1/* SPDX-License-Identifier: GPL-2.0 */ 2/* 3 * header.S 4 * 5 * Copyright (C) 1991, 1992 Linus Torvalds 6 * 7 * Based on bootsect.S and setup.S 8 * modified by more people than can be counted 9 * 10 * Rewritten as a common file by H. Peter Anvin (Apr 2007) 11 * 12 * BIG FAT NOTE: We're in real mode using 64k segments. Therefore segment 13 * addresses must be multiplied by 16 to obtain their respective linear 14 * addresses. To avoid confusion, linear addresses are written using leading 15 * hex while segment addresses are written as segment:offset. 16 * 17 */ 18#include <linux/pe.h> 19#include <asm/segment.h> 20#include <asm/boot.h> 21#include <asm/page_types.h> 22#include <asm/setup.h> 23#include <asm/bootparam.h> 24#include "boot.h" 25#include "voffset.h" 26#include "zoffset.h" 27 28BOOTSEG = 0x07C0 /* original address of boot-sector */ 29SYSSEG = 0x1000 /* historical load address >> 4 */ 30 31#ifndef SVGA_MODE 32#define SVGA_MODE ASK_VGA 33#endif 34 35#ifndef ROOT_RDONLY 36#define ROOT_RDONLY 1 37#endif 38 39 .code16 40 .section ".bstext", "ax" 41 42 .global bootsect_start 43bootsect_start: 44#ifdef CONFIG_EFI_STUB 45 # "MZ", MS-DOS header 46 .word MZ_MAGIC 47#endif 48 49 # Normalize the start address 50 ljmp $BOOTSEG, $start2 51 52start2: 53 movw %cs, %ax 54 movw %ax, %ds 55 movw %ax, %es 56 movw %ax, %ss 57 xorw %sp, %sp 58 sti 59 cld 60 61 movw $bugger_off_msg, %si 62 63msg_loop: 64 lodsb 65 andb %al, %al 66 jz bs_die 67 movb $0xe, %ah 68 movw $7, %bx 69 int $0x10 70 jmp msg_loop 71 72bs_die: 73 # Allow the user to press a key, then reboot 74 xorw %ax, %ax 75 int $0x16 76 int $0x19 77 78 # int 0x19 should never return. In case it does anyway, 79 # invoke the BIOS reset code... 80 ljmp $0xf000,$0xfff0 81 82#ifdef CONFIG_EFI_STUB 83 .org 0x3c 84 # 85 # Offset to the PE header. 86 # 87 .long pe_header 88#endif /* CONFIG_EFI_STUB */ 89 90 .section ".bsdata", "a" 91bugger_off_msg: 92 .ascii "Use a boot loader.\r\n" 93 .ascii "\n" 94 .ascii "Remove disk and press any key to reboot...\r\n" 95 .byte 0 96 97#ifdef CONFIG_EFI_STUB 98pe_header: 99 .long PE_MAGIC 100 101coff_header: 102#ifdef CONFIG_X86_32 103 .set image_file_add_flags, IMAGE_FILE_32BIT_MACHINE 104 .set pe_opt_magic, PE_OPT_MAGIC_PE32 105 .word IMAGE_FILE_MACHINE_I386 106#else 107 .set image_file_add_flags, 0 108 .set pe_opt_magic, PE_OPT_MAGIC_PE32PLUS 109 .word IMAGE_FILE_MACHINE_AMD64 110#endif 111 .word section_count # nr_sections 112 .long 0 # TimeDateStamp 113 .long 0 # PointerToSymbolTable 114 .long 1 # NumberOfSymbols 115 .word section_table - optional_header # SizeOfOptionalHeader 116 .word IMAGE_FILE_EXECUTABLE_IMAGE | \ 117 image_file_add_flags | \ 118 IMAGE_FILE_DEBUG_STRIPPED | \ 119 IMAGE_FILE_LINE_NUMS_STRIPPED # Characteristics 120 121optional_header: 122 .word pe_opt_magic 123 .byte 0x02 # MajorLinkerVersion 124 .byte 0x14 # MinorLinkerVersion 125 126 # Filled in by build.c 127 .long 0 # SizeOfCode 128 129 .long 0 # SizeOfInitializedData 130 .long 0 # SizeOfUninitializedData 131 132 # Filled in by build.c 133 .long 0x0000 # AddressOfEntryPoint 134 135 .long 0x0200 # BaseOfCode 136#ifdef CONFIG_X86_32 137 .long 0 # data 138#endif 139 140extra_header_fields: 