I'm writing a baremetal kernel, and I have trouble understanding the output of ld in the case of a NOLOAD section. I am declaring symbols that only exists with MMU activated, so the VMA and LMA are not the same.
I used to declaring such a section like this:
_foobar_start = .;
.foobar : AT(ADDR(.foobar) - VA_PA_OFFSET)
{
*.o(.foobar.section*)
}
_foobar_end = .;
Now one of my section's content is loaded by the boot loader, so I only want to declare the VMA symbols to be used at runtime, to access the data, so I tried the NOLOAD attribute:
_foobar_start = .;
.foobar (NOLOAD) :
{
. += SIZE_OF_FOOBAR;
}
_foobar_end = .;
I know I don't care about the LMA in this case, but I expected to see something like, where LMA = VMA (see LD manual):
.foobar 0x000000004002c000 0x353c load address 0x000000004002c000
but I get something with a strange LMA that I don't make sense of:
.foobar 0x000000004002c000 0x353c load address 0x0000000001900000
If I force the VMA = LMA in the script using
.foobar (NOLOAD) : AT(_foobar_start)
everything seems fine and I see only
.foobar 0x000000004002c000 0x353c
Even without forcing VMA = LMA, the resulting ELF is ok, but I get some warnings at compile time because of other sections (toto is another section):
warning: dot moved backwards before `.toto
and I'd like to get read of those.
Is there a reason I don't get LMA = VMA when specifying NOLOAD ?
EDIT: here is full linker file triggering the problem. I added some comments to pin points the issues
OUTPUT_ARCH(CONFIG_LINKER_ARCH)
OUTPUT_FORMAT(CONFIG_LINKER_FORMAT)
_kern_phys_base = OCRAM_BASE_PA + OCRAM_OFFSET;
_kern_offset = KERNEL_VA_PA_OFFSET;
SECTIONS
{
. = _kern_phys_base;
_start_image_addr = .;
. = ALIGN(0x1000);
_early_text_start = .;
.early_text :
{
KEEP(*(.text.boot))
KEEP(*(.text.mmu))
}
. = ALIGN(4);
.early_rodata :
{
*(.rodata.boot*)
*(.rodata.mmu*)
}
_early_text_end = .;
. = ALIGN(0x1000);
_early_data_start = .;
.early_data :
{
*(.data.boot)
}
_early_data_end = .;
. = ALIGN(0x4000);
_early_bss_start = .;
.early_bss :
{
*(.bss.mmu)
*(.bss.boot)
}
. = ALIGN(16);
_early_bss_end = .;
_early_end = .;
/*
* The following part is accessed only once the MMU has been
* activated, so we first need to jump into "high" memory
*/
. += _kern_offset;
. = ALIGN(0x1000);
_text_start = .;
.text : AT(ADDR(.text) - _kern_offset)
{
*(.text .text.*)
}
_text_end = .;
. = ALIGN(0x1000);
_rodata_start = .;
.rodata : AT(ADDR(.rodata) - _kern_offset)
{
*(.rodata*)
}
_rodata_end = .;
. = ALIGN(4);
_arm_extab_start = .;
.ARM.extab : AT(ADDR(.ARM.extab) - _kern_offset)
{
*(.ARM.extab)
}
_arm_extab_end = .;
. = ALIGN(4);
_arm_exidx_start = .;
.ARM.exidx : AT(ADDR(.ARM.exidx) - _kern_offset)
{
*(.ARM.exidx)
}
_arm_exidx_end = .;
. = ALIGN(4);
_kernel_debug_info_start = .;
_kernel_debug_info_end = .;
. = ALIGN(4);
_emergency_code_vstart = .;
_emergency_code_vend = .;
/*
* This is where I use the NOLOAD, with AT this time
* This 'archive' part is not located in OCRAM, but some
* where else in RAM
*/
_archive_point_save = .;
. = DDR_BASE_VA;
. = ALIGN(512);
_archive_start = .;
.archive_data (NOLOAD) : AT(_archive_start)
{
codes.o(.rawdata*)
}
_archive_end = .;
. = _archive_point_save;
/* Back to OCRAM VMA */
. = ALIGN(0x1000);
_data_start = .;
.data : AT(ADDR(.data) - _kern_offset)
{
*(.data*)
}
_data_end = .;
. = ALIGN(32);
_bss_start = .;
.bss : AT(ADDR(.bss) - _kern_offset)
{
*(.bss .bss.*)
}
. = ALIGN(16);
_bss_end = .;
/*
* Second location, also in RAM, just after the '.archive_data' section
* This time I didn't put the AT to show the difference in output
*/
_dyn_archive_point_save = .;
. = _archive_end;
. = ALIGN(0x1000);
_dyn_archive_start = .;
.dyn_archive (NOLOAD) :
{
. += _dyn_archive_space;
}
_dyn_archive_end = .;
. = _dyn_archive_point_save;
/* Back to OCRAM VMA */
. = ALIGN(0x1000);
_kernel_stack_guard = .;
. += 0x1000;
.stack (NOLOAD) :
{
_kernel_stack_end = .;
/* 2 pages of 4 kB */
. += 0x2000;
_kernel_stack_start = .;
}
_kernel_image_end = .;
}
And here is the output of objdump -x:
build/kernel/kernel.elf: file format elf32-littlearm
build/kernel/kernel.elf
