80486 paging protection faults?

Emulation of old PCs, PC hardware, or PC peripherals.

80486 paging protection faults?

Postby superfury » 2018-10-12 @ 08:16

Reading the i486 microprocessor programmer's reference manual chapter 6.6.1.2, it says that protection riles that are faulting on read/write faults(by the R/W bits and CR0 WP bit) trigger a #GP fault? But the 80386 says it's a Page Fault instead(the error code describing a protection fault because the P-bit is set)? Which one is correct? Is it supposed to throw a #GP(0) fault or a #PF(UR1) fault in the protection cases(UR1=U)ser cause bit(0=Supervisor, 1=User), R)eading(0)/writing(1) cause bit, 1(Present bit, always 1 in protection faults))?
superfury
l33t
 
Posts: 2679
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: 80486 paging protection faults?

Postby Stenzek » 2018-10-13 @ 04:35

The wording there does seem a bit confusing. As far as I understand, both should raise #PF, regardless of whether it was a present or access issue.

Section 9.9.14 would seem to agree with that.

(if you think about it, OSes which use page permissions to implement CoW semantics would have to decode the faulting instruction to compute the linear address which faulted if it was #GP, not #PF)
Stenzek
Newbie
 
Posts: 16
Joined: 2017-12-08 @ 08:30

Re: 80486 paging protection faults?

Postby superfury » 2018-10-14 @ 21:44

Oddly enough, currently Windows 95 on UniPCemu crashes immediately after the very first Page fault? The PDE entry points to 0x5000, the PTE is 0. This causes the very first page fault(Windows 95 setup after reboot) to crash Windows? (Various VXDs have already loaded at that point)

Anyone can help me with this? The only faults thrown before the page fault are:
- #GP fault(HIMEM.SYS loading and checking UMA)
- #UD fault on a 80486-only opcode(0F CMPXCHG for 80486 only, #UD on Pentium and up(moved to another opcode on those newer processors) and 80386-(doesn't exist yet)).

The message identifies initializing some "VPICD device" as the cause(Windows Protection Error)?

See: viewtopic.php?f=9&t=62756&p=702836
superfury
l33t
 
Posts: 2679
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: 80486 paging protection faults?

Postby Stenzek » 2018-10-15 @ 14:20

I'm only seeing one invalid opcode during Win95(A) boot, and quite late in the process, at a different address/instruction bytes:

Code: Select all
Invalid opcode at EIP = 0117:0000B927h (0x000140C7)
EAX=00000283 EBX=00000006 ECX=0000003B EDX=000103B2 ESI=00000004 EDI=00000000 ESP=C13C1FEA EBP=00000000
EFLAGS=00000246 ES=010F SS=008F DS=012F FS=0000 GS=0000 CR0=E0000011 CR2=801E9000 CR3=002FD000 TSC=1C846BD8
Decoding failed, bytes at failure point: 0F FF 55 8B EC B3 06 B8 83 02 CD 31 8D 06 54 B9

The first page fault I see is funnily enough in the ET4000 video bios, in V8086 mode:
Code: Select all
[   44.4520] B/CPU_X86::CPU: Page fault at linear address 0x000A0000: Not Present,Write,User Mode
[   54.1414] B/CPU_X86::CPU: Raise exception 14 error code 0x00000006 EIP 0x00002690 address 0x000A0000
EAX=00000003 EBX=00000010 ECX=00000010 EDX=00000100 ESI=00004A31 EDI=00000000 ESP=0000051A EBP=00000010
EFLAGS=00023207 ES=A000 SS=FFFF DS=C000 FS=0000 GS=0000 CR0=E0000011 CR2=000A0000 CR3=002FD000 TSC=E50E336
C000:00002690h (0x000C2690) | F3 A4                          | rep movsb byte ptr ds:[di], byte ptr ds:[si]

The first page fault in actual Windows code is here:
Code: Select all
[  171.1375] B/CPU_X86::CPU: Page fault at linear address 0xC13D0000: Not Present,Write,Supervisor Mode
[  187.3263] B/CPU_X86::CPU: Raise exception 14 error code 0x00000002 EIP 0xC0364288 address 0xC13D0000
EAX=00110000 EBX=00000110 ECX=00000400 EDX=C112E4CC ESI=C13D1000 EDI=C13D0000 ESP=C13ADE14 EBP=000C0400
EFLAGS=00000206 ES=0030 SS=0030 DS=0030 FS=0030 GS=0030 CR0=E0000011 CR2=C13D0000 CR3=002FD000 TSC=1B1BEA6E
0028:C0364288h (0xC0364288) | F3 A5                          | rep movsd dword ptr ds:[edi], dword ptr ds:[esi]


Dunno if that helps at all.. if needed I could dump an instruction trace, but unless you have some idea what you're looking for, it won't be too useful (*huge* files..).
Stenzek
Newbie
 
Posts: 16
Joined: 2017-12-08 @ 08:30

Re: 80486 paging protection faults?

