Using .word 65535 causes QEMU to reboot

Question

I have an assembly program that is used in my OS to run after GRUB, and I'm having a strange problem where .word 65535 causes QEMU to reboot and I can't figure out why.

I have done some testing and I have figured out what line causes the problem using jmp $ and I have confirmed that it is the line I have mentioned above.

My Multiboot compliant code is:

/* Enable intel syntax */
.intel_syntax noprefix
/* Declare constants for the multiboot header. */
.set ALIGN,    1<<0             /* align loaded modules on page boundaries */
.set MEMINFO,  1<<1             /* provide memory map */
.set FLAGS,    ALIGN | MEMINFO  /* this is the Multiboot 'flag' field */
.set MAGIC,    0x1BADB002       /* 'magic number' lets bootloader find the header */
.set CHECKSUM, -(MAGIC + FLAGS) /* checksum of above, to prove we are multiboot */

/* 
Declare a multiboot header that marks the program as a kernel. These are magic
values that are documented in the multiboot standard. The bootloader will
search for this signature in the first 8 KiB of the kernel file, aligned at a
32-bit boundary. The signature is in its own section so the header can be
forced to be within the first 8 KiB of the kernel file.
*/
.section .multiboot
.align 4
.long MAGIC
.long FLAGS
.long CHECKSUM

/*
The multiboot standard does not define the value of the stack pointer register
(esp) and it is up to the kernel to provide a stack. This allocates room for a
small stack by creating a symbol at the bottom of it, then allocating 16384
bytes for it, and finally creating a symbol at the top. The stack grows
downwards on x86. The stack is in its own section so it can be marked nobits,
which means the kernel file is smaller because it does not contain an
uninitialized stack. The stack on x86 must be 16-byte aligned according to the
System V ABI standard and de-facto extensions. The compiler will assume the
stack is properly aligned and failure to align the stack will result in
undefined behavior.
*/
.section .bss
.align 16
stack_bottom:
.skip 16384 # 16 KiB
stack_top:

/*
The linker script specifies _start as the entry point to the kernel and the
bootloader will jump to this position once the kernel has been loaded. It
doesn't make sense to return from this function as the bootloader is gone.
*/
.section .text
.global _start
.type _start, @function
_start:
    /*
    The bootloader has loaded us into 32-bit protected mode on a x86
    machine. Interrupts are disabled. Paging is disabled. The processor
    state is as defined in the multiboot standard. The kernel has full
    control of the CPU. The kernel can only make use of hardware features
    and any code it provides as part of itself. There's no printf
    function, unless the kernel provides its own <stdio.h> header and a
    printf implementation. There are no security restrictions, no
    safeguards, no debugging mechanisms, only what the kernel provides
    itself. It has absolute and complete power over the
    machine.
    */

    /*
    To set up a stack, we set the esp register to point to the top of the
    stack (as it grows downwards on x86 systems). This is necessarily done
    in assembly as languages such as C cannot function without a stack.
    */
    mov stack_top, esp

    /*
    This is a good place to initialize crucial processor state before the
    high-level kernel is entered. It's best to minimize the early
    environment where crucial features are offline. Note that the
    processor is not fully initialized yet: Features such as floating
    point instructions and instruction set extensions are not initialized
    yet. The GDT should be loaded here. Paging should be enabled here.
    C++ features such as global constructors and exceptions will require
    runtime support to work as well.
    */

    /*
    GDT from the old DripOS bootloader, which was from the original
    project (The OS tutorial)
    */

    gdt_start:

        .long 0x0
        .long 0x0

    gdt_code: 
        .word 65535     /* <-------- this line causing problems */
        .word 0x0
        /*.byte 0x0
        .byte 0x9A*/ /*10011010 in binary*/
        /*.byte 0xCF*/ /*11001111 in binary*/
        /*.byte 0x0*/
    jmp $
    gdt_data:
        .word 0xffff
        .word 0x0
        .byte 0x0
        .byte 0x92 /*10010010 in binary*/
        .byte 0xCF /*11001111 in binary*/
        .byte 0x0

    gdt_end:

    gdt_descriptor:
        .word gdt_end - gdt_start - 1
        .long gdt_start

    #CODE_SEG gdt_code - gdt_start
    #DATA_SEG gdt_data - gdt_start

    lgdt [gdt_descriptor]
    jmp $
    /*
    Enter the high-level kernel. The ABI requires the stack is 16-byte
    aligned at the time of the call instruction (which afterwards pushes
    the return pointer of size 4 bytes). The stack was originally 16-byte
    aligned above and we've since pushed a multiple of 16 bytes to the
    stack since (pushed 0 bytes so far) and the alignment is thus
    preserved and the call is well defined.
    */
    call main

    /*
    If the system has nothing more to do, put the computer into an
    infinite loop. To do that:
    1) Disable interrupts with cli (clear interrupt enable in eflags).
       They are already disabled by the bootloader, so this is not needed.
       Mind that you might later enable interrupts and return from
       kernel_main (which is sort of nonsensical to do).
    2) Wait for the next interrupt to arrive with hlt (halt instruction).
       Since they are disabled, this will lock up the computer.
    3) Jump to the hlt instruction if it ever wakes up due to a
       non-maskable interrupt occurring or due to system management mode.
    */
    cli
1:  hlt
    jmp 1b

/*
Set the size of the _start symbol to the current location '.' minus its start.
This is useful when debugging or when you implement call tracing.
*/
.size _start, . - _start

I expect QEMU to continue working after the call to .word 65535 but instead QEMU reboots and the OS does not boot.

Answer 1

As was pointed out in the comments you placed the GDT in the middle of your code. The processor can't distinguish between what is code and data when mixed. The CPU would have attempted to start executing the GDT as code after the instruction mov stack_top, esp . objdump -Dz -Mintel¹ on the object file shows that these instructions would have been executed:

boot.o:     file format elf64-x86-64


Disassembly of section .text:

0000000000000000 <_start>:
   0:   89 24 25 00 00 00 00    mov    DWORD PTR ds:0x0,esp

0000000000000007 <gdt_start>:
   7:   00 00                   add    BYTE PTR [rax],al
   9:   00 00                   add    BYTE PTR [rax],al
   b:   00 00                   add    BYTE PTR [rax],al
   d:   00 00                   add    BYTE PTR [rax],al

000000000000000f <gdt_code>:
   f:   ff                      (bad)
  10:   ff 00                   inc    DWORD PTR [rax]
  12:   00 eb                   add    bl,ch
  14:   fe                      (bad)

[snip]

The CPU would have been able to execute the first number of bytes in the GDT as bogus instructions but when it hit the 0xffff in gdt_code the instructions can't be decoded as valid instructions. OBJDUMP shows those as (bad).

The fix is simple as @Jester says - simply move the GDT (and all data) after the code. The preference is to place data and code in different sections so that it is separated.

---

Footnotes

¹OBJDUMP option meaning:

• -D option shows code disassembly
• -z option display all the zero bytes in the file
• -Mintel displays the code using Intel syntax rather than the default AT&T syntax