architecture: arm, flags 0x00000102:
EXEC_P, D_PAGED
start address 0x00910000
Program Header:
0x70000001 off 0x0003072c vaddr 0x4003072c paddr 0x0093072c align 2**2
filesz 0x000000a0 memsz 0x000000a0 flags r--
LOAD off 0x00010000 vaddr 0x00910000 paddr 0x00910000 align 2**16
filesz 0x00002828 memsz 0x00008000 flags rwx
LOAD off 0x00018000 vaddr 0x40018000 paddr 0x00918000 align 2**16
filesz 0x000199e0 memsz 0x0001fa28 flags rwx
LOAD off 0x00038000 vaddr 0x41028000 paddr 0x01928000 align 2**16
filesz 0x00000000 memsz 0x00100000 flags rw-
LOAD off 0x00039000 vaddr 0x40039000 paddr 0x40039000 align 2**16
filesz 0x00000000 memsz 0x00002000 flags rw-
LOAD off 0x00040000 vaddr 0x41000000 paddr 0x41000000 align 2**16
filesz 0x00000000 memsz 0x00028000 flags rw-
private flags = 5000200: [Version5 EABI] [soft-float ABI]
Sections:
Idx Name Size VMA LMA File off Algn
0 .early_text 000015c0 00910000 00910000 00010000 2**5
CONTENTS, ALLOC, LOAD, READONLY, CODE
1 .early_rodata 00000030 009115c0 009115c0 000115c0 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
2 .early_data 00000828 00912000 00912000 00012000 2**3
CONTENTS, ALLOC, LOAD, DATA
3 .early_bss 00004000 00914000 00914000 00012828 2**14
ALLOC
4 .text 000142d8 40018000 00918000 00018000 2**5
CONTENTS, ALLOC, LOAD, READONLY, CODE
5 .rodata 000036c0 4002d000 0092d000 0002d000 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
6 .ARM.extab 0000006c 400306c0 009306c0 000306c0 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
7 .ARM.exidx 000000a0 4003072c 0093072c 0003072c 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
8 .archive_data 00028000 41000000 41000000 00040000 2**0
ALLOC
9 .data 000009e0 40031000 00931000 00031000 2**3
CONTENTS, ALLOC, LOAD, DATA
10 .bss 00006048 400319e0 009319e0 000319e0 2**3
ALLOC
11 .dyn_archive 00100000 41028000 01928000 00038000 2**0
ALLOC
12 .stack 00002000 40039000 40039000 00039000 2**0
ALLOC
13 .comment 0000002d 00000000 00000000 000319e0 2**0
CONTENTS, READONLY
14 .ARM.attributes 00000037 00000000 00000000 00031a0d 2**0
CONTENTS, READONLY
SYMBOL TABLE:
no symbols
As you can see: .archive_data and .stack correctly get VMA = LMA but .dyn_archive doesn't. If I remove the AT of .archive_data, I get the same behavior than .dyn_archive with the address 0x1900000
It seems my last comment is valid, as confirmed (at least to the extend of our interpretation of the manual) on the binutils ML
The warning where triggered by the "LMA goes backwards" scenario, and correctly updating LMA each time . is updated by hand is the correct way to go.
Related
I'm working on an Arm bare-metal application and I've marked some sections with NOLOAD. According to the explanation in Understanding linker script NOLOAD sections in embedded software
, I expected the resulting ELF file to not have a loadable segment (program header) for these sections, but it does.
Is this correct? Why are those sections marked as loadable in the ELF file?
As the linker is still placing the data in .bss, how a loader is supposed to know that the sections shouldn't be loaded? Or am I missing the meaning of 'load' in the sense that NOLOAD only makes sense for initialized symbols (which would normally be placed into .data)?
This is a part of my linker script:
.bss (NOLOAD) :
{
. = ALIGN(4);
__bss_start__ = .;
*(.bss_begin .bss_begin.*)
*(.bss .bss.*)
*(COMMON)
*(.bss_end .bss_end.*)
. = ALIGN(4);
__bss_end__ = .;
} >DRAM
.noinit (NOLOAD) :
{
. = ALIGN(4);
__noinit_start__ = .;
*(.noinit .noinit.*)
. = ALIGN(4) ;
__noinit_end__ = .;
} > DRAM
/* Check if there is enough space to allocate the main stack */
._stack (NOLOAD) :
{
. = ALIGN(4);
. = . + __Main_Stack_Size ;
. = ALIGN(4);
} >DRAM
This is the output ELF file:
arm-none-eabi-readelf.exe -l test.elf
Elf file type is EXEC (Executable file)
Entry point 0x601b9
There are 2 program headers, starting at offset 52
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x010000 0x00060000 0x00060000 0x06840 0x06840 RWE 0x10000
LOAD 0x020000 0x20010000 0x20010000 0x00000 0x06084 RW 0x10000
Section to Segment mapping:
Segment Sections...
