1/* SPDX-License-Identifier: GPL-2.0 */ 2/* 3 * header.S 4 * 5 * Copyright (C) 1991, 1992 Linus Torvalds 6 * 7 * Based on bootsect.S and setup.S 8 * modified by more people than can be counted 9 * 10 * Rewritten as a common file by H. Peter Anvin (Apr 2007) 11 * 12 * BIG FAT NOTE: We're in real mode using 64k segments. Therefore segment 13 * addresses must be multiplied by 16 to obtain their respective linear 14 * addresses. To avoid confusion, linear addresses are written using leading 15 * hex while segment addresses are written as segment:offset. 16 * 17 */ 18#include <linux/pe.h> 19#include <asm/segment.h> 20#include <asm/boot.h> 21#include <asm/page_types.h> 22#include <asm/setup.h> 23#include <asm/bootparam.h> 24#include "boot.h" 25#include "voffset.h" 26#include "zoffset.h" 27 28BOOTSEG = 0x07C0 /* original address of boot-sector */ 29SYSSEG = 0x1000 /* historical load address >> 4 */ 30 31#ifndef SVGA_MODE 32#define SVGA_MODE ASK_VGA 33#endif 34 35#ifndef ROOT_RDONLY 36#define ROOT_RDONLY 1 37#endif 38 39 .code16 40 .section ".bstext", "ax" 41#ifdef CONFIG_EFI_STUB 42 # "MZ", MS-DOS header 43 .word MZ_MAGIC 44 .org 0x38 45 # 46 # Offset to the PE header. 47 # 48 .long LINUX_PE_MAGIC 49 .long pe_header 50pe_header: 51 .long PE_MAGIC 52 53coff_header: 54#ifdef CONFIG_X86_32 55 .set image_file_add_flags, IMAGE_FILE_32BIT_MACHINE 56 .set pe_opt_magic, PE_OPT_MAGIC_PE32 57 .word IMAGE_FILE_MACHINE_I386 58#else 59 .set image_file_add_flags, 0 60 .set pe_opt_magic, PE_OPT_MAGIC_PE32PLUS 61 .word IMAGE_FILE_MACHINE_AMD64 62#endif 63 .word section_count # nr_sections 64 .long 0 # TimeDateStamp 65 .long 0 # PointerToSymbolTable 66 .long 1 # NumberOfSymbols 67 .word section_table - optional_header # SizeOfOptionalHeader 68 .word IMAGE_FILE_EXECUTABLE_IMAGE | \ 69 image_file_add_flags | \ 70 IMAGE_FILE_DEBUG_STRIPPED | \ 71 IMAGE_FILE_LINE_NUMS_STRIPPED # Characteristics 72 73optional_header: 74 .word pe_opt_magic 75 .byte 0x02 # MajorLinkerVersion 76 .byte 0x14 # MinorLinkerVersion 77 78 # Filled in by build.c 79 .long 0 # SizeOfCode 80 81 .long 0 # SizeOfInitializedData 82 .long 0 # SizeOfUninitializedData 83 84 # Filled in by build.c 85 .long 0x0000 # AddressOfEntryPoint 86 87 .long 0x0200 # BaseOfCode 88#ifdef CONFIG_X86_32 89 .long 0 # data 90#endif 91 92extra_header_fields: 93#ifdef CONFIG_X86_32 94 .long 0 # ImageBase 95#else 96 .quad 0 # ImageBase 97#endif 98 .long 0x20 # SectionAlignment 99 .long 0x20 # FileAlignment 100 .word 0 # MajorOperatingSystemVersion 101 .word 0 # MinorOperatingSystemVersion 102 .word LINUX_EFISTUB_MAJOR_VERSION # MajorImageVersion 103 .word LINUX_EFISTUB_MINOR_VERSION # MinorImageVersion 104 .word 0 # MajorSubsystemVersion 105 .word 0 # MinorSubsystemVersion 106 .long 0 # Win32VersionValue 107 108 # 109 # The size of the bzImage is written in tools/build.c 110 # 111 .long 0 # SizeOfImage 112 113 .long 0x200 # SizeOfHeaders 114 .long 0 # CheckSum 115 .word IMAGE_SUBSYSTEM_EFI_APPLICATION # Subsystem (EFI application) 116#ifdef CONFIG_EFI_DXE_MEM_ATTRIBUTES 117 .word IMAGE_DLL_CHARACTERISTICS_NX_COMPAT # DllCharacteristics 118#else 119 .word 0 # DllCharacteristics 120#endif 121#ifdef CONFIG_X86_32 122 .long 0 # SizeOfStackReserve 123 .long 0 # SizeOfStackCommit 124 .long 0 # SizeOfHeapReserve 125 .long 0 # SizeOfHeapCommit 126#else 127 .quad 0 # SizeOfStackReserve 128 .quad 0 # SizeOfStackCommit 129 .quad 0 # SizeOfHeapReserve 130 .quad 0 # SizeOfHeapCommit 131#endif 132 .long 0 # LoaderFlags 133 .long (section_table - .) / 8 # NumberOfRvaAndSizes 134 135 .quad 0 # ExportTable 136 .quad 0 # ImportTable 137 .quad 0 # ResourceTable 138 .quad 0 # ExceptionTable 139 .quad 0 # CertificationTable 140 .quad 0 # BaseRelocationTable 141 142 # Section table 143section_table: 144 # 145 # The offset & size fields are filled in by build.c. 146 # 147 .ascii ".setup" 148 .byte 0 149 .byte 0 150 .long 0 151 .long 0x0 # startup_{32,64} 152 .long 0 # Size of initialized data 153 # on disk 154 .long 0x0 # startup_{32,64} 155 .long 0 # PointerToRelocations 156 .long 0 # PointerToLineNumbers 157 .word 0 # NumberOfRelocations 158 .word 0 # NumberOfLineNumbers 159 .long IMAGE_SCN_CNT_CODE | \ 160 IMAGE_SCN_MEM_READ | \ 161 IMAGE_SCN_MEM_EXECUTE # Characteristics 162 163 # 164 # The EFI application loader requires a relocation section 165 # because EFI applications must be relocatable. The .reloc 166 # offset & size fields are filled in by build.c. 167 # 168 .ascii ".reloc" 169 .byte 0 170 .byte 0 171 .long 0 172 .long 0 173 .long 0 # SizeOfRawData 174 .long 0 # PointerToRawData 175 .long 0 # PointerToRelocations 176 .long 0 # PointerToLineNumbers 177 .word 0 # NumberOfRelocations 178 .word 0 # NumberOfLineNumbers 179 .long IMAGE_SCN_CNT_INITIALIZED_DATA | \ 180 IMAGE_SCN_MEM_READ | \ 181 IMAGE_SCN_MEM_DISCARDABLE # Characteristics 182 183#ifdef CONFIG_EFI_MIXED 184 # 185 # The offset & size fields are filled in by build.c. 186 # 187 .asciz ".compat" 188 .long 0 189 .long 0x0 190 .long 0 # Size of initialized data 191 # on disk 192 .long 0x0 193 .long 0 # PointerToRelocations 194 .long 0 # PointerToLineNumbers 195 .word 0 # NumberOfRelocations 196 .word 0 # NumberOfLineNumbers 197 .long IMAGE_SCN_CNT_INITIALIZED_DATA | \ 198 IMAGE_SCN_MEM_READ | \ 199 IMAGE_SCN_MEM_DISCARDABLE # Characteristics 200#endif 201 202 # 203 # The offset & size fields are filled in by build.c. 204 # 205 .ascii ".text" 206 .byte 0 207 .byte 0 208 .byte 0 209 .long 0 210 .long 0x0 # startup_{32,64} 211 .long 0 # Size of initialized data 212 # on disk 213 .long 0x0 # startup_{32,64} 214 .long 0 # PointerToRelocations 215 .long 0 # PointerToLineNumbers 216 .word 0 # NumberOfRelocations 217 .word 0 # NumberOfLineNumbers 218 .long IMAGE_SCN_CNT_CODE | \ 219 IMAGE_SCN_MEM_READ | \ 220 IMAGE_SCN_MEM_EXECUTE # Characteristics 221 222 .set section_count, (. - section_table) / 40 223#endif /* CONFIG_EFI_STUB */ 224 225 # Kernel attributes; used by setup. This is part 1 of the 226 # header, from the old boot sector. 227 228 .section ".header", "a" 229 .globl sentinel 230sentinel: .byte 0xff, 0xff /* Used to detect broken loaders */ 231 232 .globl hdr 233hdr: 234setup_sects: .byte 0 /* Filled in by build.c */ 235root_flags: .word ROOT_RDONLY 236syssize: .long 0 /* Filled in by build.c */ 237ram_size: .word 0 /* Obsolete */ 238vid_mode: .word SVGA_MODE 239root_dev: .word 0 /* Filled in by build.c */ 240boot_flag: .word 0xAA55 241 242 # offset 512, entry point 243 244 .globl _start 245_start: 246 # Explicitly enter this as bytes, or the assembler 247 # tries to generate a 3-byte jump here, which causes 248 # everything else to push off to the wrong offset. 249 .byte 0xeb # short (2-byte) jump 250 .byte start_of_setup-1f 2511: 252 253 # Part 2 of the header, from the old setup.S 254 255 .ascii "HdrS" # header signature 256 .word 0x020f # header version number (>= 0x0105) 257 # or else old loadlin-1.5 will fail) 258 .globl realmode_swtch 259realmode_swtch: .word 0, 0 # default_switch, SETUPSEG 260start_sys_seg: .word SYSSEG # obsolete and meaningless, but just 261 # in case something decided to "use" it 262 .word kernel_version-512 # pointing to kernel version string 263 # above section of header is compatible 264 # with loadlin-1.5 (header v1.5). Don't 265 # change it. 266 267type_of_loader: .byte 0 # 0 means ancient bootloader, newer 268 # bootloaders know to change this. 269 # See Documentation/arch/x86/boot.rst for 270 # assigned ids 271 272# flags, unused bits must be zero (RFU) bit within loadflags 273loadflags: 274 .byte LOADED_HIGH # The kernel is to be loaded high 275 276setup_move_size: .word 0x8000 # size to move, when setup is not 277 # loaded at 0x90000. We will move setup 278 # to 0x90000 then just before jumping 279 # into the kernel. However, only the 280 # loader knows how much data behind 281 # us also needs to be loaded. 282 283code32_start: # here loaders can put a different 284 # start address for 32-bit code. 285 .long 0x100000 # 0x100000 = default for big kernel 286 287ramdisk_image: .long 0 # address of loaded ramdisk image 288 # Here the loader puts the 32-bit 289 # address where it loaded the image. 290 # This only will be read by the kernel. 291 292ramdisk_size: .long 0 # its size in bytes 293 294bootsect_kludge: 295 .long 0 # obsolete 296 297heap_end_ptr: .word _end+STACK_SIZE-512 298 # (Header version 0x0201 or later) 299 # space from here (exclusive) down to 300 # end of setup code can be used by setup 301 # for local heap purposes. 302 303ext_loader_ver: 304 .byte 0 # Extended boot loader version 305ext_loader_type: 306 .byte 0 # Extended boot loader type 307 308cmd_line_ptr: .long 0 # (Header version 0x0202 or later) 309 # If nonzero, a 32-bit pointer 310 # to the kernel command line. 311 # The command line should be 312 # located between the start of 313 # setup and the end of low 314 # memory (0xa0000), or it may 315 # get overwritten before it 316 # gets read. If this field is 317 # used, there is no longer 318 # anything magical about the 319 # 0x90000 segment; the setup 320 # can be located anywhere in 321 # low memory 0x10000 or higher. 322 323initrd_addr_max: .long 0x7fffffff 324 # (Header version 0x0203 or later) 325 # The highest safe address for 326 # the contents of an initrd 327 # The current kernel allows up to 4 GB, 328 # but leave it at 2 GB to avoid 329 # possible bootloader bugs. 330 331kernel_alignment: .long CONFIG_PHYSICAL_ALIGN #physical addr alignment 332 #required for protected mode 333 #kernel 334#ifdef CONFIG_RELOCATABLE 335relocatable_kernel: .byte 1 336#else 337relocatable_kernel: .byte 0 338#endif 339min_alignment: .byte MIN_KERNEL_ALIGN_LG2 # minimum alignment 340 341xloadflags: 342#ifdef CONFIG_X86_64 343# define XLF0 XLF_KERNEL_64 /* 64-bit kernel */ 344#else 345# define XLF0 0 346#endif 347 348#if defined(CONFIG_RELOCATABLE) && defined(CONFIG_X86_64) 349 /* kernel/boot_param/ramdisk could be loaded above 4g */ 350# define XLF1 XLF_CAN_BE_LOADED_ABOVE_4G 351#else 352# define XLF1 0 353#endif 354 355#ifdef CONFIG_EFI_HANDOVER_PROTOCOL 356# ifdef CONFIG_EFI_MIXED 357# define XLF23 (XLF_EFI_HANDOVER_32|XLF_EFI_HANDOVER_64) 358# else 359# ifdef CONFIG_X86_64 360# define XLF23 XLF_EFI_HANDOVER_64 /* 64-bit EFI handover ok */ 361# else 362# define XLF23 XLF_EFI_HANDOVER_32 /* 32-bit EFI handover ok */ 363# endif 364# endif 365#else 366# define XLF23 0 367#endif 368 369#if defined(CONFIG_X86_64) && defined(CONFIG_EFI) && defined(CONFIG_KEXEC_CORE) 370# define XLF4 XLF_EFI_KEXEC 371#else 372# define XLF4 0 373#endif 374 375#ifdef CONFIG_X86_64 376#ifdef CONFIG_X86_5LEVEL 377#define XLF56 (XLF_5LEVEL|XLF_5LEVEL_ENABLED) 378#else 379#define XLF56 XLF_5LEVEL 380#endif 381#else 382#define XLF56 0 383#endif 384 385 .word XLF0 | XLF1 | XLF23 | XLF4 | XLF56 386 387cmdline_size: .long COMMAND_LINE_SIZE-1 #length of the command line, 388 #added with boot protocol 389 #version 