setup.s分析
1、setup.s程序的主要利用rom-bios中断读取机器系统数据,并将这些数据保存在0x90000开始处,覆盖了bootsect.s程序。
2、将system模块从0x10000-0x8ffff移动到0x00000。
3、加载中断描述符表寄存器(idtr)和全局中断描述符表寄存器(gdtr),开启A20地址线,重新设置两个中断控制芯片8259A,将硬件中断号重新设置为0x20-0x2f。
4、设置cpu的控制寄存器CR0(机器状态字),从而进入32位保护模式运行,并跳至system模块的前面部分head.s程序继续运行。
! setup.s (C) 1991 Linus Torvalds
!
! setup.s is responsible for getting the system data from the BIOS,
! and putting them into the appropriate places in system memory.
! both setup.s and system has been loaded by the bootblock.
!
! This code asks the bios for memory/disk/other parameters, and
! puts them in a "safe" place: 0x90000-0x901FF, ie where the
! boot-block used to be. It is then up to the protected mode
! system to read them from there before the area is overwritten
! for buffer-blocks.
!
! NOTE! These had better be the same as in bootsect.s!
INITSEG = 0x9000 ! we move boot here - out of the way
SYSSEG = 0x1000 ! system loaded at 0x10000 (65536).
SETUPSEG = 0x9020 ! this is the current segment
.globl begtext, begdata, begbss, endtext, enddata, endbss
.text
begtext:
.data
begdata:
.bss
begbss:
.text
entry start
start:
! ok, the read went well so we get current cursor position and save it for
! posterity.
mov ax,#INITSEG ! this is done in bootsect already, but...
mov ds,ax
mov ah,#0x03 ! read cursor pos
xor bh,bh
int 0x10 ! save it in known place, con_init fetches
mov [0],dx ! it from 0x90000. //行号和列号存到0x90000
//读取光标使用的int 0x10的功能号为ah=0x03,输入bh=页号;返回
//ch=扫描开始线;cl=扫描结束线;dh=行号;dl=列号;
! Get memory size (extended mem, kB)
mov ah,#0x88 //读取从1m处开始的扩展内存大小(KB),返回值放在0x90000:0x0002
int 0x15
mov [2],ax
! Get video-card data:
mov ah,#0x0f
int 0x10
mov [4],bx ! bh = display page //bh为当前的显示页
mov [6],ax ! al = video mode, ah = window width //al为显示模式,ah为窗口宽度
! check for EGA/VGA and some config parameters
mov ah,#0x12
mov bl,#0x10
int 0x10
mov [8],ax
mov [10],bx //bh=显示状态(0x00=彩色模式,I/O端口=0x3dX;0x01=单色模式,I/O端口=0x3bX),bl=安装的显示内存(0x00-64k,0x01- 128k,0x02-192k,0x03-256k)
mov [12],cx //cx=显卡特性参数
//检查显示方式(VGA/EGA),并取参数。
! Get hd0 data
mov ax,#0x0000
mov ds,ax
lds si,[4*0x41] //取中断向量0x41的值,第1个硬盘的参数表地址=4*0x41=0x0000:0x0104
mov ax,#INITSEG
mov es,ax
mov di,#0x0080
mov cx,#0x10
rep
movsb
! Get hd1 data
mov ax,#0x0000
mov ds,ax
lds si,[4*0x46] //取中断向量0x46的值,第2个硬盘的参数表地址=4*0x46=0xf000:0xe401
mov ax,#INITSEG
mov es,ax
mov di,#0x0090
mov cx,#0x10
rep
movsb
! Check that there IS a hd1 :-)
mov ax,#0x01500
mov dl,#0x81
int 0x13
jc no_disk1 //判断有没有hd1,若没有清除hd1的硬盘表。
cmp ah,#3
je is_disk1
no_disk1:
mov ax,#INITSEG
mov es,ax
mov di,#0x0090
mov cx,#0x10
mov ax,#0x00
rep
stosb
is_disk1:
! now we want to move to protected mode ...
//从这里开始进入保护模式运行
cli ! no interrupts allowed ! //此时不允许中断
! first we move the system to it's rightful place
mov ax,#0x0000
cld ! 'direction'=0, movs moves forward
do_move:
mov es,ax ! destination segment
add ax,#0x1000
cmp ax,#0x9000
jz end_move
mov ds,ax ! source segment
sub di,di
sub si,si
mov cx,#0x8000
rep
movsw
jmp do_move //将system模块移动到0x0000处
! then we load the segment descriptors
end_move:
mov ax,#SETUPSEG ! right, forgot this at first. didn't work :-)
mov ds,ax
lidt idt_48 ! load idt with 0,0 //lidt 指令用于加载中断描述符表(idt)
//寄存器,它的操作数是6 个字节,0-1字节是描述符表的长度值(字节);
//2-5 字节是描述符表的32 位线性基地址(首地址)。
lgdt gdt_48 ! load gdt with whatever appropriate
//lgdt 指令用于加载全局描述符表(gdt)寄存器。全局描述符表中的每个描述符项 //(8 字节)描述了保护模式下数据和代码段(块)的信息。其中包括段的最大长
//度限制(16 位)、段的线性基址(32 位
//)、段的特权级、段是否在内存、读写
//许可以及其它一些保护模式运行的标志
! that was painless, now we enable A20
//开启A20地址线
//对A20地址线的开启和关闭,作为对实模式和保护模式切换的一部分,使对地址的访问可以大于16M,机器启动时默认的是关闭的,可以通过键盘控制器和I/O端口0x92进行设置
call empty_8042 //等待缓冲区为空时才能写控制命令
mov al,#0xD1 ! command write
out #0x64,al
call empty_8042
mov al,#0xDF ! A20 on
out #0x60,al
call empty_8042
! well, that went ok, I hope. Now we have to reprogram the interrupts :-(
! we put them right after the intel-reserved hardware interrupts, at
! int 0x20-0x2F. There they won't mess up anything. Sadly IBM really
! messed this up with the original PC, and they haven't been able to
! rectify it afterwards. Thus the bios puts interrupts at 0x08-0x0f,
! which is used for the internal hardware interrupts as well. We just
! have to reprogram the 8259's, and it isn't fun.
