Changeset 59984 in vbox

Timestamp:

Mar 11, 2016 12:56:10 AM (9 years ago)

Author:

vboxsync

Message:

bs3kit: Updates.

Location:

trunk/src/VBox/ValidationKit/bootsectors

Files:

• Config.kmk (modified) (2 diffs)
• bs3-cpu-basic-2-template.mac (modified) (1 diff)
• bs3kit/Makefile.kmk (modified) (2 diffs)
• bs3kit/bs3-c16-Trap16Generic.asm (copied) (copied from trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-c32-Trap32Generic.asm ) (14 diffs)
• bs3kit/bs3-c32-Trap32Generic.asm (modified) (3 diffs)
• bs3kit/bs3-cmn-PrintChr.asm (modified) (1 diff)
• bs3kit/bs3-cmn-SwitchTo16BitV86.asm (modified) (2 diffs)
• bs3kit/bs3-cmn-Trap16Init.c (copied) (copied from trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-cmn-Trap32Init.c ) (4 diffs)
• bs3kit/bs3-cmn-Trap32Init.c (modified) (2 diffs)
• bs3kit/bs3-mode-SwitchToPE16_V86.asm (modified) (1 diff)
• bs3kit/bs3-mode-TestDoModes.c (modified) (3 diffs)
• bs3kit/bs3-mode-TestDoModesHlp.asm (modified) (1 diff)
• bs3kit/bs3-mode-TrapSystemCallHandler.asm (modified) (2 diffs)
• bs3kit/bs3-rm-InitAll.c (modified) (1 diff)
• bs3kit/bs3kit-docs.c (modified) (3 diffs)
• bs3kit/bs3kit.h (modified) (1 diff)

trunk/src/VBox/ValidationKit/bootsectors/Config.kmk

@@ -314 +314 @@
 #       -wx                    Maxium warning level.
 #       -zl                    Don't emit default library information.
+#       -zdp                   DS pegged to BS3DATA16_GROUP.
 #       -zu                    Assume SS != DS.
 #       -mc                    Compact memory model, far data, small code.
@@ -342 +343 @@
 TEMPLATE_VBoxBS3KitImg_CXXTOOL      = Bs3Ow16
 TEMPLATE_VBoxBS3KitImg_CFLAGS       = \
-        -nt=BS3TEXT16 -nd=BS3DATA16 -nc=BS3CODE16 -ecw -q -0 -wx -zl -zu -mc $(BS3_OW_DBG_OPT) -d1 -s -oa -ob -of -oi -ol -or -os
+        -nt=BS3TEXT16 -nd=BS3DATA16 -nc=BS3CODE16 -ecw -q -0 -wx -zl -zdp -zu -mc $(BS3_OW_DBG_OPT) -d1 -s -oa -ob -of -oi -ol -or -os
 TEMPLATE_VBoxBS3KitImg_CXXFLAGS     = \
-        -nt=BS3TEXT16 -nd=BS3DATA16 -nc=BS3CODE16 -ecw -q -0 -wx -zl -zu -mc $(BS3_OW_DBG_OPT) -d1 -s -oa -ob -of -oi -ol -or -os
+        -nt=BS3TEXT16 -nd=BS3DATA16 -nc=BS3CODE16 -ecw -q -0 -wx -zl -zdp -zu -mc $(BS3_OW_DBG_OPT) -d1 -s -oa -ob -of -oi -ol -or -os
 TEMPLATE_VBoxBS3KitImg_INCS         = $(VBOX_PATH_BS3KIT_SRC) .
 TEMPLATE_VBoxBS3KitImg_LDTOOL       = OPENWATCOM-WL

trunk/src/VBox/ValidationKit/bootsectors/bs3-cpu-basic-2-template.mac

@@ -9 +9 @@
 %include "bs3kit-template-header.mac"   ; setup environment
 
-
-
+%undef Bs3PrintStr
+BS3_EXTERN_CMN Bs3PrintStr
 
 BS3_PROC_BEGIN_CMN bs3CpuBasic2_iret
-        ;hlt
+
+%if TMPL_BITS == 16
+        push    cs
+        push    .szMsg
+        call    Bs3PrintStr
+        add     sp, 4
+%else
+        push    .szMsg wrt FLAT
+        BS3_CALL Bs3PrintStr, 1
+        add     xSP, xCB
+%endif
+
+        ; Return
         xor     al, al
         mov al, TMPL_MODE
         ret
+.szMsg: db 'hello world ', TMPL_MODE_STR, '!', 13, 10, 0
+
 BS3_PROC_END_CMN   bs3CpuBasic2_iret
 

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/Makefile.kmk

@@ -114 +114 @@
         bs3-cmn-TestSendCmdWithU32.asm \
         bs3-cmn-TestIsVmmDevTestingPresent.asm \
+        bs3-cmn-Trap16Init.c \
         bs3-cmn-Trap16SetGate.c \
         bs3-cmn-Trap32Init.c \
@@ -159 +160 @@
         bs3-wc16-U4D.asm \
         bs3-wc16-I4D.asm \
+       bs3-c16-Trap16Generic.asm
 
 # The 32-bit BS3Kit library.

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-c16-Trap16Generic.asm

@@ -1 +1 @@
 ; $Id$
 ;; @file
-; BS3Kit - Trap, 32-bit assembly handlers.
+; BS3Kit - Trap, 16-bit assembly handlers.
 ;
 
@@ -30 +30 @@
 %include "bs3kit-template-header.mac"
 
-%ifndef TMPL_32BIT
- %error "32-bit only template"
+%ifndef TMPL_16BIT
+ %error "16-bit only template"
 %endif
 
@@ -39 +39 @@
 ;*********************************************************************************************************************************
 BS3_EXTERN_DATA16 g_bBs3CurrentMode
+BS3_EXTERN_SYSTEM16 Bs3Gdt
 TMPL_BEGIN_TEXT
 BS3_EXTERN_CMN Bs3TrapDefaultHandler
@@ -49 +50 @@
 ;*********************************************************************************************************************************
 BS3_BEGIN_DATA16
-;; Easy to access flat address of Bs3Trap32GenericEntries.
-BS3_GLOBAL_DATA g_Bs3Trap32GenericEntriesFlatAddr, 4
-        dd Bs3Trap32GenericEntries wrt FLAT
-;; Easy to access flat address of Bs3Trap32DoubleFaultHandler.
-BS3_GLOBAL_DATA g_Bs3Trap32DoubleFaultHandlerFlatAddr, 4
-        dd Bs3Trap32DoubleFaultHandler wrt FLAT
-
-BS3_BEGIN_DATA32
-;; Pointer C trap handlers.
-BS3_GLOBAL_DATA g_apfnBs3TrapHandlers_c32, 1024
-        resd 256
+;; Pointer C trap handlers (BS3TEXT16).
+BS3_GLOBAL_DATA g_apfnBs3TrapHandlers_c16, 512
+        resw 256
 
 
@@ -66 +59 @@
 ; Generic entry points for IDT handlers, 8 byte spacing.
 ;
-BS3_PROC_BEGIN Bs3Trap32GenericEntries
-%macro Bs3Trap32GenericEntry 1
+BS3_PROC_BEGIN _Bs3Trap16GenericEntries
+BS3_PROC_BEGIN Bs3Trap16GenericEntries
+%macro Bs3Trap16GenericEntry 1
         db      06ah, i                 ; push imm8 - note that this is a signextended value.
+        hlt
         jmp     %1
         ALIGNCODE(8)
@@ -75 +70 @@
 
