实验12Linux内核启动分析综述

1、实验12 Linux内核启动分析实验目的就boot.s和head.s 了解Linux启动的部分工程实验步骤下载源码分析源码源码分析结果head.s# head.s contains the 32-bit startup code.# Two L3 task multitask ing. The code of tasks are in kernel area,# just like the Linux. The kernel code is located at 0x10000.;头文件包含32位的启动代码;两个L3分配多个任务，就像linux,它的任务代码在核心区域;核心代码在0x10000

2、的地址上SCRN_SEL= 0x18TSS0_SEL= 0x20LDT0_SEL= 0x28TSS1_SEL= 0X30LDT1_SEL= 0x38;将代码段和数据段的地址设为0x10;lss传送目标指针，将目标指针内容送入;LSS DI,string ;把段地址：偏移地址存到 SS:DI.textstartup_32:movl $0x10,%eaxmov %ax,%ds# mov %ax,%eslss init_stack,%esp;将 init_stack+4 送入 ss，并将 init_stack 地址送入 esp# setup base fields of descriptors.;设

3、置基本描述符域call setup_idtcall setup_gdt;在完成两个设置程序的调用之后就重置所有段寄存器movl $0x10,%eax# reload all the segme nt registersmov %ax,%ds# after cha nging gdt.mov %ax,%esmov %ax,%fsmov %ax,%gslss ini t_stack,%esp# setup up timer 8253 chip.;设置计时器芯片 8523movb $0x36, %almovl $0x43, %edxoutb %al, %dx #向 43端口写入 36movl $11

4、930, %eax# timer freque ncy 100 HZmovl $0x40, %edxoutb %al, %dx#向 40 端口写入 11930movb %ah, %aloutb %al, %dx# setup timer & system call in terrupt descriptors.;movl $0x00080000, %eaxmovw $timer_interrupt, %ax;中断movw $0x8E00, %dxmovl $0x08, %ecx# The PC default timer int.lea idt(,%ecx,8), %esimovl %eax,

5、(%esi)movl %edx,4(%esi)movw $system_ in terrupt, %axmovw $0xef00, %dxmovl $0x80, %ecxlea idt(,%ecx,8), %esimovl %eax,(%esi)movl %edx,4(%esi)# unm ask the timer in terrupt.# movl $0x21, %edx# inb %dx, %al# andb $0xfe, %al# outb %al, %dx# Move to user mode (task 0)pushflandl $0xffffbfff, (%esp)popflmo

6、vl $TSS0_SEL, %eaxltr %axmovl $LDT0_SEL, %eaxlldt %axmovl $0, curre ntstipushl $0x17pushl $ini t_stackpushflpushl $0x0fpushl $task0iret/*/setup_gdt:/*将 gdt_opcode 的入口地址装入 GDTR 寄存器lgdt lgdt_opcoderet将中断描述符表idt设置成具有 256个项，并都指向ignore_int中断门。然后加载中断 *描述符表寄存器(用lidt指令)。真正实用的中断门以后再安装。 当我们在其它地方认为一 切*都正常时再开启中

7、断。该子程序将会被页表覆盖掉。*/#中断描述符表中的项虽然也是8字节组成，但其格式与全局表中的不同，被称为门描述符# (Gate Descriptor)。它的0-1,6-7字节是偏移量，2-3字节是选择符，4-5字节是一些标志。 setup_idt:lea ignore_in t,%edxmovl $0x00080000,%eaxmovw %dx,%ax/* selector = 0x0008 = cs */movw $0x8E00,%dx/* i nterrupt gate - dpl=0, prese nt */lea idt,%edimov $256,%ecxrp_sidt:movl %

8、eax,(%edi)movl %edx,4(%edi)/因为idt有256项故而这里需要对其每个都加载门描述fuaddl $8,%edidec %ecxjne rp_sidtlidt lidt_opcode/*将 lidt_opcode 的入口地址装入 LDTR 寄存器ret# write_char:push %gspushl %ebx# pushl %eaxmov $SCRN_SEL, %ebxmov %bx, %gsmovl scr_loc, %bxshl $1, %ebxmovb %al, %gs:(%ebx)shr $1, %ebxincl %ebxcmpl $2000, %ebxjb

9、 1fmovl $0, %ebx1:movl %ebx, scr_loc# popl %eax popl %ebx pop %gs ret*/* This is the default in terrupt ha ndler :-) */.alig n 2ignore_int:push %dspushl %eaxmovl $0x10, %eaxmov %ax, %dsmovl $67, %eax/* prin t C */call write_charpopl %eaxpop %dsiret/* Timer in terrupt han dler */ .alig n 2timer_i nte

10、rrupt:push %ds pushl %eax movl $0x10, %eax mov %ax, %ds movb $0x20, %al outb %al, $0x20 movl $1, %eax cmpl %eax, curre nt je 1fmovl %eax, curre nt ljmp $TSS1_SEL, $0 jmp 2f1:movl $0, currentljmp $TSS0_SEL, $0 2:popl %eaxpop %dsiret/* system call han dler */.alig n 2system_ in terrupt: push %ds pushl

11、 %edx pushl %ecx pushl %ebx pushl %eax movl $0x10, %edx mov %dx, %ds call write_char popl %eax popl %ebx popl %ecx popl %edx pop %ds iret/*/curre nt: .long 0scr_loc:.l ong 0.align 2#这里.align 2的含义是指存储边界对齐调整。2表示调整到地址最后2位为零，#即按4字节方式对齐内存地址。lidt_opcode:.word 256*8-1# idt con tai ns 256 en triesong idt #

