[Qemu-devel] Problem with DOS application and 286 DOS Extender application

[Qemu-devel] Problem with DOS application and 286 DOS Extender application

[Gerhard Wiesinger]

Hello,

I'm having a problem with a DOS application which uses a 286 DOS 
Extender, error message is as the following:
unable to create task for execution
Interrupt 10 (Ah) while creating task: Invalid task segment selector.
Happens with QEMM386 and HIMEM.SYS/EMM386.EXE.

I guess the application does at this point swithing to 286 protected mode and 
trying to move conventional memory up to EMS memory.

Issue is NOT present under VMWare Server 2.0 and with real hardware.

DOS; MS-DOS 6.22
QEMU: 0.12.3 under Fedora 11, 2.6.30.10-105.2.23.fc11.x86 on AMD Phenom II Quad 
Core, x86_64-softmmu.

Any comments or ideas (I guess something with protected mode and MMU might 
be wrong)?

Thnx.

Ciao,
Gerhard

--
http://www.wiesinger.com/

Re: [Qemu-devel] Problem with DOS application and 286 DOS Extender application

[Roy Tam]

2010/4/13 Gerhard Wiesinger <lists@wiesinger.com>:
> Hello,
>
> I'm having a problem with a DOS application which uses a 286 DOS Extender,
> error message is as the following:
> unable to create task for execution
> Interrupt 10 (Ah) while creating task: Invalid task segment selector.
> Happens with QEMM386 and HIMEM.SYS/EMM386.EXE.
>
> I guess the application does at this point swithing to 286 protected mode
> and trying to move conventional memory up to EMS memory.
>
> Issue is NOT present under VMWare Server 2.0 and with real hardware.
>
> DOS; MS-DOS 6.22
> QEMU: 0.12.3 under Fedora 11, 2.6.30.10-105.2.23.fc11.x86 on AMD Phenom II
> Quad Core, x86_64-softmmu.
>
> Any comments or ideas (I guess something with protected mode and MMU might
> be wrong)?
>

You need to mention the program name so that people can try to
reproduce the bug.

> Thnx.
>
> Ciao,
> Gerhard
>
> --
> http://www.wiesinger.com/
>
>
>

Re: [Qemu-devel] Problem with DOS application and 286 DOS Extender application

[Gerhard Wiesinger]

On Tue, 13 Apr 2010, Roy Tam wrote:

> 2010/4/13 Gerhard Wiesinger <lists@wiesinger.com>:
>> Hello,
>>
>> I'm having a problem with a DOS application which uses a 286 DOS Extender,
>> error message is as the following:
>> unable to create task for execution
>> Interrupt 10 (Ah) while creating task: Invalid task segment selector.
>> Happens with QEMM386 and HIMEM.SYS/EMM386.EXE.
>>
>> I guess the application does at this point swithing to 286 protected mode
>> and trying to move conventional memory up to EMS memory.
>>
>> Issue is NOT present under VMWare Server 2.0 and with real hardware.
>>
>> DOS; MS-DOS 6.22
>> QEMU: 0.12.3 under Fedora 11, 2.6.30.10-105.2.23.fc11.x86 on AMD Phenom II
>> Quad Core, x86_64-softmmu.
>>
>> Any comments or ideas (I guess something with protected mode and MMU might
>> be wrong)?
>>
>
> You need to mention the program name so that people can try to
> reproduce the bug.
>

It is a non public, proprietary application which uses the Ergo Computing 
286 DOS Extender. I guess some other application which use the same DOS 
extender have the same problem. So best thing is to find another 
application which uses the Ergo Computing 286 DOS Extender, too.

Ciao,
Gerhard

--
http://www.wiesinger.com/

Re: [Qemu-devel] Problem with DOS application and 286 DOS Extender application

[Jamie Lokier]

Gerhard Wiesinger wrote:
> It is a non public, proprietary application which uses the Ergo Computing 
> 286 DOS Extender. I guess some other application which use the same DOS 
> extender have the same problem. So best thing is to find another 
> application which uses the Ergo Computing 286 DOS Extender, too.