 %assign i 0                             ; start counter.
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt   ; 0
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt   ; 1
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt   ; 2
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt   ; 3
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt   ; 4
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt   ; 5
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt   ; 6
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt   ; 7
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapErrCode ; 8
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt   ; 9
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapErrCode ; a
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapErrCode ; b
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapErrCode ; c
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapErrCode ; d
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapErrCode ; e
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt   ; f  (reserved)
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt   ; 10
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapErrCode ; 11
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt   ; 12
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt   ; 13
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt   ; 14
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt   ; 15 (reserved)
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt   ; 16 (reserved)
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt   ; 17 (reserved)
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt   ; 18 (reserved)
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt   ; 19 (reserved)
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt   ; 1a (reserved)
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt   ; 1b (reserved)
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt   ; 1c (reserved)
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt   ; 1d (reserved)
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapErrCode ; 1e
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt   ; 1f (reserved)
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt   ; 0
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt   ; 1
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt   ; 2
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt   ; 3
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt   ; 4
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt   ; 5
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt   ; 6
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt   ; 7
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapErrCode ; 8
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt   ; 9
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapErrCode ; a
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapErrCode ; b
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapErrCode ; c
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapErrCode ; d
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapErrCode ; e
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt   ; f  (reserved)
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt   ; 10
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapErrCode ; 11
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt   ; 12
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt   ; 13
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt   ; 14
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt   ; 15 (reserved)
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt   ; 16 (reserved)
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt   ; 17 (reserved)
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt   ; 18 (reserved)
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt   ; 19 (reserved)
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt   ; 1a (reserved)
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt   ; 1b (reserved)
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt   ; 1c (reserved)
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt   ; 1d (reserved)
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapErrCode ; 1e
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt   ; 1f (reserved)
 %rep 224
-        Bs3Trap32GenericEntry bs3Trap32GenericTrapOrInt
+        Bs3Trap16GenericEntry bs3Trap16GenericTrapOrInt
 %endrep
-BS3_PROC_END  Bs3Trap32GenericEntries
-
-
-
-
-;;
-; Trap or interrupt (no error code).
-;
-BS3_PROC_BEGIN bs3Trap32GenericTrapOrInt
+BS3_PROC_END  Bs3Trap16GenericEntries
+
+
+
+
+;;
+; 80386+: Trap or interrupt (no error code).
+;
+BS3_PROC_BEGIN _bs3Trap16GenericTrapOrInt
+BS3_PROC_BEGIN bs3Trap16GenericTrapOrInt
+CPU 386
+        jmp     near bs3Trap16GenericTrapOrInt80286 ; Bs3Trap16Init adjusts this on 80386+
+        push    ebp
+        mov     bp, sp
+        push    ebx
         pushfd
         cli
         cld
 
-        sub     esp, BS3TRAPFRAME_size
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rax], eax
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rbp], ebp
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rdx], edx
-        lea     ebp, [esp + BS3TRAPFRAME_size + 4] ; iret - 4 (i.e. ebp frame chain location)
-
-        mov     edx, [esp + BS3TRAPFRAME_size]
-        mov     [esp + BS3TRAPFRAME.fHandlerRfl], edx
-
-        movzx   edx, byte [esp + BS3TRAPFRAME_size + 4]
-        mov     [esp + BS3TRAPFRAME.bXcpt], edx
-
-        xor     edx, edx
-        mov     [esp + BS3TRAPFRAME.uErrCd], edx
-        mov     [esp + BS3TRAPFRAME.uErrCd + 4], edx
-        jmp     bs3Trap32GenericCommon
-BS3_PROC_END   bs3Trap32GenericTrapOrInt
+        ; Reserve space for the the register and trap frame.
+        mov     bx, (BS3TRAPFRAME_size + 7) / 8
+.more_zeroed_space:
+        push    0
+        push    0
+        push    0
+        push    0
+        dec     bx
+        jz      .more_zeroed_space
+        movzx   ebx, sp
+
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rax], eax
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rdx], edx
+        mov     edx, [bp]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rbp], edx
+        mov     edx, [bp - 4]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rbx], edx
+
+        mov     edx, [bp - 8]
+        mov     [ss:bx + BS3TRAPFRAME.fHandlerRfl], edx
+
+        mov     dl, [bp + 4]
+        mov     [ss:bx + BS3TRAPFRAME.bXcpt], dl
+
+        add     bp, 4                   ; adjust so it points to the word before the iret frame.
+        jmp     bs3Trap16GenericCommon
+BS3_PROC_END   bs3Trap16GenericTrapOrInt
+
+
+;;
+; 80286: Trap or interrupt (no error code)
+;
+BS3_PROC_BEGIN bs3Trap16GenericTrapOrInt80286
+CPU 286
+        push    bp
+        mov     bp, sp
+        push    bx
+        pushf
+        cli
+        cld
+
+        ; Reserve space for the the register and trap frame.
+        mov     bx, (BS3TRAPFRAME_size + 7) / 8
+.more_zeroed_space:
+        push    0
+        push    0
+        push    0
+        push    0
+        dec     bx
+        jz      .more_zeroed_space
+        mov     bx, sp
+
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rax], ax
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rdx], dx
+        mov     dx, [bp]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rbp], dx
+        mov     dx, [bp - 2]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rbx], dx
+
+        mov     dl, [bp - 4]
+        mov     [ss:bx + BS3TRAPFRAME.fHandlerRfl], dl
+
+        mov     al, byte [bp + 4]
+        mov     [ss:bx + BS3TRAPFRAME.bXcpt], al
+
+        add     bp, 4                   ; adjust so it points to the word before the iret frame.
+        jmp     bs3Trap16GenericCommon
+BS3_PROC_END   bs3Trap16GenericTrapOrInt80286
 
 
@@ -145 +197 @@
 ; Trap with error code.
 ;
-BS3_PROC_BEGIN bs3Trap32GenericTrapErrCode
+BS3_PROC_BEGIN _bs3Trap16GenericTrapErrCode
+BS3_PROC_BEGIN bs3Trap16GenericTrapErrCode
+CPU 386
+        jmp     near bs3Trap16GenericTrapOrInt80286 ; Bs3Trap16Init adjusts this on 80386+
+        push    ebp
+        mov     bp, sp
+        push    ebx
         pushfd
         cli
         cld
 
-        sub     esp, BS3TRAPFRAME_size
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rax], eax
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rbp], ebp
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rdx], edx
-        lea     ebp, [esp + BS3TRAPFRAME_size + 8] ; iret - 4 (i.e. ebp frame chain location)
-
-        mov     edx, [esp + BS3TRAPFRAME_size]
-        mov     [esp + BS3TRAPFRAME.fHandlerRfl], edx
-
-        movzx   edx, byte [esp + BS3TRAPFRAME_size + 4]
-        mov     [esp + BS3TRAPFRAME.bXcpt], edx
-
-        mov     edx, [esp + BS3TRAPFRAME_size + 8]
+        ; Reserve space for the the register and trap frame.
+        mov     bx, (BS3TRAPFRAME_size + 7) / 8
+.more_zeroed_space:
+        push    0
+        push    0
+        push    0
+        push    0
+        dec     bx
+        jz      .more_zeroed_space
+        movzx   ebx, sp
+
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rax], eax
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rdx], edx
+        mov     edx, [bp]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rbp], edx
+        mov     edx, [bp - 4]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rbx], ebx
+
+        mov     edx, [bp - 8]
+        mov     [ss:bx + BS3TRAPFRAME.fHandlerRfl], edx
+
+        mov     dl, [bp + 4]
+        mov     [ss:bx + BS3TRAPFRAME.bXcpt], dl
+
+        mov     dx, [bp + 6]
 ;; @todo Do voodoo checks for 'int xx' or misguided hardware interrupts.
-        mov     [esp + BS3TRAPFRAME.uErrCd], edx
-        xor     edx, edx
-        mov     [esp + BS3TRAPFRAME.uErrCd + 4], edx
-        jmp     bs3Trap32GenericCommon
-BS3_PROC_END   bs3Trap32GenericTrapErrCode
+        mov     [ss:bx + BS3TRAPFRAME.uErrCd], dx
+
+        add     bp, 6                   ; adjust so it points to the word before the iret frame.
+        jmp     bs3Trap16GenericCommon
+BS3_PROC_END   bs3Trap16GenericTrapErrCode
+
+;;
+; Trap with error code - 80286 code variant.
+;
+BS3_PROC_BEGIN bs3Trap16GenericTrapErrCode80286
+CPU 286
+        push    bp
+        mov     bp, sp
+        push    bx
+        pushf
+        cli
+        cld
+
+        ; Reserve space for the the register and trap frame.
+        mov     bx, (BS3TRAPFRAME_size + 7) / 8
+.more_zeroed_space:
+        push    0
+        push    0
+        push    0
+        push    0
+        dec     bx
+        jz      .more_zeroed_space
+        mov     bx, sp
+
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rax], ax
+        mov     [bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rdx], dx
+        mov     dx, [bp]
+        mov     [bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rbp], dx
+        mov     dx, [bp - 2]
+        mov     [bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rbx], bx
+
+        mov     dx, [bp - 4]
+        mov     [bx + BS3TRAPFRAME.fHandlerRfl], dx
+
+        mov     dl, [bp + 2]
+        mov     [bx + BS3TRAPFRAME.bXcpt], dl
+
+        mov     dx, [bp + 4]
+;; @todo Do voodoo checks for 'int xx' or misguided hardware interrupts.
+        mov     [ss:bx + BS3TRAPFRAME.uErrCd], dx
+
+        add     bp, 4                   ; adjust so it points to the word before the iret frame.
+        jmp     bs3Trap16GenericCommon
+BS3_PROC_END   bs3Trap16GenericTrapErrCode80286
 
