The PSCI implementation expects at most 2 pages worth of space reserved
at the end of the secure section for its stacks. If PSCI is relocated to
secure SRAM, then everything is fine. If no secure SRAM is available,
and PSCI remains in main memory, the reserved memory space doesn't cover
the space used by the stack.
If one accesses PSCI after Linux has fully booted, the memory that should
have been reserved for the PSCI stacks may have been used by the kernel
or userspace, and would be corrupted. Observed after effects include the
system hanging or telinit core dumping when trying to reboot. It seems
the init process gets hit the most on my test bed.
This fix allocates the space used by the PSCI stacks in the secure
section by skipping pages in the linker script, but only when there is
no secure SRAM, to avoid bloating the binary.
This fix is only a stop gap. It would be better to rework the stack
allocation mechanism, maybe with proper usage of CONFIG_ macros and an
explicit symbol.
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Update the link script to drop this code when not needed. This is only done
for two architectures at present.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
After booting has finished, EFI allows firmware to still interact with the OS
using the "runtime services". These callbacks live in a separate address space,
since they are available long after U-Boot has been overwritten by the OS.
This patch adds enough framework for arbitrary code inside of U-Boot to become
a runtime service with the right section attributes set. For now, we don't make
use of it yet though.
We could maybe in the future map U-boot environment variables to EFI variables
here.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
"DISCARD" will remove ._secure.text relocate, but PSCI framework
has already used some absolute address those need to relocate.
Use readelf -t -r u-boot show us:
.__secure_start addr: 601408e4
.__secure_end addr: 60141460
60141140 00000017 R_ARM_RELATIVE
46 _secure_monitor:
47 #ifdef CONFIG_ARMV7_PSCI
48 ldr r5, =_psci_vectors
60141194 00000017 R_ARM_RELATIVE
6014119c 00000017 R_ARM_RELATIVE
601411a4 00000017 R_ARM_RELATIVE
601411ac 00000017 R_ARM_RELATIVE
64 _psci_table:
66 .word psci_cpu_suspend
...
72 .word psci_migrate
60141344 00000017 R_ARM_RELATIVE
6014145c 00000017 R_ARM_RELATIVE
202 ldr r5, =psci_text_end
Solutions:
1. Change absolute address to RelAdr.
Based on LDR (immediate, ARM), we only have 4K offset to jump.
Now PSCI code size is close to 4K size that is LDR limit jump size,
so even if the LDR is based on the current instruction address,
there is also have a risk for RelAdr. If we use two jump steps I
think we can fix this issue, but looks too hack, so give up this way.
2. Enable "DISCARD" only for CONFIG_ARMV7_SECURE_BASE has defined.
If CONFIG_ARMV7_SECURE_BASE is defined in platform, all of secure
will in the BASE address that is absolute.
Signed-off-by: Wang Dongsheng <dongsheng.wang@nxp.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
The code such as PSCI in section named secure is bundled with
u-boot image, and when bootm, the code will be copied to their
runtime address same to compliation/linking address -
CONFIG_ARMV7_SECURE_BASE.
When compile the PSCI code and link it into the u-boot image,
there will be relocation entries in .rel.dyn section for PSCI.
Actually, we do not needs these relocation entries.
If still keep the relocation entries in .rel.dyn section,
r0 at line 103 and 106 in arch/arm/lib/relocate.S may be an invalid
address which may not support read/write for one SoC.
102 /* relative fix: increase location by offset */
103 add r0, r0, r4
104 ldr r1, [r0]
105 add r1, r1, r4
106 str r1, [r0]
So discard them to avoid touching the relocation entry in
arch/arm/lib/relocate.S.
Signed-off-by: Peng Fan <Peng.Fan@freescale.com>
Cc: Tom Warren <twarren@nvidia.com>
Cc: York Sun <yorksun@freescale.com>
Cc: Hans De Goede <hdegoede@redhat.com>
Cc: Ian Campbell <ijc@hellion.org.uk>
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Tom Rini <trini@konsulko.com>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Stefano Babic <sbabic@denx.de>
Acked-by: Albert ARIBAUD <albert.u.boot@aribaud.net>
CONFIG_ARMV7_VIRT depends on CONFIG_ARMV7_NONSEC, thus doesn't need to
be taken into account additionally. CONFIG_ARMV7_PSCI is only set on
boards that support CONFIG_ARMV7_NONSEC, and it only works on those.
CC: Tang Yuantian <Yuantian.Tang@freescale.com>
CC: York Sun <yorksun@freescale.com>
CC: Steve Rae <srae@broadcom.com>
CC: Andre Przywara <andre.przywara@linaro.org>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Tested-by: Alison Wang <alison.wang@freescale.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
In anticipation of refactoring the HYP/non-secure code to run
from secure RAM, add a new linker section that will contain that
code.
Nothing is using it just yet.
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Acked-by: Ian Campbell <ijc@hellion.org.uk>
Exception handling is basically identical for all ARM targets.
Factorize it out of the various start.S files and into a
single vectors.S file, and adjust linker scripts accordingly.
Signed-off-by: Albert ARIBAUD <albert.u.boot@aribaud.net>
Avoids "could not find output section .gnu.hash" ld.bfd errors on openSUSE.
Cc: Albert Aribaud <albert.u.boot@aribaud.net>
Cc: Tom Rini <trini@ti.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
This prevents references to _end from generating absolute
relocation records.
This change is binary invariant for ARM targets.
Signed-off-by: Albert ARIBAUD <albert.u.boot@aribaud.net>
Some targets will build fine but not boot if sections .hash and
.got.plt are not present in the binary. Add them back.
Also, Exynos machines require .machine_param section in SPL.
Add it.
Signed-off-by: Albert ARIBAUD <albert.u.boot@aribaud.net>
Tested-by: Rajeshwari S Shinde <rajeshwari.s@samsung.com>
Current LDS files /DISCARD/ a lot of sections when linking ELF
files, causing diagnostic tools such as readelf or objdump to
produce partial output. Keep all section at link stage, filter
only at objcopy time so that .bin remains minimal.
Signed-off-by: Albert ARIBAUD <albert.u.boot@aribaud.net>
Reviewed-by: Benoît Thébaudeau <benoit.thebaudeau@advansee.com>
Remove ARM eabi exception handling tables (for frame unwinding).
AFAICT, u-boot stubs away the frame unwiding routines, so the tables will
more or less just consume space. It should be OK to remove them.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
This change is only done where needed: some linker
scripts may contain relocation symbols yet remain
unchanged.
__rel_dyn_start and __rel_dyn_end each requires
its own output section; putting them in relocation
sections changes their flags and breaks relocation.
Signed-off-by: Albert ARIBAUD <albert.u.boot@aribaud.net>
Tested-by: Lubomir Popov <lpopov@mm-sol.com>
Tested-by: Jeroen Hofstee <jeroen@myspectrum.nl>
Reviewed-by: Benoît Thébaudeau <benoit.thebaudeau@advansee.com>
This change is only done where needed: some linker
scripts may contain __image_copy_{start,end} yet
remain unchanged.
Also, __image_copy_end needs its own section; putting
it in relocation sections changes their flags and makes
relocation break.
Signed-off-by: Albert ARIBAUD <albert.u.boot@aribaud.net>
Tested-by: Lubomir Popov <lpopov@mm-sol.com>
Tested-by: Jeroen Hofstee <jeroen@myspectrum.nl>
Reviewed-by: Benoît Thébaudeau <benoit.thebaudeau@advansee.com>
Discard all .dynsym sections from linker scripts
Remove all __dynsym_start definitions from linker scripts
Remove all __dynsym_start references from the codebase
Note: this touches include/asm-generic/sections.h, which
is not ARM-specific, but actual uses of __dynsym_start
are only in ARM, so this patch can safely go through
the ARM repository.
Signed-off-by: Albert ARIBAUD <albert.u.boot@aribaud.net>
Tested-by: Lubomir Popov <lpopov@mm-sol.com>
Tested-by: Jeroen Hofstee <jeroen@myspectrum.nl>
Reviewed-by: Benoît Thébaudeau <benoit.thebaudeau@advansee.com>
Remove SPL-related ASSERT() in arch/arm/cpu/u-boot.lds
as this file is never used for SPL builds.
Rewrite the ASSERT() in arch/arm/cpu/u-boot-spl.lds
to separately test image (text,data,rodata...) size,
BSS size, and full footprint each against its own max,
and make Tegra boards check full footprint.
Also, output section mmutable is not used in SPL builds.
Remove it.
Finally, update README regarding the (now homogeneous)
semantics of CONFIG_SPL_[BSS_]MAX_SIZE and add the new
CONFIG_SPL_MAX_FOOTPRINT macro.
Signed-off-by: Albert ARIBAUD <albert.u.boot@aribaud.net>
Reported-by: Benoît Thébaudeau <benoit.thebaudeau@advansee.com>
Commit 3ebd1cbc introduced compiler-generated __bss_start
and __bss_end__ and commit c23561e7 rewrote all __bss_end__
as __bss_end. Their merge caused silent and harmless but
potentially bug-inducing clashes between compiler- and linker-
generated __bss_end symbols.
Make __bss_end and __bss_start compiler-only, and create
__bss_base and __bss_limit for linker-only use.
Signed-off-by: Albert ARIBAUD <albert.u.boot@aribaud.net>
Reported-by: Benoît Thébaudeau <benoit.thebaudeau@advansee.com>
Albert's rework of the linker scripts conflicted with Simon's making
everyone use __bss_end. We also had a minor conflict over
README.scrapyard being added to in mainline and enhanced in
u-boot-arm/master with proper formatting.
Conflicts:
arch/arm/cpu/ixp/u-boot.lds
arch/arm/cpu/u-boot.lds
arch/arm/lib/Makefile
board/actux1/u-boot.lds
board/actux2/u-boot.lds
board/actux3/u-boot.lds
board/dvlhost/u-boot.lds
board/freescale/mx31ads/u-boot.lds
doc/README.scrapyard
include/configs/tegra-common.h
Build tested for all of ARM and run-time tested on am335x_evm.
Signed-off-by: Tom Rini <trini@ti.com>
Note this is a tree-wide change affecting multiple architectures.
At present we use __bss_start, but mostly __bss_end__. This seems
inconsistent and in a number of places __bss_end is used instead.
Change to use __bss_end for the BSS end symbol throughout U-Boot. This
makes it possible to use the asm-generic/sections.h file on all
archs.
Signed-off-by: Simon Glass <sjg@chromium.org>
Refactor linker-generated array code so that symbols
which were previously linker-generated are now compiler-
generated. This causes relocation records of type
R_ARM_ABS32 to become R_ARM_RELATIVE, which makes
code which uses LGA able to run before relocation as
well as after.
Note: this affects more than ARM targets, as linker-
lists span possibly all target architectures, notably
PowerPC.
Conflicts:
arch/arm/cpu/arm926ejs/mxs/u-boot-spl.lds
arch/arm/cpu/arm926ejs/spear/u-boot-spl.lds
arch/arm/cpu/armv7/omap-common/u-boot-spl.lds
board/ait/cam_enc_4xx/u-boot-spl.lds
board/davinci/da8xxevm/u-boot-spl-da850evm.lds
board/davinci/da8xxevm/u-boot-spl-hawk.lds
board/vpac270/u-boot-spl.lds
Signed-off-by: Albert ARIBAUD <albert.u.boot@aribaud.net>
Turn __bss_start and __bss_end__ from linker-generated
to compiler-generated symbols, causing relocations for
these symbols to change type, from R_ARM_ABS32 to
R_ARM_RELATIVE.
This should have no functional impact, as it affects
references to __bss_start and __bss_end__ only before
relocation, and no such references are done.
Signed-off-by: Albert ARIBAUD <albert.u.boot@aribaud.net>
Add an ASSERT() to u-boot.lds to detect an SPL that doesn't fit within
SPL_TEXT_BASE..SPL_MAX_SIZE.
Different .lds files implement this check in two possible ways:
1) An ASSERT() like this
2) Defining a MEMORY region of size SPL_MAX_SIZE, and re-directing all
linker output into that region. Since u-boot.lds is used for both
SPL and main U-Boot, this would entail only sometimes defining a
MEMORY region, and only sometimes performing that redirection, and
hence option (1) was deemed much simpler, and hence implemented.
Note that this causes build failures at least for NVIDIA Tegra Seaboard
and Ventana. However, these are legitimate; the SPL doesn't fit within
the required space, and this does cause runtime issues.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Acked-by: Simon Glass <sjg@chromium.org>
Acked-by: Allen Martin <amartin@nvidia.com>
Acked-by: Tom Rini <trini@ti.com>
Tested-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Warren <twarren@nvidia.com>
When -ffunction-sections or -fdata-section are used, symbols are placed
into sections such as .data.eserial1_device and .bss.serial_current.
Update the linker script to explicitly include these. Without this
change (at least with my gcc-4.5.3 built using crosstool-ng), I see that
the sections do end up being included, but __bss_end__ gets set to the
same value as __bss_start.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Acked-by: Allen Martin <amartin@nvidia.com>
Acked-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
The command declaration now uses the new LG-array method to generate
list of commands. Thus the __u_boot_cmd section is now superseded and
redundant and therefore can be removed. Also, remove externed symbols
associated with this section from include/command.h .
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Joe Hershberger <joe.hershberger@gmail.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Add section for the linker-generated lists into all possible linker
files, so that everyone can easily use these lists. This is mostly
a mechanical adjustment.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Joe Hershberger <joe.hershberger@gmail.com>
Cc: Mike Frysinger <vapier@gentoo.org>
Most ARM CPUs use a very similar link script. This adds a basic
script that can be used by most CPUs.
Two new symbols are introduced which are intended to eventually be
defined on all architectures to make things easier for generic relocation
and reduce special-case code for each architecture:
__image_copy_start is the start of the text area (equivalent to the
existing _start on ARM). It marks the start of the region which must be
copied to a new location during relocation. This symbol is called
__text_start on x86 and microblaze.
__image_copy_end is the end of the region which must be copied to a new
location during relocation. It is normally equal to the start of the BSS
region, but this can vary in some cases (SPL?). Making this an explicit
symbol on its own removes any ambiguity and permits common code to always
do the right thing.
This new script makes use of CPUDIR, now defined by both Makefile and
spl/Makefile, to find the directory containing the start.o object file,
which is always placed first in the image.
To permit MMU setup prior to relocation (as used by pxa) we add an area
to the link script which contains space for this. This is taken
from commit 7f4cfcf. CPUs can put the contents in there using their
start.S file. BTW, shouldn't that area be 16KB-aligned?
Signed-off-by: Simon Glass <sjg@chromium.org>