All of lore.kernel.org
 help / color / mirror / Atom feed
* [Qemu-devel] Can't switch to 64bit mode at boot, how to debug?
@ 2012-11-17 17:50 Goswin von Brederlow
  2012-11-17 19:58 ` Max Filippov
  0 siblings, 1 reply; 6+ messages in thread
From: Goswin von Brederlow @ 2012-11-17 17:50 UTC (permalink / raw)
  To: qemu-devel

Hi,

I'm having problems with the startup code for my toy kernel for amd64 that
switches from 32bit mode to 64bit mode and I'm at a loss how to debug this.
The code used to work last year (with qemu-kvm 0.14.0) but fails now with
QEMU emulator version 1.1.0 (Debian 1.1.0+dfsg-1).

Has something been changed in the boot environment for the multiboot?

When I start qemu I get the following:

% qemu -s -m 64 -kernel loader -initrd "../../kernel/moose arg=arg"
Could not open option rom 'kvmvapic.bin': No such file or directory
Trying to execute code outside RAM or ROM at 0x001000c1

EAX=80000013 EBX=0010fc90 ECX=c0000080 EDX=00000000
ESI=00009500 EDI=00107000 EBP=0010b000 ESP=0010afb4
EIP=001000c1 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
CS =0008 00000000 ffffffff 00cf9a00 DPL=0 CS32 [-R-]
SS =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
DS =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
FS =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
GS =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
LDT=0000 00000000 0000ffff 00008200 DPL=0 LDT
TR =0000 00000000 0000ffff 00008b00 DPL=0 TSS32-busy
GDT=     00100dc8 00000028
IDT=     00000000 000003ff
CR0=80000013 CR2=00000000 CR3=00101000 CR4=00000020
DR0=00000000 DR1=00000000 DR2=00000000 DR3=00000000 
DR6=ffff0ff0 DR7=00000400
CCS=00000000 CCD=00000000 CCO=SARL    
EFER=0000000000000000
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
zsh: abort      qemu -s -m 64 -kernel loader -initrd "../../kernel/moose arg=arg"

0x001000c1 is the next instruction after the "movl %eax, %cr0" instruction
that enables protected mode and paging.

So how do I debug this? Can I tell qemu to go into monitor mode instead of
quiting?

Or can someone spot the problem from the source?

MfG
	Goswin
--
----------------------------------------------------------------------
#define ASM     1
#include <multiboot.h>
        
        .text

        .globl  start, _start
        .code32
start:
_start:
        jmp     multiboot_entry

        /* Align 32 bits boundary.  */
        .align  4
        
        /* Multiboot header.  */
multiboot_header:
        /* magic */
        .long   MULTIBOOT_HEADER_MAGIC
        /* flags */
        .long   MULTIBOOT_HEADER_FLAGS
        /* checksum */
        .long   -(MULTIBOOT_HEADER_MAGIC + MULTIBOOT_HEADER_FLAGS)
#ifndef __ELF__
        /* header_addr */
        .long   multiboot_header
        /* load_addr */
        .long   _start
        /* load_end_addr */
        .long   _edata
        /* bss_end_addr */
        .long   _end
        /* entry_addr */
        .long   multiboot_entry
#endif /* ! __ELF__ */

multiboot_entry:
        /* Initialize the stack pointer.  */
        movl    $(stack + STACK_SIZE), %esp

        /* Reset EFLAGS.  */
        pushl   $0
        popf

        /* Push the pointer to the Multiboot information structure.  */
        pushl   %ebx
        /* Push the magic value.  */
        pushl   %eax

        /* Enable PAE */
        movl    %cr4, %eax
        btsl    $5, %eax
        movl    %eax, %cr4

	/*
	 * Build early 4G boot pagetable
	 */
        /* Initialize Page tables to 0 */
        leal    pgtable, %edi
        xorl    %eax, %eax
        movl    $((4096*6)/4), %ecx
        rep     stosl

        /* Build Level 4 */
        leal    pgtable + 0, %edi
        leal    0x1007 (%edi), %eax
        movl    %eax, 0(%edi)

        /* Build Level 3 */
        leal    pgtable + 0x1000, %edi
        leal    0x1007(%edi), %eax
        movl    $4, %ecx
1:      movl    %eax, 0x00(%edi)
        addl    $0x00001000, %eax
        addl    $8, %edi
        decl    %ecx
        jnz     1b

        /* Build Level 2 */
        leal    pgtable + 0x2000, %edi
        movl    $0x00000183, %eax
        movl    $2048, %ecx
1:      movl    %eax, 0(%edi)
        addl    $0x00200000, %eax
        addl    $8, %edi
        decl    %ecx
        jnz     1b

        /* Load gdt */
        lgdt    gdt
        
        /* Load Level 4 page table (page 128) */
        leal    pgtable, %eax
        movl    %eax, %cr3
        
        /* Enable long mode */
        movl    $0xc0000080, %ecx
        rdmsr
        btsl    $8, %eax
        wrmsr

        /* enable paging to activate long mode */
        movl    %cr0, %eax
        btsl    $1, %eax        /* protected mode */
        btsl    $31, %eax       /* paging */
        movl    %eax, %cr0

        /* jump to 64bit mode */
        pushl   $0x8
        movl    $startup_64, %eax
        pushl   %eax
        lret


	.code64
startup_64:
_startup_64:
loop4:
	// Dummy code that just twirls the first char on the screen
        addq    $0x1,0xb8000
        jmp     loop4

        /* Our stack area.  */
        .comm   stack, STACK_SIZE
        
        .data
gdt:
        .word   gdt_end - gdt_base
        .long   gdt_base
        .long   0
idt:
        .word   idt_end - idt_base
        .long   idt_base
        .long   0
        
        .balign 8
        .globl gdt_base
gdt_base:
        .quad   0x0000000000000000      /* NULL descriptor */
        .quad   0x00af9a000000ffff      /* __KERNEL_CS */
        .quad   0x00cf92000000ffff      /* __KERNEL_DS */
        .quad   0x0080890000000000      /* TS descriptor */
        .quad   0x0000000000000000      /* TS continued */
gdt_end:

        .balign 8
idt_base:
        .quad   0x0000000000000000
        .quad   0x0000000000000000
idt_end:
/*
 * Space for page tables (not in .bss so not zeroed)
 */
        .bss
        .balign 4096
pgtable:
        .fill 6*4096, 1, 0

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [Qemu-devel] Can't switch to 64bit mode at boot, how to debug?
  2012-11-17 17:50 [Qemu-devel] Can't switch to 64bit mode at boot, how to debug? Goswin von Brederlow
@ 2012-11-17 19:58 ` Max Filippov
  2012-11-17 20:18   ` Max Filippov
  2012-11-17 22:09   ` Goswin von Brederlow
  0 siblings, 2 replies; 6+ messages in thread
From: Max Filippov @ 2012-11-17 19:58 UTC (permalink / raw)
  To: Goswin von Brederlow; +Cc: qemu-devel

On Sat, Nov 17, 2012 at 9:50 PM, Goswin von Brederlow <goswin-v-b@web.de> wrote:
> Hi,
>
> I'm having problems with the startup code for my toy kernel for amd64 that
> switches from 32bit mode to 64bit mode and I'm at a loss how to debug this.
> The code used to work last year (with qemu-kvm 0.14.0) but fails now with
> QEMU emulator version 1.1.0 (Debian 1.1.0+dfsg-1).
>
> Has something been changed in the boot environment for the multiboot?
>
> When I start qemu I get the following:
>
> % qemu -s -m 64 -kernel loader -initrd "../../kernel/moose arg=arg"
> Could not open option rom 'kvmvapic.bin': No such file or directory
> Trying to execute code outside RAM or ROM at 0x001000c1
>
> EAX=80000013 EBX=0010fc90 ECX=c0000080 EDX=00000000
> ESI=00009500 EDI=00107000 EBP=0010b000 ESP=0010afb4
> EIP=001000c1 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
> ES =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
> CS =0008 00000000 ffffffff 00cf9a00 DPL=0 CS32 [-R-]
> SS =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
> DS =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
> FS =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
> GS =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
> LDT=0000 00000000 0000ffff 00008200 DPL=0 LDT
> TR =0000 00000000 0000ffff 00008b00 DPL=0 TSS32-busy
> GDT=     00100dc8 00000028
> IDT=     00000000 000003ff
> CR0=80000013 CR2=00000000 CR3=00101000 CR4=00000020
> DR0=00000000 DR1=00000000 DR2=00000000 DR3=00000000
> DR6=ffff0ff0 DR7=00000400
> CCS=00000000 CCD=00000000 CCO=SARL
> EFER=0000000000000000
> FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
> FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
> FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
> FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
> FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
> XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
> XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
> XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
> XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
> zsh: abort      qemu -s -m 64 -kernel loader -initrd "../../kernel/moose arg=arg"
>
> 0x001000c1 is the next instruction after the "movl %eax, %cr0" instruction
> that enables protected mode and paging.
>
> So how do I debug this? Can I tell qemu to go into monitor mode instead of
> quiting?

