int syslinux_boot_linux(void *kernel_buf, size_t kernel_size,
struct initramfs *initramfs, char *cmdline)
{
struct linux_header hdr, *whdr;
size_t real_mode_size, prot_mode_size;
addr_t real_mode_base, prot_mode_base;
addr_t irf_size;
size_t cmdline_size, cmdline_offset;
struct syslinux_rm_regs regs;
struct syslinux_movelist *fraglist = NULL;
struct syslinux_memmap *mmap = NULL;
struct syslinux_memmap *amap = NULL;
bool ok;
uint32_t memlimit = 0;
uint16_t video_mode = 0;
const char *arg;
cmdline_size = strlen(cmdline) + 1;
if (kernel_size < 2 * 512)
goto bail;
/* Look for specific command-line arguments we care about */
if ((arg = find_argument(cmdline, "mem=")))
memlimit = saturate32(suffix_number(arg));
if ((arg = find_argument(cmdline, "vga="))) {
switch (arg[0] | 0x20) {
case 'a': /* "ask" */
video_mode = 0xfffd;
break;
case 'e': /* "ext" */
video_mode = 0xfffe;
break;
case 'n': /* "normal" */
video_mode = 0xffff;
break;
case 'c': /* "current" */
video_mode = 0x0f04;
break;
default:
video_mode = strtoul(arg, NULL, 0);
break;
}
}
/* Copy the header into private storage */
/* Use whdr to modify the actual kernel header */
memcpy(&hdr, kernel_buf, sizeof hdr);
whdr = (struct linux_header *)kernel_buf;
if (hdr.boot_flag != BOOT_MAGIC)
goto bail;
if (hdr.header != LINUX_MAGIC) {
hdr.version = 0x0100; /* Very old kernel */
hdr.loadflags = 0;
}
whdr->vid_mode = video_mode;
if (!hdr.setup_sects)
hdr.setup_sects = 4;
if (hdr.version < 0x0203)
hdr.initrd_addr_max = 0x37ffffff;
if (!memlimit && memlimit - 1 > hdr.initrd_addr_max)
memlimit = hdr.initrd_addr_max + 1; /* Zero for no limit */
if (hdr.version < 0x0205 || !(hdr.loadflags & LOAD_HIGH))
hdr.relocatable_kernel = 0;
if (hdr.version < 0x0206)
hdr.cmdline_max_len = 256;
if (cmdline_size > hdr.cmdline_max_len) {
cmdline_size = hdr.cmdline_max_len;
cmdline[cmdline_size - 1] = '\0';
}
if (hdr.version < 0x0202 || !(hdr.loadflags & 0x01))
cmdline_offset = (0x9ff0 - cmdline_size) & ~15;
else
cmdline_offset = 0x10000;
real_mode_size = (hdr.setup_sects + 1) << 9;
real_mode_base = (hdr.loadflags & LOAD_HIGH) ? 0x10000 : 0x90000;
prot_mode_base = (hdr.loadflags & LOAD_HIGH) ? 0x100000 : 0x10000;
prot_mode_size = kernel_size - real_mode_size;
if (!(hdr.loadflags & LOAD_HIGH) && prot_mode_size > 512 * 1024)
goto bail; /* Kernel cannot be loaded low */
if (initramfs && hdr.version < 0x0200)
goto bail; /* initrd/initramfs not supported */
if (hdr.version >= 0x0200) {
whdr->type_of_loader = 0x30; /* SYSLINUX unknown module */
if (hdr.version >= 0x0201) {
whdr->heap_end_ptr = cmdline_offset - 0x0200;
whdr->loadflags |= CAN_USE_HEAP;
}
if (hdr.version >= 0x0202) {
whdr->cmd_line_ptr = real_mode_base + cmdline_offset;
} else {
whdr->old_cmd_line_magic = OLD_CMDLINE_MAGIC;
whdr->old_cmd_line_offset = cmdline_offset;
/* Be paranoid and round up to a multiple of 16 */
whdr->setup_move_size = (cmdline_offset + cmdline_size + 15) & ~15;
}
}
/* Get the memory map */
mmap = syslinux_memory_map(); /* Memory map for shuffle_boot */
amap = syslinux_dup_memmap(mmap); /* Keep track of available memory */
if (!mmap || !amap)
goto bail;
#if DEBUG
dprintf("Initial memory map:\n");
syslinux_dump_memmap(stdout, mmap);
#endif
/* If the user has specified a memory limit, mark that as unavailable.
