Page 1 of 2

Chapter 23 Demo Release

Posted: Sun Oct 31, 2010 2:41 am
by Mike
Hello everyone,

Chapter 23 of the OSDev Series has been updated with some additional content and demo release. I apologize for the delay. The next chapter we will be modifying and expanding on the demo provided in this chapter while we support a user mode<>kernel mode single tasking in Chapter 24.

Re: Chapter 23 Demo Release

Posted: Sun Oct 31, 2010 11:11 pm
by pathos
Hooray! Thanks!!

Re: Chapter 23 Demo Release

Posted: Mon Nov 01, 2010 2:17 pm
by HeinanXP
The real question is, when the update for chapter 22 will be released??

Re: Chapter 23 Demo Release

Posted: Tue Nov 02, 2010 5:33 am
by Mike
Hello,

The updates for Chapter 22 (and actually Chapter 23) should be this weekend. The updates are the same as with the previous demo updates however does take a bit of time to complete.

Re: Chapter 23 Demo Release

Posted: Tue Nov 02, 2010 12:09 pm
by Insightsoft
Hi Mike,

About chapter 23:
user command causes a page fault.
I'm trying to discovery the motive...

Thanks

Re: Chapter 23 Demo Release

Posted: Wed Nov 03, 2010 12:31 am
by Mike
Hello,

Chapter 23 was based off of the Chapter 22 demo, both of which are in need of the bug fix update. Because these are the last two chapters in need for this update at this time, they should be updated this weekend. I suspect this might be the cause of the page fault, which appears in certain emulators (not all).

Re: Chapter 23 Demo Release

Posted: Wed Nov 03, 2010 8:14 am
by Insightsoft
...before diving into code there is a doubt.
At the moment of TSS register... should not be sizeof(tss_entry)-1 instead of base+sizeof(tss_entry)?(...at transfers, the system will pick up that struct and fill the the entire cpu context?)

Re: Chapter 23 Demo Release

Posted: Fri Nov 05, 2010 9:21 pm
by Insightsoft
last question was that so bad?

any way... it crash here (iret instruction):
(goto user land procedure)

Code: Select all

(0) [0x00101378] 0008:00000000c0001378 (unk. ctxt): cli                       ; fa
(0) [0x00101379] 0008:00000000c0001379 (unk. ctxt): mov ax, 0x0023            ; 66b82300
(0) [0x0010137d] 0008:00000000c000137d (unk. ctxt): mov ds, ax                ; 668ed8
(0) [0x00101380] 0008:00000000c0001380 (unk. ctxt): mov es, ax                ; 668ec0
(0) [0x00101383] 0008:00000000c0001383 (unk. ctxt): mov fs, ax                ; 668ee0
(0) [0x00101386] 0008:00000000c0001386 (unk. ctxt): mov gs, ax                ; 668ee8
(0) [0x00101389] 0008:00000000c0001389 (unk. ctxt): push 0x00000023           ; 6a23
(0) [0x0010138b] 0008:00000000c000138b (unk. ctxt): push esp                  ; 54
(0) [0x0010138c] 0008:00000000c000138c (unk. ctxt): pushfd                    ; 9c
(0) [0x0010138d] 0008:00000000c000138d (unk. ctxt): pop eax                   ; 58
(0) [0x0010138e] 0008:00000000c000138e (unk. ctxt): or eax, 0x00000200        ; 0d00020000
(0) [0x00101393] 0008:00000000c0001393 (unk. ctxt): push eax                  ; 50
(0) [0x00101394] 0008:00000000c0001394 (unk. ctxt): push 0x0000001b           ; 6a1b
(0) [0x00101396] 0008:00000000c0001396 (unk. ctxt): lea eax, dword ptr ds:0xc000139e ; 8d059e1300c0
(0) [0x0010139c] 0008:00000000c000139c (unk. ctxt): push eax                  ; 50
(0) [0x0010139d] 0008:00000000c000139d (unk. ctxt): iretd                     ; cf
registers context (before iret)

Code: Select all

rax: 0x00000000:c000139e rcx: 0x00000000:00008f1c
rdx: 0x00000000:c0008bc0 rbx: 0x00000000:00000001
rsp: 0x00000000:00008f00 rbp: 0x00000000:00008f14
rsi: 0x00000000:00008fd4 rdi: 0x00000000:00000090
r8 : 0x00000000:00000000 r9 : 0x00000000:00000000
r10: 0x00000000:00000000 r11: 0x00000000:00000000
r12: 0x00000000:00000000 r13: 0x00000000:00000000
r14: 0x00000000:00000000 r15: 0x00000000:00000000
rip: 0x00000000:c000139d
eflags 0x00000002: id vip vif ac vm rf nt IOPL=0 of df if tf sf zf af pf cf
segments context (before iret)