Try adding -S to your qemu command line and then connecting to it with gdb:

$ qemu-system-x86_64 -s -S -nographic -serial none -monitor stdio -kernel test
QEMU 1.2.50 monitor - type 'help' for more information
(qemu)

$ gdb
...
(gdb) target remote 127.0.0.1:1234
Remote debugging using 127.0.0.1:1234
0x0000fff0 in ?? ()
(gdb) b *0x100000
Breakpoint 1 at 0x100000
(gdb) c
Continuing.

Breakpoint 1, 0x00100000 in ?? ()
(gdb) display/10i $pc
1: x/10i $pc
=> 0x100000:    jmp    0x100010
   0x100002:    xchg   %ax,%ax
   0x100004:    add    0x31bad(%eax),%dh
   0x10000a:    add    %al,(%eax)
   0x10000c:    sti
   0x10000d:    dec    %edi
   0x10000e:    push   %edx
   0x10000f:    in     $0xbc,%al
   0x100011:    add    %dh,0x6a0010(%eax)
   0x100017:    popf

...

> Or can someone spot the problem from the source?
>
> MfG
>         Goswin
> --
> ----------------------------------------------------------------------
> #define ASM     1
> #include <multiboot.h>
>
>         .text
>
>         .globl  start, _start
>         .code32
> start:
> _start:
>         jmp     multiboot_entry
>
>         /* Align 32 bits boundary.  */
>         .align  4
>
>         /* Multiboot header.  */
> multiboot_header:
>         /* magic */
>         .long   MULTIBOOT_HEADER_MAGIC
>         /* flags */
>         .long   MULTIBOOT_HEADER_FLAGS
>         /* checksum */
>         .long   -(MULTIBOOT_HEADER_MAGIC + MULTIBOOT_HEADER_FLAGS)
> #ifndef __ELF__
>         /* header_addr */
>         .long   multiboot_header
>         /* load_addr */
>         .long   _start
>         /* load_end_addr */
>         .long   _edata
>         /* bss_end_addr */
>         .long   _end
>         /* entry_addr */
>         .long   multiboot_entry
> #endif /* ! __ELF__ */
>
> multiboot_entry:
>         /* Initialize the stack pointer.  */
>         movl    $(stack + STACK_SIZE), %esp
>
>         /* Reset EFLAGS.  */
>         pushl   $0
>         popf
>
>         /* Push the pointer to the Multiboot information structure.  */
>         pushl   %ebx
>         /* Push the magic value.  */
>         pushl   %eax
>
>         /* Enable PAE */
>         movl    %cr4, %eax
>         btsl    $5, %eax
>         movl    %eax, %cr4

Interestingly with the current HEAD the code disappears after this instruction:

(qemu) p/x $eip
0x100024
(qemu) x/10i 0x00100021
0x0000000000100021:  mov    %eax,%cr4
0x0000000000100024:  lea    0x101000,%edi
0x000000000010002a:  xor    %eax,%eax
0x000000000010002c:  mov    $0x1800,%ecx
0x0000000000100031:  rep stos %eax,%es:(%edi)
0x0000000000100033:  lea    0x101000,%edi
0x0000000000100039:  lea    0x1007(%edi),%eax
0x000000000010003f:  mov    %eax,(%edi)
0x0000000000100041:  lea    0x102000,%edi
0x0000000000100047:  lea    0x1007(%edi),%eax

<<<single step in the debugger>>>

(qemu) p/x $eip
0x100024
(qemu) x/10i 0x00100021
0x0000000000100021:  add    %dl,0x33(%ebp)
0x0000000000100024:  add    %dl,0x33(%ebp)
0x0000000000100027:  add    %dl,0x33(%ebp)
0x000000000010002a:  add    %dl,0x33(%ebp)
0x000000000010002d:  add    %dl,0x33(%ebp)
0x0000000000100030:  add    %dl,0x33(%ebp)
0x0000000000100033:  add    %dl,0x33(%ebp)
0x0000000000100036:  add    %dl,0x33(%ebp)
0x0000000000100039:  add    %dl,0x33(%ebp)
0x000000000010003c:  add    %dl,0x33(%ebp)
(qemu) info registers
EAX=00000020 EBX=00009500 ECX=00100000 EDX=00000511
ESI=00000000 EDI=0010c000 EBP=00000000 ESP=0010aff8
EIP=00100024 EFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
CS =0008 00000000 ffffffff 00cf9a00 DPL=0 CS32 [-R-]
SS =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
DS =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
FS =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
GS =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
LDT=0000 00000000 0000ffff 00008200 DPL=0 LDT
TR =0000 00000000 0000ffff 00008b00 DPL=0 TSS32-busy
GDT=     000ca210 00000027
IDT=     00000000 000003ff
CR0=00000011 CR2=00000000 CR3=00000000 CR4=00000020
...

Looks like PAE support is broken.

-- 
Thanks.
-- Max

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [Qemu-devel] Can't switch to 64bit mode at boot, how to debug?
  2012-11-17 19:58 ` Max Filippov
@ 2012-11-17 20:18   ` Max Filippov
  2012-11-17 21:55     ` Goswin von Brederlow
  2012-11-17 22:09   ` Goswin von Brederlow
  1 sibling, 1 reply; 6+ messages in thread
From: Max Filippov @ 2012-11-17 20:18 UTC (permalink / raw)
  To: Goswin von Brederlow; +Cc: qemu-devel

On Sat, Nov 17, 2012 at 11:58 PM, Max Filippov <jcmvbkbc@gmail.com> wrote:
> On Sat, Nov 17, 2012 at 9:50 PM, Goswin von Brederlow <goswin-v-b@web.de> wrote:
>>         /* Enable PAE */
>>         movl    %cr4, %eax
>>         btsl    $5, %eax
>>         movl    %eax, %cr4
>
> Interestingly with the current HEAD the code disappears after this instruction:

...only from gdb output. xp in qemu monitor still works, looks like
the issue here
is with code access for gdb.

Otherwise it works for me both with the current HEAD, and with v1.1.0.
I built your kernel like this:

gcc -I. -m32 test.S -nodefaultlibs -nostartfiles -Wl,-N -Wl,-Ttext
-Wl,100000 -Wl,--build-id=none -o test

-- 
Thanks.
-- Max

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [Qemu-devel] Can't switch to 64bit mode at boot, how to debug?
  2012-11-17 20:18   ` Max Filippov
@ 2012-11-17 21:55     ` Goswin von Brederlow
  0 siblings, 0 replies; 6+ messages in thread
From: Goswin von Brederlow @ 2012-11-17 21:55 UTC (permalink / raw)
  To: Max Filippov; +Cc: qemu-devel

