在长模式下更改 GDT 并更新 CS [英] Change GDT and update CS while in long mode

问题描述

我正在编写一个简单的自制 64 位操作系统，通过 UEFI 启动它.这意味着当我的代码开始执行时，它已经处于长模式，启用了分页.

I'm writing a simple home-made 64-bit OS, booting it via UEFI. This means that when my code starts executing, it is already in long mode, with paging enabled.

现在，在退出 UEFI 引导服务后，我想用自己的控制结构替换 UEFI 构建的所有控制结构.

Now, after exiting the UEFI boot services, I want to replace all control structures built by UEFI with my own.

在成功更改 CR3(分页结构)的内容后，我使用 lgdt 成功加载了一个新的 GDT.

After successfully changing the contents of CR3 (paging structures), I successfully loaded a new GDT using lgdt.

现在的问题是，为了正确使用这个新的 GDT，我需要将一个新值移动到 CS 中.我在网上找到了很多关于在从 32 位切换到 64 位时如何做到这一点的教程，但几乎没有关于长模式到长模式的内容.

The problem is that now, to correctly use this new GDT, I need to move a new value into CS. Online I found lots of tutorials on how to do that while switching from 32-bit to 64-bit, but almost nothing about long mode to long mode.

我想我应该使用远跳，但我没有设法用这段代码(AT&T 语法)做到这一点:

I think I should use a far jump, but I didn't manage to do that with this code (AT&T syntax):

mov %rax, %cr3   # load paging structures (it works)
lgdt 6(%rcx)     # load gdt (it works)
mov $100, %rsp   # update stack pointer (it works)

# now what I tried unsuccessfully:
pushw $8         # new code segment selector
pushq fun        # function to execute next
retfq            # far return (pops address and code segment)

没有任何 IDT，这段代码在 retfq 处出现三重错误.

Not having any IDT in place, this code triple faults at retfq.

我检查了我的分页结构，我很确定它们不是问题的原因.事实上，没有最后三个指令，代码运行良好.问题是我需要一种方法来更新 CS，在我的代码中仍然指的是 UEFI 构建的旧段.retfq 是这样做的正确方法吗?或者我应该使用哪些其他指令?

I checked my paging structures, and I'm quite sure they are not the cause of the problems. In fact, the code runs fine without the last three instructions. The problem is that I need a way to update the CS, that in my code still refers to the old segment built by UEFI. Is retfq the correct way of doing this? Or which other instruction should I use?

提前致谢.

推荐答案

看起来主要问题是一个简单的错字.在 at&t 语法中，pushq fun 和 pushq $fun 的意思非常不同，前者将内存中的 8 个字节推入地址 fun 而后者推送 fun 的地址(假设它适合 32 位符号扩展立即数).

Looks like the main issue was a simple typo. In at&t syntax pushq fun and pushq $fun mean very different things, the former pushes the 8 bytes in memory at address fun while the latter pushes the address of fun (assuming it fits into a 32 bit sign extended immediate).

也就是说，lretq 也期望选择器是一个完整的 8 字节 qword，所以 pushw $8 应该真的 pushq $8.只要额外的 6 个字节可读，字大小的推送仍然可以工作，但它会使堆栈不平衡.如果您无论如何都重新加载堆栈指针，这可能无关紧要.

That said, lretq also expects the selector as a full 8-byte qword so pushw $8 should really pushq $8. The word-sized push will still work as long as the extra 6 bytes are readable, but it will unbalance the stack. This might not matter if you reload the stack pointer anyway.

避免上述所有陷阱的替代代码可能如下所示:

An alternative code that avoids all of the above pitfalls could look like:

sub $16, %rsp
movq $8, 8(%rsp)
movabsq $fun, %rax
mov %rax, (%rsp)
lretq

这篇关于在长模式下更改 GDT 并更新 CS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！