mirrors/Bochs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed bug in interrupt function in real mode

Browse Source 
Style change
Update CHANGES
Remove patch.v8086-exception.lightcone because it already in CVS
This commit is contained in:
Stanislav Shwartsman 2005-02-01 21:17:57 +00:00
parent a16fbc293a
commit 3fdbf48a69
6 changed files with 188 additions and 304 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
bochs/CHANGES
View File

@ -190,6 +190,9 @@ Changes to next release:
[1093796] Fix for bug #1093786 (Nigel Horne)
[1082584] The start of Bus mice and USB mice by Ben Lunt
[1104695] msvc6 compatibility update (Royce Mitchell III)
[1059199] VGA text font bug fix
[1108001] Null pointer on bx_atexit() (Ben Lunt)
[1112093] Fixed mouse cursor remain area drawing
- SF patches partially applied
[896733] Lazy flags, for more instructions, only 1 src op
@ -201,6 +204,10 @@ Changes to next release:
- patch.apic-zwane (APIC fixes) (Zwane Mwaikambo)
- these S.F. bugs were closed
#549793 flaw in interrupt gate handling(exception.cc)
#692055 SMP Error
#805479 Booting from disk causes illegal instruction warnings
#909677 pc-speaker doesn't work
#831751 behaviour unrealistic
#661213 CR4.TSD is broken
#685508 PANIC: prefetch: RIP > CS.limit

4
bochs/bx_debug/dbg_main.cc
View File

@ -1,5 +1,5 @@
/////////////////////////////////////////////////////////////////////////
// $Id: dbg_main.cc,v 1.13 2005-01-05 19:50:54 vruppert Exp $
// $Id: dbg_main.cc,v 1.14 2005-02-01 21:17:38 sshwarts Exp $
/////////////////////////////////////////////////////////////////////////
//
// Copyright (C) 2001 MandrakeSoft S.A.
@ -5908,5 +5908,5 @@ bx_dbg_info_flags(void)
dbg_printf ("CF");
dbg_printf ("\n");
}
#endif /* if BX_DEBUGGER */
#endif /* if BX_DEBUGGER */

5
bochs/cpu/apic.cc
View File

@ -1,5 +1,5 @@
/////////////////////////////////////////////////////////////////////////
// $Id: apic.cc,v 1.37 2005-01-13 19:03:36 sshwarts Exp $
// $Id: apic.cc,v 1.38 2005-02-01 21:17:51 sshwarts Exp $
/////////////////////////////////////////////////////////////////////////
#define NEED_CPU_REG_SHORTCUTS 1
@ -224,8 +224,7 @@ bx_bool bx_generic_apic_c::deliver (Bit8u dest, Bit8u dest_mode, Bit8u delivery_
case APIC_DM_INIT:
// normal INIT IPI sent to processors
for (i = 0; i < BX_LOCAL_APIC_NUM; i++) {
if (deliver_bitmask & (1<<i))
local_apic_index[i]->init();
if (deliver_bitmask & (1<<i)) local_apic_index[i]->init();
}
// HACK! We need to do some IOAPIC init after the CPUs
// are fired up