Question: should we mark this off-limit in the mmap as well (meaning
it's unavailable to the boot loader, which probably has already touched
some of it), or just in the amap? */
if (memlimit)
if (syslinux_add_memmap(&amap, memlimit, -memlimit, SMT_RESERVED))
goto bail;
/* Place the kernel in memory */
/* First, find a suitable place for the protected-mode code */
if (syslinux_memmap_type(amap, prot_mode_base, prot_mode_size)
!= SMT_FREE) {
const struct syslinux_memmap *mp;
if (!hdr.relocatable_kernel)
goto bail; /* Can't relocate - no hope */
ok = false;
for (mp = amap; mp; mp = mp->next) {
addr_t start, end;
start = mp->start;
end = mp->next->start;
if (mp->type != SMT_FREE)
continue;
if (end <= prot_mode_base)
continue; /* Only relocate upwards */
if (start <= prot_mode_base)
start = prot_mode_base;
start = ALIGN_UP(start, hdr.kernel_alignment);
if (start >= end)
continue;
/* The 3* here is a total fudge factor... it's supposed to
account for the fact that the kernel needs to be decompressed,
and then followed by the BSS and BRK regions. This doesn't,
however, account for the fact that the kernel is decompressed
into a whole other place, either. */
if (end - start >= 3 * prot_mode_size) {
whdr->code32_start += start - prot_mode_base;
prot_mode_base = start;
ok = true;
break;
}
}
if (!ok)
goto bail;
}
/* Real mode code */
if (syslinux_memmap_type(amap, real_mode_base,
cmdline_offset + cmdline_size) != SMT_FREE) {
const struct syslinux_memmap *mp;
ok = false;
for (mp = amap; mp; mp = mp->next) {
addr_t start, end;
start = mp->start;
end = mp->next->start;
if (mp->type != SMT_FREE)
continue;
if (start < real_mode_base)
start = real_mode_base; /* Lowest address we'll use */
if (end > 640 * 1024)
end = 640 * 1024;
start = ALIGN_UP(start, 16);
if (start > 0x90000 || start >= end)
continue;
if (end - start >= cmdline_offset + cmdline_size) {
real_mode_base = start;
ok = true;
break;
}
}
}
if (syslinux_add_movelist(&fraglist, real_mode_base, (addr_t) kernel_buf,
real_mode_size))
goto bail;
if (syslinux_add_memmap
(&amap, real_mode_base, cmdline_offset + cmdline_size, SMT_ALLOC))
goto bail;
/* Zero region between real mode code and cmdline */
if (syslinux_add_memmap(&mmap, real_mode_base + real_mode_size,
cmdline_offset - real_mode_size, SMT_ZERO))
goto bail;
/* Command line */
if (syslinux_add_movelist(&fraglist, real_mode_base + cmdline_offset,
(addr_t) cmdline, cmdline_size))
goto bail;
/* Protected-mode code */
if (syslinux_add_movelist(&fraglist, prot_mode_base,
(addr_t) kernel_buf + real_mode_size,
prot_mode_size))
goto bail;
if (syslinux_add_memmap(&amap, prot_mode_base, prot_mode_size, SMT_ALLOC))
goto bail;
/* Figure out the size of the initramfs, and where to put it.
We should put it at the highest possible address which is
<= hdr.initrd_addr_max, which fits the entire initramfs. */
irf_size = initramfs_size(initramfs); /* Handles initramfs == NULL */
if (irf_size) {
addr_t best_addr = 0;
struct syslinux_memmap *ml;
const addr_t align_mask = INITRAMFS_MAX_ALIGN - 1;
if (irf_size) {
for (ml = amap; ml->type != SMT_END; ml = ml->next) {
addr_t adj_start = (ml->start + align_mask) & ~align_mask;
addr_t adj_end = ml->next->start & ~align_mask;
