CS3210: Booting and x86. Taesoo Kim

Similar documents
CS3210: Booting and x86

143A: Principles of Operating Systems. Lecture 7: System boot. Anton Burtsev October, 2017

238P: Operating Systems. Lecture 7: System boot. Anton Burtsev January, 2017

Assembly Language. Lecture 2 - x86 Processor Architecture. Ahmed Sallam

Assembly Language. Lecture 2 x86 Processor Architecture

143A: Principles of Operating Systems. Lecture 7: System boot. Anton Burtsev January, 2017

IA32/Linux Virtual Memory Architecture

BOOTSTRAP, PC BIOS, AND IA32 MEMORY MODES. CS124 Operating Systems Winter , Lecture 5

CS3210: Virtual memory. Taesoo Kim w/ minor updates K. Harrigan

IA32 Intel 32-bit Architecture

W4118: PC Hardware and x86. Junfeng Yang

Computer Organization (II) IA-32 Processor Architecture. Pu-Jen Cheng

Low Level Programming Lecture 2. International Faculty of Engineerig, Technical University of Łódź

x86 architecture et similia

Hardware and Software Architecture. Chapter 2

x86 Assembly Tutorial COS 318: Fall 2017

Chapter 1. Bootstrap. Hardware

xv6 Boot Recap: Transitioning from 16 bit mode to 32 bit mode

We can study computer architectures by starting with the basic building blocks. Adders, decoders, multiplexors, flip-flops, registers,...

The Microprocessor and its Architecture

Introduction to IA-32. Jo, Heeseung

Lecture 15 Intel Manual, Vol. 1, Chapter 3. Fri, Mar 6, Hampden-Sydney College. The x86 Architecture. Robb T. Koether. Overview of the x86

INTRODUCTION TO IA-32. Jo, Heeseung

CS 16: Assembly Language Programming for the IBM PC and Compatibles

Tutorial 10 Protection Cont.

Assembly Language for Intel-Based Computers, 4 th Edition. Chapter 2: IA-32 Processor Architecture. Chapter Overview.

Basic Information. CS318 Project #1. OS Bootup Process. Reboot. Bootup Mechanism

Assembly Language for Intel-Based Computers, 4 th Edition. Kip R. Irvine. Chapter 2: IA-32 Processor Architecture

ICS143A: Principles of Operating Systems. Midterm recap, sample questions. Anton Burtsev February, 2017

IA-32 Architecture COE 205. Computer Organization and Assembly Language. Computer Engineering Department

Assembly Language for Intel-Based Computers, 4 th Edition. Chapter 2: IA-32 Processor Architecture Included elements of the IA-64 bit

The x86 Architecture

Project 1: Bootloader. COS 318 Fall 2015

IA32 OS START-UP UEFI FIRMWARE. CS124 Operating Systems Fall , Lecture 6

MICROPROCESSOR TECHNOLOGY

EECE416 :Microcomputer Fundamentals and Design. X86 Assembly Programming Part 1. Dr. Charles Kim

What You Need to Know for Project Three. Dave Eckhardt Steve Muckle

Assembly Language for x86 Processors 7 th Edition. Chapter 2: x86 Processor Architecture

Complex Instruction Set Computer (CISC)

x86 Initial Boot Sequence Advanced Operating Systems and Virtualization Alessandro Pellegrini A.Y. 2017/2018

The Instruction Set. Chapter 5

iapx Systems Electronic Computers M

EXPERIMENT WRITE UP. LEARNING OBJECTIVES: 1. Get hands on experience with Assembly Language Programming 2. Write and debug programs in TASM/MASM

Microkernel Construction

x86 segmentation, page tables, and interrupts 3/17/08 Frans Kaashoek MIT

3. Process Management in xv6

CS3210: Isolation Mechanisms

COS 318: Operating Systems. Overview. Prof. Margaret Martonosi Computer Science Department Princeton University

Basic Execution Environment

IA-32 Architecture. Computer Organization and Assembly Languages Yung-Yu Chuang 2005/10/6. with slides by Kip Irvine and Keith Van Rhein

