好久没有看kernel的启动部分代码了,今天在看tim robinson's gdt trick的时候有些吃力了,本来是想翻译来着,但是比较简单,就直接贴过来了,里面掺杂着一些我添加的注释。
In this tutorial we'll write a very simple higher-half kernel using TimRobinson's GDT trick. This will allow us to load our kernel at some high address (e.g 0xC0000000) without enabling paging. Later, when we have done all our "critical" jobs, we'll enable paging and use a "normal" GDT.
The sources are very well commented and may be compiled with NASM/YASM and GCC.
The assembler part
This is our first file, start.asm. Here we define the Multiboot header and some useful functions, such as gdt_flush. Once GRUB has loaded the kernel in memory, we use the lgdt instruction to load the "fake" GDT, that will allow us to jump into our kernel. The CPU will add the base 0x40000000 to every function, so it will jump to address 0xC0100000 + 0x40000000 = 0x100000.
Note the .setup section: the CPU always needs the physical address of the GDT, but we are linking all the kernel in the higher half. How do we manage this? Simple, just link the GDT within a special section with identical virtual and physical addresses.
; 现在处于保护模式
; grub以保护模式启动内核,这样避免了每个内核进行自己切换
; grub引导后,GDT中基地址为0,并不开启分页机制
; grub调用操作系统后,A20必须打开,PG位必须清空,PE位必须设置
[BITS 32] ; 32 bit code
[global start] ; make 'start' function global
[extern kmain] ; our C kernel main
; Multiboot constants
; Multiboot header (needed to boot from GRUB)
; the kernel entry point
; here's the trick: we load a GDT with a base address
; of 0x40000000 for the code (0x08) and data (0x10) segments
; 查看选择子结构:后面还有3个位: TI(1)+RPL(2)。因此index为1的选择子为0b1000=0x8;同理index为2的选择子为0b10000=0x10
lgdt [trickgdt]
mov ax, 0x10
mov ds, ax
mov es, ax
mov fs, ax
mov gs, ax
mov ss, ax
; jump to the higher half kernel
jmp 0x08:higherhalf
; from now the CPU will translate automatically every address
; by adding the base 0x40000000
mov esp, sys_stack ; set up a new stack for our kernel
call kmain ; jump to our C kernel ;)
; just a simple protection...
jmp $
[global gdt_flush] ; make 'gdt_flush' accessible from C code
[extern gp] ; tells the assembler to look at C code for 'gp'
; this function does the same thing of the 'start' one, this time with
; the real GDT
lgdt [gp]
mov ax, 0x10
mov ds, ax
mov es, ax
mov fs, ax
mov gs, ax
mov ss, ax
jmp 0x08:flush2
[section .setup] ; tells the assembler to include this data in the '.setup' section
dw gdt_end - gdt - 1 ; size of the GDT
dd gdt ; linear address of GDT
dd 0, 0; null gate
;type 9A:描述符的属性A为执行/读, 2为读/写; 9A和92的9: 0b1001,末尾的1表示描述符类型,1表示代码段和数据段
db 0xFF, 0xFF, 0, 0, 0, 10011010b, 11001111b, 0x40; code selector 0x08: base 0x40000000, limit 0xFFFFFFFF, type 0x9A, granularity 0xCF
db 0xFF, 0xFF, 0, 0, 0, 10010010b, 11001111b, 0x40; data selector 0x10: base 0x40000000, limit 0xFFFFFFFF, type 0x92, granularity 0xCF
[section .bss]
resb 0x1000
; our kernel stack
//虚拟地址0xC0100000 => 物理地址0x00100000
//jmp 0x08:highhalf
//物理地址 = 基地址 + 偏移地址
//物理地址 = 0x40000000 + 0xC0100000 = 0x00100000(1M)
The C part
At this point the CPU will be executing our kmain function. For this tutorial it will be very small and easy: just call some functions and print a message.
// We declare a pointer to the VGA array and its attributes
//注意: 物理地址0xB8000为显存,这里lgdt并且设置页表之后,虚拟地址0xB8000指向物理地址0xB8000。当然这个地方也可以设置为虚拟地址0xC00B8000,得到的物理地址也是0xB8000
unsigned short *video = (unsigned short *)0xB8000; // We could also use the virtual address 0xC00B8000
unsigned char attrib = 0xF; // White text on black background
// Extern functions
void gdt_install();
void init_paging();
// Clears the screen
void cls()
int i = 0;
for (i = 0; i < 80 * 25; i++)
video[i] = (attrib << 8) | 0;
// Prints the welcome message ;)
void helloworld()
char msg[] = "Hello, World!";
int i = 0;
for (i = 0; msg[i] != '\0'; i++)
video[i] = (attrib << 8) | msg[i];
// Our kernel's first function: kmain
void kmain()
// FIRST enable paging and THEN load the real GDT!
