Executing an ELF executable How to load an executable ELF file for execution in ‘extended’ physical memory

What is ‘Extended Memory’? conventional memory conventional memory conventional memory 8086/8088 (20-bit addresses) extended memory extended memory 4GB (32-bit addresses) 16MB (24-bit addresses) 1MB

8086/8088 addresses 0x23450x9876 0x2CCC6 segment-addressoffset-address + x16 Logical Address Physical Address (20-bits) 0x x x2CCC6

Biggest 8086/8088 address 0xFFFF 0x0FFEF segment-addressoffset-address + x16 Logical Address Physical Address (20-bits) 0xFFFF0 + 0x0FFFF x10FFEF A20

Emulating 8086/8088 on Special circuitry provided to ‘disable’ the 21 st address-line (named A20) causes addresses to ‘wrap’ at the 1MB boundry Original IBM-AT used keyboard controller to perform enabling/disabling of A20-line Newer machines have faster ways to enable/disable A20-line (e.g., port 0x92)

port 0x92 FAST A20 FAST RESET reset the CPU (1=yes, 0=no) enable A20-line (1=yes, 0=no) # how you can turn on the A20 address-line in$0x92, %al or$0x02, %al out%al, $0x92 (These bits may implement some other system functions, depending on the vendor’s design (not standardized), so beware of modifying them in ‘portable’ system software

Effect of A20 address-line Extra 64KSame 64K A20 enabled A20 disabled Highest 20-bit address (= 0x0FFFFF) Highest real-mode address (= 0x10FFEF) “extended” memory is above 1MB “conventional” memory is below 1 MB same memory appears at two places memory differs at these places

Section-Header Table (optional) Executable versus Linkable ELF Header Section 2 Data Section 3 Data … Section n Data Segment 1 Data Segment 2 Data Segment 3 Data … Segment n Data Linkable FileExecutable File Section-Header Table Program-Header Table (optional) Program-Header Table ELF Header Section 1 Data

Linker ‘relocates’ addresses ELF Header Section-Header Table Section 1 Data Section 2 Data … Section n Data ELF Header Section-Header Table Section 1 Data Section 2 Data … Section n Data ELF Header Program-Header Table Segment 1 Data Segment 2 Data … Segment n Data Linkable File Executable File

The ‘built-in’ linker script Two main ideas that the linker implements: –It combines identically-named sections of the linkable ELF files into a single segment –It assigns runtime addresses to the resulting program data and program code which are non-conflicting and are suitably aligned It may optionally perform other manipulations, depending on directions in its linker script It uses a built-in linker script if you don’t specify otherwise; you can view it using the command- option:$ ld -verbose

In-Class Exercise We want to execute the ‘hello’ application in our own operating system environment Boot-disk preparation steps: $ as hello.s –o hello.o $ ld hello.o –o hello $ dd if=hello of=/dev/sda4 seek=13 We need modifications to our ‘try32bit.s’

The two program-segments When used without any linker script, our linker-utility (‘ld’) relocates the ‘.text’ and ‘.data’ program-segments for loading at the memory-addresses 0x and 0x , respectively So we will need to copy the contents of these two portions of our ELF executable image-file to those addresses in extended physical memory

New segment-descriptors We can setup segment-limits of size 4GB using Descriptor Privilege Level (DPL) =3 For our (32-bit) code-segment:.word 0xFFFF, 0x0000, 0xFA00, 0x00CF For our (32-bit) data-segment:.word 0xFFFF, 0x0000, 0xF200, 0x00CF For our (32-bit) stack-segment:.word 0xFFFF, 0x0000, 0xF200, 0x00CF

Loading the ‘.text’ and ‘.data’ ELF file-image fits within three disk sectors (#14-#16), so total size is at most 0x0600 So we can copy the entire ELF file-image from address 0x to 0x to initialize our ‘.text’ program-segment And we can copy the entire ELF file-image from address 0x to 0x to initialize our ‘.data’ program-segment

Copying ‘hello’ # copying.text section.code32 mov$sel_FS, %ax mov%ax, %ds mov%ax, %es mov$0x , %esi mov$0x , %edi cld mov$0x800, %ecx repmovsb # copying.data section.code32 mov$sel_FS, %ax mov%ax, %ds mov%ax, %es mov$0x , %esi mov$0x , %edi cld mov$0x800, %ecx repmovsb The ‘hello’ executable ELF file easily fits within 4 hard-disk sectors (= 0x800 bytes)

Initial values for ESP and EIP The program’s entry-point is 0x (as obtained from the file’s ELF Header) The decision about an initial value for ESP is largely up to us, taking into account the amount of physical memory installed and the regions of memory already being used for other system purposes

Where’s our ring3 stack?.data.text 0x x OS630 0x IVT and BDA 0x ESP ring3 stack EIP

In-Class Exercise Make a copy of our ‘try32bit.s’ demo (from our CS630 course website), and modify it so it will execute the ‘hello’ ELF file-image You’ll need to setup registers TR, DS, and ES Then a code-fragment that will transfer control to ‘hello’ could look like this -- assuming it occurs in a 32-bit code segment: pushl $userSS ; image for SS pushl $0x ; image for ESP pushl $userCS ; image for CS pushl $0x ; image for EIP lret; execute ‘hello’