1/* SPDX-License-Identifier: GPL-2.0 */ 2/* 3 * header.S 4 * 5 * Copyright (C) 1991, 1992 Linus Torvalds 6 * 7 * Based on bootsect.S and setup.S 8 * modified by more people than can be counted 9 * 10 * Rewritten as a common file by H. Peter Anvin (Apr 2007) 11 * 12 * BIG FAT NOTE: We're in real mode using 64k segments. Therefore segment 13 * addresses must be multiplied by 16 to obtain their respective linear 14 * addresses. To avoid confusion, linear addresses are written using leading 15 * hex while segment addresses are written as segment:offset. 16 * 17 */ 18#include <linux/pe.h> 19#include <asm/segment.h> 20#include <asm/boot.h> 21#include <asm/page_types.h> 22#include <asm/setup.h> 23#include <asm/bootparam.h> 24#include "boot.h" 25#include "voffset.h" 26#include "zoffset.h" 27 28BOOTSEG = 0x07C0 /* original address of boot-sector */ 29SYSSEG = 0x1000 /* historical load address >> 4 */ 30 31#ifndef SVGA_MODE 32#define SVGA_MODE ASK_VGA 33#endif 34 35#ifndef ROOT_RDONLY 36#define ROOT_RDONLY 1 37#endif 38 39 .code16 40 .section ".bstext", "ax" 41#ifdef CONFIG_EFI_STUB 42 # "MZ", MS-DOS header 43 .word MZ_MAGIC 44 .org 0x38 45 # 46 # Offset to the PE header. 47 # 48 .long LINUX_PE_MAGIC 49 .long pe_header 50pe_header: 51 .long PE_MAGIC 52 53coff_header: 54#ifdef CONFIG_X86_32 55 .set image_file_add_flags, IMAGE_FILE_32BIT_MACHINE 56 .set pe_opt_magic, PE_OPT_MAGIC_PE32 57 .word IMAGE_FILE_MACHINE_I386 58#else 59 .set image_file_add_flags, 0 60 .set pe_opt_magic, PE_OPT_MAGIC_PE32PLUS 61 .word IMAGE_FILE_MACHINE_AMD64 62#endif 63 .word section_count # nr_sections 64 .long 0 # TimeDateStamp 65 .long 0 # PointerToSymbolTable 66 .long 1 # NumberOfSymbols 67 .word section_table - optional_header # SizeOfOptionalHeader 68 .word IMAGE_FILE_EXECUTABLE_IMAGE | \ 69 image_file_add_flags | \ 70 IMAGE_FILE_DEBUG_STRIPPED | \ 71 IMAGE_FILE_LINE_NUMS_STRIPPED # Characteristics 72 73optional_header: 74 .word pe_opt_magic 75 .byte 0x02 # MajorLinkerVersion 76 .byte 0x14 # MinorLinkerVersion 77 78 .long setup_size + ZO__end - 0x200 # SizeOfCode 79 80 .long 0 # SizeOfInitializedData 81 .long 0 # SizeOfUninitializedData 82 83 .long setup_size + ZO_efi_pe_entry # AddressOfEntryPoint 84 85 .long 0x0200 # BaseOfCode 86#ifdef CONFIG_X86_32 87 .long 0 # data 88#endif 89 90extra_header_fields: 91#ifdef CONFIG_X86_32 92 .long 0 # ImageBase 93#else 94 .quad 0 # ImageBase 95#endif 96 .long 0x20 # SectionAlignment 97 .long 0x20 # FileAlignment 98 .word 0 # MajorOperatingSystemVersion 99 .word 0 # MinorOperatingSystemVersion 100 .word LINUX_EFISTUB_MAJOR_VERSION # MajorImageVersion 101 .word LINUX_EFISTUB_MINOR_VERSION # MinorImageVersion 102 .word 0 # MajorSubsystemVersion 103 .word 0 # MinorSubsystemVersion 104 .long 0 # Win32VersionValue 105 106 .long setup_size + ZO__end # SizeOfImage 107 108 .long 0x200 # SizeOfHeaders 109 .long 0 # CheckSum 110 .word IMAGE_SUBSYSTEM_EFI_APPLICATION # Subsystem (EFI application) 111#ifdef CONFIG_EFI_DXE_MEM_ATTRIBUTES 112 .word IMAGE_DLL_CHARACTERISTICS_NX_COMPAT # DllCharacteristics 113#else 114 .word 0 # DllCharacteristics 115#endif 116#ifdef CONFIG_X86_32 117 .long 0 # SizeOfStackReserve 118 .long 0 # SizeOfStackCommit 119 .long 0 # SizeOfHeapReserve 120 .long 0 # SizeOfHeapCommit 121#else 122 .quad 0 # SizeOfStackReserve 123 .quad 0 # SizeOfStackCommit 124 .quad 0 # SizeOfHeapReserve 125 .quad 0 # SizeOfHeapCommit 126#endif 127 .long 0 # LoaderFlags 128 .long (section_table - .) / 8 # NumberOfRvaAndSizes 129 130 .quad 0 # ExportTable 131 .quad 0 # ImportTable 132 .quad 0 # ResourceTable 133 .quad 0 # ExceptionTable 134 .quad 0 # CertificationTable 135 .quad 0 # BaseRelocationTable 136 137 # Section