xref: /openbmc/linux/arch/x86/boot/header.S (revision 4bac079d) 
1/* SPDX-License-Identifier: GPL-2.0 */
2/*
3 *	header.S
4 *
5 *	Copyright (C) 1991, 1992 Linus Torvalds
6 *
7 *	Based on bootsect.S and setup.S
8 *	modified by more people than can be counted
9 *
10 *	Rewritten as a common file by H. Peter Anvin (Apr 2007)
11 *
12 * BIG FAT NOTE: We're in real mode using 64k segments.  Therefore segment
13 * addresses must be multiplied by 16 to obtain their respective linear
14 * addresses. To avoid confusion, linear addresses are written using leading
15 * hex while segment addresses are written as segment:offset.
16 *
17 */
18#include <linux/pe.h>
19#include <asm/segment.h>
20#include <asm/boot.h>
21#include <asm/page_types.h>
22#include <asm/setup.h>
23#include <asm/bootparam.h>
24#include "boot.h"
25#include "voffset.h"
26#include "zoffset.h"
27
28BOOTSEG		= 0x07C0		/* original address of boot-sector */
29SYSSEG		= 0x1000		/* historical load address >> 4 */
30
31#ifndef SVGA_MODE
32#define SVGA_MODE ASK_VGA
33#endif
34
35#ifndef ROOT_RDONLY
36#define ROOT_RDONLY 1
37#endif
38
39	.code16
40	.section ".bstext", "ax"
41#ifdef CONFIG_EFI_STUB
42	# "MZ", MS-DOS header
43	.word	MZ_MAGIC
44	.org	0x38
45	#
46	# Offset to the PE header.
47	#
48	.long	LINUX_PE_MAGIC
49	.long	pe_header
50pe_header:
51	.long	PE_MAGIC
52
53coff_header:
54#ifdef CONFIG_X86_32
55	.set	image_file_add_flags, IMAGE_FILE_32BIT_MACHINE
56	.set	pe_opt_magic, PE_OPT_MAGIC_PE32
57	.word	IMAGE_FILE_MACHINE_I386
58#else
59	.set	image_file_add_flags, 0
60	.set	pe_opt_magic, PE_OPT_MAGIC_PE32PLUS
61	.word	IMAGE_FILE_MACHINE_AMD64
62#endif
63	.word	section_count			# nr_sections
64	.long	0 				# TimeDateStamp
65	.long	0				# PointerToSymbolTable
66	.long	1				# NumberOfSymbols
67	.word	section_table - optional_header	# SizeOfOptionalHeader
68	.word	IMAGE_FILE_EXECUTABLE_IMAGE	| \
69		image_file_add_flags		| \
70		IMAGE_FILE_DEBUG_STRIPPED	| \
71		IMAGE_FILE_LINE_NUMS_STRIPPED	# Characteristics
72
73optional_header:
74	.word	pe_opt_magic
75	.byte	0x02				# MajorLinkerVersion
76	.byte	0x14				# MinorLinkerVersion
77
78	# Filled in by build.c
79	.long	0				# SizeOfCode
80
81	.long	0				# SizeOfInitializedData
82	.long	0				# SizeOfUninitializedData
83
84	# Filled in by build.c
85	.long	0x0000				# AddressOfEntryPoint
86
87	.long	0x0200				# BaseOfCode
88#ifdef CONFIG_X86_32
89	.long	0				# data
90#endif
91
92extra_header_fields:
93#ifdef CONFIG_X86_32
94	.long	0				# ImageBase
95#else
96	.quad	0				# ImageBase
97#endif
98	.long	0x20				# SectionAlignment
99	.long	0x20				# FileAlignment
100	.word	0				# MajorOperatingSystemVersion
101	.word	0				# MinorOperatingSystemVersion
102	.word	LINUX_EFISTUB_MAJOR_VERSION	# MajorImageVersion
103	.word	LINUX_EFISTUB_MINOR_VERSION	# MinorImageVersion
104	.word	0				# MajorSubsystemVersion
105	.word	0				# MinorSubsystemVersion
106	.long	0				# Win32VersionValue
107
108	#
109	# The size of the bzImage is written in tools/build.c
110	#
111	.long	0				# SizeOfImage
112
113	.long	0x200				# SizeOfHeaders
114	.long	0				# CheckSum
115	.word	IMAGE_SUBSYSTEM_EFI_APPLICATION	# Subsystem (EFI application)
116#ifdef CONFIG_EFI_DXE_MEM_ATTRIBUTES
117	.word	IMAGE_DLL_CHARACTERISTICS_NX_COMPAT	# DllCharacteristics
118#else
119	.word	0				# DllCharacteristics
120#endif
121#ifdef CONFIG_X86_32
122	.long	0				# SizeOfStackReserve
123	.long	0				# SizeOfStackCommit
124	.long	0				# SizeOfHeapReserve
125	.long	0				# SizeOfHeapCommit
126#else
127	.quad	0				# SizeOfStackReserve
128	.quad	0				# SizeOfStackCommit
129	.quad	0				# SizeOfHeapReserve
130	.quad	0				# SizeOfHeapCommit
131#endif
132	.long	0				# LoaderFlags
133	.long	(section_table - .) / 8		# NumberOfRvaAndSizes
134
135	.quad	0				# ExportTable
136	.quad	0				# ImportTable
137	.quad	0				# ResourceTable
138	.quad	0				# ExceptionTable
139	.quad	0				# CertificationTable
140	.quad	0				# BaseRelocationTable
141
142	# Section table
143section_table:
144	#
145	# The offset & size fields are filled in by build.c.
