1/* SPDX-License-Identifier: GPL-2.0 */ 2/* 3 * header.S 4 * 5 * Copyright (C) 1991, 1992 Linus Torvalds 6 * 7 * Based on bootsect.S and setup.S 8 * modified by more people than can be counted 9 * 10 * Rewritten as a common file by H. Peter Anvin (Apr 2007) 11 * 12 * BIG FAT NOTE: We're in real mode using 64k segments. Therefore segment 13 * addresses must be multiplied by 16 to obtain their respective linear 14 * addresses. To avoid confusion, linear addresses are written using leading 15 * hex while segment addresses are written as segment:offset. 16 * 17 */ 18#include <linux/pe.h> 19#include <asm/segment.h> 20#include <asm/boot.h> 21#include <asm/page_types.h> 22#include <asm/setup.h> 23#include <asm/bootparam.h> 24#include "boot.h" 25#include "voffset.h" 26#include "zoffset.h" 27 28BOOTSEG = 0x07C0 /* original address of boot-sector */ 29SYSSEG = 0x1000 /* historical load address >> 4 */ 30 31#ifndef SVGA_MODE 32#define SVGA_MODE ASK_VGA 33#endif 34 35#ifndef ROOT_RDONLY 36#define ROOT_RDONLY 1 37#endif 38 39 .code16 40 .section ".bstext", "ax" 41 42 .global bootsect_start 43bootsect_start: 44#ifdef CONFIG_EFI_STUB 45 # "MZ", MS-DOS header 46 .word MZ_MAGIC 47#endif 48 49 # Normalize the start address 50 ljmp $BOOTSEG, $start2 51 52start2: 53 movw %cs, %ax 54 movw %ax, %ds 55 movw %ax, %es 56 movw %ax, %ss 57 xorw %sp, %sp 58 sti 59 cld 60 61 movw $bugger_off_msg, %si 62 63msg_loop: 64 lodsb 65 andb %al, %al 66 jz bs_die 67 movb $0xe, %ah 68 movw $7, %bx 69 int $0x10 70 jmp msg_loop 71 72bs_die: 73 # Allow the user to press a key, then reboot 74 xorw %ax, %ax 75 int $0x16 76 int $0x19 77 78 # int 0x19 should never return. In case it does anyway, 79 # invoke the BIOS reset code... 80 ljmp $0xf000,$0xfff0 81 82#ifdef CONFIG_EFI_STUB 83 .org 0x3c 84 # 85 # Offset to the PE header. 86 # 87 .long pe_header 88#endif /* CONFIG_EFI_STUB */ 89 90 .section ".bsdata", "a" 91bugger_off_msg: 92 .ascii "Use a boot loader.\r\n" 93 .ascii "\n" 94 .ascii "Remove disk and press any key to reboot...\r\n" 95 .byte 0 96 97#ifdef CONFIG_EFI_STUB 98pe_header: 99 .long PE_MAGIC 100 101coff_header: 102#ifdef CONFIG_X86_32 103 .set image_file_add_flags, IMAGE_FILE_32BIT_MACHINE 104 .set pe_opt_magic, PE_OPT_MAGIC_PE32 105 .word IMAGE_FILE_MACHINE_I386 106#else 107 .set image_file_add_flags, 0 108 .set pe_opt_magic, PE_OPT_MAGIC_PE32PLUS 109 .word IMAGE_FILE_MACHINE_AMD64 110#endif 111 .word section_count # nr_sections 112 .long 0 # TimeDateStamp 113 .long 0 # PointerToSymbolTable 114 .long 1 # NumberOfSymbols 115 .word section_table - optional_header # SizeOfOptionalHeader 116 .word IMAGE_FILE_EXECUTABLE_IMAGE | \ 117 image_file_add_flags | \ 118 IMAGE_FILE_DEBUG_STRIPPED | \ 119 IMAGE_FILE_LINE_NUMS_STRIPPED # Characteristics 120 121optional_header: 122 .word pe_opt_magic 123 .byte 0x02 # MajorLinkerVersion 124 .byte 0x14 # MinorLinkerVersion 125 126 # Filled in by build.c 127 .long 0 # SizeOfCode 128 129 .long 0 # SizeOfInitializedData 130 .long 0 # SizeOfUninitializedData 131 132 # Filled in by build.c 133 .long 0x0000 # AddressOfEntryPoint 134 135 .long 0x0200 # BaseOfCode 136#ifdef CONFIG_X86_32 137 .long 0 # data 138#endif 139 140extra_header_fields: 141 # PE specification