On Tue, Dec 29, 2015 at 11:16:57AM +0200, Siarhei Siamashka wrote:
> Hi Piotr,
>
> Thanks for providing the logs.
>
> On Tue, 29 Dec 2015 01:25:25 +0100
> Piotr Król <[email protected]> wrote:
>
> > Using built-in specs.
> > COLLECT_GCC=arm-linux-gnueabihf-gcc
> > COLLECT_LTO_WRAPPER=/home/pietrushnic/bin/gcc-linaro-arm-linux-gnueabihf-4.9-2014.07_linux/bin/../libexec/gcc/arm-linux-gnueabihf/4.9.1/lto-wrapper
> > Target: arm-linux-gnueabihf
> > Configured with:
> > /cbuild/slaves/oorts/crosstool-ng/builds/arm-linux-gnueabihf-linux/.build/src/gcc-linaro-4.9-2014.07/configure
> > --build=i686-build_pc-linux-gnu --host=i686-build_pc-linux-gnu
> > --target=arm-linux-gnueabihf
> > --prefix=/cbuild/slaves/oorts/crosstool-ng/builds/arm-linux-gnueabihf-linux/install
> >
> > --with-sysroot=/cbuild/slaves/oorts/crosstool-ng/builds/arm-linux-gnueabihf-linux/install/arm-linux-gnueabihf/libc
> > --enable-languages=c,c++,fortran --disable-multilib --enable-multiarch
> > --with-arch=armv7-a --with-tune=cortex-a9 --with-fpu=vfpv3-d16
> > --with-float=hard --with-pkgversion='crosstool-NG linaro-1.13.1-4.9-2014.07
> > - Linaro GCC 4.9-2014.07'
> > --with-bugurl=https://bugs.launchpad.net/gcc-linaro --enable-__cxa_atexit
> > --enable-libmudflap --enable-libgomp --enable-libssp
> > --with-gmp=/cbuild/slaves/oorts/crosstool-ng/builds/arm-linux-gnueabihf-linux/.build/arm-linux-gnueabihf/build/static
> >
> > --with-mpfr=/cbuild/slaves/oorts/crosstool-ng/builds/arm-linux-gnueabihf-linux/.build/arm-linux-gnueabihf/build/static
> >
> > --with-mpc=/cbuild/slaves/oorts/crosstool-ng/builds/arm-linux-gnueabihf-linux/.build/arm-linux-gnueabihf/build/static
> >
> > --with-isl=/cbuild/slaves/oorts/crosstool-ng/builds/arm-linux-gnueabihf-linux/.build/arm-linux-gnueabihf/build/static
> >
> > --with-cloog=/cbuild/slaves/oorts/crosstool-ng/builds/arm-linux-gnueabihf-linux/.build/arm-linux-gnueabihf/build/static
> >
> > --with-libelf=/cbuild/slaves/oorts/crosstool-ng/builds/arm-linux-gnueabihf-linux/.build/arm-linux-gnueabihf/build/static
> > --enable-threads=posix --disable-libstdcxx-pch --enable-linker-build-id
> > --enable-plugin --enable-gold
> > --with-local-prefix=/cbuild/slaves/oorts/crosstool-ng/builds/arm-linux-gnueabihf-linux/install/arm-linux-gnueabihf/libc
> > --enable-c99 --enable-long-long " --disable-multilib --with-float=hard
> > Thread model: posix
> > gcc version 4.9.1 20140710 (prerelease) (crosstool-NG
> > linaro-1.13.1-4.9-2014.07 - Linaro GCC 4.9-2014.07)
>
> This toolchain has been indeed configured using "--with-mode=thumb"
>
> > It looks like my version of radare2 doesn't decode instructions correctly.
