基于 i386 体系结构的 Linux 启动代码分析

基于 i386体系结构的 Linux启动代码分析

[email protected]

[email protected] Embedded Operating Systems 2

启动代码文件 linux/arch/i386/boot/bootsect.S linux/arch/i386/boot/setup.S linux/arch/i386/boot/compressed/head.S linux/arch/i386/kernel/head.S linux/arch/i386/kernel/init_task.c linux/arch/init/main.c


实模式实模式是为了兼容早期的 CPU 而设置的系统总是始于实模式实模式下

地址总线： 20 位内存范围： 0~1MB 逻辑地址 = 段地址 + 段内偏移

段地址 = 段寄存器中的值 *16 （或左移 4 位）段寄存器长度： 16bit


I386实模式下的内存布局图

RAM1-MB

ROM-BIOS

VIDEO-BIOS

VRAM0xA0000

0xC0000

0xF0000

0x00000


软盘和硬盘启动软盘启动， bootsect.S

0x7c000x90000 0x7c00, BIOS 0x90000, lilo

堆栈， 0x3ff4(0x4000-12), 向下增长磁盘参数表， 12Bytes ， 0x3ff4~0x40

00 显示“ Loading” Setup0x90200 系统

小内核， 0x10000 （ 64KB 处），低装载

大内核， 0x100000 （ 1MB 处），高装载

setup

硬盘启动，两阶段引导装载 LILO （ LInuxLOader ）

第一个扇区 …

装载 LINUX Bootsect.S0x90000 Setup.S0x90200 系统

0x10000 0x100000

跳转到 setup


Setup

初始化硬件设备并为内核程序的执行建立环境内存检测键盘视频磁盘控制器 IBM 微通道总线 MCA PS/2 设备（总线鼠标） APM BIOS

若低装载，将系统移动到 0x1000 处（ 4KB 处）否则，不必

临时 IDT 和临时 GDT FPU PIC, 16 个硬件中断中断

向量 32~47 实模式保护模式 Startup_32


Compressed/head.S

Startup_32 初始化段寄存器和一个临时堆栈初始化 BSS 段解压缩

高装载或低装载解压缩 0x100000 （ 1MB ）跳转到 0x100000 处


Head.S

Startup_32 初始化段寄存器建立进程 0 的内核堆栈 Setup_idt 拷贝系统参数识别处理器 GDT 、 IDT Start_kernel


The system-segment registers

In protected-mode the CPU needs quick access to some important data-structures, such as: Memory-Segment Descriptors Interrupt-Gate Descriptors Call-Gate Descriptors Task-State Descriptors Page-Directory and Page-Table Descriptors

Special CPU registers locate these items


GDT and IDT

Two most vital system registers for protected-mode execution are: GDTR (Global Descriptor Table Register) IDTR (Interrupt Descriptor Table Register)

48-bits widebase-address + segment-limit (an array of descriptors, the GDT & the IDT)

Special instructions SGDT/LGDT, SIDT/LIDT

Segment Base-AddressSegment

Limit

47 16 15 0

16 bits32 bits


System Relationships

descriptordescriptordescriptordescriptordescriptordescriptordescriptor

descriptordescriptordescriptordescriptordescriptordescriptordescriptor

descriptordescriptordescriptordescriptordescriptordescriptor

Interrupt Descriptor Table

Global Descriptor Table

GDTR

IDTR


LDT and TSS

For protected-mode multitasking, the CPU needs to access two other data-structures: The current Local Descriptor Table (LDT) The current Task-State Segment (TSS)

Again, special registers tell the CPU where to find these data-structures in memory (assuming protected-mode is enabled)

Instructions: SLDT/LLDT, STR/LTR


Control Registers

CR0 CR1 CR2 CR3


CR0 CR0, MSW register (Machine Status Word, 32-bit version) Contains system control flags that control operating mode and states of

the processor

PE-bit (Protection Enabled)0 CPU is in real-mode, 1 CPU is in protected-mode

Instruction: lmsw LINUX’ setup.S:

movw $1, %ax lmsw %ax jmp flush_instr // why? flush_instr:

To turn on the PE-bit (enables protected-mode),


CR1、 CR2、 CR3 CR1

Reserved CR2

Contains the page-fault linear address (the linear address that caused a page fault)

CR3 Contains the physical address of the base of the page directory and two

flags (PCD & PWT)


Segment Descriptor Format

Base[31..24] G DRSV

AVL

Limit[19..16]

PDPL

S XC/D

R/

WA Base[23..16]

Base[15..0] Limit[15..0]

31 16

15 0


“Hidden” part of Segment Registers

selector Segment base Segment limitAccessrights

The programmer-visible part of a segment-register

The “invisible” parts of a segment-register

index TI RPL

2 1 015

Segment selector


Three VRAM zones

GRAPHICS

MONOCHROME TEXT

COLOR TEXT

64-KB

32-KB

32-KB

0xA0000

0xB0000

0xB8000


Array of picture-elements

Text-mode VRAM is organized as an array

Each array-element occupies one word

Word’s LSB holds ascii character-code

Word’s MSB holds a color-number pair

bgcolor fgcolor ASCII character-code

15 12 11 8 7 0

bytenybble nybble


Color-Attribute Byte

Blink R G B Intense G BR

foreground color attribute

background color attribute


Screen-element locations

80 columns

25rows

characters 0..79

characters 80..159

Video screen

characters 1920..1999


逻辑地址段：偏移量

线性地址 32 位无符号整数， 0~4G-1, 即 0x00000000~0xFFFFFFFF

物理地址芯片级内存单元寻址

地址转换过程

内存寻址

物理地址线性地址分段单元分页单元逻辑地址


实模式？保护模式？分页？ Real mode

Exists mostly to maintain processor compatibility with older models, &

To allow the OS to bootstrap


段选择子

index TI RPL

2 1 015

Segment selector


__KERNEL_CS __KERNEL_CS

0x10 = 0000 0000 0001 0000b

Index(0x2), TI(0), RPL(0, highest)

limit(0xFFFFF), base(0),

G(1, =4096), D(1,=32 位 ),

P(1, in main memory), DPL(0, hignest), S(1),

type(0xA) E(1), executable, code

C(0), not current

R(1), readable

A(0), unaccessed

gdt: .word 0, 0, 0, 0 # dummy

.word 0, 0, 0, 0 # unused

.word 0xFFFF # 4Gb .word 0 # base address = 0

.word 0x9A00 # code read/exec

.word 0x00CF # granularity(4096)

.word 0xFFFF # 4Gb

.word 0 # base address = 0

.word 0x9200 # data read/write

.word 0x00CF # granularity(4096)


段描述符



逻辑地址的转换Segment selectorLogical Address: Segment-offset

Operand’s effective addressPhysical Address:

descriptor

descriptor

descriptor

descriptor

Segment Descriptor Table

+Segment Base-address

(also Segment-Limit and Access Rights)

Validity is checked by CPU


分页 PG

Paging (bit 31 of CR0). 1 Enables paging with PE=1,

Linear address space is divided into fixed-size pages (4KB, 2MB, or 4MB) that can be mapped into physical memory and/or disk storage using paging mechanism.

0 Disables paging, linear addresses = physical addresses.


lss

lss a, %esp ; dses, aesp

Documents

基于 i386 体系结构的 Linux 启动代码分析