Executing boot ROM functions in Linux drivers

Question

I'm trying to execute some functions from the boot ROM on an NXP IMX6UL in a Linux device driver. I figured a device driver is the only place I can get manage this.

Currently, I map the boot ROM using devm_ioremap_resource() and I can read the ROM table in the device fine and it shows the values as expected. The problem comes when I try and execute a function from there, I get a paging request error and crash.

I get the following crash message:

Unable to handle kernel paging request at virtual address bf968f88
pgd = 8e5fa23c
[bf968f88] *pgd=b839e811, *pte=00008653, *ppte=00008453
Internal error: Oops: 8000000f [#1] PREEMPT ARM
Modules linked in:
CPU: 0 PID: 299 Comm: sh Not tainted 4.19.35-00007-ga99feb79b139-dirty #639
Hardware name: Freescale i.MX6 UltraLite (Device Tree)
PC is at 0xbf968f88
LR is at hab_rvt_entry+0x98/0xb4
pc : [<bf968f88>]    lr : [<804ee430>]    psr: 600f0033
sp : b9f85ea8  ip : 00000000  fp : 00000000
r10: b9e55e90  r9 : b9f85f78  r8 : b9a96800
r7 : 00000002  r6 : bf960000  r5 : 00008f89  r4 : bf968f89
r3 : fde952f0  r2 : fde952f0  r1 : 00000001  r0 : 00000000
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA Thumb  Segment none
Control: 10c53c7d  Table: b9ea8059  DAC: 00000051
Process sh (pid: 299, stack limit = 0x00d86b0c)
Stack: (0xb9f85ea8 to 0xb9f86000)
5ea0:                   00000002 b9e55e80 00000000 00000000 b9a96800 8027b3ec
5ec0: 00000000 00000000 81004048 8027b304 002478d0 b9f85f78 00000000 002478d0
5ee0: 00000002 802032c0 00002ee7 00000000 81004048 fde952f0 81004048 7e87c490
5f00: 00235a30 80208600 000007ff 00008180 00000001 00001000 00000000 00000000
5f20: 00000000 00000000 00002ee7 00000000 00000000 fde952f0 b98f1164 00000002
5f40: b9cbb840 002478d0 b9f85f78 00000000 002478d0 8020357c 5dca454a 00000000
5f60: 81004048 b9cbb840 00000000 00000000 b9cbb840 80203794 00000000 00000000
5f80: 00000000 fde952f0 00000002 002478d0 76ec0d98 00000004 80101204 b9f84000
5fa0: 00000004 80101000 00000002 002478d0 00000001 002478d0 00000002 00000000
5fc0: 00000002 002478d0 76ec0d98 00000004 002478d0 00000002 00000000 00000000
5fe0: 00000064 7e87c9d0 76de9ce0 76e42a74 600e0010 00000001 00000000 00000000
[<804ee430>] (hab_rvt_entry) from [<8027b3ec>] (kernfs_fop_write+0xe8/0x1c8)
[<8027b3ec>] (kernfs_fop_write) from [<802032c0>] (__vfs_write+0x2c/0x160)
[<802032c0>] (__vfs_write) from [<8020357c>] (vfs_write+0xa4/0x17c)
[<8020357c>] (vfs_write) from [<80203794>] (ksys_write+0x4c/0xac)
[<80203794>] (ksys_write) from [<80101000>] (ret_fast_syscall+0x0/0x54)
Exception stack(0xb9f85fa8 to 0xb9f85ff0)
5fa0:                   00000002 002478d0 00000001 002478d0 00000002 00000000
5fc0: 00000002 002478d0 76ec0d98 00000004 002478d0 00000002 00000000 00000000
5fe0: 00000064 7e87c9d0 76de9ce0 76e42a74
Code: ffc4 f7fd f833 e7fe (b5f0) b087

For reference and to make sense of these error messages a bit, BF960000 is what the base of my boot ROM is mapped to, and the address of the command I'm trying to execute is physically is at 8F89, virtually at BF968F89.

Is there any way to execute commands like this that exist in the boot ROM?

See https://stackoverflow.com/questions/59656966/why-both-ioremap-and-kmap-are-needed — sawdust, Feb 18 '20 at 08:06

Executing boot ROM functions in Linux drivers

0 Answers0