1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
|
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#define offsetof(TYPE, MEMBER) ((size_t)&((TYPE *)0)->MEMBER)
#define max(a,b) \
({ __typeof__ (a) _a = (a); \
__typeof__ (b) _b = (b); \
_a > _b ? _a : _b; })
#define min(a,b) \
({ __typeof__ (a) _a = (a); \
__typeof__ (b) _b = (b); \
_a < _b ? _a : _b; })
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
/* struct boot_params has struct setup_header at 0ffset 0x1f1 */
struct __attribute__((__packed__)) setup_header {
uint8_t _pad0[0x1f1];
uint8_t setup_sects;
uint16_t root_flags;
uint32_t syssize;
uint16_t ram_size;
uint16_t vid_mode;
uint16_t root_dev;
uint16_t boot_flag;
uint16_t jump;
uint32_t header;
#define HDR_MAGIC "HdrS"
#define HDR_MAGIC_SZ 4
uint16_t version;
#define VERSION(h,l) (((h)<<8) | (l))
uint32_t realmode_swtch;
uint16_t start_sys;
uint16_t kernel_version;
uint8_t type_of_loader;
uint8_t loadflags;
uint16_t setup_move_size;
uint32_t code32_start;
uint32_t ramdisk_image;
uint32_t ramdisk_size;
uint32_t bootsect_kludge;
uint16_t heap_end_ptr;
uint16_t _pad1;
uint32_t cmd_line_ptr;
uint32_t initrd_addr_max;
uint32_t kernel_alignment;
uint8_t relocatable_kernel;
uint8_t _pad2[3];
uint32_t cmdline_size;
uint32_t hardware_subarch;
uint64_t hardware_subarch_data;
uint32_t payload_offset;
uint32_t payload_length;
};
void usage(char *argv[])
{
fprintf(stderr, "Usage: %s <kernel-bzimage>\n", argv[0]);
exit(EXIT_FAILURE);
}
int main(int argc, char *argv[])
{
FILE *f;
struct stat sb;
int ret = -EINVAL;;
const char *kernel_filename;
uint8_t header[8192], *setup, *kernel, *initrd_data;
int setup_size, initrd_size = 0, cmdline_size;
size_t kernel_size, read_size;
/* The xen way */
struct setup_header *hdr;
uint32_t hdr_int;
uint16_t protocol;
if (argc != 2)
goto err_out;
kernel_filename = argv[1];
ret = stat(kernel_filename, &sb);
if (ret == -1) {
fprintf(stderr, "Could not stat() file %s\n", kernel_filename);
goto err_out;
}
kernel_size = sb.st_size;
printf("kernel:\t%s\n", kernel_filename);
printf("kernel size:\t%lld bytes\n", kernel_size);
f = fopen(kernel_filename, "rb");
if (!f) {
fprintf(stderr, "unable to load kernel %s: %s\n",
kernel_filename, strerror(errno));
}
read_size = fread(header, 1, min(ARRAY_SIZE(header), kernel_size), f);
if (read_size != min(ARRAY_SIZE(header), kernel_size)) {
fprintf(stderr, "Invalid size read for %s: %d (%s)\n",
kernel_filename, read_size, strerror(errno));
goto err_out;
}
fprintf(stdout, "Going to parse kernel...\n\n");
memcpy(&hdr_int, HDR_MAGIC, sizeof(uint32_t));
hdr = (struct setup_header *) header;
/* Xen's check is by far the cleanest and easiest to read */
if (memcmp(&hdr->header, HDR_MAGIC, HDR_MAGIC_SZ) != 0 ) {
fprintf(stderr, "Bad image magic\n");
fprintf(stdout, "Xen Expects:\t0x%08x\n", hdr_int);
fprintf(stderr, "On image:\t%0x\n", hdr->header);
goto err_out;
}
fprintf(stdout, "-------------------------------------------------\n");
if (hdr->setup_sects > 15) {
char kver_str[128];
fseek(f, hdr->kernel_version + 0x200, SEEK_SET);
fread(kver_str, 128, 1, f);
kver_str[127] = '\0';
fprintf(stdout, "Kernel version: %s\n", kver_str);
} else
fprintf(stdout, "No kernel version information available\n");
fprintf(stdout, "-------------------------------------------------\n");
fprintf(stdout, "Xen Expects:\t0x%08x\n", hdr_int);
fprintf(stdout, "Qemu Expects:\t0x%08x\n", 0x53726448);
fprintf(stdout, "On image:\t0x%08x\n", hdr->header);
fprintf(stdout, "\n\n");
/*
* Qemu calls this protocol, on Xen and Linux this is the
* boot protocol version. Xen requires at least 2.08.