 
@@ -174 +288 @@
 ; Common context saving code and dispatching.
 ;
-; @param    esp     Pointer to the trap frame.  The following members have been
+; @param    bx      Pointer to the trap frame.  The following members have been
 ;                   filled in by the previous code:
 ;                       - bXcpt
 ;                       - uErrCd
 ;                       - fHandlerRFL
-;                       - Ctx.eax (except upper dword)
-;                       - Ctx.edx (except upper dword)
-;                       - Ctx.ebp (except upper dword)
-;
-; @param    ebp     Pointer to the dword before the iret frame, i.e. where ebp
-;                   would be saved if this was a normal call.
-; @param    edx     Zero (0).
-;
-BS3_PROC_BEGIN bs3Trap32GenericCommon
+;                       - Ctx.eax (except upper stuff)
+;                       - Ctx.edx (except upper stuff)
+;                       - Ctx.ebx (except upper stuff)
+;                       - Ctx.ebp (except upper stuff)
+;                       - All other bytes are zeroed.
+;
+; @param    bp      Pointer to the word before the iret frame, i.e. where bp
+;                   would be saved if this was a normal near call.
+; @param    dx      zero (0) if 286, set (1) if 386
+;
+BS3_PROC_BEGIN bs3Trap16GenericCommon
+CPU 286
         ;
         ; Fake EBP frame.
         ;
-        mov     eax, [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rbp]
-        mov     [ebp], eax
+        mov     ax, [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rbp]
+        mov     [bp], ax
 
         ;
         ; Save the remaining GPRs and segment registers.
         ;
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rcx], ecx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rbx], ebx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rdi], edi
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rsi], esi
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.ds], ds
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.es], es
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.fs], fs
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.gs], gs
-
-        ;
-        ; Load 32-bit data selector for the DPL we're executing at into DS and ES.
+        test    dx, dx
+        jz      .save_word_grps
+CPU 386
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rcx], ecx
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rdi], edi
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rsi], esi
+        jmp     .save_segment_registers
+.save_word_grps:
+CPU 286
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rcx], cx
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rdi], di
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rsi], si
+.save_segment_registers:
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.ds], ds
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.es], es
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.fs], fs
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.gs], gs
+
+        ;
+        ; Load 16-bit data selector for the DPL we're executing at into DS and ES.
         ; Save the handler SS and CS values first.
         ;
         mov     ax, cs
-        mov     [esp + BS3TRAPFRAME.uHandlerCs], ax
+        mov     [ss:bx + BS3TRAPFRAME.uHandlerCs], ax
         mov     ax, ss
-        mov     [esp + BS3TRAPFRAME.uHandlerSs], ax
+        mov     [ss:bx + BS3TRAPFRAME.uHandlerSs], ax
         and     ax, 3
         mov     cx, ax
@@ -226 +352 @@
         ;
         mov     al, [BS3_DATA16_WRT(g_bBs3CurrentMode)]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.bMode], al
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.bMode], al
         and     al, ~BS3_MODE_CODE_MASK
         or      al, BS3_MODE_CODE_32
@@ -234 +360 @@
         ; Copy iret info.
         ;
-        mov     ecx, [ebp + 4]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rip], ecx
-        mov     ecx, [ebp + 12]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rflags], ecx
-        mov     cx, [ebp + 8]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.cs], cx
-        test    dword [ebp + 12], X86_EFL_VM
-        jnz     .iret_frame_v8086
+        mov     cx, [bp + 2]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rip], cx
+        mov     cx, [bp + 6]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rflags], cx
+        mov     cx, [bp + 4]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.cs], cx
+
+        mov     al, [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.bMode]
+        and     al, BS3_MODE_CODE_MASK
+        cmp     al, BS3_MODE_CODE_V86
+        je      .iret_frame_v8086
+
         mov     ax, ss
         and     al, 3
         and     cl, 3
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.bCpl], cl
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.bCpl], cl
         cmp     cl, al
         je      .iret_frame_same_cpl
 
-        mov     ecx, [ebp + 16]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rsp], ecx
+.ret_frame_different_cpl:
+        mov     cx, [bp + 10]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.ss], cx
+        test    dx, dx
+        jz      .ret_frame_different_cpl_286
+.ret_frame_different_cpl_386:
+CPU 386
+        mov     ecx, esp
+        mov     cx, [bp + 8]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rsp], ecx
+        lea     eax, [ebp + 12]
+        mov     [ss:bx + BS3TRAPFRAME.uHandlerRsp], eax
+        jmp     .iret_frame_done
+.ret_frame_different_cpl_286:
+CPU 286
+        mov     cx, [bp + 8]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rsp], cx
+        lea     ax, [bp + 12]
+        mov     [ss:bx + BS3TRAPFRAME.uHandlerRsp], ax
+        jmp     .iret_frame_done
+
+.iret_frame_same_cpl:
+        mov     cx, ss
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.ss], cx
+        test    dx, dx
+        jz      .iret_frame_same_cpl_286
+.iret_frame_same_cpl_386:
+CPU 386
+        mov     ecx, esp
+        lea     cx, [bp + 8]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rsp], ecx
+        mov     [ss:bx + BS3TRAPFRAME.uHandlerRsp], ecx
+        jmp     .iret_frame_done
+.iret_frame_same_cpl_286:
+CPU 286
+        lea     cx, [bp + 8]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rsp], cx
+        mov     [ss:bx + BS3TRAPFRAME.uHandlerRsp], cx
+        jmp     .iret_frame_done
+
+.iret_frame_v8086:
+CPU 386
+        mov     byte [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.bCpl], 3
+        or      byte [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.bMode], BS3_MODE_CODE_V86 ; paranoia ^ 2
+        movzx   ecx, word [ebp + 16]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rsp], ecx
         mov     cx, [ebp + 20]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.ss], cx
-        lea     eax, [ebp + 24]
-        mov     [esp + BS3TRAPFRAME.uHandlerRsp], eax
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.ss], cx
+        mov     cx, [ebp + 24]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.es], cx
+        mov     cx, [ebp + 28]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.ds], cx
+        mov     cx, [ebp + 32]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.fs], cx
+        mov     cx, [ebp + 36]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.gs], cx
+        lea     eax, [ebp + 40]
+        mov     [ss:bx + BS3TRAPFRAME.uHandlerRsp], eax
         jmp     .iret_frame_done
 