141 # PE specification requires ImageBase to be 64k aligned 142 .set image_base, (LOAD_PHYSICAL_ADDR + 0xffff) & ~0xffff 143#ifdef CONFIG_X86_32 144 .long image_base # ImageBase 145#else 146 .quad image_base # ImageBase 147#endif 148 .long 0x20 # SectionAlignment 149 .long 0x20 # FileAlignment 150 .word 0 # MajorOperatingSystemVersion 151 .word 0 # MinorOperatingSystemVersion 152 .word LINUX_EFISTUB_MAJOR_VERSION # MajorImageVersion 153 .word LINUX_EFISTUB_MINOR_VERSION # MinorImageVersion 154 .word 0 # MajorSubsystemVersion 155 .word 0 # MinorSubsystemVersion 156 .long 0 # Win32VersionValue 157 158 # 159 # The size of the bzImage is written in tools/build.c 160 # 161 .long 0 # SizeOfImage 162 163 .long 0x200 # SizeOfHeaders 164 .long 0 # CheckSum 165 .word IMAGE_SUBSYSTEM_EFI_APPLICATION # Subsystem (EFI application) 166 .word 0 # DllCharacteristics 167#ifdef CONFIG_X86_32 168 .long 0 # SizeOfStackReserve 169 .long 0 # SizeOfStackCommit 170 .long 0 # SizeOfHeapReserve 171 .long 0 # SizeOfHeapCommit 172#else 173 .quad 0 # SizeOfStackReserve 174 .quad 0 # SizeOfStackCommit 175 .quad 0 # SizeOfHeapReserve 176 .quad 0 # SizeOfHeapCommit 177#endif 178 .long 0 # LoaderFlags 179 .long (section_table - .) / 8 # NumberOfRvaAndSizes 180 181 .quad 0 # ExportTable 182 .quad 0 # ImportTable 183 .quad 0 # ResourceTable 184 .quad 0 # ExceptionTable 185 .quad 0 # CertificationTable 186 .quad 0 # BaseRelocationTable 187 188 # Section table 189section_table: 190 # 191 # The offset & size fields are filled in by build.c. 192 # 193 .ascii ".setup" 194 .byte 0 195 .byte 0 196 .long 0 197 .long 0x0 # startup_{32,64} 198 .long 0 # Size of initialized data 199 # on disk 200 .long 0x0 # startup_{32,64} 201 .long 0 # PointerToRelocations 202 .long 0 # PointerToLineNumbers 203 .word 0 # NumberOfRelocations 204 .word 0 # NumberOfLineNumbers 205 .long IMAGE_SCN_CNT_CODE | \ 206 IMAGE_SCN_MEM_READ | \ 207 IMAGE_SCN_MEM_EXECUTE | \ 208 IMAGE_SCN_ALIGN_16BYTES # Characteristics 209 210 # 211 # The EFI application loader requires a relocation section 212 # because EFI applications must be relocatable. The .reloc 213 # offset & size fields are filled in by build.c. 214 # 215 .ascii ".reloc" 216 .byte 0 217 .byte 0 218 .long 0 219 .long 0 220 .long 0 # SizeOfRawData 221 .long 0 # PointerToRawData 222 .long 0 # PointerToRelocations 223 .long 0 # PointerToLineNumbers 224 .word 0 # NumberOfRelocations 225 .word 0 # NumberOfLineNumbers 226 .long IMAGE_SCN_CNT_INITIALIZED_DATA | \ 227 IMAGE_SCN_MEM_READ | \ 228 IMAGE_SCN_MEM_DISCARDABLE | \ 229 IMAGE_SCN_ALIGN_1BYTES # Characteristics 230 231#ifdef CONFIG_EFI_MIXED 232 # 233 # The offset & size fields are filled in by build.c. 234 # 235 .asciz ".compat" 236 .long 0 237 .long 0x0 238 .long 0 # Size of initialized data 239 # on disk 240 .long 0x0 241 .long 0 # PointerToRelocations 242 .long 0 # PointerToLineNumbers 243 .word 0 # NumberOfRelocations 244 .word 0 # NumberOfLineNumbers 245 .long IMAGE_SCN_CNT_INITIALIZED_DATA | \ 246 IMAGE_SCN_MEM_READ | \ 247 IMAGE_SCN_MEM_DISCARDABLE | \ 248 IMAGE_SCN_ALIGN_1BYTES # Characteristics 249#endif 250 251 # 252 # The offset & size fields are filled in by build.c. 253 # 254 .ascii ".text" 255 .byte 0 256 .byte 0 257 .byte 0 258 .long 0 259 .long 0x0 # startup_{32,64} 260 .long 0 # Size of initialized data 261 # on disk 262 .long 0x0 # startup_{32,64} 263 .long 0 # PointerToRelocations 264 .long 0 # PointerToLineNumbers 265 .word 0 # NumberOfRelocations 266 .word 0 # NumberOfLineNumbers 267 .long IMAGE_SCN_CNT_CODE | \ 268 IMAGE_SCN_MEM_READ | \ 269 IMAGE_SCN_MEM_EXECUTE | \ 270 IMAGE_SCN_ALIGN_16BYTES # Characteristics 271 272 .set section_count, (. - section_table) / 40 273#endif /* CONFIG_EFI_STUB */ 274 275 # Kernel attributes; used by setup. This is part 1 of the 276 # header, from the old boot sector. 277 278 .section ".header", "a" 279 .globl sentinel 280sentinel: .byte 0xff, 0xff /* Used to detect broken loaders */ 281 282 .globl hdr 283hdr: 284setup_sects: .byte 0 /* Filled in by build.c */ 285root_flags: .word ROOT_RDONLY 286syssize: .long 0 /* Filled in by build.c */ 287ram_size: .word 0 /* Obsolete */ 288vid_mode: .word SVGA_MODE 289root_dev: .word 0 /* Filled in by build.c */ 290boot_flag: .word 0xAA55 291 292 # offset 512, entry point 293 294 .globl _start 295_start: 296 # Explicitly enter this as bytes, or the assembler 297 # tries to generate a 3-byte jump here, which causes 298 # everything else to push off to the wrong offset. 299 .byte 0xeb # short (2-byte) jump 300 .byte start_of_setup-1f 3011: 302 303 # Part 2 of the header, from the old setup.S 304 305 .ascii "HdrS" # header signature 306 .word 0x020f # header version number (>= 0x0105) 307 # or else old loadlin-1.5 will fail) 308 .globl realmode_swtch 309realmode_swtch: .word 0, 0 # default_switch, SETUPSEG 310start_sys_seg: .word SYSSEG # obsolete and meaningless, but just 311 # in case something decided to "use" it 312 .word kernel_version-512 # pointing to kernel version string 313 # above section of header is compatible 314 # with loadlin-1.5 (header v1.5). Don't 315 # change it. 316 317type_of_loader: .byte 0 # 0 means ancient bootloader, newer 318 # bootloaders know to change this. 319 # See Documentation/x86/boot.rst for 320 # assigned ids 321 322# flags, unused bits must be zero (RFU) bit within loadflags 323loadflags: 324 .byte LOADED_HIGH # The kernel is to be loaded high 325 326setup_move_size: .word 0x8000 # size to move, when setup is not 327 # loaded at 0x90000. We will move setup 328 # to 0x90000 then just before jumping 329 # into the kernel. However, only the 330 # loader knows how much data behind 331 # us also needs to be loaded. 332 333code32_start: # here loaders can put a different 334 # start address for 32-bit code. 335 .long 0x100000 # 0x100000 = default for big kernel 336 337ramdisk_image: .long 0 # address of loaded ramdisk image 338 # Here the loader puts the 32-bit 339 # address where it loaded the image. 340 # This only will be read by the kernel. 341 342ramdisk_size: .long 0 # its size in bytes 343 344bootsect_kludge: 345 .long 0 # obsolete 346 347heap_end_ptr: .word _end+STACK_SIZE-512 348 # (Header version 0x0201 or later) 349 # space from here (exclusive) down to 350 # end of setup code can be used by setup 351 # for local heap purposes. 