65
bochs/cpu/exception.cc
View File

@ -1,5 +1,5 @@
/////////////////////////////////////////////////////////////////////////
// $Id: exception.cc,v 1.44 2004-11-04 22:41:23 sshwarts Exp $
// $Id: exception.cc,v 1.45 2005-02-01 21:17:53 sshwarts Exp $
/////////////////////////////////////////////////////////////////////////
//
// Copyright (C) 2001 MandrakeSoft S.A.
@ -48,8 +48,7 @@ static const bx_bool is_exception_OK[3][3] = {
};
void
BX_CPU_C::interrupt(Bit8u vector, bx_bool is_INT, bx_bool is_error_code, Bit16u error_code)
void BX_CPU_C::interrupt(Bit8u vector, bx_bool is_INT, bx_bool is_error_code, Bit16u error_code)
{
#if BX_DEBUGGER
if (bx_guard.special_unwind_stack) {
@ -88,7 +87,8 @@ BX_CPU_THIS_PTR save_esp = ESP;
// prev_errno = BX_CPU_THIS_PTR errorno;
#if BX_SUPPORT_X86_64
if (BX_CPU_THIS_PTR msr.lma) {
if (BX_CPU_THIS_PTR msr.lma)
{
// long mode interrupt
Bit64u idtindex;
@ -113,9 +113,9 @@ BX_CPU_THIS_PTR save_esp = ESP;
exception(BX_GP_EXCEPTION, vector*16 + 2, 0);
}
// descriptor AR byte must indicate interrupt gate, trap gate,
// or task gate, else #GP(vector*8 + 2 + EXT)
idtindex += BX_CPU_THIS_PTR idtr.base;
access_linear(idtindex, 4, 0, BX_READ, &dword1);
@ -124,10 +124,12 @@ BX_CPU_THIS_PTR save_esp = ESP;
parse_descriptor(dword1, dword2, &gate_descriptor);
if ( (gate_descriptor.valid==0) || gate_descriptor.segment) {
if ((gate_descriptor.valid==0) || gate_descriptor.segment)
{
BX_DEBUG(("interrupt(): gate descriptor is not valid sys seg"));
exception(BX_GP_EXCEPTION, vector*8 + 2, 0);
}
switch (gate_descriptor.type) {
//case 5: // task gate
//case 6: // 286 interrupt gate
@ -144,8 +146,8 @@ BX_CPU_THIS_PTR save_esp = ESP;
// if software interrupt, then gate descripor DPL must be >= CPL,
// else #GP(vector * 8 + 2 + EXT)
if (is_INT && (gate_descriptor.dpl < CPL)) {
/* ??? */
if (is_INT && (gate_descriptor.dpl < CPL))
{
BX_DEBUG(("interrupt(): is_INT && (dpl < CPL)"));
exception(BX_GP_EXCEPTION, vector*8 + 2, 0);
return;
@ -156,6 +158,7 @@ BX_CPU_THIS_PTR save_esp = ESP;
BX_DEBUG(("interrupt(): p == 0"));
exception(BX_NP_EXCEPTION, vector*8 + 2, 0);
}
gate_dest_selector = gate_descriptor.u.gate386.dest_selector;
gate_dest_offset = ((Bit64u)dword3 << 32) +
gate_descriptor.u.gate386.dest_offset;
@ -187,6 +190,7 @@ BX_CPU_THIS_PTR save_esp = ESP;
BX_DEBUG(("interrupt(): not code segment"));
exception(BX_GP_EXCEPTION, cs_selector.value & 0xfffc, 0);
}
// check that it's a 64 bit segment
if ( cs_descriptor.u.segment.l == 0 ||
cs_descriptor.u.segment.d_b == 1)
@ -276,7 +280,6 @@ BX_CPU_THIS_PTR save_esp = ESP;
