xref: /linux/arch/x86/boot/header.S (revision 616500232e632dba8b03981eeccadacf2fbf1c30) 
1/* SPDX-License-Identifier: GPL-2.0 */
2/*
3 *	header.S
4 *
5 *	Copyright (C) 1991, 1992 Linus Torvalds
6 *
7 *	Based on bootsect.S and setup.S
8 *	modified by more people than can be counted
9 *
10 *	Rewritten as a common file by H. Peter Anvin (Apr 2007)
11 *
12 * BIG FAT NOTE: We're in real mode using 64k segments.  Therefore segment
13 * addresses must be multiplied by 16 to obtain their respective linear
14 * addresses. To avoid confusion, linear addresses are written using leading
15 * hex while segment addresses are written as segment:offset.
16 *
17 */
18#include <linux/pe.h>
19#include <asm/segment.h>
20#include <asm/boot.h>
21#include <asm/page_types.h>
22#include <asm/setup.h>
23#include <asm/bootparam.h>
24#include "boot.h"
25#include "voffset.h"
26#include "zoffset.h"
27
28BOOTSEG		= 0x07C0		/* original address of boot-sector */
29SYSSEG		= 0x1000		/* historical load address >> 4 */
30
31#ifndef SVGA_MODE
32#define SVGA_MODE ASK_VGA
33#endif
34
35#ifndef ROOT_RDONLY
36#define ROOT_RDONLY 1
37#endif
38
39	.code16
40	.section ".bstext", "ax"
41
42	.global bootsect_start
43bootsect_start:
44#ifdef CONFIG_EFI_STUB
45	# "MZ", MS-DOS header
46	.word	MZ_MAGIC
47#endif
48
49	# Normalize the start address
50	ljmp	$BOOTSEG, $start2
51
52start2:
53	movw	%cs, %ax
54	movw	%ax, %ds
55	movw	%ax, %es
56	movw	%ax, %ss
57	xorw	%sp, %sp
58	sti
59	cld
60
61	movw	$bugger_off_msg, %si
62
63msg_loop:
64	lodsb
65	andb	%al, %al
66	jz	bs_die
67	movb	$0xe, %ah
68	movw	$7, %bx
69	int	$0x10
70	jmp	msg_loop
71
72bs_die:
73	# Allow the user to press a key, then reboot
74	xorw	%ax, %ax
75	int	$0x16
76	int	$0x19
77
78	# int 0x19 should never return.  In case it does anyway,
79	# invoke the BIOS reset code...
80	ljmp	$0xf000,$0xfff0
81
82#ifdef CONFIG_EFI_STUB
83	.org	0x38
84	#
85	# Offset to the PE header.
86	#
87	.long	LINUX_PE_MAGIC
88	.long	pe_header
89#endif /* CONFIG_EFI_STUB */
90
91	.section ".bsdata", "a"
92bugger_off_msg:
93	.ascii	"Use a boot loader.\r\n"
94	.ascii	"\n"
95	.ascii	"Remove disk and press any key to reboot...\r\n"
96	.byte	0
97
98#ifdef CONFIG_EFI_STUB
99pe_header:
100	.long	PE_MAGIC
101
102coff_header:
103#ifdef CONFIG_X86_32
104	.set	image_file_add_flags, IMAGE_FILE_32BIT_MACHINE
105	.set	pe_opt_magic, PE_OPT_MAGIC_PE32
106	.word	IMAGE_FILE_MACHINE_I386
107#else
108	.set	image_file_add_flags, 0
109	.set	pe_opt_magic, PE_OPT_MAGIC_PE32PLUS
110	.word	IMAGE_FILE_MACHINE_AMD64
111#endif
112	.word	section_count			# nr_sections
113	.long	0 				# TimeDateStamp
114	.long	0				# PointerToSymbolTable
115	.long	1				# NumberOfSymbols
116	.word	section_table - optional_header	# SizeOfOptionalHeader
117	.word	IMAGE_FILE_EXECUTABLE_IMAGE	| \
118		image_file_add_flags		| \
119		IMAGE_FILE_DEBUG_STRIPPED	| \
120		IMAGE_FILE_LINE_NUMS_STRIPPED	# Characteristics
121
122optional_header:
123	.word	pe_opt_magic
124	.byte	0x02				# MajorLinkerVersion
125	.byte	0x14				# MinorLinkerVersion
126
127	# Filled in by build.c
128	.long	0				# SizeOfCode
129
130	.long	0				# SizeOfInitializedData
131	.long	0				# SizeOfUninitializedData
132
133	# Filled in by build.c
134	.long	0x0000				# AddressOfEntryPoint
135
136	.long	0x0200				# BaseOfCode
137#ifdef CONFIG_X86_32
138	.long	0				# data
139#endif
140
141extra_header_fields:
142	# PE specification requires ImageBase to be 64k aligned
143	.set	image_base, (LOAD_PHYSICAL_ADDR + 0xffff) & ~0xffff
144#ifdef CONFIG_X86_32
145	.long	image_base			# ImageBase
146#else
147	.quad	image_base			# ImageBase
148#endif
149	.long	0x20				# SectionAlignment
150	.long	0x20				# FileAlignment
151	.word	0				# MajorOperatingSystemVersion
152	.word	0				# MinorOperatingSystemVersion
153	.word	LINUX_EFISTUB_MAJOR_VERSION	# MajorImageVersion
154	.word	LINUX_EFISTUB_MINOR_VERSION	# MinorImageVersion
155	.word	0				# MajorSubsystemVersion
156	.word	0				# MinorSubsystemVersion
157	.long	0				# Win32VersionValue
158
159	#
160	# The size of the bzImage is written in tools/build.c
161	#
162	.long	0				# SizeOfImage
163
164	.long	0x200				# SizeOfHeaders
165	.long	0				# CheckSum
166	.word	IMAGE_SUBSYSTEM_EFI_APPLICATION	# Subsystem (EFI application)
167#ifdef CONFIG_EFI_DXE_MEM_ATTRIBUTES
168	.word	IMAGE_DLL_CHARACTERISTICS_NX_COMPAT	# DllCharacteristics
169#else
170	.word	0				# DllCharacteristics
171#endif
172#ifdef CONFIG_X86_32
173	.long	0				# SizeOfStackReserve
174	.long	0				# SizeOfStackCommit
175	.long	0				# SizeOfHeapReserve
176	.long	0				# SizeOfHeapCommit
177#else
178	.quad	0				# SizeOfStackReserve
179	.quad	0				# SizeOfStackCommit
180	.quad	0				# SizeOfHeapReserve
181	.quad	0				# SizeOfHeapCommit
182#endif
183	.long	0				# LoaderFlags
184	.long	(section_table - .) / 8		# NumberOfRvaAndSizes
185
186	.quad	0				# ExportTable
187	.quad	0				# ImportTable
188	.quad	0				# ResourceTable
189	.quad	0				# ExceptionTable
190	.quad	0				# CertificationTable
191	.quad	0				# BaseRelocationTable
192
193	# Section table
194section_table:
195	#
196	# The offset & size fields are filled in by build.c.
197	#
198	.ascii	".setup"
199	.byte	0
200	.byte	0
201	.long	0
202	.long	0x0				# startup_{32,64}
203	.long	0				# Size of initialized data
204						# on disk
205	.long	0x0				# startup_{32,64}
206	.long	0				# PointerToRelocations
207	.long	0				# PointerToLineNumbers
208	.word	0				# NumberOfRelocations
209	.word	0				# NumberOfLineNumbers
210	.long	IMAGE_SCN_CNT_CODE		| \
211		IMAGE_SCN_MEM_READ		| \
212		IMAGE_SCN_MEM_EXECUTE		| \
213		IMAGE_SCN_ALIGN_16BYTES		# Characteristics
214
215	#
216	# The EFI application loader requires a relocation section
217	# because EFI applications must be relocatable. The .reloc
218	# offset & size fields are filled in by build.c.
