我详细解析了bootsect.s,同时阅读了setup.s。其中bootsect.s存放于磁盘的主引导扇区,bios-startup程序加载该程
序(bootsect.s)到内存0x700处,并由此执行bootsect.s来引导Linux
kernel。在bootsect.s中加载setup.s至内存中,并在执行完它自身后,jump跳至刚刚已读入的setup部份,继续执行。
Linux Kernel Image 生成过程: 一.
引导扇区汇编代码bootsect.s被预处理成bbootsect.s或bootsect.s(无论有无D_BIG_KERNEL),当然这取决于编译
目标是bzImage还是bImage。bbootsect.s被汇编,然后被转化成合法的二进制文件,通过调用bbootsect.s。(或者是
bootsect.s被汇编,然后被转化成合法的二进制文件,通过调用bootsect.s。) 二. 启动代码setup.s(include
video.s)被预处理成bsetup.s(就bzImage而言),或者是setup.s(就zImage而言)。和bootsect.s一样,不同
的是bzImage使用-D_BIG_KERNEL来标志。结果同样也将被转化成合法的二进制文件,通过调用bsetup.s或setup.s。
三. 进入子目录 arch/i386/boot/compressed 把/usr/src/linux/vmlinux
转变成$tmppiggy.gz(临时文件名,合法的二进制格式)。删除.note 和.comment 文件。 四. gzip -9
<$tmppiggy>
$tmppiggy.gz。(gunzip()在main.c中被实现。用于解压缩部份Linux内核,负责解压缩Linux内核的函数还有
decompressed()) 五. 联接(Link)$temppiggy.gz ,使其成为 ELF relocate(ld -r)文件
piggy.0。 六. 编译压缩程序 head.s 和 misc.c(仍然存在于子目录
arch/i386/boot/compressed中。)成ELF的目标文件head.o和misc.o。 七.
联接(Link)所有的目标文件head.o、misc.o、piggy.o成bvmlinux(或者vmlinux,就zImage而言,注意:不要错
误地把它认为是 /usr/src/linux/vmlinux !)。一定要注意到这两者之间的不同:-Ttext
0x1000(调用的是经过压缩的内核镜像vmlinux),-Ttext
0x100000(调用的是未经过压缩的大内核镜像bvmlinux,还有bzImage compression loader
将被high-loaded,调到内存高地址处)。 八. 把bvmlinux转化成合法的二进制文件 bvmlinux.out ,删除
.note 和.comment部份。 九. 最后返回 arch/i386/boot
子目录,使用编程工具把bbootsect+bsetup+compressed/bvmlinux.out
编译成bzImage。(也可以使编译成zImage)。
bootsect.s完成如下功能: 一. bootsect.s将它“自己“从被ROM
BIOS载入的绝对地址0x7C00处搬到0x9000处,然后利用一个jmpi(jump
indirectly)的指令,跳到新位置的jmpi的下一行(go:)去执行。 二. 接着,将其他segment
registers包括DS,ES,SS都指向0x9000这个位置,与CS看齐。另外将SP及DX指向一任意位移地址( offset
),这个地址等一下会用来存放磁盘参数表(disk para- meter table )。设置堆栈段,且开始处为0x4000-12。 三.
读入磁盘参数,并建立参数表。 四. 接着利用BIOS中断服务int 13h的第0号功能,重置磁盘控制器,使得刚才的设定发挥功能。 五.
完成重置磁盘控制器之后,bootsect就从磁盘上读入紧邻着bootsect的setup程序,也就是setup.S,此读入动作是利用BIOS中断
服务int 13h的第2号功能。setup的image将会读入至程序所指定的内存绝对地址0x90200处,也就是在内存中紧邻着bootsect
所在的位置。待setup的image读入内存后,利用BIOS中断服务int 13h的第8号功能读取目前磁盘的参数。 六.
再来,就要读入真正linux的kernel了,也就是你可以在linux的根目录下看到的“vmlinuz“
。在读入前,将会先呼叫BIOS中断服务int 10h 的第3号功能,读取游标位置,之后再呼叫BIOS 中断服务int
10h的第13h号功能,在萤幕上输出字串“Loading“,这个字串在boot linux时都会首先被看到。 七.
接下来做的事是检查root device,之后就仿照一开始的方法,利用indirectjump 跳至刚刚已读入的setup.s部份。
源代码解析如下:
! ! bootsect.s Copyright (C) 1991, 1992 Linus Torvalds ! modified
by Drew Eckhardt ! modified by Bruce Evans (bde) ! ! bootsect.s is
loaded at 0x7c00 by the bios-startup routines, and moves ! itself out
of the way to address 0x90000, and jumps there. ! ! bde - should not
jump blindly, there may be systems with only 512K low ! memory. Use int
0x12 to get the top of memory, etc. ! ! It then loads ‘setup‘ directly
after itself (0x90200), and the system ! at 0x10000, using BIOS
interrupts. ! ! NOTE! currently system is at most (8*65536-4096) bytes
long. This should ! be no problem, even in the future. I want to keep
it simple. This 508 kB ! kernel size should be enough, especially as
this doesn‘t contain the ! buffer cache as in minix (and especially now
that the kernel is ! compressed :-) ! ! The loader has been made as
simple as possible, and continuous ! read errors will result in a
unbreakable loop. Reboot by hand. It ! loads pretty fast by getting
whole tracks at a time whenever possible.
#include /* for CONFIG_ROOT_RDONLY */ #include
.text
!The values of DEF_INITSEG, DEF_SETUPSEG, DEF_SYSSEG, DEF_SYSSIZE are taken !from include/asm/boot.h
! /*Don‘t touch these ,unless you really know what you‘re doing*/ !