RIP = gate_dest_offset;
// if INTERRUPT GATE set IF to 0
if ( !(gate_descriptor.type & 1) ) // even is int-gate
BX_CPU_THIS_PTR clear_IF ();
@ -389,15 +392,13 @@ BX_CPU_THIS_PTR save_esp = ESP;
// if software interrupt, then gate descripor DPL must be >= CPL,
// else #GP(vector * 8 + 2 + EXT)
if (is_INT && (gate_descriptor.dpl < CPL)) {
/* ??? */
BX_DEBUG(("interrupt(): is_INT && (dpl < CPL)"));
exception(BX_GP_EXCEPTION, vector*8 + 2, 0);
return;
}
// Gate must be present, else #NP(vector * 8 + 2 + EXT)
if (gate_descriptor.p == 0) {
BX_DEBUG(("interrupt(): p == 0"));
BX_DEBUG(("interrupt(): gate not present"));
exception(BX_NP_EXCEPTION, vector*8 + 2, 0);
}
@ -424,6 +425,7 @@ BX_CPU_THIS_PTR save_esp = ESP;
// AR byte must specify available TSS,
// else #TS(TSS selector)
parse_descriptor(dword1, dword2, &tss_descriptor);
if (tss_descriptor.valid==0 || tss_descriptor.segment) {
BX_PANIC(("exception: TSS selector points to bad TSS"));
exception(BX_TS_EXCEPTION, raw_tss_selector & 0xfffc, 0);
@ -487,8 +489,7 @@ BX_CPU_THIS_PTR save_esp = ESP;
// selector must be within its descriptor table limits
// else #GP(selector+EXT)
fetch_raw_descriptor(&cs_selector, &dword1, &dword2,
BX_GP_EXCEPTION);
fetch_raw_descriptor(&cs_selector, &dword1, &dword2, BX_GP_EXCEPTION);
parse_descriptor(dword1, dword2, &cs_descriptor);
// descriptor AR byte must indicate code seg
@ -496,7 +497,8 @@ BX_CPU_THIS_PTR save_esp = ESP;
if ( cs_descriptor.valid==0 ||
cs_descriptor.segment==0 ||
cs_descriptor.u.segment.executable==0 ||
cs_descriptor.dpl>CPL ) {
cs_descriptor.dpl>CPL )
{
BX_DEBUG(("interrupt(): not code segment"));
exception(BX_GP_EXCEPTION, cs_selector.value & 0xfffc, 0);
}
@ -509,7 +511,8 @@ BX_CPU_THIS_PTR save_esp = ESP;
// if code segment is non-conforming and DPL < CPL then
// INTERRUPT TO INNER PRIVILEGE:
if ( cs_descriptor.u.segment.c_ed==0 && cs_descriptor.dpl<CPL ) {
if ( cs_descriptor.u.segment.c_ed==0 && cs_descriptor.dpl<CPL )
{
Bit16u old_SS, old_CS, SS_for_cpl_x;
Bit32u ESP_for_cpl_x, old_EIP, old_ESP;
bx_descriptor_t ss_descriptor;
@ -533,8 +536,7 @@ BX_CPU_THIS_PTR save_esp = ESP;
// else #TS(SS selector + EXT)
parse_selector(SS_for_cpl_x, &ss_selector);
// fetch 2 dwords of descriptor; call handles out of limits checks
fetch_raw_descriptor(&ss_selector, &dword1, &dword2,
BX_TS_EXCEPTION);
fetch_raw_descriptor(&ss_selector, &dword1, &dword2, BX_TS_EXCEPTION);
parse_descriptor(dword1, dword2, &ss_descriptor);
// selector rpl must = dpl of code segment,
@ -556,7 +558,8 @@ BX_CPU_THIS_PTR save_esp = ESP;
if (ss_descriptor.valid==0 ||
