基於Linux2.6.38.8內核啟動過程完全解析

一： Linux kernel內存存布局

在ARM平台中zImage.bin是一個壓縮鏡像，它用於將被壓縮的kernel解壓縮到KERNEL_RAM_PADDR開始的一段內存中，接著跳進真正的kernel去執行。該kernel的執行起點是stext函數，定義於arch/arm/kernel/head.S。在分析ENTRY(stext)前，先介紹此時內存的布局如下圖所示：

圖一：內存布局［此處借用下網絡上已有的圖片，自己不想弄圖片了］

在我的YL-E2410的平台上，SDRAM的開始內存地址是0x30000000，大小為64M，即0x20000000。 Linux2.6.38.8 ARM kernel將SDRAM的開始地址定義為PHYS_OFFSET。經bootloader加載kernel並由自解壓部分代碼運行後，最終kernel被放置到KERNEL_RAM_PADDR（=PHYS_OFFSET + TEXT_OFFSET，即0x30008000）地址上的一段內存，經此放置後，kernel代碼以後均不會被移動。在arch\arm\mach-s3c2410\Makefile.boot文件，其內容如下：

zreladdr-y := 0x30008000
params_phys-y := 0x30000100

這也驗證了為什麼內核會被放置在0x30008000的地方了，這個地址必須由Makefile.boot指定。而params_phys-y則是linux Kernel的taglist等參數的起始地址。在進入kernel代碼前，即自解壓縮階段，ARM未開啟MMU功能。因此啟動代碼一個重要功能是設置好相應的頁表，並開啟MMU功能。為了支持MMU功能，kernel鏡像中的所有符號，包括代碼段和數據段的符號，在鏈接時都生成了它在開啟MMU時，所在物理內存地址映射到的虛擬內存地址。Kernel第一個符號stext為例，在編譯鏈接，它生成的虛擬地址是0xc0008000，而放置它的物理地址為0x30008000。實際上這個變換可以利用簡單的公式進行表示：va = pa – PHYS_OFFSET + PAGE_OFFSET。Arm linux最終的kernel空間的頁表，就是按照這個關系來建立。之所提及linux的內存映射，原因是在進入kernel代碼，裡面所有符號地址值為0xCxxxxxxx地址，而此時ARM未開啟MMU功能，故在執行stext函數第一條執行時，它的PC值就是stext所在的內存地址（即物理地址，0x30008000）。

二：stext函數詳解

stext函數定義在arch/arm/kernel/head.S，它的功能是獲取處理器類型和機器類型信息，並創建臨時的頁表，然後開啟MMU功能，並跳進第一個C語言函數start_kernel。stext函數的在前置條件是：MMU, D-cache, 關閉; r0 = 0, r1 = machine nr, r2 = atags prointer.