The 286 was obsolete 20 years ago, although code depending on it
persisted for some years after.

I'm fairly sure the number of people using (or trying to use) Qemu
with 286-specific code is very small indeed, so unfortunately for a
286 problem, you will need to help reproduce it as much as you can for
it to be fixed.

Note that Qemu doesn't emulate segments properly even for 32-bit x86
code, and 16-bit (286) code depends on that all the more.  That may be
the problem.

Or it may be the "reset using keyboard controller and BIOS" method
used to switch from protected mode to real mode on a 286 is not
implemented properly, or is not supported by the BIOS properly.

Or it may simply be a bug in 16-bit task segment switching or
something like that, which is quite complex and so rarely used that it
might never have been properly tested.

Did you try running the application under Bochs, which has a more
accurate emulation of very old x86 CPUs?

-- Jamie

[Qemu-devel] Re: Problem with DOS application and 286 DOS Extender application

[Jan Kiszka]

[-- Attachment #1: Type: text/plain, Size: 2492 bytes --]

Jamie Lokier wrote:
> Gerhard Wiesinger wrote:
>> It is a non public, proprietary application which uses the Ergo Computing 
>> 286 DOS Extender. I guess some other application which use the same DOS 
>> extender have the same problem. So best thing is to find another 
>> application which uses the Ergo Computing 286 DOS Extender, too.
> 
> The 286 was obsolete 20 years ago, although code depending on it
> persisted for some years after.
> 
> I'm fairly sure the number of people using (or trying to use) Qemu
> with 286-specific code is very small indeed, so unfortunately for a
> 286 problem, you will need to help reproduce it as much as you can for
> it to be fixed.

In some scenarios, we use QEMU in emulation mode for such a legacy guest
(16-bit protected mode), but we mostly run it in KVM mode these days. It
works fairly well under QEMU, but also we did not explore all corner cases.

> 
> Note that Qemu doesn't emulate segments properly even for 32-bit x86
> code, and 16-bit (286) code depends on that all the more.  That may be
> the problem.

More precisely: QEMU does not check for segment limits. This can be a
problem with buggy or pedantic guests, but usually one tried to avoid
triggering this anyway. I once wrote a crude patch to add this, but it
had significant performance impact and did not properly make use of the
TCG to optimize the checks. You'll find it in the archives (but I guess
it no longer applies).

> 
> Or it may be the "reset using keyboard controller and BIOS" method
> used to switch from protected mode to real mode on a 286 is not
> implemented properly, or is not supported by the BIOS properly.
> 
> Or it may simply be a bug in 16-bit task segment switching or
> something like that, which is quite complex and so rarely used that it
> might never have been properly tested.

Task switching looks fairly stable in QEMU (in contrast to KVM where we
just ran into some more corner cases).

> 
> Did you try running the application under Bochs, which has a more
> accurate emulation of very old x86 CPUs?
> 
> -- Jamie
> 

That said, having some test case to reproduce the issue is essential.
I'm willing to have a look if you can provide such thing (publicly or
privately). Before that, you could already try building QEMU with
--enable-debug and run it with "-d exec,int". The generated
/tmp/qemu.log may point out where things go wrong (usually where faults
starts to occur).

Jan


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 257 bytes --]

[Qemu-devel] Re: Problem with DOS application and 286 DOS Extender application

[Jamie Lokier]

Jan Kiszka wrote:
> In some scenarios, we use QEMU in emulation mode for such a legacy guest
> (16-bit protected mode), but we mostly run it in KVM mode these days. It
> works fairly well under QEMU, but also we did not explore all corner cases.

I'm glad too see it's alive and well then :-)

> > Or it may be the "reset using keyboard controller and BIOS" method
> > used to switch from protected mode to real mode on a 286 is not
> > implemented properly, or is not supported by the BIOS properly.