#define DEF_INITSEG 0x9000 ! #define DEF_SETUPSEG 0x9020 ! #define
DEF_SYSSIZE 0x7F00 ! #define DEF_SYSSEG 0x1000
SETUPSECS = 4 ! default nr of setup-sectors BOOTSEG = 0x07C0 !
original address of boot-sector INITSEG = DEF_INITSEG ! we move boot
here - out of the way SETUPSEG = DEF_SETUPSEG ! setup starts here
SYSSEG = DEF_SYSSEG ! system loaded at 0x10000 (65536). SYSSIZE =
DEF_SYSSIZE ! system size: number of 16-byte clicks ! to be loaded
! ROOT_DEV & SWAP_DEV are now written by “build“. ROOT_DEV = 0
SWAP_DEV = 0 #ifndef SVGA_MODE #define SVGA_MODE ASK_VGA #endif #ifndef
RAMDISK #define RAMDISK 0 #endif #ifndef CONFIG_ROOT_RDONLY #define
CONFIG_ROOT_RDONLY 1 #endif
! ld86 requires an entry symbol. This may as well be the usual one.
.globl _main _main: #if 0 /* hook for debugger, harmless unless BIOS is
fussy (old HP) */ int 3 #endif mov ax,#BOOTSEG mov ds,ax mov
ax,#INITSEG mov es,ax mov cx,#256 sub si,si sub di,di cld rep movsw
jmpi go,INITSEG
!The lines 66--76 move the bootsector code from address 0x7C00 to
0x90000. !This is achieved by: ! 1. set ds:si to $BOOTSEG:0 (0x07C0:0 =
0x07C00) ! 2. set es:di to $INITSEG:0 (0x9000:0 = 0x90000) ! 3. set the
number of 16bit words in %cx (256 words = 512 bytes = 1 sector) ! 4.
clear DF (direction) flag in EFLAGS to auto-increment address (cld) !
5. go ahead and copy 512 bytes (rep movsw)
! ax and es already contain INITSEG
go: mov di,#0x4000-12 ! 0x4000 is arbitrary value >= length of !
bootsect + length of setup + room for stack ! 12 is disk parm size
! bde - changed 0xff00 to 0x4000 to use debugger at 0x6400 up
(bde). We ! wouldn‘t have to worry about this if we checked the top of
memory. Also ! my BIOS can be configured to put the wini drive tables
in high memory ! instead of in the vector table. The old stack might
have clobbered the ! drive table.
mov ds,ax ! The value of ax is INITSEG mov ss,ax ! put stack at
INITSEG:0x4000-12. mov sp,di /* * Many BIOS‘s default disk parameter
tables will not * recognize multi-sector reads beyond the maximum
sector number * specified in the default diskette parameter tables -
this may * mean 7 sectors in some cases. * * Since single sector reads
are slow and out of the question, * we must take care of this by
creating new parameter tables * (for the first disk) in RAM. We will
set the maximum sector * count to 36 - the most we will encounter on an
ED 2.88. * * High doesn‘t hurt. Low does. * * Segments are as follows:
ds=es=ss=cs - INITSEG, * fs = 0, gs is unused. */
! cx contains 0 from rep movsw above
mov fs,cx mov bx,#0x78 ! fs:bx is parameter table address push ds
seg fs lds si,(bx) ! ds:si is source; ! The line equal: lds si,fs:[bx]
mov cl,#6 ! copy 12 bytes cld push di
rep movsw ! movs可以把由(SI)指向的数据段中的一个字 ! 传送到由(DI)指向的附加段中的一个字中去. !The
lines 120--132 possibily copy the parameter table to ram 0x4000-12 pop
di pop ds
movb 4(di),*36 ! patch sector count
seg fs mov (bx),di seg fs mov 2(bx),es
! load the setup-sectors directly after the bootblock. ! Note that ‘es‘ is already set up. ! Also cx is 0 from rep movsw above.
load_setup: xor ah,ah ! reset FDC xor dl,dl int 0x13
! 完成重置磁盘控制器之后,bootsect就从磁盘上读入紧邻着bootsect的setup
!程序,也就是setup.S,此读入动作是利用BIOS中断服务int 13h的第2号功能。
!程序第167-173行。
!setup的image将会读入至程序所指定的内存绝对地址0x90200处,也就是在内存
!中紧邻着bootsect 所在的位置。待setup的image读入内存后,利用BIOS中断服
!务int 13h的第8号功能读取目前磁盘的参数。(194-196)
xor dx, dx ! drive 0, head 0 mov cl,#0x02 ! sector 2, track 0 mov
bx,#0x0200 ! address = 512, in INITSEG mov ah,#0x02 ! service 2, nr of
sectors mov al,setup_sects ! (assume all on head 0, track 0) !
SETUPSECS = 4 which is defined at line 39 ! default nr of setup-sectors
int 0x13 ! read it jnc ok_load_setup ! ok - continue 进位为0则转移
push ax ! dump error code call print_nl mov bp, sp call print_hex pop ax
jmp load_setup
ok_load_setup:
! Get disk drive parameters, specifically nr of sectors/track
#if 0
! bde - the Phoenix BIOS manual says function 0x08 only works for
fixed ! disks. It doesn‘t work for one of my BIOS‘s (1987 Award). It
was ! fatal not to check the error code.
xor dl,dl mov ah,#0x08 ! AH=8 is get drive parameters int 0x13 xor ch,ch #else
! It seems that there is no BIOS call to get the number of sectors.
