Changeset 60291 in vbox for trunk/src/VBox/ValidationKit/bootsectors

Timestamp:

Apr 1, 2016 8:51:29 PM (9 years ago)

Author:

vboxsync

Message:

bs3kit: A bunch of changes to be able to test the effects of a GDT page being read-only or not-present.

• Extended the GDT so we get a whole page to play paging tricks with.
• Added syscall for restoring a context from ring-0 so we can safely get out of bogus test context that aren't in ring-0 (non-standard CS value causing trouble here). Implemented the string print syscall since the restore syscall forced me to sort out pointers.
• Changed most string printers to do more than one char at a time (usually a line) to save context switches (screen priting is done via INT 10h in real mode).
• Test the CS access bit handling during INT XXh.

Location:

trunk/src/VBox/ValidationKit/bootsectors

Files:

• Config.kmk (modified) (1 diff)
• bs3-cpu-basic-2-c.c (modified) (1 diff)
• bs3-cpu-basic-2-template.c (modified) (7 diffs)
• bs3kit/Makefile.kmk (modified) (2 diffs)
• bs3kit/bs3-cmn-PrintStr.c (modified) (2 diffs)
• bs3kit/bs3-cmn-PrintStrN.asm (added)
• bs3kit/bs3-cmn-Printf.c (modified) (4 diffs)
• bs3kit/bs3-cmn-RegCtxConvertToRingX.c (modified) (3 diffs)
• bs3kit/bs3-cmn-RegCtxRestore.asm (modified) (3 diffs)
• bs3kit/bs3-cmn-TestPrintf.c (modified) (6 diffs)
• bs3kit/bs3-cmn-TrapDefaultHandler.c (modified) (2 diffs)
• bs3kit/bs3-cmn-TrapSetJmpAndRestore.c (modified) (1 diff)
• bs3kit/bs3-mode-PagingGetRootForLM64.asm (modified) (2 diffs)
• bs3kit/bs3-mode-PagingGetRootForPP32.asm (modified) (2 diffs)
• bs3kit/bs3-mode-SwitchToLM16.asm (modified) (1 diff)
• bs3kit/bs3-mode-SwitchToPAE16.asm (modified) (1 diff)
• bs3kit/bs3-mode-SwitchToPE16.asm (modified) (1 diff)
• bs3kit/bs3-mode-SwitchToPP16.asm (modified) (2 diffs)
• bs3kit/bs3-mode-SwitchToRM.asm (modified) (1 diff)
• bs3kit/bs3-mode-TrapSystemCallHandler.asm (modified) (9 diffs)
• bs3kit/bs3-rm-InitMemory.c (modified) (1 diff)
• bs3kit/bs3-system-data.asm (modified) (7 diffs)
• bs3kit/bs3kit.h (modified) (7 diffs)
• bs3kit/bs3kit.mac (modified) (4 diffs)

trunk/src/VBox/ValidationKit/bootsectors/Config.kmk

@@ -515 +515 @@
          segment BS3SYSTEM16 \
          clname FAR_DATA \
-          segment BS3DATA16 segaddr=0x2700 \
+          segment BS3DATA16 segaddr=0x2900 \
           segment BS3DATA16CONST \
           segment BS3DATA16CONST2 \

trunk/src/VBox/ValidationKit/bootsectors/bs3-cpu-basic-2-c.c

@@ -38 +38 @@
 BS3TESTMODE_PROTOTYPES_MODE(bs3CpuBasic2_RaiseXcpt1);
 //BS3TESTMODE_PROTOTYPES_CMN(bs3CpuBasic2_iret);
-//BS3TESTMODE_PROTOTYPES_MODE(bs3CpuBasic2_iret);
+BS3TESTMODE_PROTOTYPES_MODE(bs3CpuBasic2_iret);
 
 

trunk/src/VBox/ValidationKit/bootsectors/bs3-cpu-basic-2-template.c

@@ -207 +207 @@
     unsigned        uLine;
 # if TMPL_BITS != 16
+    int             rc;
     uint8_t        *pbIdtCopyAlloc;
     PX86DESC        pIdtCopy;
     const unsigned  cbIdte = 1 << (3 + cIdteShift);
+    RTCCUINTXREG    uCr0Saved = ASMGetCR0();
+    RTGDTR          GdtrSaved;
 # endif
     RTIDTR          IdtrSaved;
@@ -215 +218 @@
 
     ASMGetIDTR(&IdtrSaved);
+# if TMPL_BITS != 16
+    ASMGetGDTR(&GdtrSaved);
+# endif
 
     /* make sure they're allocated  */
@@ -481 +487 @@
             bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &Ctx80, 0x80 /*bXcpt*/, pszMode, uLine++);
 
-            i = Bs3PagingProtect(uCr2Expected, _4K, 0 /*fSet*/, X86_PTE_P /*fClear*/);
-            if (RT_SUCCESS(i))
+            rc = Bs3PagingProtect(uCr2Expected, _4K, 0 /*fSet*/, X86_PTE_P /*fClear*/);
+            if (RT_SUCCESS(rc))
             {
                 ASMSetIDTR(&Idtr);
@@ -496 +502 @@
                 /* Check if that the entry type is checked after the whole IDTE has been cleared for #PF. */
                 pIdtCopy[0x80 << cIdteShift].Gate.u4Type = 0;
-                i = Bs3PagingProtect(uCr2Expected, _4K, 0 /*fSet*/, X86_PTE_P /*fClear*/);
-                if (RT_SUCCESS(i))
+                rc = Bs3PagingProtect(uCr2Expected, _4K, 0 /*fSet*/, X86_PTE_P /*fClear*/);
+                if (RT_SUCCESS(rc))
                 {
                     ASMSetIDTR(&Idtr);
@@ -527 +533 @@
         bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &Ctx81, 0x81 /*bXcpt*/, pszMode, uLine++);
 
