[LEDE-DEV] [PATCH] brcm47xx: relocate loader to higher address

Hauke Mehrtens hauke at hauke-m.de
Sun Oct 8 08:29:01 PDT 2017 

On 10/08/2017 05:06 PM, Hauke Mehrtens wrote:
> The boot process on a WRT54GL works the following way:
> 1. CFE gets loaded by the boot rom from flash
> 2. CFE loads the loader from the flash and gzip uncompresses it
> 3. CFE starts the loader
> 4. The loader stores the FW arguments and relocates itself to
>    BZ_TEXT_START (now 0x80600000)
> 5. The loader reads the Linux image from flash
> 6. The loader lzma decompresses the Linux image to LOADADDR (0x80001000)
> 7. The loader executes the uncompress Linux image at LOADADDR
> 
> The BZ_TEXT_START was set to 0x80400000 before. When the kernel gets
> uncompressed and is bigger than BZ_TEXT_START - LOADADDR it overwrote
> the loader which was currently uncompressing it and made the board
> crash. Increase the BZ_TEXT_START my 2 MB to have more space for the
> kernel. Even on 16MB RAM devices the memory goes till 0x80FFFFFF so this
> should not be a problem.
> 
> Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
> ---
>  target/linux/brcm47xx/image/lzma-loader/src/Makefile | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target/linux/brcm47xx/image/lzma-loader/src/Makefile b/target/linux/brcm47xx/image/lzma-loader/src/Makefile
> index 3320e565d0..444039c558 100644
> --- a/target/linux/brcm47xx/image/lzma-loader/src/Makefile
> +++ b/target/linux/brcm47xx/image/lzma-loader/src/Makefile
> @@ -18,7 +18,7 @@
>  #
>  
>  TEXT_START	:= 0x80001000
> -BZ_TEXT_START	:= 0x80400000
> +BZ_TEXT_START	:= 0x80600000
>  
>  OBJCOPY		:= $(CROSS_COMPILE)objcopy -O binary -R .reginfo -R .note -R .comment -R .mdebug -S


This makes my WRT54GS boot a kernel 4.9 with CONFIG_KALLSYMS. Without
this patch it is not booting up.

The FW arguments are more or less useless, I got these in Linux from CFE
forwarded by the loader:
fw_arg0: 0x803401a0, fw_arg1: 0x0, fw_arg2: 0x803029c8, fw_arg3: 0x43464531

They are pointing somewhere into CFE:

Total memory used by CFE:  0x80300000 - 0x8043DF30 (1302320)
Initialized Data:          0x803381A0 - 0x8033A550 (9136)
BSS Area:                  0x8033A550 - 0x8033BF30 (6624)
Local Heap:                0x8033BF30 - 0x8043BF30 (1048576)
Stack Area:                0x8043BF30 - 0x8043DF30 (8192)
Text (code) segment:       0x80300000 - 0x803381A0 (229792)
Boot area (physical):      0x0043E000 - 0x0047E000
Relocation Factor:         I:00000000 - D:00000000

See section 8.2.3 "Registers passed to boot loaders" for details on what
these arguments mean:
http://melbourne.wireless.org.au/files/wrt54/cfe.pdf

Our image does not use them anyway so this is also save.


Hauke

More information about the Lede-dev mailing list