Postby superfury » 2018-10-15 @ 14:26

Well, I know the values of the TR register and CR3 register(along with TSS location). That could be an indicator of the faulting driver during booting(VPICD.VXD according to the fault handler)?

New debugger features I've added to UniPCemu just now can log just said task(old breakpoint method combined with the new TR:TRbase and/or CR3 filters(they can work without the old breakpoint filter as well).

So, the new specs are as follows:
- Debugger always running, don't show, logging when breaking(in other words: only log when the breakpoint matches the instruction to execute).
- CS-only breakpoint at 0028:00000000, protected mode.
- Task breakpoint at 0018:C000AEBC
- CR3 breakpoint at 0x0328000.

Those combined should make it only log the specified task(the breakpoint conditions that are set are ANDed with each other to obtain the breakpoint condition. In this case a logging condition).

Edit: Always nice, those undocumented sign extension issues.... The task register has 1s in it's upper 64-bit half of it's precalculated base thus non-matching for 0x80000000 and up.
Edit: More bugs found: The CR3 breakpoint was overwriting the task breakpoint precalcs instead:S

Edit: Having fixed those bugs(together with some other bugs with the new breakpoint improvements), it's now logging properly. I also improperly set the task breakpoint to 0018:AEBC instead of 0018:C000AEBC. Having entered the correct breakpoint, it's properly triggering and generating a proper log file of the process until it's crashing.

I'm now getting a ~800MB large log file of the process/driver until it's crashing.
superfury
l33t
 
Posts: 2679
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: 80486 paging protection faults?

Postby superfury » 2018-10-15 @ 19:06

I've made two logs of the task running: one with full logging(including interrupts, memory transactions and fault signaling) and one without those.

Simplified log:
https://www.dropbox.com/s/ov919hrtk0n94 ... ng.7z?dl=0

Full log:
https://www.dropbox.com/s/e10veqnxrbzb5 ... og.7z?dl=0

Can you see what's going wrong?

The full log should have the word "fault" at each fault thrown(pf fault=page fault). The simplified log doesn't have those logged.
superfury
l33t
 
Posts: 2679
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: 80486 paging protection faults?

Postby superfury » 2018-10-17 @ 17:03

The conditions seem to have changed with the latest commit:

- CR3: 295000
Edit: Hmmm... Back to 328000 in Normal booting mode(not safe mode). Maybe that was in Safe mode?
superfury
l33t
 
Posts: 2679
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: 80486 paging protection faults?

Postby superfury » 2018-10-17 @ 21:02

I've made a new full log(Normal boot during error boot menu because of previous invalid boot): https://www.dropbox.com/s/tbsvvrxcbmx4o ... 53.7z?dl=0

Anyone can see what's going wrong?