On Sat, Nov 17, 2012 at 11:18:03PM +0300, Max Filippov wrote:
> On Sat, Nov 17, 2012 at 11:58 PM, Max Filippov <jcmvbkbc@gmail.com> wrote:
> > On Sat, Nov 17, 2012 at 9:50 PM, Goswin von Brederlow <goswin-v-b@web.de> wrote:
> >>         /* Enable PAE */
> >>         movl    %cr4, %eax
> >>         btsl    $5, %eax
> >>         movl    %eax, %cr4
> >
> > Interestingly with the current HEAD the code disappears after this instruction:
> 
> ...only from gdb output. xp in qemu monitor still works, looks like
> the issue here
> is with code access for gdb.
> 
> Otherwise it works for me both with the current HEAD, and with v1.1.0.
> I built your kernel like this:
> 
> gcc -I. -m32 test.S -nodefaultlibs -nostartfiles -Wl,-N -Wl,-Ttext
> -Wl,100000 -Wl,--build-id=none -o test
> 
> -- 
> Thanks.
> -- Max
> 

Args, the problem was that I used "qemu", which currently links to
qemu-system-i386 instead of "qemu-system-x86_64". A some point in the last
year the alternative setting must have reverted from x86_64 to the default
of i386.

MfG
	Goswin

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [Qemu-devel] Can't switch to 64bit mode at boot, how to debug?
  2012-11-17 19:58 ` Max Filippov
  2012-11-17 20:18   ` Max Filippov
@ 2012-11-17 22:09   ` Goswin von Brederlow
  2012-11-17 22:38     ` Max Filippov
  1 sibling, 1 reply; 6+ messages in thread
From: Goswin von Brederlow @ 2012-11-17 22:09 UTC (permalink / raw)
  To: qemu-devel

On Sat, Nov 17, 2012 at 10:58:17PM +0300, Max Filippov wrote:
> On Sat, Nov 17, 2012 at 9:50 PM, Goswin von Brederlow <goswin-v-b@web.de> wrote:
> > Hi,
> >
> > I'm having problems with the startup code for my toy kernel for amd64 that
> > switches from 32bit mode to 64bit mode and I'm at a loss how to debug this.
> > The code used to work last year (with qemu-kvm 0.14.0) but fails now with
> > QEMU emulator version 1.1.0 (Debian 1.1.0+dfsg-1).
> >
> > Has something been changed in the boot environment for the multiboot?
> >
> > When I start qemu I get the following:
> >
> > % qemu -s -m 64 -kernel loader -initrd "../../kernel/moose arg=arg"
> > Could not open option rom 'kvmvapic.bin': No such file or directory
> > Trying to execute code outside RAM or ROM at 0x001000c1
> >
> > EAX=80000013 EBX=0010fc90 ECX=c0000080 EDX=00000000
> > ESI=00009500 EDI=00107000 EBP=0010b000 ESP=0010afb4
> > EIP=001000c1 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
> > ES =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
> > CS =0008 00000000 ffffffff 00cf9a00 DPL=0 CS32 [-R-]
> > SS =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
> > DS =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
> > FS =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
> > GS =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
> > LDT=0000 00000000 0000ffff 00008200 DPL=0 LDT
> > TR =0000 00000000 0000ffff 00008b00 DPL=0 TSS32-busy
> > GDT=     00100dc8 00000028
> > IDT=     00000000 000003ff
> > CR0=80000013 CR2=00000000 CR3=00101000 CR4=00000020
> > DR0=00000000 DR1=00000000 DR2=00000000 DR3=00000000
> > DR6=ffff0ff0 DR7=00000400
> > CCS=00000000 CCD=00000000 CCO=SARL
> > EFER=0000000000000000
> > FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
> > FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
> > FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
> > FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
> > FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
> > XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
> > XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
> > XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
> > XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
> > zsh: abort      qemu -s -m 64 -kernel loader -initrd "../../kernel/moose arg=arg"
> >
> > 0x001000c1 is the next instruction after the "movl %eax, %cr0" instruction
> > that enables protected mode and paging.
> >
> > So how do I debug this? Can I tell qemu to go into monitor mode instead of
> > quiting?
> 
> Try adding -S to your qemu command line and then connecting to it with gdb:
> 
> $ qemu-system-x86_64 -s -S -nographic -serial none -monitor stdio -kernel test
> QEMU 1.2.50 monitor - type 'help' for more information
> (qemu)
> 
> $ gdb
> ...
> (gdb) target remote 127.0.0.1:1234
> Remote debugging using 127.0.0.1:1234
> 0x0000fff0 in ?? ()

I tried that. But qemu still simply quits when it hits the above problem
instead of jumping into gdb.