-        i = Bs3PagingProtect(Idtr.pIdt, _4K, 0 /*fSet*/, X86_PTE_RW | X86_PTE_US /*fClear*/);
-        if (RT_SUCCESS(i))
+        rc = Bs3PagingProtect(Idtr.pIdt, _4K, 0 /*fSet*/, X86_PTE_RW | X86_PTE_US /*fClear*/);
+        if (RT_SUCCESS(rc))
         {
             ASMSetIDTR(&Idtr);
@@ -537 +543 @@
         }
         ASMSetIDTR(&IdtrSaved);
+    }
+
+    /*
+     * Check that CS.u1Accessed is set to 1. Use the test page selector #0 and #3 together
+     * with interrupt gates 80h and 83h, respectively.
+     */
+    uLine = 5400;
+    if (BS3_MODE_IS_PAGED(bMode) && pbIdtCopyAlloc)
+    {
+        BS3_DATA_NM(Bs3GdteTestPage00) = BS3_DATA_NM(Bs3Gdt)[uSysR0Cs >> X86_SEL_SHIFT];
+        BS3_DATA_NM(Bs3GdteTestPage00).Gen.u4Type &= ~X86_SEL_TYPE_ACCESSED;
+        paIdt[0x80 << cIdteShift].Gate.u16Sel   = BS3_SEL_TEST_PAGE_00;
+
+        BS3_DATA_NM(Bs3GdteTestPage03) = BS3_DATA_NM(Bs3Gdt)[(uSysR0Cs + (3 << BS3_SEL_RING_SHIFT)) >> X86_SEL_SHIFT];
+        BS3_DATA_NM(Bs3GdteTestPage03).Gen.u4Type &= ~X86_SEL_TYPE_ACCESSED;
+        paIdt[0x83 << cIdteShift].Gate.u16Sel   = BS3_SEL_TEST_PAGE_03; /* rpl is ignored, so leave it as zero. */
+
+        /* Check that the CS.A bit is being set on a general basis and that
+           the special CS values work with out generic handler code. */
+        Bs3TrapSetJmpAndRestore(&Ctx80, &TrapCtx);
+        bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &Ctx80, 0x80 /*bXcpt*/, pszMode, uLine);
+        if (!(BS3_DATA_NM(Bs3GdteTestPage00).Gen.u4Type & X86_SEL_TYPE_ACCESSED))
+            Bs3TestFailedF("%u - %s: u4Type=%#x, not accessed\n", uLine, pszMode, BS3_DATA_NM(Bs3GdteTestPage00).Gen.u4Type);
+        uLine++;
+
+        Bs3MemCpy(&CtxTmp, &Ctx83, sizeof(CtxTmp));
+        Bs3RegCtxConvertToRingX(&CtxTmp, 3);
+        Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
+        bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &CtxTmp, 0x83 /*bXcpt*/, pszMode, uLine);
+        if (!(BS3_DATA_NM(Bs3GdteTestPage03).Gen.u4Type & X86_SEL_TYPE_ACCESSED))
+            Bs3TestFailedF("%u - %s: u4Type=%#x, not accessed!\n", uLine, pszMode, BS3_DATA_NM(Bs3GdteTestPage00).Gen.u4Type);
+        uLine++;
+
+        /*
+         * Now check that setting CS.u1Access to 1 does __NOT__ trigger a page
+         * fault due to the RW bit being zero.
+         * (We check both with with and without the WP bit if 80486.)
+         */
+        if ((BS3_DATA_NM(g_uBs3CpuDetected) & BS3CPU_TYPE_MASK) >= BS3CPU_80486)
+            ASMSetCR0(uCr0Saved | X86_CR0_WP);
+
+        BS3_DATA_NM(Bs3GdteTestPage00).Gen.u4Type &= ~X86_SEL_TYPE_ACCESSED;
+        BS3_DATA_NM(Bs3GdteTestPage03).Gen.u4Type &= ~X86_SEL_TYPE_ACCESSED;
+        rc = Bs3PagingProtect(GdtrSaved.pGdt + BS3_SEL_TEST_PAGE_00, 8, 0 /*fSet*/, X86_PTE_RW /*fClear*/);
+        if (RT_SUCCESS(rc))
+        {
+            /* ring-0 handler */
+            Bs3TrapSetJmpAndRestore(&Ctx80, &TrapCtx);
+            bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &Ctx80, 0x80 /*bXcpt*/, pszMode, uLine);
+            if (!(BS3_DATA_NM(Bs3GdteTestPage00).Gen.u4Type & X86_SEL_TYPE_ACCESSED))
+                Bs3TestFailedF("%u - %s: u4Type=%#x, not accessed!\n", uLine, pszMode, BS3_DATA_NM(Bs3GdteTestPage00).Gen.u4Type);
+            uLine++;
+
+            /* ring-3 handler */
+            Bs3MemCpy(&CtxTmp, &Ctx83, sizeof(CtxTmp));
+            Bs3RegCtxConvertToRingX(&CtxTmp, 3);
+            Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
+            bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &CtxTmp, 0x83 /*bXcpt*/, pszMode, uLine);
+            if (!(BS3_DATA_NM(Bs3GdteTestPage03).Gen.u4Type & X86_SEL_TYPE_ACCESSED))
+                Bs3TestFailedF("%u - %s: u4Type=%#x, not accessed!\n", uLine, pszMode, BS3_DATA_NM(Bs3GdteTestPage00).Gen.u4Type);
+            uLine++;
+
+            /* clear WP and repeat the above. */
+            if ((BS3_DATA_NM(g_uBs3CpuDetected) & BS3CPU_TYPE_MASK) >= BS3CPU_80486)
+                ASMSetCR0(uCr0Saved & ~X86_CR0_WP);
+            BS3_DATA_NM(Bs3GdteTestPage00).Gen.u4Type &= ~X86_SEL_TYPE_ACCESSED; /* (No need to RW the page - ring-0, WP=0.) */
+            BS3_DATA_NM(Bs3GdteTestPage03).Gen.u4Type &= ~X86_SEL_TYPE_ACCESSED; /* (No need to RW the page - ring-0, WP=0.) */
+
+            Bs3TrapSetJmpAndRestore(&Ctx80, &TrapCtx);
+            bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &Ctx80, 0x80 /*bXcpt*/, pszMode, uLine);
+            if (!(BS3_DATA_NM(Bs3GdteTestPage00).Gen.u4Type & X86_SEL_TYPE_ACCESSED))
+                Bs3TestFailedF("%u - %s: u4Type=%#x, not accessed!\n", uLine, pszMode, BS3_DATA_NM(Bs3GdteTestPage00).Gen.u4Type);
+            uLine++;
+
+            Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
+            bs3CpuBasic2_CompareIntCtx1(&TrapCtx, &CtxTmp, 0x83 /*bXcpt*/, pszMode, uLine);
+            if (!(BS3_DATA_NM(Bs3GdteTestPage03).Gen.u4Type & X86_SEL_TYPE_ACCESSED))
+                Bs3TestFailedF("%u - %s: u4Type=%#x, not accessed!\n", uLine, pszMode, BS3_DATA_NM(Bs3GdteTestPage03).Gen.u4Type);
+            uLine++;
+
+            Bs3PagingProtect(GdtrSaved.pGdt + BS3_SEL_TEST_PAGE_00, 8, X86_PTE_RW /*fSet*/, 0 /*fClear*/);
+        }
+
+        ASMSetCR0(uCr0Saved);
+
+        /*
+         * While we're here, check that if the CS GDT entry is a non-present
+         * page we do get a #PF with the rigth error code and CR2.
+         */
+        BS3_DATA_NM(Bs3GdteTestPage00).Gen.u4Type &= ~X86_SEL_TYPE_ACCESSED; /* Just for fun, really a pointless gesture. */
+        BS3_DATA_NM(Bs3GdteTestPage03).Gen.u4Type &= ~X86_SEL_TYPE_ACCESSED;
+        rc = Bs3PagingProtect(GdtrSaved.pGdt + BS3_SEL_TEST_PAGE_00, 8, 0 /*fSet*/, X86_PTE_P /*fClear*/);
+        if (RT_SUCCESS(rc))
+        {
+            Bs3TrapSetJmpAndRestore(&Ctx80, &TrapCtx);
+            bs3CpuBasic2_ComparePfCtx(&TrapCtx, &Ctx80, 0 /*uErrCd*/, GdtrSaved.pGdt + BS3_SEL_TEST_PAGE_00,
+                                      f16BitSys, pszMode, uLine);
+            uLine++;
+
+            /* Do it from ring-3 to check ErrCd, which doesn't set X86_TRAP_PF_US it turns out. */
+            Bs3MemCpy(&CtxTmp, &Ctx83, sizeof(CtxTmp));
+            Bs3RegCtxConvertToRingX(&CtxTmp, 3);
+            Bs3TrapSetJmpAndRestore(&CtxTmp, &TrapCtx);
+
+            bs3CpuBasic2_ComparePfCtx(&TrapCtx, &CtxTmp, 0 /*uErrCd*/, GdtrSaved.pGdt + BS3_SEL_TEST_PAGE_03,
+                                      f16BitSys, pszMode, uLine);
+            uLine++;
+
+            Bs3PagingProtect(GdtrSaved.pGdt + BS3_SEL_TEST_PAGE_00, 8, X86_PTE_P /*fSet*/, 0 /*fClear*/);
+            if (BS3_DATA_NM(Bs3GdteTestPage00).Gen.u4Type & X86_SEL_TYPE_ACCESSED)
+                Bs3TestFailedF("%u - %s: u4Type=%#x, accessed!\n", uLine - 2, pszMode, BS3_DATA_NM(Bs3GdteTestPage00).Gen.u4Type);
+            if (BS3_DATA_NM(Bs3GdteTestPage03).Gen.u4Type & X86_SEL_TYPE_ACCESSED)
+                Bs3TestFailedF("%u - %s: u4Type=%#x, accessed!\n", uLine - 1, pszMode, BS3_DATA_NM(Bs3GdteTestPage03).Gen.u4Type);
+        }
+
+        /* restore */
+        paIdt[0x80 << cIdteShift].Gate.u16Sel = uSysR0Cs;
+        paIdt[0x83 << cIdteShift].Gate.u16Sel = uSysR0Cs + (3 << BS3_SEL_RING_SHIFT) + 3;
     }
 
@@ -614 +738 @@
      *  - Run \#PF and \#GP (and others?) at CPLs other than zero.
      *  - Quickly generate all faults.
-     *  - Check that CS.u1Accessed is set to 1.
-     *  - Check that setting CS.u1Access to 1 triggers page fault.
      *  - Check CS.u1Access = 1 \#PF against \#NP(CS), CS.u2DPL, \#NP(SS),
      *    SS.u2DPL, and SS.u1Access=1 \#PF.