2.06 390 391hardware_subarch: .long 0 # subarchitecture, added with 2.07 392 # default to 0 for normal x86 PC 393 394hardware_subarch_data: .quad 0 395 396payload_offset: .long ZO_input_data 397payload_length: .long ZO_z_input_len 398 399setup_data: .quad 0 # 64-bit physical pointer to 400 # single linked list of 401 # struct setup_data 402 403pref_address: .quad LOAD_PHYSICAL_ADDR # preferred load addr 404 405# 406# Getting to provably safe in-place decompression is hard. Worst case 407# behaviours need to be analyzed. Here let's take the decompression of 408# a gzip-compressed kernel as example, to illustrate it: 409# 410# The file layout of gzip compressed kernel is: 411# 412# magic[2] 413# method[1] 414# flags[1] 415# timestamp[4] 416# extraflags[1] 417# os[1] 418# compressed data blocks[N] 419# crc[4] orig_len[4] 420# 421# ... resulting in +18 bytes overhead of uncompressed data. 422# 423# (For more information, please refer to RFC 1951 and RFC 1952.) 424# 425# Files divided into blocks 426# 1 bit (last block flag) 427# 2 bits (block type) 428# 429# 1 block occurs every 32K -1 bytes or when there 50% compression 430# has been achieved. The smallest block type encoding is always used. 431# 432# stored: 433# 32 bits length in bytes. 434# 435# fixed: 436# magic fixed tree. 437# symbols. 438# 439# dynamic: 440# dynamic tree encoding. 441# symbols. 442# 443# 444# The buffer for decompression in place is the length of the uncompressed 445# data, plus a small amount extra to keep the algorithm safe. The 446# compressed data is placed at the end of the buffer. The output pointer 447# is placed at the start of the buffer and the input pointer is placed 448# where the compressed data starts. Problems will occur when the output 449# pointer overruns the input pointer. 450# 451# The output pointer can only overrun the input pointer if the input 452# pointer is moving faster than the output pointer. A condition only 453# triggered by data whose compressed form is larger than the uncompressed 454# form. 455# 456# The worst case at the block level is a growth of the compressed data 457# of 5 bytes per 32767 bytes. 458# 459# The worst case internal to a compressed block is very hard to figure. 460# The worst case can at least be bounded by having one bit that represents 461# 32764 bytes and then all of the rest of the bytes representing the very 462# very last byte. 463# 464# All of which is enough to compute an amount of extra data that is required 465# to be safe. To avoid problems at the block level allocating 5 extra bytes 466# per 32767 bytes of data is sufficient. To avoid problems internal to a 467# block adding an extra 32767 bytes (the worst case uncompressed block size) 468# is sufficient, to ensure that in the worst case the decompressed data for 469# block will stop the byte before the compressed data for a block begins. 470# To avoid problems with the compressed data's meta information an extra 18 471# bytes are needed. Leading to the formula: 472# 473# extra_bytes = (uncompressed_size >> 12) + 32768 + 18 474# 475# Adding 8 bytes per 32K is a bit excessive but much easier to calculate. 476# Adding 32768 instead of 32767 just makes for round numbers. 477# 478# Above analysis is for decompressing gzip compressed kernel only. Up to 479# now 6 different decompressor are supported all together. And among them 480# xz stores data in chunks and has maximum chunk of 64K. Hence safety 481# margin should be updated to cover all decompressors so that we don't 482# need to deal with each of them separately. Please check 483# the description in lib/decompressor_xxx.c for specific information. 