Hi Piotr, Thanks for providing the logs.
On Tue, 29 Dec 2015 01:25:25 +0100 Piotr Król <[email protected]> wrote: > Using built-in specs. > COLLECT_GCC=arm-linux-gnueabihf-gcc > COLLECT_LTO_WRAPPER=/home/pietrushnic/bin/gcc-linaro-arm-linux-gnueabihf-4.9-2014.07_linux/bin/../libexec/gcc/arm-linux-gnueabihf/4.9.1/lto-wrapper > Target: arm-linux-gnueabihf > Configured with: > /cbuild/slaves/oorts/crosstool-ng/builds/arm-linux-gnueabihf-linux/.build/src/gcc-linaro-4.9-2014.07/configure > --build=i686-build_pc-linux-gnu --host=i686-build_pc-linux-gnu > --target=arm-linux-gnueabihf > --prefix=/cbuild/slaves/oorts/crosstool-ng/builds/arm-linux-gnueabihf-linux/install > > --with-sysroot=/cbuild/slaves/oorts/crosstool-ng/builds/arm-linux-gnueabihf-linux/install/arm-linux-gnueabihf/libc > --enable-languages=c,c++,fortran --disable-multilib --enable-multiarch > --with-arch=armv7-a --with-tune=cortex-a9 --with-fpu=vfpv3-d16 > --with-float=hard --with-pkgversion='crosstool-NG linaro-1.13.1-4.9-2014.07 - > Linaro GCC 4.9-2014.07' --with-bugurl=https://bugs.launchpad.net/gcc-linaro > --enable-__cxa_atexit --enable-libmudflap --enable-libgomp --enable-libssp > --with-gmp=/cbuild/slaves/oorts/crosstool-ng/builds/arm-linux-gnueabihf-linux/.build/arm-linux-gnueabihf/build/static > > --with-mpfr=/cbuild/slaves/oorts/crosstool-ng/builds/arm-linux-gnueabihf-linux/.build/arm-linux-gnueabihf/build/static > > --with-mpc=/cbuild/slaves/oorts/crosstool-ng/builds/arm-linux-gnueabihf-linux/.build/arm-linux-gnueabihf/build/static > > --with-isl=/cbuild/slaves/oorts/crosstool-ng/builds/arm-linux-gnueabihf-linux/.build/arm-linux-gnueabihf/build/static > > --with-cloog=/cbuild/slaves/oorts/crosstool-ng/builds/arm-linux-gnueabihf-linux/.build/arm-linux-gnueabihf/build/static > > --with-libelf=/cbuild/slaves/oorts/crosstool-ng/builds/arm-linux-gnueabihf-linux/.build/arm-linux-gnueabihf/build/static > --enable-threads=posix --disable-libstdcxx-pch --enable-linker-build-id > --enable-plugin --enable-gold > --with-local-prefix=/cbuild/slaves/oorts/crosstool-ng/builds/arm-linux-gnueabihf-linux/install/arm-linux-gnueabihf/libc > --enable-c99 --enable-long-long " --disable-multilib --with-float=hard > Thread model: posix > gcc version 4.9.1 20140710 (prerelease) (crosstool-NG > linaro-1.13.1-4.9-2014.07 - Linaro GCC 4.9-2014.07) This toolchain has been indeed configured using "--with-mode=thumb" > It looks like my version of radare2 doesn't decode instructions correctly. > Maybe you are using different version (I'm on Debian): > > radare2 0.9.6 @ linux-little-x86-64 git.0.9.6 > commit: 1: build: 2015-06-26 > > [0x00000000]> pd > 0x00000000 060000ea ands x6, x0, x0 > 0x00000004 65474f4e .inst 0x4e4f4765 > 0x00000008 2e425430 adr x14, 0x000a884d > 0x0000000c e110498d .inst 0x8d4910e1 > 0x00000010 00200000 .inst 0x00002000 > 0x00000014 53504c01 .inst 0x014c5053 > 0x00000018 00000000 .inst 0x00000000 > 0x0000001c 00000000 .inst 0x00000000 > 0x00000020 04000000 .inst 0x00000004 > 0x00000024 14000000 .inst 0x00000014 > 0x00000028 03000000 .inst 0x00000003 > 0x0000002c 474e5500 .inst 0x00554e47 > 0x00000030 8f2e3945 .inst 0x45392e8f > 0x00000034 6753f158 ldr x7, 0xfffffffffffe2aa0 > 0x00000038 29a9f212 .inst 0x12f2a929 > 0x0000003c fd4d5924 .inst 0x24594dfd > 0x00000040 1e986ba7 .inst 0xa76b981e > 0x00000044 004b1847 .inst 0x47184b00 > 0x00000048 2000ffff .inst 0xffff0020 Oh, looks like your radare2 is disassembling it as 64-bit ARM code by default. One can use radare2 cmdline options "-a arm -b 16" to disassemble it as thumb2 or "-a arm -b 32" to disassemble it as normal 32-bit ARM code (that's what the Allwinner's BROM wants). Disassembling your file as thumb2 instead of 64-bit code results in the following (we need to start disassembling at the address 0x20): $ r2 -a arm -b 16 fel-sdboot.sunxi [0x00000000]> s 0x20 [0x00000020]> pd 0x00000020 0400 movs r4, r0 0x00000022 0000 movs r0, r0 0x00000024 1400 movs r4, r2 0x00000026 0000 movs r0, r0 0x00000028 0300 movs r3, r0 0x0000002a 0000 movs r0, r0 0x0000002c 474e ldr r6, [pc, 0x11c] ; [:4]=0 0x0000002e 5500 lsls r5, r2, 1 0x00000030 8f2e cmp r6, 0x8f 0x00000032 3945 cmp r1, r7 0x00000034 6753 strh r7, [r4, r5] 0x00000036 f158 ldr r1, [r6, r3] 0x00000038 29a9 add r1, sp, 0xa4 0x0000003a f212 asrs r2, r6, 0xb 0x0000003c fd4d ldr r5, [pc, 0x3f4] ; [:4]=0xffffff00 ; 1076 0x0000003e 5924 movs r4, 0x59 0x00000040 1e98 ldr r0, [sp, 0x78] 0x00000042 6ba7 adr r7, 0x1ac 0x00000044 004b ldr r3, [pc, 0] ; [:4]=0xffff0020 ; 'H' `=< 0x00000046 1847 bx r3 0x00000048 2000 movs r0, r4 0x0000004a ffff0000 invalid After doing some rather strange manipulations in the beginning, it tries to jump to 0xffff0020 in the end (the FEL handler address in the BROM). > > My random guess is that your toolchain is probably generating thumb2 > > code by default. We might need to add '-marm' option to CFLAGS in the > > makefile. > > Tried that, unfortunately doesn't help. Well, we do want to have 32-bit ARM code in "fel-sdboot.sunxi", so using the -marm option in the makefile would be still the right thing to do. Your toolchain may be still problematic though. Because even after artificially adding -mthumb option when using my toolchain, I get a much more reasonable short thumb2 code without any junk in the beginning: $ r2 -a arm -b 16 fel-sdboot.sunxi [0x00000000]> s 0x20 [0x00000020]> pd 0x00000020 08b5 push {r3, lr} 0x00000022 014b ldr r3, [pc, 4] ; [:4]=0xffff0020 ; '(' 0x00000024 9847 blx r3 0x00000026 08bd pop {r3, pc} 0x00000028 2000 movs r0, r4 0x0000002a ffff0000 invalid -- Best regards, Siarhei Siamashka -- You received this message because you are subscribed to the Google Groups "linux-sunxi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