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/Makefile.kmk

@@ -64 +64 @@
         bs3-cmn-PrintX32.asm \
         bs3-cmn-PrintStr.c \
+        bs3-cmn-PrintStrN.asm \
        bs3-cmn-PrintStrColonSpaces.asm \
        bs3-cmn-PrintStrSpacesColonSpace.c \
@@ -197 +198 @@
        ../../../Runtime/common/asm/ASMGetIDTR.asm \
        ../../../Runtime/common/asm/ASMSetIDTR.asm \
+       ../../../Runtime/common/asm/ASMGetGDTR.asm \
+       ../../../Runtime/common/asm/ASMSetGDTR.asm \
 
 

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-cmn-PrintStr.c

@@ -5 +5 @@
 
 /*
- * Copyright (C) 2007-2015 Oracle Corporation
+ * Copyright (C) 2007-2016 Oracle Corporation
  *
  * This file is part of VirtualBox Open Source Edition (OSE), as
@@ -27 +27 @@
 #include "bs3kit-template-header.h"
 
-#undef Bs3PrintStr
-BS3_DECL(void) BS3_CMN_NM(Bs3PrintStr)(const char BS3_FAR *pszString)
+BS3_DECL(void) Bs3PrintStr(const char BS3_FAR *pszString)
 {
-    char ch;
-    while ((ch = *pszString++) != '\0')
-        Bs3PrintChr(ch);
+    Bs3PrintStrN(pszString, Bs3StrLen(pszString));
 }
 

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-cmn-Printf.c

@@ -5 +5 @@
 
 /*
- * Copyright (C) 2007-2015 Oracle Corporation
+ * Copyright (C) 2007-2016 Oracle Corporation
  *
  * This file is part of VirtualBox Open Source Edition (OSE), as
@@ -25 +25 @@
  */
 
+
+/*********************************************************************************************************************************
+*   Header Files                                                                                                                 *
+*********************************************************************************************************************************/
 #include "bs3kit-template-header.h"
 #include <iprt/ctype.h>
 
 
+/*********************************************************************************************************************************
+*   Structures and Typedefs                                                                                                      *
+*********************************************************************************************************************************/
+/** Output buffering for Bs3TestPrintfV. */
+typedef struct BS3PRINTBUF
+{
+    uint8_t cchBuf;
+    char    achBuf[79];
+} BS3PRINTBUF;
+
+
 static BS3_DECL_CALLBACK(size_t) bs3PrintFmtOutput(char ch, void BS3_FAR *pvUser)
 {
+    BS3PRINTBUF BS3_FAR *pBuf = (BS3PRINTBUF BS3_FAR *)pvUser;
     if (ch != '\0')
     {
-        if (ch == '\n')
-            Bs3PrintChr('\r');
-        Bs3PrintChr(ch);
-        return 1;
+        BS3_ASSERT(pBuf->cchBuf < RT_ELEMENTS(pBuf->achBuf));
+        pBuf->achBuf[pBuf->cchBuf++] = ch;
+
+        /* Whether to flush the buffer.  We do line flushing here to avoid
+           dropping too much info when the formatter crashes on bad input. */
+        if (   pBuf->cchBuf < RT_ELEMENTS(pBuf->achBuf)
+            && ch != '\n')
+            return 1;
     }
-    NOREF(pvUser);
-    return 0;
+    Bs3PrintStrN(&pBuf->achBuf[0], pBuf->cchBuf);
+    pBuf->cchBuf = 0;
+    return ch != '\0';
 }
 
@@ -45 +66 @@
 BS3_DECL(size_t) Bs3PrintfV(const char BS3_FAR *pszFormat, va_list va)
 {
-    return Bs3StrFormatV(pszFormat, va, bs3PrintFmtOutput, NULL);
+    BS3PRINTBUF Buf;
+    Buf.cchBuf = 0;
+    return Bs3StrFormatV(pszFormat, va, bs3PrintFmtOutput, &Buf);
 }
 
@@ -54 +77 @@
     va_list va;
     va_start(va, pszFormat);
-    cchRet = Bs3StrFormatV(pszFormat, va, bs3PrintFmtOutput, NULL);
+    cchRet = Bs3PrintfV(pszFormat, va);
     va_end(va);
     return cchRet;

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-cmn-RegCtxConvertToRingX.c

@@ -73 +73 @@
  * @param   uSeg            The current selector value.
  * @param   bRing           The target ring.
+ * @param   iReg            Register index.
  */
-static uint16_t bs3RegCtxConvertProtSelToRingX(uint16_t uSel, uint8_t bRing)
+static uint16_t bs3RegCtxConvertProtSelToRingX(uint16_t uSel, uint8_t bRing, uint8_t iReg)
 {
     if (   uSel > X86_SEL_RPL
         && !(uSel & X86_SEL_LDT) )
     {
-        if (uSel >= BS3_SEL_R0_FIRST)
+        if (uSel >= BS3_SEL_R0_FIRST && uSel < BS3_SEL_R0_FIRST + (5 << BS3_SEL_RING_SHIFT))
         {
             /* Convert BS3_SEL_R*_XXX to the target ring. */
@@ -95 +96 @@
             else if (uSelRaw == BS3_SEL_DATA16)
                 uSel = (BS3_SEL_R0_DS16 | bRing) + ((uint16_t)bRing << BS3_SEL_RING_SHIFT);
+            /* CS and SS must have CPL == DPL.  So, convert to standard selectors as we're
+               usually here because Bs3SwitchToRing0 was called to get out of a test situation. */
+            else if (iReg == X86_SREG_CS || iReg == X86_SREG_SS)
+            {
+                if (   BS3_DATA_NM(Bs3Gdt)[uSel >> X86_SEL_SHIFT].Gen.u1Long
+                    && BS3_MODE_IS_64BIT_SYS(BS3_DATA_NM(g_bBs3CurrentMode)) )
+                    uSel = iReg == X86_SREG_CS ? BS3_SEL_R0_CS64 : BS3_SEL_R0_DS64;
+                else
+                {
+                    uint32_t uFlat   = Bs3SelFar32ToFlat32(0, uSel);
+                    bool     fDefBig = BS3_DATA_NM(Bs3Gdt)[uSel >> X86_SEL_SHIFT].Gen.u1DefBig;
+                    if (!fDefBig && uFlat == BS3_ADDR_BS3TEXT16 && iReg == X86_SREG_CS)
+                        uSel = BS3_SEL_R0_CS16;
+                    else if (!fDefBig && uFlat == 0 && iReg == X86_SREG_SS)
+                        uSel = BS3_SEL_R0_SS16;
+                    else if (fDefBig && uFlat == 0)
+                        uSel = iReg == X86_SREG_CS ? BS3_SEL_R0_CS32 : BS3_SEL_R0_SS32;
+                    else
+                    {
+                        Bs3Printf("uSel=%#x iReg=%d\n", uSel, iReg);
+                        BS3_ASSERT(0);
+                        return uSel;
+                    }
+                    uSel |= bRing;
+                    uSel += (uint16_t)bRing << BS3_SEL_RING_SHIFT;
+                }
+            }
             /* Adjust the RPL on tiled and MMIO selectors. */
             else if (   uSelRaw == BS3_SEL_VMMDEV_MMIO16
@@ -128 +156 @@
     else
     {
-        pRegCtx->cs = bs3RegCtxConvertProtSelToRingX(pRegCtx->cs, bRing);
-        pRegCtx->ss = bs3RegCtxConvertProtSelToRingX(pRegCtx->ss, bRing);
-        pRegCtx->ds = bs3RegCtxConvertProtSelToRingX(pRegCtx->ds, bRing);
-        pRegCtx->es = bs3RegCtxConvertProtSelToRingX(pRegCtx->es, bRing);
-        pRegCtx->fs = bs3RegCtxConvertProtSelToRingX(pRegCtx->fs, bRing);
-        pRegCtx->gs = bs3RegCtxConvertProtSelToRingX(pRegCtx->gs, bRing);
+        pRegCtx->cs = bs3RegCtxConvertProtSelToRingX(pRegCtx->cs, bRing, X86_SREG_CS);
+        pRegCtx->ss = bs3RegCtxConvertProtSelToRingX(pRegCtx->ss, bRing, X86_SREG_SS);
+        pRegCtx->ds = bs3RegCtxConvertProtSelToRingX(pRegCtx->ds, bRing, X86_SREG_DS);
+        pRegCtx->es = bs3RegCtxConvertProtSelToRingX(pRegCtx->es, bRing, X86_SREG_ES);
+        pRegCtx->fs = bs3RegCtxConvertProtSelToRingX(pRegCtx->fs, bRing, X86_SREG_FS);
+        pRegCtx->gs = bs3RegCtxConvertProtSelToRingX(pRegCtx->gs, bRing, X86_SREG_GS);
     }
     pRegCtx->bCpl = bRing;

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-cmn-RegCtxRestore.asm

@@ -34 +34 @@
 %endif
 TMPL_BEGIN_TEXT
-BS3_EXTERN_CMN Bs3SwitchToRing0
+BS3_EXTERN_CMN Bs3Syscall
 TMPL_BEGIN_TEXT
 