484# 485# extra_bytes = (uncompressed_size >> 12) + 65536 + 128 486# 487# LZ4 is even worse: data that cannot be further compressed grows by 0.4%, 488# or one byte per 256 bytes. OTOH, we can safely get rid of the +128 as 489# the size-dependent part now grows so fast. 490# 491# extra_bytes = (uncompressed_size >> 8) + 65536 492# 493# ZSTD compressed data grows by at most 3 bytes per 128K, and only has a 22 494# byte fixed overhead but has a maximum block size of 128K, so it needs a 495# larger margin. 496# 497# extra_bytes = (uncompressed_size >> 8) + 131072 498 499#define ZO_z_extra_bytes ((ZO_z_output_len >> 8) + 131072) 500#if ZO_z_output_len > ZO_z_input_len 501# define ZO_z_extract_offset (ZO_z_output_len + ZO_z_extra_bytes - \ 502 ZO_z_input_len) 503#else 504# define ZO_z_extract_offset ZO_z_extra_bytes 505#endif 506 507/* 508 * The extract_offset has to be bigger than ZO head section. Otherwise when 509 * the head code is running to move ZO to the end of the buffer, it will 510 * overwrite the head code itself. 511 */ 512#if (ZO__ehead - ZO_startup_32) > ZO_z_extract_offset 513# define ZO_z_min_extract_offset ((ZO__ehead - ZO_startup_32 + 4095) & ~4095) 514#else 515# define ZO_z_min_extract_offset ((ZO_z_extract_offset + 4095) & ~4095) 516#endif 517 518#define ZO_INIT_SIZE (ZO__end - ZO_startup_32 + ZO_z_min_extract_offset) 519 520#define VO_INIT_SIZE (VO__end - VO__text) 521#if ZO_INIT_SIZE > VO_INIT_SIZE 522# define INIT_SIZE ZO_INIT_SIZE 523#else 524# define INIT_SIZE VO_INIT_SIZE 525#endif 526 527init_size: .long INIT_SIZE # kernel initialization size 528handover_offset: .long 0 # Filled in by build.c 529kernel_info_offset: .long 0 # Filled in by build.c 530 531# End of setup header ##################################################### 532 533 .section ".entrytext", "ax" 534start_of_setup: 535# Force %es = %ds 536 movw %ds, %ax 537 movw %ax, %es 538 cld 539 540# Apparently some ancient versions of LILO invoked the kernel with %ss != %ds, 541# which happened to work by accident for the old code. Recalculate the stack 542# pointer if %ss is invalid. Otherwise leave it alone, LOADLIN sets up the 543# stack behind its own code, so we can't blindly put it directly past the heap. 544 545 movw %ss, %dx 546 cmpw %ax, %dx # %ds == %ss? 547 movw %sp, %dx 548 je 2f # -> assume %sp is reasonably set 549 550 # Invalid %ss, make up a new stack 551 movw $_end, %dx 552 testb $CAN_USE_HEAP, loadflags 553 jz 1f 554 movw heap_end_ptr, %dx 5551: addw $STACK_SIZE, %dx 556 jnc 2f 557 xorw %dx, %dx # Prevent wraparound 558 5592: # Now %dx should point to the end of our stack space 560 andw $~3, %dx # dword align (might as well...) 561 jnz 3f 562 movw $0xfffc, %dx # Make sure we're not zero 5633: movw %ax, %ss 564 movzwl %dx, %esp # Clear upper half of %esp 565 sti # Now we should have a working stack 566 567# We will have entered with %cs = %ds+0x20, normalize %cs so 568# it is on par with the other segments. 569 pushw %ds 570 pushw $6f 571 lretw 5726: 573 574# Check signature at end of setup 575 cmpl $0x5a5aaa55, setup_sig 576 jne setup_bad 577 578# Zero the bss 579 movw $__bss_start, %di 580 movw $_end+3, %cx 581 xorl %eax, %eax 582 subw %di, %cx 583 shrw $2, %cx 584 rep; stosl 585 586# Jump to C code (should not return) 587 calll main 588 589# Setup corrupt somehow... 590setup_bad: 591 movl $setup_corrupt, %eax 592 calll puts 593 # Fall through... 594 595 .globl die 596 .type die, @function 597die: 598 hlt 599 jmp die 600 601 .size die, .-die 602 603 .section ".initdata", "a" 604setup_corrupt: 605 .byte 7 606 .string "No setup signature found...\n" 607