12、This will be rewrite by code.lgdt_opcode:.word (end_gdt-gdt)-1# so does gdt#得到 gdt 的长度，以字节为单位ong gdt # This will be rewrite by code.alig n 3idt: .fill 256,8,0# idt is uninitialized/ 中断描述表/*全局描述符表，前四项分别为空项，代码段描述符，数据段描述符#系统段描述符。其中系统段描述符在linux中没有起到作用。后面还预留128项用于创建任务的ldt和tssgdt: .quad 0x0000000000000000

13、.quad 0x00c09a00000007ff.quad 0x00c09200000007ff.quad 0x00c0920b80000002余下四项为段描述符.word 0x0068, tss0, 0xe900,/* NULL descriptor */* 8Mb 0x08, base = 0x00000 */* 8Mb 0x10 */* screen 0x18 - for display */0x0# TSS0 descr 0x20.word 0x0068, tssl, 0xe900, 0x0# TSS1 descr 0x30.word 0x0040, ldt1, 0xe200, 0x0

14、# LDT1 descr 0x38en d_gdt:.fill 128,4,0#重复拷贝4个字节的0,总共拷贝128次ini t_stack:ong in it_stack.word 0x10# Will be used as user stack for task0.#*.alig n 3ldt0: .quad 0x0000000000000000.quad 0x00c0fa00000003ff# 0x0f, base = 0x00000.quad 0x00c0f200000003ff# 0x17tss0: .long 0/* back link */.long krn_stk0, 0x10

15、.lo ng 0, 0, 0, 0, 0.lo ng 0, 0, 0, 0, 0.lo ng 0, 0, 0, 0, 0.long 0, 0, 0, 0, 0, 0/* esp0, ss0 */* esp1, ss1, esp2, ss2, cr3 */* eip, eflags, eax, ecx, edx */* ebx esp, ebp, esi, edi */* es, cs, ss, ds, fs, gs */.long LDT0_SEL, 0x8000000/* ldt, trace bitmap */.fill 128,4,0 krn_stk0:# .long 0/*/.alig

16、 n 3ldt1: .quad 0x0000000000000000.quad 0x00c0fa00000003ff.quad 0x00c0f200000003ff#quad用来定义八个字节# 0x0f, base = 0x00000# 0x17tss1: .long 0/* back link */.long krn_stk1,0x10/* esp0, ss0 */.long 0, 0, 0, 0, 0/* esp1, ss1, esp2, ss2, cr3 */.long task1,0x200/* eip, eflags */ong 0, 0, 0, 0/* eax, ecx, edx,

17、 ebx */ong usr_stk1,0, 0, 0/* esp, ebp, esi, edi */.long 0x17,0x0f,0x17,0x17,0x17,0x17 /* es, cs, ss, ds, fs, gs */.long LDT1_SEL, 0x8000000/* ldt, trace bitmap */.fill 128,4,0 krn stk1:/*taskO:movl $0x17, %eaxmovw %ax, %dsmovl $65, %al/* prin t A */int $0x80movl $0xfff, %ecx1: loop 1bjmp task0task1

18、:movl $0x17, %eaxmovw %ax, %dsmovl $66, %al/* prin t B */int $0x80movl $0xfff, %ecx1: loop 1bjmp task1.fill 128,4,0usr_stk1:Boot s! boot.s! It then loads the system at 0x10000, usi ng BIOS in terrupts. Thereafter! it disables all in terrupts, cha nges to protected mode, and calls theBOOTSEG = 0x07c0

19、;位于内存 31KBSYSSEG = 0x1000! system loaded at 0x10000 (65536).位于内存的 64KB 处SYSLEN= 17! sectors occupied.;Linux启动时，在BIOS完成自检测以后，就会将控制权交给硬盘的第一个扇区，MBR会将程序复制到内存 bootseg,运行启动程序en try startstart:jmpi go,#BOOTSEG;x86实模式段间跳转，将 cs置为0x07c0，偏移地址设为 go,接下 来执行的是go的位置go: mov ax,csmov ds,axmov ss,ax;初始化数据段，堆栈段mov sp,#

20、0x400! arbitrary value 512 重新定位堆栈! ok, weve writte n the message, nowload_system:mov dx,#0x0000mov cx,#0x0002mov ax,#SYSSEGmov es,axxor bx,bxmov ax,#0x200+SYSLEN ;从磁盘0磁头0驱动号0号磁道2号扇区开始往后，读17个扇区到内存的 0x1000:0000处int 0x13;17*512B将8.5Kb的数据读到内存的内存的0x1000:0000处jnc ok_loaddie: jmp die#如果加载失败此处会陷入一个死循环从而重新启动

21、! now we want to move to protected mode .ok_load:cli! no interrupts allowed ;关中断mov ax, #SYSSEGmov ds, ax;将syseg位置8K字的数据送到 es（此时地址为0）指定的位置xor ax, axmov es, axmov cx, #0x2000;sub si,sisub di,direpmovwmov ax, #BOOTSEGmov ds, ax;将数据端指回 bootseglidt idt_48! load idt with 0,0;将中断描述符设为0, 0lgdt gdt_48! load

22、 gdt with whatever appropriate;将全局描述符设为! absolute address 0x00000, in 32-bit protected mode.mov ax,#0x0001! protected mode （PE） bitlmsw ax! This is it!; LMSW - Load Machi ne Status Word （286+privileged）;设置为保护模式jmpi 0,8! jmp offset 0 of segment 8 （cs）;将 cs=0x08,偏移地址为 0，下一条指令的在0x08!全局描述符表开始处。描述符表由多个8字节长的描述符项组成。!这里给出了 3个描述符项。第 1项无用（206行）