Ubuntu Cloud Archive

load shim fbaa64.efi cause exception on arm64

Bug #2019537 reported by Jianyong Wu
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Ubuntu Cloud Archive
New
Undecided
Unassigned

Bug Description

Exception generates when start ubuntu:22.04 from edk2 based on qemu on arm64:

FSOpen: Open '\EFI\BOOT\BOOTAA64.EFI' Success
[Bds] Expand PciRoot(0x0)/Pci(0x4,0x0) -> PciRoot(0x0)/Pci(0x4,0x0)/HD(15,GPT,06DEE026-3035-4AA3-89C2-9E5F5C2B6643,0x800,0x31801)/\EFI\BOOT\BOOTAA64.EFI
BdsDxe: loading Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x4,0x0)
[Security] 3rd party image[0] can be loaded after EndOfDxe: PciRoot(0x0)/Pci(0x4,0x0)/HD(15,GPT,06DEE026-3035-4AA3-89C2-9E5F5C2B6643,0x800,0x31801)/\EFI\BOOT\BOOTAA64.EFI.
InstallProtocolInterface: 5B1B31A1-9562-11D2-8E3F-00A0C969723B 13EB8CAC0
Loading driver at 0x0013C739000 EntryPoint=0x0013C757000
Loading driver at 0x0013C739000 EntryPoint=0x0013C757000
InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF 13EC6B318
ProtectUefiImageCommon - 0x3EB8CAC0
  - 0x000000013C739000 - 0x00000000000D7000
SetUefiImageMemoryAttributes - 0x000000013C739000 - 0x000000000001E000 (0x0000000000004008)
SetUefiImageMemoryAttributes - 0x000000013C757000 - 0x0000000000067000 (0x0000000000020008)
SetUefiImageMemoryAttributes - 0x000000013C7BE000 - 0x0000000000052000 (0x0000000000004008)
BdsDxe: starting Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x4,0x0)
InstallProtocolInterface: 605DAB50-E046-4300-ABB6-3DD810DD8B23 13C7EC9A0
FSOpen: Open '\EFI\BOOT\fbaa64.efi' Success
FSOpen: Open '\EFI\BOOT\fbaa64.efi' Success
SetMemoryAttributes: BaseAddress == 0x13C6F0000, Length == 0x19000, Attributes == 0x4000
ClearMemoryAttributes: BaseAddress == 0x13C6F0000, Length == 0x19000, Attributes == 0x22000

Synchronous Exception at 0x000000013C6F4000

Synchronous Exception at 0x000000013C6F4000
PC 0x00013C6F4000
PC 0x00013C7593F4
PC 0x00013C759608
PC 0x00013C75A32C
PC 0x00013C757030
PC 0x000047876468 (0x00004786F000+0x00007468) [ 1] DxeCore.dll
PC 0x00013FCDC688 (0x00013FCD6000+0x00006688) [ 2] BdsDxe.dll
PC 0x00013FCDF670 (0x00013FCD6000+0x00009670) [ 2] BdsDxe.dll
PC 0x000047878D88 (0x00004786F000+0x00009D88) [ 3] DxeCore.dll
[ 1] /root/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
[ 2] /root/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Universal/BdsDxe/BdsDxe/DEBUG/BdsDxe.dll
[ 3] /root/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll

  X0 0x000000013F2B3218 X1 0x000000013FFD0018 X2 0x000000013C6F4000 X3 0x0000000000000000
  X4 0x000000013FD4C0E8 X5 0x000000004786E400 X6 0x000000008000004F X7 0x0000000000000000
  X8 0x000000004786E3D0 X9 0x0000000000000002 X10 0x000000013C6F0000 X11 0x0000000000000003
 X12 0x0000000000000002 X13 0x0000000000000002 X14 0x0000000000000001 X15 0x0000000000000002
 X16 0x000000013FD45260 X17 0x00000000C19CD528 X18 0x0000000000000011 X19 0x000000013C7D8000
 X20 0x0000000000000000 X21 0x000000013F2B3218 X22 0x000000013C7EC930 X23 0x0000000000000001
 X24 0x000000013C7EC000 X25 0x000000013C7EC9F8 X26 0x000000013C7ECA00 X27 0x000000013C7ECA08
 X28 0x000000013C7ECA10 FP 0x000000004786E740 LR 0x000000013C7593F4