requires ImageBase to be 64k aligned 142 .set image_base, (LOAD_PHYSICAL_ADDR + 0xffff) & ~0xffff 143#ifdef CONFIG_X86_32 144 .long image_base # ImageBase 145#else 146 .quad image_base # ImageBase 147#endif 148 .long 0x20 # SectionAlignment 149 .long 0x20 # FileAlignment 150 .word 0 # MajorOperatingSystemVersion 151 .word 0 # MinorOperatingSystemVersion 152 .word LINUX_EFISTUB_MAJOR_VERSION # MajorImageVersion 153 .word LINUX_EFISTUB_MINOR_VERSION # MinorImageVersion 154 .word 0 # MajorSubsystemVersion 155 .word 0 # MinorSubsystemVersion 156 .long 0 # Win32VersionValue 157 158 # 159 # The size of the bzImage is written in tools/build.c 160 # 161 .long 0 # SizeOfImage 162 163 .long 0x200 # SizeOfHeaders 164 .long 0 # CheckSum 165 .word IMAGE_SUBSYSTEM_EFI_APPLICATION # Subsystem (EFI application) 166#ifdef CONFIG_EFI_DXE_MEM_ATTRIBUTES 167 .word IMAGE_DLL_CHARACTERISTICS_NX_COMPAT # DllCharacteristics 168#else 169 .word 0 # DllCharacteristics 170#endif 171#ifdef CONFIG_X86_32 172 .long 0 # SizeOfStackReserve 173 .long 0 # SizeOfStackCommit 174 .long 0 # SizeOfHeapReserve 175 .long 0 # SizeOfHeapCommit 176#else 177 .quad 0 # SizeOfStackReserve 178 .quad 0 # SizeOfStackCommit 179 .quad 0 # SizeOfHeapReserve 180 .quad 0 # SizeOfHeapCommit 181#endif 182 .long 0 # LoaderFlags 183 .long (section_table - .) / 8 # NumberOfRvaAndSizes 184 185 .quad 0 # ExportTable 186 .quad 0 # ImportTable 187 .quad 0 # ResourceTable 188 .quad 0 # ExceptionTable 189 .quad 0 # CertificationTable 190 .quad 0 # BaseRelocationTable 191 192 # Section table 193section_table: 194 # 195 # The offset & size fields are filled in by build.c. 196 # 197 .ascii ".setup" 198 .byte 0 199 .byte 0 200 .long 0 201 .long 0x0 # startup_{32,64} 202 .long 0 # Size of initialized data 203 # on disk 204 .long 0x0 # startup_{32,64} 205 .long 0 # PointerToRelocations 206 .long 0 # PointerToLineNumbers 207 .word 0 # NumberOfRelocations 208 .word 0 # NumberOfLineNumbers 209 .long IMAGE_SCN_CNT_CODE | \ 210 IMAGE_SCN_MEM_READ | \ 211 IMAGE_SCN_MEM_EXECUTE | \ 212 IMAGE_SCN_ALIGN_16BYTES # Characteristics 213 214 # 215 # The EFI application loader requires a relocation section 216 # because EFI applications must be relocatable. The .reloc 217 # offset & size fields are filled in by build.c. 218 # 219 .ascii ".reloc" 220 .byte 0 221 .byte 0 222 .long 0 223 .long 0 224 .long 0 # SizeOfRawData 225 .long 0 # PointerToRawData 226 .long 0 # PointerToRelocations 227 .long 0 # PointerToLineNumbers 228 .word 0 # NumberOfRelocations 229 .word 0 # NumberOfLineNumbers 230 .long IMAGE_SCN_CNT_INITIALIZED_DATA | \ 231 IMAGE_SCN_MEM_READ | \ 232 IMAGE_SCN_MEM_DISCARDABLE | \ 233 IMAGE_SCN_ALIGN_1BYTES # Characteristics 234 235#ifdef CONFIG_EFI_MIXED 236 # 237 # The offset & size fields are filled in by build.c. 238 # 239 .asciz ".compat" 240 .long 0 241 .long 0x0 242 .long 0 # Size of initialized data 243 # on disk 244 .long 0x0 245 .long 0 # PointerToRelocations 246 .long 0 # PointerToLineNumbers 247 .word 0 # NumberOfRelocations 248 .word 0 # NumberOfLineNumbers 249 .long IMAGE_SCN_CNT_INITIALIZED_DATA | \ 250 IMAGE_SCN_MEM_READ | \ 251 IMAGE_SCN_MEM_DISCARDABLE | \ 252 IMAGE_SCN_ALIGN_1BYTES # Characteristics 253#endif 254 