//以下对中断进行编程
mov al,#0x11 ! initialization sequence
out #0x20,al ! send it to 8259A-1
.word 0x00eb,0x00eb ! jmp $+2, jmp $+2
out #0xA0,al ! and to 8259A-2
.word 0x00eb,0x00eb
mov al,#0x20 ! start of hardware int's (0x20)
out #0x21,al
.word 0x00eb,0x00eb
mov al,#0x28 ! start of hardware int's 2 (0x28)
out #0xA1,al
.word 0x00eb,0x00eb
mov al,#0x04 ! 8259-1 is master
out #0x21,al
.word 0x00eb,0x00eb
mov al,#0x02 ! 8259-2 is slave
out #0xA1,al
.word 0x00eb,0x00eb
mov al,#0x01 ! 8086 mode for both
out #0x21,al
.word 0x00eb,0x00eb
out #0xA1,al
.word 0x00eb,0x00eb
mov al,#0xFF ! mask off all interrupts for now
out #0x21,al
.word 0x00eb,0x00eb
out #0xA1,al
! well, that certainly wasn't fun :-(. Hopefully it works, and we don't
! need no steenking BIOS anyway (except for the initial loading :-).
! The BIOS-routine wants lots of unnecessary data, and it's less
! "interesting" anyway. This is how REAL programmers do it.
!
! Well, now's the time to actually move into protected mode. To make
! things as simple as possible, we do no register set-up or anything,
! we let the gnu-compiled 32-bit programs do that. We just jump to
! absolute address 0x00000, in 32-bit protected mode.
//以上进行了中断编程
mov ax,#0x0001 ! protected mode (PE) bit
lmsw ax ! This is it! //加载机器状态字,也称为控制寄存器CR0,置最低为1,进入保护模式
jmpi 0,8 ! jmp offset 0 of segment 8 (cs) //跳转至cs 段8,偏移0 处。
//这里的段值的8 已经是保护模式下的段选择符了,用于选择描述符表和描述符表项以及所要求的特权级。
//段选择符长度为16 位(2 字节);位0-1 表示请求的特权级0-3,linux 操作系统只用到两级:0 级(系统级)和3 级(用户级);位2 用于选择全局描述符表(0)还是局部描述符表(1);位3-15 是描述符表项的索引,指出选择第几项描述符。
所以段选择符8(0b0000,0000,0000,1000)表示请求特权级0、使用全局描述符表中的第1 项,该项指出代码的基地址是0,因此这里的跳转指令就会去执行system 中的代码。
//程序到这里结束。下面就可以进入head.s进行。
! This routine checks that the keyboard command queue is empty
! No timeout is used - if this hangs there is something wrong with
! the machine, and we probably couldn't proceed anyway.
empty_8042:
.word 0x00eb,0x00eb
in al,#0x64 ! 8042 status port
test al,#2 ! is input buffer full?
jnz empty_8042 ! yes - loop
ret
gdt:
.word 0,0,0,0 ! dummy
.word 0x07FF ! 8Mb - limit=2047 (2048*4096=8Mb)
.word 0x0000 ! base address=0
.word 0x9A00 ! code read/exec
.word 0x00C0 ! granularity=4096, 386
.word 0x07FF ! 8Mb - limit=2047 (2048*4096=8Mb)
.word 0x0000 ! base address=0
.word 0x9200 ! data read/write
.word 0x00C0 ! granularity=4096, 386
idt_48:
.word 0 ! idt limit=0 //前两个字节是idt表的限长
.word 0,0 ! idt base=0L //后4个字节是idt表所处的基地址
gdt_48:
.word 0x800 ! gdt limit=2048, 256 GDT entries //全局表的限长为2k
.word 512+gdt,0x9 ! gdt base = 0X9xxxx //gdt base = 0X9xxxx
//4 个字节构成的内存线性地址:
//0x0009<<16 + 0x0200+gdt
//也即0x90200 + gdt
.text
endtext:
.data
enddata:
.bss
endbss:
(未完)
1272
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