Guess ! 36 sectors if sector 36 can be read, 18 sectors if sector 18
can be read, ! 15 if sector 15 can be read. Otherwise guess 9.
mov si,#disksizes ! table of sizes to try
probe_loop: lodsb ! 该指令把由(SI)指定的数据段中某单元的内容送 !
到AL或AX中,并根据方向标志及数据类型修改SI的内容. cbw ! extend to word mov sectors, ax cmp
si,#disksizes+4 jae got_sectors ! if all else fails, try 9 ! jae:above
or equal 0 xchg ax, cx ! cx = track and sector xor dx, dx ! drive 0,
head 0 xor bl, bl mov bh,setup_sects inc bh shl bh,#1 ! address after
setup (es = cs) mov ax,#0x0201 ! service 2, 1 sector int 0x13 jc
probe_loop ! try next value
#endif
got_sectors:
! Restore es
mov ax,#INITSEG mov es,ax
! Print some inane message
mov ah,#0x03 ! read cursor pos xor bh,bh int 0x10
mov cx,#9 mov bx,#0x0007 ! page 0, attribute 7 (normal) mov bp,#msg1 mov ax,#0x1301 ! write string, move cursor int 0x10
! ok, we‘ve written the message, now ! we want to load the system (at 0x10000)
mov ax,#SYSSEG mov es,ax ! segment of 0x010000 call read_it call kill_motor call print_nl
! After that we check which root-device to use. If the device is !
defined (!= 0), nothing is done and the given device is used. !
Otherwise, one of /dev/fd0H2880 (2,32) or /dev/PS0 (2,28) or /dev/at0
(2,8), ! depending on the number of sectors we pretend to know we have.
seg cs mov ax,root_dev or ax,ax jne root_defined seg cs mov
bx,sectors mov ax,#0x0208 ! /dev/ps0 - 1.2Mb cmp bx,#15 je root_defined
mov al,#0x1c ! /dev/PS0 - 1.44Mb cmp bx,#18 je root_defined mov
al,#0x20 ! /dev/fd0H2880 - 2.88Mb cmp bx,#36 je root_defined mov al,#0
! /dev/fd0 - autodetect root_defined: seg cs mov root_dev,ax
! after that (everything loaded), we jump to ! the setup-routine loaded directly after ! the bootblock:
jmpi 0,SETUPSEG ! 开始执行setup.s
! This routine loads the system at address 0x10000, making sure !
no 64kB boundaries are crossed. We try to load it as fast as !
possible, loading whole tracks whenever we can. ! ! in: es - starting
address segment (normally 0x1000) ! sread: .word 0 ! sectors read of
current track head: .word 0 ! current head track: .word 0 ! current
track
read_it: mov al,setup_sects inc al mov sread,al mov ax,es test
ax,#0x0fff die: jne die ! es must be at 64kB boundary xor bx,bx ! bx is
starting address within segment rp_read: #ifdef __BIG_KERNEL__ #define
CALL_HIGHLOAD_KLUDGE .word 0x1eff,0x220 ! call far * bootsect_kludge !
NOTE: as86 can‘t assemble this CALL_HIGHLOAD_KLUDGE ! this is within
setup.S #else mov ax,es sub ax,#SYSSEG #endif cmp ax,syssize ! have we
loaded all yet? jbe ok1_read ret ok1_read: mov ax,sectors sub ax,sread
mov cx,ax shl cx,#9 add cx,bx jnc ok2_read je ok2_read xor ax,ax sub
ax,bx shr ax,#9 ok2_read: call read_track mov cx,ax add ax,sread cmp
ax,sectors jne ok3_read mov ax,#1 sub ax,head jne ok4_read inc track
ok4_read: mov head,ax xor ax,ax ok3_read: mov sread,ax shl cx,#9 add
bx,cx jnc rp_read !rp_read is in 303. mov ax,es add ah,#0x10 mov es,ax
xor bx,bx jmp rp_read
read_track: pusha pusha mov ax, #0xe2e ! loading... message 2e = . mov bx, #7 ! BL=前景色 AL=字符 int 0x10 popa
mov dx,track ! track : current track mov cx,sread ! sectors read of
current track inc cx mov ch,dl mov dx,head ! current head mov dh,dl and
dx,#0x0100 mov ah,#2
push dx ! save for error dump push cx push bx push ax
int 0x13 jc bad_rt add sp, #8 popa ret
bad_rt: push ax ! save error code call print_all ! ah = error, al = read
xor ah,ah ! 软盘系统复位 xor dl,dl int 0x13
add sp, #10 ! popa 会影响sp的值 popa jmp read_track
/* * print_all is for debugging purposes. * It will print out all
of the registers. The assumption is that this is * called from a
routine, with a stack frame like * dx * cx * bx * ax * error * ret
<- sp * */
print_all: mov cx, #5 ! error code + 4 registers mov bp, sp
print_loop: push cx ! save count left call print_nl ! nl for readability
cmp cl, #5 jae no_reg ! see if register name is needed
mov ax, #0xe05 + ‘A - 1 sub al, cl int 0x10
mov al, #‘X int 0x10
mov al, #‘: int 0x10
no_reg: add bp, #2 ! next register call print_hex ! print it pop cx loop print_loop ret
print_nl: mov ax, #0xe0d ! CR int 0x10 mov al, #0xa ! LF int 0x10 ret
/* * print_hex is for debugging purposes, and prints the word * pointed to by ss:bp in hexadecimal. */
print_hex: mov cx, #4 ! 4 hex digits mov dx, (bp) ! load word into
dx print_digit: rol dx, #4 ! rotate so that lowest 4 bits are used mov
ax, #0xe0f ! ah = request, al = mask for nybble and al, dl add al,
#0x90 ! convert al to ASCII hex (four instructions) daa adc al, #0x40
daa int 0x10 loop print_digit ret
/* * This procedure turns off the floppy drive motor, so * that we
enter the kernel in a known state, and * don‘t have to worry about it
later. */ kill_motor: push dx mov dx,#0x3f2 ! outb 指令使用短指令 xor al, al
outb pop dx ret
sectors: .word 0
disksizes: .byte 36,18,15,9
msg1: .byte 13,10 .ascii “Loading“
.org 497 setup_sects: .byte SETUPSECS root_flags: .word
CONFIG_ROOT_RDONLY syssize: .word SYSSIZE swap_dev: .word SWAP_DEV
ram_size: .word RAMDISK vid_mode: .word SVGA_MODE root_dev: .word
ROOT_DEV boot_flag: .word 0xAA55
在程序bootsect.s执行完以后(setup.s的前4个扇区的内容已被读入),setup.s紧接着开始执行。它负责从BIOS中获
取系统信息,并且将它们存放到内存中适当的地方。它完成如下一些主要功能: 一.
检测setup.s的代码是否已完全被读入,如果没有的话,则查找其余部分代码。并将它自己的其余部分移动到内存中紧邻着先前被读入的4个扇区的内容后
面。 二. 检测键盘、显示适配器、PS/2设备、Micro Channel(mca) bus,获取内存长度(以kb计算)。 三.
检查系统是否已被移动到了正确的地方,假如代码没有被准确移动到0x90000这个地方,我们则需要把代码移动到那个地方。当然在这以前,首先得检验我们
调用的是否是bing-kernel。
程序大部分代码解析如下: ! ! setup.S Copyright (C) 1991, 1992 Linus Torvalds !
! setup.s is responsible for getting the system data from the BIOS, !
and putting them into the appropriate places in system memory. ! both
setup.s and system has been loaded by the bootblock. ! ! This code asks
the bios for memory/disk/other parameters, and ! puts them in a “safe“
place: 0x90000-0x901FF, ie where the ! boot-block used to be. It is
then up to the protected mode ! system to read them from there before
the area is overwritten ! for buffer-blocks. ! ! Move PS/2 aux init
code to psaux.c ! (troyer@saifr00.cfsat.Honeywell.COM) 03Oct92 ! ! some
changes and additional features by Christoph Niemann, ! March 1993/June
1994 (Christoph.Niemann@linux.org) ! ! add APM BIOS checking by Stephen
Rothwell, May 1994 ! (Stephen.Rothwell@canb.auug.org.au) ! ! High load
stuff, initrd support and position independency ! by Hans Lermen &
Werner Almesberger, February 1996 ! , ! ! Video handling moved to
video.S by Martin Mares, March 1996 ! ! ! Extended memory detection
scheme retwiddled by (david ! parsons) to avoid loadlin confusion, July 1997 !
#define __ASSEMBLY__ #include #include #include #include #include
! Signature words to ensure LILO loaded us right #define SIG1 0xAA55 #define SIG2 0x5A5A
INITSEG = DEF_INITSEG ! 0x9000, we move boot here - out of the way
SYSSEG = DEF_SYSSEG ! 0x1000, system loaded at 0x10000 (65536).
SETUPSEG = DEF_SETUPSEG ! 0x9020, this is the current segment ! ... and
the former contents of CS DELTA_INITSEG = SETUPSEG - INITSEG ! 0x0020
.globl begtext, begdata, begbss, endtext, enddata, endbss .text begtext: .data begdata: .bss begbss: .text
entry start start: jmp start_of_setup ! ------------------------
start of header -------------------------------- ! ! SETUP-header, must
start at CS:2 (old 0x9020:2) ! .ascii “HdrS“ ! Signature for
SETUP-header .word 0x0201 ! Version number of header format ! (must be
>= 0x0105 ! else old loadlin-1.5 will fail) realmode_swtch: .word
0,0 ! default_switch,SETUPSEG start_sys_seg: .word SYSSEG .word
kernel_version ! pointing to kernel version string ! note: above part
of header is compatible with loadlin-1.5 (header v1.5), ! must not
change it
type_of_loader: .byte 0 ! = 0, old one (LILO, Loadlin, ! Bootlin,
SYSLX, bootsect...) ! else it is set by the loader: ! 0xTV: T=0 for
LILO ! T=1 for Loadlin ! T=2 for bootsect-loader ! T=3 for SYSLX ! T=4
for ETHERBOOT ! V = version loadflags: ! flags, unused bits must be
zero (RFU) LOADED_HIGH = 1 ! bit within loadflags, ! if set, then the
kernel is loaded high CAN_USE_HEAP = 0x80 ! if set, the loader also has
set heap_end_ptr ! to tell how much space behind setup.S | can be used
for heap purposes. ! Only the loader knows what is free! #ifndef
__BIG_KERNEL__ .byte 0x00 #else .byte LOADED_HIGH #endif
setup_move_size: .word 0x8000 ! size to move, when we (setup) are
not ! loaded at 0x90000. We will move ourselves ! to 0x90000 then just
before jumping into ! the kernel. However, only the loader ! know how
much of data behind us also needs ! to be loaded. code32_start: ! here
loaders can put a different ! start address for 32-bit code. #ifndef
__BIG_KERNEL__ .long 0x1000 ! 0x1000 = default for zImage #else .long
0x100000 ! 0x100000 = default for big kernel #endif ramdisk_image:
.long 0 ! address of loaded ramdisk image ! Here the loader (or kernel
generator) puts ! the 32-bit address were it loaded the image. ! This
only will be interpreted by the kernel. ramdisk_size: .long 0 ! its
size in bytes bootsect_kludge: .word bootsect_helper,SETUPSEG
heap_end_ptr: .word modelist+1024 ! space from here (exclusive) down to
! end of setup code can be used by setup ! for local heap purposes. !
------------------------ end of header
----------------------------------
start_of_setup: ! Bootlin depends on this being done early mov ax,#0x01500 mov dl,#0x81 int 0x13
#ifdef SAFE_RESET_DISK_CONTROLLER ! Reset the disk controller. mov ax,#0x0000 mov dl,#0x80 int 0x13 #endif
! set DS=CS, we know that SETUPSEG == CS at this point mov ax,cs ! aka #SETUPSEG mov ds,ax
!0xAA55和0x5A5A是用来确保LILO正确引导setup.s的两个标志
!检察setup代码结尾处的标志是否为AA55或5A5A,
!假如是,则跳到good_sig1处;否则,跳到bad_sig处,查找setup.s的剩余部分代码, !并且将其移动到内存中0x1000处。
cmp setup_sig1,#SIG1 jne bad_sig cmp setup_sig2,#SIG2 jne bad_sig jmp
good_sig1
! Routine to print ASCIIz string at DS:SI
prtstr: lodsb !lodsb是从串取指令(AL<--(SI)),(SI)<--(SI)+/-1 and
al,al jz fin !显示完所有需要显示的内容后,则返回调用处。 call prtchr jmp prtstr fin: ret
! Space printing
prtsp2: call prtspc ! Print double space prtspc: mov al,#0x20 ! Print single space (fall-thru!)
! Part of above routine, this one just prints ASCII al ! 利用int
0x10(AH=0x0E)在屏幕上以BL中得值为背景色显示存储在AL中的字符。 prtchr: push ax push cx xor
bh,bh mov cx,#0x01 mov ah,#0x0e int 0x10 pop cx pop ax ret
beep: mov al,#0x07 jmp prtchr
no_sig_mess: .ascii “No setup signature found ...“ db 0x00
good_sig1: jmp good_sig
!我们现在必须得找到setup代码、数据的剩余部分。 bad_sig: mov ax,cs ! aka
#SETUPSEG(cs的值为#SETUPSEG=0x9020) sub ax,#DELTA_INITSEG ! aka
#INITSEG(#INITSEG=0x9000) mov ds,ax ! 设置ds=0x9000,即bootsect.s被载入的地方 xor
bh,bh mov bl,[497] ! get setup sects from boot sector sub bx,#4 ! LILO
loads 4 sectors of setup !注意:此时bx中存放的是存储还未读取的setup代码的扇区数。 shl bx,#8 !
convert to words mov cx,bx !cx通常用作计数器。 shr bx,#3 ! convert to segment
add bx,#SYSSEG !计算出存放setup.s剩余部分代码、数据的地址。 seg cs mov start_sys_seg,bx
!把setup.s剩余部分的代码、数据移动到这个地方。 mov di,#2048 ! four sectors loaded by
LILO sub si,si mov ax,cs ! aka #SETUPSEG=0x9020 mov es,ax mov
ax,#SYSSEG mov ds,ax !ax=0x1000 rep movsw
!movs(movsw、movsb)可以把由(SI)指向的数据段中的一个字(或字节)传送到由(DI)
!指向的附加段中的一个字(字节)中去,同时根据方向标志及数据格式(字或字节)对SI和
!DI进行修改。但与REP联用时,则可将数据段中的整个字符串传送到附加段中去。
mov ax,cs ! aka #SETUPSEG mov ds,ax cmp setup_sig1,#SIG1 jne no_sig ! 同142--149 cmp setup_sig2,#SIG2 jne no_sig jmp good_sig
no_sig: lea si,no_sig_mess call prtstr no_sig_loop: jmp no_sig_loop
good_sig: mov ax,cs ! aka #SETUPSEG sub ax,#DELTA_INITSEG ! aka #INITSEG mov ds,ax !ds=0x9000
! check if an old loader tries to load a big-kernel seg cs test
byte ptr loadflags,#LOADED_HIGH ! Have we a big kernel? jz loader_ok !
NO, no danger even for old loaders ! YES, we have a big-kernel seg cs
cmp byte ptr type_of_loader,#0 ! Have we one of the new loaders? !
参见77--85,#0:采用LILO引导, !在Romed Linux中,我们使用bootsect.s引导, !则应改为cmp byte
ptr type_of_loader,#2 !或者,不要更改下面内容,直接跳到loader_ok处。 jnz loader_ok ! YES,
OK ! NO, we have an old loader, must give up push cs pop ds lea
si,loader_panic_mess call prtstr jmp no_sig_loop loader_panic_mess:
.ascii “Wrong loader: giving up.“ db 0
loader_ok: ! Get memory size (extended mem, kB)
#ifndef STANDARD_MEMORY_BIOS_CALL push ebx
xor ebx,ebx ! preload new memory slot with 0k mov [0x1e0], ebx
mov ax,#0xe801 int 0x15 jc oldstylemem
! Memory size is in 1 k chunksizes, to avoid confusing loadlin. !
We store the 0xe801 memory size in a completely different place, !
because it will most likely be longer than 16 bits. ! (use 1e0 because
that‘s what Larry Augustine uses in his ! alternative new memory
detection scheme, and it‘s sensible ! to write everything into the same
place.)
and ebx, #0xffff ! clear sign extend shl ebx, 6 ! and go from 64k to 1k chunks mov [0x1e0],ebx ! store extended memory size
and eax, #0xffff ! clear sign extend add [0x1e0],eax ! and add lower memory into total size.
! and fall into the old memory detection code to populate the ! compatibility slot.
oldstylemem: pop ebx #else mov dword ptr [0x1e0], #0 #endif mov ah,#0x88 int 0x15 mov [2],ax
! Set the keyboard repeat rate to the max
mov ax,#0x0305 xor bx,bx ! clear bx int 0x16
! Check for video adapter and its parameters and allow the ! user to browse video modes.
call video ! NOTE: we need DS pointing to boot sector !The function video is achieved in video.s ! Get hd0 data
xor ax,ax ! clear ax mov ds,ax lds si,[4*0x41] mov ax,cs ! aka
#SETUPSEG sub ax,#DELTA_INITSEG ! aka #INITSEG push ax mov es,ax mov
di,#0x0080 mov cx,#0x10 push cx cld rep movsb
! Get hd1 data
xor ax,ax ! clear ax mov ds,ax lds si,[4*0x46] pop cx pop es mov di,#0x0090 rep movsb
! Check that there IS a hd1 :-)
mov ax,#0x01500 mov dl,#0x81 int 0x13 jc no_disk1 cmp ah,#3 je
is_disk1 no_disk1: mov ax,cs ! aka #SETUPSEG sub ax,#DELTA_INITSEG !
aka #INITSEG mov es,ax mov di,#0x0090 mov cx,#0x10 xor ax,ax ! clear ax
cld rep stosb is_disk1:
! check for Micro Channel (MCA) bus mov ax,cs ! aka #SETUPSEG sub
ax,#DELTA_INITSEG ! aka #INITSEG mov ds,ax mov ds,ax xor ax,ax mov
[0xa0], ax ! set table length to 0 mov ah, #0xc0 stc int 0x15 ! puts
feature table at es:bx jc no_mca push ds mov ax,es mov ds,ax mov ax,cs
! aka #SETUPSEG sub ax, #DELTA_INITSEG ! aka #INITSEG mov es,ax mov
si,bx mov di,#0xa0 mov cx,(si) add cx,#2 ! table length is a short cmp
cx,#0x10 jc sysdesc_ok mov cx,#0x10 ! we keep only first 16 bytes
sysdesc_ok: rep movsb pop ds
no_mca:
! Check for PS/2 pointing device
mov ax,cs ! aka #SETUPSEG sub ax,#DELTA_INITSEG ! aka #INITSEG mov
ds,ax mov [0x1ff],#0 ! default is no pointing device int 0x11 ! int
0x11: equipment determination test al,#0x04 ! check if pointing device
installed jz no_psmouse mov [0x1ff],#0xaa ! device present no_psmouse:
#ifdef CONFIG_APM ! check for APM BIOS ! NOTE: DS is pointing to the boot sector ! mov [64],#0 ! version == 0 means no APM BIOS
mov ax,#0x05300 ! APM BIOS installation check xor bx,bx int 0x15 jc done_apm_bios ! error -> no APM BIOS
cmp bx,#0x0504d ! check for “PM“ signature jne done_apm_bios ! no signature -> no APM BIOS
and cx,#0x02 ! Is 32 bit supported? je done_apm_bios ! no ...
mov ax,#0x05304 ! Disconnect first just in case xor bx,bx int 0x15 ! ignore return code
mov ax,#0x05303 ! 32 bit connect xor bx,bx int 0x15 jc no_32_apm_bios ! error
mov [66],ax ! BIOS code segment mov [68],ebx ! BIOS entry point
offset mov [72],cx ! BIOS 16 bit code segment mov [74],dx ! BIOS data
segment mov [78],esi ! BIOS code segment length mov [82],di ! BIOS data
segment length ! ! Redo the installation check as the 32 bit connect !
modifies the flags returned on some BIOSs ! mov ax,#0x05300 ! APM BIOS
installation check xor bx,bx int 0x15 jc apm_disconnect ! error ->
should not happen, tidy up
cmp bx,#0x0504d ! check for “PM“ signature jne apm_disconnect ! no signature -> should not happen, tidy up
mov [64],ax ! record the APM BIOS version mov [76],cx ! and flags jmp done_apm_bios
apm_disconnect: mov ax,#0x05304 ! Disconnect xor bx,bx int 0x15 ! ignore return code jmp done_apm_bios
no_32_apm_bios: and [76], #0xfffd ! remove 32 bit support bit
done_apm_bios: #endif
! Now we want to move to protected mode ...
seg cs cmp realmode_swtch,#0 jz rmodeswtch_normal seg cs callf far
* realmode_swtch jmp rmodeswtch_end rmodeswtch_normal: push cs call
default_switch rmodeswtch_end:
! we get the code32 start address and modify the below ‘jmpi‘ !
(loader may have changed it) seg cs mov eax,code32_start seg cs mov
code32,eax
!一旦这个数据不再被需要,它将被覆盖(overwrite),通过把整个内核景象从0x10000移动到
!0x1000(当然是物理地址)。这一功能将由setup.s来实现,setup.s把环境设置成保护模式(641--661),
!同时跳转到0x1000处,那里是整个压缩内核的开端(head.s、misc.c)。设立堆栈,并且calls
!decompress_kernel(),负责把内核解压缩到0x100000处,然后跳转到该地址。 ! Now we move the
system to its rightful place ! ...but we check, if we have a
big-kernel. ! in this case we *must* not move it ... seg cs test byte
ptr loadflags,#LOADED_HIGH jz do_move0 ! we have a normal low loaded
zImage ! we have a high loaded big kernel jmp end_move ! ... and we
skip moving
do_move0: mov ax,#0x100 ! start of destination segment mov bp,cs !
aka #SETUPSEG sub bp,#DELTA_INITSEG ! aka #INITSEG seg cs mov
bx,start_sys_seg ! start of source segment ! start_sys_seg:0x1000,there
the system will be loaded. cld ! ‘direction‘=0, movs moves forward
do_move: mov es,ax ! destination segment inc ah ! instead of add
ax,#0x100 mov ds,bx ! source segment add bx,#0x100 sub di,di sub si,si
mov cx,#0x800 rep movsw ! 共移动了34k数据。 cmp bx,bp ! we assume
start_sys_seg > 0x200, ! so we will perhaps read one page more then
! needed, but never overwrite INITSEG because ! destination is minimum
one page below source jb do_move
! then we load the segment descriptors
end_move: mov ax,cs ! aka #SETUPSEG ! right, forgot this at first. didn‘t work :-) mov ds,ax !cs=ds,cs、ds不一定等于0x9020。
! If we have our code not at 0x90000, we need to move it there now.
! We also then need to move the parameters behind it (command line) !
Because we would overwrite the code on the current IP, we move ! it in
two steps, jumping high after the first one. mov ax,cs cmp ax,#SETUPSEG
je end_move_self cli ! make sure we really have interrupts disabled ! !
because after this the stack should not be used sub ax,#DELTA_INITSEG !
aka #INITSEG mov dx,ss cmp dx,ax jb move_self_1 add dx,#INITSEG sub
dx,ax ! this will be SS after the move move_self_1: mov ds,ax mov
ax,#INITSEG ! real INITSEG mov es,ax seg cs mov cx,setup_move_size std
! we have to move up, so we use direction down ! because the areas may
overlap mov di,cx dec di mov si,di sub cx,#move_self_here+0x200 rep
movsb jmpi move_self_here,SETUPSEG ! jump to our final place
move_self_here: mov cx,#move_self_here+0x200 ! What‘s meaning????? rep
movsb mov ax,#SETUPSEG mov ds,ax mov ss,dx ! now we are at the right
place end_move_self:
lidt idt_48 ! load idt with 0,0 lgdt gdt_48 ! load gdt with whatever appropriate
! that was painless, now we enable A20
call empty_8042 mov al,#0xD1 ! command write out #0x64,al call empty_8042 mov al,#0xDF ! A20 on out #0x60,al call empty_8042
! wait until a20 really *is* enabled; it can take a fair amount of
! time on certain systems; Toshiba Tecras are known to have this !
problem. The memory location used here is the int 0x1f vector, ! which
should be safe to use; any *unused* memory location < 0xfff0 !
should work here.
#define TEST_ADDR 0x7c
push ds xor ax,ax ! segment 0x0000 mov ds,ax dec ax ! segment
0xffff (HMA) mov gs,ax mov bx,[TEST_ADDR] ! we want to restore the
value later a20_wait: inc ax mov [TEST_ADDR],ax seg gs cmp
ax,[TEST_ADDR+0x10] je a20_wait ! loop until no longer aliased mov
[TEST_ADDR],bx ! restore original value pop ds
! make sure any possible coprocessor is properly reset..
xor ax,ax out #0xf0,al call delay out #0xf1,al call delay
! well, that went ok, I hope. Now we have to reprogram the
interrupts :-( ! we put them right after the intel-reserved hardware
interrupts, at ! int 0x20-0x2F. There they won‘t mess up anything.
Sadly IBM really ! messed this up with the original PC, and they
haven‘t been able to ! rectify it afterwards. Thus the bios puts
interrupts at 0x08-0x0f, ! which is used for the internal hardware
interrupts as well. We just ! have to reprogram the 8259‘s, and it
isn‘t fun.
mov al,#0x11 ! initialization sequence out #0x20,al ! send it to
8259A-1 call delay out #0xA0,al ! and to 8259A-2 call delay mov
al,#0x20 ! start of hardware int‘s (0x20) out #0x21,al call delay mov
al,#0x28 ! start of hardware int‘s 2 (0x28) out #0xA1,al call delay mov
al,#0x04 ! 8259-1 is master out #0x21,al call delay mov al,#0x02 !
8259-2 is slave out #0xA1,al call delay mov al,#0x01 ! 8086 mode for
both out #0x21,al call delay out #0xA1,al call delay mov al,#0xFF !
mask off all interrupts for now out #0xA1,al call delay mov al,#0xFB !
mask all irq‘s but irq2 which out #0x21,al ! is cascaded
! Well, that certainly wasn‘t fun :-(. Hopefully it works, and we
don‘t ! need no steenking BIOS anyway (except for the initial loading
:-). ! The BIOS routine wants lots of unnecessary data, and it‘s less !
“interesting“ anyway. This is how REAL programmers do it. ! ! Well,
now‘s the time to actually move into protected mode. To make ! things
as simple as possible, we do no register set-up or anything, ! we let
the GNU-compiled 32-bit programs do that. We just jump to ! absolute
address 0x1000 (or the loader supplied one), ! in 32-bit protected
mode. ! ! Note that the short jump isn‘t strictly needed, although
there are ! reasons why it might be a good idea. It won‘t hurt in any
case. ! mov ax,#1 ! protected mode (PE) bit lmsw ax ! This is it! jmp
flush_instr flush_instr: xor bx,bx ! Flag to indicate a boot
! NOTE: For high loaded big kernels we need a ! jmpi
0x100000,__KERNEL_CS ! ! but we yet haven‘t reloaded the CS register,
so the default size ! of the target offset still is 16 bit. ! However,
using an operant prefix (0x66), the CPU will properly ! take our 48 bit
far pointer. (INTeL 80386 Programmer‘s Reference ! Manual, Mixing
16-bit and 32-bit code, page 16-6) db 0x66,0xea ! prefix + jmpi-opcode
code32: dd 0x1000 ! will be set to 0x100000 for big kernels dw
__KERNEL_CS
kernel_version: .ascii UTS_RELEASE .ascii “ (“ .ascii
LINUX_COMPILE_BY .ascii “@“ .ascii LINUX_COMPILE_HOST .ascii “) “
.ascii UTS_VERSION db 0
! This is the default real mode switch routine. ! to be called just before protected mode transition
default_switch: cli ! no interrupts allowed ! mov al,#0x80 ! disable NMI for the bootup sequence out #0x70,al retf
! This routine only gets called, if we get loaded by the simple !
bootsect loader _and_ have a bzImage to load. ! Because there is no
place left in the 512 bytes of the boot sector, ! we must emigrate to
code space here. ! !由以上的注释可知,下面代码对于Romed Linux是很重要的,因为我采用了LINUX的simple
! bootsect loader。 bootsect_helper: seg cs cmp word ptr bootsect_es,#0
jnz bootsect_second seg cs mov byte ptr type_of_loader,#0x20 mov ax,es
shr ax,#4 seg cs mov byte ptr bootsect_src_base+2,ah mov ax,es seg cs
mov bootsect_es,ax sub ax,#SYSSEG retf ! nothing else to do for now
bootsect_second: push cx push si push bx test bx,bx ! 64K full ?
!BX=0x0,es=0x9000 jne bootsect_ex mov cx,#0x8000 ! full 64K move, INT15
moves words push cs pop es !es=0x9000 INITSEG mov si,#bootsect_gdt mov
ax,#0x8700 int 0x15 !es:bx=数据传输区地址 jc bootsect_panic ! this, if INT15
fails seg cs mov es,bootsect_es ! we reset es to always point to
0x10000 seg cs inc byte ptr bootsect_dst_base+2 bootsect_ex: seg cs mov
ah, byte ptr bootsect_dst_base+2 shl ah,4 ! we now have the number of
moved frames in ax xor al,al pop bx pop si pop cx retf
bootsect_gdt: .word 0,0,0,0 .word 0,0,0,0 bootsect_src: .word
0xffff bootsect_src_base: .byte 0,0,1 ! base = 0x010000 .byte 0x93 !
typbyte .word 0 ! limit16,base24 =0 bootsect_dst: .word 0xffff
bootsect_dst_base: .byte 0,0,0x10 ! base = 0x100000 .byte 0x93 !
typbyte .word 0 ! limit16,base24 =0 .word 0,0,0,0 ! BIOS CS .word
0,0,0,0 ! BIOS DS bootsect_es: .word 0
bootsect_panic: push cs pop ds cld lea si,bootsect_panic_mess call
prtstr bootsect_panic_loop: jmp bootsect_panic_loop
bootsect_panic_mess: .ascii “INT15 refuses to access high memory.
Giving up.“ db 0
! This routine checks that the keyboard command queue is empty !
(after emptying the output buffers) ! ! Some machines have delusions
that the keyboard buffer is always full ! with no keyboard attached...
empty_8042: push ecx mov ecx,#0xFFFFFF
empty_8042_loop: dec ecx jz empty_8042_end_loop
call delay in al,#0x64 ! 8042 status port test al,#1 ! output
buffer? jz no_output call delay in al,#0x60 ! read it jmp
empty_8042_loop no_output: test al,#2 ! is input buffer full? jnz
empty_8042_loop ! yes - loop empty_8042_end_loop: pop ecx ret
! ! Read the CMOS clock. Return the seconds in al ! gettime: push
cx mov ah,#0x02 int 0x1a mov al,dh ! dh contains the seconds and
al,#0x0f mov ah,dh mov cl,#0x04 shr ah,cl aad pop cx ret
! ! Delay is needed after doing I/O ! delay: .word 0x00eb ! jmp $+2 ret
! ! Descriptor tables !
gdt: .word 0,0,0,0 ! dummy
.word 0,0,0,0 ! unused
.word 0xFFFF ! 4Gb - (0x100000*0x1000 = 4Gb) .word 0x0000 ! base
address=0 .word 0x9A00 ! code read/exec .word 0x00CF !
granularity=4096, 386 (+5th nibble of limit)
.word 0xFFFF ! 4Gb - (0x100000*0x1000 = 4Gb) .word 0x0000 ! base
address=0 .word 0x9200 ! data read/write .word 0x00CF !
granularity=4096, 386 (+5th nibble of limit)
idt_48: .word 0 ! idt limit=0 .word 0,0 ! idt base=0L
gdt_48: .word 0x800 ! gdt limit=2048, 256 GDT entries .word 512+gdt,0x9 ! gdt base = 0X9xxxx
! ! Include video setup & detection code !
#include “video.S“
! ! Setup signature -- must be last !
setup_sig1: .word SIG1 setup_sig2: .word SIG2
! ! After this point, there is some free space which is used by the
video mode ! handling code to store the temporary mode table (not used
by the kernel). !
modelist:
.text endtext: .data enddata: .bss endbss:
阅读(5513) | 评论(0) | 转发(0) |