80286 Protected Mode Test

Guy Sotomayor ggs at shiresoft.com
Sun Mar 14 13:36:44 CDT 2021

On 3/14/21 11:09 AM, Peter Corlett via cctalk wrote:
> On Sun, Mar 14, 2021 at 04:32:20PM +0100, Maciej W. Rozycki via cctalk wrote:
>> On Sun, 7 Mar 2021, Noel Chiappa via cctalk wrote:
>>>> The 286 can exit protected mode with the LOADALL instruction.
> [...]
>> The existence of LOADALL (used for in-circuit emulation, a predecessor
>> technique to modern JTAG debugging and the instruction the modern x86 RSM
>> instruction grew from) in the 80286 wasn't public information for a very
>> long time, and you won't find it in public Intel 80286 CPU documentation
>> even today. Even if IBM engineers knew of its existence at the time the
>> PC/AT was being designed, surely they have decided not to rely in their
>> design on something not guaranteed by the CPU manufacturer to exist.

I can say with a fair amount of certainty, that we at IBM knew of the 
existence of the LOADALL instructions including all of it's warts (and 
its inability to switch back from protected mode) from the earliest days.

There were many heated discussions in various task forces (this was of 
course IBM) about the next generation OS (to become OS/2) about the 
'286.  First and foremost was how to be able to run DOS programs on the 
'286. Over very vocal opposition, management decided to use "mode 
switching" rather than any of the other techniques.  It should be noted, 
that a significant portion of us advocated abandoning the '286 in favor 
of the '386 to solve this problem.  The argument that management made 
against that approach assumed that OS/2 would be ready in 9 months and 
that the '386 would be late ('386 at the time was about 12-18 months 
away).  It turned out that OS/2 took well over 18 months to develop.

At the time I was fairly familiar with the LOADALL instruction.  I had 
modified PC/AT Xenix to use the LOADALL instruction to allow for running 
Xenix programs and multiple DOS programs simultaneously.  I gave 
multiple demos to various folks in management but to no avail.  They had 
decided that mode switching as *the* way that OS/2 was going to work.

I should also note, that the other way to get back to real mode from 
protected mode is via a triple-fault.  What gets me (and I railed on 
Intel when I worked there for a time) that it still existing in the 
architecture even though they have a machine check architecture now 
(which while at IBM pushed Intel to implement for the '386!).

> The Wikipedia page on LOADALL claims "The 80286 LOADALL instruction can not
> be used to switch from protected back to real mode (it can't clear the PE
> bit in the MSW). However, use of the LOADALL instruction can avoid the need
> to switch to protected mode altogether."
> I find that paragraph very persuasive. The author knows about LOADALL and
> the desire to use it to avoid going into protected mode, and also explains
> that there's a specific exception in its behaviour which prevents returning
> to real mode. All of the other hacky uses of LOADALL would be unnecessary if
> it could be used to switch modes at will. It just doesn't seem like
> something that would be written if it was wrong.
> Is Wikipedia incorrect and the 286 LOADALL *can* exit protected mode, and if
> so, how?
TTFN - Guy

More information about the cctech mailing list