ss_descriptor.segment==0 ||
ss_descriptor.u.segment.executable==1 ||
ss_descriptor.u.segment.r_w==0) {
ss_descriptor.u.segment.r_w==0)
{
BX_PANIC(("interrupt(): SS not writable data segment"));
exception(BX_TS_EXCEPTION, SS_for_cpl_x & 0xfffc, 0);
}
@ -593,11 +596,10 @@ BX_CPU_THIS_PTR save_esp = ESP;
// new stack must have room for 10/12 bytes, else #SS(0) 486 book
// PPro+
// new stack must have room for 10/12 bytes, else #SS(seg selector)
if ( !can_push(&ss_descriptor, ESP_for_cpl_x, bytes) ) {
BX_PANIC(("interrupt(): new stack doesn't have room for %u bytes",
(unsigned) bytes));
// SS(???)
exception(BX_SS_EXCEPTION, 0, 0);
if ( !can_push(&ss_descriptor, ESP_for_cpl_x, bytes) )
{
BX_PANIC(("interrupt(): new stack doesn't have room for %u bytes", (unsigned) bytes));
exception(BX_SS_EXCEPTION, SS_for_cpl_x & 0xfffc, 0);
}
// IP must be within CS segment boundaries, else #GP(0)
@ -652,6 +654,7 @@ BX_CPU_THIS_PTR save_esp = ESP;
BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES].cache.valid = 0;
BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES].selector.value = 0;
}
// push long pointer to old stack onto new stack
push_32(old_SS);
push_32(old_ESP);
@ -694,7 +697,8 @@ BX_CPU_THIS_PTR save_esp = ESP;
// if code segment is conforming OR code segment DPL = CPL then
// INTERRUPT TO SAME PRIVILEGE LEVEL:
if ( cs_descriptor.u.segment.c_ed==1 || cs_descriptor.dpl==CPL ) {
if ( cs_descriptor.u.segment.c_ed==1 || cs_descriptor.dpl==CPL )
{
int bytes;
Bit32u temp_ESP;
@ -786,7 +790,10 @@ BX_CPU_THIS_PTR save_esp = ESP;
Bit16u cs_selector, ip;
if ( (vector*4+3) > BX_CPU_THIS_PTR idtr.limit )
BX_PANIC(("interrupt(real mode) vector > limit"));
{
BX_ERROR(("interrupt(real mode) vector > idtr.limit"));
exception(BX_GP_EXCEPTION, 0, 0);
}
push_16(read_flags());
@ -796,7 +803,7 @@ BX_CPU_THIS_PTR save_esp = ESP;
push_16(ip);
access_linear(BX_CPU_THIS_PTR idtr.base + 4 * vector, 2, 0, BX_READ, &ip);
IP = ip;
EIP = (Bit32u) ip;
access_linear(BX_CPU_THIS_PTR idtr.base + 4 * vector + 2, 2, 0, BX_READ, &cs_selector);
load_seg_reg(&BX_CPU_THIS_PTR sregs[BX_SEG_REG_CS], cs_selector);
@ -810,10 +817,9 @@ BX_CPU_THIS_PTR save_esp = ESP;
}
}
void
BX_CPU_C::exception(unsigned vector, Bit16u error_code, bx_bool is_INT)
// vector: 0..255: vector in IDT
// error_code: if exception generates and error, push this error code
void BX_CPU_C::exception(unsigned vector, Bit16u error_code, bx_bool is_INT)
{
bx_bool push_error;
Bit8u exception_type;
@ -1326,4 +1332,5 @@ SYSRET_NON_64BIT_MODE:
RIP = temp_RIP;
}
}
#endif // BX_SUPPORT_X86_64

