1 ;; -----------------------------------------------------------------------
3 ;; Copyright 1994-2008 H. Peter Anvin - All Rights Reserved
5 ;; This program is free software; you can redistribute it and/or modify
6 ;; it under the terms of the GNU General Public License as published by
7 ;; the Free Software Foundation, Inc., 53 Temple Place Ste 330,
8 ;; Boston MA 02111-1307, USA; either version 2 of the License, or
9 ;; (at your option) any later version; incorporated herein by reference.
11 ;; -----------------------------------------------------------------------
16 ;; 32-bit bcopy routine for real mode
20 ; 32-bit bcopy routine for real mode
22 ; We enter protected mode, set up a flat 32-bit environment, run rep movsd
23 ; and then exit. IMPORTANT: This code assumes cs == 0.
25 ; This code is probably excessively anal-retentive in its handling of
26 ; segments, but this stuff is painful enough as it is without having to rely
27 ; on everything happening "as it ought to."
29 ; NOTE: this code is relocated into low memory, just after the .earlybss
30 ; segment, in order to support to "bcopy over self" operation.
37 ; This is in the .text segment since it needs to be
38 ; contiguous with the rest of the bcopy stuff
40 ; GDT descriptor entry
43 PM_%1 equ bcopy_gdt.%1-bcopy_gdt
47 dw bcopy_gdt_size-1 ; Null descriptor - contains GDT
48 dd bcopy_gdt ; pointer for LGDT instruction
52 dd 0000ffffh ; 08h Code segment, use16, readable,
53 dd 00009b00h ; present, dpl 0, cover 64K
55 dd 0000ffffh ; 10h Data segment, use16, read/write,
56 dd 008f9300h ; present, dpl 0, cover all 4G
58 dd 0000ffffh ; 18h Data segment, use16, read/write,
59 dd 00009300h ; present, dpl 0, cover 64K
60 ; The next two segments are used for COM32 only
62 dd 0000ffffh ; 20h Code segment, use32, readable,
63 dd 00cf9b00h ; present, dpl 0, cover all 4G
65 dd 0000ffffh ; 28h Data segment, use32, read/write,
66 dd 00cf9300h ; present, dpl 0, cover all 4G
68 ; TSS segment to keep Intel VT happy. Intel VT is
69 ; unhappy about anything that doesn't smell like a
70 ; full-blown 32-bit OS.
72 dw 104-1, DummyTSS ; 30h 32-bit task state segment
73 dd 00008900h ; present, dpl 0, 104 bytes @DummyTSS
75 ; 16-bit stack segment, which may have a different
76 ; base from DS16 (e.g. if we're booted from PXELINUX)
78 dd 0000ffffh ; 38h Data segment, use16, read/write,
79 dd 00009300h ; present, dpl 0, cover 64K
81 bcopy_gdt_size: equ $-bcopy_gdt
85 ; 32-bit copy, overlap safe
88 ; ESI - source pointer (-1 means do bzero rather than bcopy)
89 ; EDI - target pointer
94 ; ESI - first byte after source (garbage if ESI == -1 on entry)
95 ; EDI - first byte after target
106 ; This routine is used to invoke a simple routine in 16-bit protected
107 ; mode (with 32-bit DS and ES, and working 16-bit stack.)
108 ; Note that all segment registers including CS, except possibly SS,
109 ; are zero-based in the protected-mode routine.
111 ; No interrupt thunking services are provided; interrupts are disabled
112 ; for the duration of the routine. Don't run for too long at a time.
115 ; BX - routine to execute
116 ; ECX, EDX, EBP, ESI and EDI passed to the called routine
120 ; All other registers as returned from called function
123 pushf ; Saves, among others, the IF flag
132 mov byte [cs:bcopy_gdt.TSS+5],89h ; Mark TSS unbusy
134 ; Convert the stack segment to a base
139 mov [cs:bcopy_gdt.SS16+2],eax
141 push ss ; Save real-mode SS selector
143 o32 lgdt [cs:bcopy_gdt]
146 mov cr0,eax ; Enter protected mode
149 mov ax,PM_SS16 ; Make stack usable
152 mov al,PM_DS16_4G ; Data segment selector
156 ; Set fs, gs, tr, and ldtr in case we're on a virtual
157 ; machine running on Intel VT hardware -- it can't
158 ; deal with a partial transition, for no good reason.
160 mov al,PM_DS16_RM ; Real-mode-like segment
163 mov al,PM_TSS ; Intel VT really doesn't want
164 ltr ax ; an invalid TR and LDTR, so give
165 xor ax,ax ; it something that it can use...
168 call bx ; Call actual routine
171 mov ax,PM_DS16_RM ; "Real-mode-like" data segment
175 pop bx ; Previous value for ss
179 mov cr0,eax ; Disable protected mode
182 .in_rm: ; Back in real mode
190 popf ; Re-enables interrupts
196 ; This is the protected-mode core of the "bcopy" routine.
202 cmp esi,edi ; If source < destination, we might
203 jb .reverse ; have to copy backwards
206 mov al,cl ; Save low bits
208 shr ecx,2 ; Convert to dwords
209 a32 rep movsd ; Do our business
210 ; At this point ecx == 0
212 mov cl,al ; Copy any fractional dword
218 lea esi,[esi+ecx-1] ; Point to final byte
225 ; Change ESI/EDI to point to the last dword, instead
237 mov si,cx ; Save low bits
242 mov cx,si ; Write fractional dword
247 ; Routines to enable and disable (yuck) A20. These routines are gathered
248 ; from tips from a couple of sources, including the Linux kernel and
249 ; http://www.x86.org/. The need for the delay to be as large as given here
250 ; is indicated by Donnie Barnes of RedHat, the problematic system being an
251 ; IBM ThinkPad 760EL.
253 ; We typically toggle A20 twice for every 64K transferred.
255 %define io_delay call _io_delay
256 %define IO_DELAY_PORT 80h ; Invalid port (we hope!)
257 %define disable_wait 32 ; How long to wait for a disable
259 ; Note the skip of 2 here
260 %define A20_DUNNO 0 ; A20 type unknown
261 %define A20_NONE 2 ; A20 always on?
262 %define A20_BIOS 4 ; A20 BIOS enable
263 %define A20_KBC 6 ; A20 through KBC
264 %define A20_FAST 8 ; A20 through port 92h
266 slow_out: out dx, al ; Fall through
268 _io_delay: out IO_DELAY_PORT,al
274 mov byte [cs:A20Tries],255 ; Times to try to make this work
285 ; If the A20 type is known, jump straight to type
288 jmp word [cs:bp+A20List]
291 ; First, see if we are on a system with no A20 gate
295 mov byte [cs:A20Type], A20_NONE
300 ; Next, try the BIOS (INT 15h AX=2401h)
303 mov byte [cs:A20Type], A20_BIOS
305 pushf ; Some BIOSes muck with IF
313 ; Enable the keyboard controller A20 gate
316 mov dl, 1 ; Allow early exit
318 jnz a20_done ; A20 live, no need to use KBC
320 mov byte [cs:A20Type], A20_KBC ; Starting KBC command sequence
322 mov al,0D1h ; Command write
324 call empty_8042_uncond
328 call empty_8042_uncond
330 ; Verify that A20 actually is enabled. Do that by
331 ; observing a word in low memory and the same word in
332 ; the HMA until they are no longer coherent. Note that
333 ; we don't do the same check in the disable case, because
334 ; we don't want to *require* A20 masking (SYSLINUX should
335 ; work fine without it, if the BIOS does.)
345 ; Running out of options here. Final attempt: enable the "fast A20 gate"
348 mov byte [cs:A20Type], A20_FAST ; Haven't used the KBC yet
351 and al,~01h ; Don't accidentally reset the machine!
364 ; Oh bugger. A20 is not responding. Try frobbing it again; eventually give up
365 ; and report failure to the user.
369 dec byte [cs:A20Tries]
376 err_a20 db CR, LF, 'A20 gate not responding!', CR, LF, 0
380 ; A20 unmasked, proceed...
387 ; This routine tests if A20 is enabled (ZF = 0). This routine
388 ; must not destroy any register contents.
394 mov cx,0FFFFh ; HMA = segment 0FFFFh
396 mov cx,32 ; Loop count
400 io_delay ; Serialize, and fix delay
401 cmp ax,[es:A20Test+10h]
418 jmp word [cs:bp+A20DList]
422 pushf ; Some BIOSes muck with IF
425 jmp short a20d_snooze
428 ; Disable the "fast A20 gate"
434 jmp short a20d_snooze
437 ; Disable the keyboard controller A20 gate
440 call empty_8042_uncond
442 out 064h, al ; Command write
443 call empty_8042_uncond
444 mov al,0DDh ; A20 off
446 call empty_8042_uncond
447 ; Wait a bit for it to take effect
451 .delayloop: call a20_test
461 ; Routine to empty the 8042 KBC controller. If dl != 0
462 ; then we will test A20 in the loop and exit if A20 is
473 in al, 064h ; Status port
477 in al, 060h ; Read input
486 ; Execute a WBINVD instruction if possible on this CPU
497 ; This routine is used to shuffle memory around, followed by
498 ; invoking an entry point somewhere in low memory. This routine
499 ; can clobber any memory above 7C00h, we therefore have to move
500 ; necessary code into the trackbuf area before doing the copy,
501 ; and do adjustments to anything except BSS area references.
503 ; NOTE: Since PXELINUX relocates itself, put all these
504 ; references in the ".earlybss" segment.
506 ; After performing the copy, this routine resets the stack and
507 ; jumps to the specified entrypoint.
509 ; IMPORTANT: This routine does not canonicalize the stack or the
510 ; SS register. That is the responsibility of the caller.
513 ; DS:BX -> Pointer to list of (dst, src, len) pairs(*)
514 ; AX -> Number of list entries
515 ; [CS:EntryPoint] -> CS:IP to jump to
516 ; On stack - initial state (fd, ad, ds, es, fs, gs)
518 ; (*) If dst == -1, then (src, len) entry refers to a set of new
519 ; descriptors to load.
520 ; If src == -1, then the memory pointed to by (dst, len) is bzeroed;
521 ; this is handled inside the bcopy routine.
545 jmp far [cs:EntryPoint]
548 mov bx, trackbuf ; Next descriptor
550 push ecx ; Save byte count
555 div ecx ; Convert to descriptor count
561 ; This routine is chained to from shuffle_and_boot to invoke a
562 ; flat 32-bit protected mode operating system.
567 mov byte [cs:bcopy_gdt.TSS+5],89h ; Mark TSS unbusy
568 o32 lgdt [cs:bcopy_gdt]
571 mov cr0,eax ; Enter protected mode
572 jmp PM_CS32:.next ; Synchronize and go to 32-bit mode
576 lldt ax ; TR <- 0 to be nice to Intel VT
578 ltr ax ; Bogus TSS to be nice to Intel VT
580 mov es,ax ; 32-bit data segment selector
585 jmp word TrampolineBuf
589 A20List dw a20_dunno, a20_none, a20_bios, a20_kbc, a20_fast
590 A20DList dw a20d_dunno, a20d_none, a20d_bios, a20d_kbc, a20d_fast
591 a20_adjust_cnt equ ($-A20List)/2
593 A20Type dw A20_NONE ; A20 type
595 ; Total size of .bcopy32 section
596 alignb 4, db 0 ; Even number of dwords
597 __bcopy_size equ $-__bcopy_start
601 EntryPoint resd 1 ; CS:IP for shuffle_and_boot
602 A20Test resw 1 ; Counter for testing status of A20
603 A20Tries resb 1 ; Times until giving up on A20
606 ; This buffer contains synthesized code for shuffle-and-boot.
607 ; For the PM case, it is 9*5 = 45 bytes long; for the RM case it is
608 ; 8*6 to set the GPRs, 6*5 to set the segment registers (including a dummy
609 ; setting of CS), 5 bytes to set CS:IP, for a total of 83 bytes.
611 TrampolineBuf resb 83 ; Shuffle and boot trampoline
614 ; Space for a dummy task state segment. It should never be actually
615 ; accessed, but just in case it is, point to a chunk of memory not used
projects / profile / ivi / syslinux.git / blob