1/*
2// Copyright 2016 The Fuchsia Authors
3// Copyright (c) 2009 Corey Tabaka
4// Copyright (c) 2013 Travis Geiselbrecht
5// Copyright (c) 2015 Intel Corporation
6//
7// Use of this source code is governed by a MIT-style
8// license that can be found in the LICENSE file or at
9// https://opensource.org/licenses/MIT
10*/
11
12/*
13 * Symbols used in the kernel proper are defined with PROVIDE_HIDDEN:
14 * HIDDEN because everything in the kernel is STV_HIDDEN to make it
15 * clear that direct PC-relative references should be generated in PIC;
16 * PROVIDE because their only purpose is to satisfy kernel references.
17 */
18
19SECTIONS
20{
21    . = KERNEL_BASE;
22    PROVIDE_HIDDEN(__code_start = .);
23
24    /*
25     * This just leaves space in the memory image for the boot headers.
26     * The actual boot header will be constructed in image.S, which see.
27     */
28    .text.boot0 : {
29        /*
30         * Put some data in, or else the linker makes it a SHT_NOBITS
31         * section and that makes objcopy -O binary skip it in the image.
32         */
33        LONG(0xdeadbeef);
34        . += BOOT_HEADER_SIZE - 4;
35    } :code
36
37    . = ALIGN(8);
38    .buildsig : {
39        PROVIDE_HIDDEN(buildsig = .);
40        BYTE(0x42); BYTE(0x53); BYTE(0x49); BYTE(0x47); /* BSIG */
41        BYTE(0x53); BYTE(0x54); BYTE(0x52); BYTE(0x54); /* STRT */
42        /*
43         * The self-pointer gives a local basis to compute the relative
44         * positions of the lk_version_t and .note.gnu.build-id pointers
45         * without already knowing the kernel's virtual address base.
46         */
47        QUAD(buildsig);
48        QUAD(version);
49        QUAD(__build_id_note_start);
50        BYTE(0x42); BYTE(0x53); BYTE(0x49); BYTE(0x47); /* BSIG */
51        BYTE(0x45); BYTE(0x4e); BYTE(0x44); BYTE(0x53); /* ENDS */
52     }
53
54    /*
55     * This is separate from .text just so gen-kaslr-relocs.sh can match
56     * it.  The relocation processor skips this section because this code
57     * all runs before the boot-time fixups are applied and has its own
58     * special relationship with the memory layouts.
59     */
60    .text.boot : {
61        *(.text.boot)
62    }
63
64    /*
65     * This is separate from .text just so gen-kaslr-relocs.sh can match
66     * it.  This section contains movabs instructions that get 64-bit
67     * address fixups in place.  This is safe because this code is never
68     * used until long after fixups have been applied.  In general, the
69     * script will refuse to handle fixups in text (i.e. code) sections.
70     */
71    .text.bootstrap16 : {
72        *(.text.bootstrap16)
73    }
74
75    .text : {
76        *(.text* .sram.text)
77        *(.gnu.linkonce.t.*)
78    }
79
80    PROVIDE_HIDDEN(__code_end = .);
81
82    . = ALIGN(4096);
83    PROVIDE_HIDDEN(__rodata_start = .);
84
85    /*
86     * These are page-aligned, so place them first.
87     */
88    .rodata.rodso_image : {
89        *(.rodata.rodso_image.*)
90    }
91
92    .note.gnu.build-id : {
93        PROVIDE_HIDDEN(__build_id_note_start = .);
94        *(.note.gnu.build-id)
95        PROVIDE_HIDDEN(__build_id_note_end = .);
96    } :rodata :note
97
98    /*
99     * The named sections starting with kcountdesc are sorted
100     * by name so that tools can provide binary search lookup
101     * for k_counter_desc::name[] variables.
102     */
103    .kcounter.desc : ALIGN(8) {
104        PROVIDE_HIDDEN(kcountdesc_begin = .);
105        KEEP(*(SORT_BY_NAME(kcountdesc.*)))
106        PROVIDE_HIDDEN(kcountdesc_end = .);
107    } :rodata
108
109    .rodata : {
110        *(.rodata* .gnu.linkonce.r.*)
111    } :rodata
112
113    /*
114     * When compiling PIC, the compiler puts things into sections it
115     * thinks need to be writable until after dynamic relocation.  In
116     * the kernel, these things all go into the read-only segment.  But
117     * to the linker, they are writable and so the default "orphans"
118     * placement would put them after .data instead of here.  That's bad
119     * both because we want these things in the read-only segment (the
120     * kernel's self-relocation applies before the read-only-ness starts
121     * being enforced anyway), and because the orphans would wind up
122     * being after the __data_end symbol (see below).
123     *
124     * Therefore, we have to list all the special-case sections created
125     * by __SECTION("foo") uses in the kernel that are RELRO candidates,
126     * i.e. things that have address constants in their initializers.
127     * All such uses in the source use sections named ".data.rel.ro.foo"
128     * instead of just "foo" specifically to ensure we write them here.
129     * This avoids the magic linker behavior for an "orphan" section
130     * called "foo" of synthesizing "__start_foo" and "__stop_foo"
131     * symbols when the section name has no . characters in it, and so
132     * makes sure we'll get undefined symbol references if we omit such
133     * a section here.  The magic linker behavior is nice, but it only
134     * goes for orphans, and we can't abide the default placement of
135     * orphans that should be RELRO.