146	#
147	.ascii	".setup"
148	.byte	0
149	.byte	0
150	.long	0
151	.long	0x0				# startup_{32,64}
152	.long	0				# Size of initialized data
153						# on disk
154	.long	0x0				# startup_{32,64}
155	.long	0				# PointerToRelocations
156	.long	0				# PointerToLineNumbers
157	.word	0				# NumberOfRelocations
158	.word	0				# NumberOfLineNumbers
159	.long	IMAGE_SCN_CNT_CODE		| \
160		IMAGE_SCN_MEM_READ		| \
161		IMAGE_SCN_MEM_EXECUTE		# Characteristics
162
163	#
164	# The EFI application loader requires a relocation section
165	# because EFI applications must be relocatable. The .reloc
166	# offset & size fields are filled in by build.c.
167	#
168	.ascii	".reloc"
169	.byte	0
170	.byte	0
171	.long	0
172	.long	0
173	.long	0				# SizeOfRawData
174	.long	0				# PointerToRawData
175	.long	0				# PointerToRelocations
176	.long	0				# PointerToLineNumbers
177	.word	0				# NumberOfRelocations
178	.word	0				# NumberOfLineNumbers
179	.long	IMAGE_SCN_CNT_INITIALIZED_DATA	| \
180		IMAGE_SCN_MEM_READ		| \
181		IMAGE_SCN_MEM_DISCARDABLE	# Characteristics
182
183#ifdef CONFIG_EFI_MIXED
184	#
185	# The offset & size fields are filled in by build.c.
186	#
187	.asciz	".compat"
188	.long	0
189	.long	0x0
190	.long	0				# Size of initialized data
191						# on disk
192	.long	0x0
193	.long	0				# PointerToRelocations
194	.long	0				# PointerToLineNumbers
195	.word	0				# NumberOfRelocations
196	.word	0				# NumberOfLineNumbers
197	.long	IMAGE_SCN_CNT_INITIALIZED_DATA	| \
198		IMAGE_SCN_MEM_READ		| \
199		IMAGE_SCN_MEM_DISCARDABLE	# Characteristics
200#endif
201
202	#
203	# The offset & size fields are filled in by build.c.
204	#
205	.ascii	".text"
206	.byte	0
207	.byte	0
208	.byte	0
209	.long	0
210	.long	0x0				# startup_{32,64}
211	.long	0				# Size of initialized data
212						# on disk
213	.long	0x0				# startup_{32,64}
214	.long	0				# PointerToRelocations
215	.long	0				# PointerToLineNumbers
216	.word	0				# NumberOfRelocations
217	.word	0				# NumberOfLineNumbers
218	.long	IMAGE_SCN_CNT_CODE		| \
219		IMAGE_SCN_MEM_READ		| \
220		IMAGE_SCN_MEM_EXECUTE		# Characteristics
221
222	.set	section_count, (. - section_table) / 40
223#endif /* CONFIG_EFI_STUB */
224
225	# Kernel attributes; used by setup.  This is part 1 of the
226	# header, from the old boot sector.
227
228	.section ".header", "a"
229	.globl	sentinel
230sentinel:	.byte 0xff, 0xff        /* Used to detect broken loaders */
231
232	.globl	hdr
233hdr:
234setup_sects:	.byte 0			/* Filled in by build.c */
235root_flags:	.word ROOT_RDONLY
236syssize:	.long 0			/* Filled in by build.c */
237ram_size:	.word 0			/* Obsolete */
238vid_mode:	.word SVGA_MODE
239root_dev:	.word 0			/* Filled in by build.c */
240boot_flag:	.word 0xAA55
241
242	# offset 512, entry point
243
244	.globl	_start
245_start:
246		# Explicitly enter this as bytes, or the assembler
247		# tries to generate a 3-byte jump here, which causes
248		# everything else to push off to the wrong offset.