38
bochs/cpu/segment_ctrl_pro.cc
View File

@ -1,5 +1,5 @@
/////////////////////////////////////////////////////////////////////////
// $Id: segment_ctrl_pro.cc,v 1.29 2004-11-14 19:29:34 sshwarts Exp $
// $Id: segment_ctrl_pro.cc,v 1.30 2005-02-01 21:17:54 sshwarts Exp $
/////////////////////////////////////////////////////////////////////////
//
// Copyright (C) 2001 MandrakeSoft S.A.
@ -25,18 +25,11 @@
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#define NEED_CPU_REG_SHORTCUTS 1
#include "bochs.h"
#define LOG_THIS BX_CPU_THIS_PTR
void BX_CPP_AttrRegparmN(2)
BX_CPU_C::load_seg_reg(bx_segment_reg_t *seg, Bit16u new_value)
{
@ -143,7 +136,8 @@ BX_CPU_C::load_seg_reg(bx_segment_reg_t *seg, Bit16u new_value)
/* AR byte must indicate a writable data segment else #GP(selector) */
if ( (descriptor.segment==0) ||
descriptor.u.segment.executable ||
descriptor.u.segment.r_w==0 ) {
descriptor.u.segment.r_w==0 )
{
BX_ERROR(("load_seg_reg(): not writable data segment"));
exception(BX_GP_EXCEPTION, new_value & 0xfffc, 0);
}
@ -187,7 +181,8 @@ BX_CPU_C::load_seg_reg(bx_segment_reg_t *seg, Bit16u new_value)
|| (seg==&BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS]) ||
(seg==&BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS])
#endif
) {
)
{
Bit16u index;
Bit8u ti;
Bit8u rpl;
@ -250,7 +245,8 @@ BX_CPU_C::load_seg_reg(bx_segment_reg_t *seg, Bit16u new_value)
/* AR byte must indicate data or readable code segment else #GP(selector) */
if ( descriptor.segment==0 ||
(descriptor.u.segment.executable==1 &&
descriptor.u.segment.r_w==0) ) {
descriptor.u.segment.r_w==0) )
{
BX_ERROR(("load_seg_reg(): not data or readable code"));
exception(BX_GP_EXCEPTION, new_value & 0xfffc, 0);
return;
@ -259,7 +255,8 @@ BX_CPU_C::load_seg_reg(bx_segment_reg_t *seg, Bit16u new_value)
/* If data or non-conforming code, then both the RPL and the CPL
* must be less than or equal to DPL in AR byte else #GP(selector) */
if ( descriptor.u.segment.executable==0 ||
descriptor.u.segment.c_ed==0 ) {
descriptor.u.segment.c_ed==0 )
{
if ((rpl > descriptor.dpl) || (CPL > descriptor.dpl)) {
BX_ERROR(("load_seg_reg: RPL & CPL must be <= DPL"));
exception(BX_GP_EXCEPTION, new_value & 0xfffc, 0);
@ -406,8 +403,7 @@ BX_CPU_C::parse_descriptor(Bit32u dword1, Bit32u dword2, bx_descriptor_t *temp)
temp->u.segment.a = (AR_byte >> 0) & 0x01;
temp->u.segment.limit = (dword1 & 0xffff);
temp->u.segment.base = (dword1 >> 16) |
((dword2 & 0xFF) << 16);
temp->u.segment.base = (dword1 >> 16) | ((dword2 & 0xFF) << 16);
#if BX_CPU_LEVEL >= 3
temp->u.segment.limit |= (dword2 & 0x000F0000);
@ -441,14 +437,12 @@ BX_CPU_C::parse_descriptor(Bit32u dword1, Bit32u dword2, bx_descriptor_t *temp)
break;
case 1: // 286 TSS (available)
case 3: // 286 TSS (busy)
temp->u.tss286.base = (dword1 >> 16) |
((dword2 & 0xff) << 16);
temp->u.tss286.base = (dword1 >> 16) | ((dword2 & 0xff) << 16);
temp->u.tss286.limit = (dword1 & 0xffff);
temp->valid = 1;
break;
case 2: // LDT descriptor
temp->u.ldt.base = (dword1 >> 16) |
((dword2 & 0xFF) << 16);
temp->u.ldt.base = (dword1 >> 16) | ((dword2 & 0xFF) << 16);
#if BX_CPU_LEVEL >= 3
temp->u.ldt.base |= (dword2 & 0xff000000);
#endif
@ -497,8 +491,8 @@ BX_CPU_C::parse_descriptor(Bit32u dword1, Bit32u dword2, bx_descriptor_t *temp)
temp->valid = 1;
break;
#endif
default: BX_PANIC(("parse_descriptor(): case %d unfinished",
(unsigned) temp->type));
default:
BX_PANIC(("parse_descriptor(): case %u unfinished", (unsigned) temp->type));
temp->valid = 0;
}
}
@ -620,12 +614,10 @@ BX_INFO(("-----------------------------------"));
BX_READ, dword2);
}
}
#endif
bx_bool BX_CPP_AttrRegparmN(3)
BX_CPU_C::fetch_raw_descriptor2(bx_selector_t *selector,
Bit32u *dword1, Bit32u *dword2)

