2 # Copyright (c) 1998 Robert Nordier
5 # Redistribution and use in source and binary forms are freely
6 # permitted provided that the above copyright notice and this
7 # paragraph and the following disclaimer are duplicated in all
10 # This software is provided "AS IS" and without any express or
11 # implied warranties, including, without limitation, the implied
12 # warranties of merchantability and fitness for a particular
16 # $FreeBSD: src/sys/boot/pc98/btx/btx/btx.s,v 1.6.2.5 2001/12/27 16:53:08 nyan Exp $
21 .set MEM_BTX,0x1000 # Start of BTX memory
22 .set MEM_ESP0,0x1800 # Supervisor stack
23 .set MEM_BUF,0x1800 # Scratch buffer
24 .set MEM_ESP1,0x1e00 # Link stack
25 .set MEM_IDT,0x1e00 # IDT
26 .set MEM_TSS,0x1f98 # TSS
27 .set MEM_MAP,0x2000 # I/O bit map
28 .set MEM_DIR,0x4000 # Page directory
29 .set MEM_TBL,0x5000 # Page tables
30 .set MEM_ORG,0x9000 # BTX code
31 .set MEM_USR,0xa000 # Start of user memory
35 .set PAG_SIZ,0x1000 # Page size
36 .set PAG_CNT,0x1000 # Pages to map
40 .set SEL_SCODE,0x8 # Supervisor code
41 .set SEL_SDATA,0x10 # Supervisor data
42 .set SEL_RCODE,0x18 # Real mode code
43 .set SEL_RDATA,0x20 # Real mode data
44 .set SEL_UCODE,0x28|3 # User code
45 .set SEL_UDATA,0x30|3 # User data
46 .set SEL_TSS,0x38 # TSS
48 # Task state segment fields.
50 .set TSS_ESP0,0x4 # PL 0 ESP
51 .set TSS_SS0,0x8 # PL 0 SS
52 .set TSS_ESP1,0xc # PL 1 ESP
53 .set TSS_MAP,0x66 # I/O bit map base
57 .set SYS_EXIT,0x0 # Exit
58 .set SYS_EXEC,0x1 # Exec
62 .set V86_FLG,0x208eff # V86 flag mask
63 .set V86_STK,0x400 # V86 stack allowance
65 # Dump format control bytes.
67 .set DMP_X16,0x1 # Word
68 .set DMP_X32,0x2 # Long
69 .set DMP_MEM,0x4 # Memory
70 .set DMP_EOL,0x8 # End of line
72 # Screen defaults and assumptions.
75 .set SCR_MAT,0xe1 # Mode/attribute
77 .set SCR_MAT,0x7 # Mode/attribute
79 .set SCR_COL,0x50 # Columns per row
80 .set SCR_ROW,0x19 # Rows per screen
82 # BIOS Data Area locations.
85 .set BDA_MEM,0x501 # Free memory
86 .set BDA_KEYFLAGS,0x53a # Keyboard shift-state flags
87 .set BDA_POS,0x53e # Cursor position
89 .set BDA_MEM,0x413 # Free memory
90 .set BDA_KEYFLAGS,0x417 # Keyboard shift-state flags
91 .set BDA_SCR,0x449 # Video mode
92 .set BDA_POS,0x450 # Cursor position
93 .set BDA_BOOT,0x472 # Boot howto flag
96 # Derivations, for brevity.
98 .set _ESP0H,MEM_ESP0>>0x8 # Byte 1 of ESP0
99 .set _ESP1H,MEM_ESP1>>0x8 # Byte 1 of ESP1
100 .set _TSSIO,MEM_MAP-MEM_TSS # TSS I/O base
101 .set _TSSLM,MEM_DIR-MEM_TSS-1 # TSS limit
102 .set _IDTLM,MEM_TSS-MEM_IDT-1 # IDT limit
108 start: # Start of code
112 btx_hdr: .byte 0xeb # Machine ID
113 .byte 0xe # Header size
115 .byte 0x1 # Major version
116 .byte 0x1 # Minor version
117 .byte BTX_FLAGS # Flags
118 .word PAG_CNT-MEM_ORG>>0xc # Paging control
119 .word break-start # Text size
120 .long 0x0 # Entry address
122 # Initialization routine.
124 init: cli # Disable interrupts
125 xor %ax,%ax # Zero/segment
127 mov $MEM_ESP0,%sp # stack
128 mov %ax,%es # Address
135 mov $MEM_IDT,%di # Memory to initialize
136 mov $(MEM_ORG-MEM_IDT)/2,%cx # Words to zero
144 mov $idtctl,%si # Control string
145 init.1: lodsb # Get entry
147 xchg %ax,%cx # as word
148 jcxz init.4 # If done
150 xchg %ax,%dx # P:DPL:type
153 lodsw # Get handler offset
154 mov $SEL_SCODE,%dh # Segment selector
155 init.2: shr %bx # Handle this int?
157 mov %ax,(%di) # Set handler offset
158 mov %dh,0x2(%di) # and selector
159 mov %dl,0x5(%di) # Set P:DPL:type
160 add $0x4,%ax # Next handler
161 init.3: lea 0x8(%di),%di # Next entry
162 loop init.2 # Till set done
163 jmp init.1 # Continue
167 init.4: movb $_ESP0H,TSS_ESP0+1(%di) # Set ESP0
168 movb $SEL_SDATA,TSS_SS0(%di) # Set SS0
169 movb $_ESP1H,TSS_ESP1+1(%di) # Set ESP1
170 movb $_TSSIO,TSS_MAP(%di) # Set I/O bit map base
173 # Create page directory.
176 mov $PAG_SIZ>>0x8,%dh # size
178 mov $MEM_DIR,%di # Page directory
179 mov $PAG_CNT>>0xa,%cl # Entries
180 mov $MEM_TBL|0x7,%ax # First entry
181 init.5: stosl # Write entry
182 add %dx,%ax # To next
183 loop init.5 # Till done
185 # Create page tables.
187 mov $MEM_TBL,%di # Page table
188 mov $PAG_CNT>>0x8,%ch # Entries
189 xor %ax,%ax # Start address
190 init.6: mov $0x7,%al # Set U:W:P flags
191 cmp btx_hdr+0x8,%cx # Standard user page?
193 cmp $PAG_CNT-MEM_BTX>>0xc,%cx # BTX memory?
194 jae init.7 # No or first page
195 and $~0x2,%al # Clear W flag
196 cmp $PAG_CNT-MEM_USR>>0xc,%cx # User page zero?
198 testb $0x80,btx_hdr+0x7 # Unmap it?
200 and $~0x1,%al # Clear P flag
201 init.7: stosl # Set entry
202 add %edx,%eax # Next address
203 loop init.6 # Till done
206 # Bring up the system.
208 mov $0x2820,%bx # Set protected mode
209 callw setpic # IRQ offsets
210 lidt idtdesc # Set IDT
212 xor %eax,%eax # Set base
213 mov $MEM_DIR>>0x8,%ah # of page
214 mov %eax,%cr3 # directory
216 lgdt gdtdesc # Set GDT
217 mov %cr0,%eax # Switch to protected
219 or $0x80000001,%eax # mode and enable paging
224 ljmp $SEL_SCODE,$init.8 # To 32-bit code
226 init.8: xorl %ecx,%ecx # Zero
227 movb $SEL_SDATA,%cl # To 32-bit
232 movb $SEL_TSS,%cl # Set task
234 movl $MEM_USR,%edx # User base address
235 movzwl %ss:BDA_MEM,%eax # Get free memory
239 shll $0x11,%eax # To bytes
241 shll $0xa,%eax # To bytes
243 subl $0x1000,%eax # Less arg space
244 subl %edx,%eax # Less base
245 movb $SEL_UDATA,%cl # User data selector
248 push $0x202 # Set flags (IF set)
249 push $SEL_UCODE # Set CS
250 pushl btx_hdr+0xc # Set EIP
256 movb $0x7,%cl # Set remaining
257 init.9: push $0x0 # general
258 loop init.9 # registers
259 popa # and initialize
260 popl %es # Initialize
268 exit: cli # Disable interrupts
269 movl $MEM_ESP0,%esp # Clear stack
273 movl %cr0,%eax # Get CR0
275 andl $~0x80000000,%eax # Disable
276 movl %eax,%cr0 # paging
278 xorl %ecx,%ecx # Zero
280 movl %ecx,%cr3 # Flush TLB
285 ljmpw $SEL_RCODE,$exit.1 # Reload CS
287 exit.1: mov $SEL_RDATA,%cl # 16-bit selector
288 mov %cx,%ss # Reload SS
290 mov %cx,%es # remaining
291 mov %cx,%fs # segment
292 mov %cx,%gs # registers
294 # To real-address mode.
297 mov %eax,%cr0 # real mode
298 ljmp $0x0,$exit.2 # Reload CS
299 exit.2: xor %ax,%ax # Real mode segment
300 mov %ax,%ss # Reload SS
301 mov %ax,%ds # Address data
303 mov $0x1008,%bx # Set real mode
305 mov $0x7008,%bx # Set real mode
307 callw setpic # IRQ offsets
308 lidt ivtdesc # Set IVT
310 # Reboot or await reset.
312 sti # Enable interrupts
313 testb $0x1,btx_hdr+0x7 # Reboot?
314 exit.3: jz exit.3 # No
322 movw $0x1234, BDA_BOOT # Do a warm boot
323 ljmp $0xffff,$0x0 # reboot the machine
326 # Set IRQ offsets by reprogramming 8259A PICs.
329 setpic: in $0x02,%al # Save master
331 in $0x0a,%al # Save slave
333 movb $0x11,%al # ICW1 to
334 outb %al,$0x00 # master,
335 outb %al,$0x08 # slave
336 movb %bl,%al # ICW2 to
337 outb %al,$0x02 # master
338 movb %bh,%al # ICW2 to
339 outb %al,$0x0a # slave
340 movb $0x80,%al # ICW3 to
341 outb %al,$0x02 # master
342 movb $0x7,%al # ICW3 to
343 outb %al,$0x0a # slave
344 movb $0x1d,%al # ICW4 to
345 outb %al,$0x02 # master,
346 movb $0x9,%al # ICW4 to
347 outb %al,$0x0a # slave
348 pop %ax # Restore slave
350 pop %ax # Restore master
353 setpic: in $0x21,%al # Save master
355 in $0xa1,%al # Save slave
357 movb $0x11,%al # ICW1 to
358 outb %al,$0x20 # master,
359 outb %al,$0xa0 # slave
360 movb %bl,%al # ICW2 to
361 outb %al,$0x21 # master
362 movb %bh,%al # ICW2 to
363 outb %al,$0xa1 # slave
364 movb $0x4,%al # ICW3 to
365 outb %al,$0x21 # master
366 movb $0x2,%al # ICW3 to
367 outb %al,$0xa1 # slave
368 movb $0x1,%al # ICW4 to
369 outb %al,$0x21 # master,
370 outb %al,$0xa1 # slave
371 pop %ax # Restore slave
373 pop %ax # Restore master
379 # Initiate return from V86 mode to user mode.
381 inthlt: hlt # To supervisor mode
383 # Exception jump table.
385 intx00: push $0x0 # Int 0x0: #DE
386 jmp ex_noc # Divide error
387 push $0x1 # Int 0x1: #DB
389 push $0x3 # Int 0x3: #BP
390 jmp ex_noc # Breakpoint
391 push $0x4 # Int 0x4: #OF
392 jmp ex_noc # Overflow
393 push $0x5 # Int 0x5: #BR
394 jmp ex_noc # BOUND range exceeded
395 push $0x6 # Int 0x6: #UD
396 jmp ex_noc # Invalid opcode
397 push $0x7 # Int 0x7: #NM
398 jmp ex_noc # Device not available
399 push $0x8 # Int 0x8: #DF
400 jmp except # Double fault
401 push $0xa # Int 0xa: #TS
402 jmp except # Invalid TSS
403 push $0xb # Int 0xb: #NP
404 jmp except # Segment not present
405 push $0xc # Int 0xc: #SS
406 jmp except # Stack segment fault
407 push $0xd # Int 0xd: #GP
408 jmp ex_v86 # General protection
409 push $0xe # Int 0xe: #PF
410 jmp except # Page fault
411 intx10: push $0x10 # Int 0x10: #MF
412 jmp ex_noc # Floating-point error
414 # Handle #GP exception.
416 ex_v86: testb $0x2,0x12(%esp,1) # V86 mode?
418 jmp v86mon # To monitor
420 # Save a zero error code.
422 ex_noc: pushl (%esp,1) # Duplicate int no
423 movb $0x0,0x4(%esp,1) # Fake error code
427 except: cld # String ops inc
431 movb $0x6,%al # Push loop count
432 testb $0x2,0x3a(%esp,1) # V86 mode?
438 movb $0x2,%al # Push loop count
439 cmpw $SEL_SCODE,0x44(%esp,1) # Supervisor mode?
442 leal 0x50(%esp,1),%eax # Set
444 jmp except.2 # Join common code
445 except.1: pushl 0x50(%esp,1) # Set GS, FS, DS, ES
446 decb %al # (if V86 mode), and
447 jne except.1 # SS, ESP
448 except.2: push $SEL_SDATA # Set up
452 movl %esp,%ebx # Stack frame
453 movl $dmpfmt,%esi # Dump format string
454 movl $MEM_BUF,%edi # Buffer
486 call putstr # display
487 leal 0x18(%esp,1),%esp # Discard frame
491 cmpb $0x3,(%esp,1) # Breakpoint?
494 except.3: leal 0x8(%esp,1),%esp # Discard err, int no
495 iret # From interrupt
497 # Return to user mode from V86 mode.
499 intrtn: cld # String ops inc
502 leal 0x3c(%ebp),%edx # V86 Segment registers
503 movl MEM_TSS+TSS_ESP1,%esi # Link stack pointer
504 lodsl # INT_V86 args pointer
505 movl %esi,%ebx # Saved exception frame
506 testl %eax,%eax # INT_V86 args?
508 movl $MEM_USR,%edi # User base
509 movl 0x1c(%esi),%ebx # User ESP
510 movl %eax,(%edi,%ebx,1) # Restore to user stack
511 leal 0x8(%edi,%eax,1),%edi # Arg segment registers
512 testb $0x4,-0x6(%edi) # Return flags?
514 movl 0x30(%ebp),%eax # Get V86 flags
515 movw %ax,0x18(%esi) # Set user flags
516 intrtn.1: leal 0x10(%esi),%ebx # Saved exception frame
517 xchgl %edx,%esi # Segment registers
518 movb $0x4,%cl # Update seg regs
521 intrtn.2: movl %edx,%esi # Segment registers
522 leal 0x28(%ebp),%edi # Set up seg
523 movb $0x4,%cl # regs for
526 movl %ebx,%esi # Restore exception
527 movb $0x5,%cl # frame to
530 movl %esi,MEM_TSS+TSS_ESP1 # Link stack pointer
532 leal 0x8(%esp,1),%esp # Discard err, int no
541 v86mon: cld # String ops inc
542 pushl $SEL_SDATA # Set up for
543 popl %ds # flat addressing
544 pusha # Save registers
545 movl %esp,%ebp # Address stack frame
546 movzwl 0x2c(%ebp),%edi # Load V86 CS
547 shll $0x4,%edi # To linear
548 movl 0x28(%ebp),%esi # Load V86 IP
549 addl %edi,%esi # Code pointer
550 xorl %ecx,%ecx # Zero
551 movb $0x2,%cl # 16-bit operands
552 xorl %eax,%eax # Zero
553 v86mon.1: lodsb # Get opcode
554 cmpb $0x66,%al # Operand size prefix?
556 movb $0x4,%cl # 32-bit operands
557 jmp v86mon.1 # Continue
558 v86mon.2: cmpb $0xf4,%al # HLT?
560 cmpl $inthlt+0x1,%esi # Is inthlt?
561 jne v86mon.7 # No (ignore)
562 jmp intrtn # Return to user mode
563 v86mon.3: cmpb $0xf,%al # Prefixed instruction?
565 cmpb $0x09,(%esi) # Is it a WBINVD?
567 cmpb $0x30,(%esi) # Is it a WRMSR?
569 cmpb $0x32,(%esi) # Is it a RDMSR?
571 cmpb $0x20,(%esi) # Is this a
572 jne v86mon.4 # MOV EAX,CR0
573 cmpb $0xc0,0x1(%esi) # instruction?
575 v86mon.4: cmpb $0xfa,%al # CLI?
577 cmpb $0xfb,%al # STI?
579 movzwl 0x38(%ebp),%ebx # Load V86 SS
580 shll $0x4,%ebx # To offset
582 addl 0x34(%ebp),%ebx # Add V86 SP
583 movl 0x30(%ebp),%edx # Load V86 flags
584 cmpb $0x9c,%al # PUSHF/PUSHFD?
586 cmpb $0x9d,%al # POPF/POPFD?
588 cmpb $0xcd,%al # INT imm8?
590 cmpb $0xcf,%al # IRET/IRETD?
594 jmp except # Handle exception
595 v86mon.5: movl %edx,0x30(%ebp) # Save V86 flags
596 v86mon.6: popl %edx # V86 SS adjustment
597 subl %edx,%ebx # Save V86
598 movl %ebx,0x34(%ebp) # SP
599 v86mon.7: subl %edi,%esi # From linear
600 movl %esi,0x28(%ebp) # Save V86 IP
602 leal 0x8(%esp,1),%esp # Discard int no, error
605 # Emulate MOV EAX,CR0.
607 v86mov: movl %cr0,%eax # CR0 to
608 movl %eax,0x1c(%ebp) # saved EAX
609 incl %esi # Adjust IP
611 # Return from emulating a 0x0f prefixed instruction
613 v86preret: incl %esi # Adjust IP
614 jmp v86mon.7 # Finish up
618 v86wbinvd: wbinvd # Write back and invalidate
620 jmp v86preret # Finish up
624 v86wrmsr: movl 0x18(%ebp),%ecx # Get user's %ecx (MSR to write)
625 movl 0x14(%ebp),%edx # Load the value
626 movl 0x1c(%ebp),%eax # to write
628 jmp v86preret # Finish up
632 v86rdmsr: movl 0x18(%ebp),%ecx # MSR to read
634 movl %eax,0x1c(%ebp) # Return the value of
635 movl %edx,0x14(%ebp) # the MSR to the user
636 jmp v86preret # Finish up
640 v86cli: andb $~0x2,0x31(%ebp) # Clear IF
641 jmp v86mon.7 # Finish up
645 v86sti: orb $0x2,0x31(%ebp) # Set IF
646 jmp v86mon.7 # Finish up
648 # Emulate PUSHF/PUSHFD.
650 v86pushf: subl %ecx,%ebx # Adjust SP
651 cmpb $0x4,%cl # 32-bit
654 v86pushf.1: movl %edx,(%ebx) # Save flags
655 jmp v86mon.6 # Finish up
657 # Emulate IRET/IRETD.
659 v86iret: movzwl (%ebx),%esi # Load V86 IP
660 movzwl 0x2(%ebx),%edi # Load V86 CS
661 leal 0x4(%ebx),%ebx # Adjust SP
662 movl %edi,0x2c(%ebp) # Save V86 CS
663 xorl %edi,%edi # No ESI adjustment
665 # Emulate POPF/POPFD (and remainder of IRET/IRETD).
667 v86popf: cmpb $0x4,%cl # 32-bit?
669 movl %edx,%eax # Initialize
671 v86popf.1: movl (%ebx),%eax # Load flags
672 addl %ecx,%ebx # Adjust SP
673 andl $V86_FLG,%eax # Merge
674 andl $~V86_FLG,%edx # the
675 orl %eax,%edx # flags
676 jmp v86mon.5 # Finish up
678 # trap int 15, function 87
679 # reads %es:%si from saved registers on stack to find a GDT containing
680 # source and destination locations
681 # reads count of words from saved %cx
682 # returns success by setting %ah to 0
684 int15_87: pushl %eax # Save
685 pushl %ebx # some information
686 pushl %esi # onto the stack.
688 xorl %eax,%eax # clean EAX
689 xorl %ebx,%ebx # clean EBX
690 movl 0x4(%ebp),%esi # Get user's ESI
691 movl 0x3C(%ebp),%ebx # store ES
692 movw %si,%ax # store SI
693 shll $0x4,%ebx # Make it a seg.
694 addl %eax,%ebx # ebx=(es<<4)+si
695 movb 0x14(%ebx),%al # Grab the
696 movb 0x17(%ebx),%ah # necessary
697 shll $0x10,%eax # information
698 movw 0x12(%ebx),%ax # from
700 movb 0x1c(%ebx),%al # GDT in order to
701 movb 0x1f(%ebx),%ah # have %esi offset
702 shll $0x10,%eax # of source and %edi
703 movw 0x1a(%ebx),%ax # of destination.
707 pushl %ecx # stash ECX
708 xorl %ecx,%ecx # highw of ECX is clear
709 movw 0x18(%ebp),%cx # Get user's ECX
710 shll $0x1,%ecx # Convert from num words to num
713 movsb # perform copy.
719 movb $0x0,0x1d(%ebp) # set ah = 0 to indicate
721 andb $0xfe,%dl # clear CF
722 jmp v86mon.5 # Finish up
725 # Reboot the machine by setting the reboot flag and exiting
727 reboot: orb $0x1,btx_hdr+0x7 # Set the reboot flag
728 jmp exit # Terminate BTX and reboot
731 # Emulate INT imm8... also make sure to check if it's int 15/87
733 v86intn: lodsb # Get int no
734 cmpb $0x19,%al # is it int 19?
735 je reboot # yes, reboot the machine
736 cmpb $0x15,%al # is it int 15?
737 jne v86intn.3 # no, skip parse
738 pushl %eax # stash EAX
739 movl 0x1c(%ebp),%eax # user's saved EAX
740 cmpb $0x87,%ah # is it the memcpy subfunction?
741 jne v86intn.1 # no, keep checking
742 popl %eax # get the stack straight
743 jmp int15_87 # it's our cue
744 v86intn.1: cmpw $0x4f53,%ax # is it the delete key callout?
745 jne v86intn.2 # no, handle the int normally
746 movb BDA_KEYFLAGS,%al # get the shift key state
748 andb $0x18,%al # mask off just Ctrl and Alt
749 cmpb $0x18,%al # are both Ctrl and Alt down?
751 andb $0xc,%al # mask off just Ctrl and Alt
752 cmpb $0xc,%al # are both Ctrl and Alt down?
754 jne v86intn.2 # no, handle the int normally
755 popl %eax # restore EAX
756 jmp reboot # reboot the machine
757 v86intn.2: popl %eax # restore EAX
758 v86intn.3: subl %edi,%esi # From
759 shrl $0x4,%edi # linear
760 movw %dx,-0x2(%ebx) # Save flags
761 movw %di,-0x4(%ebx) # Save CS
762 leal -0x6(%ebx),%ebx # Adjust SP
763 movw %si,(%ebx) # Save IP
764 shll $0x2,%eax # Scale
765 movzwl (%eax),%esi # Load IP
766 movzwl 0x2(%eax),%edi # Load CS
767 movl %edi,0x2c(%ebp) # Save CS
768 xorl %edi,%edi # No ESI adjustment
769 andb $~0x1,%dh # Clear TF
770 jmp v86mon.5 # Finish up
772 # Hardware interrupt jump table.