249		.byte	0xeb		# short (2-byte) jump
250		.byte	start_of_setup-1f
2511:
252
253	# Part 2 of the header, from the old setup.S
254
255		.ascii	"HdrS"		# header signature
256		.word	0x020f		# header version number (>= 0x0105)
257					# or else old loadlin-1.5 will fail)
258		.globl realmode_swtch
259realmode_swtch:	.word	0, 0		# default_switch, SETUPSEG
260start_sys_seg:	.word	SYSSEG		# obsolete and meaningless, but just
261					# in case something decided to "use" it
262		.word	kernel_version-512 # pointing to kernel version string
263					# above section of header is compatible
264					# with loadlin-1.5 (header v1.5). Don't
265					# change it.
266
267type_of_loader:	.byte	0		# 0 means ancient bootloader, newer
268					# bootloaders know to change this.
269					# See Documentation/arch/x86/boot.rst for
270					# assigned ids
271
272# flags, unused bits must be zero (RFU) bit within loadflags
273loadflags:
274		.byte	LOADED_HIGH	# The kernel is to be loaded high
275
276setup_move_size: .word  0x8000		# size to move, when setup is not
277					# loaded at 0x90000. We will move setup
278					# to 0x90000 then just before jumping
279					# into the kernel. However, only the
280					# loader knows how much data behind
281					# us also needs to be loaded.
282
283code32_start:				# here loaders can put a different
284					# start address for 32-bit code.
285		.long	0x100000	# 0x100000 = default for big kernel
286
287ramdisk_image:	.long	0		# address of loaded ramdisk image
288					# Here the loader puts the 32-bit
289					# address where it loaded the image.
290					# This only will be read by the kernel.
291
292ramdisk_size:	.long	0		# its size in bytes
293
294bootsect_kludge:
295		.long	0		# obsolete
296
297heap_end_ptr:	.word	_end+STACK_SIZE-512
298					# (Header version 0x0201 or later)
299					# space from here (exclusive) down to
300					# end of setup code can be used by setup
301					# for local heap purposes.
302
303ext_loader_ver:
304		.byte	0		# Extended boot loader version
305ext_loader_type:
306		.byte	0		# Extended boot loader type
307
308cmd_line_ptr:	.long	0		# (Header version 0x0202 or later)
309					# If nonzero, a 32-bit pointer
310					# to the kernel command line.
311					# The command line should be
312					# located between the start of
313					# setup and the end of low
314					# memory (0xa0000), or it may
315					# get overwritten before it
316					# gets read.  If this field is
317					# used, there is no longer
318					# anything magical about the
319					# 0x90000 segment; the setup
320					# can be located anywhere in
321					# low memory 0x10000 or higher.
322
323initrd_addr_max: .long 0x7fffffff
324					# (Header version 0x0203 or later)
325					# The highest safe address for
326					# the contents of an initrd
327					# The current kernel allows up to 4 GB,
328					# but leave it at 2 GB to avoid
329					# possible bootloader bugs.