-.iret_frame_same_cpl:
-        lea     ecx, [ebp + 12]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rsp], ecx
-        mov     cx, ss
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.ss], cx
-        lea     eax, [ebp + 16]
-        mov     [esp + BS3TRAPFRAME.uHandlerRsp], eax
-        jmp     .iret_frame_done
-
-.iret_frame_v8086:
-        mov     byte [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.bCpl], 3
-        or      byte [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.bMode], BS3_MODE_CODE_V86 ; paranoia ^ 2
-        movzx   ecx, word [ebp + 16]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rsp], ecx
-        mov     cx, [ebp + 20]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.ss], cx
-        mov     cx, [ebp + 24]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.es], cx
-        mov     cx, [ebp + 28]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.ds], cx
-        mov     cx, [ebp + 32]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.fs], cx
-        mov     cx, [ebp + 36]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.gs], cx
-        lea     eax, [ebp + 40]
-        mov     [esp + BS3TRAPFRAME.uHandlerRsp], eax
-        jmp     .iret_frame_done
-
 .iret_frame_done:
         ;
         ; Control registers.
         ;
+        str     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.tr]
+        sldt    [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.ldtr]
+        test    dx, dx
+        jz      .save_286_control_registers
+.save_386_control_registers:
+CPU 386
         mov     eax, cr0
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.cr0], eax
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.cr0], eax
         mov     eax, cr2
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.cr2], eax
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.cr2], eax
         mov     eax, cr3
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.cr3], eax
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.cr3], eax
         mov     eax, cr4
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.cr4], eax
-        str     ax
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.tr], ax
-        sldt    ax
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.ldtr], ax
-
-        ;
-        ; Set context bit width and clear all upper dwords and unused register members.
-        ;
-.clear_and_dispatch_to_handler:         ; The double fault code joins us here.
-        xor     edx, edx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.abPadding], dx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.abPadding + 2], edx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rax    + 4], edx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rcx    + 4], edx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rdx    + 4], edx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rbx    + 4], edx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rsp    + 4], edx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rbp    + 4], edx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rsi    + 4], edx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rdi    + 4], edx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.r8     + 4], edx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.r9     + 4], edx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.r10    + 4], edx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.r11    + 4], edx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.r12    + 4], edx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.r13    + 4], edx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.r14    + 4], edx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.r15    + 4], edx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rflags + 4], edx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rip    + 4], edx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.cr0    + 4], edx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.cr2    + 4], edx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.cr3    + 4], edx
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.cr4    + 4], edx
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.cr4], eax
+        jmp     .dispatch_to_handler
+CPU 286
+.save_286_control_registers:
+        smsw    [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.cr0]
 
         ;
         ; Dispatch it to C code.
         ;
-        movzx   ebx, byte [esp + BS3TRAPFRAME.bXcpt]
-        mov     eax, [ebx * 4 + BS3_DATA16_WRT(_g_apfnBs3TrapHandlers_c32)]
-        or      eax, eax
+.dispatch_to_handler:                   ; The double fault code joins us here.
+        mov     di, bx
+        mov     bl, byte [ss:bx + BS3TRAPFRAME.bXcpt]
+        mov     bh, 0
+        shl     bx, 1
+        mov     bx, [bx + BS3_DATA16_WRT(_g_apfnBs3TrapHandlers_c16)]
+        or      bx, bx
         jnz     .call_handler
-        mov     eax, Bs3TrapDefaultHandler
+        mov     bx, Bs3TrapDefaultHandler
 .call_handler:
-        mov     edi, esp
-        push    edi
-        call    eax
+        push    ss
+        push    di
+        call    bx
 
         ;
@@ -349 +483 @@
         ;
         push    0
-        add     edi, BS3TRAPFRAME.Ctx
-        push    edi
+        push    ss
+        add     di, BS3TRAPFRAME.Ctx
+        push    di
         call    Bs3RegCtxRestore
 .panic:
         hlt
         jmp     .panic
-BS3_PROC_END   bs3Trap32GenericCommon
+BS3_PROC_END   bs3Trap16GenericCommon
 
 
@@ -361 +496 @@
 ; Helper.
 ;
-; @retruns  Flat address in eax.
-; @param    ax
+; @retruns  Flat address in es:di.
+; @param    di
 ; @uses     eax
 ;
-bs3Trap32TssInAxToFlatInEax:
-        ; Get the GDT base address and find the descriptor address (EAX)
-        sub     esp, 16h
-        sgdt    [esp + 2]               ; +2 for correct alignment.
-        and     eax, 0fff8h
-        add     eax, [esp + 4]          ; GDT base address.
-        add     esp, 16h
-
-        ; Get the flat TSS address from the descriptor.
-        push    ecx
-        mov     ecx, [eax + 4]
-        and     eax, 0ffff0000h
-        movzx   eax, word [eax]
-        or      eax, ecx
-        pop     ecx
-
+bs3Trap16TssInDiToFar1616InEsDi:
+CPU 286
+        push    ax
+
+        ; ASSUME Bs3Gdt is being used.
+        push    BS3_SEL_SYSTEM16
+        pop     es
+        and     di, 0fff8h
+        add     di, Bs3Gdt wrt BS3SYSTEM16
+
+        ; Load the TSS base into ax:di (di is low, ax high)
+        mov     al, [es:di + (X86DESCGENERIC_BIT_OFF_BASE_HIGH1 / 8)]
+        mov     ah, [es:di + (X86DESCGENERIC_BIT_OFF_BASE_HIGH2 / 8)]
+        mov     di, [es:di + (X86DESCGENERIC_BIT_OFF_BASE_LOW / 8)]
+
+        ; Convert ax to tiled selector, if not within the tiling area we read
+        ; random BS3SYSTEM16 bits as that's preferable to #GP'ing.
+        shl     ax, X86_SEL_SHIFT
+        cmp     ax, BS3_SEL_TILED_LAST - BS3_SEL_TILED
+%ifdef BS3_STRICT
+        jbe     .tiled
+        int3
+%endif
+        ja      .return                 ; don't crash again.
+.tiled:
+        add     ax, BS3_SEL_TILED
+        mov     es, ax
+.return:
+        pop     ax
         ret
+
 
 ;;
@@ -389 +538 @@
 ; TSS specified sane values which got loaded during the task switch.
 ;
-BS3_PROC_BEGIN Bs3Trap32DoubleFaultHandler
+; @param    dx      Zero (1) (for 386+).
+;
+BS3_PROC_BEGIN _Bs3Trap16DoubleFaultHandler80386
+BS3_PROC_BEGIN Bs3Trap16DoubleFaultHandler80386
+CPU 386
         push    0                       ; We'll copy the rip from the other TSS here later to create a more sensible call chain.
         push    ebp
-        mov     ebp, esp
+        mov     bp, sp
+        pushfd                          ; Handler flags.
+
+        ; Reserve space for the the register and trap frame.
+        mov     bx, (BS3TRAPFRAME_size + 15) / 16
+.more_zeroed_space:
+        push    dword 0
+        push    dword 0
+        push    dword 0
+        push    dword 0
+        dec     bx
+        jz      .more_zeroed_space
+        mov     bx, sp
+
+        ;
+        ; Fill in the high GRP register words before we mess them up.
+        ;
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rax], eax
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rbx], ebx
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rcx], ecx
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rdx], edx
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rsi], esi
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rdi], edi
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rbp], ebp
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rsp], esp
+
+        ;
+        ; FS and GS are not part of the 16-bit TSS because they are 386+ specfic.
+        ;
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.fs], fs
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.gs], gs
 