219	#
220	.ascii	".reloc"
221	.byte	0
222	.byte	0
223	.long	0
224	.long	0
225	.long	0				# SizeOfRawData
226	.long	0				# PointerToRawData
227	.long	0				# PointerToRelocations
228	.long	0				# PointerToLineNumbers
229	.word	0				# NumberOfRelocations
230	.word	0				# NumberOfLineNumbers
231	.long	IMAGE_SCN_CNT_INITIALIZED_DATA	| \
232		IMAGE_SCN_MEM_READ		| \
233		IMAGE_SCN_MEM_DISCARDABLE	| \
234		IMAGE_SCN_ALIGN_1BYTES		# Characteristics
235
236#ifdef CONFIG_EFI_MIXED
237	#
238	# The offset & size fields are filled in by build.c.
239	#
240	.asciz	".compat"
241	.long	0
242	.long	0x0
243	.long	0				# Size of initialized data
244						# on disk
245	.long	0x0
246	.long	0				# PointerToRelocations
247	.long	0				# PointerToLineNumbers
248	.word	0				# NumberOfRelocations
249	.word	0				# NumberOfLineNumbers
250	.long	IMAGE_SCN_CNT_INITIALIZED_DATA	| \
251		IMAGE_SCN_MEM_READ		| \
252		IMAGE_SCN_MEM_DISCARDABLE	| \
253		IMAGE_SCN_ALIGN_1BYTES		# Characteristics
254#endif
255
256	#
257	# The offset & size fields are filled in by build.c.
258	#
259	.ascii	".text"
260	.byte	0
261	.byte	0
262	.byte	0
263	.long	0
264	.long	0x0				# startup_{32,64}
265	.long	0				# Size of initialized data
266						# on disk
267	.long	0x0				# startup_{32,64}
268	.long	0				# PointerToRelocations
269	.long	0				# PointerToLineNumbers
270	.word	0				# NumberOfRelocations
271	.word	0				# NumberOfLineNumbers
272	.long	IMAGE_SCN_CNT_CODE		| \
273		IMAGE_SCN_MEM_READ		| \
274		IMAGE_SCN_MEM_EXECUTE		| \
275		IMAGE_SCN_ALIGN_16BYTES		# Characteristics
276
277	.set	section_count, (. - section_table) / 40
278#endif /* CONFIG_EFI_STUB */
279
280	# Kernel attributes; used by setup.  This is part 1 of the
281	# header, from the old boot sector.
282
283	.section ".header", "a"
284	.globl	sentinel
285sentinel:	.byte 0xff, 0xff        /* Used to detect broken loaders */
286
287	.globl	hdr
288hdr:
289setup_sects:	.byte 0			/* Filled in by build.c */
290root_flags:	.word ROOT_RDONLY
291syssize:	.long 0			/* Filled in by build.c */
292ram_size:	.word 0			/* Obsolete */
293vid_mode:	.word SVGA_MODE
294root_dev:	.word 0			/* Filled in by build.c */
295boot_flag:	.word 0xAA55
296
297	# offset 512, entry point
298
299	.globl	_start
300_start:
301		# Explicitly enter this as bytes, or the assembler
302		# tries to generate a 3-byte jump here, which causes
303		# everything else to push off to the wrong offset.
304		.byte	0xeb		# short (2-byte) jump
305		.byte	start_of_setup-1f
3061:
307
308	# Part 2 of the header, from the old setup.S
309
310		.ascii	"HdrS"		# header signature
311		.word	0x020f		# header version number (>= 0x0105)
312					# or else old loadlin-1.5 will fail)
313		.globl realmode_swtch
314realmode_swtch:	.word	0, 0		# default_switch, SETUPSEG
315start_sys_seg:	.word	SYSSEG		# obsolete and meaningless, but just
316					# in case something decided to "use" it
317		.word	kernel_version-512 # pointing to kernel version string
318					# above section of header is compatible
319					# with loadlin-1.5 (header v1.5). Don't
320					# change it.
321
322type_of_loader:	.byte	0		# 0 means ancient bootloader, newer
323					# bootloaders know to change this.
