IDT, TSS Selector and TSS in 64bit Mode

lava · Post by **lava** » Fri Jun 07, 2013 11:47 am

I'm porting an OS to 64bit...

Right now i can't find what i did wrong the TSS / TSS Selector or IDT... on the first interrupt the i get a GPF (--> reboot)

The IDT setup looks like this: http://codepad.org/FjWYHXrJ (structure here: http://codepad.org/RZ7Cgb4h )

The TSS looks like this: http://codepad.org/jo8vIdWM
where RSP is set to a stack to use here: http://codepad.org/AfZtkkfH
the address of the TSS is written into the TSS Descriptor...

The GDT looks like this: http://codepad.org/DrFul11g

So... i guess theres something wrong with the TSS or the IDT?

where to start searching?

Griwes · Post by **Griwes** » Fri Jun 07, 2013 12:44 pm

What does Bochs debugger say?

lava · Post by **lava** » Fri Jun 07, 2013 1:37 pm

before the GPF?

regs:

rax: 0x00000000_00000200 rcx: 0xffffffff_800b80a0
rdx: 0x00000000_00000000 rbx: 0xffffffff_8019faf8
rsp: 0xffffffff_8016cf50 rbp: 0xffffffff_8016cf50
rsi: 0x00000000_00000000 rdi: 0xffffffff_80190250
r8 : 0xffffffff_80190674 r9 : 0x00000000_00000002
r10: 0x00000000_00000000 r11: 0x00000000_00000000
r12: 0xffffffff_8019faa0 r13: 0x00000000_00000000
r14: 0x00000000_00000000 r15: 0x00000000_00000000
rip: 0xffffffff_80110d83
eflags 0x00000246: id vip vif ac vm rf nt IOPL=0 of df IF tf sf ZF af PF cf

so.... nt is not set...

Interrupt Descriptor Table (base=0xffffffff8019e920, limit=4095):
IDT[0x00]=64-Bit Interrupt Gate target=0x0030:ffffffff8011f332, DPL=0
IDT[0x01]=64-Bit Interrupt Gate target=0x0030:ffffffff8011f34f, DPL=0
[...]
IDT[0xff]=64-Bit Interrupt Gate target=0x0030:ffffffff80121002, DPL=0

GDT[0x00]=??? descriptor hi=0x00000000, lo=0x00000000
GDT[0x01]=??? descriptor hi=0x00000000, lo=0x00000000
GDT[0x02]=Data segment, base=0x00000000, limit=0x00000fff, Read/Write, Accessed
GDT[0x03]=??? descriptor hi=0x00000000, lo=0x00000000
GDT[0x04]=Code segment, base=0x00000000, limit=0x00000fff, Execute/Read, Non-Conforming, Accessed, 64-bit
GDT[0x05]=??? descriptor hi=0x00000000, lo=0x00000000
GDT[0x06]=Data segment, base=0x00000000, limit=0x00000fff, Read/Write
GDT[0x07]=??? descriptor hi=0x00000000, lo=0x00000000
GDT[0x08]=Code segment, base=0x00000000, limit=0x00000fff, Execute/Read, Non-Conforming, 64-bit
GDT[0x09]=??? descriptor hi=0x00000000, lo=0x00000000
GDT[0x0a]=32-Bit TSS (Busy) at 0x0016200a, length 0x0ffff
GDT[0x0b]=??? descriptor hi=0x00000000, lo=0xffffffff

but qemu says it is 64-bit tss available!

<bochs:13> info tss
tr:s=0x50, base=0xffffffff0016200a, valid=1
bx_dbg_info_tss_command: failed to get physical address for TSS.BASE !<bochs:14>

so i guess bochs does not like 64bits?

Combuster · Post by **Combuster** » Fri Jun 07, 2013 3:04 pm

i guess bochs does not like 64bits?

You blamed a tool? BLASPHEMY!