00 .text .ARM.exidx.reset .data
01 .systemclock .bss ._stack
Why are the .bss and ._stack sections there?
Thanks!!
The FileSiz of the second segment is 0 which means that there is no data that will be loaded from the elf file into this segment.
The reason why this segment exists in the table is that on a non-embedded system, the program loader would still need to request memory for sections in that segment and mark the relevant pages with the relevant attributes (readable and writable in this case).
Edit: After reading the question again, I did a bit more experimenting and it seems that all (NOLOAD) seems to do is to set the type of the section in the output file to SHT_NOBITS. The elf specification calls that a section that occupies no space in the file but is still part of the program's memory image.
If the goal is to link against code that is already present in the rom before the program is loaded, those symbols should be defined in the linker script outside of any section. E.g. already_present_code = 0x06000000; SECTIONS { .text : {*(.text*)} /* ... */}. That seems to have the desired effect.
I would like to run my firmware from the flash address :0x08040000
so I partitioned the memory layout for the software as shown:
ENTRY(Reset_Handler)
/* Highest address of the user mode stack */
_estack = 0x20080000; /* end of RAM */
/* Generate a link error if heap and stack don't fit into RAM */
_Min_Heap_Size = 0x1000; /* required amount of heap */
_Min_Stack_Size = 0x2000; /* required amount of stack */
/* Specify the memory areas */
MEMORY
{
FLASH (rx) : ORIGIN = 0x08040000, LENGTH = 768K
FLASH2 (r) : ORIGIN = 0x08100000, LENGTH = 1024K
SRAM1 (xrw) : ORIGIN = 0x20020000, LENGTH = 368K
SRAM2 (xrw) : ORIGIN = 0x2007C000, LENGTH = 16K
DTCMRAM (wal) : ORIGIN = 0x20000000, LENGTH = 128K
MEMORY_B1 (rx) : ORIGIN = 0x60000000, LENGTH = 0K
}
main_stack_base = _estack;
/* used by the startup code to populate variables used by the C code */
data_lma = LOADADDR(.data);
data_vma = ADDR(.data);
data_size = SIZEOF(.data);
/* used by the startup code to wipe memory */
ccmram_start = ORIGIN(SRAM1);
ccmram_end = ORIGIN(SRAM1) + 4;
/* used by the startup code to wipe memory */
sram_start = ORIGIN(SRAM1);
sram_end = ORIGIN(SRAM1) + LENGTH(SRAM1);
_ram_start = sram_start;
_ram_end = sram_end;
_codelen = LENGTH(FLASH);
_flash_start = ORIGIN(FLASH);
_flash_end = ORIGIN(FLASH) + LENGTH(FLASH);
_heap_start = ADDR(.heap);
_heap_end = ADDR(.heap) + SIZEOF(.heap);
/* Define output sections */
SECTIONS
{
/* The startup code goes first into FLASH */
.isr_vector :
{
. = ALIGN(4);
KEEP(*(.isr_vector)) /* Startup code */
. = ALIGN(4);
} >FLASH
.flash2 : ALIGN(512) {
build/firmware_rnc/frozen_mpy.o(.rodata*);
build/firmware_rnc/vendor/secp256k1-zkp/src/secp256k1.o(.rodata*);
. = ALIGN(512);
} >FLASH2 AT>FLASH2
/* The program code and other data goes into FLASH */
.text :
{
. = ALIGN(4);
*(.text) /* .text sections (code) */
*(.text*) /* .text* sections (code) */
*(.glue_7) /* glue arm to thumb code */
*(.glue_7t) /* glue thumb to arm code */
*(.eh_frame)
KEEP (*(.init))
KEEP (*(.fini))
. = ALIGN(4);
_etext = .; /* define a global symbols at end of code */
} >FLASH
/* Constant data goes into FLASH */
.rodata :
{
. = ALIGN(4);
*(.rodata) /* .rodata sections (constants, strings, etc.) */
*(.rodata*) /* .rodata* sections (constants, strings, etc.) */
. = ALIGN(4);
} >FLASH2 AT>FLASH2
.ARM.extab : { *(.ARM.extab* .gnu.linkonce.armextab.*) } >FLASH
.ARM : {
__exidx_start = .;
*(.ARM.exidx*)
__exidx_end = .;
} >FLASH
.preinit_array :
{
PROVIDE_HIDDEN (__preinit_array_start = .);
KEEP (*(.preinit_array*))
PROVIDE_HIDDEN (__preinit_array_end = .);
} >FLASH
.init_array :
{
PROVIDE_HIDDEN (__init_array_start = .);
KEEP (*(SORT(.init_array.*)))
KEEP (*(.init_array*))
PROVIDE_HIDDEN (__init_array_end = .);
} >FLASH
.fini_array :
{
PROVIDE_HIDDEN (__fini_array_start = .);
KEEP (*(SORT(.fini_array.*)))
KEEP (*(.fini_array*))
PROVIDE_HIDDEN (__fini_array_end = .);
} >FLASH
/* used by the startup to initialize data */
_sidata = LOADADDR(.data);
/* Initialized data sections goes into RAM, load LMA copy after code */
.data :
{
. = ALIGN(4);
_sdata = .; /* create a global symbol at data start */
*(.data) /* .data sections */
*(.data*) /* .data* sections */
. = ALIGN(4);
_edata = .; /* define a global symbol at data end */
} >SRAM1 AT> FLASH
_sidtcmram = LOADADDR(.dtcmram);
/* DTCMRAM section
*
* IMPORTANT NOTE!