> > Maybe you are using different version (I'm on Debian):
> >
> > radare2 0.9.6 @ linux-little-x86-64 git.0.9.6
> > commit: 1: build: 2015-06-26
> >
> > [0x00000000]> pd
> > 0x00000000 060000ea ands x6, x0, x0
> > 0x00000004 65474f4e .inst 0x4e4f4765
> > 0x00000008 2e425430 adr x14, 0x000a884d
> > 0x0000000c e110498d .inst 0x8d4910e1
> > 0x00000010 00200000 .inst 0x00002000
> > 0x00000014 53504c01 .inst 0x014c5053
> > 0x00000018 00000000 .inst 0x00000000
> > 0x0000001c 00000000 .inst 0x00000000
> > 0x00000020 04000000 .inst 0x00000004
> > 0x00000024 14000000 .inst 0x00000014
> > 0x00000028 03000000 .inst 0x00000003
> > 0x0000002c 474e5500 .inst 0x00554e47
> > 0x00000030 8f2e3945 .inst 0x45392e8f
> > 0x00000034 6753f158 ldr x7, 0xfffffffffffe2aa0
> > 0x00000038 29a9f212 .inst 0x12f2a929
> > 0x0000003c fd4d5924 .inst 0x24594dfd
> > 0x00000040 1e986ba7 .inst 0xa76b981e
> > 0x00000044 004b1847 .inst 0x47184b00
> > 0x00000048 2000ffff .inst 0xffff0020
>
> Oh, looks like your radare2 is disassembling it as 64-bit ARM code
> by default. One can use radare2 cmdline options "-a arm -b 16" to
> disassemble it as thumb2 or "-a arm -b 32" to disassemble it as
> normal 32-bit ARM code (that's what the Allwinner's BROM wants).
>
> Disassembling your file as thumb2 instead of 64-bit code results
> in the following (we need to start disassembling at the address
> 0x20):
>
> $ r2 -a arm -b 16 fel-sdboot.sunxi
> [0x00000000]> s 0x20
> [0x00000020]> pd
> 0x00000020 0400 movs r4, r0
> 0x00000022 0000 movs r0, r0
> 0x00000024 1400 movs r4, r2
> 0x00000026 0000 movs r0, r0
> 0x00000028 0300 movs r3, r0
> 0x0000002a 0000 movs r0, r0
> 0x0000002c 474e ldr r6, [pc, 0x11c] ; [:4]=0
> 0x0000002e 5500 lsls r5, r2, 1
> 0x00000030 8f2e cmp r6, 0x8f
> 0x00000032 3945 cmp r1, r7
> 0x00000034 6753 strh r7, [r4, r5]
> 0x00000036 f158 ldr r1, [r6, r3]
> 0x00000038 29a9 add r1, sp, 0xa4
> 0x0000003a f212 asrs r2, r6, 0xb
> 0x0000003c fd4d ldr r5, [pc, 0x3f4] ; [:4]=0xffffff00 ;
> 1076
> 0x0000003e 5924 movs r4, 0x59
> 0x00000040 1e98 ldr r0, [sp, 0x78]
> 0x00000042 6ba7 adr r7, 0x1ac
> 0x00000044 004b ldr r3, [pc, 0] ; [:4]=0xffff0020 ; 'H'
> `=< 0x00000046 1847 bx r3
> 0x00000048 2000 movs r0, r4
> 0x0000004a ffff0000 invalid
>
> After doing some rather strange manipulations in the beginning, it
> tries to jump to 0xffff0020 in the end (the FEL handler address
> in the BROM).
>
Hi Siarhei,
now I have something similar, but IIUC code jumps to different address. This is
Linaro 2014.07 toolchain.
$ r2 -a arm -b 16 fel-sdboot.sunxi
WARN: Use '-e bin.rawstr=true' or 'rabin2 -zz' to find strings on unknown file
types
[0x00000000]> s 0x20
[0x00000020]> pd
0x00000020 0400 movs r4, r0
0x00000022 0000 movs r0, r0
0x00000024 1400 movs r4, r2
0x00000026 0000 movs r0, r0
0x00000028 0300 movs r3, r0
0x0000002a 0000 movs r0, r0
0x0000002c 474e ldr r6, [pc, 284] ; (0x0000014c)
0x0000002e 5500 lsls r5, r2, 1
0x00000030 8f2e cmp r6, 143
0x00000032 3945 cmp r1, r7
0x00000034 6753 strh r7, [r4, r5]
0x00000036 f158 ldr r1, [r6, r3]
0x00000038 29a9 add r1, sp, 164
0x0000003a f212 asrs r2, r6, 11
0x0000003c fd4d ldr r5, [pc, 1012] ; (0x00000434)
0x0000003e 5924 movs r4, 89
0x00000040 1e98 ldr r0, [sp, 120]
0x00000042 6ba7 add r7, pc, 428 ; (adr r7, 0x000001f0)
0x00000044 004b ldr r3, [pc, 0] ; (0x00000048)
0x00000046 1847 bx r3
0x0000004d()
0x00000048 2000 movs r0, r4
0x0000004a ffff0000 vaddl.u<illegal width 64> q8, d15, d0
This was compiled with -marm.