         ;
         ; Fill in the non-context trap frame bits.
         ;
-        pushfd                          ; Get handler flags.
-        pop     ecx
-        xor     edx, edx                ; NULL register.
-
-        sub     esp, BS3TRAPFRAME_size  ; Allocate trap frame.
-        mov     [esp + BS3TRAPFRAME.fHandlerRfl], ecx
-        mov     word [esp + BS3TRAPFRAME.bXcpt], X86_XCPT_DF
-        mov     [esp + BS3TRAPFRAME.uHandlerCs], cs
-        mov     [esp + BS3TRAPFRAME.uHandlerSs], ss
-        lea     ecx, [ebp + 12]
-        mov     [esp + BS3TRAPFRAME.uHandlerRsp], ecx
-        mov     [esp + BS3TRAPFRAME.uHandlerRsp + 4], edx
-        mov     ecx, [ebp + 8]
-        mov     [esp + BS3TRAPFRAME.uErrCd], ecx
-        mov     [esp + BS3TRAPFRAME.uErrCd + 4], edx
+        mov     ecx, [bp - 4]
+        mov     [ss:bx + BS3TRAPFRAME.fHandlerRfl], ecx
+        mov     byte [ss:bx + BS3TRAPFRAME.bXcpt], X86_XCPT_DF
+        mov     [ss:bx + BS3TRAPFRAME.uHandlerCs], cs
+        mov     [ss:bx + BS3TRAPFRAME.uHandlerSs], ss
+        mov     ecx, esp
+        lea     cx, [bp + 8]
+        mov     [ss:bx + BS3TRAPFRAME.uHandlerRsp], ecx
+        mov     cx, [bp + 6]
+        mov     [ss:bx + BS3TRAPFRAME.uErrCd], cx
+
+        ;
+        ; Copy 80386+ control registers.
+        ;
+        mov     ecx, cr0
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.cr0], ecx
+        mov     ecx, cr2
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.cr2], ecx
+        mov     ecx, cr3
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.cr3], ecx
+        mov     ecx, cr4
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.cr4], ecx
 
         ;
         ; Copy the register state from the previous task segment.
-        ;
-
+        ; The 80286 code with join us here.
+        ;
+.common:
+CPU 286
         ; Find our TSS.
-        str     ax
-        call    bs3Trap32TssInAxToFlatInEax
+        str     di
+        call    bs3Trap16TssInDiToFar1616InEsDi
 
         ; Find the previous TSS.
-        mov     ax, [eax + X86TSS32.selPrev]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.tr], ax
-        call    bs3Trap32TssInAxToFlatInEax
+        mov     di, [es:di + X86TSS32.selPrev]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.tr], ax
+        call    bs3Trap16TssInDiToFar1616InEsDi
 
         ; Do the copying.
-        mov     ecx, [eax + X86TSS32.eax]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rax], ecx
-        mov     ecx, [eax + X86TSS32.ecx]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rcx], ecx
-        mov     ecx, [eax + X86TSS32.edx]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rdx], ecx
-        mov     ecx, [eax + X86TSS32.ebx]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rbx], ecx
-        mov     ecx, [eax + X86TSS32.esp]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rsp], ecx
-        mov     ecx, [eax + X86TSS32.ebp]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rbp], ecx
-        mov     [ebp], ecx              ; For better call stacks.
-        mov     ecx, [eax + X86TSS32.esi]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rsi], ecx
-        mov     ecx, [eax + X86TSS32.edi]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rdi], ecx
-        mov     ecx, [eax + X86TSS32.esi]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rsi], ecx
-        mov     ecx, [eax + X86TSS32.eflags]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rflags], ecx
-        mov     ecx, [eax + X86TSS32.eip]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rip], ecx
-        mov     [ebp + 4], ecx          ; For better call stacks.
-        mov     cx, [eax + X86TSS32.cs]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.cs], cx
-        mov     cx, [eax + X86TSS32.ds]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.ds], cx
-        mov     cx, [eax + X86TSS32.es]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.es], cx
-        mov     cx, [eax + X86TSS32.fs]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.fs], cx
-        mov     cx, [eax + X86TSS32.gs]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.gs], cx
-        mov     cx, [eax + X86TSS32.ss]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.ss], cx
-        mov     cx, [eax + X86TSS32.selLdt]             ; Note! This isn't necessarily the ldtr at the time of the fault.
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.ldtr], cx
-        mov     cx, [eax + X86TSS32.cr3]                ; Note! This isn't necessarily the cr3 at the time of the fault.
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.cr3], ecx
+        mov     cx, [es:di + X86TSS16.ax]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rax], cx
+        mov     cx, [es:di + X86TSS16.cx]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rcx], cx
+        mov     cx, [es:di + X86TSS16.dx]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rdx], cx
+        mov     cx, [es:di + X86TSS16.bx]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rbx], cx
+        mov     cx, [es:di + X86TSS16.sp]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rsp], cx
+        mov     cx, [es:di + X86TSS16.bp]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rbp], cx
+        mov     [bp], cx                ; For better call stacks.
+        mov     cx, [es:di + X86TSS16.si]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rsi], cx
+        mov     cx, [es:di + X86TSS16.di]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rdi], cx
+        mov     cx, [es:di + X86TSS16.si]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rsi], cx
+        mov     cx, [es:di + X86TSS16.flags]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rflags], cx
+        mov     cx, [es:di + X86TSS16.ip]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.rip], cx
+        mov     [ebp + 2], cx           ; For better call stacks.
+        mov     cx, [eax + X86TSS16.cs]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.cs], cx
+        mov     cx, [eax + X86TSS16.ds]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.ds], cx
+        mov     cx, [eax + X86TSS16.es]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.es], cx
+        mov     cx, [eax + X86TSS16.ss]
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.ss], cx
+        mov     cx, [eax + X86TSS16.selLdt]             ; Note! This isn't necessarily the ldtr at the time of the fault.
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.ldtr], cx
 
         ;
         ; Set CPL; copy and update mode.
         ;
-        mov     cl, [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.ss]
+        mov     cl, [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.ss]
         and     cl, 3
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.bCpl], cl
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.bCpl], cl
 
         mov     cl, [BS3_DATA16_WRT(g_bBs3CurrentMode)]
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.bMode], cl
+        mov     [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.bMode], cl
         and     cl, ~BS3_MODE_CODE_MASK
         or      cl, BS3_MODE_CODE_32
@@ -482 +668 @@
 
         ;
-        ; Control registers.
-        ;
-        mov     ecx, cr0
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.cr0], ecx
-        mov     ecx, cr2
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.cr2], ecx
-        mov     ecx, cr4
-        mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.cr4], ecx
-
-        ;
         ; Join code paths with the generic handler code.
         ;
-        jmp     bs3Trap32GenericCommon.clear_and_dispatch_to_handler
-BS3_PROC_END   Bs3Trap32DoubleFaultHandler
-
+        jmp     bs3Trap16GenericCommon.dispatch_to_handler
+BS3_PROC_END   Bs3Trap16DoubleFaultHandler
+
+
+;;
+; Double fault handler.
+;
+; We don't have to load any selectors or clear anything in EFLAGS because the
+; TSS specified sane values which got loaded during the task switch.
+;
+; @param    dx      Zero (0) (for 286).
+;
+BS3_PROC_BEGIN _Bs3Trap16DoubleFaultHandler80286
+BS3_PROC_BEGIN Bs3Trap16DoubleFaultHandler80286
+CPU 286
+        push    0                       ; We'll copy the rip from the other TSS here later to create a more sensible call chain.
+        push    bp
+        mov     bp, sp
+        pushf                           ; Handler flags.
+
+        ; Reserve space for the the register and trap frame.
+        mov     bx, (BS3TRAPFRAME_size + 7) / 8
+.more_zeroed_space:
+        push    0
+        push    0
+        push    0
+        push    0
+        dec     bx
+        jz      .more_zeroed_space
+        mov     bx, sp
+
+        ;
+        ; Fill in the non-context trap frame bits.
+        ;
+        mov     cx, [bp - 2]
+        mov     [ss:bx + BS3TRAPFRAME.fHandlerRfl], cx
+        mov     byte [ss:bx + BS3TRAPFRAME.bXcpt], X86_XCPT_DF
+        mov     [ss:bx + BS3TRAPFRAME.uHandlerCs], cs
+        mov     [ss:bx + BS3TRAPFRAME.uHandlerSs], ss
+        lea     cx, [bp + 8]
+        mov     [ss:bx + BS3TRAPFRAME.uHandlerRsp], cx
+        mov     cx, [bp + 6]
+        mov     [ss:bx + BS3TRAPFRAME.uErrCd], cx
+
+        ;
+        ; Copy 80286 specific control register.
+        ;
+        smsw    [ss:bx + BS3TRAPFRAME.Ctx + BS3REGCTX.cr0]
+
+        jmp     Bs3Trap16DoubleFaultHandler80386.common
+BS3_PROC_END   Bs3Trap16DoubleFaultHandler80286
+
+