Seriously. The address you filled in for the TSS is 2GB away from all your other addresses, it's not likely to be right.

lava · Post by **lava** » Sat Jun 08, 2013 5:43 am

ah thanks for the hint

i fixed this in the wrong direction when trying around yesterday....

now it looks like this:

<bochs:2> info gdt
Global Descriptor Table (base=0xffffffff80160000, limit=95):
GDT[0x00]=??? descriptor hi=0x00000000, lo=0x00000000
GDT[0x01]=??? descriptor hi=0x00000000, lo=0x00000000
GDT[0x02]=Data segment, base=0x00000000, limit=0x00000fff, Read/Write, Accessed
GDT[0x03]=??? descriptor hi=0x00000000, lo=0x00000000
GDT[0x04]=Code segment, base=0x00000000, limit=0x00000fff, Execute/Read, Non-Conforming, Accessed, 64-bit
GDT[0x05]=??? descriptor hi=0x00000000, lo=0x00000000
GDT[0x06]=Data segment, base=0x00000000, limit=0x00000fff, Read/Write
GDT[0x07]=??? descriptor hi=0x00000000, lo=0x00000000
GDT[0x08]=Code segment, base=0x00000000, limit=0x00000fff, Execute/Read, Non-Conforming, 64-bit
GDT[0x09]=??? descriptor hi=0x00000000, lo=0x00000000
GDT[0x0a]=32-Bit TSS (Busy) at 0x8016200a, length 0x0ffff
GDT[0x0b]=??? descriptor hi=0x00000000, lo=0xffffffff
<bochs:3> info tss
tr:s=0x50, base=0xffffffff8016200a, valid=1
ss:esp(0): 0xffff:0x0016d000
ss:esp(1): 0x0000:0x00000000
ss:esp(2): 0x0000:0x00000000
cr3: 0x0016d000
eip: 0xffffffff
eflags: 0x00000000
cs: 0x0000 ds: 0x0000 ss: 0x0000
es: 0x0000 fs: 0x0000 gs: 0x0000
eax: 0x00000000 ebx: 0x00000000 ecx: 0x00000000 edx: 0x00000000
esi: 0x00000000 edi: 0x00000000 ebp: 0x00000000 esp: 0x00000000
ldt: 0x0000
i/o map: 0x0000

now base is correct... but still it does not work...

qemu still says:

TR =0050 ffffffff8016200a 0fffffff 00808900 DPL=0 TSS64-avl

tiger717 · Post by **tiger717** » Mon Jun 10, 2013 7:42 am

There are some changes regarding the TSS in amd64 which might cause this problem. I suggest you to read the amd64 manual, volume 2, page 251 (299 in PDF).

lava · Post by **lava** » Mon Jun 17, 2013 5:16 pm

thx, i definitely made a mistake there... you may not write 0 into the ist field of a (interrupt) descriptor in IA32e mode on the one hand, on the other i did not want to use the legacy task switching mechanism anyway... so now i wrote a 1 there so the first ist should be used...

but that changed nothing so far :\

i think i'm missing the i/o permission bit map... i had none in IA32 mode, so i'm not sure whether i really need a permission bit map? but it's worth a try

lava · Post by **lava** » Tue Jun 18, 2013 11:17 am

got it...

bochs debug: action=report helped...

the problem was that the stack address in IST1 was wrong (off by 2GiB)

OSDev.org

IDT, TSS Selector and TSS in 64bit Mode

IDT, TSS Selector and TSS in 64bit Mode

Re: IDT, TSS Selector and TSS in 64bit Mode

Re: IDT, TSS Selector and TSS in 64bit Mode

Re: IDT, TSS Selector and TSS in 64bit Mode

Re: IDT, TSS Selector and TSS in 64bit Mode

Re: IDT, TSS Selector and TSS in 64bit Mode

Re: IDT, TSS Selector and TSS in 64bit Mode

Re: IDT, TSS Selector and TSS in 64bit Mode