Brendan wrote:
Hi,
If HLT or CLI causes a general protection fault; then IOPL must be (numerically) less than CPL (and it'd be safe to assume CPL=3 and IOPL=0).
That implies that the problem must be either:
- the IO permission bitmap in the TSS or the GDT entry for the TSS (e.g. the TSS is right but the GDT entry points to something else)
- a buggy emulator
- a buggy test (e.g. thinking you're using an IO port but the instruction is overwritten and/or not executed)
For probabilities, I'd assume that the first possibility is the most likely.
Cheers,
Brendan
Thanks. Does the GDT entry for the TSS has a base for IO permission bitmap also?
And, these are some register dumps if helps.
This is info tss output from Bochs debugger:
Quote:
tr:s=0x2b, base=0x000000000011c060, valid=1
ss:esp(0): 0x0010:0x0019c008
ss:esp(1): 0x0000:0x00000000
ss:esp(2): 0x0000:0x00000000
cr3: 0x00000000
eip: 0x00000000
eflags: 0x00000000
cs: 0x000b ds: 0x0013 ss: 0x0013
es: 0x0013 fs: 0x0013 gs: 0x0013
eax: 0x00000000 ebx: 0x00000000 ecx: 0x00000000 edx: 0x00000000
esi: 0x00000000 edi: 0x00000000 ebp: 0x00000000 esp: 0x00000000
ldt: 0x0000
i/o map: 0x0068
This is CPU0 output:
Quote:
rax: 00000000_00000034 rcx: 00000000_0019cdc4
rdx: 00000000_00000014 rbx: 00000000_00000000
rsp: 00000000_0019d004 rbp: 00000000_0019d010
rsi: 00000000_00000000 rdi: 00000000_00000000
r8 : 00000000_00000000 r9 : 00000000_00000000
r10: 00000000_00000000 r11: 00000000_00000000
r12: 00000000_00000000 r13: 00000000_00000000
r14: 00000000_00000000 r15: 00000000_00000000
rip: 00000000_00103a64
eflags 0x00200202: ID vip vif ac vm rf nt IOPL=0 of df IF tf sf zf af pf cf
This is sreg output:
Quote:
es:0x0023, dh=0x00cff300, dl=0x0000ffff, valid=1
Data segment, base=0x00000000, limit=0xffffffff, Read/Write, Accessed
cs:0x001b, dh=0x00cffb00, dl=0x0000ffff, valid=1
Code segment, base=0x00000000, limit=0xffffffff, Execute/Read, Non-Conforming, Accessed, 32-bit
ss:0x0023, dh=0x00cff300, dl=0x0000ffff, valid=1
Data segment, base=0x00000000, limit=0xffffffff, Read/Write, Accessed
ds:0x0023, dh=0x00cff300, dl=0x0000ffff, valid=1
Data segment, base=0x00000000, limit=0xffffffff, Read/Write, Accessed
fs:0x0023, dh=0x00cff300, dl=0x0000ffff, valid=1
Data segment, base=0x00000000, limit=0xffffffff, Read/Write, Accessed
gs:0x0023, dh=0x00cff300, dl=0x0000ffff, valid=1
Data segment, base=0x00000000, limit=0xffffffff, Read/Write, Accessed
ldtr:0x0000, dh=0x00008200, dl=0x0000ffff, valid=1
tr:0x002b, dh=0x0001eb11, dl=0xc060c0c8, valid=1
gdtr:base=0x000000000011c020, limit=0x2f
idtr:base=0x000000000011c0e0, limit=0x7ff
And this is creg output:
Quote:
CR0=0xe0000011: PG CD NW ac wp ne ET ts em mp PE
CR2=page fault laddr=0x0000000000000000
CR3=0x000000122000
PCD=page-level cache disable=0
PWT=page-level write-through=0
CR4=0x00000000: smap smep osxsave pcid fsgsbase smx vmx osxmmexcpt osfxsr pce pge mce pae pse de tsd pvi vme
CR8: 0x0
Thanks in advance.