MICROPROCESSOR MICROPROCESSOR ARCHITECTURE. Prof. P. C. Patil UOP S.E.COMP (SEM-II)

Machine-level Representation of Programs. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

6/17/2011. Introduction. Chapter Objectives Upon completion of this chapter, you will be able to:

MICROPROCESSOR MICROPROCESSOR ARCHITECTURE. Prof. P. C. Patil UOP S.E.COMP (SEM-II)

Chapter 2: The Microprocessor and its Architecture

Microkernel Construction

For your convenience Apress has placed some of the front matter material after the index. Please use the Bookmarks and Contents at a Glance links to

143A: Principles of Operating Systems. Lecture 6: Address translation. Anton Burtsev January, 2017

MICROPROCESSOR ALL IN ONE. Prof. P. C. Patil UOP S.E.COMP (SEM-II)

CS 410/510. Mark P Jones Portland State University

Addressing Modes on the x86

Xosdev Chapter 1 [The Bootloader] by mr. xsism

Moodle WILLINGDON COLLEGE SANGLI (B. SC.-II) Digital Electronics

Reverse Engineering II: Basics. Gergely Erdélyi Senior Antivirus Researcher

Dr. Ramesh K. Karne Department of Computer and Information Sciences, Towson University, Towson, MD /12/2014 Slide 1

6.828: Using Virtual Memory. Adam Belay

Reverse Engineering II: The Basics

Buffer Overflow Attack

EEM336 Microprocessors I. The Microprocessor and Its Architecture

Computer Processors. Part 2. Components of a Processor. Execution Unit The ALU. Execution Unit. The Brains of the Box. Processors. Execution Unit (EU)

CanSecWest Nicolás A. Economou Andrés Lopez Luksenberg

U23 - Binary Exploitation

CS3210: Virtual memory applications. Taesoo Kim

16-Bit Intel Processor Architecture

Chapter 11. Addressing Modes

Mechanisms for entering the system

Systems Architecture I

CPEG421/621 Tutorial

Practical Malware Analysis

Author: Steve Gorman Title: Programming with the Intel architecture in the flat memory model

Program Exploitation Intro

Lecture Dependable Systems Practical Report Software Implemented Fault Injection. July 31, 2010

238P: Operating Systems. Lecture 5: Address translation. Anton Burtsev January, 2018

PROTECTION CHAPTER 4 PROTECTION

Assembler Programming. Lecture 2

Darshan Institute of Engineering & Technology

SYSC3601 Microprocessor Systems. Unit 2: The Intel 8086 Architecture and Programming Model

CS 31: Intro to Systems Functions and the Stack. Martin Gagne Swarthmore College February 23, 2016

UMBC. contain new IP while 4th and 5th bytes contain CS. CALL BX and CALL [BX] versions also exist. contain displacement added to IP.

+ Overview. Projects: Developing an OS Kernel for x86. ! Handling Intel Processor Exceptions: the Interrupt Descriptor Table (IDT)

MODE (mod) FIELD CODES. mod MEMORY MODE: 8-BIT DISPLACEMENT MEMORY MODE: 16- OR 32- BIT DISPLACEMENT REGISTER MODE

CSCI 350 Ch. 2 The Kernel Abstraction & Protection. Mark Redekopp

Lab1 tutorial CS

Instruction Set Architectures

Systems I. Machine-Level Programming V: Procedures

Processes and Tasks What comprises the state of a running program (a process or task)?

Homework / Exam. Return and Review Exam #1 Reading. Machine Projects. Labs. S&S Extracts , PIC Data Sheet. Start on mp3 (Due Class 19)

CS3210: Virtual memory applications

Processes (Intro) Yannis Smaragdakis, U. Athens

X86 Stack Calling Function POV

Transcription:

1 CS3210: Booting and x86 Taesoo Kim

2 What is an operating system? e.g. OSX, Windows, Linux, FreeBSD, etc. What does an OS do for you? Abstract the hardware for convenience and portability Multiplex the hardware among multiple applications Isolate applications to contain bugs Allow sharing among applications