324					# See Documentation/arch/x86/boot.rst for
325					# assigned ids
326
327# flags, unused bits must be zero (RFU) bit within loadflags
328loadflags:
329		.byte	LOADED_HIGH	# The kernel is to be loaded high
330
331setup_move_size: .word  0x8000		# size to move, when setup is not
332					# loaded at 0x90000. We will move setup
333					# to 0x90000 then just before jumping
334					# into the kernel. However, only the
335					# loader knows how much data behind
336					# us also needs to be loaded.
337
338code32_start:				# here loaders can put a different
339					# start address for 32-bit code.
340		.long	0x100000	# 0x100000 = default for big kernel
341
342ramdisk_image:	.long	0		# address of loaded ramdisk image
343					# Here the loader puts the 32-bit
344					# address where it loaded the image.
345					# This only will be read by the kernel.
346
347ramdisk_size:	.long	0		# its size in bytes
348
349bootsect_kludge:
350		.long	0		# obsolete
351
352heap_end_ptr:	.word	_end+STACK_SIZE-512
353					# (Header version 0x0201 or later)
354					# space from here (exclusive) down to
355					# end of setup code can be used by setup
356					# for local heap purposes.
357
358ext_loader_ver:
359		.byte	0		# Extended boot loader version
360ext_loader_type:
361		.byte	0		# Extended boot loader type
362
363cmd_line_ptr:	.long	0		# (Header version 0x0202 or later)
364					# If nonzero, a 32-bit pointer
365					# to the kernel command line.
366					# The command line should be
367					# located between the start of
368					# setup and the end of low
369					# memory (0xa0000), or it may
370					# get overwritten before it
371					# gets read.  If this field is
372					# used, there is no longer
373					# anything magical about the
374					# 0x90000 segment; the setup
375					# can be located anywhere in
376					# low memory 0x10000 or higher.
377
378initrd_addr_max: .long 0x7fffffff
379					# (Header version 0x0203 or later)
380					# The highest safe address for
381					# the contents of an initrd
382					# The current kernel allows up to 4 GB,
383					# but leave it at 2 GB to avoid
384					# possible bootloader bugs.
385
386kernel_alignment:  .long CONFIG_PHYSICAL_ALIGN	#physical addr alignment
387						#required for protected mode
388						#kernel
389#ifdef CONFIG_RELOCATABLE
390relocatable_kernel:    .byte 1
391#else
392relocatable_kernel:    .byte 0
393#endif
394min_alignment:		.byte MIN_KERNEL_ALIGN_LG2	# minimum alignment
395
396xloadflags:
397#ifdef CONFIG_X86_64
398# define XLF0 XLF_KERNEL_64			/* 64-bit kernel */
399#else
400# define XLF0 0
401#endif
402
403#if defined(CONFIG_RELOCATABLE) && defined(CONFIG_X86_64)
404   /* kernel/boot_param/ramdisk could be loaded above 4g */
405# define XLF1 XLF_CAN_BE_LOADED_ABOVE_4G
406#else
407# define XLF1 0
408#endif
409
410#ifdef CONFIG_EFI_HANDOVER_PROTOCOL
411# ifdef CONFIG_EFI_MIXED
412#  define XLF23 (XLF_EFI_HANDOVER_32|XLF_EFI_HANDOVER_64)
413# else
414#  ifdef CONFIG_X86_64
415#   define XLF23 XLF_EFI_HANDOVER_64		/* 64-bit EFI handover ok */
416#  else
417#   define XLF23 XLF_EFI_HANDOVER_32		/* 32-bit EFI handover ok */
418#  endif
419# endif
420#else
421# define XLF23 0
422#endif
423
424#if defined(CONFIG_X86_64) && defined(CONFIG_EFI) && defined(CONFIG_KEXEC_CORE)
425# define XLF4 XLF_EFI_KEXEC
426#else
427# define XLF4 0
428#endif
429
430#ifdef CONFIG_X86_64
431#ifdef CONFIG_X86_5LEVEL
432#define XLF56 (XLF_5LEVEL|XLF_5LEVEL_ENABLED)
433#else
434#define XLF56 XLF_5LEVEL
435#endif
436#else
437#define XLF56 0
438#endif
439
440			.word XLF0 | XLF1 | XLF23 | XLF4 | XLF56
441
442cmdline_size:   .long   COMMAND_LINE_SIZE-1     #length of the command line,
443                                                #added with boot protocol
444                                                #version 2.06
445
446hardware_subarch:	.long 0			# subarchitecture, added with 2.07
447						# default to 0 for normal x86 PC
448
449hardware_subarch_data:	.quad 0
450
451payload_offset:		.long ZO_input_data
452payload_length:		.long ZO_z_input_len
453
454setup_data:		.quad 0			# 64-bit physical pointer to
455						# single linked list of
456						# struct setup_data
457
458pref_address:		.quad LOAD_PHYSICAL_ADDR	# preferred load addr
459
460#
461# Getting to provably safe in-place decompression is hard. Worst case
462# behaviours need to be analyzed. Here let's take the decompression of
463# a gzip-compressed kernel as example, to illustrate it:
464#
465# The file layout of gzip compressed kernel is:
466#
467#    magic[2]
468#    method[1]
469#    flags[1]
470#    timestamp[4]
471#    extraflags[1]
472#    os[1]
473#    compressed data blocks[N]
474#    crc[4] orig_len[4]
475#
476# ... resulting in +18 bytes overhead of uncompressed data.
477#
478# (For more information, please refer to RFC 1951 and RFC 1952.)
479#
480# Files divided into blocks
481# 1 bit (last block flag)
482# 2 bits (block type)
483#
484# 1 block occurs every 32K -1 bytes or when there 50% compression
485# has been achieved. The smallest block type encoding is always used.
486#
487# stored:
488#    32 bits length in bytes.
489#
490# fixed:
491#    magic fixed tree.
492#    symbols.
493#
494# dynamic:
495#    dynamic tree encoding.
496#    symbols.
497#
498#
499# The buffer for decompression in place is the length of the uncompressed
500# data, plus a small amount extra to keep the algorithm safe. The
501# compressed data is placed at the end of the buffer.  The output pointer
502# is placed at the start of the buffer and the input pointer is placed
503# where the compressed data starts. Problems will occur when the output
504# pointer overruns the input pointer.
505#
506# The output pointer can only overrun the input pointer if the input
507# pointer is moving faster than the output pointer.  A condition only
508# triggered by data whose compressed form is larger than the uncompressed
509# form.
510#
511# The worst case at the block level is a growth of the compressed data
512# of 5 bytes per 32767 bytes.
513#
514# The worst case internal to a compressed block is very hard to figure.
515# The worst case can at least be bounded by having one bit that represents
516# 32764 bytes and then all of the rest of the bytes representing the very
517# very last byte.
518#
519# All of which is enough to compute an amount of extra data that is required
520# to be safe.  To avoid problems at the block level allocating 5 extra bytes
521# per 32767 bytes of data is sufficient.  To avoid problems internal to a
522# block adding an extra 32767 bytes (the worst case uncompressed block size)
523# is sufficient, to ensure that in the worst case the decompressed data for
524# block will stop the byte before the compressed data for a block begins.
525# To avoid problems with the compressed data's meta information an extra 18
526# bytes are needed.  Leading to the formula:
527#
528# extra_bytes = (uncompressed_size >> 12) + 32768 + 18
529#
530# Adding 8 bytes per 32K is a bit excessive but much easier to calculate.
531# Adding 32768 instead of 32767 just makes for round numbers.
532#
533# Above analysis is for decompressing gzip compressed kernel only. Up to
534# now 6 different decompressor are supported all together. And among them
535# xz stores data in chunks and has maximum chunk of 64K. Hence safety
536# margin should be updated to cover all decompressors so that we don't
537# need to deal with each of them separately. Please check
538# the description in lib/decompressor_xxx.c for specific information.
539#
540# extra_bytes = (uncompressed_size >> 12) + 65536 + 128
541#
542# LZ4 is even worse: data that cannot be further compressed grows by 0.4%,
543# or one byte per 256 bytes. OTOH, we can safely get rid of the +128 as
544# the size-dependent part now grows so fast.
545#
546# extra_bytes = (uncompressed_size >> 8) + 65536
547#
548# ZSTD compressed data grows by at most 3 bytes per 128K, and only has a 22
549# byte fixed overhead but has a maximum block size of 128K, so it needs a
550# larger margin.
551#
552# extra_bytes = (uncompressed_size >> 8) + 131072
553
554#define ZO_z_extra_bytes	((ZO_z_output_len >> 8) + 131072)
555#if ZO_z_output_len > ZO_z_input_len
556# define ZO_z_extract_offset	(ZO_z_output_len + ZO_z_extra_bytes - \
557				 ZO_z_input_len)
558#else
559# define ZO_z_extract_offset	ZO_z_extra_bytes
560#endif
561
562/*
563 * The extract_offset has to be bigger than ZO head section. Otherwise when
564 * the head code is running to move ZO to the end of the buffer, it will
565 * overwrite the head code itself.
566 */
567#if (ZO__ehead - ZO_startup_32) > ZO_z_extract_offset
568# define ZO_z_min_extract_offset ((ZO__ehead - ZO_startup_32 + 4095) & ~4095)
569#else
570# define ZO_z_min_extract_offset ((ZO_z_extract_offset + 4095) & ~4095)
571#endif
572
573#define ZO_INIT_SIZE	(ZO__end - ZO_startup_32 + ZO_z_min_extract_offset)
574
575#define VO_INIT_SIZE	(VO__end - VO__text)
576#if ZO_INIT_SIZE > VO_INIT_SIZE
577# define INIT_SIZE ZO_INIT_SIZE
578#else
579# define INIT_SIZE VO_INIT_SIZE
580#endif
581
582init_size:		.long INIT_SIZE		# kernel initialization size
583handover_offset:	.long 0			# Filled in by build.c
584kernel_info_offset:	.long 0			# Filled in by build.c
585
586# End of setup header #####################################################
587
588	.section ".entrytext", "ax"
589start_of_setup:
590# Force %es = %ds
591	movw	%ds, %ax
592	movw	%ax, %es
593	cld
594
595# Apparently some ancient versions of LILO invoked the kernel with %ss != %ds,
596# which happened to work by accident for the old code.  Recalculate the stack
597# pointer if %ss is invalid.  Otherwise leave it alone, LOADLIN sets up the
598# stack behind its own code, so we can't blindly put it directly past the heap.
599
600	movw	%ss, %dx
601	cmpw	%ax, %dx	# %ds == %ss?
602	movw	%sp, %dx
603	je	2f		# -> assume %sp is reasonably set
604
605	# Invalid %ss, make up a new stack
606	movw	$_end, %dx
607	testb	$CAN_USE_HEAP, loadflags
608	jz	1f
609	movw	heap_end_ptr, %dx
6101:	addw	$STACK_SIZE, %dx
611	jnc	2f
612	xorw	%dx, %dx	# Prevent wraparound
613
6142:	# Now %dx should point to the end of our stack space
615	andw	$~3, %dx	# dword align (might as well...)
616	jnz	3f
617	movw	$0xfffc, %dx	# Make sure we're not zero
6183:	movw	%ax, %ss
619	movzwl	%dx, %esp	# Clear upper half of %esp
620	sti			# Now we should have a working stack
621
622# We will have entered with %cs = %ds+0x20, normalize %cs so
623# it is on par with the other segments.
624	pushw	%ds
625	pushw	$6f
626	lretw
6276:
628
629# Check signature at end of setup
630	cmpl	$0x5a5aaa55, setup_sig
631	jne	setup_bad
632
633# Zero the bss
634	movw	$__bss_start, %di
635	movw	$_end+3, %cx
636	xorl	%eax, %eax
637	subw	%di, %cx
638	shrw	$2, %cx
639	rep; stosl
640
641# Jump to C code (should not return)
642	calll	main
643
644# Setup corrupt somehow...
645setup_bad:
646	movl	$setup_corrupt, %eax
647	calll	puts
648	# Fall through...
649
650	.globl	die
651	.type	die, @function
652die:
653	hlt
654	jmp	die
655
656	.size	die, .-die
657
658	.section ".initdata", "a"
659setup_corrupt:
660	.byte	7
661	.string	"No setup signature found...\n"
662