
EFER=0000000000000000
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000

link.ld

Code: Select all

OUTPUT_FORMAT(elf32-i386)
ENTRY(start)
SECTIONS
 {
   . = 0x100000;
   text_start = .;
   .text : { *(.text) }
   text_end = .;
   .data : { *(.data) }
   .bss  : { *(.bss)  }
 end_of_kernel_image = .;
 }

[nielsd]

I think the issue happens earlier.
Because the line you marked is the line enabling the PE bit, which is already enabled.
I've only taken a quick look, but I noticed that your page_directory, page_table0 etc structures are not page-aligned.

[nullplan]

Your code has many problems:

• It seems to be written for 32-bit mode, but the crash listing says it is not in 32-bit mode. You are still in 16-bit mode, so your bootloader never transitioned to 32-bit mode. You need to be in protected mode before you can enable paging. The PG bit has no effect in real mode. Evidently, setting it was even ignored, because it is not present in the crash listing.
• You start your code with CLI. If booted from multiboot, that would be superfluous.
• Then you clear out DS. If booted from multiboot, that would mean no more data references for you, except for stack references and certain string functions.
• Finally, page directory and page tables must be page aligned. You must put the alignment before declaring them. And why did you put them in your code section and not your BSS section?

Small comment about the loops: Why make a conditional jump over a jump instruction, when you can just reverse the condition and the direction, and save the jump instruction? IDK, seems weird to me.

[Shvets04]

I think the issue happens earlier.
Because the line you marked is the line enabling the PE bit, which is already enabled.
I've only taken a quick look, but I noticed that your page_directory, page_table0 etc structures are not page-aligned.

line that i marked aslo enable PG flag.
the issue happens when i try to set CR0.PG.

Code: Select all

        mov     eax, cr0
        or      eax, 0x80000000
        mov cr0,eax ; <-- error, but if CPU doesn't execute this command, i have no error.

I've added aling 1024 befor page_directory.
you can look at full code of bootloader - https://github.com/s04v/OSv1.0/blob/mas ... /boot2.asm

Also,I thought the system crash was due to the wrong page table/directory . but register dumb tell that PG is not set to 1 even the crush happens.

Thanks)

[nullplan]

Oh, I have an idea. In your crash report, it says CS is F000, and CS.base is FFFF0000. That only happens after reset. Therefore, your CPU has experienced a reset. Which might be the case after a tripple-fault. I think you can tell your emulator, not to reboot on tripple-fault somehow (to halt instead). You should probably google this.

[iansjack]

I'm a bit confused. You talk about a bootloader, but what you show is clearly not that. Are you using Grub? Or are you using qemu to boot your kernel - if so what is your exact command. In either case, if you are booting via multiboot you should be in protected mode.

The debug dump that you gave shows that all your segment registers are invalid - CS clearly has a value (f000) that is not a selector in your GDT, and the others are zero, which is an invalid selector. This seems to show that you are not booting via multiboot - in which case you need a long jump, with a valid selector for CS immediately after enabling protected mode.

Code: Select all

.       or      eax, 0x80000001

        mov     cr0, eax

        mov eax, cr0
        or eax, 1
        mov cr0, eax

What is the point of the last three lines of code? you've already set bit 0 of cr0 so what further do they do? As you are just reloading cr0 with the value it already had, I can't see that the problem is there.