121
bochs/patches/patch.v8086-exception.lightcone
View File

@ -1,121 +0,0 @@
----------------------------------------------------------------------
Patch name: patch.v8086-exception.lightcone
Author: LightCone
Date: Thu Aug 7 2003
Status: Proposed
Detailed description:
This is a reformat of SF patch #704181 CPU interrupt function
Here is what the author wrote:
Since the bug of bochs-2.0.win32 was found and
corrected, it reports. cpu/exception.cpp of src : Within
an interrupt() function, when present is the V8086 mode,
a bug is in the portion which processes 386 (286)
int/trap gate. From the V8086 mode, this portion is
performed, when it is going to execute an int imm
command. The portion in which push_32 () is called in
the state of VM=1 is still a mistake. Although this
push_32 () tends to write in to the stack of a protected
mode, if it is still VM=1 of EFLAGS, the
write_virtual_dword() function called out of push_32 () will
take out a segment protection exception. After
performing clear_VM() etc., it is necessary to make it
call push_32 () correctly, since EFLAGS is saved locally.
Patch was created with:
cvs diff -u
Apply patch to what version:
cvs checked out on Thu Aug 7 2003
Instructions:
To patch, go to main bochs directory.
Type "patch -p0 < THIS_PATCH_FILE".
----------------------------------------------------------------------
Index: cpu/exception.cc
===================================================================
RCS file: /cvsroot/bochs/bochs/cpu/exception.cc,v
retrieving revision 1.33
diff -u -r1.33 exception.cc
--- cpu/exception.cc 26 Feb 2003 02:48:12 -0000 1.33
+++ cpu/exception.cc 7 Aug 2003 09:02:24 -0000
@@ -637,9 +637,23 @@
// set RPL of CS to CPL
load_cs(&cs_selector, &cs_descriptor, cs_descriptor.dpl);
EIP = gate_dest_offset;
+
+ // Modified by LightCone
+ Bit32u old_EFLAGS= read_eflags();
+ bx_bool bV8086Mode= v8086_mode();
+
+ // if INTERRUPT GATE set IF to 0
+ if ( !(gate_descriptor.type & 1) ) {// even is int-gate
+ BX_CPU_THIS_PTR clear_IF ();
+ }
+ BX_CPU_THIS_PTR clear_TF ();
+ BX_CPU_THIS_PTR clear_VM ();
+ BX_CPU_THIS_PTR clear_RF ();
+ BX_CPU_THIS_PTR clear_NT ();
+
if (gate_descriptor.type>=14) { // 386 int/trap gate
- if (v8086_mode()) {
+ if (bV8086Mode) {
push_32(BX_CPU_THIS_PTR sregs[BX_SEG_REG_GS].selector.value);
push_32(BX_CPU_THIS_PTR sregs[BX_SEG_REG_FS].selector.value);
push_32(BX_CPU_THIS_PTR sregs[BX_SEG_REG_DS].selector.value);
@@ -653,46 +667,43 @@
BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES].cache.valid = 0;
BX_CPU_THIS_PTR sregs[BX_SEG_REG_ES].selector.value = 0;
}
+
// push long pointer to old stack onto new stack
push_32(old_SS);
push_32(old_ESP);
// push EFLAGS
- push_32(read_eflags());
+ push_32(old_EFLAGS);
// push long pointer to return address onto new stack
push_32(old_CS);
push_32(old_EIP);
- if ( is_error_code )
+ if ( is_error_code ) {
push_32(error_code);
+ }
}
else { // 286 int/trap gate
- if (v8086_mode()) {
+ if (bV8086Mode) {
BX_PANIC(("286 int/trap gate, VM"));
}
+
// push long pointer to old stack onto new stack
push_16(old_SS);
push_16(old_ESP); // ignores upper 16bits
// push FLAGS
- push_16(read_flags());
+ push_16((Bit16u)old_EFLAGS);
// push return address onto new stack
push_16(old_CS);
push_16(old_EIP); // ignores upper 16bits
- if ( is_error_code )
+ if ( is_error_code ) {
push_16(error_code);
+ }
}
- // if INTERRUPT GATE set IF to 0
- if ( !(gate_descriptor.type & 1) ) // even is int-gate
- BX_CPU_THIS_PTR clear_IF ();
- BX_CPU_THIS_PTR clear_TF ();
- BX_CPU_THIS_PTR clear_VM ();
- BX_CPU_THIS_PTR clear_RF ();
- BX_CPU_THIS_PTR clear_NT ();
return;
}