352 353ext_loader_ver: 354 .byte 0 # Extended boot loader version 355ext_loader_type: 356 .byte 0 # Extended boot loader type 357 358cmd_line_ptr: .long 0 # (Header version 0x0202 or later) 359 # If nonzero, a 32-bit pointer 360 # to the kernel command line. 361 # The command line should be 362 # located between the start of 363 # setup and the end of low 364 # memory (0xa0000), or it may 365 # get overwritten before it 366 # gets read. If this field is 367 # used, there is no longer 368 # anything magical about the 369 # 0x90000 segment; the setup 370 # can be located anywhere in 371 # low memory 0x10000 or higher. 372 373initrd_addr_max: .long 0x7fffffff 374 # (Header version 0x0203 or later) 375 # The highest safe address for 376 # the contents of an initrd 377 # The current kernel allows up to 4 GB, 378 # but leave it at 2 GB to avoid 379 # possible bootloader bugs. 380 381kernel_alignment: .long CONFIG_PHYSICAL_ALIGN #physical addr alignment 382 #required for protected mode 383 #kernel 384#ifdef CONFIG_RELOCATABLE 385relocatable_kernel: .byte 1 386#else 387relocatable_kernel: .byte 0 388#endif 389min_alignment: .byte MIN_KERNEL_ALIGN_LG2 # minimum alignment 390 391xloadflags: 392#ifdef CONFIG_X86_64 393# define XLF0 XLF_KERNEL_64 /* 64-bit kernel */ 394#else 395# define XLF0 0 396#endif 397 398#if defined(CONFIG_RELOCATABLE) && defined(CONFIG_X86_64) 399 /* kernel/boot_param/ramdisk could be loaded above 4g */ 400# define XLF1 XLF_CAN_BE_LOADED_ABOVE_4G 401#else 402# define XLF1 0 403#endif 404 405#ifdef CONFIG_EFI_STUB 406# ifdef CONFIG_EFI_MIXED 407# define XLF23 (XLF_EFI_HANDOVER_32|XLF_EFI_HANDOVER_64) 408# else 409# ifdef CONFIG_X86_64 410# define XLF23 XLF_EFI_HANDOVER_64 /* 64-bit EFI handover ok */ 411# else 412# define XLF23 XLF_EFI_HANDOVER_32 /* 32-bit EFI handover ok */ 413# endif 414# endif 415#else 416# define XLF23 0 417#endif 418 419#if defined(CONFIG_X86_64) && defined(CONFIG_EFI) && defined(CONFIG_KEXEC_CORE) 420# define XLF4 XLF_EFI_KEXEC 421#else 422# define XLF4 0 423#endif 424 425#ifdef CONFIG_X86_64 426#ifdef CONFIG_X86_5LEVEL 427#define XLF56 (XLF_5LEVEL|XLF_5LEVEL_ENABLED) 428#else 429#define XLF56 XLF_5LEVEL 430#endif 431#else 432#define XLF56 0 433#endif 434 435 .word XLF0 | XLF1 | XLF23 | XLF4 | XLF56 436 437cmdline_size: .long COMMAND_LINE_SIZE-1 #length of the command line, 438 #added with boot protocol 439 #version 2.06 440 441hardware_subarch: .long 0 # subarchitecture, added with 2.07 442 # default to 0 for normal x86 PC 443 444hardware_subarch_data: .quad 0 445 446payload_offset: .long ZO_input_data 447payload_length: .long ZO_z_input_len 448 449setup_data: .quad 0 # 64-bit physical pointer to 450 # single linked list of 451 # struct setup_data 452 453pref_address: .quad LOAD_PHYSICAL_ADDR # preferred load addr 454 455# 456# Getting to provably safe in-place decompression is hard. Worst case 457# behaviours need to be analyzed. Here let's take the decompression of 458# a gzip-compressed kernel as example, to illustrate it: 459# 460# The file layout of gzip compressed kernel is: 461# 462# magic[2] 463# method[1] 464# flags[1] 465# timestamp[4] 466# extraflags[1] 467# os[1] 468# compressed data blocks[N] 469# crc[4] orig_len[4] 470# 471# ... resulting in +18 bytes overhead of uncompressed data. 472# 473# (For more information, please refer to RFC 1951 and RFC 1952.) 