[U-Boot] Chain loading U-Boot on ARM v7, data abort

Neil Stainton nstainton at asl-control.co.uk
Mon Aug 20 10:53:10 UTC 2018 

On Fri, Aug 17, 2018 at 10:57 AM, Neil Stainton <nstainton at asl-control.co.uk> wrote:

>   New Stack Pointer is: 9ef92ea0
>   Relocation Offset is: 18795000
>   Relocating to 9ff95000, new gd at 9ef92ec0, sp at 9ef92ea0
>   data abort
>   pc : [<87800c5c>]          lr : [<9ff9570c>]
>   sp : 9ef92ea0  ip : 00000030     fp : 00000017
>   r10: 878538dc  r9 : 9ef92ec0     r8 : 9ffe8e98
>   r7 : 9ef95460  r6 : 87800000     r5 : 87800320  r4 : 18795000
>   r3 : 8785c648  r2 : 8785acd0     r1 : 00000017  r0 : 18795000
>   Flags: nZCv  IRQs off  FIQs off  Mode SVC_32
>   Code: e20110ff e3510017 1a000003 e0800004 (e5901000) 
>   Resetting CPU ...

I traced this issue to the Arm linker script: The bss and __rel_dyn sections intersect. This causes 'load_elf_image_shdr' to clear a portion of the __rel_dyn table which in turn causes the 'fixloop' in relocate.S of the chained image to fail as it reads zeros instead of valid addresses.

Here's some debug output from load_elf_image_shdr which shows the order the elf sections are loaded:

  => bootelf ${loadaddr}
  Loading .text @ 0x87800000 (237976 bytes)
  Loading .rodata @ 0x8783a198 (59258 bytes)
  Loading .hash @ 0x87848914 (24 bytes)
  Loading .dtb.init.rodata @ 0x87848930 (31600 bytes)
  Loading .data @ 0x878504a0 (8620 bytes)
  Loading .got.plt @ 0x8785264c (12 bytes)
  Loading .u_boot_list @ 0x87852658 (4040 bytes)
  Loading .efi_runtime @ 0x87853620 (560 bytes)
  Loading .dynsym @ 0x8785c598 (48 bytes)
  Loading .efi_runtime_rel @ 0x87853850 (168 bytes)
  Loading .rel.dyn @ 0x878538f8 (36000 bytes)
  Clearing .bss @ 0x878538f8 (29508 bytes)
  Loading .dynstr @ 0x8785c5c8 (1 bytes)
  Loading .dynamic @ 0x8785c5cc (136 bytes)
  ## Starting application at 0x87800000 ...

.bss is being cleared after .rel.dyn is loaded, clobbering it. This can be simply fixed by removing the .bss section header from the chained elf file.

To chain a U-Boot generated Arm elf file, I prepare it by removing the .bss section and stripping the remaining debug cruft:
  ${CC}objcopy --remove-section .bss u-boot
  ${CC}strip u-boot

then once copied to the target device's memory space (at $loadaddr), I can boot it from the U-boot command prompt by entering:
  bootelf ${loadaddr}

This appears to work fine on iMX6ULL at least.

Neil

More information about the U-Boot mailing list