@@ -58 +58 @@
 BS3_PROC_BEGIN_CMN Bs3RegCtxRestore
         BS3_CALL_CONV_PROLOG 2
-
-        ;
-        ; Make sure we're in ring-0 when we do this job.
+        push    xBP
+        mov     xBP, xSP
+
+        ;
+        ; If we're not in ring-0, ask the kernel to restore it for us (quicker
+        ; and less problematic if we're in a funny context right now with weird
+        ; CS or SS values).
         ;
         mov     ax, ss
         test    al, 3
         jz      .in_ring0
-        call    Bs3SwitchToRing0
+%if TMPL_BITS == 16
+        mov     si, [bp + 4]
+        mov     cx, [bp + 4+2]
+        mov     dx, [bp + 8]
+        mov     ax, BS3_SYSCALL_RESTORE_CTX
+%else
+        mov     cx, ds
+        mov     xSI, [xBP + xCB*2]
+        movzx   edx, word [xBP + xCB*3]
+        mov     eax, BS3_SYSCALL_RESTORE_CTX
+%endif
+        call    Bs3Syscall
 .in_ring0:
 
@@ -72 +87 @@
         ; g_uBs3CpuDetected), DS:xBX with pRegCtx and fFlags into xCX.
         ;
-        push    xBP
-        mov     xBP, xSP
 %if TMPL_BITS == 16
         mov     ax, BS3DATA16

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-cmn-TestPrintf.c

@@ -35 +35 @@
 
 
+/*********************************************************************************************************************************
+*   Structures and Typedefs                                                                                                      *
+*********************************************************************************************************************************/
+/** Output buffering for Bs3TestPrintfV. */
+typedef struct BS3TESTPRINTBUF
+{
+    bool    fNewCmd;
+    uint8_t cchBuf;
+    char    achBuf[78];
+} BS3TESTPRINTBUF;
+
+
 /**
  * @impl_callback_method{FNBS3STRFORMATOUTPUT, Prints to screen and VMMDev}
@@ -40 +52 @@
 static BS3_DECL_CALLBACK(size_t) bs3TestPrintfStrOutput(char ch, void BS3_FAR *pvUser)
 {
+    BS3TESTPRINTBUF BS3_FAR *pBuf = (BS3TESTPRINTBUF BS3_FAR *)pvUser;
+
     /*
      * VMMDev first.  We do line by line processing to avoid running out of
@@ -46 +60 @@
     if (BS3_DATA_NM(g_fbBs3VMMDevTesting))
     {
-        bool *pfNewCmd = (bool *)pvUser;
-        if (ch != '\n' && !*pfNewCmd)
+        if (ch != '\n' && !pBuf->fNewCmd)
             ASMOutU8(VMMDEV_TESTING_IOPORT_DATA, ch);
         else if (ch != '\0')
         {
-            if (*pfNewCmd)
+            if (pBuf->fNewCmd)
             {
                 ASMOutU32(VMMDEV_TESTING_IOPORT_CMD, VMMDEV_TESTING_CMD_PRINT);
-                *pfNewCmd = false;
+                pBuf->fNewCmd = false;
             }
             ASMOutU8(VMMDEV_TESTING_IOPORT_DATA, ch);
@@ -60 +73 @@
             {
                 ASMOutU8(VMMDEV_TESTING_IOPORT_DATA, '\0');
-                *pfNewCmd = true;
+                pBuf->fNewCmd = true;
             }
         }
@@ -69 +82 @@
      */
     if (ch != '\0')
-        Bs3PrintChr(ch);
-    return 1;
+    {
+        BS3_ASSERT(pBuf->cchBuf < RT_ELEMENTS(pBuf->achBuf));
+        pBuf->achBuf[pBuf->cchBuf++] = ch;
+
+        /* Whether to flush the buffer.  We do line flushing here to avoid
+           dropping too much info when the formatter crashes on bad input. */
+        if (   pBuf->cchBuf < RT_ELEMENTS(pBuf->achBuf)
+            && ch != '\n')
+            return 1;
+    }
+    BS3_ASSERT(pBuf->cchBuf <= RT_ELEMENTS(pBuf->achBuf));
+    Bs3PrintStrN(&pBuf->achBuf[0], pBuf->cchBuf);
+    pBuf->cchBuf = 0;
+    return ch != '\0';
 }
 
@@ -77 +102 @@
 BS3_DECL(void) Bs3TestPrintfV(const char BS3_FAR *pszFormat, va_list va)
 {
-    bool fNewCmd = true;
-    Bs3StrFormatV(pszFormat, va, bs3TestPrintfStrOutput, &fNewCmd);
+    BS3TESTPRINTBUF Buf;
+    Buf.fNewCmd = true;
+    Buf.cchBuf  = 0;
+    Bs3StrFormatV(pszFormat, va, bs3TestPrintfStrOutput, &Buf);
 }
 

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-cmn-TrapDefaultHandler.c

@@ -47 +47 @@
     if (pTrapFrame->Ctx.rax.u16 == BS3_SYSCALL_PRINT_CHR)
         Bs3PrintChr(pTrapFrame->Ctx.rcx.u8);
+    else if (pTrapFrame->Ctx.rax.u16 == BS3_SYSCALL_PRINT_STR)
+        Bs3PrintStrN(Bs3XptrFlatToCurrent((pTrapFrame->Ctx.rcx.u16 << 4) + pTrapFrame->Ctx.rsi.u16), pTrapFrame->Ctx.rdx.u16);
+    else if (pTrapFrame->Ctx.rax.u16 == BS3_SYSCALL_RESTORE_CTX)
+        Bs3RegCtxRestore(Bs3XptrFlatToCurrent((pTrapFrame->Ctx.rcx.u16 << 4) + pTrapFrame->Ctx.rsi.u16), pTrapFrame->Ctx.rdx.u16);
     else if (   pTrapFrame->Ctx.rax.u16 == BS3_SYSCALL_TO_RING0
              || pTrapFrame->Ctx.rax.u16 == BS3_SYSCALL_TO_RING1
@@ -180 +184 @@
         //Bs3Printf("Calling longjmp: pSetJmpFrame=%p (%#lx)\n", pSetJmpFrame, g_pBs3TrapSetJmpFrame);
         g_pBs3TrapSetJmpFrame = 0;
-
         Bs3MemCpy(pSetJmpFrame, pTrapFrame, sizeof(*pSetJmpFrame));
         //Bs3RegCtxPrint(&g_Bs3TrapSetJmpCtx);

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-cmn-TrapSetJmpAndRestore.c

@@ -34 +34 @@
 {
     if (Bs3TrapSetJmp(pTrapFrame))
+    {
+#if TMPL_BITS == 32
+        BS3_DATA_NM(g_uBs3TrapEipHint) = pCtxRestore->rip.u32;
+#endif
         Bs3RegCtxRestore(pCtxRestore, 0);
+    }
 }
 

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-mode-PagingGetRootForLM64.asm

@@ -55 +55 @@
         cmp     eax, 0ffffffffh
         je      .init_root
+%ifdef BS3_STRICT
+.return:
+        cmp     eax, 1000h
+        jnb     .cr3_ok_low
+        hlt
+.cr3_ok_low:
+        cmp     eax, 16*_1M
+        jb     .cr3_ok_high
+        hlt
+.cr3_ok_high:
+%endif
         ret
 
@@ -112 +123 @@
         BS3_ONLY_16BIT_STMT pop     es
         leave
+%ifdef BS3_STRICT
+        jmp     .return
+%else
         ret
+%endif
 BS3_PROC_END_MODE   Bs3PagingGetRootForLM64
 

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-mode-PagingGetRootForPP32.asm

@@ -55 +55 @@
         cmp     eax, 0ffffffffh
         je      .init_root
+%ifdef BS3_STRICT
+.return:
+        cmp     eax, 1000h
+        jnb     .cr3_ok_low
+        hlt
+.cr3_ok_low:
+        cmp     eax, 16*_1M
+        jb     .cr3_ok_high
+        hlt
+.cr3_ok_high:
+%endif
         ret
 
@@ -113 +124 @@
         BS3_ONLY_16BIT_STMT pop     es
         leave
+%ifdef BS3_STRICT
+        jmp     .return
+%else
         ret
+%endif
 BS3_PROC_END_MODE   Bs3PagingGetRootForPP32
 

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-mode-SwitchToLM16.asm

@@ -43 +43 @@
 BS3_PROC_BEGIN_MODE Bs3SwitchToLM16
 %ifdef TMPL_LM16
+        extern  BS3_CMN_NM(Bs3SwitchToRing0)
+        call    BS3_CMN_NM(Bs3SwitchToRing0)
+        push    ax
+        mov     ax, BS3_SEL_R0_DS16
+        mov     ds, ax
+        mov     es, ax
+        pop     ax
         ret
 

