Re: [Qemu-discuss] Experimenting with x86 real mode code in qemu

qemu-discuss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-discuss] Experimenting with x86 real mode code in qemu

From:	Jay Aurabind
Subject:	Re: [Qemu-discuss] Experimenting with x86 real mode code in qemu
Date:	Tue, 8 Dec 2015 18:55:17 +0530

Thank you for you response Jakob. Please see my inline replies

On 7 December 2015 at 21:18, Jakob Bohm <address@hidden> wrote:
> On 07/12/2015 16:17, Jay Aurabind wrote:
>>
>> Hello Everyone,
>>
>> I am doing an experiment to emulate x86 real mode in qemu so as to
>> study assembly programming in GNU assembler. My current status is that
>> qemu exits with the error:
>>
>> qemu: fatal: Trying to execute code outside RAM or ROM at 0x000a0000
>>
>> Please help me get my expt working. Coming to the details, my simple
>> source files:
>>
>> startup.S:
>> ======================
>> .globl start
>> .text
>> .code16gcc
>>
>> start:
>>      jmp main
>> ======================
>>
>> main.S
>> ======================
>> .globl main
>> .text
>> .code16gcc
>> main:   mov     $1, %ax
>>          mov     $1, %di
>>          mov     $1, %si
>>          mov     $1, %dx
>>      cli
>>      hlt
>> ======================
>>
>> Linker script: As x86 has the hard coded value 0xFFFF0 for the address
>> of first execution, I am putting my startup script which calls the
>> main function at 0xFFFF0:
>>
>> ======================
>> OUTPUT(binary);
>> ENTRY(start);
>> SECTIONS
>> {
>>      .text : { *(.text) }
>>      .data : { *(.data) }
>>      .bss : { *(.bss COMMON) }
>>      . = 0xFFFF0;
>>      .startup . : { startup.o (.text)}
>> }
>>
>> =======================
>>
>> My make output:
>>
>> ===========================
>> cc -nostdinc -nostdlib -ffreestanding -nostartfiles -nodefaultlibs
>> -mno-red-zone -c startup.S -o startup.o
>> cc -nostdinc -nostdlib -ffreestanding -nostartfiles -nodefaultlibs
>> -mno-red-zone -c main.S -o main.o
>> ld -T link.ld startup.o main.o -o bin
>> ===========================
>>
>> Later creating flash image:
>> ========================================
>> dd if=/dev/zero of=flash.bin bs=4096 count=1024
>> dd if=bin of=flash.bin bs=4096 conv=notrunc
>> ========================================
>>
>> And finally starting qemu:
>> ================================
>> qemu-system-i386  -pflash flash.bin -nographic
>> =================================
>>
>> That fails with the error mentioned I already mentioned :
>> =====================================================
>> WARNING: Image format was not specified for 'flash.bin' and probing
>> guessed raw.
>>           Automatically detecting the format is dangerous for raw
>> images, write operations on block 0 will be restricted.
>>           Specify the 'raw' format explicitly to remove the restrictions.
>> qemu: fatal: Trying to execute code outside RAM or ROM at 0x000a0000
>>
>> EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000663
>> ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
>> EIP=000afff2 EFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
>> ES =0000 00000000 0000ffff 00009300
>> CS =f000 ffff0000 0000ffff 00009b00
>> SS =0000 00000000 0000ffff 00009300
>> DS =0000 00000000 0000ffff 00009300
>> FS =0000 00000000 0000ffff 00009300
>> GS =0000 00000000 0000ffff 00009300
>> LDT=0000 00000000 0000ffff 00008200
>> TR =0000 00000000 0000ffff 00008b00
>> GDT=     00000000 0000ffff
>> IDT=     00000000 0000ffff
>> CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
>> DR0=00000000 DR1=00000000 DR2=00000000 DR3=00000000
>> DR6=ffff0ff0 DR7=00000400
>> CCS=00000000 CCD=00000000 CCO=ADDB
>> EFER=0000000000000000
>> FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
>> FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
>> FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
>> FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
>> FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
>> XMM00=00000000000000000000000000000000
>> XMM01=00000000000000000000000000000000
>> XMM02=00000000000000000000000000000000
>> XMM03=00000000000000000000000000000000
>> XMM04=00000000000000000000000000000000
>> XMM05=00000000000000000000000000000000
>> XMM06=00000000000000000000000000000000
>> XMM07=00000000000000000000000000000000
>>
>> =======================================================
>>
>> Please let me know what I missed.
>>
>> Thanking in Advance!
>>
>> Aurabindo
>
> Hard to tell from your data, but what exactly are you
> putting at 0xFFFF0 == FFFF:0000 == F000:0000 ?
>