if (ml->type == SMT_FREE && adj_end - adj_start >= irf_size)
best_addr = (adj_end - irf_size) & ~align_mask;
}
if (!best_addr)
goto bail; /* Insufficient memory for initramfs */
whdr->ramdisk_image = best_addr;
whdr->ramdisk_size = irf_size;
if (syslinux_add_memmap(&amap, best_addr, irf_size, SMT_ALLOC))
goto bail;
if (map_initramfs(&fraglist, &mmap, initramfs, best_addr))
goto bail;
}
}
/* Set up the registers on entry */
memset(®s, 0, sizeof regs);
regs.es = regs.ds = regs.ss = regs.fs = regs.gs = real_mode_base >> 4;
regs.cs = (real_mode_base >> 4) + 0x20;
/* regs.ip = 0; */
/* Linux is OK with sp = 0 = 64K, but perhaps other things aren't... */
regs.esp.w[0] = min(cmdline_offset, (size_t) 0xfff0);
#if DEBUG
dprintf("Final memory map:\n");
syslinux_dump_memmap(stdout, mmap);
dprintf("Final available map:\n");
syslinux_dump_memmap(stdout, amap);
dprintf("Initial movelist:\n");
syslinux_dump_movelist(stdout, fraglist);
#endif
syslinux_shuffle_boot_rm(fraglist, mmap, 0, ®s);
bail:
syslinux_free_movelist(fraglist);
syslinux_free_memmap(mmap);
syslinux_free_memmap(amap);
return -1;
}
static void do_boot(struct data_area *data, int ndata)
{
struct syslinux_memmap *mmap;
struct syslinux_movelist *mlist = NULL;
addr_t endimage;
uint8_t driveno = opt.regs.edx.b[0];
uint8_t swapdrive = driveno & 0x80;
int i;
mmap = syslinux_memory_map();
if (!mmap) {
error("Cannot read system memory map.");
return;
}
endimage = 0;
for (i = 0; i < ndata; i++) {
if (data[i].base + data[i].size > endimage)
endimage = data[i].base + data[i].size;
}
if (endimage > dosmax)
goto too_big;
for (i = 0; i < ndata; i++) {
if (syslinux_add_movelist(&mlist, data[i].base,
(addr_t) data[i].data, data[i].size))
goto enomem;
}
if (opt.swap && driveno != swapdrive) {
static const uint8_t swapstub_master[] = {
/* The actual swap code */
0x53, /* 00: push bx */
0x0f, 0xb6, 0xda, /* 01: movzx bx,dl */
0x2e, 0x8a, 0x57, 0x60, /* 04: mov dl,[cs:bx+0x60] */
0x5b, /* 08: pop bx */
0xea, 0, 0, 0, 0, /* 09: jmp far 0:0 */
0x90, 0x90, /* 0E: nop; nop */
/* Code to install this in the right location */
/* Entry with DS = CS; ES = SI = 0; CX = 256 */
0x26, 0x66, 0x8b, 0x7c, 0x4c, /* 10: mov edi,[es:si+4*0x13] */
0x66, 0x89, 0x3e, 0x0a, 0x00, /* 15: mov [0x0A],edi */
0x26, 0x8b, 0x3e, 0x13, 0x04, /* 1A: mov di,[es:0x413] */
0x4f, /* 1F: dec di */
0x26, 0x89, 0x3e, 0x13, 0x04, /* 20: mov [es:0x413],di */
0x66, 0xc1, 0xe7, 0x16, /* 25: shl edi,16+6 */
0x26, 0x66, 0x89, 0x7c, 0x4c, /* 29: mov [es:si+4*0x13],edi */
0x66, 0xc1, 0xef, 0x10, /* 2E: shr edi,16 */
0x8e, 0xc7, /* 32: mov es,di */
0x31, 0xff, /* 34: xor di,di */
0xf3, 0x66, 0xa5, /* 36: rep movsd */
0xbe, 0, 0, /* 39: mov si,0 */
0xbf, 0, 0, /* 3C: mov di,0 */
0x8e, 0xde, /* 3F: mov ds,si */
0x8e, 0xc7, /* 41: mov es,di */
0x66, 0xb9, 0, 0, 0, 0, /* 43: mov ecx,0 */
0x66, 0xbe, 0, 0, 0, 0, /* 49: mov esi,0 */
0x66, 0xbf, 0, 0, 0, 0, /* 4F: mov edi,0 */
0xea, 0, 0, 0, 0, /* 55: jmp 0:0 */
/* pad out to segment boundary */
0x90, 0x90, /* 5A: ... */
0x90, 0x90, 0x90, 0x90, /* 5C: ... */
};
static uint8_t swapstub[1024];
uint8_t *p;
/* Note: we can't rely on either INT 13h nor the dosmax
vector to be correct at this stage, so we have to use an
installer stub to put things in the right place.