* If initialized variables will be placed in this section,
* the startup code needs to be modified to copy the init-values.
*/
.dtcmram :
{
. = ALIGN(4);
_sdtcmram = .; /* create a global symbol at dtcmram start */
*(.dtcmram)
*(.dtcmram*)
. = ALIGN(4);
_edtcmram = .; /* create a global symbol at dtcmram end */
} >DTCMRAM AT> FLASH
_sisram2 = LOADADDR(.sram2);
/* SRAM2 section
*
* IMPORTANT NOTE!
* If initialized variables will be placed in this section,
* the startup code needs to be modified to copy the init-values.
*/
.sram2 :
{
. = ALIGN(4);
_ssram2 = .; /* create a global symbol at sram2 start */
*(.sram2)
*(.sram2*)
. = ALIGN(4);
_esram2 = .; /* create a global symbol at sram2 end */
} >SRAM2 AT> FLASH
/* Uninitialized data section */
. = ALIGN(4);
.bss :
{
/* This is used by the startup in order to initialize the .bss secion */
_sbss = .; /* define a global symbol at bss start */
__bss_start__ = _sbss;
*(.bss)
*(.bss*)
*(COMMON)
. = ALIGN(4);
_ebss = .; /* define a global symbol at bss end */
__bss_end__ = _ebss;
} >SRAM1
.heap : ALIGN(4) {
. = 37K; /* this acts as a build time assertion that at least this much memory is available for heap use */
. = ABSOLUTE(sram_end - 16K); /* this explicitly sets the end of the heap effectively giving the stack at most 16K */
} >SRAM1
.stack : ALIGN(8) {
. = 4K; /* this acts as a build time assertion that at least this much memory is available for stack use */
} >SRAM1
/* MEMORY_bank1 section, code must be located here explicitly */
/* Example: extern int foo(void) __attribute__ ((section (".mb1text"))); */
.memory_b1_text :
{
*(.mb1text) /* .mb1text sections (code) */
*(.mb1text*) /* .mb1text* sections (code) */
*(.mb1rodata) /* read-only data (constants) */
*(.mb1rodata*)
} >MEMORY_B1
/* Remove information from the standard libraries */
/DISCARD/ :
{
libc.a ( * )
libm.a ( * )
libgcc.a ( * )
}
.ARM.attributes 0 : { *(.ARM.attributes) }
}
My startup looks like this:
.syntax unified
.cpu cortex-m7
.fpu softvfp
.thumb
.global g_pfnVectors
.global Default_Handler
/* start address for the initialization values of the .data section.
defined in linker script */
.word _sidata
/* start address for the .data section. defined in linker script */
.word _sdata
/* end address for the .data section. defined in linker script */
.word _edata
/* start address for the .bss section. defined in linker script */
.word _sbss
/* end address for the .bss section. defined in linker script */
.word _ebss
/* stack used for SystemInit_ExtMemCtl; always internal RAM used */
/**
* #brief This is the code that gets called when the processor first
* starts execution following a reset event. Only the absolutely
* necessary set is performed, after which the application
* supplied main() routine is called.
* #param None
* #retval : None
*/
.section .text.Reset_Handler
.weak Reset_Handler
.type Reset_Handler, %function
Reset_Handler:
ldr sp, =_estack /* set stack pointer */
/* Copy the data segment initializers from flash to SRAM */
movs r1, #0
b LoopCopyDataInit
CopyDataInit:
ldr r3, =_sidata
ldr r3, [r3, r1]
str r3, [r0, r1]
adds r1, r1, #4
LoopCopyDataInit:
ldr r0, =_sdata
ldr r3, =_edata
adds r2, r0, r1
cmp r2, r3
bcc CopyDataInit
ldr r2, =_sbss
b LoopFillZerobss
/* Zero fill the bss segment. */
FillZerobss:
movs r3, #0
str r3, [r2], #4
LoopFillZerobss:
ldr r3, = _ebss
cmp r2, r3
bcc FillZerobss
/* Call the clock system intitialization function.*/
bl SystemInit
/* Call static constructors */
/* Call the application's entry point.*/
bl main
bx lr
.size Reset_Handler, .-Reset_Handler
The problem is: The firmware doesn't enter the main function and it jumps somewhere in one of the .c files always doing that.
