4

The Intel Developer Manual suggests that after switching to protected mode, we immediately perform the JMP or CALL instruction immediately after the MOV CR0 instruction changes the flow of execution and serializes the processor. The purpose is for invalidating the prefetch queue, as suggested by the code example in chapter 9, section 9.10.2, START.ASM Listing, line 174-186:

174 ; enter protected mode
175 MOV EBX,CR0
176 OR EBX,PE_BIT
177 MOV CR0,EBX
178
179 ; clear prefetch queue
180 JMP CLEAR_LABEL
181 CLEAR_LABEL:
182
183 ; make DS and ES address 4G of linear memory
184 MOV CX,LINEAR_SEL
185 MOV DS,CX
186 MOV ES,CX

Why should we need to perform such operation? Isn't the code remain the same in the queue, since a short jump like that does not change any flag or segment at all, except for invalidating the current data in the prefetch queue to reload the same thing again?

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
Amumu
  • 17,924
  • 31
  • 84
  • 131
  • 1
    Note that it should be a far jump, and its main purpose is to load `CS`. Strange that the manual uses a near jump. Table 9-4 even says so: `Jump near to clear real mode instruction queue` – Jester Oct 10 '16 at 18:21
  • Yes far jump is performed later woth iret. However, it is suggested to use near jump first immediately after switching to protected mode. – Amumu Oct 10 '16 at 18:27
  • I guess it's for reloading protected mode code in prefetch queue then. But, i don't understsnd why we need to reload the same code. – Amumu Oct 10 '16 at 18:28
  • 1
    Instructions in the prefetch queue may also be predecoded so the jump may change the interpretation of the instructions. But you can do it like Jester says at the same time as loading CS with a far jump which is normally what you want to immediately entering protected mode so you can switch to a 32-bit code segment. – Ross Ridge Oct 10 '16 at 18:30
  • It's not just to clear prefetch but also to properly set up the selector into the code. – David Hoelzer Oct 10 '16 at 18:48
  • That's the far jump to be performed later in the exampke code to switch to the new rask. I guess this near jump here is only for clearing instruction queue then? – Amumu Oct 10 '16 at 18:51
  • 1
    No, this is a different far jump, one that's done immediately after entering protected mode instead of the near jump to change the value in CS from its old real mode value to a 32-bit ring 0 code selector. The example given in the Intel manual doesn't reflect normal practice. Its an example of code that would be used in a boot ROM soon after a processor reset, not in OS initialization code. It assumes that CS is loaded with base of 0FFFF0000h, the value it has after reset and one that is impossible to load into CS in real mode. – Ross Ridge Oct 10 '16 at 23:52
  • @RossRidge : wouldn't the loadall instruction allow you to do that from real mode? Must admit I never tried it myself. – Michael Petch Oct 11 '16 at 05:06
  • 3
    @MichaelPetch Yah, on a actual 80286 or 80386 you could use the LOADALL instruction to load the CS base with 0FFFF0000h. No other CPUs support it, though I think at least some BIOSes emulated these instructions by using protected mode or system management mode to load the selector caches. – Ross Ridge Oct 11 '16 at 05:58

1 Answers1

2

So, I found the purpose: According to the table 9-5 that describes the main initialization steps in STARTUP.ASM:

Jump near to clear real mode instruction queue

Effectively, only for reloading the instruction queue, so earlier reala mode instructions are replaced with protected mode instructions.

Amumu
  • 17,924
  • 31
  • 84
  • 131