255 # 256 # The offset & size fields are filled in by build.c. 257 # 258 .ascii ".text" 259 .byte 0 260 .byte 0 261 .byte 0 262 .long 0 263 .long 0x0 # startup_{32,64} 264 .long 0 # Size of initialized data 265 # on disk 266 .long 0x0 # startup_{32,64} 267 .long 0 # PointerToRelocations 268 .long 0 # PointerToLineNumbers 269 .word 0 # NumberOfRelocations 270 .word 0 # NumberOfLineNumbers 271 .long IMAGE_SCN_CNT_CODE | \ 272 IMAGE_SCN_MEM_READ | \ 273 IMAGE_SCN_MEM_EXECUTE | \ 274 IMAGE_SCN_ALIGN_16BYTES # Characteristics 275 276 .set section_count, (. - section_table) / 40 277#endif /* CONFIG_EFI_STUB */ 278 279 # Kernel attributes; used by setup. This is part 1 of the 280 # header, from the old boot sector. 281 282 .section ".header", "a" 283 .globl sentinel 284sentinel: .byte 0xff, 0xff /* Used to detect broken loaders */ 285 286 .globl hdr 287hdr: 288setup_sects: .byte 0 /* Filled in by build.c */ 289root_flags: .word ROOT_RDONLY 290syssize: .long 0 /* Filled in by build.c */ 291ram_size: .word 0 /* Obsolete */ 292vid_mode: .word SVGA_MODE 293root_dev: .word 0 /* Filled in by build.c */ 294boot_flag: .word 0xAA55 295 296 # offset 512, entry point 297 298 .globl _start 299_start: 300 # Explicitly enter this as bytes, or the assembler 301 # tries to generate a 3-byte jump here, which causes 302 # everything else to push off to the wrong offset. 303 .byte 0xeb # short (2-byte) jump 304 .byte start_of_setup-1f 3051: 306 307 # Part 2 of the header, from the old setup.S 308 309 .ascii "HdrS" # header signature 310 .word 0x020f # header version number (>= 0x0105) 311 # or else old loadlin-1.5 will fail) 312 .globl realmode_swtch 313realmode_swtch: .word 0, 0 # default_switch, SETUPSEG 314start_sys_seg: .word SYSSEG # obsolete and meaningless, but just 315 # in case something decided to "use" it 316 .word kernel_version-512 # pointing to kernel version string 317 # above section of header is compatible 318 # with loadlin-1.5 (header v1.5). Don't 319 # change it. 320 321type_of_loader: .byte 0 # 0 means ancient bootloader, newer 322 # bootloaders know to change this. 323 # See Documentation/x86/boot.rst for 324 # assigned ids 325 326# flags, unused bits must be zero (RFU) bit within loadflags 327loadflags: 328 .byte LOADED_HIGH # The kernel is to be loaded high 329 330setup_move_size: .word 0x8000 # size to move, when setup is not 331 # loaded at 0x90000. We will move setup 332 # to 0x90000 then just before jumping 333 # into the kernel. However, only the 334 # loader knows how much data behind 335 # us also needs to be loaded. 336 337code32_start: # here loaders can put a different 338 # start address for 32-bit code. 339 .long 0x100000 # 0x100000 = default for big kernel 340 341ramdisk_image: .long 0 # address of loaded ramdisk image 342 # Here the loader puts the 32-bit 343 # address where it loaded the image. 344 # This only will be read by the kernel. 345 346ramdisk_size: .long 0 # its size in bytes 347 348bootsect_kludge: 349 .long 0 # obsolete 350 351heap_end_ptr: .word _end+STACK_SIZE-512 352 # (Header version 0x0201 or later) 353 # space from here (exclusive) down to 354 # end of setup code can be used by setup 355 # for local heap purposes. 