[Soekris] Buggy BIOS, int 15h, ah=87h

Yuri Karaban tech at askold.net
Fri May 13 13:00:22 UTC 2005


Hello

Seems that int 15/87h can't move address above 16MB. It simply ignore
24-32 bits of base address in GDT descriptor. So address
0x1000000-0x2000000 (16-32M), 0x2000000-0x3000000 (32-48M) and so on,
refer the same address range :0x0-0x1000000 (0-15M).

I wrote the program which demonstrate the bug. On correct computers
(on my laptop and in bochs emulator it reports OK).

The test is based on setting destination descriptor to expected
address but setting its 24-32 bits of base address to 0x01. So if BIOS
is correct it will move string above 16MB address, but if it buggy it
will overwrite expected string.

It is the NASM (http://nasm.sourceforge.net/), if you do not have NASM
I can send you bootsector image on request.

PS. Please CC me when answering, I'm not subscriber.

I hope bios will be fixed and thank you in advance!

---------------------[cut]----------------------------------
sector_size	equ	512
str_size	equ	12

start:
	jmp	0x7c0:.next
.next:
	mov	ax, cs
	mov	ds, ax
	mov	es, ax
	mov	ax, src
	add	ax, 0x7c00
	mov	[gdt.src], ax
	mov	ax, dst
	add	ax, 0x7c00
	mov	[gdt.dst], ax
;	Set DST above 16M
	mov	byte [gdt.dst+5], 1
	mov	ah, 0x87
	mov	cx, str_size / 2
	mov	si, gdt
	int	0x15
	jc	.fail
	cld
	xor	bx, bx
	mov	si, dst
	mov	cx, str_size
	mov	ah, 0x0e
.again:	lodsb
	int	0x10
	loop	.again
	jmp	$

.fail:
	mov	ax, 0x0e00 + '!'
	xor	bx, bx
	int	0x10
	jmp	$

gdt:
	times	16	db	0
;;; SRC
	dw	0xffff
.src:
	dw	0
	db	0
	db	0x93
	dw	0
;;; DST
	dw	0xffff
.dst:
	dw	0
	db	0
	db	0x93
	dw	0
	times	16	db	0

src	db	'CHECK FAILED'
dst	db	'CHECK     OK'

	times	sector_size - ($ - start) - 2	db	'!'
	dw	0xaa55

; Local Variables:
; mode: fundamental
; End:

---------------------[cut]----------------------------------




More information about the Soekris-tech mailing list