vxhack and mvista kernel

vxhack and mvista kernel

[Hao Li]

Hi. I am trying to use VxWorks boot rom to boot MontaVista's 2.4.0-test2
kernel on a EST SBC8260 board. I already have MontaVista's CDK 1.2
installed on a Linux x86 host running Red Hat 6.2. From a previous post
I find that I'll need to hack the kernel zImage with Dan Malek's
vxhack.c program. So below is what I did:

% uname -mrs
Linux 2.4.0-test11 i686
% cc --version
2.95.2
% ncftpget ftp://ftp.mvista.com/pub/Area51/ppc-8xx/vxhack.c
vxhack.c:                                                3.49 kB   29.64 kB/s
% cc -o vxhack vxhack.c
% cp /opt/hardhat/devkit/ppc/82xx/target/boot/vmlinuz-sbc8260-2.4.0-test2-1.2.2-3 .
% ./vxhack vmlinuz-sbc8260-2.4.0-test2-1.2.2-3
Segmentation fault


Could someone explain to me what the problem is? Is it because I do it
on a non-ppc host or I should not have used MontaVista's
vmlinuz-sbc8260-2.4.0-test2-1.2.2-3 kernel?

Thanks a lot!

- Hao


** Sent via the linuxppc-embedded mail list. See http://lists.linuxppc.org/

Re: vxhack and mvista kernel

[Dan Malek]

Hao Li wrote:

> % ./vxhack vmlinuz-sbc8260-2.4.0-test2-1.2.2-3
> Segmentation fault
>
> Could someone explain to me what the problem is?

The vxhack program has hard coded values for known sections in the
image file.  For some reason, the sections in the file have changed
since I wrote the program.

There is a loop:
	for (i=0; i<nsscns; i++) .......

in the program.  Add some code to print out the section number and
section size.  It will be obvious which section is the image, and
change the 'if (i == 5)' (or whatever the number is in the code you
have) in that loop to correspond to this number.  You can't use
objdump because the header numbers it prints do not match what you
find when you scan the file like vxhack does.

If you want to update the program to read the string/symbol tables
and to automatically locate sections by name, it would be useful.
This was just a quick five minute program to solve an immediate problem,
not something worth useful time.


	-- Dan

** Sent via the linuxppc-embedded mail list. See http://lists.linuxppc.org/

RE: vxhack and mvista kernel

[Huy Vu]

[-- Attachment #1: Type: text/plain, Size: 119 bytes --]

All,

Here's the hacked up "vxhack" for LE (ie. x86) hosts...

Cheers
Huy

P.S. I hope my assumptions are correct :-)


[-- Attachment #2: vxhack.c --]
[-- Type: application/octet-stream, Size: 4729 bytes --]


/* Crudely convert the zImage so the VxWorks boot rom will load it.
 * Copyright (c) 2000 MontaVista Software, Inc.
 * Dan Malek (dmalek@jlc.net).
 *
 * Modified for LE problems Dec 14, 2000 Huy Vu (huy.vu@ipoptical.com)
 */
#include <sys/types.h>
#include <fcntl.h>
#include <string.h>
#include <elf.h>
#include <stdio.h>

#define IBSIZE	(64*1024)
u_char	ibuf[IBSIZE];
u_char	dbuf[IBSIZE];

#define PGSZ	4096
#define roundup(x)	(((x) + (PGSZ-1)) & ~(PGSZ-1))

main (int argc, char **argv)
{
	int	elf_fd, bin_fd, npscns, nsscns, size, dsize;
	int	shoff, shentsize, i, shsize, imagesize;
	char	*outname, *malloc(), *sp;
	Elf32_Ehdr	*ehp;
	Elf32_Phdr	*epp;
	Elf32_Shdr	*shp;
	int	found = 0;

	if (argc != 2)
		usage(argv[0]);

	if ((elf_fd = open(argv[1], O_RDWR)) < 0) {
		perror("Image open");
		exit(1);
	}

	/* Read the ELF header on the front of the image and get
	 * some information from it.
	 */
	if (read(elf_fd, ibuf, sizeof(ibuf)) != sizeof(ibuf)) {
		fprintf(stderr, "%s doesn't have ELF header\n", argv[1]);
		exit(2);
	}
	ehp = (Elf32_Ehdr *) ibuf;

	if (strncmp(ehp->e_ident, ELFMAG, 4) != 0) {
		fprintf(stderr, "%s doesn't have ELF header\n", argv[1]);
		exit(2);
	}

	npscns = ntohs(ehp->e_phnum);
	nsscns = ntohs(ehp->e_shnum);
	shoff = ntohl(ehp->e_shoff);
	shentsize = ntohs(ehp->e_shentsize);