Where is the problem ?
The address of the reset vector is determined by the
logic level on the BOOT pin at reset
contents of the nDBANK and nDBOOT bits in the user option bytes
contents of the boot address option bytes
Verify that all of these contain the right values according to chapters 2.5 and and 3.4 of the reference manual.
If they still have their default values, and the BOOT pin is pulled low, the cpu will use the value at 0x08000004 with bit 0 cleared as the start address, and the value at 0x08000000 as the initial stack pointer. You can either copy the first 8 bytes from the start of the image to 0x08000000 in the flash, or set an alternate address in the option bytes.
let's say I run arm-none-eabi-objcopy firmwared.elf -O ihex firmware.hex
Assume the binary was generated with the following linker script:
ENTRY(Reset_Handler)
MEMORY
{
FLASH (RX) : ORIGIN = 0x08020000, LENGTH = 896K
SRAM (RWX) : ORIGIN = 0x20000000, LENGTH = 512K
BKPSRAM (RW) : ORIGIN = 0x40024000, LENGTH = 4K
}
_estack = 0x20080000;
SECTIONS
{
.isr_vector :
{
. = ALIGN(4);
_isr_vector = .;
KEEP(*(.isr_vector))
. = ALIGN(4);
} > FLASH
.firmware_header_vector :
{
. = ALIGN(4);
KEEP(*(.firmware_header_vector))
. = ALIGN(4);
} > FLASH
.text :
{
. = ALIGN(4);
_stext = .;
*(.Reset_Handler)
*(.text)
*(.text*)
*(.rodata)
*(.rodata*)
*(.glue_7)
*(.glue_7t)
KEEP(*(.init))
KEEP(*(.fini))
. = ALIGN(4);
_etext = .;
} > FLASH
.ARM.extab :
{
. = ALIGN(4);
*(.ARM.extab)
*(.gnu.linkonce.armextab.*)
. = ALIGN(4);
} > FLASH
.exidx :
{
. = ALIGN(4);
PROVIDE(__exidx_start = .);
*(.ARM.exidx*)
. = ALIGN(4);
PROVIDE(__exidx_end = .);
} > FLASH
.preinit_array :
{
PROVIDE(__preinit_array_start = .);
KEEP(*(.preinit_array*))
PROVIDE(__preinit_array_end = .);
} > FLASH
.init_array :
{
PROVIDE(__init_array_start = .);
KEEP(*(SORT(.init_array.*)))
KEEP(*(.init_array*))
PROVIDE(__init_array_end = .);
} > FLASH
.fini_array :
{
PROVIDE(__fini_array_start = .);
KEEP(*(.fini_array*))
KEEP(*(SORT(.fini_array.*)))
PROVIDE(__fini_array_end = .);
} > FLASH
_sidata = .;
.data_x : AT(_sidata) /* LMA address is _sidata (in FLASH) */
{
. = ALIGN(4);
_sdata = .; /* data section VMA address */
*(.data*)
. = ALIGN(4);
_edata = .;
} > SRAM
.firmware_header (_sidata + SIZEOF(.data_x)):
{
. = ALIGN(4);
KEEP(*(.firmware_header))
. = ALIGN(4);
} > FLASH
.eth (NOLOAD) :
{
. = ALIGN(4);
KEEP(*(.RxDecripSection))
KEEP(*(.TxDescripSection))
KEEP(*(.RxarraySection))
KEEP(*(.TxarraySection))
. = ALIGN(4);
} > SRAM
.bss :
{
. = ALIGN(4);
_sbss = .;
PROVIDE(__bss_start__ = _sbss);
*(.bss)
*(.bss*)
*(COMMON)
. = ALIGN(4);
_ebss = .;
PROVIDE(__bss_end__ = _ebss);
} > SRAM
PROVIDE(end = .);
.heap (NOLOAD) :
{
. = ALIGN(4);
PROVIDE(__heap_start__ = .);
KEEP(*(.heap))
. = ALIGN(4);
PROVIDE(__heap_end__ = .);
} > SRAM
.reserved_for_stack (NOLOAD) :
{
. = ALIGN(4);
PROVIDE(__reserved_for_stack_start__ = .);
KEEP(*(.reserved_for_stack))
. = ALIGN(4);
PROVIDE(__reserved_for_stack_end__ = .);
} > SRAM
.battery_backed_sram (NOLOAD) :
{
. = ALIGN(4);
KEEP(*(.battery_backed_sram))
. = ALIGN(4);
} > BKPSRAM
/DISCARD/ :
{
*(.ARM.attributes)
}
}
This results in a readelf output of:
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .isr_vector PROGBITS 08020000 010000 0001f8 00 WA 0 0 4
[ 2] .firmware_header_ PROGBITS 080201f8 0101f8 000004 00 WA 0 0 4
[ 3] .text PROGBITS 08020200 010200 021b44 00 AX 0 0 64
[ 4] .ARM.extab PROGBITS 08041d44 042728 000000 00 W 0 0 1
[ 5] .exidx ARM_EXIDX 08041d44 031d44 000008 00 AL 3 0 4
[ 6] .init_array INIT_ARRAY 08041d4c 031d4c 000008 04 WA 0 0 4
[ 7] .fini_array FINI_ARRAY 08041d54 031d54 000004 04 WA 0 0 4
[ 8] .data_x PROGBITS 20000000 040000 0009c8 00 WA 0 0 8
[ 9] .firmware_header PROGBITS 08042720 042720 000008 00 WA 0 0 4