774 intx20: push $0x8 # Int 0x20: IRQ0
775 jmp int_hw # V86 int 0x8
776 push $0x9 # Int 0x21: IRQ1
777 jmp int_hw # V86 int 0x9
778 push $0xa # Int 0x22: IRQ2
779 jmp int_hw # V86 int 0xa
780 push $0xb # Int 0x23: IRQ3
781 jmp int_hw # V86 int 0xb
782 push $0xc # Int 0x24: IRQ4
783 jmp int_hw # V86 int 0xc
784 push $0xd # Int 0x25: IRQ5
785 jmp int_hw # V86 int 0xd
786 push $0xe # Int 0x26: IRQ6
787 jmp int_hw # V86 int 0xe
788 push $0xf # Int 0x27: IRQ7
789 jmp int_hw # V86 int 0xf
791 push $0x10 # Int 0x28: IRQ8
792 jmp int_hw # V86 int 0x10
793 push $0x11 # Int 0x29: IRQ9
794 jmp int_hw # V86 int 0x11
795 push $0x12 # Int 0x2a: IRQ10
796 jmp int_hw # V86 int 0x12
797 push $0x13 # Int 0x2b: IRQ11
798 jmp int_hw # V86 int 0x13
799 push $0x14 # Int 0x2c: IRQ12
800 jmp int_hw # V86 int 0x14
801 push $0x15 # Int 0x2d: IRQ13
802 jmp int_hw # V86 int 0x15
803 push $0x16 # Int 0x2e: IRQ14
804 jmp int_hw # V86 int 0x16
805 push $0x17 # Int 0x2f: IRQ15
806 jmp int_hw # V86 int 0x17
808 push $0x70 # Int 0x28: IRQ8
809 jmp int_hw # V86 int 0x70
810 push $0x71 # Int 0x29: IRQ9
811 jmp int_hw # V86 int 0x71
812 push $0x72 # Int 0x2a: IRQ10
813 jmp int_hw # V86 int 0x72
814 push $0x73 # Int 0x2b: IRQ11
815 jmp int_hw # V86 int 0x73
816 push $0x74 # Int 0x2c: IRQ12
817 jmp int_hw # V86 int 0x74
818 push $0x75 # Int 0x2d: IRQ13
819 jmp int_hw # V86 int 0x75
820 push $0x76 # Int 0x2e: IRQ14
821 jmp int_hw # V86 int 0x76
822 push $0x77 # Int 0x2f: IRQ15
823 jmp int_hw # V86 int 0x77
826 # Reflect hardware interrupts.
828 int_hw: testb $0x2,0xe(%esp,1) # V86 mode?
830 pushl $SEL_SDATA # Address
832 xchgl %eax,(%esp,1) # Swap EAX, int no
834 movl %esp,%ebp # stack frame
836 shll $0x2,%eax # Get int
837 movl (%eax),%eax # vector
838 subl $0x6,0x14(%ebp) # Adjust V86 ESP
839 movzwl 0x18(%ebp),%ebx # V86 SS
840 shll $0x4,%ebx # * 0x10
841 addl 0x14(%ebp),%ebx # + V86 ESP
842 xchgw %ax,0x8(%ebp) # Swap V86 IP
843 rorl $0x10,%eax # Swap words
844 xchgw %ax,0xc(%ebp) # Swap V86 CS
845 roll $0x10,%eax # Swap words
846 movl %eax,(%ebx) # CS:IP for IRET
847 movl 0x10(%ebp),%eax # V86 flags
848 movw %ax,0x4(%ebx) # Flags for IRET
849 andb $~0x3,0x11(%ebp) # Clear IF, TF
852 popl %eax # registers
855 # Invoke V86 interrupt from user mode, with arguments.
857 intx31: stc # Have btx_v86
858 pushl %eax # Missing int no
860 # Invoke V86 interrupt from user mode.
862 intusr: std # String ops dec
868 movl %esp,%eax # seg regs
872 push $SEL_SDATA # Set up
876 movl $MEM_USR,%ebx # User base
877 movl %ebx,%edx # address
878 jc intusr.1 # If btx_v86
879 xorl %edx,%edx # Control flags
880 xorl %ebp,%ebp # btx_v86 pointer
881 intusr.1: leal 0x50(%esp,1),%esi # Base of frame
883 addl -0x4(%esi),%ebx # User ESP
884 movl MEM_TSS+TSS_ESP1,%edi # Link stack pointer
885 leal -0x4(%edi),%edi # Adjust for push
886 xorl %ecx,%ecx # Zero
887 movb $0x5,%cl # Push exception
890 xchgl %eax,%esi # Saved seg regs
891 movl 0x40(%esp,1),%eax # Get int no
892 testl %edx,%edx # Have btx_v86?
894 movl (%ebx),%ebp # btx_v86 pointer
895 movb $0x4,%cl # Count
896 addl %ecx,%ebx # Adjust for pop
897 rep # Push saved seg regs
898 movsl # on link stack
899 addl %ebp,%edx # Flatten btx_v86 ptr
900 leal 0x14(%edx),%esi # Seg regs pointer
901 movl 0x4(%edx),%eax # Get int no/address
902 movzwl 0x2(%edx),%edx # Get control flags
903 intusr.2: movl %ebp,(%edi) # Push btx_v86 and
904 movl %edi,MEM_TSS+TSS_ESP1 # save link stack ptr
905 popl %edi # Base of frame
906 xchgl %eax,%ebp # Save intno/address
907 movl 0x48(%esp,1),%eax # Get flags
908 testb $0x2,%dl # Simulate CALLF?
910 decl %ebx # Push flags
912 movw %ax,(%ebx) # stack
913 intusr.3: movb $0x4,%cl # Count
914 subl %ecx,%ebx # Push return address
915 movl $inthlt,(%ebx) # on V86 stack
916 rep # Copy seg regs to
917 movsl # exception frame
918 xchgl %eax,%ecx # Save flags
919 movl %ebx,%eax # User ESP
920 subl $V86_STK,%eax # Less bytes
922 xorl %eax,%eax # keep
923 intusr.4: shrl $0x4,%eax # Gives segment
925 shll $0x4,%eax # To bytes
926 xchgl %eax,%ebx # Swap
927 subl %ebx,%eax # Gives offset
929 xchgl %eax,%ecx # Get flags
930 btsl $0x11,%eax # Set VM
931 andb $~0x1,%ah # Clear TF
933 xchgl %eax,%ebp # Get int no/address
934 testb $0x1,%dl # Address?
936 shll $0x2,%eax # Scale
937 movl (%eax),%eax # Load int vector
938 intusr.5: movl %eax,%ecx # Save
939 shrl $0x10,%eax # Gives segment
941 movw %cx,%ax # Restore
943 leal 0x10(%esp,1),%esp # Discard seg regs
949 intx30: cmpl $SYS_EXEC,%eax # Exec system call?
959 movl $MEM_USR,%eax # User base address
960 addl 0xc(%esp,1),%eax # Change to user
961 leal 0x4(%eax),%esp # stack
963 movl %cr0,%eax # Turn
964 andl $~0x80000000,%eax # off
965 movl %eax,%cr0 # paging
966 xorl %eax,%eax # Flush
971 intx30.1: incb %ss:btx_hdr+0x7 # Flag reboot
974 # Dump structure [EBX] to [EDI], using format string [ESI].
976 dump.0: stosb # Save char
977 dump: lodsb # Load char
978 testb %al,%al # End of string?
980 testb $0x80,%al # Control?
982 movb %al,%ch # Save control
983 movb $'=',%al # Append
988 addl %ebx,%esi # pointer
989 testb $DMP_X16,%ch # Dump word?
993 dump.1: testb $DMP_X32,%ch # Dump long?
997 dump.2: testb $DMP_MEM,%ch # Dump memory?
1000 testb $0x2,0x52(%ebx) # V86 mode?
1002 verr 0x4(%esi) # Readable selector?
1004 ldsl (%esi),%esi # Load pointer
1005 jmp dump.4 # Join common code
1006 dump.3: lodsl # Set offset
1007 xchgl %eax,%edx # Save
1009 shll $0x4,%eax # * 0x10
1010 addl %edx,%eax # + offset
1011 xchgl %eax,%esi # Set pointer
1012 dump.4: movb $0x10,%cl # Bytes to dump
1013 dump.5: lodsb # Get byte and
1015 decb %cl # Keep count
1017 movb $'-',%al # Separator
1018 cmpb $0x8,%cl # Half way?
1020 movb $' ',%al # Use space
1021 dump.6: stosb # Save separator
1022 jmp dump.5 # Continue
1023 dump.7: popl %ds # Restore
1024 dump.8: popl %esi # Restore
1025 movb $0xa,%al # Line feed
1026 testb $DMP_EOL,%ch # End of line?
1028 movb $' ',%al # Use spaces
1030 dump.9: jmp dump.0 # Continue
1031 dump.10: stosb # Terminate string
1034 # Convert EAX, AX, or AL to hex, saving the result to [EDI].
1036 hex32: pushl %eax # Save
1037 shrl $0x10,%eax # Do upper
1040 hex16: call hex16.1 # Do upper 8
1041 hex16.1: xchgb %ah,%al # Save/restore
1042 hex8: pushl %eax # Save
1043 shrb $0x4,%al # Do upper
1046 hex8.1: andb $0xf,%al # Get lower 4
1047 cmpb $0xa,%al # Convert
1048 sbbb $0x69,%al # to hex
1050 orb $0x20,%al # To lower case
1054 # Output zero-terminated string [ESI] to the console.
1056 putstr.0: call putchr # Output char
1057 putstr: lodsb # Load char
1058 testb %al,%al # End of string?
1062 # Output character AL to the console.
1064 putchr: pusha # Save
1065 xorl %ecx,%ecx # Zero for loops
1066 movb $SCR_MAT,%ah # Mode/attribute
1067 movl $BDA_POS,%ebx # BDA pointer
1068 movw (%ebx),%dx # Cursor position
1072 movl $0xb8000,%edi # Regen buffer (color)
1073 cmpb %ah,BDA_SCR-BDA_POS(%ebx) # Mono mode?
1075 xorw %di,%di # Regen buffer (mono)
1077 putchr.1: cmpb $0xa,%al # New line?
1081 movb %al,(%edi,%ecx,1) # Write char
1083 movb %ah,(%edi,%ecx,1) # Write attr
1086 putchr.2: movw %dx,%ax
1092 putchr.3: cmpw $SCR_ROW*SCR_COL*2,%dx
1094 xchgl %eax,%ecx # Save char
1095 movb $SCR_COL,%al # Columns per row
1096 mulb %dh # * row position
1097 addb %dl,%al # + column
1098 adcb $0x0,%ah # position
1100 xchgl %eax,%ecx # Swap char, offset
1101 movw %ax,(%edi,%ecx,1) # Write attr:char
1102 incl %edx # Bump cursor
1103 cmpb $SCR_COL,%dl # Beyond row?
1105 putchr.2: xorb %dl,%dl # Zero column
1107 putchr.3: cmpb $SCR_ROW,%dh # Beyond screen?
1110 leal 2*SCR_COL(%edi),%esi # New top line
1111 movw $(SCR_ROW-1)*SCR_COL/2,%cx # Words to move
1114 movb $' ',%al # Space
1118 movb $SCR_COL,%cl # Columns to clear
1122 movw $(SCR_ROW-1)*SCR_COL*2,%dx
1124 movb $SCR_ROW-1,%dh # Bottom line
1126 putchr.4: movw %dx,(%ebx) # Update position
1132 # Global descriptor table.
1134 gdt: .word 0x0,0x0,0x0,0x0 # Null entry
1135 .word 0xffff,0x0,0x9a00,0xcf # SEL_SCODE
1136 .word 0xffff,0x0,0x9200,0xcf # SEL_SDATA
1137 .word 0xffff,0x0,0x9a00,0x0 # SEL_RCODE
1138 .word 0xffff,0x0,0x9200,0x0 # SEL_RDATA
1139 .word 0xffff,MEM_USR,0xfa00,0xcf# SEL_UCODE
1140 .word 0xffff,MEM_USR,0xf200,0xcf# SEL_UDATA
1141 .word _TSSLM,MEM_TSS,0x8900,0x0 # SEL_TSS
1144 # Pseudo-descriptors.
1146 gdtdesc: .word gdt.1-gdt-1,gdt,0x0 # GDT
1147 idtdesc: .word _IDTLM,MEM_IDT,0x0 # IDT
1148 ivtdesc: .word 0x400-0x0-1,0x0,0x0 # IVT
1150 # IDT construction control string.
1152 idtctl: .byte 0x10, 0x8e # Int 0x0-0xf
1153 .word 0x7dfb,intx00 # (exceptions)
1154 .byte 0x10, 0x8e # Int 0x10
1155 .word 0x1, intx10 # (exception)
1156 .byte 0x10, 0x8e # Int 0x20-0x2f
1157 .word 0xffff,intx20 # (hardware)
1158 .byte 0x1, 0xee # int 0x30
1159 .word 0x1, intx30 # (system call)
1160 .byte 0x2, 0xee # Int 0x31-0x32
1161 .word 0x1, intx31 # (V86, null)
1162 .byte 0x0 # End of string
1164 # Dump format string.
1166 dmpfmt: .byte '\n' # "\n"
1167 .ascii "int" # "int="
1168 .byte 0x80|DMP_X32, 0x40 # "00000000 "
1169 .ascii "err" # "err="
1170 .byte 0x80|DMP_X32, 0x44 # "00000000 "
1171 .ascii "efl" # "efl="
1172 .byte 0x80|DMP_X32, 0x50 # "00000000 "
1173 .ascii "eip" # "eip="
1174 .byte 0x80|DMP_X32|DMP_EOL,0x48 # "00000000\n"
1175 .ascii "eax" # "eax="
1176 .byte 0x80|DMP_X32, 0x34 # "00000000 "
1177 .ascii "ebx" # "ebx="
1178 .byte 0x80|DMP_X32, 0x28 # "00000000 "
1179 .ascii "ecx" # "ecx="
1180 .byte 0x80|DMP_X32, 0x30 # "00000000 "
1181 .ascii "edx" # "edx="
1182 .byte 0x80|DMP_X32|DMP_EOL,0x2c # "00000000\n"
1183 .ascii "esi" # "esi="
1184 .byte 0x80|DMP_X32, 0x1c # "00000000 "
1185 .ascii "edi" # "edi="
1186 .byte 0x80|DMP_X32, 0x18 # "00000000 "
1187 .ascii "ebp" # "ebp="
1188 .byte 0x80|DMP_X32, 0x20 # "00000000 "
1189 .ascii "esp" # "esp="
1190 .byte 0x80|DMP_X32|DMP_EOL,0x0 # "00000000\n"
1192 .byte 0x80|DMP_X16, 0x4c # "0000 "
1194 .byte 0x80|DMP_X16, 0xc # "0000 "
1196 .byte 0x80|DMP_X16, 0x8 # "0000 "
1199 .byte 0x80|DMP_X16, 0x10 # "0000 "
1201 .byte 0x80|DMP_X16, 0x14 # "0000 "
1203 .byte 0x80|DMP_X16|DMP_EOL,0x4 # "0000\n"
1204 .ascii "cs:eip" # "cs:eip="
1205 .byte 0x80|DMP_MEM|DMP_EOL,0x48 # "00 00 ... 00 00\n"
1206 .ascii "ss:esp" # "ss:esp="
1207 .byte 0x80|DMP_MEM|DMP_EOL,0x0 # "00 00 ... 00 00\n"
1208 .asciz "BTX halted" # End
1210 # End of BTX memory.