table 138section_table: 139 # 140 # The offset & size fields are filled in by build.c. 141 # 142 .ascii ".setup" 143 .byte 0 144 .byte 0 145 .long 0 146 .long 0x0 # startup_{32,64} 147 .long 0 # Size of initialized data 148 # on disk 149 .long 0x0 # startup_{32,64} 150 .long 0 # PointerToRelocations 151 .long 0 # PointerToLineNumbers 152 .word 0 # NumberOfRelocations 153 .word 0 # NumberOfLineNumbers 154 .long IMAGE_SCN_CNT_CODE | \ 155 IMAGE_SCN_MEM_READ | \ 156 IMAGE_SCN_MEM_EXECUTE # Characteristics 157 158 # 159 # The EFI application loader requires a relocation section 160 # because EFI applications must be relocatable. The .reloc 161 # offset & size fields are filled in by build.c. 162 # 163 .ascii ".reloc" 164 .byte 0 165 .byte 0 166 .long 0 167 .long 0 168 .long 0 # SizeOfRawData 169 .long 0 # PointerToRawData 170 .long 0 # PointerToRelocations 171 .long 0 # PointerToLineNumbers 172 .word 0 # NumberOfRelocations 173 .word 0 # NumberOfLineNumbers 174 .long IMAGE_SCN_CNT_INITIALIZED_DATA | \ 175 IMAGE_SCN_MEM_READ | \ 176 IMAGE_SCN_MEM_DISCARDABLE # Characteristics 177 178#ifdef CONFIG_EFI_MIXED 179 # 180 # The offset & size fields are filled in by build.c. 181 # 182 .asciz ".compat" 183 .long 0 184 .long 0x0 185 .long 0 # Size of initialized data 186 # on disk 187 .long 0x0 188 .long 0 # PointerToRelocations 189 .long 0 # PointerToLineNumbers 190 .word 0 # NumberOfRelocations 191 .word 0 # NumberOfLineNumbers 192 .long IMAGE_SCN_CNT_INITIALIZED_DATA | \ 193 IMAGE_SCN_MEM_READ | \ 194 IMAGE_SCN_MEM_DISCARDABLE # Characteristics 195#endif 196 197 .ascii ".text" 198 .byte 0 199 .byte 0 200 .byte 0 201 .long ZO__end 202 .long setup_size 203 .long ZO__edata # Size of initialized data 204 # on disk 205 .long setup_size 206 .long 0 # PointerToRelocations 207 .long 0 # PointerToLineNumbers 208 .word 0 # NumberOfRelocations 209 .word 0 # NumberOfLineNumbers 210 .long IMAGE_SCN_CNT_CODE | \ 211 IMAGE_SCN_MEM_READ | \ 212 IMAGE_SCN_MEM_EXECUTE # Characteristics 213 214 .set section_count, (. - section_table) / 40 215#endif /* CONFIG_EFI_STUB */ 216 217 # Kernel attributes; used by setup. This is part 1 of the 218 # header, from the old boot sector. 219 220 .section ".header", "a" 221 .globl sentinel 222sentinel: .byte 0xff, 0xff /* Used to detect broken loaders */ 223 224 .globl hdr 225hdr: 226 .byte setup_sects - 1 227root_flags: .word ROOT_RDONLY 228syssize: .long ZO__edata / 16 229ram_size: .word 0 /* Obsolete */ 230vid_mode: .word SVGA_MODE 231root_dev: .word 0 /* Default to major/minor 0/0 */ 232boot_flag: .word 0xAA55 233 234 # offset 512, entry point 235 236 .globl _start 237_start: 238 # Explicitly enter this as bytes, or the assembler 239 # tries to generate a 3-byte jump here, which causes 240 # everything else to push off to the wrong offset. 241 .byte 0xeb # short (2-byte) jump 242 .byte start_of_setup-1f 2431: 244 245 # Part 2 of the header, from the old setup.S 246 247 .ascii "HdrS" # header signature 248 .word 0x020f # header version number (>= 0x0105) 249 # or else old loadlin-1.5 will fail) 250 .globl realmode_swtch 251realmode_swtch: .word 0, 0 # default_switch, SETUPSEG 252start_sys_seg: .word SYSSEG # obsolete and meaningless, but just 253 # in case something decided to "use" it 254 .word kernel_version-512 # pointing to kernel version string 255 # above section of header is compatible 256 # with loadlin-1.5 (header v1.5). Don't 257 # change it. 258 259type_of_loader: .byte 0 # 0 means ancient bootloader, newer 260 # bootloaders know to change this. 261 # See Documentation/arch/x86/boot.rst for 262 # assigned ids 263 264# flags, unused bits must be zero (RFU) bit within loadflags 265loadflags: 266 .byte LOADED_HIGH # The kernel is to be loaded high 267 268setup_move_size: .word 0x8000 # size to move, when setup is not 269 # loaded at 0x90000. We will move setup 270 # to 0x90000 then just before jumping 271 # into the kernel. However, only the 272 # loader knows how much data behind 273 # us also needs to be loaded. 