I mentioned that because of a discussion just a few months ago about a
BIOS change which might have affected those transitions.

Plus the default BIOS recently got changed from Bochs BIOS to SeaBIOS.

-- Jamie

Re: [Qemu-devel] Problem with DOS application and 286 DOS Extender application

[Gerhard Wiesinger]

On Wed, 14 Apr 2010, Jamie Lokier wrote:

> Gerhard Wiesinger wrote:
>> It is a non public, proprietary application which uses the Ergo Computing
>> 286 DOS Extender. I guess some other application which use the same DOS
>> extender have the same problem. So best thing is to find another
>> application which uses the Ergo Computing 286 DOS Extender, too.
>
> The 286 was obsolete 20 years ago, although code depending on it
> persisted for some years after.
>
> I'm fairly sure the number of people using (or trying to use) Qemu
> with 286-specific code is very small indeed, so unfortunately for a
> 286 problem, you will need to help reproduce it as much as you can for
> it to be fixed.
>
> Note that Qemu doesn't emulate segments properly even for 32-bit x86
> code, and 16-bit (286) code depends on that all the more.  That may be
> the problem.
>
> Or it may be the "reset using keyboard controller and BIOS" method
> used to switch from protected mode to real mode on a 286 is not
> implemented properly, or is not supported by the BIOS properly.
>
> Or it may simply be a bug in 16-bit task segment switching or
> something like that, which is quite complex and so rarely used that it
> might never have been properly tested.
>
> Did you try running the application under Bochs, which has a more
> accurate emulation of very old x86 CPUs?

Yes, Bochs is very slow but works well. Any plans to improve the handling 
of the above issues?

BTW: 386 DOS Extender applications seem to work ok even on QEMU.

Ciao,
Gerhard

Re: [Qemu-devel] Problem with DOS application and 286 DOS Extender application

[Gerhard Wiesinger]

On Wed, 14 Apr 2010, Gerhard Wiesinger wrote:

> On Wed, 14 Apr 2010, Jamie Lokier wrote:
>
>> Gerhard Wiesinger wrote:
>>> It is a non public, proprietary application which uses the Ergo Computing
>>> 286 DOS Extender. I guess some other application which use the same DOS
>>> extender have the same problem. So best thing is to find another
>>> application which uses the Ergo Computing 286 DOS Extender, too.
>> 
>> The 286 was obsolete 20 years ago, although code depending on it
>> persisted for some years after.
>> 
>> I'm fairly sure the number of people using (or trying to use) Qemu
>> with 286-specific code is very small indeed, so unfortunately for a
>> 286 problem, you will need to help reproduce it as much as you can for
>> it to be fixed.
>> 
>> Note that Qemu doesn't emulate segments properly even for 32-bit x86
>> code, and 16-bit (286) code depends on that all the more.  That may be
>> the problem.
>> 
>> Or it may be the "reset using keyboard controller and BIOS" method
>> used to switch from protected mode to real mode on a 286 is not
>> implemented properly, or is not supported by the BIOS properly.
>> 
>> Or it may simply be a bug in 16-bit task segment switching or
>> something like that, which is quite complex and so rarely used that it
>> might never have been properly tested.
>> 
>> Did you try running the application under Bochs, which has a more
>> accurate emulation of very old x86 CPUs?
>
> Yes, Bochs is very slow but works well. Any plans to improve the handling of 
> the above issues?
>
> BTW: 386 DOS Extender applications seem to work ok even on QEMU.
>

OK, 286 and 386 DOS Extender applications seem to work well with qemu-kvm:
git://git.kernel.org/pub/scm/virt/kvm/qemu-kvm.git

There is only a video performance problem left, see my next posts.

Ciao,
Gerhard

--
http://www.wiesinger.com/

[Qemu-devel] Re: Problem with DOS application and 286 DOS Extender application

[Gerhard Wiesinger]

Hello,

After some fortune I found out that also Turbo Debugger 286 doesn't work 
under plain DOS 6.22 (without any memory mananger just pressing F5) or 
with some memory mananagers (HIMEM.SYS, EMM386, QEMM386).

Error message is:
Error 266 loading D:\DIR\TD286.EXE into extended memory.

So it looks like that there is a major issue with extended memory. Any 
ideas how to fix or how to find the problem and fix it?

Version is latest seabios and QEMU from git as of now (own builds).

I'm pretty sure that it is the same reason that the 286 DOS Extender 
application doesn't work.

For full reference of the previously discussed have a look here:
http://www.mail-archive.com/qemu-devel@nongnu.org/msg29518.html
http://www.mail-archive.com/qemu-devel@nongnu.org/msg29465.html

Thnx.

Ciao,
Gerhard

--
http://www.wiesinger.com/


On Wed, 14 Apr 2010, Jan Kiszka wrote:

> Jamie Lokier wrote:
>> Gerhard Wiesinger wrote:
>>> It is a non public, proprietary application which uses the Ergo Computing
>>> 286 DOS Extender. I guess some other application which use the same DOS
>>> extender have the same problem. So best thing is to find another
>>> application which uses the Ergo Computing 286 DOS Extender, too.
>>
>> The 286 was obsolete 20 years ago, although code depending on it
>> persisted for some years after.
>>
>> I'm fairly sure the number of people using (or trying to use) Qemu
>> with 286-specific code is very small indeed, so unfortunately for a
>> 286 problem, you will need to help reproduce it as much as you can for
>> it to be fixed.
>
> In some scenarios, we use QEMU in emulation mode for such a legacy guest
> (16-bit protected mode), but we mostly run it in KVM mode these days. It
> works fairly well under QEMU, but also we did not explore all corner cases.
>
>>
>> Note that Qemu doesn't emulate segments properly even for 32-bit x86
>> code, and 16-bit (286) code depends on that all the more.  That may be
>> the problem.
>
> More precisely: QEMU does not check for segment limits. This can be a
> problem with buggy or pedantic guests, but usually one tried to avoid
> triggering this anyway. I once wrote a crude patch to add this, but it
> had significant performance impact and did not properly make use of the
> TCG to optimize the checks. You'll find it in the archives (but I guess
> it no longer applies).
>
>>
>> Or it may be the "reset using keyboard controller and BIOS" method
>> used to switch from protected mode to real mode on a 286 is not
>> implemented properly, or is not supported by the BIOS properly.
>>
>> Or it may simply be a bug in 16-bit task segment switching or
>> something like that, which is quite complex and so rarely used that it
>> might never have been properly tested.
>
> Task switching looks fairly stable in QEMU (in contrast to KVM where we
> just ran into some more corner cases).
>
>>
>> Did you try running the application under Bochs, which has a more
>> accurate emulation of very old x86 CPUs?
>>
>> -- Jamie
>>
>
> That said, having some test case to reproduce the issue is essential.
> I'm willing to have a look if you can provide such thing (publicly or
> privately). Before that, you could already try building QEMU with
> --enable-debug and run it with "-d exec,int". The generated
> /tmp/qemu.log may point out where things go wrong (usually where faults
> starts to occur).
>
> Jan
>
>

[Qemu-devel] Re: Problem with DOS application and 286 DOS Extender application

[Kevin O'Connor]

On Sun, Feb 13, 2011 at 03:06:44PM +0100, Gerhard Wiesinger wrote:
> Hello,
> 
> After some fortune I found out that also Turbo Debugger 286 doesn't
> work under plain DOS 6.22 (without any memory mananger just pressing
> F5) or with some memory mananagers (HIMEM.SYS, EMM386, QEMM386).
> 
> Error message is:
> Error 266 loading D:\DIR\TD286.EXE into extended memory.
> 
> So it looks like that there is a major issue with extended memory.
> Any ideas how to fix or how to find the problem and fix it?

It would help if you could post the seabios log.  The easiest way to
get at that is to add the following to the qemu command line:

-chardev stdio,id=seabios -device isa-debugcon,iobase=0x402,chardev=seabios

It's also possible to recompile seabios with the debug level
increased to get more info on specific calls.

-Kevin

[Qemu-devel] Re: Problem with DOS application and 286 DOS Extender application

[Kevin O'Connor]

On Sun, Feb 13, 2011 at 03:06:44PM +0100, Gerhard Wiesinger wrote:
> Hello,
> 
> After some fortune I found out that also Turbo Debugger 286 doesn't
> work under plain DOS 6.22 (without any memory mananger just pressing
> F5) or with some memory mananagers (HIMEM.SYS, EMM386, QEMM386).
> 
> Error message is:
> Error 266 loading D:\DIR\TD286.EXE into extended memory.
> 
> So it looks like that there is a major issue with extended memory.
> Any ideas how to fix or how to find the problem and fix it?
> 
> Version is latest seabios and QEMU from git as of now (own builds).

FYI - I took a quick look at this.  It does not appear to be SeaBIOS
related as SeaBIOS under Bochs works fine.  Qemu fails for me as
reported above.  Kvm (AMD) also fails for me with a slightly different
set of error messages (error "269" instead of "266").

I noticed that under Bochs I get this message as it runs (not sure if
it is meaningful):

00383234030i[CPU0 ] TASK SWITCH: switching to the same TSS !

Under qemu, I see a report of a cpu exception during execution of the
command (again, not sure if it is meaningful).  I grabbed the qemu
execution log around the exception if anyone wishes to take a look at
it.

-Kevin


----------------
IN: 
0x0000000000107694:  pop    %cx
0x0000000000107695:  mov    0x5(%si),%al
0x0000000000107698:  and    $0xfd,%al
0x000000000010769a:  mov    %al,0x5(%si)
0x000000000010769d:  xor    %ax,%ax
0x000000000010769f:  mov    %ax,-0x8(%bp)
0x00000000001076a2:  mov    -0x2(%bp),%ax
0x00000000001076a5:  mov    %ax,-0x6(%bp)
0x00000000001076a8:  ltr    %ax
0x00000000001076ab:  push   %cx
0x00000000001076ac:  mov    %ax,%cx
0x00000000001076ae:  call   0x105530

EAX=00000158 EBX=00008000 ECX=00000158 EDX=000041b0
ESI=00000148 EDI=00000278 EBP=00000589 ESP=0000057d
EIP=00002cf0 EFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0028 0001b940 00002f1f 00009300 DPL=0 DS16 [-WA]
CS =0020 00102840 0000ffff 00009a00 DPL=0 CS16 [-R-]
SS =0150 0010b5e0 000005ce 00009300 DPL=0 DS16 [-WA]
DS =0008 0001b440 000003ff 00009300 DPL=0 DS16 [-WA]
FS =0010 0001b940 0000ffff 00009300 DPL=0 DS16 [-WA]
GS =0010 0001b940 0000ffff 00009300 DPL=0 DS16 [-WA]
LDT=0000 00000000 00000000 00008200 DPL=0 LDT
TR =0158 0010bbc0 000005ce 00008100 DPL=0 TSS16-avl
GDT=     0001b440 000003ff
IDT=     00100010 000007ff
CR0=00000013 CR2=00000000 CR3=00000000 CR4=00000000
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
CCS=000000a4 CCD=00000000 CCO=LOGICW  
EFER=0000000000000000
EAX=00000158 EBX=00008000 ECX=00000158 EDX=000041b0
ESI=00000158 EDI=00000278 EBP=00000589 ESP=0000057f
EIP=00004e71 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0028 0001b940 00002f1f 00009300 DPL=0 DS16 [-WA]
CS =0020 00102840 0000ffff 00009a00 DPL=0 CS16 [-R-]
SS =0150 0010b5e0 000005ce 00009300 DPL=0 DS16 [-WA]
DS =0008 0001b440 000003ff 00009300 DPL=0 DS16 [-WA]
FS =0010 0001b940 0000ffff 00009300 DPL=0 DS16 [-WA]
GS =0010 0001b940 0000ffff 00009300 DPL=0 DS16 [-WA]
LDT=0000 00000000 00000000 00008200 DPL=0 LDT
TR =0158 0010bbc0 000005ce 00008100 DPL=0 TSS16-avl
GDT=     0001b440 000003ff
IDT=     00100010 000007ff
CR0=00000013 CR2=00000000 CR3=00000000 CR4=00000000
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
CCS=000000ac CCD=00000158 CCO=SHLW    
EFER=0000000000000000
----------------
IN: 
0x00000000001076b1:  pop    %cx
0x00000000001076b2:  mov    0x5(%si),%al
0x00000000001076b5:  and    $0xfd,%al
0x00000000001076b7:  mov    %al,0x5(%si)
0x00000000001076ba:  ljmp   *-0x8(%bp)

check_exception old: 0xffffffff new 0xa
     0: v=0a e=0160 i=0 cpl=0 IP=0160:0000000000000000 pc=0000000000000000 SP=0168:00000000ffff05c4 EAX=00000000ffff0000
EAX=ffff0000 EBX=ffff0000 ECX=ffff0000 EDX=ffff0000
ESI=ffff0000 EDI=ffff0000 EBP=ffff0000 ESP=ffff05c4
EIP=00000000 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 00000000 00000000 00000000
CS =0160 00000000 00000000 00000000
SS =0168 00000000 00000000 00000000
DS =0170 00000000 00000000 00000000
FS =0000 00000000 00000000 00000000
GS =0000 00000000 00000000 00000000
LDT=0168 0010c1a0 00007fff 00008200 DPL=0 LDT
TR =0158 0010bbc0 000005ce 00008100 DPL=0 TSS16-avl
GDT=     0001b440 000003ff
IDT=     00100010 000007ff
CR0=0000001b CR2=00000000 CR3=00000000 CR4=00000000
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
CCS=00000000 CCD=00000081 CCO=LOGICB  
EFER=0000000000000000
EAX=ffff0000 EBX=ffff0000 ECX=ffff0000 EDX=ffff0000
ESI=ffff0000 EDI=ffff0000 EBP=ffff0000 ESP=ffff05bc
EIP=00003ae8 EFL=00000086 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 00000000 00000000 00000000
CS =0020 00102840 0000ffff 00009a00 DPL=0 CS16 [-R-]
SS =0168 00000000 00000000 00000000
DS =0170 00000000 00000000 00000000
FS =0000 00000000 00000000 00000000
GS =0000 00000000 00000000 00000000
LDT=0168 0010c1a0 00007fff 00008200 DPL=0 LDT
TR =0158 0010bbc0 000005ce 00008100 DPL=0 TSS16-avl
GDT=     0001b440 000003ff
IDT=     00100010 000007ff
CR0=0000001b CR2=00000000 CR3=00000000 CR4=00000000
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
CCS=00000000 CCD=00000081 CCO=LOGICB  
EFER=0000000000000000
----------------
IN: 
0x0000000000106328:  push   %ds
0x0000000000106329:  call   0x107626

EAX=ffff0000 EBX=ffff0000 ECX=ffff0000 EDX=ffff0000
ESI=ffff0000 EDI=ffff0000 EBP=ffff0000 ESP=ffff05b8
EIP=00004de6 EFL=00000086 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 00000000 00000000 00000000
CS =0020 00102840 0000ffff 00009a00 DPL=0 CS16 [-R-]
SS =0168 00000000 00000000 00000000
DS =0170 00000000 00000000 00000000
...