136     */
137    .data.rel.ro : ALIGN(8) {
138        PROVIDE_HIDDEN(__start_commands = .);
139        KEEP(*(.data.rel.ro.commands))
140        PROVIDE_HIDDEN(__stop_commands = .);
141
142        PROVIDE_HIDDEN(__start_ktrace_probe = .);
143        KEEP(*(.data.rel.ro.ktrace_probe))
144        PROVIDE_HIDDEN(__stop_ktrace_probe = .);
145
146        PROVIDE_HIDDEN(__start_lk_init = .);
147        KEEP(*(.data.rel.ro.lk_init))
148        PROVIDE_HIDDEN(__stop_lk_init = .);
149
150        PROVIDE_HIDDEN(__start_lk_pdev_init = .);
151        KEEP(*(.data.rel.ro.lk_pdev_init))
152        PROVIDE_HIDDEN(__stop_lk_pdev_init = .);
153
154        PROVIDE_HIDDEN(__start_unittest_testcases = .);
155        KEEP(*(.data.rel.ro.unittest_testcases))
156        PROVIDE_HIDDEN(__stop_unittest_testcases = .);
157
158        *(.data.rel.ro* .gnu.linkonce.d.rel.ro.*)
159    }
160
161    .init_array : ALIGN(8) {
162        PROVIDE_HIDDEN(__init_array_start = .);
163        KEEP(*(.init_array .ctors))
164        PROVIDE_HIDDEN(__init_array_end = .);
165    }
166
167    /*
168     * Any read-only data "orphan" sections will be inserted here.
169     * Ideally we'd put those into the .rodata output section, but
170     * there isn't a way to do that that guarantees all same-named
171     * input sections collect together as a contiguous unit, which
172     * is what we need them for.  Linkers differ in how they'll
173     * place another dummy section here relative to the orphans, so
174     * there's no good way to define __rodata_end to be exactly the
175     * end of all the orphans sections.  But the only use we have
176     * for __rodata_end is to round it up to page size anyway, so
177     * just define it inside the .data section below, which is
178     * exactly the end of the orphans rounded up to the next page.
179     */
180
181    .data : ALIGN(4096) {
182        PROVIDE_HIDDEN(__rodata_end = .);
183        PROVIDE_HIDDEN(__data_start = .);
184
185        /* Pull out any aligned data into a separate section to make sure
186         * individual variables do not alias with any unaligned vars.
187         */
188        *(.data.cpu_align_exclusive)
189        . = ALIGN(128);
190
191        *(.data .data.* .gnu.linkonce.d.*)
192
193        /*
194         * Make sure the total file size is aligned to 8 bytes so the image
195         * can go into a BOOTDATA container, which requires 8-byte alignment.
196         */
197        . = ALIGN(8);
198        PROVIDE_HIDDEN(__data_end = .);
199    } :data
200
201    /*
202     * Any writable orphan sections would be inserted here.
203     * But there's no way to put the __data_end symbol after
204     * them, so we cannot allow any such cases.  There is no
205     * good way to assert that, though.
206     */
207
208    .bss : ALIGN(4096) {
209        PROVIDE_HIDDEN(__bss_start = .);
210
211        /*
212         * See kernel/include/lib/counters.h; the KCOUNTER macro defines a
213         * kcounter.NAME array in the .bss.kcounter.NAME section that
214         * allocates SMP_MAX_CPUS counter slots.  Here we collect all those
215         * together to make up the kcounters_arena contiguous array.  There
216         * is no particular reason to sort these, but doing so makes them
217         * line up in parallel with the sorted .kcounter.desc section.
218         */
219        . = ALIGN(8);
220        PROVIDE_HIDDEN(kcounters_arena = .);
221        KEEP(*(SORT_BY_NAME(.bss.kcounter.*)))
222
223        /*
224         * Sanity check that the aggregate size of kcounters_arena
225         * SMP_MAX_CPUS slots for each counter.  The k_counter_desc structs
226         * in .kcounter.desc are 8 bytes each, which matches the size of a
227         * single counter.  (It's only for this sanity check that we need
228         * to care how big k_counter_desc is.)
229         */
230        ASSERT(. - kcounters_arena == SIZEOF(.kcounter.desc) * SMP_MAX_CPUS,
231               "kcounters_arena size mismatch");
232
233        *(.bss*)
234        *(.gnu.linkonce.b.*)
235        *(COMMON)
236    }
237
238    /*
239     * Any SHT_NOBITS (.bss-like) sections would be inserted here.
240     */
241
242     . = ALIGN(4096);
243    PROVIDE_HIDDEN(_end = .);
244}
245
246PHDRS
247{
248    code PT_LOAD FLAGS(5); /* PF_R|PF_X */
249    rodata PT_LOAD FLAGS(4); /* PF_R */
250    data PT_LOAD FLAGS(6); /* PF_R|PF_W */
251    note PT_NOTE FLAGS(4); /* PF_R */
252}
253
254/*
255 * This is not actually used since the entry point is set in image.ld,
256 * but it prevents the linker from warning about using a default address
257 * and it keeps --gc-sections from removing .text.boot.
258 */
259ENTRY(IMAGE_ELF_ENTRY)
260
261/*
262 * These special symbols below are made public so they are visible via
263 * --just-symbols to the link of image.S.
264 */
265
266IMAGE_LOAD_START = __code_start;
267IMAGE_LOAD_END = __data_end;
268IMAGE_MEMORY_END = _end;
269