Code: Select all

es:0x0023, dh=0x00cff300, dl=0x0000ffff, valid=1		Data segment, base=0x00000000, limit=0xffffffff, Read/Write, Accessed
cs:0x0008, dh=0x00cf9b00, dl=0x0000ffff, valid=1		Code segment, base=0x00000000, limit=0xffffffff, Execute/Read, Accessed, 32-bit
ss:0x0010, dh=0x00cf9300, dl=0x0000ffff, valid=7		Data segment, base=0x00000000, limit=0xffffffff, Read/Write, Accessed
ds:0x0023, dh=0x00cff300, dl=0x0000ffff, valid=1		Data segment, base=0x00000000, limit=0xffffffff, Read/Write, Accessed
fs:0x0023, dh=0x00cff300, dl=0x0000ffff, valid=1		Data segment, base=0x00000000, limit=0xffffffff, Read/Write, Accessed
gs:0x0023, dh=0x00cff300, dl=0x0000ffff, valid=1		Data segment, base=0x00000000, limit=0xffffffff, Read/Write, Accessed
ldtr:0x0000, dh=0x00008200, dl=0x0000ffff, valid=1		
tr:0x002b, dh=0xc000eb00, dl=0x95d89640, valid=1
gdtr:base=0x00000000c0008d6e, limit=0x2f
idtr:base=0x00000000c0008da4, limit=0x7ff

Code: Select all

.show gdt
   Idx  BaseHI  BaseLO  BaseMid Flags   Grand   Limit
   0    0       0       0       0       0       0
   1    0       0       0       9B      CF      FFFF
   2    0       0       0       92      CF      FFFF
   3    0       0       0       FA      CF      FFFF
   4    0       0       0       F2      CF      FFFF
   5    C0      95D8    0       EB      0       9640

.show idt index
  Enter the IDT index > 128
  Idx   BaseHI  BaseLO  Flag    Reserved        Sel
   128  C000    2330    EE      0               8

any clue?

Re: Chapter 23 Demo Release

Posted: Sat Nov 06, 2010 5:14 pm
by Insightsoft

Code: Select all

a) [0x001022bf] 0008:00000000c00022bf (unk. ctxt): push 0x0000001b           ; 6a1b
b) [0x001022c1] 0008:00000000c00022c1 (unk. ctxt): lea eax, dword ptr ds:0xc00022c9 ; 8d05c92200c0
c) [0x001022c7] 0008:00000000c00022c7 (unk. ctxt): push eax                  ; 50
d) [0x001022c8] 0008:00000000c00022c8 (unk. ctxt): iretd                     ; cf
e) [0x001022c9] 001b:00000000c00022c9 (unk. ctxt): add esp, 0x00000004       ; 83c404
f) [0x00100690] 0008:00000000c0000690 (unk. ctxt): push ebp                  ; 55 ----------------------------------------------------CS:8 (error handler)
I notice that it really goes to the user environment (as you can see at line e)...
(CS gets 1B and EIP gets the effective address of label a)

... But, any instructions found there, invokes the page fault error

Re: Chapter 23 Demo Release

Posted: Sun Nov 07, 2010 12:20 pm
by Insightsoft
I believe I found what I think is the problem.
Since the "_mmngr_used_blocks" and "_mmngr_max_blocks" is pointing to the same value, it never reaches the code that sets the pages flags property (I86_PTE_USER)!

More, I thing that pmmngr_init should appear before vmmngr_initialize to set values to the variables used in vmmngr_initialize...

That is the problem to the "user land" page fault... Lets remember that pages for the kernel remains mapped to "kernel mode-access only" (from loader) (or 3)...


(cracking the system: I changed the Loader to ORing by 7d and all works perfect... but, of course isn't the correct solution, since the kernel should run on protected environment)



let me knows, please....

Re: Chapter 23 Demo Release

Posted: Sun Nov 07, 2010 4:51 pm
by Mike
Hello,
Insightsoft wrote:More, I thing that pmmngr_init should appear before vmmngr_initialize to set values to the variables used in vmmngr_initialize...
The above is related to the bug fix update mentioned earlier. The bug fix involves some additions to the vmmgr and the above (pmmngr_init should be first) that should resolve the portability issues.