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-c32-Trap32Generic.asm

@@ -249 +249 @@
         je      .iret_frame_same_cpl
 
+.iret_frame_different_cpl:
         mov     ecx, [ebp + 16]
         mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rsp], ecx
@@ -260 +261 @@
         lea     ecx, [ebp + 12]
         mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.rsp], ecx
+        mov     [esp + BS3TRAPFRAME.uHandlerRsp], ecx
         mov     cx, ss
         mov     [esp + BS3TRAPFRAME.Ctx + BS3REGCTX.ss], cx
-        lea     eax, [ebp + 16]
-        mov     [esp + BS3TRAPFRAME.uHandlerRsp], eax
         jmp     .iret_frame_done
 
@@ -367 +367 @@
 bs3Trap32TssInAxToFlatInEax:
         ; Get the GDT base address and find the descriptor address (EAX)
-        sub     esp, 16h
-        sgdt    [esp + 2]               ; +2 for correct alignment.
+        sub     esp, 8+2
+        sgdt    [esp]
         and     eax, 0fff8h
-        add     eax, [esp + 4]          ; GDT base address.
-        add     esp, 16h
+        add     eax, [esp + 2]          ; GDT base address.
+        add     esp, 8+2
 
         ; Get the flat TSS address from the descriptor.
-        push    ecx
-        mov     ecx, [eax + 4]
-        and     eax, 0ffff0000h
-        movzx   eax, word [eax]
-        or      eax, ecx
-        pop     ecx
-
+        mov     al, [eax + (X86DESCGENERIC_BIT_OFF_BASE_HIGH1 / 8)]
+        mov     ah, [eax + (X86DESCGENERIC_BIT_OFF_BASE_HIGH2 / 8)]
+        shl     eax, 16
+        mov     ax, [eax + (X86DESCGENERIC_BIT_OFF_BASE_LOW / 8)]
         ret
 

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-cmn-PrintChr.asm

@@ -5 +5 @@
 
 ;
-; Copyright (C) 2007-2015 Oracle Corporation
+; Copyright (C) 2007-2016 Oracle Corporation
 ;
 ; This file is part of VirtualBox Open Source Edition (OSE), as

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-cmn-SwitchTo16BitV86.asm

@@ -53 +53 @@
         push    dword BS3_SEL_TEXT16                    ; +0x04
         push    word 0
- %if TMPL_BITS == 16
-        push    word [esp + 2 + 8 * 4 + 2]              ; +0x00
- %else
-        push    word [esp + 2 + 8 * 4]                  ; +0x00
- %endif
+        push    word [esp + 24h - 2]                    ; +0x00
         ; Save registers and stuff.
         push    eax
@@ -79 +75 @@
         pop     edx
         pop     eax
-        add     xSP, (9-1)*4
+        add     xSP, 0x24
         ret
 

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-cmn-Trap16Init.c

@@ -1 +1 @@
 /* $Id$ */
 /** @file
- * BS3Kit - Bs3Trap32Init
+ * BS3Kit - Bs3Trap16Init
  */
 
@@ -34 +34 @@
 *   Global Variables                                                                                                             *
 *********************************************************************************************************************************/
-extern uint32_t BS3_DATA_NM(g_Bs3Trap32DoubleFaultHandlerFlatAddr);
+/* We ASSUME that BS3CODE16 is 64KB aligned, so the low 16-bit of the
+   flat address matches.   Also, these symbols are defined both with
+   and without underscore prefixes. */
+extern BS3_DECL(void) BS3_FAR_CODE Bs3Trap16DoubleFaultHandler80386(void);
+extern BS3_DECL(void) BS3_FAR_CODE Bs3Trap16DoubleFaultHandler80286(void);
+extern BS3_DECL(void) BS3_FAR_CODE Bs3Trap16GenericEntries(void);
+
+/* These two are ugly.  Need data access for patching purposes. */
+extern uint8_t  BS3_FAR_DATA bs3Trap16GenericTrapOrInt[];
+extern uint8_t  BS3_FAR_DATA bs3Trap16GenericTrapErrCode[];
 
 
-BS3_DECL(void) Bs3Trap32Init(void)
+BS3_DECL(void) Bs3Trap16Init(bool f386Plus)
 {
-     X86TSS32 BS3_FAR *pTss;
-     unsigned iIdt;
+    X86TSS16 BS3_FAR *pTss;
+    unsigned iIdt;
+
+    /*
+     * If 386 or later, patch the trap handler code to not jump to the 80286
+     * code but continue with the next instruction (the 386+ code).
+     */
+    if (f386Plus)
+    {
+        bs3Trap16GenericTrapErrCode[1] = 0;
+        bs3Trap16GenericTrapErrCode[2] = 0;
+        bs3Trap16GenericTrapOrInt[1]   = 0;
+        bs3Trap16GenericTrapOrInt[2]   = 0;
+    }
 
     /*
@@ -46 +67 @@
      */
     for (iIdt = 0; iIdt < BS3_TRAP_SYSCALL; iIdt++)
-        Bs3Trap32SetGate(iIdt, X86_SEL_TYPE_SYS_386_INT_GATE, 0 /*bDpl*/,
-                         BS3_SEL_R0_CS32, BS3_DATA_NM(g_Bs3Trap32GenericEntriesFlatAddr) + iIdt * 8, 0 /*cParams*/);
+        Bs3Trap16SetGate(iIdt, X86_SEL_TYPE_SYS_286_INT_GATE, 0 /*bDpl*/,
+                         BS3_SEL_R0_CS16, (uint16_t)(uintptr_t)Bs3Trap16GenericEntries + iIdt * 8, 0 /*cParams*/);
     for (iIdt = BS3_TRAP_SYSCALL + 1; iIdt < 256; iIdt++)
-        Bs3Trap32SetGate(iIdt, X86_SEL_TYPE_SYS_386_INT_GATE, 0 /*bDpl*/,
-                         BS3_SEL_R0_CS32, BS3_DATA_NM(g_Bs3Trap32GenericEntriesFlatAddr) + iIdt * 8, 0 /*cParams*/);
+        Bs3Trap16SetGate(iIdt, X86_SEL_TYPE_SYS_286_INT_GATE, 0 /*bDpl*/,
+                         BS3_SEL_R0_CS16, (uint16_t)(uintptr_t)Bs3Trap16GenericEntries + iIdt * 8, 0 /*cParams*/);
 