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-mode-SwitchToPAE16.asm

@@ -49 +49 @@
 BS3_PROC_BEGIN_MODE Bs3SwitchToPAE16
 %ifdef TMPL_PAE16
+        extern  BS3_CMN_NM(Bs3SwitchToRing0)
+        call    BS3_CMN_NM(Bs3SwitchToRing0)
+        push    ax
+        mov     ax, BS3_SEL_R0_DS16
+        mov     ds, ax
+        mov     es, ax
+        pop     ax
         ret
 

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-mode-SwitchToPE16.asm

@@ -42 +42 @@
 BS3_PROC_BEGIN_MODE Bs3SwitchToPE16
 %ifdef TMPL_PE16
+        extern  BS3_CMN_NM(Bs3SwitchToRing0)
+        call    BS3_CMN_NM(Bs3SwitchToRing0)
+        push    ax
+        mov     ax, BS3_SEL_R0_DS16
+        mov     ds, ax
+        mov     es, ax
+        pop     ax
         ret
 

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-mode-SwitchToPP16.asm

@@ -49 +49 @@
 BS3_PROC_BEGIN_MODE Bs3SwitchToPP16
 %ifdef TMPL_PP16
+        extern  BS3_CMN_NM(Bs3SwitchToRing0)
+        call    BS3_CMN_NM(Bs3SwitchToRing0)
+        push    ax
+        mov     ax, BS3_SEL_R0_DS16
+        mov     ds, ax
+        mov     es, ax
+        pop     ax
         ret
 
@@ -97 +104 @@
         push    ecx
         pushfd
+%ifdef BS3_STRICT
+        mov     ax, ds
+        cmp     ax, BS3_ADDR_BS3DATA16 >> 4
+        je      .real_mode_ds_ok
+        hlt
+.real_mode_ds_ok:
+%endif
 
         ;

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-mode-SwitchToRM.asm

@@ -53 +53 @@
 BS3_PROC_BEGIN_MODE Bs3SwitchToRM
 %ifdef TMPL_RM
+        push    ax
+        mov     ax, BS3_SEL_DATA16
+        mov     ds, ax
+        mov     es, ax
+        pop     ax
         ret
 

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-mode-TrapSystemCallHandler.asm

@@ -41 +41 @@
 TMPL_BEGIN_TEXT
 
-%if TMPL_BITS == 32
 BS3_EXTERN_CMN Bs3SelProtFar32ToFlat32
-%endif
 BS3_EXTERN_CMN Bs3RegCtxConvertToRingX
 BS3_EXTERN_CMN Bs3RegCtxRestore
 BS3_EXTERN_CMN Bs3Panic
+
+BS3_BEGIN_TEXT16
+extern Bs3PrintStrN_c16_CX_Bytes_At_DS_SI
 TMPL_BEGIN_TEXT
 
@@ -73 +74 @@
  %define VAR_CALLER_DS     [xBP         - xCB]
 %endif
-%define VAR_CALLER_BX      [xBP - sCB*1 - xCB]
+%define VAR_CALLER_BX      [xBP - sCB*1 - xCB] ; Note! the upper word is not clean on pre-386 (16-bit mode).
 %define VAR_CALLER_AX      [xBP - sCB*2 - xCB]
 %define VAR_CALLER_CX      [xBP - sCB*3 - xCB]
 %define VAR_CALLER_DX      [xBP - sCB*4 - xCB]
 %define VAR_CALLER_SI      [xBP - sCB*5 - xCB]
+%define VAR_CALLER_SI_HI   [xBP - sCB*5 - xCB + 2]
 %define VAR_CALLER_DI      [xBP - sCB*6 - xCB]
+%define VAR_CALLER_DI_HI   [xBP - sCB*6 - xCB + 2]
 %if TMPL_BITS == 16
  %define VAR_CALLER_EBP    [xBP - sCB*7 - xCB]
@@ -84 +87 @@
  %define VAR_CALLER_EFLAGS [xBP - sCB*9 - xCB]
  %define VAR_CALLER_MODE   [xBP - sCB*9 - xCB*2]
+ %define BP_TOP_STACK_EXPR xBP - sCB*9 - xCB*2
 %else
  %define VAR_CALLER_MODE   [xBP - sCB*6 - xCB*2]
+ %define BP_TOP_STACK_EXPR xBP - sCB*6 - xCB*2
 %endif
         push    xBP
@@ -122 +127 @@
         push    bx                      ; dummy
         push    bx
-        push    ax                      ; dummy
+        xor     bx, bx
+        push    bx                      ; dummy
         push    ax
-        push    cx                      ; dummy
+        push    bx                      ; dummy
         push    cx
-        push    dx                      ; dummy
+        push    bx                      ; dummy
         push    dx
-        push    si                      ; dummy
+        push    bx                      ; dummy
         push    si
-        push    di                      ; dummy
+        push    bx                      ; dummy
         push    di
         sub     sp, 0ch                 ; dummy
@@ -167 +173 @@
         dw      .to_ringX        wrt BS3TEXT16
         dw      .to_ringX        wrt BS3TEXT16
+        dw      .restore_ctx     wrt BS3TEXT16
 %else
         dd      .invalid_syscall wrt FLAT
@@ -175 +182 @@
         dd      .to_ringX        wrt FLAT
         dd      .to_ringX        wrt FLAT
+        dd      .restore_ctx     wrt FLAT
 %endif
 
@@ -238 +246 @@
 
         ;
-        ; Print CX chars from string pointed to by DX:SI in 16-bit and v8086 mode,
-        ; and ESI/RSI in 64-bit and 32-bit mode (flat).
+        ; Prints DX chars from the string pointed to by CX:xSI to the screen.
         ;
         ; We use the vga bios teletype interrupt to do the writing, so we must
-        ; be in some kind of real mode for this to work.  16-bit code segment
-        ; requried for the mode switching code.
+        ; be in some kind of real mode for this to work.  The string must be
+        ; accessible from real mode too.
         ;
 .print_str:
-;;%if TMPL_BITS != 64
-;;        mov     bl, byte VAR_CALLER_MODE
-;;        and     bl, BS3_MODE_CODE_MASK
-;;        cmp     bl, BS3_MODE_CODE_V86
-;;        jne     .print_str_not_v8086
-;;        ;; @todo this gets complicated _fast_. Later.
-;;.print_str_not_v8086:
-;;%endif
-        int3
+%if TMPL_BITS != 64
+        push    es
+%endif
+        ; Convert the incoming pointer to real mode (assuming caller checked
+        ; that real mode can access it).
+        call    .convert_ptr_arg_to_real_mode_ax_si
+        mov     cx, VAR_CALLER_DX
+
+        ; Switch to real mode (no 20h scratch required)
+%ifndef TMPL_CMN_R86
+ %if TMPL_BITS != 16
+        jmp     .print_str_to_16bit
+BS3_BEGIN_TEXT16
+.print_str_to_16bit:
+        BS3_SET_BITS TMPL_BITS
+ %endif
+        extern  TMPL_NM(Bs3SwitchToRM)
+        call    TMPL_NM(Bs3SwitchToRM)
+        BS3_SET_BITS 16
+%endif
+        ; Call code in Bs3PrintStrN to do the work.
+        mov     ds, ax
+        call    Bs3PrintStrN_c16_CX_Bytes_At_DS_SI
+
+        ; Switch back (20h param scratch area not required).
+%ifndef TMPL_CMN_R86
+        extern  RT_CONCAT3(_Bs3SwitchTo,TMPL_MODE_UNAME,_rm)
+        call    RT_CONCAT3(_Bs3SwitchTo,TMPL_MODE_UNAME,_rm)
+ %if TMPL_BITS != 16
+        BS3_SET_BITS TMPL_BITS
+        jmp     .print_str_end
+TMPL_BEGIN_TEXT
+ %endif
+.print_str_end:
+%endif
+%if TMPL_BITS != 64
+        pop     es
+%endif
         jmp     .return
 
@@ -298 +334 @@
         jmp     Bs3Panic
 
+
+        ;
+        ; Restore context pointed to by cx:xSI.
+        ;
+.restore_ctx:
+        call    .convert_ptr_arg_to_cx_xSI
+        BS3_ONLY_64BIT_STMT sub     rsp, 10h
+        mov     xDX, VAR_CALLER_DX
+        push    xDX
+        BS3_ONLY_16BIT_STMT push    cx
+        push    xSI
+        BS3_CALL Bs3RegCtxRestore, 2
+        jmp     Bs3Panic
 
         ;
@@ -696 +745 @@
 
 
+        ;
+        ; Internal function for converting a syscall pointer parameter (cx:xSI)
+        ; to a pointer we can use here in this context.
+        ;
+        ; Returns the result in cx:xSI.
+        ; @uses xAX, xCX, xDX
+        ;
+.convert_ptr_arg_to_cx_xSI:
+        call    .convert_ptr_arg_to_flat
+%if TMPL_BITS == 16
+        ; Convert to tiled address.
+        mov     si, ax                  ; offset.
+        shl     dx, X86_SEL_SHIFT
+        add     dx, BS3_SEL_TILED
+        mov     cx, dx
+%else
+        ; Just supply a flat selector.
+        mov     xSI, xAX
+        mov     cx, ds
+%endif
+        ret
+
+        ;
+        ; Internal function for converting a syscall pointer parameter (caller CX:xSI)
+        ; to a real mode pointer.
+        ;
+        ; Returns the result in AX:SI.
+        ; @uses xAX, xCX, xDX
+        ;
+.convert_ptr_arg_to_real_mode_ax_si:
+        call    .convert_ptr_arg_to_flat
+        mov     si, ax
+%if TMPL_BITS == 16
+        mov     ax, dx
+%else
+        shr     eax, 16
+%endif
+        shl     ax, 12
+        ret
+
+        ;
+        ; Internal function for the above that wraps the Bs3SelProtFar32ToFlat32 call.
+        ;
+        ; @returns  eax (32-bit, 64-bit), dx+ax (16-bit).
+        ; @uses     eax, ecx, edx
+        ;
+.convert_ptr_arg_to_flat:
+%if TMPL_BITS == 16
+        ; Convert to (32-bit) flat address first.
+        test    byte VAR_CALLER_MODE, BS3_MODE_CODE_V86
+        jz      .convert_ptr_arg_to_flat_prot_16
+
+        mov     ax, VAR_CALLER_CX
+        mov     dx, ax
+        shl     ax, 4
+        shr     dx, 12
+        add     ax, VAR_CALLER_SI
+        adc     dx, 0
+        ret
+
+.convert_ptr_arg_to_flat_prot_16:
+        push    es
+        push    bx
+        push    word VAR_CALLER_CX      ; selector
+        xor     ax, ax
+        test    byte VAR_CALLER_MODE, BS3_MODE_CODE_16
+        jnz     .caller_is_16_bit
+        mov     ax, VAR_CALLER_SI_HI
+.caller_is_16_bit:
+        push    ax                      ; offset high
+        push    word VAR_CALLER_SI      ; offset low
+        call    Bs3SelProtFar32ToFlat32
+        add     sp, 2*3
+        pop     bx
+        pop     es
+        ret
+
+%else ; 32 or 64 bit
+        test    byte VAR_CALLER_MODE, BS3_MODE_CODE_V86
+        jz      .convert_ptr_arg_to_cx_xSI_prot
+
+        ; Convert real mode address to flat address and return it.
+        movzx   eax, word VAR_CALLER_CX
+        shl     eax, 4
+        movzx   edx, word VAR_CALLER_SI
+        add     eax, edx
+        ret
+
+        ; Convert to (32-bit) flat address.
+.convert_ptr_arg_to_cx_xSI_prot:
+ %if TMPL_BITS == 64
+        push    r11
+        push    r10
+        push    r9
+        push    r8
+        sub     rsp, 10h
+ %endif
+        movzx   ecx, word VAR_CALLER_CX
+        push    xCX
+        mov     eax, VAR_CALLER_SI
+        test    byte VAR_CALLER_MODE, BS3_MODE_CODE_16
+        jz      .no_masking_offset
+        and     eax, 0ffffh
+.no_masking_offset:
+        push    xAX
+        BS3_CALL Bs3SelProtFar32ToFlat32,2
+        add     xSP, xCB*2 BS3_ONLY_64BIT(+ 10h)
+ %if TMPL_BITS == 64
+        pop     r8
+        pop     r9
+        pop     r10
+        pop     r11
+ %endif
+%endif
+        ret
+
 BS3_PROC_END_MODE   Bs3TrapSystemCallHandler
 

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-rm-InitMemory.c

@@ -170 +170 @@
      *      - 0x10000 to 0x1yyyy - BS3TEXT16
      *      - 0x20000 to 0x26fff - BS3SYSTEM16
-     *      - 0x27000 to 0xzzzzz - BS3DATA16, BS3TEXT32, BS3TEXT64, BS3DATA32, BS3DATA64 (in that order).
+     *      - 0x29000 to 0xzzzzz - BS3DATA16, BS3TEXT32, BS3TEXT64, BS3DATA32, BS3DATA64 (in that order).
      *      - 0xzzzzZ to 0x9fdff - Free conventional memory.
      *      - 0x9fc00 to 0x9ffff - Extended BIOS data area (exact start may vary).

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3-system-data.asm

@@ -5 +5 @@
 
 ;
-; Copyright (C) 2007-2015 Oracle Corporation
+; Copyright (C) 2007-2016 Oracle Corporation
 ;
 ; This file is part of VirtualBox Open Source Edition (OSE), as
@@ -25 +25 @@
 ;
 
-
 %include "bs3kit.mac"
 
@@ -37 +36 @@
 StartSystem16:
         db  10, 13, 'eye-catcher: SYSTEM16.......', 10, 13 ; 32 bytes long
-BS3_GLOBAL_DATA Bs3Gdt, 3000
+BS3_GLOBAL_DATA Bs3Gdt, 4000h - 20h
 
 ;; Macro for checking GDT offsets as we go along.
@@ -198 +197 @@
 
 BS3_GLOBAL_DATA Bs3Gdte_R %+ %1 %+ _DS16, 8     ; Entry 108h
-        dw  0ffffh, (0xffff & BS3_ADDR_BS3DATA16) ; 16-bit data segment with base 027000h.
+        dw  0ffffh, (0xffff & BS3_ADDR_BS3DATA16) ; 16-bit data segment with base 029000h.
         dw  09300h | (%1 << 0dh) | (0xff & (BS3_ADDR_BS3DATA16 >> 16)), 00000h | (0xff00 & (BS3_ADDR_BS3DATA16 >> 16))
 
@@ -417 +416 @@
 
         ;
-        ; 2008..26f8h - Free GDTEs.
-        ;
-BS3_GLOBAL_DATA Bs3GdteFreePart3, 06f8h
-        times 06f8h db 0
-
-        ;
-        ; 2700h - the real mode segment number for BS3DATA16. DPL=3. BASE=0x23000h
-        ;
-BS3GdtAssertOffset 02700h
+        ; 2008..28f8h - Free GDTEs.
+        ;
+BS3_GLOBAL_DATA Bs3GdteFreePart3, 08f8h
+        times 08f8h db 0
+
+        ;
+        ; 2900h - the real mode segment number for BS3DATA16. DPL=3. BASE=0x29000h
+        ;
+BS3GdtAssertOffset 02900h
 BS3_GLOBAL_DATA Bs3Gdte_DATA16, 8h
-        dw  0ffffh, 07000h, 0f302h, 00000h
+        dw  0ffffh, 09000h, 0f302h, 00000h
+
+        ;
+        ; 2908..2f98h - Free GDTEs.
+        ;
+BS3GdtAssertOffset 02908h
+BS3_GLOBAL_DATA Bs3GdteFreePart4, 698h
+        times 698h db 0
+
+        ;
+        ; 2be0..2fe0h - 8 spare entries preceeding the test page which we're free
+        ;               to mess with page table protection.
+        ;
+BS3GdtAssertOffset 02fa0h
+BS3_GLOBAL_DATA Bs3GdtePreTestPage08, 8
+        dq 0
+BS3_GLOBAL_DATA Bs3GdtePreTestPage07, 8
+        dq 0
+BS3_GLOBAL_DATA Bs3GdtePreTestPage06, 8
+        dq 0
+BS3_GLOBAL_DATA Bs3GdtePreTestPage05, 8
+        dq 0
+BS3_GLOBAL_DATA Bs3GdtePreTestPage04, 8
+        dq 0
+BS3_GLOBAL_DATA Bs3GdtePreTestPage03, 8
+        dq 0
+BS3_GLOBAL_DATA Bs3GdtePreTestPage02, 8
+        dq 0
+BS3_GLOBAL_DATA Bs3GdtePreTestPage01, 8
+        dq 0
+
+        ;
+        ; 2fe0..3fd8h - 16 Test entries at the start of the page where we're free
+        ;               to mess with page table protection.
+        ;
+BS3GdtAssertOffset 02fe0h
+AssertCompile(($ - $$) == 0x3000)
+BS3_GLOBAL_DATA Bs3GdteTestPage, 0
+BS3_GLOBAL_DATA Bs3GdteTestPage00, 8
+        dq 0
+BS3_GLOBAL_DATA Bs3GdteTestPage01, 8
+        dq 0
+BS3_GLOBAL_DATA Bs3GdteTestPage02, 8
+        dq 0
+BS3_GLOBAL_DATA Bs3GdteTestPage03, 8
+        dq 0
+BS3_GLOBAL_DATA Bs3GdteTestPage04, 8
+        dq 0
+BS3_GLOBAL_DATA Bs3GdteTestPage05, 8
+        dq 0
+BS3_GLOBAL_DATA Bs3GdteTestPage06, 8
+        dq 0
+BS3_GLOBAL_DATA Bs3GdteTestPage07, 8
+        dq 0
+BS3GdtAssertOffset 3020h
+        times 0fb8h db 0
+BS3GdtAssertOffset 3fd8h
 BS3_GLOBAL_DATA Bs3GdtEnd, 0
         db  10, 13, 'GDTE', 10, 13      ; alignment padding (next address on 16 byte boundrary).
+BS3GdtAssertOffset 4000h - 20h ; We're at a page boundrary here! Only GDT and eyecatchers on page starting at 3000h!
+AssertCompile(($ - $$) == 0x4000)
+
 
 
@@ -954 +1012 @@
 ; LDT filling up the rest of the segment.
 ;
-; Currently this starts at 0x6c50, which leaves us with 0x3b0 bytes.  We'll use
+; Currently this starts at 0x84d0, which leaves us with 0xb30 bytes.  We'll use
 ; the last 32 of those for an eye catcher.
 ;
-BS3_GLOBAL_DATA Bs3Ldt, 03b0h
-        times (03b0h - 32) db 0
+BS3_GLOBAL_DATA Bs3Ldt, 0b30h - 32
+        times (0b30h - 32) db 0
 BS3_GLOBAL_DATA Bs3LdtEnd, 0
         db  10, 13, 'eye-catcher: SYSTEM16 END', 10, 13, 0, 0, 0 ; 32 bytes long
@@ -966 +1024 @@
 ;
 %ifndef KBUILD_GENERATING_MAKEFILE_DEPENDENCIES
- %if ($ - $$) != 07000h
+ %if ($ - $$) != 09000h
   %assign offActual ($ - $$)
-  %error "Bad BS3SYSTEM16 segment size: " %+ offActual %+ ", expected 0x7000 (28672)"
+  %error "Bad BS3SYSTEM16 segment size: " %+ offActual %+ ", expected 0x9000 (36864)"
  %endif
 %endif

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3kit.h

@@ -184 +184 @@
 /** The base address of the BS3DATA16 segment.
  * @sa BS3_SEL_DATA16 */
-#define BS3_ADDR_BS3DATA16      0x27000
+#define BS3_ADDR_BS3DATA16      0x29000
 /** @} */
 
@@ -198 +198 @@
  * | BS3TEXT16   |   0x00010000 |             1000h |
  * | BS3SYSTEM16 |   0x00020000 |             2000h |
- * | BS3DATA16   |   0x00027000 |             2700h |
+ * | BS3DATA16   |   0x00029000 |             2900h |
  *
  * This means that we've got a lot of GDT space to play around with.
@@ -352 +352 @@
 
 #define BS3_SEL_FREE_PART3          0x2008 /**< Free selector space - part \#3. */
-#define BS3_SEL_FREE_PART3_LAST     0x26f8 /**< Free selector space - part \#3, last entry. */
-
-#define BS3_SEL_DATA16              0x2700 /**< The BS3DATA16 selector. */
-
-#define BS3_SEL_GDT_LIMIT           0x2707 /**< The GDT limit. */
+#define BS3_SEL_FREE_PART3_LAST     0x28f8 /**< Free selector space - part \#3, last entry. */
+
+#define BS3_SEL_DATA16              0x2900 /**< The BS3DATA16 selector. */
+
+#define BS3_SEL_FREE_PART4          0x2908 /**< Free selector space - part \#4. */
+#define BS3_SEL_FREE_PART4_LAST     0x2f98 /**< Free selector space - part \#4, last entry. */
+
+#define BS3_SEL_PRE_TEST_PAGE_08    0x2fa0 /**< Selector located 8 selectors before the test page. */
+#define BS3_SEL_PRE_TEST_PAGE_07    0x2fa8 /**< Selector located 7 selectors before the test page. */
+#define BS3_SEL_PRE_TEST_PAGE_06    0x2fb0 /**< Selector located 6 selectors before the test page. */
+#define BS3_SEL_PRE_TEST_PAGE_05    0x2fb8 /**< Selector located 5 selectors before the test page. */
+#define BS3_SEL_PRE_TEST_PAGE_04    0x2fc0 /**< Selector located 4 selectors before the test page. */
+#define BS3_SEL_PRE_TEST_PAGE_03    0x2fc8 /**< Selector located 3 selectors before the test page. */
+#define BS3_SEL_PRE_TEST_PAGE_02    0x2fd0 /**< Selector located 2 selectors before the test page. */
+#define BS3_SEL_PRE_TEST_PAGE_01    0x2fd8 /**< Selector located 1 selector  before the test page. */
+#define BS3_SEL_TEST_PAGE           0x2fe0 /**< Start of the test page intended for playing around with paging and GDT. */
+#define BS3_SEL_TEST_PAGE_00        0x2fe0 /**< Test page selector number 00h (convenience). */
+#define BS3_SEL_TEST_PAGE_01        0x2fe8 /**< Test page selector number 01h (convenience). */
+#define BS3_SEL_TEST_PAGE_02        0x2ff0 /**< Test page selector number 02h (convenience). */
+#define BS3_SEL_TEST_PAGE_03        0x2ff8 /**< Test page selector number 03h (convenience). */
+#define BS3_SEL_TEST_PAGE_04        0x3000 /**< Test page selector number 04h (convenience). */
+#define BS3_SEL_TEST_PAGE_05        0x3008 /**< Test page selector number 05h (convenience). */
+#define BS3_SEL_TEST_PAGE_06        0x3010 /**< Test page selector number 06h (convenience). */
+#define BS3_SEL_TEST_PAGE_07        0x3018 /**< Test page selector number 07h (convenience). */
+#define BS3_SEL_TEST_PAGE_LAST      0x3fd0 /**< The last selector in the spare page. */
+
+#define BS3_SEL_GDT_LIMIT           0x3fd8 /**< The GDT limit. */
 /** @} */
 
@@ -570 +592 @@
 
 /** @name System call numbers (ax).
- * Paramenters are generally passed in registers specific to each system call.
+ * Paramenters are generally passed in registers specific to each system call,
+ * however cx:xSI is used for passing a pointer parameter.
  * @{ */
 /** Print char (cl). */
 #define BS3_SYSCALL_PRINT_CHR   UINT16_C(0x0001)
-/** Print string (pointer in ds:[e]si, length in cx). */
+/** Print string (pointer in cx:xSI, length in dx). */
 #define BS3_SYSCALL_PRINT_STR   UINT16_C(0x0002)
 /** Switch to ring-0. */
@@ -584 +607 @@
 /** Switch to ring-3. */
 #define BS3_SYSCALL_TO_RING3    UINT16_C(0x0006)
+/** Restore context (pointer in cx:xSI, flags in dx). */
+#define BS3_SYSCALL_RESTORE_CTX UINT16_C(0x0007)
 /** @} */
 