1. /*
2. * This program is free software; you can redistribute it and/or modify
3. * it under the terms of the GNU General Public License version 2 as
4. * published by the Free Software Foundation.
5. *
6. * Kernel startup code for all 32-bit CPUs
7. */
8. #include <linux/linkage.h>
9. #include <linux/init.h>
11. #include <asm/assembler.h>
12. #include <asm/domain.h>
13. #include <asm/ptrace.h>
14. #include <asm/asm-offsets.h>
15. #include <asm/memory.h>
16. #include <asm/thread_info.h>
17. #include <asm/system.h>
19. #ifdef CONFIG_DEBUG_LL
20. #include <mach/debug-macro.S>
21. #endif
23. #if (PHYS_OFFSET & 0x001fffff)
24. #error "PHYS_OFFSET must be at an even 2MiB boundary!"
25. #endif
27. #define KERNEL_RAM_VADDR (PAGE_OFFSET + TEXT_OFFSET)
28. #define KERNEL_RAM_PADDR (PHYS_OFFSET + TEXT_OFFSET)
31. /*
32. * swapper_pg_dir is the virtual address of the initial page table.
33. * We place the page tables 16K below KERNEL_RAM_VADDR. Therefore, we must
34. * make sure that KERNEL_RAM_VADDR is correctly set. Currently, we expect
35. * the least significant 16 bits to be 0x8000, but we could probably
36. * relax this restriction to KERNEL_RAM_VADDR >= PAGE_OFFSET + 0x4000.
37. */
38. #if (KERNEL_RAM_VADDR & 0xffff) != 0x8000
39. #error KERNEL_RAM_VADDR must start at 0xXXXX8000
40. #endif
42. .globl swapper_pg_dir
43. .equ swapper_pg_dir, KERNEL_RAM_VADDR - 0x4000
45. .macro pgtbl, rd
46. ldr \rd, =(KERNEL_RAM_PADDR - 0x4000)
47. .endm
49. #ifdef CONFIG_XIP_KERNEL
50. #define KERNEL_START XIP_VIRT_ADDR(CONFIG_XIP_PHYS_ADDR)
51. #define KERNEL_END _edata_loc
52. #else
53. #define KERNEL_START KERNEL_RAM_VADDR
54. #define KERNEL_END _end
55. #endif
57. /*
58. * Kernel startup entry point.
59. * ---------------------------
60. *
61. * This is normally called from the decompressor code. The requirements
62. * are: MMU = off, D-cache = off, I-cache = dont care, r0 = 0,
63. * r1 = machine nr, r2 = atags pointer.
64. *
65. * This code is mostly position independent, so if you link the kernel at
66. * 0xc0008000, you call this at __pa(0xc0008000).
67. *
68. * See linux/arch/arm/tools/mach-types for the complete list of machine
69. * numbers for r1.
70. *
71. * We're trying to keep crap to a minimum; DO NOT add any machine specific
72. * crap here - that's what the boot loader (or in extreme, well justified
73. * circumstances, zImage) is for.
74. */
75. __HEAD
76. ENTRY(stext)
77. /* 設置CPU運行模式為SVC，並關中斷 */
78. setmode PSR_F_BIT | PSR_I_BIT | SVC_MODE, r9 @ ensure svc mode
79. @ and irqs disabled
80. mrc p15, 0, r9, c0, c0 @ get processor id
81. bl __lookup_processor_type @ r5=procinfo r9=cpuid
82. * r10指向cpu對應的proc_info記錄 */
83. movs r10, r5 @ invalid processor (r5=0)?
84. THUMB( it eq ) @ force fixup-able long branch encoding
85. beq __error_p @ yes, error 'p'
86. bl __lookup_machine_type @ r5=machinfo
87. /* r8 指向開發板對應的arch_info記錄 */
88. movs r8, r5 @ invalid machine (r5=0)?
89. THUMB( it eq ) @ force fixup-able long branch encoding
90. beq __error_a @ yes, error 'a'
91. /* __vet_atags函數涉及bootloader造知kernel物理內存的情況 */
92. /*
93. * r1 = machine no, r2 = atags,
94. * r8 = machinfo, r9 = cpuid, r10 = procinfo
95. */
96. bl __vet_atags
97. #ifdef CONFIG_SMP_ON_UP
98. bl __fixup_smp
99. #endif
100. /* 創建臨時頁表 */
101. bl __create_page_tables
103. /*
104. * The following calls CPU specific code in a position independent
105. * manner. See arch/arm/mm/proc-*.S for details. r10 = base of
106. * xxx_proc_info structure selected by __lookup_machine_type
107. * above. On return, the CPU will be ready for the MMU to be
108. * turned on, and r0 will hold the CPU control register value.
109. * 這裡的邏輯關系相當復雜，先是從proc_info結構中的中跳進__arm920_setup函數，
110. * 然後執__enable_mmu 函數。最後在__enable_mmu函數通過mov pc, r13來執行__mmap_switched，
111. * __mmap_switched函數在最後一條語句，魚躍龍門，跳進第一個C語言函數start_kernel
112. */
113. ldr r13, =__mmap_switched @ address to jump to after
114. @ mmu has been enabled
115. adr lr, BSYM(1f) @ return (PIC) address
116. ARM( add pc, r10, #PROCINFO_INITFUNC )
117. THUMB( add r12, r10, #PROCINFO_INITFUNC )
118. THUMB( mov pc, r12 )
119. 1: b __enable_mmu
120. ENDPROC(stext)
121. .ltorg