> (gdb) b *0x100000
> Breakpoint 1 at 0x100000
> (gdb) c
> Continuing.

That works, but only for addresses BEFORE where it crashes. What works, but
in no way helps (see below), it setting the breakpoint before the last
instruction and then "stepi".

Only way that would help would be entering the monitor mode on such an error.
 
> Breakpoint 1, 0x00100000 in ?? ()
> (gdb) display/10i $pc
> 1: x/10i $pc
> => 0x100000:    jmp    0x100010
>    0x100002:    xchg   %ax,%ax
>    0x100004:    add    0x31bad(%eax),%dh
>    0x10000a:    add    %al,(%eax)
>    0x10000c:    sti
>    0x10000d:    dec    %edi
>    0x10000e:    push   %edx
>    0x10000f:    in     $0xbc,%al
>    0x100011:    add    %dh,0x6a0010(%eax)
>    0x100017:    popf
> 
> ...
> 
> > Or can someone spot the problem from the source?
> >
> > MfG
> >         Goswin
> > --
> > ----------------------------------------------------------------------
> > #define ASM     1
> > #include <multiboot.h>
> >
> >         .text
> >
> >         .globl  start, _start
> >         .code32
> > start:
> > _start:
> >         jmp     multiboot_entry
> >
> >         /* Align 32 bits boundary.  */
> >         .align  4
> >
> >         /* Multiboot header.  */
> > multiboot_header:
> >         /* magic */
> >         .long   MULTIBOOT_HEADER_MAGIC
> >         /* flags */
> >         .long   MULTIBOOT_HEADER_FLAGS
> >         /* checksum */
> >         .long   -(MULTIBOOT_HEADER_MAGIC + MULTIBOOT_HEADER_FLAGS)
> > #ifndef __ELF__
> >         /* header_addr */
> >         .long   multiboot_header
> >         /* load_addr */
> >         .long   _start
> >         /* load_end_addr */
> >         .long   _edata
> >         /* bss_end_addr */
> >         .long   _end
> >         /* entry_addr */
> >         .long   multiboot_entry
> > #endif /* ! __ELF__ */
> >
> > multiboot_entry:
> >         /* Initialize the stack pointer.  */
> >         movl    $(stack + STACK_SIZE), %esp
> >
> >         /* Reset EFLAGS.  */
> >         pushl   $0
> >         popf
> >
> >         /* Push the pointer to the Multiboot information structure.  */
> >         pushl   %ebx
> >         /* Push the magic value.  */
> >         pushl   %eax
> >
> >         /* Enable PAE */
> >         movl    %cr4, %eax
> >         btsl    $5, %eax
> >         movl    %eax, %cr4
> 
> Interestingly with the current HEAD the code disappears after this instruction:
> 
> (qemu) p/x $eip
> 0x100024
> (qemu) x/10i 0x00100021
> 0x0000000000100021:  mov    %eax,%cr4
> 0x0000000000100024:  lea    0x101000,%edi
> 0x000000000010002a:  xor    %eax,%eax
> 0x000000000010002c:  mov    $0x1800,%ecx
> 0x0000000000100031:  rep stos %eax,%es:(%edi)
> 0x0000000000100033:  lea    0x101000,%edi
> 0x0000000000100039:  lea    0x1007(%edi),%eax
> 0x000000000010003f:  mov    %eax,(%edi)
> 0x0000000000100041:  lea    0x102000,%edi
> 0x0000000000100047:  lea    0x1007(%edi),%eax
> 
> <<<single step in the debugger>>>
> 
> (qemu) p/x $eip
> 0x100024
> (qemu) x/10i 0x00100021
> 0x0000000000100021:  add    %dl,0x33(%ebp)
> 0x0000000000100024:  add    %dl,0x33(%ebp)
> 0x0000000000100027:  add    %dl,0x33(%ebp)
> 0x000000000010002a:  add    %dl,0x33(%ebp)
> 0x000000000010002d:  add    %dl,0x33(%ebp)
> 0x0000000000100030:  add    %dl,0x33(%ebp)
> 0x0000000000100033:  add    %dl,0x33(%ebp)
> 0x0000000000100036:  add    %dl,0x33(%ebp)
> 0x0000000000100039:  add    %dl,0x33(%ebp)
> 0x000000000010003c:  add    %dl,0x33(%ebp)
> (qemu) info registers
> EAX=00000020 EBX=00009500 ECX=00100000 EDX=00000511
> ESI=00000000 EDI=0010c000 EBP=00000000 ESP=0010aff8
> EIP=00100024 EFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
> ES =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
> CS =0008 00000000 ffffffff 00cf9a00 DPL=0 CS32 [-R-]
> SS =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
> DS =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
> FS =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
> GS =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
> LDT=0000 00000000 0000ffff 00008200 DPL=0 LDT
> TR =0000 00000000 0000ffff 00008b00 DPL=0 TSS32-busy
> GDT=     000ca210 00000027
> IDT=     00000000 000003ff
> CR0=00000011 CR2=00000000 CR3=00000000 CR4=00000020
> ...
> 
> Looks like PAE support is broken.