Round the installer location to a 1K boundary so the only
possible overlap is the identity mapping. */
endimage = (endimage + 1023u) & ~1023u;
/* Create swap stub */
memcpy(swapstub, swapstub_master, sizeof swapstub_master);
*(uint16_t *) & swapstub[0x3a] = opt.regs.ds;
*(uint16_t *) & swapstub[0x3d] = opt.regs.es;
*(uint32_t *) & swapstub[0x45] = opt.regs.ecx.l;
*(uint32_t *) & swapstub[0x4b] = opt.regs.esi.l;
*(uint32_t *) & swapstub[0x51] = opt.regs.edi.l;
*(uint16_t *) & swapstub[0x56] = opt.regs.ip;
*(uint16_t *) & swapstub[0x58] = opt.regs.cs;
p = &swapstub[sizeof swapstub_master];
/* Mapping table; start out with identity mapping everything */
for (i = 0; i < 256; i++)
p[i] = i;
/* And the actual swap */
p[driveno] = swapdrive;
p[swapdrive] = driveno;
/* Adjust registers */
opt.regs.ds = opt.regs.cs = endimage >> 4;
opt.regs.esi.l = opt.regs.es = 0;
opt.regs.ecx.l = sizeof swapstub >> 2;
opt.regs.ip = 0x10; /* Installer offset */
opt.regs.ebx.b[0] = opt.regs.edx.b[0] = swapdrive;
if (syslinux_add_movelist(&mlist, endimage, (addr_t) swapstub,
sizeof swapstub))
goto enomem;
endimage += sizeof swapstub;
}
/* Tell the shuffler not to muck with this area... */
syslinux_add_memmap(&mmap, endimage, 0xa0000 - endimage, SMT_RESERVED);
/* Force text mode */
syslinux_force_text_mode();
puts("Booting...");
syslinux_shuffle_boot_rm(mlist, mmap, opt.keeppxe, &opt.regs);
error("Chainboot failed !");
return;
too_big:
error("Loader file too large.");
return;
enomem:
error("Out of memory.");
return;
}
void chainboot_file(const char *file, uint32_t type)
{
uint8_t keeppxe = 0;
const union syslinux_derivative_info *sdi;
struct syslinux_rm_regs regs;
struct syslinux_movelist *fraglist = NULL;
struct syslinux_memmap *mmap = NULL;
struct com32_filedata fd;
com32sys_t reg;
char *stack;
void *buf;
int rv, max, size;
max = 0xA0000; /* Maximum load */
buf = malloc(max);
if (!buf)
goto bail;
rv = open_file(file, O_RDONLY, &fd);
if (rv == -1)
goto bail;
reg.eax.l = max;
reg.ebx.l = 0;
reg.edx.w[0] = 0;
reg.edi.l = (uint32_t)buf;
reg.ebp.l = -1; /* XXX: limit? */
reg.esi.w[0] = rv;
pm_load_high(®);
size = reg.edi.l - (unsigned long)buf;
if (size > 0xA0000 - 0x7C00) {
printf("Too large for a boostrap (need LINUX instead of KERNEL?)\n");
goto bail;
}
mmap = syslinux_memory_map();
if (!mmap)
goto bail;
sdi = syslinux_derivative_info();
memset(®s, 0, sizeof(regs));
regs.ip = 0x7c00;
if (sdi->c.filesystem == SYSLINUX_FS_SYSLINUX ||
sdi->c.filesystem == SYSLINUX_FS_EXTLINUX) {
if (syslinux_add_movelist(&fraglist, 0x800 - 18,
(addr_t)sdi->r.esbx, 16))
goto bail;
/* DS:SI points to partition info */
regs.esi.l = 0x800 - 18;
}
/*
* For a BSS boot sector we have to transfer the
* superblock.
*/
if (sdi->c.filesystem == SYSLINUX_FS_SYSLINUX &&
type == IMAGE_TYPE_BSS && this_fs->fs_ops->copy_super(buf))
goto bail;
if (sdi->c.filesystem == SYSLINUX_FS_PXELINUX) {
keeppxe = 0x03; /* Chainloading + keep PXE */
stack = (char *)sdi->r.fssi;
/*
* Set up the registers with their initial values
*/
regs.eax.l = *(uint32_t *)&stack[36];
regs.ecx.l = *(uint32_t *)&stack[32];
regs.edx.l = *(uint32_t *)&stack[28];
regs.ebx.l = *(uint32_t *)&stack[24];
regs.esp.l = sdi->rr.r.esi.w[0] + 44;
regs.ebp.l = *(uint32_t *)&stack[16];
regs.esi.l = *(uint32_t *)&stack[12];
regs.edi.l = *(uint32_t *)&stack[8];
regs.es = *(uint16_t *)&stack[4];
regs.ss = sdi->rr.r.fs;
regs.ds = *(uint16_t *)&stack[6];
regs.fs = *(uint16_t *)&stack[2];
regs.gs = *(uint16_t *)&stack[0];
} else {
const uint16_t *esdi = (const uint16_t *)sdi->disk.esdi_ptr;
regs.esp.l = (uint16_t)(unsigned long)StackBuf + 44;
/*
* DON'T DO THIS FOR PXELINUX...
* For PXE, ES:BX -> PXENV+, and this would
* corrupt that use.
*
* Restore ES:DI -> $PnP (if we were ourselves
* called that way...)
*/
regs.edi.w[0] = esdi[0]; /* New DI */
regs.es = esdi[2]; /* New ES */
regs.edx.l = sdi->rr.r.edx.b[0]; /* Drive number -> DL */
}
if (syslinux_add_movelist(&fraglist, 0x7c00, (addr_t)buf, size))
goto bail;
syslinux_shuffle_boot_rm(fraglist, mmap, keeppxe, ®s);
bail:
if (fraglist)
syslinux_free_movelist(fraglist);
if (mmap)
syslinux_free_memmap(mmap);
if (buf)
free(buf);
return;
}