356 357ext_loader_ver: 358 .byte 0 # Extended boot loader version 359ext_loader_type: 360 .byte 0 # Extended boot loader type 361 362cmd_line_ptr: .long 0 # (Header version 0x0202 or later) 363 # If nonzero, a 32-bit pointer 364 # to the kernel command line. 365 # The command line should be 366 # located between the start of 367 # setup and the end of low 368 # memory (0xa0000), or it may 369 # get overwritten before it 370 # gets read. If this field is 371 # used, there is no longer 372 # anything magical about the 373 # 0x90000 segment; the setup 374 # can be located anywhere in 375 # low memory 0x10000 or higher. 376 377initrd_addr_max: .long 0x7fffffff 378 # (Header version 0x0203 or later) 379 # The highest safe address for 380 # the contents of an initrd 381 # The current kernel allows up to 4 GB, 382 # but leave it at 2 GB to avoid 383 # possible bootloader bugs. 384 385kernel_alignment: .long CONFIG_PHYSICAL_ALIGN #physical addr alignment 386 #required for protected mode 387 #kernel 388#ifdef CONFIG_RELOCATABLE 389relocatable_kernel: .byte 1 390#else 391relocatable_kernel: .byte 0 392#endif 393min_alignment: .byte MIN_KERNEL_ALIGN_LG2 # minimum alignment 394 395xloadflags: 396#ifdef CONFIG_X86_64 397# define XLF0 XLF_KERNEL_64 /* 64-bit kernel */ 398#else 399# define XLF0 0 400#endif 401 402#if defined(CONFIG_RELOCATABLE) && defined(CONFIG_X86_64) 403 /* kernel/boot_param/ramdisk could be loaded above 4g */ 404# define XLF1 XLF_CAN_BE_LOADED_ABOVE_4G 405#else 406# define XLF1 0 407#endif 408 409#ifdef CONFIG_EFI_STUB 410# ifdef CONFIG_EFI_MIXED 411# define XLF23 (XLF_EFI_HANDOVER_32|XLF_EFI_HANDOVER_64) 412# else 413# ifdef CONFIG_X86_64 414# define XLF23 XLF_EFI_HANDOVER_64 /* 64-bit EFI handover ok */ 415# else 416# define XLF23 XLF_EFI_HANDOVER_32 /* 32-bit EFI handover ok */ 417# endif 418# endif 419#else 420# define XLF23 0 421#endif 422 423#if defined(CONFIG_X86_64) && defined(CONFIG_EFI) && defined(CONFIG_KEXEC_CORE) 424# define XLF4 XLF_EFI_KEXEC 425#else 426# define XLF4 0 427#endif 428 429#ifdef CONFIG_X86_64 430#ifdef CONFIG_X86_5LEVEL 431#define XLF56 (XLF_5LEVEL|XLF_5LEVEL_ENABLED) 432#else 433#define XLF56 XLF_5LEVEL 434#endif 435#else 436#define XLF56 0 437#endif 438 439 .word XLF0 | XLF1 | XLF23 | XLF4 | XLF56 440 441cmdline_size: .long COMMAND_LINE_SIZE-1 #length of the command line, 442 #added with boot protocol 443 #version 2.06 444 445hardware_subarch: .long 0 # subarchitecture, added with 2.07 446 # default to 0 for normal x86 PC 447 448hardware_subarch_data: .quad 0 449 450payload_offset: .long ZO_input_data 451payload_length: .long ZO_z_input_len 452 453setup_data: .quad 0 # 64-bit physical pointer to 454 # single linked list of 455 # struct setup_data 456 457pref_address: .quad LOAD_PHYSICAL_ADDR # preferred load addr 458 459# 460# Getting to provably safe in-place decompression is hard. Worst case 461# behaviours need to be analyzed. Here let's take the decompression of 462# a gzip-compressed kernel as example, to illustrate it: 463# 464# The file layout of gzip compressed kernel is: 465# 466# magic[2] 467# method[1] 468# flags[1] 469# timestamp[4] 470# extraflags[1] 471# os[1] 472# compressed data blocks[N] 473# crc[4] orig_len[4] 474# 475# ... resulting in +18 bytes overhead of uncompressed data. 476# 477# (For more information, please refer to RFC 1951 and RFC 1952.) 