[10] .eth NOBITS 200009c8 0509c8 0030a0 00 WA 0 0 4
[11] .bss NOBITS 20003a68 0509c8 045da4 00 WA 0 0 4
[12] .heap PROGBITS 2004980c 042728 000000 00 W 0 0 1
[13] .reserved_for_sta PROGBITS 2004980c 042728 000000 00 W 0 0 1
[14] .battery_backed_s NOBITS 40024000 044000 00000c 00 WA 0 0 4
[15] .comment PROGBITS 00000000 042728 000075 01 MS 0 0 1
[16] .debug_frame PROGBITS 00000000 0427a0 00144c 00 0 0 4
[17] .stab PROGBITS 00000000 043bec 000084 0c 18 0 4
[18] .stabstr STRTAB 00000000 043c70 000117 00 0 0 1
[19] .symtab SYMTAB 00000000 043d88 009b00 10 20 1787 4
[20] .strtab STRTAB 00000000 04d888 0042bb 00 0 0 1
[21] .shstrtab STRTAB 00000000 051b43 0000e6 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
y (purecode), p (processor specific)
There are no section groups in this file.
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x010000 0x08020000 0x08020000 0x21d58 0x21d58 RWE 0x10000
LOAD 0x040000 0x20000000 0x08041d58 0x009c8 0x009c8 RW 0x10000
LOAD 0x042720 0x08042720 0x08042720 0x00008 0x00008 RW 0x10000
LOAD 0x0509c8 0x200009c8 0x08042720 0x00000 0x48e44 RW 0x10000
LOAD 0x044000 0x40024000 0x40024000 0x00000 0x0000c RW 0x10000
Section to Segment mapping:
Segment Sections...
00 .isr_vector .firmware_header_vector .text .exidx .init_array .fini_array
01 .data_x
02 .firmware_header
03 .eth .bss
04 .battery_backed_sram
How does objcopy know not to insert sections such as .bss in to the output image? I know that it computes this on the fly, and I'm assuming this mechanism is driven through the section to segment mapping, but I cannot find any explanation as to how it actually performs the segment to section mapping. The elf file stores no information about which segments are flash, and yet somehow objcopy knows that it should not copy .bss into the output file. How?
The 'A' flag in the Flg column of the readelf output, which ELF calls SHF_ALLOC, indicates a section that 'occupies memory during process execution'.
SHF_ALLOC : The section occupies memory during process execution. Some
control sections do not reside in the memory image of an object file;
this attribute is off for those sections.
http://refspecs.linuxbase.org/elf/elf.pdf
Typically this applies to both program and data memory, and in a 'normal' OS environment the OS loads the SHF_ALLOC sections to the indicated addresses (ignoring or using for other purposes the non-SHF_ALLOC sections as appropriate) and everything's ready to go.
In an embedded environment with ROM program memory, only SHF_ALLOC sections mapping to addresses in ROM need to be output.
(This question illustrates a case in which going by address alone without taking SHF_ALLOC into account is not enough.)
However:
Depending on how the linker produced the ELF file, initialised data sections may or may not require additional handling.
Ideally the linker produces two sections related to initialised data: one in RAM (the runtime data area), and one in ROM (the initialisation contents for the RAM data). Startup code references the addresses of these sections and copies the init data to the RAM area. In this case simply outputting SHF_ALLOC sections in the ROM address range will automatically produce correct results.
If the linker instead produces a single section as if for a normal OS, then when generating the ROM image the data section needs to be identified and emitted at an address in ROM (and the startup code needs to be able to find that address).
Most decent toolchains take the former approach if configured correctly, but I've certainly worked with the latter as well.
If you want an algorithm that mimics what objcopy -O binary does you need to look at the section headers. Unlike as is often suggested, just looking at segment headers is not enough.