274 275code32_start: # here loaders can put a different 276 # start address for 32-bit code. 277 .long 0x100000 # 0x100000 = default for big kernel 278 279ramdisk_image: .long 0 # address of loaded ramdisk image 280 # Here the loader puts the 32-bit 281 # address where it loaded the image. 282 # This only will be read by the kernel. 283 284ramdisk_size: .long 0 # its size in bytes 285 286bootsect_kludge: 287 .long 0 # obsolete 288 289heap_end_ptr: .word _end+STACK_SIZE-512 290 # (Header version 0x0201 or later) 291 # space from here (exclusive) down to 292 # end of setup code can be used by setup 293 # for local heap purposes. 294 295ext_loader_ver: 296 .byte 0 # Extended boot loader version 297ext_loader_type: 298 .byte 0 # Extended boot loader type 299 300cmd_line_ptr: .long 0 # (Header version 0x0202 or later) 301 # If nonzero, a 32-bit pointer 302 # to the kernel command line. 303 # The command line should be 304 # located between the start of 305 # setup and the end of low 306 # memory (0xa0000), or it may 307 # get overwritten before it 308 # gets read. If this field is 309 # used, there is no longer 310 # anything magical about the 311 # 0x90000 segment; the setup 312 # can be located anywhere in 313 # low memory 0x10000 or higher. 314 315initrd_addr_max: .long 0x7fffffff 316 # (Header version 0x0203 or later) 317 # The highest safe address for 318 # the contents of an initrd 319 # The current kernel allows up to 4 GB, 320 # but leave it at 2 GB to avoid 321 # possible bootloader bugs. 322 323kernel_alignment: .long CONFIG_PHYSICAL_ALIGN #physical addr alignment 324 #required for protected mode 325 #kernel 326#ifdef CONFIG_RELOCATABLE 327relocatable_kernel: .byte 1 328#else 329relocatable_kernel: .byte 0 330#endif 331min_alignment: .byte MIN_KERNEL_ALIGN_LG2 # minimum alignment 332 333xloadflags: 334#ifdef CONFIG_X86_64 335# define XLF0 XLF_KERNEL_64 /* 64-bit kernel */ 336#else 337# define XLF0 0 338#endif 339 340#if defined(CONFIG_RELOCATABLE) && defined(CONFIG_X86_64) 341 /* kernel/boot_param/ramdisk could be loaded above 4g */ 342# define XLF1 XLF_CAN_BE_LOADED_ABOVE_4G 343#else 344# define XLF1 0 345#endif 346 347#ifdef CONFIG_EFI_HANDOVER_PROTOCOL 348# ifdef CONFIG_EFI_MIXED 349# define XLF23 (XLF_EFI_HANDOVER_32|XLF_EFI_HANDOVER_64) 350# else 351# ifdef CONFIG_X86_64 352# define XLF23 XLF_EFI_HANDOVER_64 /* 64-bit EFI handover ok */ 353# else 354# define XLF23 XLF_EFI_HANDOVER_32 /* 32-bit EFI handover ok */ 355# endif 356# endif 357#else 358# define XLF23 0 359#endif 360 361#if defined(CONFIG_X86_64) && defined(CONFIG_EFI) && defined(CONFIG_KEXEC_CORE) 362# define XLF4 XLF_EFI_KEXEC 363#else 364# define XLF4 0 365#endif 366 367#ifdef CONFIG_X86_64 368#ifdef CONFIG_X86_5LEVEL 369#define XLF56 (XLF_5LEVEL|XLF_5LEVEL_ENABLED) 370#else 371#define XLF56 XLF_5LEVEL 372#endif 373#else 374#define XLF56 0 375#endif 376 377 .word XLF0 | XLF1 | XLF23 | XLF4 | XLF56 378 379cmdline_size: .long COMMAND_LINE_SIZE-1 #length of the command line, 380 #added with boot protocol 381 #version 2.06 382 383hardware_subarch: .long 0 # subarchitecture, added with 2.07 384 # default to 0 for normal x86 PC 385 386hardware_subarch_data: .quad 0 387 388payload_offset: .long ZO_input_data 389payload_length: .long ZO_z_input_len 390 391setup_data: .quad 0 # 64-bit physical pointer to 392 # single linked list