Hello,
After some fortune I found out that also Turbo Debugger 286 doesn't work under plain DOS 6.22 (without any memory mananger just pressing F5) or with some memory mananagers (HIMEM.SYS, EMM386, QEMM386).
Error message is: Error 266 loading D:\DIR\TD286.EXE into extended memory.
So it looks like that there is a major issue with extended memory. Any ideas how to fix or how to find the problem and fix it?
Version is latest seabios and QEMU from git as of now (own builds).
I'm pretty sure that it is the same reason that the 286 DOS Extender application doesn't work.
For full reference of the previously discussed have a look here: http://www.mail-archive.com/qemu-devel@nongnu.org/msg29518.html http://www.mail-archive.com/qemu-devel@nongnu.org/msg29465.html
Thnx.
Ciao, Gerhard
On Wed, 14 Apr 2010, Jan Kiszka wrote:
Jamie Lokier wrote:
Gerhard Wiesinger wrote:
It is a non public, proprietary application which uses the Ergo Computing 286 DOS Extender. I guess some other application which use the same DOS extender have the same problem. So best thing is to find another application which uses the Ergo Computing 286 DOS Extender, too.
The 286 was obsolete 20 years ago, although code depending on it persisted for some years after.
I'm fairly sure the number of people using (or trying to use) Qemu with 286-specific code is very small indeed, so unfortunately for a 286 problem, you will need to help reproduce it as much as you can for it to be fixed.
In some scenarios, we use QEMU in emulation mode for such a legacy guest (16-bit protected mode), but we mostly run it in KVM mode these days. It works fairly well under QEMU, but also we did not explore all corner cases.
Note that Qemu doesn't emulate segments properly even for 32-bit x86 code, and 16-bit (286) code depends on that all the more. That may be the problem.
More precisely: QEMU does not check for segment limits. This can be a problem with buggy or pedantic guests, but usually one tried to avoid triggering this anyway. I once wrote a crude patch to add this, but it had significant performance impact and did not properly make use of the TCG to optimize the checks. You'll find it in the archives (but I guess it no longer applies).
Or it may be the "reset using keyboard controller and BIOS" method used to switch from protected mode to real mode on a 286 is not implemented properly, or is not supported by the BIOS properly.
Or it may simply be a bug in 16-bit task segment switching or something like that, which is quite complex and so rarely used that it might never have been properly tested.
Task switching looks fairly stable in QEMU (in contrast to KVM where we just ran into some more corner cases).
Did you try running the application under Bochs, which has a more accurate emulation of very old x86 CPUs?
-- Jamie
That said, having some test case to reproduce the issue is essential. I'm willing to have a look if you can provide such thing (publicly or privately). Before that, you could already try building QEMU with --enable-debug and run it with "-d exec,int". The generated /tmp/qemu.log may point out where things go wrong (usually where faults starts to occur).
Jan
On Sun, Feb 13, 2011 at 03:06:44PM +0100, Gerhard Wiesinger wrote:
Hello,
After some fortune I found out that also Turbo Debugger 286 doesn't work under plain DOS 6.22 (without any memory mananger just pressing F5) or with some memory mananagers (HIMEM.SYS, EMM386, QEMM386).
Error message is: Error 266 loading D:\DIR\TD286.EXE into extended memory.
So it looks like that there is a major issue with extended memory. Any ideas how to fix or how to find the problem and fix it?
It would help if you could post the seabios log. The easiest way to get at that is to add the following to the qemu command line:
-chardev stdio,id=seabios -device isa-debugcon,iobase=0x402,chardev=seabios
It's also possible to recompile seabios with the debug level increased to get more info on specific calls.
-Kevin
On Sun, Feb 13, 2011 at 03:06:44PM +0100, Gerhard Wiesinger wrote:
Hello,
After some fortune I found out that also Turbo Debugger 286 doesn't work under plain DOS 6.22 (without any memory mananger just pressing F5) or with some memory mananagers (HIMEM.SYS, EMM386, QEMM386).
Error message is: Error 266 loading D:\DIR\TD286.EXE into extended memory.
So it looks like that there is a major issue with extended memory. Any ideas how to fix or how to find the problem and fix it?
Version is latest seabios and QEMU from git as of now (own builds).
FYI - I took a quick look at this. It does not appear to be SeaBIOS related as SeaBIOS under Bochs works fine. Qemu fails for me as reported above. Kvm (AMD) also fails for me with a slightly different set of error messages (error "269" instead of "266").
I noticed that under Bochs I get this message as it runs (not sure if it is meaningful):
00383234030i[CPU0 ] TASK SWITCH: switching to the same TSS !
Under qemu, I see a report of a cpu exception during execution of the command (again, not sure if it is meaningful). I grabbed the qemu execution log around the exception if anyone wishes to take a look at it.