Quote from the objcopy man page:
objcopy can be used to generate a raw binary file by using an output target of binary (e.g., use -O binary). When objcopy generates a raw binary file, it will essentially produce a memory dump of the contents of the input object file. All symbols and relocation information will be discarded. The memory dump will start at the load address of the lowest section copied into the output file.
I think the last sentence says very deliberately 'section', as this really is what happens: objcopy goes through all the sections and discards those that do not go into a raw binary file. The remaining sections are written to the output file, sorted by ascending address. Space between sections in the output file is filled with zeros.
For an own project where I need to convert ELF files to raw binaries and where I do not want to depend on objcopy I came up with the following:
If a section is of type SHT_NULL or SHT_NOBITS, then the section is not included. This follows from the ELF specification (https://refspecs.linuxbase.org/elf/elf.pdf):
SHT_NULL: "This value marks the section header as inactive; it does not have an associated section. Other members of the section header have undefined values."
SHT_NOBITS: "A section of this type occupies no space in the file but otherwise resembles SHT_PROGBITS. Although this section contains no bytes, the sh_offset member contains the conceptual file offset."
If the sh_addr field of a section header is 0, then the section is not included. Quote from the ELF specification: "If the section will appear in the memory image of a process, this member
gives the address at which the section's first byte should reside. Otherwise,
the member contains 0."
If the sh_size field of a section header is 0, then the section is not included. Quote from the ELF specification: "This member gives the section's size in bytes. Unless the section type is SHT_NOBITS, the section occupies sh_size bytes in the file. A section of type SHT_NOBITS may have a non-zero size, but it occupies no space
in the file
If the sh_flags field of a section header doesn't have the SHF_ALLOCflag set, then the section is not included. Quote from the ELF specification: "The section occupies memory during process execution. Some control sections do not reside in the memory image of an object file; this attribute is off for those sections."
Step 3 is somewhat redundant, but for me it nicely filters out sections whose size is zero, so that I do not have to deal with these during later stages.
This works for me, although I haven't thrown many ELF files at it yet. Also note that this is guesswork to some extent. I thought about reading the objcopy source code, but that leads very quickly into the bowels of libbfd.
I have no idea if this is the real way to do this, but this is how I ended up solving this:
# For each program header, get the sections contained by it
# For each section, calculate the LMA the section will reside at
# Do NOT load a section if...
# Section type is SHT_NULL or NOBITS
# Section size = 0
# The LMA is outside of the isr_vector -> header region
Note that in my case, I had a section capping off the end of the image. This made it very obvious as to exactly where the image ended.
my program is working on linux using gcc. Through the manual page, I find edata, which represent the first address past the end of the initialized data segment.
But I want know the first address of initialized data segment
How can I get it?
I have tried treating etext as the first address of initialized data segment. Then I got a segment fault when I increase the address and access the variable stored in it. I think some address space between etext and edata was not mapped into virtual memory. Is that right?
That depends on your linker scripts. For example on some platforms you have the symbol __bss_start at the beginning of BSS. It's a symbol without any data associated with it, you can get a pointer to it by extern declaring a variable with that name (only for the sake of taking the address of that variable). For example:
#include <stdio.h>
extern char __bss_start;
int main()
{
printf("%p\n", &__bss_start);
return 0;
}
You find this by looking in the linker script, for example in /usr/lib/ldscripts/elf_x64_64.x:
.data :
{
*(.data .data.* .gnu.linkonce.d.*)
SORT(CONSTRUCTORS)
}
.data1 : { *(.data1) }
_edata = .; PROVIDE (edata = .);
__bss_start = .; /* <<<<< this is what you're looking for /*
.bss :
{
*(.dynbss)
*(.bss .bss.* .gnu.linkonce.b.*)
*(COMMON)
/* Align here to ensure that the .bss section occupies space up to
_end. Align after .bss to ensure correct alignment even if the
.bss section disappears because there are no input sections.
FIXME: Why do we need it? When there is no .bss section, we don't
pad the .data section. */
. = ALIGN(. != 0 ? 64 / 8 : 1);
}
You can also see the edata you mentioned, but as edata is not reserved for the implementation (the PROVIDE means only to create this symbol if it otherwise isn't used) you should probably use _edata instead.
If you want the address to the start of the data section you could modify the linker script:
__data_start = . ;
.data :
{
*(.data .data.* .gnu.linkonce.d.*)
SORT(CONSTRUCTORS)
}
.data1 : { *(.data1) }
_edata = .; PROVIDE (edata = .);
__bss_start = .; /* <<<<< this is what you're looking for /*
.bss :
{
*(.dynbss)
*(.bss .bss.* .gnu.linkonce.b.*)
*(COMMON)
/* Align here to ensure that the .bss section occupies space up to
_end. Align after .bss to ensure correct alignment even if the
.bss section disappears because there are no input sections.