478# 479# Files divided into blocks 480# 1 bit (last block flag) 481# 2 bits (block type) 482# 483# 1 block occurs every 32K -1 bytes or when there 50% compression 484# has been achieved. The smallest block type encoding is always used. 485# 486# stored: 487# 32 bits length in bytes. 488# 489# fixed: 490# magic fixed tree. 491# symbols. 492# 493# dynamic: 494# dynamic tree encoding. 495# symbols. 496# 497# 498# The buffer for decompression in place is the length of the uncompressed 499# data, plus a small amount extra to keep the algorithm safe. The 500# compressed data is placed at the end of the buffer. The output pointer 501# is placed at the start of the buffer and the input pointer is placed 502# where the compressed data starts. Problems will occur when the output 503# pointer overruns the input pointer. 504# 505# The output pointer can only overrun the input pointer if the input 506# pointer is moving faster than the output pointer. A condition only 507# triggered by data whose compressed form is larger than the uncompressed 508# form. 509# 510# The worst case at the block level is a growth of the compressed data 511# of 5 bytes per 32767 bytes. 512# 513# The worst case internal to a compressed block is very hard to figure. 514# The worst case can at least be bounded by having one bit that represents 515# 32764 bytes and then all of the rest of the bytes representing the very 516# very last byte. 517# 518# All of which is enough to compute an amount of extra data that is required 519# to be safe. To avoid problems at the block level allocating 5 extra bytes 520# per 32767 bytes of data is sufficient. To avoid problems internal to a 521# block adding an extra 32767 bytes (the worst case uncompressed block size) 522# is sufficient, to ensure that in the worst case the decompressed data for 523# block will stop the byte before the compressed data for a block begins. 524# To avoid problems with the compressed data's meta information an extra 18 525# bytes are needed. Leading to the formula: 526# 527# extra_bytes = (uncompressed_size >> 12) + 32768 + 18 528# 529# Adding 8 bytes per 32K is a bit excessive but much easier to calculate. 530# Adding 32768 instead of 32767 just makes for round numbers. 531# 532# Above analysis is for decompressing gzip compressed kernel only. Up to 533# now 6 different decompressor are supported all together. And among them 534# xz stores data in chunks and has maximum chunk of 64K. Hence safety 535# margin should be updated to cover all decompressors so that we don't 536# need to deal with each of them separately. Please check 537# the description in lib/decompressor_xxx.c for specific information. 538# 539# extra_bytes = (uncompressed_size >> 12) + 65536 + 128 540# 541# LZ4 is even worse: data that cannot be further compressed grows by 0.4%, 542# or one byte per 256 bytes. OTOH, we can safely get rid of the +128 as 543# the size-dependent part now grows so fast. 544# 545# extra_bytes = (uncompressed_size >> 8) + 65536 546# 547# ZSTD compressed data grows by at most 3 bytes per 128K, and only has a 22 548# byte fixed overhead but has a maximum block size of 128K, so it needs a 549# larger margin. 