of 393 # struct setup_data 394 395pref_address: .quad LOAD_PHYSICAL_ADDR # preferred load addr 396 397# 398# Getting to provably safe in-place decompression is hard. Worst case 399# behaviours need to be analyzed. Here let's take the decompression of 400# a gzip-compressed kernel as example, to illustrate it: 401# 402# The file layout of gzip compressed kernel is: 403# 404# magic[2] 405# method[1] 406# flags[1] 407# timestamp[4] 408# extraflags[1] 409# os[1] 410# compressed data blocks[N] 411# crc[4] orig_len[4] 412# 413# ... resulting in +18 bytes overhead of uncompressed data. 414# 415# (For more information, please refer to RFC 1951 and RFC 1952.) 416# 417# Files divided into blocks 418# 1 bit (last block flag) 419# 2 bits (block type) 420# 421# 1 block occurs every 32K -1 bytes or when there 50% compression 422# has been achieved. The smallest block type encoding is always used. 423# 424# stored: 425# 32 bits length in bytes. 426# 427# fixed: 428# magic fixed tree. 429# symbols. 430# 431# dynamic: 432# dynamic tree encoding. 433# symbols. 434# 435# 436# The buffer for decompression in place is the length of the uncompressed 437# data, plus a small amount extra to keep the algorithm safe. The 438# compressed data is placed at the end of the buffer. The output pointer 439# is placed at the start of the buffer and the input pointer is placed 440# where the compressed data starts. Problems will occur when the output 441# pointer overruns the input pointer. 442# 443# The output pointer can only overrun the input pointer if the input 444# pointer is moving faster than the output pointer. A condition only 445# triggered by data whose compressed form is larger than the uncompressed 446# form. 447# 448# The worst case at the block level is a growth of the compressed data 449# of 5 bytes per 32767 bytes. 450# 451# The worst case internal to a compressed block is very hard to figure. 452# The worst case can at least be bounded by having one bit that represents 453# 32764 bytes and then all of the rest of the bytes representing the very 454# very last byte. 455# 456# All of which is enough to compute an amount of extra data that is required 457# to be safe. To avoid problems at the block level allocating 5 extra bytes 458# per 32767 bytes of data is sufficient. To avoid problems internal to a 459# block adding an extra 32767 bytes (the worst case uncompressed block size) 460# is sufficient, to ensure that in the worst case the decompressed data for 461# block will stop the byte before the compressed data for a block begins. 462# To avoid problems with the compressed data's meta information an extra 18 463# bytes are needed. Leading to the formula: 464# 465# extra_bytes = (uncompressed_size >> 12) + 32768 + 18 466# 467# Adding 8 bytes per 32K is a bit excessive but much easier to calculate. 468# Adding 32768 instead of 32767 just makes for round numbers. 469# 470# Above analysis is for decompressing gzip compressed kernel only. Up to 471# now 6 different decompressor are supported all together. And among them 472# xz stores data in chunks and has maximum chunk of 64K. Hence safety 473# margin should be updated to cover all decompressors so that we don't 474# need to deal with each of them separately. Please check 475# the description in lib/decompressor_xxx.c for specific information. 476# 477# extra_bytes = (uncompressed_size >> 12) + 65536 + 128 478# 479# LZ4 is even worse: data that cannot be further compressed grows by 0.4%, 480# or one byte per 256 bytes. OTOH, we can safely get rid of the +128 as 481# the size-dependent part now grows so fast. 482# 483# extra_bytes = (uncompressed_size >> 8) + 65536 484# 485# ZSTD compressed data grows by at most 3 bytes per 128K, and only has a 22 486# byte fixed overhead but has a maximum block size of 128K, so it needs a 487# larger margin. 