-Kevin
---------------- IN: 0x0000000000107694: pop %cx 0x0000000000107695: mov 0x5(%si),%al 0x0000000000107698: and $0xfd,%al 0x000000000010769a: mov %al,0x5(%si) 0x000000000010769d: xor %ax,%ax 0x000000000010769f: mov %ax,-0x8(%bp) 0x00000000001076a2: mov -0x2(%bp),%ax 0x00000000001076a5: mov %ax,-0x6(%bp) 0x00000000001076a8: ltr %ax 0x00000000001076ab: push %cx 0x00000000001076ac: mov %ax,%cx 0x00000000001076ae: call 0x105530
EAX=00000158 EBX=00008000 ECX=00000158 EDX=000041b0 ESI=00000148 EDI=00000278 EBP=00000589 ESP=0000057d EIP=00002cf0 EFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0028 0001b940 00002f1f 00009300 DPL=0 DS16 [-WA] CS =0020 00102840 0000ffff 00009a00 DPL=0 CS16 [-R-] SS =0150 0010b5e0 000005ce 00009300 DPL=0 DS16 [-WA] DS =0008 0001b440 000003ff 00009300 DPL=0 DS16 [-WA] FS =0010 0001b940 0000ffff 00009300 DPL=0 DS16 [-WA] GS =0010 0001b940 0000ffff 00009300 DPL=0 DS16 [-WA] LDT=0000 00000000 00000000 00008200 DPL=0 LDT TR =0158 0010bbc0 000005ce 00008100 DPL=0 TSS16-avl GDT= 0001b440 000003ff IDT= 00100010 000007ff CR0=00000013 CR2=00000000 CR3=00000000 CR4=00000000 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 CCS=000000a4 CCD=00000000 CCO=LOGICW EFER=0000000000000000 EAX=00000158 EBX=00008000 ECX=00000158 EDX=000041b0 ESI=00000158 EDI=00000278 EBP=00000589 ESP=0000057f EIP=00004e71 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0028 0001b940 00002f1f 00009300 DPL=0 DS16 [-WA] CS =0020 00102840 0000ffff 00009a00 DPL=0 CS16 [-R-] SS =0150 0010b5e0 000005ce 00009300 DPL=0 DS16 [-WA] DS =0008 0001b440 000003ff 00009300 DPL=0 DS16 [-WA] FS =0010 0001b940 0000ffff 00009300 DPL=0 DS16 [-WA] GS =0010 0001b940 0000ffff 00009300 DPL=0 DS16 [-WA] LDT=0000 00000000 00000000 00008200 DPL=0 LDT TR =0158 0010bbc0 000005ce 00008100 DPL=0 TSS16-avl GDT= 0001b440 000003ff IDT= 00100010 000007ff CR0=00000013 CR2=00000000 CR3=00000000 CR4=00000000 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 CCS=000000ac CCD=00000158 CCO=SHLW EFER=0000000000000000 ---------------- IN: 0x00000000001076b1: pop %cx 0x00000000001076b2: mov 0x5(%si),%al 0x00000000001076b5: and $0xfd,%al 0x00000000001076b7: mov %al,0x5(%si) 0x00000000001076ba: ljmp *-0x8(%bp)
check_exception old: 0xffffffff new 0xa 0: v=0a e=0160 i=0 cpl=0 IP=0160:0000000000000000 pc=0000000000000000 SP=0168:00000000ffff05c4 EAX=00000000ffff0000 EAX=ffff0000 EBX=ffff0000 ECX=ffff0000 EDX=ffff0000 ESI=ffff0000 EDI=ffff0000 EBP=ffff0000 ESP=ffff05c4 EIP=00000000 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 00000000 00000000 00000000 CS =0160 00000000 00000000 00000000 SS =0168 00000000 00000000 00000000 DS =0170 00000000 00000000 00000000 FS =0000 00000000 00000000 00000000 GS =0000 00000000 00000000 00000000 LDT=0168 0010c1a0 00007fff 00008200 DPL=0 LDT TR =0158 0010bbc0 000005ce 00008100 DPL=0 TSS16-avl GDT= 0001b440 000003ff IDT= 00100010 000007ff CR0=0000001b CR2=00000000 CR3=00000000 CR4=00000000 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 CCS=00000000 CCD=00000081 CCO=LOGICB EFER=0000000000000000 EAX=ffff0000 EBX=ffff0000 ECX=ffff0000 EDX=ffff0000 ESI=ffff0000 EDI=ffff0000 EBP=ffff0000 ESP=ffff05bc EIP=00003ae8 EFL=00000086 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 00000000 00000000 00000000 CS =0020 00102840 0000ffff 00009a00 DPL=0 CS16 [-R-] SS =0168 00000000 00000000 00000000 DS =0170 00000000 00000000 00000000 FS =0000 00000000 00000000 00000000 GS =0000 00000000 00000000 00000000 LDT=0168 0010c1a0 00007fff 00008200 DPL=0 LDT TR =0158 0010bbc0 000005ce 00008100 DPL=0 TSS16-avl GDT= 0001b440 000003ff IDT= 00100010 000007ff CR0=0000001b CR2=00000000 CR3=00000000 CR4=00000000 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 CCS=00000000 CCD=00000081 CCO=LOGICB EFER=0000000000000000 ---------------- IN: 0x0000000000106328: push %ds 0x0000000000106329: call 0x107626
EAX=ffff0000 EBX=ffff0000 ECX=ffff0000 EDX=ffff0000 ESI=ffff0000 EDI=ffff0000 EBP=ffff0000 ESP=ffff05b8 EIP=00004de6 EFL=00000086 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 00000000 00000000 00000000 CS =0020 00102840 0000ffff 00009a00 DPL=0 CS16 [-R-] SS =0168 00000000 00000000 00000000 DS =0170 00000000 00000000 00000000 ...