Failure in irq handler in qemu: attempt to execute code outside RAM or ROM

Question

Failure in irq handler in qemu: attempt to execute code outside RAM or ROM

I studied the training to develop core leadership, especially bran kernel that I'm testing with qemu, either through -kernel, or -cdromI crash. As far as I understand, this is what happens:
as soon as I turned on interrupts ( sti), the interrupt pits are caught by my irq handler. I reused the code from the Bran example:

.intel_syntax noprefix
.global irq00
.extern_default_handler
irq00:
    cli
    push 0
    push 32
    jmp irq_common_stub
irq_common_stub:
    pushad
    push ds
    push es
    push fs
    push gs
    mov ax, 0x10
    mov ds, ax
    mov es, ax
    mov fs, ax
    mov gs, ax
    push eax
    mov eax, irq_default_handler
    call eax
    etc...
    add esp, 8
    sti
    iret

now when i turn on the qemu trace ( -d cpu,exec,in_asm) options , i see the following:

IN:
0x0010121b: mov   %eax, %fs
0x0010121d: mov   %eax, %gs
0x0010121f: mov   %esp, %eax
0x00101222: mov   0x100e81, %eax
0x00101227: call  *%eax

Trace 0xb3aa3360 [0010121b]
EAX=83535657 EBX=00009500 ECX=0000000f EDX=00000000
ESI=00000000 EDI=0010a000 EBP=00000000 ESP=00107fc8
EIP=83535657 EFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0010 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
CS =0008 00000000 ffffffff 00cf9300 DPL=0 CS32 [-R-]
SS =0008 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
DS =0008 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
FS =0008 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
GS =0008 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
LDT=0000 00000000 0000ffff 00008200 DPL=0 LDT
TR =0000 00000000 0000ffff 00008b00 DPL=0 TSS32-busy
GDT=     00108060 0000001f 
IDT=     001080a0 0000071f
CR0=00000011 CR2=00000000 CR3=00000000 CR4=00000000
DR0=00000000 DR1=00000000 DR2=00000000 DR3=00000000 
DR6=ffff0ff0 DR7=00000400 
CCS=00000000 CCD=00000000 CCO=SUBL
EFER=0000000000000000
qemu fatal: trying to execute code outside RAM or ROM at 0x83535657

finaly a objdump -d kernel.binlet me check if my

void irq_default_handler(isr_stack_frame_t sf);

Function C is at the address I expect:

00100e81 <irq_default_handler>

eax eip , mov C. , :

 typedef struct {
     uint32_t gs, ds, es, ds;
     uint32_t edi, esi, ebp, ebx, edx, ecx, eax;
     uint32_t int_number, err_code;
     uint32_t eip, cs, eflags, useresp, ss;
 } isr_stack_frame_t;

, . , eip . C. .

+4

assembly x86 qemu kernel

William 24 . '13 0:49

1

mirabilos · Accepted Answer · 2013-12-25T00:41:56+0000

, .

typedef struct {
     uint32_t gs, ds, es, ds;
     uint32_t edi, esi, ebp, ebx, edx, ecx, eax;
                           ↑↑
     uint32_t int_number, err_code;
     uint32_t eip, cs, eflags, useresp, ss;
} isr_stack_frame_t;

pushad GPR (eax, ecx, edx, ebx, esp, ebp, esi, edi). (, , esp.)

, , mov eax,esp before push eax, : isr_stack_frame_t *, IRQ, . - ( ) , , push.

+2 .intel_syntax noprefix - !\/

" Intel" , , @FrankKotler : mov eax,foo; mov eax,offset foo, mov eax,[foo], .

: sti iret: EI/DI () EFLAGS, iret. , ( Bran ).

Failure in irq handler in qemu: attempt to execute code outside RAM or ROM

More articles: