linux-0.11中setup.s详解 只是自己的想法



!
! setup.s  (C) 1991 Linus Torvalds
!
! setup.s is responsible for getting the system data from the BIOS,
! and putting them into the appropriate places in system memory.
! both setup.s and system has been loaded by the bootblock.
!
! This code asks the bios for memory/disk/other parameters, and
! puts them in a "safe" place: 0x90000-0x901FF, ie where the
! boot-block used to be. It is then up to the protected mode
! system to read them from there before the area is overwritten
! for buffer-blocks.
!
/*
setup.s 主要是利用bios的中断获取系统参数，并且把数据保存在0x90000开始的位置(覆盖原bootsect.s占用的内存),参数被内核使用。
bootsect 已经把system加载到0x10000位置了。
setup将system从0x10000-0x8fff(当时认为内核的最大值)整块移动到内存的绝对地址0x00000处，接下来加载中断描述符表寄存器idtr和全局描述符表gdtr，
开启a20地址线，重新设置两个中断控制芯片，将硬件终端号重新设置，最后设置cpu的控制寄存器cr0，从而进入32位的保护模式，
并且跳转到system模块最前面的head.s程序处继续执行。

为了能让head.s在32位的保护模式下运行，本程序设置了中断描述符表idt和全局描述符表gdt，并且在gdt中设置了当前内核
代码段的描述符和数据段的描述符。

在后面的head.s程序中会根据内核的需要重新设置这些描述符表。
**/
! NOTE! These had better be the same as in bootsect.s!

INITSEG  = 0x9000 ! we move boot here - out of the way
SYSSEG   = 0x1000 ! system loaded at 0x10000 (65536).
SETUPSEG = 0x9020 ! this is the current segment

.globl begtext, begdata, begbss, endtext, enddata, endbss
.text
begtext:
.data
begdata:
.bss
begbss:
.text

entry start
start:

! ok, the read went well so we get current cursor position and save it for
! posterity.

 mov ax,#INITSEG ! this is done in bootsect already, but...
 mov ds,ax
 mov ah,#0x03 ! read cursor pos
 xor bh,bh
 int 0x10  ! save it in known place, con_init fetches
 mov [0],dx  ! it from 0x90000 /*把光标位置保存在0x90000处*/

! Get memory size (extended mem, kB)

 mov ah,#0x88
 int 0x15  /*获取扩展内存大小  AX = number of contiguous KB starting at absolute address 100000h*/
 mov [2],ax/*AX＝扩展内存字节数(以K为单位) 存到0x9000:2*/

! Get video-card data:

/*
功能0FH
功能描述：读取显示器模式
入口参数：AH＝0FH
出口参数：
    AH＝屏幕字符的列数
    AL＝显示模式(参见功能00H中的说明)
    BH＝页码
*/
 mov ah,#0x0f
 int 0x10
 mov [4],bx  ! bh = display page
 mov [6],ax  ! al = video mode, ah = window width

! check for EGA/VGA and some config parameters
/*      读取显示器的配置信息
BH = video state:
    00h color mode in effect (I/O port 3Dxh)
    01h mono mode in effect (I/O port 3Bxh)
BL = installed memory (00h = 64K, 01h = 128K, 02h = 192K, 03h = 256K)
CH = feature connector bits (see #00022)
CL = switch settings (see #00023,#00024)
AH destroyed (at least by Tseng ET4000 BIOS v8.00n)
*/
 mov ah,#0x12
 mov bl,#0x10
 int 0x10
 mov [8],ax
 mov [10],bx
 mov [12],cx

/*bios检测检测出来的硬盘参数数据存放在0x0000:4*0x41*/
! Get hd0 data

 mov ax,#0x0000
 mov ds,ax           /*改ds为0x0000*/
 lds si,[4*0x41]     /*lds, 就是offset [4*0x41] 相对于ds的偏移量存放到si中, 高16位送入ds,低16位送入si*/
 mov ax,#INITSEG     !ax 0x9000
 mov es,ax
 mov di,#0x0080      !es:di=0x9000:0x0080
 mov cx,#0x10        /*传送字节数*/
 rep
 movsb           /*把ds:si传送16个字节到es:si*/

! Get hd1 data

 mov ax,#0x0000
 mov ds,ax
 lds si,[4*0x46]
 mov ax,#INITSEG
 mov es,ax
 mov di,#0x0090      !es:di=0x9000:0x0090
 mov cx,#0x10
 rep
 movsb           /*把ds:si传送16个字节到es:si*/

! Check that there IS a hd1 :-)
!WRITE SECTOR BUFFER
/*检查是否存在第二个硬盘，如果不存在，第二个硬盘表清0.利用bios的int 0x13来实现。*/
 mov ax,#0x01500
 mov dl,#0x81        !80h = first, 81h = second hard disk
 int 0x13
 jc no_disk1
 cmp ah,#3
 je is_disk1
no_disk1:
 mov ax,#INITSEG
 mov es,ax
 mov di,#0x0090
 mov cx,#0x10
 mov ax,#0x00
 rep             /*rep的作用是根据cx的值，重复执行后面覆盖指令*/
 stosb           /*用ax覆盖es:di指向的地址中的数据，cx是指定股改多少字节*/
is_disk1:

! now we want to move to protected mode ...

 cli   ! no interrupts allowed !  /*禁止中断*/

! first we move the system to it's rightful place
/*首先把system移动到正确的位置
就是把0x1000:0到0x9000:0之间的512k移动到0x0000:0到0x8000:0之间,就是整体向前推移
*/
 mov ax,#0x0000
 cld   ! 'direction'=0, movs moves forward     /*设置传输方向,增长方式*/
 
do_move:
 mov es,ax  ! destination segment   ax是传递过来的变量
 add ax,#0x1000  ! 第一次ax是0x0000  ax = ax+0x1000 后 ax=0x1000
 cmp ax,#0x9000
 jz end_move    ! 如果等于0x9000跳转,否则向下执行
 mov ds,ax  ! source segment
 sub di,di
 sub si,si       ! 目的地es:di==0x0000:0     源ds:si=0x1000:0
 mov cx,#0x8000  ! 移动多少次 32768次,每次移动2字节，总共移动64k大小
 rep
 movsw           ! 每次移动一个字 2字节
 jmp do_move     ! 无条件跳转

! then we load the segment descriptors

end_move:
 mov ax,#SETUPSEG ! right, forgot this at first. didn't work :-)好了,忽略了这条命令,不能工作噢
 mov ds,ax           ! ds 0x9020
 lidt idt_48  ! load idt with 0,0     用idt_48标签所指向的内存地址初始化idtr寄存器,刚开始为0
 lgdt gdt_48  ! load gdt with whatever appropriate  用gdt_48标签所指向的内存地址初始化gdtr寄存器

! that was painless, now we enable A20

 call empty_8042
 mov al,#0xD1  ! command write
 out #0x64,al        ! out 写入0xD1到0x64端口
 call empty_8042
 mov al,#0xDF  ! A20 on
 out #0x60,al
 call empty_8042

! well, that went ok, I hope. Now we have to reprogram the interrupts :-(
! we put them right after the intel-reserved hardware interrupts, at
! int 0x20-0x2F. There they won't mess up anything. Sadly IBM really
! messed this up with the original PC, and they haven't been able to
! rectify it afterwards. Thus the bios puts interrupts at 0x08-0x0f,
! which is used for the internal hardware interrupts as well. We just
! have to reprogram the 8259's, and it isn't fun.

 mov al,#0x11  ! initialization sequence
 out #0x20,al  ! send it to 8259A-1
 .word 0x00eb,0x00eb  ! jmp $+2, jmp $+2
 out #0xA0,al  ! and to 8259A-2
 .word 0x00eb,0x00eb
 mov al,#0x20  ! start of hardware int's (0x20)
 out #0x21,al
 .word 0x00eb,0x00eb
 mov al,#0x28  ! start of hardware int's 2 (0x28)
 out #0xA1,al
 .word 0x00eb,0x00eb
 mov al,#0x04  ! 8259-1 is master
 out #0x21,al
 .word 0x00eb,0x00eb
 mov al,#0x02  ! 8259-2 is slave
 out #0xA1,al
 .word 0x00eb,0x00eb
 mov al,#0x01  ! 8086 mode for both
 out #0x21,al
 .word 0x00eb,0x00eb
 out #0xA1,al
 .word 0x00eb,0x00eb
 mov al,#0xFF  ! mask off all interrupts for now
 out #0x21,al
 .word 0x00eb,0x00eb
 out #0xA1,al

! well, that certainly wasn't fun :-(. Hopefully it works, and we don't
! need no steenking BIOS anyway (except for the initial loading :-).
! The BIOS-routine wants lots of unnecessary data, and it's less
! "interesting" anyway. This is how REAL programmers do it.
!
! Well, now's the time to actually move into protected mode. To make
! things as simple as possible, we do no register set-up or anything,
! we let the gnu-compiled 32-bit programs do that. We just jump to
! absolute address 0x00000, in 32-bit protected mode.

 mov ax,#0x0001 ! protected mode (PE) bit
 lmsw ax  ! This is it!
 /* lmsw指令把ax寄存器数据加载到cr0控制寄存器,将cpu状态字中的PE位设置为1启动保护模式*/
 jmpi 0,8  ! jmp offset 0 of segment 8 (cs)
/*
    前面已经将system代码移动到0x00000处了。所以偏移ip=0
    jmpi  0, 8  即  cs=8 , ip=0
    进入保护模式之后,段就不再是数据段了，就变成段选择子了，用于选择描述符表gdt和描述符表项以及所要求的特权级。
    段选择子长2字节,16位，例如cs段选择子.
段选择子:
    0-1位       表示特权级别
        0       系统级
        3       用户级
    2位         选择全局描述符表gdt==0,还是局部描述符表lgdt=1
    3-15位      表示描述符表项(gdt/lgdt)的索引,支出选择那一项描述符

 所以这里cs=8(0x0000,0000,0000,1000) 表示 请求系统级0，使用全局描述符表(gdt)中的第1项,
 第一项中指定了代码的起始位置，限长，偏移量，读写权限。
*/ 

! This routine checks that the keyboard command queue is empty
! No timeout is used - if this hangs there is something wrong with
! the machine, and we probably couldn't proceed anyway.
empty_8042:     /*测试等待输入缓冲器是否为空*/
 .word 0x00eb,0x00eb
 in al,#0x64 ! 8042 status port
 test al,#2  ! is input buffer full?
 jnz empty_8042 ! yes - loop
 ret

gdt:
 .word 0,0,0,0  ! dummy     /*第一个不可用，从第二个开始*/

/*第二个表项是系统代码段描述符*/
 .word 0x07FF  ! 8Mb - limit=2047 (2048*4096=8Mb)  限长
 .word 0x0000  ! base address=0    基址
 .word 0x9A00  ! code read/exec    权限
 .word 0x00C0  ! granularity=4096, 386

/*第三个表项是系统数据段描述符*/
 .word 0x07FF  ! 8Mb - limit=2047 (2048*4096=8Mb)
 .word 0x0000  ! base address=0
 .word 0x9200  ! data read/write
 .word 0x00C0  ! granularity=4096, 386

idt_48:
 .word 0   ! idt limit=0   限长  前2字节表示idt表的限长
 .word 0,0   ! idt base=0L   基址  后4字节表示idt表所处的基地址

gdt_48:
 .word 0x800  ! gdt limit=2048, 256 GDT entries  gdt表大小2048字节,即限长2k
 .word 512+gdt,0x9 ! gdt base = 0X9xxxx     因为每8个字节组成一个表项,所以总共256项条目      
 
.text
endtext:
.data
enddata:
.bss
endbss: