From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1GYlvN-0003qu-Bu
	for qemu-devel@nongnu.org; Sat, 14 Oct 2006 11:59:45 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1GYlvL-0003o6-1p
	for qemu-devel@nongnu.org; Sat, 14 Oct 2006 11:59:44 -0400
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1GYlvK-0003nr-Rv
	for qemu-devel@nongnu.org; Sat, 14 Oct 2006 11:59:42 -0400
Received: from [216.99.193.130] (helo=ruby.spiritone.com)
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1GYm42-0002dT-3L
	for qemu-devel@nongnu.org; Sat, 14 Oct 2006 12:08:42 -0400
Received: from [192.168.0.4] (216-99-213-225.dsl.aracnet.com [216.99.213.225])
	(authenticated bits=0)
	by ruby.spiritone.com (8.13.6/8.13.4) with ESMTP id k9EFxdrg005550
	for <qemu-devel@nongnu.org>; Sat, 14 Oct 2006 08:59:40 -0700
Message-ID: <45310975.8020704@BitWagon.com>
Date: Sat, 14 Oct 2006 08:59:49 -0700
From: John Reiser <jreiser@BitWagon.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] qemu-0.8.2 i386 -kernel hangs when gdt and idt are
	zero length
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Hi,

Under qemu-0.8.2 when emulating i386 -kernel in protected mode,
and if both the idt and gdt have length zero, then trying
to load a segment register loops for a very long time.

	cli
	lidtl  empty_idt
	lgdtl  empty_gdt  # %cs info persists in internal registers
	movl $0x18,%eax
	movl %eax,%ds  # qemu-0.8.2 hangs here

	.data
  empty_idt:
	.short 0  # length is zero
	.long 0
  empty_gdt:
	.short 0  # length is zero
	.long 0

Because the gdt has length 0, then the descriptor for segment
0x18>>3 does not exist in memory.  The Intel manual claims the
hardware gives "#GP(selector)" fault for loading the segment
register when the selector index is not within limits, but
delivery of the exception depends on the idt.  When the idt
also has zero length, then real hardware enters double-fault
territory (perhaps triple-fault?) and shuts down.

It would be nice if qemu emulation detected such a situation,
then issued an informative message, in addition to
looping forever as an "emulation" of hardware shutdown.

-- 
John Reiser, jreiser@BitWagon.com