Example: Intel i386 3

4 Example: IBM T42

Abstract model (Wikipedia) 5

6 Abstract model: CPU, Memory, and I/O CPU: execute instruction, IP next IP Memory: read/write, address data I/O: talk to external world, memory-mapped I/O or port I/O I/O: input and output, IP: instruction pointer

7 Today: Bootstrapping CPU what's first instruction? Memory what's initial code/data? I/O whom to talk to?

8 What happens after power on? High-level: Firmware Bootloader OS kernel e.g., jos: BIOS boot/* kern/* e.g., xv6: BIOS bootblock kernel e.g., Linux: BIOS/UEFI LILO/GRUB/syslinux vmlinuz Why three steps? What are the handover protocols?

9 BIOS: Basic Input/Output System QEMU uses an opensource BIOS, called SeaBIOS e.g., try to run, qemu (with no arguments)

10 From power-on to BIOS in x86 (miniboot) Set IP 4GB - 16B (0xfffffff0) e.g., 80286: 1MB - 16B (0xffff0) e.g., SPARCS v8: 0x00 (reset vector) DEMO : x86 initial state on QEMU

11 The first instruction To understand, we first need to understand: 1. x86 state (e.g., registers) 2. Memory referencing model (e.g,. segmentation) 3. BIOS features (e.g., memory aliasing) (gdb) x/1i 0xfffffff0 0xfffffff0: ljmp $0xf000,$0xe05b

12 x86 execution environment (IA32, Ch.3.2) CPU Registers: instruction pointer (IP) 8 general purpose regs 6 segment regs status regs control regs Address space: 0-2^32, 4GB I/O ports: 1024 space

13 x86 registers (IA32, Ch.3.4) 8, 16, 32 bit version General purpose, but with convention

14 x86 registers (IA32, Ch.3.4) EAX : accumulator register EBX : base register ECX : count register EDX : data register ESI : source index EDI : destination index EBP : base pointer ESP : stack pointer EIP : instruction pointer

x86 EFLAGS 15

16 QEMU's internal state (qemu) info registers EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000663 ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000 EIP=0000fff0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 00000000 0000ffff 00009300 CS =f000 ffff0000 0000ffff 00009b00 SS =0000 00000000 0000ffff 00009300 DS =0000 00000000 0000ffff 00009300 FS =0000 00000000 0000ffff 00009300 GS =0000 00000000 0000ffff 00009300 LDT=0000 00000000 0000ffff 00008200 TR =0000 00000000 0000ffff 00008b00 GDT= 00000000 0000ffff IDT= 00000000 0000ffff CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000

17 Memory referencing model: Segmentation Initial IP 0xfffffff0, but EIP=0x000fff0? Interpreted by segmentation: e.g., 0xfffffff0 = 0xffff0000 (base) + 0x000fff0 (EIP) ES =0000 00000000 0000ffff 00009300 CS =f000 ffff0000 0000ffff 00009b00 SS =0000 00000000 0000ffff 00009300 DS =0000 00000000 0000ffff 00009300 FS =0000 00000000 0000ffff 00009300 GS =0000 00000000 0000ffff 00009300

18 x86 Segmentation Segment selectors (16 bits): hold "segment selector" CS : Code Segment DS : Data Segment SS : Stack Segment ES : Extra Segment FS : F Segment GS : G Segment

19 History: Segmentation in 8086 16-bit micro-processor (2^16, 64KB) Has 20-bit physical addr (2^20, 1MB) Uses extra four bits from a 16-bit "segment register" CS: for fetches via IP DS: for load/store via other registers SS: for load/store via SP and BP ES: another data segment, destination for string operations, Address translation: pa = va + seg*16

20 Segmentation in x86 Segment registers hold "segment selector" (in real mode)

21 Segmentation in x86 Protection through segmentation (in protected mode)

22 Segment descriptor e.g., 0x009b 0000 0000 1001 1011 (CS in QEMU)

23 Flat memory through segmentation jos, xv6: relies on paging for protection (later)

24 Example: segmentation on xv6 CS/DS/ES/SS 0x00000000 (base) - 0xffffffff (limit) 0xcf9a: 1100 1111 1001 1010 ES =0010 00000000 ffffffff 00cf9300 DPL=0 DS [-WA] CS =0008 00000000 ffffffff 00cf9a00 DPL=0 CS32 [-R-] SS =0010 00000000 ffffffff 00cf9300 DPL=0 DS [-WA] DS =0010 00000000 ffffffff 00cf9300 DPL=0 DS [-WA]

25 Memory aliasing reset---=> +------------------+ <= 0xFFFFFFFF (4GB) +--- BIOS ROM +------------------+ Unused +------------------+ <= depends on amount of RAM (real) Memory +------------------+ <= 0x00100000 (1MB) ljmp +-=> BIOS ROM +------------------+ <= 0x000F0000 (960KB)... +------------------+ <= 0x00000000

26 The first instruction (again) A far jump: CS=0xf000, IP=0xe05b Next IP: 0xfe05b = 0xf000 * 16 + 0xe05b (real mode) (gdb) x/1i 0xfffffff0 0xfffffff0: ljmp $0xf000,$0xe05b

27 SeaBIOS: reset vector SeaBIOS: an open source implementation of x86 BIOS src/romlayout.s reset_vector: ljmpw $SEG_BIOS, $entry_post

28 BIOS Bootloader 1. System startup (e.g., I2C to RAM) 2. Power-On Self-Test (POST) 3. Handover to bootloader Search bootable devices (looking for a signature, 0x55 0xAA) Load the first sector (MBR, 512B) 0x0000:0x7c00 (32KB - 1KB) DEMO: where/how SeaBIOS loads the MBR?

29 Why not loading the operating system? Hard to fit the entire OS in 512 bytes More options for users: boot from cdrom, network, usb, etc.

30 Code review: xv6 bootloader Makefile bootasm.s bootmain.c

31 About A20 line: a quirk for compatibility 8086 1MB (20-bit), 80286 16MB (24-bit) In 8086, due to segmentation, it could address over 1MB 0xffff * 16 + 0xffff = 0x10ffef (1MB + 64KB - 16B) Wrap around "feature": 0x10ffef 0x00ffef In 20286, latch A20 line for compatibility Using a spare pin in Intel's 8042 keyboard controller How to disable (so, enabling A20 line)? Talking to 8042, A20 Gate in IBM PC, or a BIOS call

Segment descriptor tables 32

33 I/O: communicating to external world Works same as memory accesses, but set I/O signal Only 1024 I/O addresses Accessed with special instructions (IN, OUT) Example: readsect() in xv6, console.c in jos

34 I/O: read a sector from a disk (ATA/IDE) void readsect(void *dst, uint offset) { waitdisk(); outb(0x1f2, 1); // count = 1 outb(0x1f3, offset); // set offset outb(0x1f4, offset >> 8); outb(0x1f5, offset >> 16); outb(0x1f6, (offset >> 24) 0xE0); // master/slave outb(0x1f7, 0x20); // cmd: read sectors } waitdisk(); insl(0x1f0, dst, SECTSIZE/4); // read data

35 ATA Command (ATA8-ACS) Yet another protocol (462 pages)

36 Memory-mapped I/O Use normal physical memory addresses Gets around limited size of I/O address space No need for special instructions (i.e., no 1024 limitation) System controller routes to appropriate device Works like "magic" memory: Addressed and accessed like memory Reads and writes can have "side effects"

37 Physical memory layout (again) /\/\/\/\/\/\/\/\/\/\ <= depends on amount of RAM Extended Memory +------------------+ <= 0x00100000 (1MB) BIOS ROM +------------------+ <= 0x000F0000 (960KB) 16-bit devices, expansion ROMs +------------------+ <= 0x000C0000 (768KB) VGA Display +------------------+ <= 0x000A0000 (640KB) Low Memory +------------------+ <= 0x00000000

38 Exercise: booting xv6 $ git clone git://tc.gtisc.gatech.edu/cs3210-pub or $ cd cs3210-pub $ git pull

39 References Intel Manual UW CSE 451 OSPP MIT 6.828 Wikipedia The Internet

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback