[LEDE-DEV] [PATCH] brcm47xx: relocate loader to higher address

Florian Fainelli f.fainelli at gmail.com
Sun Oct 8 09:43:57 PDT 2017 


On 10/08/2017 08:29 AM, Hauke Mehrtens wrote:
> On 10/08/2017 05:06 PM, Hauke Mehrtens wrote:
>> The boot process on a WRT54GL works the following way:
>> 1. CFE gets loaded by the boot rom from flash
>> 2. CFE loads the loader from the flash and gzip uncompresses it
>> 3. CFE starts the loader
>> 4. The loader stores the FW arguments and relocates itself to
>>    BZ_TEXT_START (now 0x80600000)
>> 5. The loader reads the Linux image from flash
>> 6. The loader lzma decompresses the Linux image to LOADADDR (0x80001000)
>> 7. The loader executes the uncompress Linux image at LOADADDR
>>
>> The BZ_TEXT_START was set to 0x80400000 before. When the kernel gets
>> uncompressed and is bigger than BZ_TEXT_START - LOADADDR it overwrote
>> the loader which was currently uncompressing it and made the board
>> crash. Increase the BZ_TEXT_START my 2 MB to have more space for the
>> kernel. Even on 16MB RAM devices the memory goes till 0x80FFFFFF so this
>> should not be a problem.
>>
>> Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
>> ---
>>  target/linux/brcm47xx/image/lzma-loader/src/Makefile | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/target/linux/brcm47xx/image/lzma-loader/src/Makefile b/target/linux/brcm47xx/image/lzma-loader/src/Makefile
>> index 3320e565d0..444039c558 100644
>> --- a/target/linux/brcm47xx/image/lzma-loader/src/Makefile
>> +++ b/target/linux/brcm47xx/image/lzma-loader/src/Makefile
>> @@ -18,7 +18,7 @@
>>  #
>>  
>>  TEXT_START	:= 0x80001000
>> -BZ_TEXT_START	:= 0x80400000
>> +BZ_TEXT_START	:= 0x80600000
>>  
>>  OBJCOPY		:= $(CROSS_COMPILE)objcopy -O binary -R .reginfo -R .note -R .comment -R .mdebug -S
> 
> 
> This makes my WRT54GS boot a kernel 4.9 with CONFIG_KALLSYMS. Without
> this patch it is not booting up.
> 
> The FW arguments are more or less useless, I got these in Linux from CFE
> forwarded by the loader:
> fw_arg0: 0x803401a0, fw_arg1: 0x0, fw_arg2: 0x803029c8, fw_arg3: 0x43464531

Yes, those do not really matter on brcm47xx since the CFE environment
and all associated services (cfe_getenv, cfe_write) are not available
anyway...

> 
> They are pointing somewhere into CFE:
> 
> Total memory used by CFE:  0x80300000 - 0x8043DF30 (1302320)
> Initialized Data:          0x803381A0 - 0x8033A550 (9136)
> BSS Area:                  0x8033A550 - 0x8033BF30 (6624)
> Local Heap:                0x8033BF30 - 0x8043BF30 (1048576)
> Stack Area:                0x8043BF30 - 0x8043DF30 (8192)
> Text (code) segment:       0x80300000 - 0x803381A0 (229792)
> Boot area (physical):      0x0043E000 - 0x0047E000
> Relocation Factor:         I:00000000 - D:00000000
> 
> See section 8.2.3 "Registers passed to boot loaders" for details on what
> these arguments mean:
> http://melbourne.wireless.org.au/files/wrt54/cfe.pdf
> 
> Our image does not use them anyway so this is also save.
> 
> 
> Hauke
> 
> _______________________________________________
> Lede-dev mailing list
> Lede-dev at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev
> 

-- 
Florian

More information about the Lede-dev mailing list