488# 489# extra_bytes = (uncompressed_size >> 8) + 131072 490 491#define ZO_z_extra_bytes ((ZO_z_output_len >> 8) + 131072) 492#if ZO_z_output_len > ZO_z_input_len 493# define ZO_z_extract_offset (ZO_z_output_len + ZO_z_extra_bytes - \ 494 ZO_z_input_len) 495#else 496# define ZO_z_extract_offset ZO_z_extra_bytes 497#endif 498 499/* 500 * The extract_offset has to be bigger than ZO head section. Otherwise when 501 * the head code is running to move ZO to the end of the buffer, it will 502 * overwrite the head code itself. 503 */ 504#if (ZO__ehead - ZO_startup_32) > ZO_z_extract_offset 505# define ZO_z_min_extract_offset ((ZO__ehead - ZO_startup_32 + 4095) & ~4095) 506#else 507# define ZO_z_min_extract_offset ((ZO_z_extract_offset + 4095) & ~4095) 508#endif 509 510#define ZO_INIT_SIZE (ZO__end - ZO_startup_32 + ZO_z_min_extract_offset) 511 512#define VO_INIT_SIZE (VO__end - VO__text) 513#if ZO_INIT_SIZE > VO_INIT_SIZE 514# define INIT_SIZE ZO_INIT_SIZE 515#else 516# define INIT_SIZE VO_INIT_SIZE 517#endif 518 519 .macro __handover_offset 520#ifndef CONFIG_EFI_HANDOVER_PROTOCOL 521 .long 0 522#elif !defined(CONFIG_X86_64) 523 .long ZO_efi32_stub_entry 524#else 525 /* Yes, this is really how we defined it :( */ 526 .long ZO_efi64_stub_entry - 0x200 527#ifdef CONFIG_EFI_MIXED 528 .if ZO_efi32_stub_entry != ZO_efi64_stub_entry - 0x200 529 .error "32-bit and 64-bit EFI entry points do not match" 530 .endif 531#endif 532#endif 533 .endm 534 535init_size: .long INIT_SIZE # kernel initialization size 536handover_offset: __handover_offset 537kernel_info_offset: .long ZO_kernel_info 538 539# End of setup header ##################################################### 540 541 .section ".entrytext", "ax" 542start_of_setup: 543# Force %es = %ds 544 movw %ds, %ax 545 movw %ax, %es 546 cld 547 548# Apparently some ancient versions of LILO invoked the kernel with %ss != %ds, 549# which happened to work by accident for the old code. Recalculate the stack 550# pointer if %ss is invalid. Otherwise leave it alone, LOADLIN sets up the 551# stack behind its own code, so we can't blindly put it directly past the heap. 552 553 movw %ss, %dx 554 cmpw %ax, %dx # %ds == %ss? 555 movw %sp, %dx 556 je 2f # -> assume %sp is reasonably set 557 558 # Invalid %ss, make up a new stack 559 movw $_end, %dx 560 testb $CAN_USE_HEAP, loadflags 561 jz 1f 562 movw heap_end_ptr, %dx 5631: addw $STACK_SIZE, %dx 564 jnc 2f 565 xorw %dx, %dx # Prevent wraparound 566 5672: # Now %dx should point to the end of our stack space 568 andw $~3, %dx # dword align (might as well...) 569 jnz 3f 570 movw $0xfffc, %dx # Make sure we're not zero 5713: movw %ax, %ss 572 movzwl %dx, %esp # Clear upper half of %esp 573 sti # Now we should have a working stack 574 575# We will have entered with %cs = %ds+0x20, normalize %cs so 576# it is on par with the other segments. 577 pushw %ds 578 pushw $6f 579 lretw 5806: 581 582# Check signature at end of setup 583 cmpl $0x5a5aaa55, setup_sig 584 jne setup_bad 585 586# Zero the bss 587 movw $__bss_start, %di 588 movw $_end+3, %cx 589 xorl %eax, %eax 590 subw %di, %cx 591 shrw $2, %cx 592 rep; stosl 593 594# Jump to C code (should not return) 595 calll main 596 597# Setup corrupt somehow... 598setup_bad: 599 movl $setup_corrupt, %eax 600 calll puts 601 # Fall through... 602 603 .globl die 604 .type die, @function 605die: 606 hlt 607 jmp die 608 609 .size die, .-die 610 611 .section ".initdata", "a" 612setup_corrupt: 613 .byte 7 614 .string "No setup signature found...\n" 615