Edit: So far, I've traced back the invalid address to some:
Code: Select all
0028:c022c48a 8D 1C 37 lea ebx,dword ds:[edi+esi*1]   RealRAM(p):001F8496=FF(?); RAM(p):00258496=FF(?); Physical(p):00258496=FF(?); Paged(p):C022C496=FF(?); Normal(p):C022C496=FF(?); RealRAM(p):001F8497=0F(); RAM(p):00258497=0F(); Physical(p):00258497=0F(); Paged(p):C022C497=0F(); Normal(p):C022C497=0F(); RealRAM(p):001F8498=03(); RAM(p):00258498=03(); Physical(p):00258498=03(); Paged(p):C022C498=03(); Normal(p):C022C498=03(); RealRAM(p):001F8499=F8(?); RAM(p):00258499=F8(?); Physical(p):00258499=F8(?); Paged(p):C022C499=F8(?); Normal(p):C022C499=F8(?)
Registers:
EAX: c10cd7f4 EBX: 00000014 ECX: 00100000 EDX: c159f068
ESP: c13a1dc4 EBP: 000c10ce ESI: c10cd7f4 EDI: 00000808
CS: 0028 DS: 0030 ES: 0030 FS: 0030 GS: 0030 SS: 0030 TR: 0018 LDTR: 0000
EIP: c022c48a EFLAGS: 00003002
CR0: 80000001 CR1: 00000000 CR2: 00000000 CR3: 00328000
DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
DR6: 00000000 DR7: 00000000
GDTR: 0000c0046ff001f7 IDTR: 0000c000abbc02ff
FLAGSINFO: 00000000000000vr0n11oditsz0a0p1c
0028:c022c48d 8B 03 mov eax,dword ds:[ebx]   RealRAM(p):001F849A=8B(?); RAM(p):0025849A=8B(?); Physical(p):0025849A=8B(?); Paged(p):C022C49A=8B(?); Normal(p):C022C49A=8B(?); RealRAM(p):001F849B=4B(K); RAM(p):0025849B=4B(K); Physical(p):0025849B=4B(K); Paged(p):C022C49B=4B(K); Normal(p):C022C49B=4B(K); RealRAM(p):001F849C=04(); RAM(p):0025849C=04(); Physical(p):0025849C=04(); Paged(p):C022C49C=04(); Normal(p):C022C49C=04(); RealRAM(r):002DAFFC=02(); RAM(r):0033AFFC=02(); Physical(r):0033AFFC=02(); Paged(r):C10CDFFC=02(); RealRAM(r):002DAFFD=00( ); RAM(r):0033AFFD=00( ); Physical(r):0033AFFD=00( ); Paged(r):C10CDFFD=00( ); RealRAM(r):002DAFFE=00( ); RAM(r):0033AFFE=00( ); Physical(r):0033AFFE=00( ); Paged(r):C10CDFFE=00( ); RealRAM(r):002DAFFF=A0(?); RAM(r):0033AFFF=A0(?); Physical(r):0033AFFF=A0(?); Paged(r):C10CDFFF=A0(?)
Registers:
EAX: c10cd7f4 EBX: c10cdffc ECX: 00100000 EDX: c159f068
superfury
l33t
 
Posts: 2679
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: 80486 paging protection faults?

Postby superfury » 2018-10-18 @ 18:43

After noticing that Doom seems to run correctly(although very slow, at ~1FPS at 20% CPU speed(3MIPS), I've decided to give Simcity 2000 Special Edition(which I still have from long ago, back when I was a child as well as having played it more recent in Dosbox) a try within UniPCemu.

It runs like a charm(8MB RAM, MS-DOS 6.22, ET4000(1MB VRAM), 80386 at 3MIPS(IPS clocking mode))! And the case of the game says it required a 'minimum' of 486-class CPU to run! Ran it on a 80386!!! XD

Hmmmm.... Terminating the application seems to make it hang somehow? It says: "Now leaving Simcity 2000", the cursor being at the start of the row 2 rows ahead, doing nothing it seems.

Just have HIMEM.SYS and CD-ROM(VIDE-CDD) drivers loaded.

971-Simcity startup menu.jpg
Starting up Simcity 2000 Special Edition

972-Amazing city loaded.jpg
Amazing city huh?

973-Amazing city zoomed in.jpg
Zoom time!

974-Destroying stuff.jpg
Destroying stuff

976-Alienating.jpg
Alienating domes out there(disaster activated in the background)
superfury
l33t
 
Posts: 2679
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: 80486 paging protection faults?

Postby superfury » 2018-10-18 @ 18:46

981-Disastering.jpg
Disastering about...

984-Burn baby burn!!!.jpg
Burn, baby, burn!!!

985-Quitting Simcity 2000.jpg
Quitting Simcity...

986-Termination time.jpg
Terminating time? Hanging on #UD?
(9.08 KiB) Not downloaded yet


It seems to try to execute opcode 0F12 on the 80386 CPU(which isn't emulator for either 80286, 80386 or 80486 emulation), so it keeps faulting #UD faults infinitely?
superfury
l33t
 
Posts: 2679
Joined: 2014-3-08 @ 11:25
Location: Netherlands

Re: 80486 paging protection faults?

Postby superfury » 2018-10-23 @ 09:57

Just tried terminating Simcity 2000 on the mobile testbuild(2018/10/20 02:11:55(GMT+02:00)). It returns back to a working MS-DOS prompt? Perhaps an input issue or hardware IRQ issue?
superfury
l33t
 
Posts: 2679
Joined: 2014-3-08 @ 11:25
Location: Netherlands


Return to PC Emulation

Who is online

Users browsing this forum: No registered users and 2 guests