474# 475# Files divided into blocks 476# 1 bit (last block flag) 477# 2 bits (block type) 478# 479# 1 block occurs every 32K -1 bytes or when there 50% compression 480# has been achieved. The smallest block type encoding is always used. 481# 482# stored: 483# 32 bits length in bytes. 484# 485# fixed: 486# magic fixed tree. 487# symbols. 488# 489# dynamic: 490# dynamic tree encoding. 491# symbols. 492# 493# 494# The buffer for decompression in place is the length of the uncompressed 495# data, plus a small amount extra to keep the algorithm safe. The 496# compressed data is placed at the end of the buffer. The output pointer 497# is placed at the start of the buffer and the input pointer is placed 498# where the compressed data starts. Problems will occur when the output 499# pointer overruns the input pointer. 500# 501# The output pointer can only overrun the input pointer if the input 502# pointer is moving faster than the output pointer. A condition only 503# triggered by data whose compressed form is larger than the uncompressed 504# form. 505# 506# The worst case at the block level is a growth of the compressed data 507# of 5 bytes per 32767 bytes. 508# 509# The worst case internal to a compressed block is very hard to figure. 510# The worst case can at least be bounded by having one bit that represents 511# 32764 bytes and then all of the rest of the bytes representing the very 512# very last byte. 513# 514# All of which is enough to compute an amount of extra data that is required 515# to be safe. To avoid problems at the block level allocating 5 extra bytes 516# per 32767 bytes of data is sufficient. To avoid problems internal to a 517# block adding an extra 32767 bytes (the worst case uncompressed block size) 518# is sufficient, to ensure that in the worst case the decompressed data for 519# block will stop the byte before the compressed data for a block begins. 520# To avoid problems with the compressed data's meta information an extra 18 521# bytes are needed. Leading to the formula: 522# 523# extra_bytes = (uncompressed_size >> 12) + 32768 + 18 524# 525# Adding 8 bytes per 32K is a bit excessive but much easier to calculate. 526# Adding 32768 instead of 32767 just makes for round numbers. 527# 528# Above analysis is for decompressing gzip compressed kernel only. Up to 529# now 6 different decompressor are supported all together. And among them 530# xz stores data in chunks and has maximum chunk of 64K. Hence safety 531# margin should be updated to cover all decompressors so that we don't 532# need to deal with each of them separately. Please check 533# the description in lib/decompressor_xxx.c for specific information. 534# 535# extra_bytes = (uncompressed_size >> 12) + 65536 + 128 536# 537# LZ4 is even worse: data that cannot be further compressed grows by 0.4%, 538# or one byte per 256 bytes. OTOH, we can safely get rid of the +128 as 539# the size-dependent part now grows so fast. 540# 541# extra_bytes = (uncompressed_size >> 8) + 65536 542# 543# ZSTD compressed data grows by at most 3 bytes per 128K, and only has a 22 544# byte fixed overhead but has a maximum block size of 128K, so it needs a 545# larger margin. 546# 547# extra_bytes = (uncompressed_size >> 8) + 131072 548 549#define ZO_z_extra_bytes ((ZO_z_output_len >> 8) + 131072) 550#if ZO_z_output_len > ZO_z_input_len 551# define ZO_z_extract_offset (ZO_z_output_len + ZO_z_extra_bytes - \ 552 ZO_z_input_len) 553#else 554# define ZO_z_extract_offset ZO_z_extra_bytes 555#endif 556 557/* 558 * The extract_offset has to be bigger than ZO head section. Otherwise when 559 * the head code is running to move ZO to the end of the buffer, it will 560 * overwrite the head code itself. 561 */ 562#if (ZO__ehead - ZO_startup_32) > ZO_z_extract_offset 563# define ZO_z_min_extract_offset ((ZO__ehead - ZO_startup_32 + 4095) & ~4095) 564#else 565# define ZO_z_min_extract_offset ((ZO_z_extract_offset + 4095) & ~4095) 566#endif 567 568#define ZO_INIT_SIZE (ZO__end - ZO_startup_32 + ZO_z_min_extract_offset) 569 570#define VO_INIT_SIZE (VO__end - VO__text) 571#if ZO_INIT_SIZE > VO_INIT_SIZE 572# define INIT_SIZE ZO_INIT_SIZE 573#else 574# define INIT_SIZE VO_INIT_SIZE 575#endif 576 577init_size: .long INIT_SIZE # kernel initialization size 578handover_offset: .long 0 # Filled in by build.c 579kernel_info_offset: .long 0 # Filled in by build.c 580 581# End of setup header ##################################################### 582 583 .section ".entrytext", "ax" 584start_of_setup: 585# Force %es = %ds 586 movw %ds, %ax 587 movw %ax, %es 588 cld 589 590# Apparently some ancient versions of LILO invoked the kernel with %ss != %ds, 591# which happened to work by accident for the old code. Recalculate the stack 592# pointer if %ss is invalid. Otherwise leave it alone, LOADLIN sets up the 593# stack behind its own code, so we can't blindly put it directly past the heap. 594 595 movw %ss, %dx 596 cmpw %ax, %dx # %ds == %ss? 597 movw %sp, %dx 598 je 2f # -> assume %sp is reasonably set 599 600 # Invalid %ss, make up a new stack 601 movw $_end, %dx 602 testb $CAN_USE_HEAP, loadflags 603 jz 1f 604 movw heap_end_ptr, %dx 6051: addw $STACK_SIZE, %dx 606 jnc 2f 607 xorw %dx, %dx # Prevent wraparound 608 6092: # Now %dx should point to the end of our stack space 610 andw $~3, %dx # dword align (might as well...) 611 jnz 3f 612 movw $0xfffc, %dx # Make sure we're not zero 6133: movw %ax, %ss 614 movzwl %dx, %esp # Clear upper half of %esp 615 sti # Now we should have a working stack 616 617# We will have entered with %cs = %ds+0x20, normalize %cs so 618# it is on par with the other segments. 619 pushw %ds 620 pushw $6f 621 lretw 6226: 623 624# Check signature at end of setup 625 cmpl $0x5a5aaa55, setup_sig 626 jne setup_bad 627 628# Zero the bss 629 movw $__bss_start, %di 630 movw $_end+3, %cx 631 xorl %eax, %eax 632 subw %di, %cx 633 shrw $2, %cx 634 rep; stosl 635 636# Jump to C code (should not return) 637 calll main 638 639# Setup corrupt somehow... 640setup_bad: 641 movl $setup_corrupt, %eax 642 calll puts 643 # Fall through... 644 645 .globl die 646 .type die, @function 647die: 648 hlt 649 jmp die 650 651 .size die, .-die 652 653 .section ".initdata", "a" 654setup_corrupt: 655 .byte 7 656 .string "No setup signature found...\n" 657