bochs/bios: Fix the mask value used when writing to MTRR_PHYSMASK MSR

In bochs/bios/rombios32.c, setup_mtrr() configures the vCPU via the
memory type range registers (MTRRs) to use different methods of caching
(uncached, write-through, write-back, etc.) for different regions of
physical memory. For example, it marks the 3.5-4GiB region (0xE0000000
through 0xFFFFFFFF) as uncached, by writing to the following pair of
model-specific registers (MSRs):

 - IA32_MTRR_PHYSBASE0 (value=0x00000000_E0000000)
 - IA32_MTRR_PHYSMASK0 (value=0xFFFFFFFF_E0000800)

However, in the case of IA32_MTRR_PHYSMASK0, the current implementation
fails to honor reserved bits (e.g. bit 63). According to Figure 11-7 of
Intel(R) 64 and IA-32 Architectures Software Developer's Manual, Volume
3A [1], bits 63 through MAXPHYADDR are reserved. Moreover, according to
Section, "the processor generates a general-protection
exception (#GP) if software attempts to write to them".

This requirement has been enforced by KVM since Linux kernel 3.18 [2].
As a result, the classic Android x86_64 emulator does not boot on Linux
hosts with a 3.18+ kernel (e.g. Ubuntu 15.04). A bug has been opened at:

Fix this issue by using the correct mask value. In fact, the upstream
Bochs codebase has already done that, so just back-port all the relevant

r9613 | sshwarts | 2009-12-11 15:44:48 +0800 (Fri, 11 Dec 2009) [3]

Commit "fix for BIOS bug" changed MSR_MTRRdefType to MTRR_MEMTYPE_UC.
Change it back to MTRR_MEMTYPE_WB.

r9515 | vruppert | 2009-10-25 18:25:38 +0800 (Sun, 25 Oct 2009) | [4]

- fixed MTRR mask write bug and enabled check in

r9504 | sshwarts | 2009-10-23 23:32:45 +0800 (Fri, 23 Oct 2009) | [5]

fix for BIOS bug


[2] Commit d7a2a24 of Linux kernel

Change-Id: Ice960cbe557f986b001764783c215417e02897c6
Signed-off-by: Yu Ning <>
1 file changed
tree: 0efd38a1bfa63930028db030bb56101d96a1a0f6
  1. Makefile
  3. bochs/
  4. vgabios/