Yeah, any memory read just returns all zeroes. That threw me too. I had
to debug this by adding "mov $0x101000,%ebx" type instructions and then
check the contents of ebx on crash. I wagely remember this always being
broken.

My assumption would be that I'm setting up the gdt, paging, the page tables
and such and the debug mode already tries to use them while the cpu is
still in the original mode. So the two don't agree on what is where.

MfG
	Goswin

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [Qemu-devel] Can't switch to 64bit mode at boot, how to debug?
  2012-11-17 22:09   ` Goswin von Brederlow
@ 2012-11-17 22:38     ` Max Filippov
  0 siblings, 0 replies; 6+ messages in thread
From: Max Filippov @ 2012-11-17 22:38 UTC (permalink / raw)
  To: Goswin von Brederlow; +Cc: qemu-devel

On Sun, Nov 18, 2012 at 2:09 AM, Goswin von Brederlow <goswin-v-b@web.de> wrote:
> On Sat, Nov 17, 2012 at 10:58:17PM +0300, Max Filippov wrote:
>> On Sat, Nov 17, 2012 at 9:50 PM, Goswin von Brederlow <goswin-v-b@web.de> wrote:

[...]

>> (gdb) b *0x100000
>> Breakpoint 1 at 0x100000
>> (gdb) c
>> Continuing.
>
> That works, but only for addresses BEFORE where it crashes. What works, but
> in no way helps (see below), it setting the breakpoint before the last
> instruction and then "stepi".
>
> Only way that would help would be entering the monitor mode on such an error.

Ok, I think I can cook a patch for that, but how are you going to use it?
The issue is not reproducible with mainline qemu, neither current nor v1.1.0

[...]

>> Looks like PAE support is broken.
>
> Yeah, any memory read just returns all zeroes. That threw me too. I had
> to debug this by adding "mov $0x101000,%ebx" type instructions and then
> check the contents of ebx on crash. I wagely remember this always being
> broken.
>
> My assumption would be that I'm setting up the gdt, paging, the page tables
> and such and the debug mode already tries to use them while the cpu is
> still in the original mode. So the two don't agree on what is where.

There's a bug related to PAE in the debug interface, I've posted a patch that
should fix that:
https://lists.gnu.org/archive/html/qemu-devel/2012-11/msg01635.html

-- 
Thanks.
-- Max

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2012-11-17 22:38 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-11-17 17:50 [Qemu-devel] Can't switch to 64bit mode at boot, how to debug? Goswin von Brederlow
2012-11-17 19:58 ` Max Filippov
2012-11-17 20:18   ` Max Filippov
2012-11-17 21:55     ` Goswin von Brederlow
2012-11-17 22:09   ` Goswin von Brederlow
2012-11-17 22:38     ` Max Filippov

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.