330
331kernel_alignment:  .long CONFIG_PHYSICAL_ALIGN	#physical addr alignment
332						#required for protected mode
333						#kernel
334#ifdef CONFIG_RELOCATABLE
335relocatable_kernel:    .byte 1
336#else
337relocatable_kernel:    .byte 0
338#endif
339min_alignment:		.byte MIN_KERNEL_ALIGN_LG2	# minimum alignment
340
341xloadflags:
342#ifdef CONFIG_X86_64
343# define XLF0 XLF_KERNEL_64			/* 64-bit kernel */
344#else
345# define XLF0 0
346#endif
347
348#if defined(CONFIG_RELOCATABLE) && defined(CONFIG_X86_64)
349   /* kernel/boot_param/ramdisk could be loaded above 4g */
350# define XLF1 XLF_CAN_BE_LOADED_ABOVE_4G
351#else
352# define XLF1 0
353#endif
354
355#ifdef CONFIG_EFI_HANDOVER_PROTOCOL
356# ifdef CONFIG_EFI_MIXED
357#  define XLF23 (XLF_EFI_HANDOVER_32|XLF_EFI_HANDOVER_64)
358# else
359#  ifdef CONFIG_X86_64
360#   define XLF23 XLF_EFI_HANDOVER_64		/* 64-bit EFI handover ok */
361#  else
362#   define XLF23 XLF_EFI_HANDOVER_32		/* 32-bit EFI handover ok */
363#  endif
364# endif
365#else
366# define XLF23 0
367#endif
368
369#if defined(CONFIG_X86_64) && defined(CONFIG_EFI) && defined(CONFIG_KEXEC_CORE)
370# define XLF4 XLF_EFI_KEXEC
371#else
372# define XLF4 0
373#endif
374
375#ifdef CONFIG_X86_64
376#ifdef CONFIG_X86_5LEVEL
377#define XLF56 (XLF_5LEVEL|XLF_5LEVEL_ENABLED)
378#else
379#define XLF56 XLF_5LEVEL
380#endif
381#else
382#define XLF56 0
383#endif
384
385			.word XLF0 | XLF1 | XLF23 | XLF4 | XLF56
386
387cmdline_size:   .long   COMMAND_LINE_SIZE-1     #length of the command line,
388                                                #added with boot protocol
389                                                #version 2.06
390
391hardware_subarch:	.long 0			# subarchitecture, added with 2.07
392						# default to 0 for normal x86 PC
393
394hardware_subarch_data:	.quad 0
395
396payload_offset:		.long ZO_input_data
397payload_length:		.long ZO_z_input_len
398
399setup_data:		.quad 0			# 64-bit physical pointer to
400						# single linked list of
401						# struct setup_data
402
403pref_address:		.quad LOAD_PHYSICAL_ADDR	# preferred load addr
404
405#
406# Getting to provably safe in-place decompression is hard. Worst case
407# behaviours need to be analyzed. Here let's take the decompression of
408# a gzip-compressed kernel as example, to illustrate it:
409#
410# The file layout of gzip compressed kernel is:
411#
412#    magic[2]
413#    method[1]
414#    flags[1]
415#    timestamp[4]
416#    extraflags[1]
417#    os[1]
418#    compressed data blocks[N]
419#    crc[4] orig_len[4]
420#
421# ... resulting in +18 bytes overhead of uncompressed data.
422#
423# (For more information, please refer to RFC 1951 and RFC 1952.)
424#
425# Files divided into blocks
426# 1 bit (last block flag)
427# 2 bits (block type)
428#
429# 1 block occurs every 32K -1 bytes or when there 50% compression
430# has been achieved. The smallest block type encoding is always used.
431#
432# stored:
433#    32 bits length in bytes.
434#
435# fixed:
436#    magic fixed tree.
437#    symbols.
438#
439# dynamic:
440#    dynamic tree encoding.
441#    symbols.
442#
443#
444# The buffer for decompression in place is the length of the uncompressed
445# data, plus a small amount extra to keep the algorithm safe. The
446# compressed data is placed at the end of the buffer.  The output pointer
447# is placed at the start of the buffer and the input pointer is placed
448# where the compressed data starts. Problems will occur when the output
449# pointer overruns the input pointer.
450#
451# The output pointer can only overrun the input pointer if the input
452# pointer is moving faster than the output pointer.  A condition only
453# triggered by data whose compressed form is larger than the uncompressed
454# form.
455#
456# The worst case at the block level is a growth of the compressed data
457# of 5 bytes per 32767 bytes.
458#
459# The worst case internal to a compressed block is very hard to figure.
460# The worst case can at least be bounded by having one bit that represents
461# 32764 bytes and then all of the rest of the bytes representing the very
462# very last byte.
463#
464# All of which is enough to compute an amount of extra data that is required
465# to be safe.  To avoid problems at the block level allocating 5 extra bytes
466# per 32767 bytes of data is sufficient.  To avoid problems internal to a
467# block adding an extra 32767 bytes (the worst case uncompressed block size)
468# is sufficient, to ensure that in the worst case the decompressed data for
469# block will stop the byte before the compressed data for a block begins.
470# To avoid problems with the compressed data's meta information an extra 18
471# bytes are needed.  Leading to the formula:
472#
473# extra_bytes = (uncompressed_size >> 12) + 32768 + 18
474#
475# Adding 8 bytes per 32K is a bit excessive but much easier to calculate.
476# Adding 32768 instead of 32767 just makes for round numbers.
477#
478# Above analysis is for decompressing gzip compressed kernel only. Up to
479# now 6 different decompressor are supported all together. And among them
480# xz stores data in chunks and has maximum chunk of 64K. Hence safety
481# margin should be updated to cover all decompressors so that we don't
482# need to deal with each of them separately. Please check
483# the description in lib/decompressor_xxx.c for specific information.
484#
485# extra_bytes = (uncompressed_size >> 12) + 65536 + 128
486#
487# LZ4 is even worse: data that cannot be further compressed grows by 0.4%,
488# or one byte per 256 bytes. OTOH, we can safely get rid of the +128 as
489# the size-dependent part now grows so fast.
490#
491# extra_bytes = (uncompressed_size >> 8) + 65536
492#
493# ZSTD compressed data grows by at most 3 bytes per 128K, and only has a 22
494# byte fixed overhead but has a maximum block size of 128K, so it needs a
495# larger margin.
496#
497# extra_bytes = (uncompressed_size >> 8) + 131072
498
499#define ZO_z_extra_bytes	((ZO_z_output_len >> 8) + 131072)
500#if ZO_z_output_len > ZO_z_input_len
501# define ZO_z_extract_offset	(ZO_z_output_len + ZO_z_extra_bytes - \
502				 ZO_z_input_len)
503#else
504# define ZO_z_extract_offset	ZO_z_extra_bytes
505#endif
506
507/*
508 * The extract_offset has to be bigger than ZO head section. Otherwise when
509 * the head code is running to move ZO to the end of the buffer, it will
510 * overwrite the head code itself.
511 */
512#if (ZO__ehead - ZO_startup_32) > ZO_z_extract_offset
513# define ZO_z_min_extract_offset ((ZO__ehead - ZO_startup_32 + 4095) & ~4095)
514#else
515# define ZO_z_min_extract_offset ((ZO_z_extract_offset + 4095) & ~4095)
516#endif
517
518#define ZO_INIT_SIZE	(ZO__end - ZO_startup_32 + ZO_z_min_extract_offset)
519
520#define VO_INIT_SIZE	(VO__end - VO__text)
521#if ZO_INIT_SIZE > VO_INIT_SIZE
522# define INIT_SIZE ZO_INIT_SIZE
523#else
524# define INIT_SIZE VO_INIT_SIZE
525#endif
526
527init_size:		.long INIT_SIZE		# kernel initialization size
528handover_offset:	.long 0			# Filled in by build.c
529kernel_info_offset:	.long 0			# Filled in by build.c
530
531# End of setup header #####################################################
532
533	.section ".entrytext", "ax"
534start_of_setup:
535# Force %es = %ds
536	movw	%ds, %ax
537	movw	%ax, %es
538	cld
539
540# Apparently some ancient versions of LILO invoked the kernel with %ss != %ds,
541# which happened to work by accident for the old code.  Recalculate the stack
542# pointer if %ss is invalid.  Otherwise leave it alone, LOADLIN sets up the
543# stack behind its own code, so we can't blindly put it directly past the heap.
544
545	movw	%ss, %dx
546	cmpw	%ax, %dx	# %ds == %ss?
547	movw	%sp, %dx
548	je	2f		# -> assume %sp is reasonably set
549
550	# Invalid %ss, make up a new stack
551	movw	$_end, %dx
552	testb	$CAN_USE_HEAP, loadflags
553	jz	1f
554	movw	heap_end_ptr, %dx
5551:	addw	$STACK_SIZE, %dx
556	jnc	2f
557	xorw	%dx, %dx	# Prevent wraparound
558
5592:	# Now %dx should point to the end of our stack space
560	andw	$~3, %dx	# dword align (might as well...)
561	jnz	3f
562	movw	$0xfffc, %dx	# Make sure we're not zero
5633:	movw	%ax, %ss
564	movzwl	%dx, %esp	# Clear upper half of %esp
565	sti			# Now we should have a working stack
566
567# We will have entered with %cs = %ds+0x20, normalize %cs so
568# it is on par with the other segments.
569	pushw	%ds
570	pushw	$6f
571	lretw
5726:
573
574# Check signature at end of setup
575	cmpl	$0x5a5aaa55, setup_sig
576	jne	setup_bad
577
578# Zero the bss
579	movw	$__bss_start, %di
580	movw	$_end+3, %cx
581	xorl	%eax, %eax
582	subw	%di, %cx
583	shrw	$2, %cx
584	rep; stosl
585
586# Jump to C code (should not return)
587	calll	main
588
589# Setup corrupt somehow...
590setup_bad:
591	movl	$setup_corrupt, %eax
592	calll	puts
593	# Fall through...
594
595	.globl	die
596	.type	die, @function
597die:
598	hlt
599	jmp	die
600
601	.size	die, .-die
602
603	.section ".initdata", "a"
604setup_corrupt:
605	.byte	7
606	.string	"No setup signature found...\n"
607