An easy way to apply the update is to copy an updated demo's vmmngr.cpp/h and paste it over this demos vmmngr.cpp/h and apply the above change moving the vmmngr_init call right after initializing the pmm. I do not believe there are additional changes that are needed for this patch.
That is the problem to the "user land" page fault... Lets remember that pages for the kernel remains mapped to "kernel mode-access only" (from loader) (or 3)
This is the usual case, yes. However this demo sets the I86_PTE_USER bit for kernel pages allowing user mode software this for simplicity. This allows the user mode software the capability of calling kernel functions in this demo without needing to go through system API. The vulnerability of the above is discussed in the chapter and can be rectified once a loader is in place (next chapter).

This also means that, after applying the above patch, you will need to update vmmngr.cpp to set the I86_PTE_USER bits for the page directory and page tables.

Re: Chapter 23 Demo Release

Posted: Thu Nov 11, 2010 5:23 am
by Insightsoft
Thanks Mike,

I remember few months ago (maybe last year) , you was talking about making some changes to some demos to cover also Microsoft Virtual PC...
Where can I get specification about, for example, Bochs and MSVPC??
(For me, when something runs in A and doesn't in B: I'm really in trouble!)

About chapter 23. It runs in Bochs but doesn't run in MSVPC... I'm stuck! (I wish be able to fix this kind of problem)

Re: Chapter 23 Demo Release

Posted: Thu Nov 11, 2010 9:29 pm
by Mike
Hello,
Where can I get specification about, for example, Bochs and MSVPC?
The source code of Bochs can be obtained online as well as documentation. VirtualPC, however, does not provide technical information (disregarding the processor fault code). This is do to VPC not being an emulator.
About chapter 23. It runs in Bochs but doesn't run in MSVPC
Please note that the demo provided has been tested in VPC and Bochs. If it fails in VPC, there are a couple of steps that can be taken to find the problem:

-In goto_user(), comment out the int 0x80 call and test. If it works, the system API is probably at fault;
-If it still fails, it might be crashing on entry to user mode. This can be a #PF or #GPF. The exception code provided by VPC will help in determining what the cause is.
At the moment of TSS register... should not be sizeof(tss_entry)-1 instead of base+sizeof(tss_entry)?
You are correct there-that looks like an error. The demo, and Chapter 22's demo are planned for the memory management update this weekend, so this error should be corrected by then.

Re: Chapter 23 Demo Release

Posted: Thu Nov 25, 2010 7:23 pm
by HeinanXP
What about the Chapter 22 Demo Update?

Re: Chapter 23 Demo Release

Posted: Fri Nov 26, 2010 2:40 pm
by Insightsoft
Hi...

Mike,

...the loader crash at:

Code: Select all

mov    	ebx, 0												; 0x0000
mov		ebp, IMAGE_RMODE_BASE							; 0x3000
mov 	esi, ImageName										; File to load
call	LoadFile												; load our file
	|
	|
...
.LOAD_IMAGE:											; load the cluster
	mov		ax, WORD [cluster]							; cluster to read
	pop		es											; bx:bp=es:bx
	pop		bx
	call		ClusterLBA
	xor		cx, cx
	mov		cl, BYTE [bpbSectorsPerCluster]
	call		ReadSectors (crash here)
	|
	|	
	call    LBACHS                              ; convert starting sector to CHS
	mov     ah, 0x02                            ; BIOS read sector
	mov     al, 0x01                            ; read one sector
	mov     ch, BYTE [absoluteTrack]            ; track
	mov     cl, BYTE [absoluteSector]           ; sector
	mov     dh, BYTE [absoluteHead]             ; head
	mov     dl, BYTE [bsDriveNumber]            ; drive
	int     0x13                                ; invoke BIOS-------------------------------------------------<b>(crash here)</b>

Q: When?
A: When the ECX > 103 (in LoadFile)

Code: Select all

...
pop		ecx
inc		ecx
...

if ecx > 103 then, at "call ReadSectors", inside "int 0x13" it crash...
Here is the registers values, before the int 13

Code: Select all

ah=02	service
al=01	number of sectors to read
ch=0a	track or cylinder
cl=05	sector id to read
dh=01	head
dl=00	a:

ES:BX		0000:FE00
the result in bochs is:

Code: Select all

00022741396i[FDD  ] controller reset in software
00022746580i[CPU0 ] BOUND_GdMa: fails bounds test
00022746582i[CPU0 ] BOUND_GdMa: fails bounds test
00022746584i[CPU0 ] BOUND_GdMa: fails bounds test
00022746586i[CPU0 ] BOUND_GdMa: fails bounds test
00022746588i[CPU0 ] BOUND_GdMa: fails bounds test
00022746590i[CPU0 ] BOUND_GdMa: fails bounds test
00022746592i[CPU0 ] BOUND_GdMa: fails bounds test
keep running...
It seams to me that the problem is our buffer (0000:FE00)