I am be beginnner at making linker scripts. I intended to put a jmp
instruction at 0XFFFF0:

OUTPUT(binary);
ENTRY(start);
SECTIONS
{
    .text : { *(.text) }
    .data : { *(.data) }
    .bss : { *(.bss COMMON) }
    . = 0xFFFF0;
    .startup . : { startup.o (.text)}
}

I am not quite sure if I should put ENTRY(start)

> And where are you trying to place your code?
>

Rest of the code I hope should be covered by the first .text section ?
I think code from start section will also be included. Even if that
gets included, it is supposed to work I believe.

> And how do you expect the use of arm/mips style flash
> options to apply to an emulator which tries to emulate
> the PC hardware architecture, where (amongst many other
> things):
>

I do not know the internals of qemu, but in the absense of any other
media, if I provide pflash, I hoped that qemu would make that media
the first place where it will look for startup code.

> Addresses from 0xF0000 to 0xFFFFF (and possibly more)
>    are reserved for the "BIOS" bootstrap ROM (such as
>    SeaBIOS)

So it seems consistent with my intention of putting startup code at 0xFFFF0 ?

> Addresses from 0xC8000 to 0xEFFFF are reserved for
>    additional memory mappad hardware, such as older
>    network cards
> Addresses from 0xC0000 to 0xC7FFF (and possibly more)
>    are reserved for the "plug-in BIOS" on the graphics
>    card
> Addresses from 0xA0000 to 0xBFFFF are reserved for
>    memory mapping part/all of the memory on the graphics
>    card.
> Addresses from (variable) to 0x9FFFF is RAM but reserved
>    for supplemental BIOS variables.
> Addresses from 0x00600 to (variable) is RAM available to
>    the OS (such as freeDOS or your own bare metal program)
> Addresses from 0x00500 to 0x005FF is RAM but may be
>    reserved
> Addresses from 0x00400 to 0x004FF is RAM and holds public
>    BIOS variables, including one saying where the
>    available RAM ends.
> Addresses from 0x00000 to 0x003FF is RAM and holds the
>   interrupt/exception handler table.
>

Is there a difference with qemu's operation its i386 being emulated
and i have only specified only pflash? The default seabios is also
active  in my case?

>
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
>

--

Thanks and Regards,
Aurabindo


-- 

Thanks and Regards,
Aurabindo J

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-discuss] Experimenting with x86 real mode code in qemu, Jay Aurabind, 2015/12/07
- Re: [Qemu-discuss] Experimenting with x86 real mode code in qemu, Jakob Bohm, 2015/12/07
  - Re: [Qemu-discuss] Experimenting with x86 real mode code in qemu, Jay Aurabind <=
    - Re: [Qemu-discuss] Experimenting with x86 real mode code in qemu, Bodo Eggert, 2015/12/08

Prev by Date: [Qemu-discuss] live migration on shared storage
Next by Date: Re: [Qemu-discuss] Experimenting with x86 real mode code in qemu
Previous by thread: Re: [Qemu-discuss] Experimenting with x86 real mode code in qemu
Next by thread: Re: [Qemu-discuss] Experimenting with x86 real mode code in qemu
Index(es):
- Date
- Thread