mov rsi,rcx doesn't work in Virtual Box 3.0.8

[Jonathan Markland]

NOTE: This report does NOT concern a mainstream guest OS.

I have developed a loader for a small X86-64 hobby OS system. This consists of a bootable floppy-disc image, which loads a binary image into memory, and executes it in 64-bit "long" mode. I have the following to report:

My system boots and runs fine on:

• The BOCHS PC Simulator 2.4.1 (booting from floppy image file)
• Advent T9610 PC Intel Quad Core Q6600 (booting from CD el-torito floppy emu)
• DELL M2300 Laptop Dual core Intel (booting from CD el-torito floppy emu)

However, my system does NOT work when booting from floppy image mounted in Virtual Box 3.0.8. I get a guru error and VBOX bombs out with *either* a clean guru error box, or a dirty Vista-standard "this program has stopped working" dialog. [In fact this might even be a second issue I can report -- something to do with MSVCR80.dll] However, the primary issue concerns me more.

I do not know if there are debug facilities within VBOX, so I am debugging by inserting an infinite loop "jmp $" in my NASM code, re-building and running. If VBOX hits this and loops forever and does NOT guru on me, I consider this a "test pass". If VBOX does not get this far because of a guru error I consider this a "test fail".

Test results and source code snippets included below.

In brief:

In a routine to render a text message onto the (graphics mode) linear frame buffer :

mov rsi,rcx (of all things) appears not to work:

0x0000000000210781 4889CE mov rsi,rcx

On entry, rcx is 0x210fdd, which is the address of a message string:

0x0000000000210fdd db "TEST MESSAGE",0

When executed at address 0x210781, with rcx=0x210fdd and rsi=0xccccCCCCccccCCCC, and the null-terminated ASCII string "TEST MESSAGE" at address 0x210fdd, according to VBOX.LOG, "mov rsi,rcx" appears to load rcx with value "0x53454d2054534554" rather than the expected 0x210fdd.

Interestingly, "0x53454d2054534554" would be mov rsi,[rcx]

OTHER NOTES

I am using the 2MB page size. The above memory is covered by a 2MB page at address 0x200000 (2MB).

Opcode "4889CE" was generated by the NASM assembler, version 2.06 compiled on Jun 29 2009, and was dis-assembled by the graphic debugger in BOCHS PC Simulator v 2.4.1

Also, the following is the first line of code in my GP Fault (exception 13) handler, however the system is so broken by this stage, it never runs:

00:00:03.487 CPUM: 0008:0000000000210b60 4c 8d 3d 05 00 00 00 lea r15, [000000005h wrt rip]

TEST NOTES IN DETAIL FOLLOW. Here I am illustrating the pertinent part of the routine, and I move the "jmp $" infinite-loop instruction down one place per test:

TEST 1 : Prove RCX is an OK address =====

sv_printf:

; Called from C++ ; RCX = address of message string

PUSHAQ

call get_kh_screen_base ; NOTE: RDI is now the screen memory base address

xchg bx,bx ; DEBUG: This is just the BOCHS Pc-Simulator's breakpoint (benign otherwise) mov AL,[RCX] ; DEBUG: Prove RCX is OK (if VirtualBox doesn't crash)

jmp $ ; DEBUG Infinite loop here (no Guru message if all is OK)

mov RSI,RCX ; Move address of string into RSI

mov AL,[RSI] ; DEBUG Prove RSI is OK (if VirtualBox doesn't crash)

TEST RESULT: PASS

TEST 2 : Prove mov RSI,RCX doesn't immediately crash ========

sv_printf:

; Called from C++ ; RCX = address of message string

PUSHAQ

call get_kh_screen_base ; NOTE: RDI is now the screen memory base address

xchg bx,bx ; DEBUG: This is just the BOCHS Pc-Simulator's breakpoint (benign otherwise) mov AL,[RCX] ; DEBUG: Prove RCX is OK (if VirtualBox doesn't crash)

mov RSI,RCX ; Move address of string into RSI

jmp $ ; DEBUG Infinite loop here (no Guru message if all is OK)

mov AL,[RSI] ; DEBUG Prove RSI is OK (if VirtualBox doesn't crash)

TEST RESULT: PASS

TEST 3 : Prove RCX's value copied into RSI OK (FAIL) ========

sv_printf:

; Called from C++ ; RCX = address of message string

PUSHAQ call get_kh_screen_base

; NOTE: RDI is now the screen memory base address

xchg bx,bx ; DEBUG: This is just the BOCHS Pc-Simulator's breakpoint (benign otherwise) mov AL,[RCX] ; DEBUG: Prove RCX is OK (if VirtualBox doesn't crash)

mov RSI,RCX ; Move address of string into RSI

mov AL,[RSI] ; DEBUG Prove RSI is OK (if VirtualBox doesn't crash)

jmp $ ; DEBUG Infinite loop here (no Guru message if all is OK)

TEST RESULT: FAIL

I appreciate this is not a standard guest system, so may not be high priority, however, this system does run on the systems listed above, and it is odd that this crashes Virtual Box, which I would quite like to starting using. Please contact me if you need the image file of the boot floppy disc and instructions.

Thanks for your time,

Jonathan.

[Jonathan Markland]

The VBOX.LOG file

[Jonathan Markland]

Amended, as I got a small detail wrong:

When executed at address 0x210781, with rcx=0x210fdd and rsi=0xccccCCCCccccCCCC, and the null-terminated ASCII string "TEST MESSAGE" at address 0x210fdd, according to VBOX.LOG, "mov rsi,rcx" appears to load *rsi* with value "0x53454d2054534554" rather than the expected 0x210fdd.

(The formatting system is difficult to use here!)

[Sander van Leeuwen]

Well, your conclusion is not correct. It's related to paging probably. I can only take a look if you can provide me with the floppy image. I'll send you an email.

[Sander van Leeuwen]

There were problems with the code iirc.