@@ -734 +759 @@
 /** The BS3DATA16/BS3_FAR_DATA GDT entry. */
 extern X86DESC BS3_FAR_DATA BS3_DATA_NM(Bs3Gdte_DATA16);
-/** The end of the GDT (exclusive). */
+/** Free GDTes, part \#4. */
+
+extern X86DESC BS3_FAR_DATA BS3_DATA_NM(Bs3GdteFreePart4)[211];
+extern X86DESC BS3_FAR_DATA BS3_DATA_NM(Bs3GdtePreTestPage08); /**< GDT entry 8 selectors prior to the test page, testcase resource. @see BS3_SEL_PRE_TEST_PAGE_08 */
+extern X86DESC BS3_FAR_DATA BS3_DATA_NM(Bs3GdtePreTestPage07); /**< GDT entry 7 selectors prior to the test page, testcase resource. @see BS3_SEL_PRE_TEST_PAGE_07 */
+extern X86DESC BS3_FAR_DATA BS3_DATA_NM(Bs3GdtePreTestPage06); /**< GDT entry 6 selectors prior to the test page, testcase resource. @see BS3_SEL_PRE_TEST_PAGE_06 */
+extern X86DESC BS3_FAR_DATA BS3_DATA_NM(Bs3GdtePreTestPage05); /**< GDT entry 5 selectors prior to the test page, testcase resource. @see BS3_SEL_PRE_TEST_PAGE_05 */
+extern X86DESC BS3_FAR_DATA BS3_DATA_NM(Bs3GdtePreTestPage04); /**< GDT entry 4 selectors prior to the test page, testcase resource. @see BS3_SEL_PRE_TEST_PAGE_04 */
+extern X86DESC BS3_FAR_DATA BS3_DATA_NM(Bs3GdtePreTestPage03); /**< GDT entry 3 selectors prior to the test page, testcase resource. @see BS3_SEL_PRE_TEST_PAGE_03 */
+extern X86DESC BS3_FAR_DATA BS3_DATA_NM(Bs3GdtePreTestPage02); /**< GDT entry 2 selectors prior to the test page, testcase resource. @see BS3_SEL_PRE_TEST_PAGE_02 */
+extern X86DESC BS3_FAR_DATA BS3_DATA_NM(Bs3GdtePreTestPage01); /**< GDT entry 1 selectors prior to the test page, testcase resource. @see BS3_SEL_PRE_TEST_PAGE_01 */
+/** Array of GDT entries starting on a page boundrary and filling (almost) the
+ * whole page.   This is for playing with paging and GDT usage.
+ * @see BS3_SEL_TEST_PAGE */
+extern X86DESC BS3_FAR_DATA BS3_DATA_NM(Bs3GdteTestPage)[2043];
+extern X86DESC BS3_FAR_DATA BS3_DATA_NM(Bs3GdteTestPage00); /**< GDT entry 0 on the test page (convenience). @see BS3_SEL_TEST_PAGE_00 */
+extern X86DESC BS3_FAR_DATA BS3_DATA_NM(Bs3GdteTestPage01); /**< GDT entry 1 on the test page (convenience). @see BS3_SEL_TEST_PAGE_01 */
+extern X86DESC BS3_FAR_DATA BS3_DATA_NM(Bs3GdteTestPage02); /**< GDT entry 2 on the test page (convenience). @see BS3_SEL_TEST_PAGE_02 */
+extern X86DESC BS3_FAR_DATA BS3_DATA_NM(Bs3GdteTestPage03); /**< GDT entry 3 on the test page (convenience). @see BS3_SEL_TEST_PAGE_03 */
+extern X86DESC BS3_FAR_DATA BS3_DATA_NM(Bs3GdteTestPage04); /**< GDT entry 4 on the test page (convenience). @see BS3_SEL_TEST_PAGE_04 */
+extern X86DESC BS3_FAR_DATA BS3_DATA_NM(Bs3GdteTestPage05); /**< GDT entry 5 on the test page (convenience). @see BS3_SEL_TEST_PAGE_05 */
+extern X86DESC BS3_FAR_DATA BS3_DATA_NM(Bs3GdteTestPage06); /**< GDT entry 6 on the test page (convenience). @see BS3_SEL_TEST_PAGE_06 */
+extern X86DESC BS3_FAR_DATA BS3_DATA_NM(Bs3GdteTestPage07); /**< GDT entry 7 on the test page (convenience). @see BS3_SEL_TEST_PAGE_07 */
+
+/** The end of the GDT (exclusive - contains eye-catcher string). */
 extern X86DESC BS3_FAR_DATA BS3_DATA_NM(Bs3GdtEnd);
 
@@ -1191 +1240 @@
 
 /**
+ * Prints a string to the screen.
+ *
+ * @param   pchString       The string to print.  Any terminator charss will be printed.
+ * @param   cchString       The exact number of characters to print.
+ */
+BS3_DECL(void) Bs3PrintStrN_c16(const char BS3_FAR *pszString, size_t cchString);
+BS3_DECL(void) Bs3PrintStrN_c32(const char BS3_FAR *pszString, size_t cchString); /**< @copydoc Bs3PrintStrN_c16 */
+BS3_DECL(void) Bs3PrintStrN_c64(const char BS3_FAR *pszString, size_t cchString); /**< @copydoc Bs3PrintStrN_c16 */
+#define Bs3PrintStrN BS3_CMN_NM(Bs3PrintStrN) /**< Selects #Bs3PrintStrN_c16, #Bs3PrintStrN_c32 or #Bs3PrintStrN_c64. */
+
+/**
  * Prints a char to the screen.
  *

trunk/src/VBox/ValidationKit/bootsectors/bs3kit/bs3kit.mac

@@ -1121 +1121 @@
 ;; The base address of the BS3DATA16 segment.
 ;; @sa BS3_SEL_DATA16
-%define BS3_ADDR_BS3DATA16      027000h
+%define BS3_ADDR_BS3DATA16      029000h
 ;; @}
 
@@ -1219 +1219 @@
 
 ;; @name System call numbers (ax)
+;; @note Pointers are always passed in cx:xDI.
 ;; @{
 ;; Print char (cl).
 %define BS3_SYSCALL_PRINT_CHR       0001h
-;; Print string (pointer in ds:[e]si, length in cx).
+;; Print string (pointer in cx:xDI, length in xDX).
 %define BS3_SYSCALL_PRINT_STR       0002h
 ;; Switch to ring-0.
@@ -1232 +1233 @@
 ;; Switch to ring-3.
 %define BS3_SYSCALL_TO_RING3        0006h
+;; Restore context (pointer in cx:xDI, flags in dx).
+%define BS3_SYSCALL_RESTORE_CTX     0007h
 ;; The last system call value.
-%define BS3_SYSCALL_LAST            BS3_SYSCALL_TO_RING3
+%define BS3_SYSCALL_LAST            BS3_SYSCALL_RESTORE_CTX
 ;; @}
 
@@ -1389 +1392 @@
 
 %define BS3_SEL_FREE_PART3          2008h ;;< Free selector space - part \%3.
-%define BS3_SEL_FREE_PART3_LAST     26f8h ;;< Free selector space - part \%3, last entry.
-
-%define BS3_SEL_DATA16              2700h ;;< The BS3DATA16 selector.
-
-%define BS3_SEL_GDT_LIMIT           2707h ;;< The GDT limit.
+%define BS3_SEL_FREE_PART3_LAST     28f8h ;;< Free selector space - part \%3, last entry.
+
+%define BS3_SEL_DATA16              2900h ;;< The BS3DATA16 selector.
+
+%define BS3_SEL_FREE_PART4          2908h ;;< Free selector space - part \#4.
+%define BS3_SEL_FREE_PART4_LAST     2f98h ;;< Free selector space - part \#4, last entry.
+
+%define BS3_SEL_PRE_TEST_PAGE_08    2fa0h ;;< Selector located 8 selectors before the test page.
+%define BS3_SEL_PRE_TEST_PAGE_07    2fa8h ;;< Selector located 7 selectors before the test page.
+%define BS3_SEL_PRE_TEST_PAGE_06    2fb0h ;;< Selector located 6 selectors before the test page.
+%define BS3_SEL_PRE_TEST_PAGE_05    2fb8h ;;< Selector located 5 selectors before the test page.
+%define BS3_SEL_PRE_TEST_PAGE_04    2fc0h ;;< Selector located 4 selectors before the test page.
+%define BS3_SEL_PRE_TEST_PAGE_03    2fc8h ;;< Selector located 3 selectors before the test page.
+%define BS3_SEL_PRE_TEST_PAGE_02    2fd0h ;;< Selector located 2 selectors before the test page.
+%define BS3_SEL_PRE_TEST_PAGE_01    2fd8h ;;< Selector located 1 selector  before the test page.
+%define BS3_SEL_TEST_PAGE           2fe0h ;;< Start of the test page intended for playing around with paging and GDT.
+%define BS3_SEL_TEST_PAGE_00        2fe0h ;;< Test page selector number 00h (convenience).
+%define BS3_SEL_TEST_PAGE_01        2fe8h ;;< Test page selector number 01h (convenience).
+%define BS3_SEL_TEST_PAGE_02        2ff0h ;;< Test page selector number 02h (convenience).
+%define BS3_SEL_TEST_PAGE_03        2ff8h ;;< Test page selector number 03h (convenience).
+%define BS3_SEL_TEST_PAGE_04        3000h ;;< Test page selector number 04h (convenience).
+%define BS3_SEL_TEST_PAGE_05        3008h ;;< Test page selector number 05h (convenience).
+%define BS3_SEL_TEST_PAGE_06        3010h ;;< Test page selector number 06h (convenience).
+%define BS3_SEL_TEST_PAGE_07        3018h ;;< Test page selector number 07h (convenience).
+%define BS3_SEL_TEST_PAGE_LAST      3fd0h ;;< The last selector in the spare page.
+
+%define BS3_SEL_GDT_LIMIT           3fd8h ;;< The GDT limit.
 
 ;; @}