> > > My random guess is that your toolchain is probably generating thumb2
> > > code by default. We might need to add '-marm' option to CFLAGS in the
> > > makefile.
> >
> > Tried that, unfortunately doesn't help.
>
> Well, we do want to have 32-bit ARM code in "fel-sdboot.sunxi", so
> using the -marm option in the makefile would be still the right thing
> to do. Your toolchain may be still problematic though. Because even
> after artificially adding -mthumb option when using my toolchain, I
> get a much more reasonable short thumb2 code without any junk in the
> beginning:
>
> $ r2 -a arm -b 16 fel-sdboot.sunxi
> [0x00000000]> s 0x20
> [0x00000020]> pd
> 0x00000020 08b5 push {r3, lr}
> 0x00000022 014b ldr r3, [pc, 4] ; [:4]=0xffff0020 ; '('
> 0x00000024 9847 blx r3
> 0x00000026 08bd pop {r3, pc}
> 0x00000028 2000 movs r0, r4
> 0x0000002a ffff0000 invalid
>
> --
> Best regards,
> Siarhei Siamashka
Also tried toolchain mentioned on sunxi wiki:
http://linux-sunxi.org/Toolchain#Debian
Result is different, but still cannot boot to FEL mode.
$ arm-linux-gnueabihf-gcc -v
Using built-in specs.
COLLECT_GCC=arm-linux-gnueabihf-gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc-cross/arm-linux-gnueabihf/5/lto-wrapper
Target: arm-linux-gnueabihf
Configured with: ../src/configure -v --with-pkgversion='Debian 5.3.1-4'
--with-bugurl=file:///usr/share/doc/gcc-5/README.Bugs
--enable-languages=c,ada,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr
--program-suffix=-5 --enable-shared --enable-linker-build-id
--libexecdir=/usr/lib --without-included-gettext --enable-threads=posix
--libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu
--enable-libstdcxx-debug --enable-libstdcxx-time=yes
--with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-libitm
--disable-libquadmath --enable-plugin --with-system-zlib
--disable-browser-plugin --enable-java-awt=gtk --enable-gtk-cairo
--with-java-home=/usr/lib/jvm/java-1.5.0-gcj-5-armhf-cross/jre
--enable-java-home
--with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-5-armhf-cross
--with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-5-armhf-cross
--with-arch-directory=arm --with-ecj-jar=/usr/share/java/eclipse-ecj.jar
--disable-libgcj --enable-objc-gc --enable-multiarch --disable-sjlj-exceptions
--with-arch=armv7-a --with-fpu=vfpv3-d16 --with-float=hard --with-mode=thumb
--enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu
--target=arm-linux-gnueabihf --program-prefix=arm-linux-gnueabihf-
--includedir=/usr/arm-linux-gnueabihf/include
Thread model: posix
gcc version 5.3.1 20151219 (Debian 5.3.1-4)
$ r2 -a arm -b 16 fel-sdboot.sunxi
WARN: Use '-e bin.rawstr=true' or 'rabin2 -zz' to find strings on unknown file
types
[0x00000000]> s 0x20
[0x00000020]> pd
0x00000020 0400 movs r4, r0
0x00000022 0000 movs r0, r0
0x00000024 1400 movs r4, r2
0x00000026 0000 movs r0, r0
0x00000028 0300 movs r3, r0
0x0000002a 0000 movs r0, r0
0x0000002c 474e ldr r6, [pc, 284] ; (0x0000014c)
0x0000002e 5500 lsls r5, r2, 1
0x00000030 82f7db2d ; <UNDEFINED> 0xf7822ddb
0xfffffffff8782bea()
0x00000034 5039 subs r1, 80
0x00000036 7935 adds r5, 121
0x00000038 9aba hlt 0x001a
0x0000003a 610c lsrs r1, r4, 17
0x0000003c 9734 adds r4, 151
0x0000003e 3c8c ldrh r4, [r7, 32]
0x00000040 5391 str r1, [sp, 332]
0x00000042 f58a ldrh r5, [r6, 22]
0x00000044 004b ldr r3, [pc, 0] ; (0x00000048)
0x00000046 1847 bx r3
0x0000004d()
0x00000048 2000 movs r0, r4
0x0000004a ffff0000 vaddl.u<illegal width 64> q8, d15, d0
I started to think that maybe this is my setup and checked Ubuntu 14.04.3 LTS
live CD. GCC version:
Using built-in specs.
COLLECT_GCC=arm-linux-gnueabihf-gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc-cross/arm-linux-gnueabihf/4.8/lto-wrapper
Target: arm-linux-gnueabihf
Configured with: ../src/configure -v --with-pkgversion='Ubuntu/Linaro
4.8.2-16ubuntu4' --with-bugurl=file:///usr/share/doc/gcc-4.8/README.Bugs
--enable-languages=c,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr
--program-suffix=-4.8 --enable-shared --enable-linker-build-id
--libexecdir=/usr/lib --without-included-gettext --enable-threads=posix
--with-gxx-include-dir=/usr/arm-linux-gnueabihf/include/c++/4.8.2
--libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu
--enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-gnu-unique-object
--disable-libmudflap --disable-libitm --disable-libquadmath --enable-plugin
--with-system-zlib --disable-browser-plugin --enable-java-awt=gtk
--enable-gtk-cairo
--with-java-home=/usr/lib/jvm/java-1.5.0-gcj-4.8-armhf-cross/jre
--enable-java-home
--with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-4.8-armhf-cross
--with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-4.8-armhf-cross
--with-arch-directory=arm --with-ecj-jar=/usr/share/java/eclipse-ecj.jar
--disable-libgcj --enable-objc-gc --enable-multiarch --enable-multilib
--disable-sjlj-exceptions --with-arch=armv7-a --with-fpu=vfpv3-d16
--with-float=hard --with-mode=thumb --disable-werror --enable-checking=release
--build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=arm-linux-gnueabihf
--program-prefix=arm-linux-gnueabihf-
--includedir=/usr/arm-linux-gnueabihf/include
Thread model: posix
gcc version 4.8.2 (Ubuntu/Linaro 4.8.2-16ubuntu4)
Radare output:
$ r2 -a arm -b 16 fel-sdboot.sunxi
WARN: Use '-e bin.rawstr=true' or 'rabin2 -zz' to find strings on unknown file
types
[0x00000000]> s 0x20
[0x00000020]> pd
0x00000020 0000 movs r0, r0
0x00000022 0000 movs r0, r0
0x00000024 0000 movs r0, r0
0x00000026 0000 movs r0, r0
0x00000028 0000 movs r0, r0
0x0000002a 0000 movs r0, r0
0x0000002c 0000 movs r0, r0
0x0000002e 0000 movs r0, r0
0x00000030 0400 movs r4, r0
0x00000032 0000 movs r0, r0
0x00000034 1400 movs r4, r2
0x00000036 0000 movs r0, r0
0x00000038 0300 movs r3, r0
0x0000003a 0000 movs r0, r0
0x0000003c 474e ldr r6, [pc, 284] ; (0x0000015c)
0x0000003e 5500 lsls r5, r2, 1
0x00000040 bd06 lsls r5, r7, 26
0x00000042 3b02 lsls r3, r7, 8
0x00000044 881d adds r0, r1, 6
0x00000046 7e92 str r2, [sp, 504]
0x00000048 e318 adds r3, r4, r3
0x0000004a bb56 ldrsb r3, [r7, r2]
0x0000004c f4a7 add r7, pc, 976 ; (adr r7, 0x00000420)
0x0000004e 9f53 strh r7, [r3, r6]
0x00000050 69d2 bcs.n 0x00000126
0x00000052 f440 lsrs r4, r6
0x00000054 004b ldr r3, [pc, 0] ; (0x00000058)
0x00000056 1847 bx r3
0x0000005d()
0x00000058 2000 movs r0, r4
0x0000005a ffff0000 vaddl.u<illegal width 64> q8, d15, d0
This image also cannot enter FEL mode. Have you got access to >4.7 GCC on
Gentoo ? Can you try it ?
Best Regards,
--
Piotr Król
Embedded Systems Consultant
http://3mdeb.com | @3mdeb_com
--
You received this message because you are subscribed to the Google Groups
"linux-sunxi" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
