Linux 4.7 kernel payload with CoreBoot 4.4

List overview All Threads
Download

newer

older

Re: [coreboot] Battery thresholds...

Battery thresholds on lenovo T400

Trammell Hudson

10 Aug 2016 10 Aug '16

6:03 a.m.

The Linux 4.7 kernel payload crashes early in the boot process with CoreBoot 4.4. I traced it to these instructions that are finding a safe spot to decompress the rest of the kernel and patched around it with a hard coded location:

diff -u --recursive /home/hudson/build/clean/linux-4.7/arch/x86/boot/compressed/head_64.S ./linux-4.7/arch/x86/boot/compressed/head_64.S --- /home/hudson/build/clean/linux-4.7/arch/x86/boot/compressed/head_64.S 2016-07-24 15:23:50.000000000 -0400 +++ ./linux-4.7/arch/x86/boot/compressed/head_64.S 2016-08-05 12:07:11.399854225 -0400 @@ -340,9 +357,15 @@ 1:

/* Target address to relocate to for decompression */ +#if 0 movl BP_init_size(%rsi), %ebx subl $_end, %ebx addq %rbp, %rbx +#else + // coreboot does not populate the init_size boot param? + // fake it with a hard coded value + movl $0x97b000, %ebx +#endif

/* Set up the stack */ leaq boot_stack_end(%rbx), %rsp

It seems that the Linux kernel bzImage is supposed to set this value, rather than coreboot, so my comment is likely incorrect.

Dumping linux-4.7/arch/x86/boot/header.o, it looks like init_siez is supposed to be 0xcf5000, so I wonder if %rsi is pointing to the wrong location.

In 4.6.4 the computed address was hardcoded:

movl $LOAD_PHYSICAL_ADDR, %ebx /* Target address to relocate to for decompression */ addl $z_extract_offset, %ebx

3e: bb 00 00 00 01 mov $0x1000000,%ebx 43: 81 c3 00 00 00 00 add $0x0,%ebx

-- Trammell

Show replies by date

Timothy Pearson

10 Aug 10 Aug

9 a.m.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On 08/10/2016 08:03 AM, Trammell Hudson wrote:

...

The Linux 4.7 kernel payload crashes early in the boot process with CoreBoot 4.4. I traced it to these instructions that are finding a safe spot to decompress the rest of the kernel and patched around it with a hard coded location:

Thanks for tracing that!

When creating a correct fix, this document may be of help: https://www.kernel.org/doc/Documentation/x86/boot.txt

- From your patch I'd guess that protocol version 2.10+ fields, which include the INIT_SIZE field, may not be populated correctly by coreboot.

For reference, there is also an open bug report on this issue here: https://ticket.coreboot.org/issues/62

- -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) https://www.raptorengineering.com

...PGP SIGNATURE...

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJXq0+PAAoJEK+E3vEXDOFbs3kIAKgXcgctkHHSvUhGbPgk+qDo EKN03vRVkkfm8PtLjDpTZ/z7vmBSMgVUW6HzgXsI9QTnvTgNMIuh0rvG/Vbc85qH s3kNdCaoiESJtq8A8W55wTpwfh0PzWgH7aFZTFn3fy5fIMuRbMaf2ZwwhGMkc1Ov FBTmL1yipGSVK2O/U94Y6q+1HqTdAmo9fUyE1pSbZG6uz0DJhXLdTJ9AjVdbgJiP 6Sp35EjnU2i7dveTCwKwT0z6d9lEbcA8Sl52K7HYADc4GU5aeTdzLtsVLDAnx6cJ vu7aDAYDMrEtRZJZuXe2VtekzRSnF79Jk1es2q/DsA2CGom7ugkaW/GxjZgeI4Y= =2Sz6 -----END PGP SIGNATURE-----

Paul Menzel

2:23 p.m.

New subject: Linux 4.7 kernel payload with coreboot 4.4

Dear Trammell,

Welcome to coreboot.

Am Mittwoch, den 10.08.2016, 07:03 -0600 schrieb Trammell Hudson:

...

The Linux 4.7 kernel payload crashes early in the boot process with CoreBoot 4.4. I traced it to these instructions that are finding a safe spot to decompress the rest of the kernel and patched around it with a hard coded location:

diff -u --recursive /home/hudson/build/clean/linux-4.7/arch/x86/boot/compressed/head_64.S ./linux-4.7/arch/x86/boot/compressed/head_64.S --- /home/hudson/build/clean/linux-4.7/arch/x86/boot/compressed/head_64.S 2016-07-24 15:23:50.000000000 -0400 +++ ./linux-4.7/arch/x86/boot/compressed/head_64.S 2016-08-05 12:07:11.399854225 -0400 @@ -340,9 +357,15 @@ 1:

/* Target address to relocate to for decompression */ +#if 0 movl BP_init_size(%rsi), %ebx subl $_end, %ebx addq %rbp, %rbx +#else

// coreboot does not populate the init_size boot param?

// fake it with a hard coded value

movl $0x97b000, %ebx

+#endif

/* Set up the stack */ leaq boot_stack_end(%rbx), %rsp

It seems that the Linux kernel bzImage is supposed to set this value, rather than coreboot, so my comment is likely incorrect.

Dumping linux-4.7/arch/x86/boot/header.o, it looks like init_siez is supposed to be 0xcf5000, so I wonder if %rsi is pointing to the wrong location.

In 4.6.4 the computed address was hardcoded:
    movl    $LOAD_PHYSICAL_ADDR, %ebx
    /* Target address to relocate to for decompression */
    addl    $z_extract_offset, %ebx
3e: bb 00 00 00 01 mov $0x1000000,%ebx 43: 81 c3 00 00 00 00 add $0x0,%ebx

I have no idea, but could it be related to KASRL (Kernel Address Space Layout Randomization)?

Thanks,

Paul

PS: Please note, that officially coreboot is spelled all lowercase (see your email subject). (Depending on your localization(?) you might want to start it with a capital letter, but please never CamelCase.)

Trammell Hudson

12 Dec 12 Dec

8 a.m.

On Wed, Aug 10, 2016 at 07:03:58AM -0600, Trammell Hudson wrote:

...

The Linux 4.7 kernel payload crashes early in the boot process with CoreBoot 4.4. [...]

The recently released 4.9 kernel does not require any patches to boot as coreboot's payload. The diffs in head_64.S appear to be related to the efi config values and I'm not sure if this is the actual change the fixed it:

--- build/linux-4.7/arch/x86/boot/compressed/head_64.S 2016-12-12 10:21:20.934784655 -0500 +++ build/linux-4.9/arch/x86/boot/compressed/head_64.S 2016-12-11 14:17:54.000000000 -0500 @@ -265,7 +265,7 @@ /* * Relocate efi_config->call(). */ - addq %rbp, efi64_config+88(%rip) + addq %rbp, efi64_config+32(%rip)

movq %rax, %rdi call make_boot_params @@ -285,7 +285,7 @@ * Relocate efi_config->call(). */ movq efi_config(%rip), %rax - addq %rbp, 88(%rax) + addq %rbp, 32(%rax) 2: movq efi_config(%rip), %rdi call efi_main @@ -463,14 +457,14 @@ #ifdef CONFIG_EFI_MIXED .global efi32_config efi32_config: - .fill 11,8,0 + .fill 4,8,0 .quad efi64_thunk .byte 0 #endif

.global efi64_config efi64_config: - .fill 11,8,0 + .fill 4,8,0 .quad efi_call .byte 1 #endif /* CONFIG_EFI_STUB */

-- Trammell

ron minnich

8:10 a.m.

coreboot got fixed, not linux :-)

On Mon, Dec 12, 2016 at 8:05 AM Trammell Hudson hudson@trmm.net wrote:

...

On Wed, Aug 10, 2016 at 07:03:58AM -0600, Trammell Hudson wrote:

...
The Linux 4.7 kernel payload crashes early in the boot process with CoreBoot 4.4. [...]

The recently released 4.9 kernel does not require any patches to boot as coreboot's payload. The diffs in head_64.S appear to be related to the efi config values and I'm not sure if this is the actual change the fixed it:

--- build/linux-4.7/arch/x86/boot/compressed/head_64.S 2016-12-12 10:21:20.934784655 -0500 +++ build/linux-4.9/arch/x86/boot/compressed/head_64.S 2016-12-11 14:17:54.000000000 -0500 @@ -265,7 +265,7 @@ /* * Relocate efi_config->call(). */
  addq    %rbp, efi64_config+88(%rip)
  addq    %rbp, efi64_config+32(%rip)

  movq    %rax, %rdi
  call    make_boot_params
@@ -285,7 +285,7 @@ * Relocate efi_config->call(). */ movq efi_config(%rip), %rax
  addq    %rbp, 88(%rax)
  addq    %rbp, 32(%rax)
2: movq efi_config(%rip), %rdi call efi_main @@ -463,14 +457,14 @@ #ifdef CONFIG_EFI_MIXED .global efi32_config efi32_config:
  .fill   11,8,0
  .fill   4,8,0
  .quad   efi64_thunk
  .byte   0
#endif
    .global efi64_config
efi64_config:
  .fill   11,8,0
  .fill   4,8,0
  .quad   efi_call
  .byte   1
#endif /* CONFIG_EFI_STUB */

-- Trammell

-- coreboot mailing list: coreboot@coreboot.org https://www.coreboot.org/mailman/listinfo/coreboot

2901

days inactive

3025

days old

coreboot@coreboot.org

4 comments

4 participants

tags (0)

participants (4)

Paul Menzel
ron minnich
Timothy Pearson
Trammell Hudson