#ifdef VXHACK_DEBUG
	printf("npscns=%x\n",ntohs(ehp->e_phnum));
	printf("nsscns=%x\n",ntohs(ehp->e_shnum));
	printf("shoff=%x\n",ntohl(ehp->e_shoff));
	printf("shentsize=%x\n\n",ntohs(ehp->e_shentsize));
#endif


	epp = (Elf32_Phdr *)((uint)ehp + ntohl(ehp->e_phoff));

	/* Read the section headers.
	*/
	if (lseek(elf_fd, shoff, 0) < 0) {
		perror("seek");
		exit(2);
	}

	if ((shsize = read(elf_fd, dbuf, sizeof(dbuf))) < 0) {
		fprintf(stderr, "%s doesn't have ELF header\n", argv[1]);
		exit(2);
	}

	/* Scan all of the section headers, updating the address so
	 * it will load at 0x900000.  We know lots about zImage here,
	 * so if that ever changes (it shouldn't) we must do the same.
	 *
	 * The section we are interested in is the first zero sh_addr
	 * that is not the first section! (huy.vu@ipoptical.com)
	 * This is a correct assumption (I hope) :-)
	 *
	 * I am not sure any of this is necessary, as I suspect the
	 * VxWorks rom doesn't really read the section headers.
	 */
	shp = (Elf32_Shdr *) dbuf;
	sp = (char *)shp;
	for (i=0; i<nsscns; i++) {
		if (shp->sh_addr)
			shp->sh_addr = htonl(ntohl(shp->sh_addr)+0x500000);
		else if (!found && i)
		{
			found = 1;
			imagesize = ntohl(shp->sh_size);
		}
#ifdef VXHACK_DEBUG
		printf("%d---\n",i);
		printf("sh_addr=%x\n", ntohl(shp->sh_addr));
		printf("imagesize=%x\n", imagesize);
		printf("=========\n");
#endif
 		sp += shentsize;
		shp = (Elf32_Shdr *)sp;
	}
	if (!imagesize)
		exit(2);

	/* Now that we know the zImage size, and we know it's offset
	 * in the file is a 4k page boundary after the data section,
	 * update the data section to include the zImage.
	 * We know the data section is number 3.
	 */
	shp = (Elf32_Shdr *) dbuf;
	sp = (char *)shp;
	sp += (3 * shentsize);
	shp = (Elf32_Shdr *)sp;
	shp->sh_size = htonl(ntohl(shp->sh_size)+4095);
	shp->sh_size = htonl(ntohl(shp->sh_size) & ~4095);		/* Round up to 4K page boundary */
	shp->sh_size = htonl(ntohl(shp->sh_size) + imagesize);	/* Add zImage size */

	/* Write out the new section headers.
	*/
	if (lseek(elf_fd, shoff, 0) < 0) {
		perror("seek");
		exit(2);
	}

	if (write(elf_fd, dbuf, shsize) != shsize)
		perror("write");

	/* Now go back and hack up the program header on the front of
	 * the image.  We know these are fixed offsets in the header.
	 * I suspect (although not tested), this is really all that is
	 * necessary to make the VxWorks loader read our image.
	 */
	ehp->e_entry = htonl(ntohl(ehp->e_entry)+0x00500000);

	/* Now the program header.
	*/
	epp->p_vaddr = htonl(ntohl(epp->p_vaddr)+0x00500000);		/* Segment virtual address */
	epp->p_paddr = htonl(ntohl(epp->p_paddr)+0x00500000);	/* Segment physical address */
	epp->p_filesz= htonl(ntohl(epp->p_filesz)+4095);
	epp->p_filesz= htonl(ntohl(epp->p_filesz) & ~4095);
	epp->p_filesz= htonl(ntohl(epp->p_filesz)+imagesize);		/* Segment size in file */
	epp->p_memsz = htonl(ntohl(epp->p_memsz)+imagesize);		/* Segment size in memory */

	if (lseek(elf_fd, 0, 0) < 0) {
		perror("lseek");
		exit(2);
	}
	if (write(elf_fd, ibuf, sizeof(ibuf)) != sizeof(ibuf)) {
		fprintf(stderr, "%s header write failed\n", argv[1]);
		exit(2);
	}

	exit(0);

}

usage(char *name)
{
	fprintf(stderr, "Usage: %s zImage_file\n", name);
	exit(2);
}