// We clear the screen and print our welcome message
// Hang up the computer
for (;;);
Note that you must enable paging before loading the new GDT as the CPU, once loaded the GDT with 0x0 as base address, will be still using virtual addresses and if paging isn't enabled... triple fault!
// Declare the page directory and a page table, both 4kb-aligned
unsigned long kernelpagedir[1024] __attribute__ ((aligned (4096)));
unsigned long lowpagetable[1024] __attribute__ ((aligned (4096)));
// This function fills the page directory and the page table,
// then enables paging by putting the address of the page directory
// into the CR3 register and setting the 31st bit into the CR0 one
void init_paging()
// Pointers to the page directory and the page table
void *kernelpagedirPtr = 0;
void *lowpagetablePtr = 0;
int k = 0;
kernelpagedirPtr = (char *)kernelpagedir + 0x40000000;// Translate the page directory from
// virtual address to physical address
lowpagetablePtr = (char *)lowpagetable + 0x40000000;// Same for the page table
// Counts from 0 to 1023 to...
for (k = 0; k < 1024; k++)
lowpagetable[k] = (k * 4096) | 0x3;// ...map the first 4MB of memory into the page table...
kernelpagedir[k] = 0;// ...and clear the page directory entries
// Fills the addresses 0...4MB and 3072MB...3076MB of the page directory
// with the same page table
kernelpagedir[0] = (unsigned long)lowpagetablePtr | 0x3;
kernelpagedir[768] = (unsigned long)lowpagetablePtr | 0x3;
// Copies the address of the page directory into the CR3 register and, finally, enables paging!
asm volatile ("mov %0, %%eax\n"
"mov %%eax, %%cr3\n"
"mov %%cr0, %%eax\n"
"orl $0x80000000, %%eax\n"
"mov %%eax, %%cr0\n" :: "m" (kernelpagedirPtr));
//虚拟地址0xC0100000 => 物理地址0x00100000
//页转化: 10 | 10 | 12
//0xC0100000 => 0x300 | 0x100 | 0x000
//unsigned short *video = (unsigned short *)0xB8000; // We could also use the virtual address 0xC00B8000
//虚拟地址0xB8000 => 物理地址0xB8000
//0x000B8000 => 0x000 | 0x0B8 |0x000
//0x000: 页目录表的第0项,指向lowpagetablePtr
//0x0B8=184: 页表的第184项目,物理地址为184*4K=0x0B8<<12 = 0x0B8000
//0x000: 页内偏移为0
And here is the gdt_install function. I think it doesn't need any explanation as it has been taken from Bran's Kernel Development Tutorial, so read that if you need more information.
// Defines the structures of a GDT entry and of a GDT pointer
struct gdt_entry
unsigned short limit_low;
unsigned short base_low;
unsigned char base_middle;
unsigned char access;
unsigned char granularity;
unsigned char base_high;
} __attribute__((packed));
struct gdt_ptr
unsigned short limit;
unsigned int base;
} __attribute__((packed));
// We'll need at least 3 entries in our GDT...
struct gdt_entry gdt[3];
struct gdt_ptr gp;
// Extern assembler function
void gdt_flush();
// Very simple: fills a GDT entry using the parameters
void gdt_set_gate(int num, unsigned long base, unsigned long limit, unsigned char access, unsigned char gran)
gdt[num].base_low = (base & 0xFFFF);
gdt[num].base_middle = (base >> 16) & 0xFF;
gdt[num].base_high = (base >> 24) & 0xFF;
gdt[num].limit_low = (limit & 0xFFFF);
gdt[num].granularity = ((limit >> 16) & 0x0F);
gdt[num].granularity |= (gran & 0xF0);
gdt[num].access = access;
// Sets our 3 gates and installs the real GDT through the assembler function
void gdt_install()
gp.limit = (sizeof(struct gdt_entry) * 6) - 1;
gp.base = (unsigned int)&gdt;
gdt_set_gate(0, 0, 0, 0, 0);
gdt_set_gate(1, 0, 0xFFFFFFFF, 0x9A, 0xCF);
gdt_set_gate(2, 0, 0xFFFFFFFF, 0x92, 0xCF);
The linker script
Our last file is the linker script. Let's give a look at it:
. = 0x100000;
.setup :
. += 0xC0000000;
.text : AT(ADDR(.text) - 0xC0000000)
.data ALIGN (4096) : AT(ADDR(.data) - 0xC0000000)
.bss ALIGN (4096) : AT(ADDR(.bss) - 0xC0000000)
As you can see, we link the .setup section to the lower half (0x100000) and the whole kernel to the higher half (0xC0100000). A simple and elegant solution!
I hope this tutorial will help you writing your own higher half kernel. For any question please post on the forum!