FIXME: Why do we need it? When there is no .bss section, we don't
pad the .data section. */
. = ALIGN(. != 0 ? 64 / 8 : 1);
}
You probably want to make a copy of the linker script (look for the right one in /usr/lib/ldscripts, they are different depending on what kind of output you're targeting) and supply it when you compile:
gcc -o execfile source.c -Wl,-T ldscript
Another option if you don't want to modify the linker script could be to use the __executable_start and parse the ELF headers (hoping that the executable is sufficiently linearly mapped)
As for _etext, it is the end of the text section (you can read that in the linker script as well, but I didn't include it in the excerpt), but the text section is followed by rodata, trying to write there is probably going to segfault.
You can use the linux tool size (binutils package in Debian/Ubuntu).
Example
size -A /usr/bin/gcc
results in
/usr/bin/gcc :
section size addr
.interp 28 4194928
.note.ABI-tag 32 4194956
.note.gnu.build-id 36 4194988
.gnu.hash 240 4195024
.dynsym 4008 4195264
.dynstr 2093 4199272
.gnu.version 334 4201366
.gnu.version_r 160 4201704
.rela.dyn 720 4201864
.rela.plt 3240 4202584
.init 14 4205824
.plt 2176 4205840
.text 384124 4208016
.fini 9 4592140
.rodata 303556 4592160
.eh_frame_hdr 8540 4895716
.eh_frame 50388 4904256
.gcc_except_table 264 4954644
.tbss 16 7052632
.init_array 16 7052632
.fini_array 8 7052648
.jcr 8 7052656
.data.rel.ro 3992 7052672
.dynamic 480 7056664
.got 216 7057144
.got.plt 1104 7057384
.data 2520 7058496
.bss 80976 7061024
.gnu_debuglink 12 0
Total 849310
I have a linker script for a kernel with two absolute symbols: _kernel_start and _kernel_end. However, I get a linker relocation error for only _kernel_end:
In function `kernel::mem::mm::setup_memorymap':
/home/virtlink/kernel/src/mem/mm.rs:25:(.text._ZN3mem2mm15setup_memorymap):
relocation truncated to fit: R_X86_64_PC32 against symbol `_kernel_end'
defined in *ABS* section in ./kernel.bin
There have been many questions here on SO about this error, but I found none that solves my particular problem.
Apparently, this:
_kernel_start = .;
...is treated as 32-bit, whereas this:
. += KERNEL_BASE;
_kernel_end = . - KERNEL_BASE;
...is treated as 64-bit. If I move the _kernel_end symbol above the . += KERNEL_BASE line like this:
_kernel_end = .;
. += KERNEL_BASE;
...then it works again. But I want _kernel_end at the end of my linker script.
The linker script puts the boot code at the start of memory, and the rest of the code in the higher-half of the 64-bit virtual memory space. It looks like this:
OUTPUT_FORMAT(elf64-x86-64)
KERNEL_BASE = 0xFFFFFFFF80000000;
SECTIONS
{
/* Boot code at 1 MiB */
. = 1M;
_kernel_start = .;
.boot :
{
KEEP( *(.multiboot) )
*(.boot)
*(.bootdata)
}
/* Kernel code at high virtual address. */
. += KERNEL_BASE;
.text ALIGN(4K) : AT(ADDR(.text) - KERNEL_BASE)
{
*(.text)
*(.gnu.linkonce.t*)
}
.data ALIGN(4K) : AT(ADDR(.data) - KERNEL_BASE)
{
*(.data)
*(.gnu.linkonce.d*)
}
.rodata ALIGN(4K) : AT(ADDR(.rodata) - KERNEL_BASE)
{
*(.rodata)
*(.gnu.linkonce.r*)
}
.bss ALIGN(4K) : AT(ADDR(.bss) - KERNEL_BASE)
{
*(COMMON)
*(.bss)
*(.bss.*)
*(.gnu.linkonce.b*)
}
_kernel_end = . - KERNEL_BASE;
/DISCARD/ :
{
*(.comment)
*(.eh_frame)
}
}
The kernel is really small, so _kernel_start = 0x00100000 and _kernel_end = 0x00142000. It shouldn't give me relocation errors.
How can I rewrite the linker script such that _kernel_end give me no more relocation errors? I don't want to use mcmodel=large just for this one symbol.
Here's the code in which I'm using the symbols. It's Rust.
fn get_kernel_location() -> (*const u8, *const u8) {
extern {
static _kernel_start: u8;
static _kernel_end: u8;
}
let kernel_start: *const u8 = &_kernel_start;
let kernel_end: *const u8 = &_kernel_end;
println!("{:p}", kernel_start);
println!("{:p}", kernel_end);
(kernel_start, kernel_end)
}
Here are the entries in the relocation table of the Rust compiled object file:
Offset Info Type Sym. Value Sym. Name + Addend
000000000012 058800000009 R_X86_64_GOTPCREL 0000000000000000 _kernel_end - 4
000000000019 058900000009 R_X86_64_GOTPCREL 0000000000000000 _kernel_start - 4