550# 551# extra_bytes = (uncompressed_size >> 8) + 131072 552 553#define ZO_z_extra_bytes ((ZO_z_output_len >> 8) + 131072) 554#if ZO_z_output_len > ZO_z_input_len 555# define ZO_z_extract_offset (ZO_z_output_len + ZO_z_extra_bytes - \ 556 ZO_z_input_len) 557#else 558# define ZO_z_extract_offset ZO_z_extra_bytes 559#endif 560 561/* 562 * The extract_offset has to be bigger than ZO head section. Otherwise when 563 * the head code is running to move ZO to the end of the buffer, it will 564 * overwrite the head code itself. 565 */ 566#if (ZO__ehead - ZO_startup_32) > ZO_z_extract_offset 567# define ZO_z_min_extract_offset ((ZO__ehead - ZO_startup_32 + 4095) & ~4095) 568#else 569# define ZO_z_min_extract_offset ((ZO_z_extract_offset + 4095) & ~4095) 570#endif 571 572#define ZO_INIT_SIZE (ZO__end - ZO_startup_32 + ZO_z_min_extract_offset) 573 574#define VO_INIT_SIZE (VO__end - VO__text) 575#if ZO_INIT_SIZE > VO_INIT_SIZE 576# define INIT_SIZE ZO_INIT_SIZE 577#else 578# define INIT_SIZE VO_INIT_SIZE 579#endif 580 581init_size: .long INIT_SIZE # kernel initialization size 582handover_offset: .long 0 # Filled in by build.c 583kernel_info_offset: .long 0 # Filled in by build.c 584 585# End of setup header ##################################################### 586 587 .section ".entrytext", "ax" 588start_of_setup: 589# Force %es = %ds 590 movw %ds, %ax 591 movw %ax, %es 592 cld 593 594# Apparently some ancient versions of LILO invoked the kernel with %ss != %ds, 595# which happened to work by accident for the old code. Recalculate the stack 596# pointer if %ss is invalid. Otherwise leave it alone, LOADLIN sets up the 597# stack behind its own code, so we can't blindly put it directly past the heap. 598 599 movw %ss, %dx 600 cmpw %ax, %dx # %ds == %ss? 601 movw %sp, %dx 602 je 2f # -> assume %sp is reasonably set 603 604 # Invalid %ss, make up a new stack 605 movw $_end, %dx 606 testb $CAN_USE_HEAP, loadflags 607 jz 1f 608 movw heap_end_ptr, %dx 6091: addw $STACK_SIZE, %dx 610 jnc 2f 611 xorw %dx, %dx # Prevent wraparound 612 6132: # Now %dx should point to the end of our stack space 614 andw $~3, %dx # dword align (might as well...) 615 jnz 3f 616 movw $0xfffc, %dx # Make sure we're not zero 6173: movw %ax, %ss 618 movzwl %dx, %esp # Clear upper half of %esp 619 sti # Now we should have a working stack 620 621# We will have entered with %cs = %ds+0x20, normalize %cs so 622# it is on par with the other segments. 623 pushw %ds 624 pushw $6f 625 lretw 6266: 627 628# Check signature at end of setup 629 cmpl $0x5a5aaa55, setup_sig 630 jne setup_bad 631 632# Zero the bss 633 movw $__bss_start, %di 634 movw $_end+3, %cx 635 xorl %eax, %eax 636 subw %di, %cx 637 shrw $2, %cx 638 rep; stosl 639 640# Jump to C code (should not return) 641 calll main 642 643# Setup corrupt somehow... 644setup_bad: 645 movl $setup_corrupt, %eax 646 calll puts 647 # Fall through... 648 649 .globl die 650 .type die, @function 651die: 652 hlt 653 jmp die 654 655 .size die, .-die 656 657 .section ".initdata", "a" 658setup_corrupt: 659 .byte 7 660 .string "No setup signature found...\n" 661