#include #include #include #include #include #include #include #include #include #include #include #ifndef CONFIG_BIG_ENDIAN #define ntohl(x) ( ((x&0xff)<<24) | ((x&0xff00)<<8) | \ ((x&0xff0000) >> 8) | ((x&0xff000000) >> 24) ) #else #define ntohl(x) (x) #endif /* Maximum physical address we can use for the coreboot bounce buffer. */ #ifndef MAX_ADDR #define MAX_ADDR -1UL #endif extern unsigned char _ram_seg; extern unsigned char _eram_seg; struct segment { struct segment *next; struct segment *prev; struct segment *phdr_next; struct segment *phdr_prev; unsigned long s_dstaddr; unsigned long s_srcaddr; unsigned long s_memsz; unsigned long s_filesz; }; struct verify_callback { struct verify_callback *next; int (*callback)(struct verify_callback *vcb, Elf_ehdr *ehdr, Elf_phdr *phdr, struct segment *head); unsigned long desc_offset; unsigned long desc_addr; }; struct ip_checksum_vcb { struct verify_callback data; unsigned short ip_checksum; }; int romfs_self_decompress(int algo, void *src,struct segment *new) { u8 *dst; /* for uncompressed, it's easy: just point at the area in ROM */ if (algo == ROMFS_COMPRESS_NONE) { new->s_srcaddr = (u32) src; new->s_filesz = new->s_memsz; return 0; } /* for compression, let's keep it simple. We'll malloc the destination * area and decompress to there. The compression overhead far outweighs * any overhead for an extra copy. */ dst = malloc(new->s_memsz); if (! dst) return -1; switch(algo) { #ifdef CONFIG_COMPRESSION_LZMA case ROMFS_COMPRESS_LZMA: { unsigned long ulzma(unsigned char *src, unsigned char *dst); ulzma(src, dst); } #endif #ifdef CONFIG_COMPRESSION_NRV2B case ROMFS_COMPRESS_NRV2B: { unsigned long unrv2b(u8 *src, u8 *dst, unsigned long *ilen_p); unsigned long tmp; unrv2b(src, dst, &tmp); } #endif default: printk_info( "ROMFS: Unknown compression type %d\n", algo); return -1; } new->s_srcaddr = (u32) dst; new->s_filesz = new->s_memsz; return 0; } /* The problem: * Static executables all want to share the same addresses * in memory because only a few addresses are reliably present on * a machine, and implementing general relocation is hard. * * The solution: * - Allocate a buffer twice the size of the coreboot image. * - Anything that would overwrite coreboot copy into the lower half of * the buffer. * - After loading an ELF image copy coreboot to the upper half of the * buffer. * - Then jump to the loaded image. * * Benefits: * - Nearly arbitrary standalone executables can be loaded. * - Coreboot is preserved, so it can be returned to. * - The implementation is still relatively simple, * and much simpler then the general case implemented in kexec. * */ static unsigned long get_bounce_buffer(struct lb_memory *mem) { unsigned long lb_size; unsigned long mem_entries; unsigned long buffer; int i; lb_size = (unsigned long)(&_eram_seg - &_ram_seg); /* Double coreboot size so I have somewhere to place a copy to return to */ lb_size = lb_size + lb_size; mem_entries = (mem->size - sizeof(*mem))/sizeof(mem->map[0]); buffer = 0; for(i = 0; i < mem_entries; i++) { unsigned long mstart, mend; unsigned long msize; unsigned long tbuffer; if (mem->map[i].type != LB_MEM_RAM) continue; if (unpack_lb64(mem->map[i].start) > MAX_ADDR) continue; if (unpack_lb64(mem->map[i].size) < lb_size) continue; mstart = unpack_lb64(mem->map[i].start); msize = MAX_ADDR - mstart +1; if (msize > unpack_lb64(mem->map[i].size)) msize = unpack_lb64(mem->map[i].size); mend = mstart + msize; tbuffer = mend - lb_size; if (tbuffer < buffer) continue; buffer = tbuffer; } return buffer; } static int valid_area(struct lb_memory *mem, unsigned long buffer, unsigned long start, unsigned long len) { /* Check through all of the memory segments and ensure * the segment that was passed in is completely contained * in RAM. */ int i; unsigned long end = start + len; unsigned long mem_entries = (mem->size - sizeof(*mem))/sizeof(mem->map[0]); /* See if I conflict with the bounce buffer */ if (end >= buffer) { return 0; } /* Walk through the table of valid memory ranges and see if I * have a match. */ for(i = 0; i < mem_entries; i++) { uint64_t mstart, mend; uint32_t mtype; mtype = mem->map[i].type; mstart = unpack_lb64(mem->map[i].start); mend = mstart + unpack_lb64(mem->map[i].size); if ((mtype == LB_MEM_RAM) && (start < mend) && (end > mstart)) { break; } if ((mtype == LB_MEM_TABLE) && (start < mend) && (end > mstart)) { printk_err("Payload is overwriting Coreboot tables.\n"); break; } } if (i == mem_entries) { printk_err("No matching ram area found for range:\n"); printk_err(" [0x%016lx, 0x%016lx)\n", start, end); printk_err("Ram areas\n"); for(i = 0; i < mem_entries; i++) { uint64_t mstart, mend; uint32_t mtype; mtype = mem->map[i].type; mstart = unpack_lb64(mem->map[i].start); mend = mstart + unpack_lb64(mem->map[i].size); printk_err(" [0x%016lx, 0x%016lx) %s\n", (unsigned long)mstart, (unsigned long)mend, (mtype == LB_MEM_RAM)?"RAM":"Reserved"); } return 0; } return 1; } static void relocate_segment(unsigned long buffer, struct segment *seg) { /* Modify all segments that want to load onto coreboot * to load onto the bounce buffer instead. */ unsigned long lb_start = (unsigned long)&_ram_seg; unsigned long lb_end = (unsigned long)&_eram_seg; unsigned long start, middle, end; printk_spew("lb: [0x%016lx, 0x%016lx)\n", lb_start, lb_end); start = seg->s_dstaddr; middle = start + seg->s_filesz; end = start + seg->s_memsz; /* I don't conflict with coreboot so get out of here */ if ((end <= lb_start) || (start >= lb_end)) return; printk_spew("segment: [0x%016lx, 0x%016lx, 0x%016lx)\n", start, middle, end); /* Slice off a piece at the beginning * that doesn't conflict with coreboot. */ if (start < lb_start) { struct segment *new; unsigned long len = lb_start - start; new = malloc(sizeof(*new)); *new = *seg; new->s_memsz = len; seg->s_memsz -= len; seg->s_dstaddr += len; seg->s_srcaddr += len; if (seg->s_filesz > len) { new->s_filesz = len; seg->s_filesz -= len; } else { seg->s_filesz = 0; } /* Order by stream offset */ new->next = seg; new->prev = seg->prev; seg->prev->next = new; seg->prev = new; /* Order by original program header order */ new->phdr_next = seg; new->phdr_prev = seg->phdr_prev; seg->phdr_prev->phdr_next = new; seg->phdr_prev = new; /* compute the new value of start */ start = seg->s_dstaddr; printk_spew(" early: [0x%016lx, 0x%016lx, 0x%016lx)\n", new->s_dstaddr, new->s_dstaddr + new->s_filesz, new->s_dstaddr + new->s_memsz); } /* Slice off a piece at the end * that doesn't conflict with coreboot */ if (end > lb_end) { unsigned long len = lb_end - start; struct segment *new; new = malloc(sizeof(*new)); *new = *seg; seg->s_memsz = len; new->s_memsz -= len; new->s_dstaddr += len; new->s_srcaddr += len; if (seg->s_filesz > len) { seg->s_filesz = len; new->s_filesz -= len; } else { new->s_filesz = 0; } /* Order by stream offset */ new->next = seg->next; new->prev = seg; seg->next->prev = new; seg->next = new; /* Order by original program header order */ new->phdr_next = seg->phdr_next; new->phdr_prev = seg; seg->phdr_next->phdr_prev = new; seg->phdr_next = new; /* compute the new value of end */ end = start + len; printk_spew(" late: [0x%016lx, 0x%016lx, 0x%016lx)\n", new->s_dstaddr, new->s_dstaddr + new->s_filesz, new->s_dstaddr + new->s_memsz); } /* Now retarget this segment onto the bounce buffer */ /* sort of explanation: the buffer is a 1:1 mapping to coreboot. * so you will make the dstaddr be this buffer, and it will get copied * later to where coreboot lives. */ seg->s_dstaddr = buffer + (seg->s_dstaddr - lb_start); printk_spew(" bounce: [0x%016lx, 0x%016lx, 0x%016lx)\n", seg->s_dstaddr, seg->s_dstaddr + seg->s_filesz, seg->s_dstaddr + seg->s_memsz); } static int build_self_segment_list( struct segment *head, unsigned long bounce_buffer, struct lb_memory *mem, struct romfs_payload *payload, u32 *entry) { struct segment *new; struct segment *ptr; u8 *data; int datasize; struct romfs_payload_segment *segment, *first_segment; memset(head, 0, sizeof(*head)); head->phdr_next = head->phdr_prev = head; head->next = head->prev = head; first_segment = segment = &payload->segments; while(1) { printk_debug("Segment %p\n", segment); switch(segment->type) { default: printk_emerg("Bad segment type %x\n", segment->type); return -1; case PAYLOAD_SEGMENT_PARAMS: printk_info("found param section\n"); segment++; continue; case PAYLOAD_SEGMENT_CODE: case PAYLOAD_SEGMENT_DATA: printk_info( "%s: ", segment->type == PAYLOAD_SEGMENT_CODE ? "code" : "data"); new = malloc(sizeof(*new)); new->s_dstaddr = ntohl((u32) segment->load_addr); new->s_memsz = ntohl(segment->mem_len); datasize = ntohl(segment->len); /* figure out decompression, do it, get pointer to the area */ if (romfs_self_decompress(ntohl(segment->compression), ((unsigned char *) first_segment) + ntohl(segment->offset), new)) { printk_emerg("romfs_self_decompress failed\n"); return; } printk_debug("New segment dstaddr 0x%lx memsize 0x%lx srcaddr 0x%lx filesize 0x%lx\n", new->s_dstaddr, new->s_memsz, new->s_srcaddr, new->s_filesz); /* Clean up the values */ if (new->s_filesz > new->s_memsz) { new->s_filesz = new->s_memsz; } printk_debug("(cleaned up) New segment addr 0x%lx size 0x%lx offset 0x%lx filesize 0x%lx\n", new->s_dstaddr, new->s_memsz, new->s_srcaddr, new->s_filesz); break; case PAYLOAD_SEGMENT_BSS: printk_info("BSS %p/%d\n", (void *) ntohl((u32) segment->load_addr), ntohl(segment->mem_len)); new = malloc(sizeof(*new)); new->s_filesz = 0; new->s_dstaddr = ntohl((u32) segment->load_addr); new->s_memsz = ntohl(segment->mem_len); break; case PAYLOAD_SEGMENT_ENTRY: printk_info("Entry %p\n", (void *) ntohl((u32) segment->load_addr)); *entry = (void *) ntohl((u32) segment->load_addr); return 1; } segment++; for(ptr = head->next; ptr != head; ptr = ptr->next) { if (new->s_srcaddr < ntohl((u32) segment->load_addr)) break; } /* Order by stream offset */ new->next = ptr; new->prev = ptr->prev; ptr->prev->next = new; ptr->prev = new; /* Order by original program header order */ new->phdr_next = head; new->phdr_prev = head->phdr_prev; head->phdr_prev->phdr_next = new; head->phdr_prev = new; /* Verify the memory addresses in the segment are valid */ if (!valid_area(mem, bounce_buffer, new->s_dstaddr, new->s_memsz)) goto out; /* Modify the segment to load onto the bounce_buffer if necessary. */ relocate_segment(bounce_buffer, new); } return 1; out: return 0; } static int load_self_segments( struct segment *head, struct romfs_payload *payload) { unsigned long offset; struct segment *ptr; offset = 0; for(ptr = head->next; ptr != head; ptr = ptr->next) { unsigned long skip_bytes, read_bytes; unsigned char *dest, *middle, *end, *src; byte_offset_t result; printk_debug("Loading Segment: addr: 0x%016lx memsz: 0x%016lx filesz: 0x%016lx\n", ptr->s_dstaddr, ptr->s_memsz, ptr->s_filesz); /* Compute the boundaries of the segment */ dest = (unsigned char *)(ptr->s_dstaddr); end = dest + ptr->s_memsz; middle = dest + ptr->s_filesz; src = ptr->s_srcaddr; printk_spew("[ 0x%016lx, %016lx, 0x%016lx) <- %016lx\n", (unsigned long)dest, (unsigned long)middle, (unsigned long)end, (unsigned long)src); /* Copy data from the initial buffer */ if (ptr->s_filesz) { size_t len; len = ptr->s_filesz; memcpy(dest, src, len); dest += len; } /* Zero the extra bytes between middle & end */ if (middle < end) { printk_debug("Clearing Segment: addr: 0x%016lx memsz: 0x%016lx\n", (unsigned long)middle, (unsigned long)(end - middle)); /* Zero the extra bytes */ memset(middle, 0, end - middle); } } return 1; out: return 0; } int selfboot(struct lb_memory *mem, struct romfs_payload *payload) { void *entry; struct segment head; unsigned long bounce_buffer; /* Find a bounce buffer so I can load to coreboot's current location */ bounce_buffer = get_bounce_buffer(mem); if (!bounce_buffer) { printk_err("Could not find a bounce buffer...\n"); goto out; } /* Preprocess the self segments */ if (!build_self_segment_list(&head, bounce_buffer, mem, payload, &entry)) goto out; /* Load the segments */ if (!load_self_segments(&head, payload)) goto out; printk_spew("Loaded segments\n"); /* Reset to booting from this image as late as possible */ boot_successful(); printk_debug("Jumping to boot code at %p\n", entry); post_code(0xfe); /* Jump to kernel */ jmp_to_elf_entry(entry, bounce_buffer); return 1; out: return 0; }