     /*
      * Initialize the normal TSS so we can do ring transitions via the IDT.
      */
-    //pTss = &BS3_DATA_NM(Bs3Tss32);
-    Bs3MemZero(&BS3_DATA_NM(Bs3Tss32), sizeof(*pTss));
-    BS3_DATA_NM(Bs3Tss32).esp0      = BS3_ADDR_STACK_R0;
-    BS3_DATA_NM(Bs3Tss32).ss0       = BS3_SEL_R0_SS32;
-    BS3_DATA_NM(Bs3Tss32).esp1      = BS3_ADDR_STACK_R1;
-    BS3_DATA_NM(Bs3Tss32).ss1       = BS3_SEL_R1_SS32;
-    BS3_DATA_NM(Bs3Tss32).esp2      = BS3_ADDR_STACK_R2;
-    BS3_DATA_NM(Bs3Tss32).ss2       = BS3_SEL_R2_SS32;
+    pTss = &BS3_DATA_NM(Bs3Tss16);
+    Bs3MemZero(pTss, sizeof(*pTss));
+    pTss->sp0       = BS3_ADDR_STACK_R0;
+    pTss->ss0       = BS3_SEL_R0_SS16;
+    pTss->sp1       = BS3_ADDR_STACK_R1;
+    pTss->ss1       = BS3_SEL_R1_SS16 | 1;
+    pTss->sp2       = BS3_ADDR_STACK_R2;
+    pTss->ss2       = BS3_SEL_R2_SS16 | 2;
 
     /*
@@ -68 +89 @@
      * cr3 is filled in by switcher code, when needed.
      */
-    pTss = &BS3_DATA_NM(Bs3Tss32DoubleFault);
+    pTss = &BS3_DATA_NM(Bs3Tss16DoubleFault);
     Bs3MemZero(pTss, sizeof(*pTss));
-    pTss->esp0      = BS3_ADDR_STACK_R0;
-    pTss->ss0       = BS3_SEL_R0_SS32;
-    pTss->esp1      = BS3_ADDR_STACK_R1;
-    pTss->ss1       = BS3_SEL_R1_SS32;
-    pTss->esp2      = BS3_ADDR_STACK_R2;
-    pTss->ss2       = BS3_SEL_R2_SS32;
-    pTss->eip       = BS3_DATA_NM(g_Bs3Trap32DoubleFaultHandlerFlatAddr);
-    pTss->eflags    = X86_EFL_1;
-    pTss->esp       = BS3_ADDR_STACK_R0_IST1;
-    pTss->es        = BS3_SEL_R0_DS32;
-    pTss->ds        = BS3_SEL_R0_DS32;
-    pTss->cs        = BS3_SEL_R0_CS32;
-    pTss->ss        = BS3_SEL_R0_SS32;
+    pTss->sp0       = BS3_ADDR_STACK_R0;
+    pTss->ss0       = BS3_SEL_R0_SS16;
+    pTss->sp1       = BS3_ADDR_STACK_R1;
+    pTss->ss1       = BS3_SEL_R1_SS16 | 1;
+    pTss->sp2       = BS3_ADDR_STACK_R2;
+    pTss->ss2       = BS3_SEL_R2_SS16 | 2;
+    pTss->ip        = (uint16_t)(uintptr_t)(f386Plus ? &Bs3Trap16DoubleFaultHandler80386 : &Bs3Trap16DoubleFaultHandler80286);
+    pTss->flags     = X86_EFL_1;
+    pTss->sp        = BS3_ADDR_STACK_R0_IST1;
+    pTss->es        = BS3_SEL_R0_DS16;
+    pTss->ds        = BS3_SEL_R0_DS16;
+    pTss->cs        = BS3_SEL_R0_CS16;
+    pTss->ss        = BS3_SEL_R0_SS16;
+    pTss->dx        = f386Plus;
 
-    Bs3Trap32SetGate(X86_XCPT_DF, X86_SEL_TYPE_SYS_TASK_GATE, 0 /*bDpl*/, BS3_SEL_TSS32_DF, 0, 0 /*cParams*/);
+    Bs3Trap16SetGate(X86_XCPT_DF, X86_SEL_TYPE_SYS_TASK_GATE, 0 /*bDpl*/, BS3_SEL_TSS16_DF, 0, 0 /*cParams*/);
 }
 

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-cmn-Trap32Init.c

@@ -55 +55 @@
      * Initialize the normal TSS so we can do ring transitions via the IDT.
      */
-    //pTss = &BS3_DATA_NM(Bs3Tss32);
-    Bs3MemZero(&BS3_DATA_NM(Bs3Tss32), sizeof(*pTss));
-    BS3_DATA_NM(Bs3Tss32).esp0      = BS3_ADDR_STACK_R0;
-    BS3_DATA_NM(Bs3Tss32).ss0       = BS3_SEL_R0_SS32;
-    BS3_DATA_NM(Bs3Tss32).esp1      = BS3_ADDR_STACK_R1;
-    BS3_DATA_NM(Bs3Tss32).ss1       = BS3_SEL_R1_SS32;
-    BS3_DATA_NM(Bs3Tss32).esp2      = BS3_ADDR_STACK_R2;
-    BS3_DATA_NM(Bs3Tss32).ss2       = BS3_SEL_R2_SS32;
+    pTss = &BS3_DATA_NM(Bs3Tss32);
+    Bs3MemZero(pTss, sizeof(*pTss));
+    pTss->esp0      = BS3_ADDR_STACK_R0;
+    pTss->ss0       = BS3_SEL_R0_SS32;
+    pTss->esp1      = BS3_ADDR_STACK_R1;
+    pTss->ss1       = BS3_SEL_R1_SS32 | 1;
+    pTss->esp2      = BS3_ADDR_STACK_R2;
+    pTss->ss2       = BS3_SEL_R2_SS32 | 2;
 
     /*
@@ -73 +73 @@
     pTss->ss0       = BS3_SEL_R0_SS32;
     pTss->esp1      = BS3_ADDR_STACK_R1;
-    pTss->ss1       = BS3_SEL_R1_SS32;
+    pTss->ss1       = BS3_SEL_R1_SS32 | 1;
     pTss->esp2      = BS3_ADDR_STACK_R2;
-    pTss->ss2       = BS3_SEL_R2_SS32;
+    pTss->ss2       = BS3_SEL_R2_SS32 | 2;
     pTss->eip       = BS3_DATA_NM(g_Bs3Trap32DoubleFaultHandlerFlatAddr);
     pTss->eflags    = X86_EFL_1;

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-mode-SwitchToPE16_V86.asm

@@ -67 +67 @@
         ; Switch to v8086 mode (return address is already 16-bit).
         ;
+hlt
         extern  _Bs3SwitchTo16BitV86_c16
         jmp     _Bs3SwitchTo16BitV86_c16

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-mode-TestDoModes.c

@@ -205 +205 @@
          * Unpaged prot mode.
          */
+#if 0
         if (paEntries[i].pfnDoPE16)
         {
+Bs3Printf("Calling pfnDoPE16\n");
             bErrNo = TMPL_NM(Bs3TestCallDoerInPE16)(CONV_TO_BS3TEXT16(paEntries[i].pfnDoPE16));
+Bs3Printf("pfnDoPE16 returns %d\n", bErrNo);
             if (bErrNo != 0)
                 Bs3TestFailedF("Error #%u (%#x) in %s!\n", bErrNo, bErrNo, BS3_DATA_NM(g_szBs3ModeName_pe16));
         }
-
         if (bCpuType < BS3CPU_80386)
             continue;
@@ -217 +219 @@
         if (paEntries[i].pfnDoPE16_32)
         {
+Bs3Printf("Calling pfnDoPE16_32\n");
             bErrNo = TMPL_NM(Bs3TestCallDoerInPE16_32)(CONV_TO_FLAT(paEntries[i].pfnDoPE16_32));
+Bs3Printf("pfnDoPE16_32 returns %d\n", bErrNo);
             if (bErrNo != 0)
                 Bs3TestFailedF("Error #%u (%#x) in %s!\n", bErrNo, bErrNo, BS3_DATA_NM(g_szBs3ModeName_pe16_32));
@@ -223 +227 @@
 
         if (paEntries[i].pfnDoPE16_V86 && fDoWeirdV86Modes)
+#endif
         {
             bErrNo = TMPL_NM(Bs3TestCallDoerInPE16_V86)(CONV_TO_BS3TEXT16(paEntries[i].pfnDoPE16_V86));

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-mode-TestDoModesHlp.asm

@@ -235 +235 @@
         BS3_SET_BITS 32
         call    eax
+.repeat: jmp .repeat
         call    RT_CONCAT3(_Bs3SwitchTo,TMPL_MODE_UNAME,_pe16_v86)
         BS3_SET_BITS TMPL_BITS

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-mode-TrapSystemCallHandler.asm

@@ -152 +152 @@
         BS3_SET_BITS 16
 %endif
+push sBX
+push sAX
+push sCX
+push sDX
+push sBP
 
         ; Print the character.
@@ -159 +164 @@
         int     10h
 
+pop sBP
+pop sDX
+pop sCX
+pop sAX
+pop sBX
 %ifndef TMPL_CMN_R86
         ; Switch back (20h param scratch area not required).

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-rm-InitAll.c

@@ -41 +41 @@
     if ((BS3_DATA_NM(g_uBs3CpuDetected) & BS3CPU_TYPE_MASK) >= BS3CPU_80386)
         Bs3Trap32Init();
-//    if ((BS3_DATA_NM(g_uBs3CpuDetected) & BS3CPU_TYPE_MASK) >= BS3CPU_80286)
-//        Bs3Trap16Init();
+    if ((BS3_DATA_NM(g_uBs3CpuDetected) & BS3CPU_TYPE_MASK) >= BS3CPU_80286)
+        Bs3Trap16Init((BS3_DATA_NM(g_uBs3CpuDetected) & BS3CPU_TYPE_MASK) >= BS3CPU_80386);
 }
 

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3kit-docs.c

@@ -5 +5 @@
 
 /*
- * Copyright (C) 2007-2015 Oracle Corporation
+ * Copyright (C) 2007-2016 Oracle Corporation
  *
  * This file is part of VirtualBox Open Source Edition (OSE), as
@@ -78 +78 @@
  * | RFLAGS.DF    | =0          | =0         | =0              | =0           |
  * | CS           | preserved   | preserved  | preserved       | preserved    |
- * | DS           | volatile?   | preserved? | preserved       | both         |
+ * | DS           | preserved!  | preserved? | preserved       | both         |
  * | ES           | volatile    | volatile   | preserved       | volatile     |
  * | FS           | preserved   | preserved  | preserved       | preserved    |
@@ -103 +103 @@
  *            significant bits.
  *
+ * The DS segment register is pegged to BS3DATA16_GROUP in 16-bit code so that
+ * we don't need to reload it all the time.  This allows us to modify it in
+ * ring-0 and mode switching code without ending up in any serious RPL or DPL
+ * trouble.  In 32-bit and 64-bit mode the DS register is a flat, unlimited,
+ * writable selector.
+ *
+ * In 16-bit and 32-bit code we do not assume anything about ES, FS, and GS.
+ *
+ *
  * For an in depth coverage of x86 and AMD64 calling convensions, see
  * http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/function-calling-conventions.html
  *
  *
+ *
+ * @section sec_modes               Execution Modes
+ *
+ * BS3Kit defines a number of execution modes in order to be able to test the
+ * full CPU capabilities (that VirtualBox care about anyways).  It currently
+ * omits system management mode, hardware virtualization modes, and security
+ * modes as those aren't supported by VirtualBox or are difficult to handle.
+ *
+ * The modes are categorized into normal and weird ones.
+ *
+ * The normal ones are:
+ *    + RM     - Real mode.
+ *    + PE16   - Protected  mode running 16-bit code, 16-bit TSS and 16-bit handlers.
+ *    + PE32   - Protected  mode running 32-bit code, 32-bit TSS and 32-bit handlers.
+ *    + PEV86  - Protected  mode running  v8086 code, 32-bit TSS and 32-bit handlers.
+ *    + PP16   - 386  paged mode running 16-bit code, 16-bit TSS and 16-bit handlers.
+ *    + PP32   - 386  paged mode running 32-bit code, 32-bit TSS and 32-bit handlers.
+ *    + PPV86  - 386  paged mode running  v8086 code, 32-bit TSS and 32-bit handlers.
+ *    + PAE16  - PAE  paged mode running 16-bit code, 16-bit TSS and 16-bit handlers.
+ *    + PAE32  - PAE  paged mode running 32-bit code, 32-bit TSS and 32-bit handlers.
+ *    + PAEV86 - PAE  paged mode running  v8086 code, 32-bit TSS and 32-bit handlers.
+ *    + LM16   - AMD64 long mode running 16-bit code, 64-bit TSS and 64-bit handlers.
+ *    + LM32   - AMD64 long mode running 32-bit code, 64-bit TSS and 64-bit handlers.
+ *    + LM64   - AMD64 long mode running 64-bit code, 64-bit TSS and 64-bit handlers.
+ *
+ * The weird ones:
+ *    + PE16_32   - Protected  mode running 16-bit code, 16-bit TSS and 16-bit handlers.
+ *    + PE16_V86  - Protected  mode running 16-bit code, 16-bit TSS and 16-bit handlers.
+ *    + PE32_16   - Protected  mode running 32-bit code, 32-bit TSS and 32-bit handlers.
+ *    + PP16_32   - 386  paged mode running 16-bit code, 16-bit TSS and 16-bit handlers.
+ *    + PP16_V86  - 386  paged mode running 16-bit code, 16-bit TSS and 16-bit handlers.
+ *    + PP32_16   - 386  paged mode running 32-bit code, 32-bit TSS and 32-bit handlers.
+ *    + PAE16_32  - PAE  paged mode running 16-bit code, 16-bit TSS and 16-bit handlers.
+ *    + PAE16_V86 - PAE  paged mode running 16-bit code, 16-bit TSS and 16-bit handlers.
+ *    + PAE32_16  - PAE  paged mode running 32-bit code, 32-bit TSS and 32-bit handlers.
+ *
+ * Actually, the PE32_16, PP32_16 and PAE32_16 modes aren't all that weird and fits in
+ * right next to LM16 and LM32, but this is the way it ended up. :-)
+ *
  */
 

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3kit.h

@@ -2075 +2075 @@
  * Initializes 16-bit (protected mode) trap handling.
  *
+ * @param   f386Plus    Set if the CPU is 80386 or later and
+ *                      extended registers should be saved.  Once initialized
+ *                      with this parameter set to @a true, the effect cannot be
+ *                      reversed.
+ *
  * @remarks Does not install 16-bit trap handling, just initializes the
  *          structures.
  */
-BS3_DECL(void) Bs3Trap16Init_c16(void);
-BS3_DECL(void) Bs3Trap16Init_c32(void); /**< @copydoc Bs3Trap16Init_c16 */
-BS3_DECL(void) Bs3Trap16Init_c64(void); /**< @copydoc Bs3Trap16Init_c16 */
+BS3_DECL(void) Bs3Trap16Init_c16(bool f386Plus);
+BS3_DECL(void) Bs3Trap16Init_c32(bool f386Plus); /**< @copydoc Bs3Trap16Init_c16 */
+BS3_DECL(void) Bs3Trap16Init_c64(bool f386Plus); /**< @copydoc Bs3Trap16Init_c16 */
 #define Bs3Trap16Init BS3_CMN_NM(Bs3Trap16Init) /**< Selects #Bs3Trap16Init_c16, #Bs3Trap16Init_c32 or #Bs3Trap16Init_c64. */