  V0 0xAFAFAFAFAFAFAFAF AFAFAFAFAFAFAFAF V1 0x0000000000000000 0000000000000000
  V2 0x0000000000000000 0000000000000000 V3 0x0000000000000000 0000000000000000
  V4 0x0000000000000000 0000000000000000 V5 0x0000000000000000 0000000000000000
  V6 0x0000000000000000 0000000000000000 V7 0x0000000000000000 0000000000000000
  V8 0x0000000000000000 0000000000000000 V9 0x0000000000000000 0000000000000000
 V10 0x0000000000000000 0000000000000000 V11 0x0000000000000000 0000000000000000
 V12 0x0000000000000000 0000000000000000 V13 0x0000000000000000 0000000000000000
 V14 0x0000000000000000 0000000000000000 V15 0x0000000000000000 0000000000000000
 V16 0x0000000000000000 0000000000000000 V17 0x0000000000000000 0000000000000000
 V18 0x0000000000000000 0000000000000000 V19 0x0000000000000000 0000000000000000
 V20 0x0000000000000000 0000000000000000 V21 0x0000000000000000 0000000000000000
 V22 0x0000000000000000 0000000000000000 V23 0x0000000000000000 0000000000000000
 V24 0x0000000000000000 0000000000000000 V25 0x0000000000000000 0000000000000000
 V26 0x0000000000000000 0000000000000000 V27 0x0000000000000000 0000000000000000
 V28 0x0000000000000000 0000000000000000 V29 0x0000000000000000 0000000000000000
 V30 0x0000000000000000 0000000000000000 V31 0x0000000000000000 0000000000000000

  SP 0x000000004786E740 ELR 0x000000013C6F4000 SPSR 0x60000205 FPSR 0x00000000
 ESR 0x8600000F FAR 0x000000013C6F4000

 ESR : EC 0x21 IL 0x1 ISS 0x0000000F

Instruction abort: Permission fault, third level

Stack dump:
  000004786E640: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
  000004786E660: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
  000004786E680: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
  000004786E6A0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
  000004786E6C0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
  000004786E6E0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
  000004786E700: 0000000000000000 0000000000000000 000000013FD49A74 0000000040000304
  000004786E720: 0000000000000000 000000008600000F 000000013C6F4000 000000013C709098
> 000004786E740: 000000004786E7A0 000000013C759608 0000000000000001 000000013C7D8000
  000004786E760: 000000013F2B3218 0000000000000000 000160184786E7A0 000000013C6F4000
  000004786E780: 000000013C6F0000 0000000000000019 000000013CB41D18 000000013C709018
  000004786E7A0: 000000004786E800 000000013C75A32C 0000000000000000 000000013C757428
  000004786E7C0: 000000013C7EC9DF 000000013F2B3218 000000004786E870 000000013C75A2F0
  000004786E7E0: 000000013EB8CAC0 000000013F29D030 000000013F2B3520 000000013F2B3120
  000004786E800: 000000004786E8A0 000000013C757030 0000000000000000 0000000000000000
  000004786E820: 000000013FCEE000 0000000000000000 0000000000000001 000000013FCEE1B8
ASSERT [ArmCpuDxe] /root/edk2/ArmPkg/Library/DefaultExceptionHandlerLib/AArch64/DefaultExceptionHandler.c(333): ((BOOLEAN)(0==1))

From the log, I think that BOOTAA64.EFI fails to update memory attribute correctly for fbaa64.efi, that is, the memory region for text segment of fbaa64.efi is set to no executable which cause the intruction exception.
I try to fix it by rebuilding shim to replace BOOTAA64.EFI and it works. Maybe, we need update shim using the latest code.

Revision history for this message
Steve Capper (stevecapper) wrote :

Upstream bug here: https://github.com/rhboot/shim/issues/585

Hello,
The following upstream commit should fix the issue:
https://github.com/rhboot/shim/commit/c7b305152802c8db688605654f75e1195def9fd6

Could that please be cherry picked?

Cheers,
--
Steve

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.