*/
memcpy(&protocol, header+0x206, sizeof(uint16_t));
fprintf(stdout, "bzImage protocol Version: v%d.%02d\n",
hdr->version >> 8, hdr->version & 0xff);
fprintf(stdout, "Xen hdr->version:\t%d\n", hdr->version);
fprintf(stdout, "Qemu protocol:\t\t%d\n", protocol);
fprintf(stdout, "Qemu VERSION(2,8):\t%d\n", VERSION(2,8));
fprintf(stdout, "\n-------------------------------------------------\n");
fprintf(stdout, "Boot protocol 2.07:\t0x%04x\t(supports hardware_subarch)\n", VERSION(2,7));
fprintf(stdout, "Boot protocol 2.08:\t0x%04x\n", VERSION(2,8));
fprintf(stdout, "Boot protocol 2.09:\t0x%04x\n", VERSION(2,9));
fprintf(stdout, "Boot protocol 2.10:\t0x%04x\n", VERSION(2,10));
fprintf(stdout, "Boot protocol 2.11:\t0x%04x\n", VERSION(2,11));
fprintf(stdout, "Boot protocol 2.12:\t0x%04x\n", VERSION(2,12));
fprintf(stdout, "Boot protocol 2.13:\t0x%04x\n", VERSION(2,13));
/*
* Refer to:
*
* Documentation/x86/zero-page.txt
* arch/x86/include/uapi/asm/bootparam.h
*
* Upon boot we also use the sruct setup_header on the
* struct boot_params. On x86 32-bit this is on the first
* page, aka "zero page", on 64-bit this can be anywhere.
* Either way we know the sruct setup_header offset within
* struct boot_parmams resides between [0x1f1 - 0x290]. Qemu
* uses direct offsets from the struct boot_parmams as with:
*
* header[0x211] |= 0x80; // CAN_USE_HEAP
*
* If we want to modify qemu to add other fields we need to
* know the offset. This program skips struct boot_params and
* by placing setup_header at 0x1f1 with a pad. To get the
* offset of fields we can simply use offsetof. To test
* correctness we know qemu's code relies on an offset of
* 0x211 for setup_header->loadflags. Test for that and
* then compute the offset for hardware_subarch.
*/
/* Boot protocol >= 2.07 supports hardware_subarch */
fprintf(stdout, "\n\n");
fprintf(stdout, "Member\t\t\t\t\tOffset\tExpected\tMatch\n");
fprintf(stdout, "-------------------------------------------------------------------------\n");
fprintf(stdout, "setup_header->loadflags\t\t\t0x%04x\t0x0211\t\t%s\n",
offsetof(struct setup_header, loadflags),
offsetof(struct setup_header, loadflags) == 0x0211 ?
"YES" : "NO!");
fprintf(stdout, "setup_header->hardware_subarch\t\t0x%04x\n",
offsetof(struct setup_header, hardware_subarch));
fprintf(stdout, "setup_header->hardware_subarch_data\t0x%04x\n",
offsetof(struct setup_header, hardware_subarch_data));
exit(EXIT_SUCCESS);
err_out:
usage(argv);
return ret;
}
|
