Firmware Test Suite

UEFI RT Time Test1 causes kernel to try to execute NX-protected page on Dell Inc. OptiPlex 790/0D28YY, BIOS A18 09/24/2013

Bug #1635347 reported by Greg Land
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Firmware Test Suite
Expired
Undecided
Unassigned

Bug Description

Bug:
==========================================================================
Command: sudo fwts uefirttime
System: Dell Inc. OptiPlex 790/0D28YY
FTWS Versions Tested: fwts-live-16.09.00.img (failed)
                      fwts 16.03.00 installed on ubuntu 16.04 server ran from usb installed via apt (failed)
                      fwts 16.09.00 installed on ubuntu 16.04 server ran from usb installed via apt and ppa (failed)
Bios Versions Tested: A14, A18(latest) Failed with both
Results: Kernel terminates FWTS violently... Afterwords the kernel is unstable and will fail to shutdown in "strange" ways. Suspected damage to kernel data structures caused by efi_runtime.ko.

Full results.log:
==========================================================================
Results generated by fwts: Version V16.03.00 (2016-03-14 09:10:20).

Some of this work - Copyright (c) 1999 - 2016, Intel Corp. All rights reserved.
Some of this work - Copyright (c) 2010 - 2016, Canonical.

This test run on 19/10/16 at 12:33:39 on host Linux thumbstick 4.4.0-43-generic
#63-Ubuntu SMP Wed Oct 12 13:48:03 UTC 2016 x86_64.

Command: "fwts uefirttime".
Running tests: uefirttime.

uefirttime: UEFI Runtime service time interface tests.
--------------------------------------------------------------------------------
Test 1 of 35: Test UEFI RT service get time interface.
==========================================================================

Klog excerpt: (full log in attachments)
==========================================================================
Oct 19 12:33:39 thumbstick kernel: [ 215.931359] EFI_RUNTIME Driver v0.1
Oct 19 12:33:39 thumbstick kernel: [ 215.931895] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
Oct 19 12:33:39 thumbstick kernel: [ 215.932226] BUG: unable to handle kernel paging request at 000000000d8b65ff
Oct 19 12:33:39 thumbstick kernel: [ 215.932558] IP: [<000000000d8b65ff>] 0xd8b65ff
Oct 19 12:33:39 thumbstick kernel: [ 215.933258] PGD 3201067 PUD 3202067 PMD 800000000d8001e3
Oct 19 12:33:39 thumbstick kernel: [ 215.933958] Oops: 0011 [#1] SMP
Oct 19 12:33:39 thumbstick kernel: [ 215.934649] Modules linked in: efi_runtime(OE) nls_iso8859_1 snd_hda_codec_hdmi intel_rapl ppdev x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel snd_hda_codec_realtek snd_hda_codec_generic kvm snd_hda_intel snd_hda_codec snd_hda_core dcdbas snd_hwdep irqbypass snd_pcm snd_timer snd soundcore joydev serio_raw input_leds mei_me mei shpchp 8250_fintek lpc_ich parport_pc parport mac_hid ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid0 multipath linear raid1 hid_generic usbhid hid uas usb_storage nouveau crct10dif_pclmul crc32_pclmul mxm_wmi aesni_intel wmi aes_x86_64 i2c_algo_bit lrw gf128mul ttm glue_helper ablk_helper drm_kms_helper cryptd syscopyarea e1000e sysfillrect sysimgblt fb_sys_fops ahci ptp psmouse drm libahci pps_core fjes video
Oct 19 12:33:39 thumbstick kernel: [ 215.939521] CPU: 0 PID: 7181 Comm: fwts Tainted: G OE 4.4.0-43-generic #63-Ubuntu
Oct 19 12:33:39 thumbstick kernel: [ 215.940383] Hardware name: Dell Inc. OptiPlex 790/0D28YY, BIOS A18 09/24/2013
Oct 19 12:33:39 thumbstick kernel: [ 215.941247] task: ffff8800c4a7d280 ti: ffff880127dec000 task.ti: ffff880127dec000
Oct 19 12:33:39 thumbstick kernel: [ 215.942123] RIP: 0010:[<000000000d8b65ff>] [<000000000d8b65ff>] 0xd8b65ff
Oct 19 12:33:39 thumbstick kernel: [ 215.942998] RSP: 0018:ffff880127defcb8 EFLAGS: 00010086
Oct 19 12:33:39 thumbstick kernel: [ 215.943875] RAX: 00000000ccae3e18 RBX: ffff880127defe00 RCX: 00000000ccae3e18
Oct 19 12:33:39 thumbstick kernel: [ 215.944755] RDX: ffff880127defe00 RSI: ffff880127defe00 RDI: ffff880127defdf0
Oct 19 12:33:39 thumbstick kernel: [ 215.945637] RBP: ffff880127defdb0 R08: 0000000000000000 R09: 00007f93ad186770
Oct 19 12:33:39 thumbstick kernel: [ 215.946520] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000202
Oct 19 12:33:39 thumbstick kernel: [ 215.947401] R13: ffff880127defdf0 R14: 0000000080187003 R15: 0000000000097000
Oct 19 12:33:39 thumbstick kernel: [ 215.948284] FS: 00007f93adffe800(0000) GS:ffff880129200000(0000) knlGS:0000000000000000
Oct 19 12:33:39 thumbstick kernel: [ 215.949175] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Oct 19 12:33:39 thumbstick kernel: [ 215.950055] CR2: 000000000d8b65ff CR3: 0000000000097000 CR4: 00000000000406f0
Oct 19 12:33:39 thumbstick kernel: [ 215.950946] Stack:
Oct 19 12:33:39 thumbstick kernel: [ 215.951829] fffffffeffb83350 ffff8800cce8b360 000003f000000000 000003f000000000
Oct 19 12:33:39 thumbstick kernel: [ 215.952732] 0000001000000008 fffffffeffb83330 ffffffff81079eee ffff880127defe00
Oct 19 12:33:39 thumbstick kernel: [ 215.953643] 000000000000009e ffff00000000002d 07000000ffffff00 00007f93adffe800
Oct 19 12:33:39 thumbstick kernel: [ 215.954554] Call Trace:
Oct 19 12:33:39 thumbstick kernel: [ 215.955464] [<ffffffff81079eee>] ? efi_call+0x7e/0x100
Oct 19 12:33:39 thumbstick kernel: [ 215.956370] [<ffffffff816de243>] ? virt_efi_get_time+0x53/0x90
Oct 19 12:33:39 thumbstick kernel: [ 215.957279] [<ffffffffc0750b18>] efi_runtime_ioctl+0xa78/0xfd6 [efi_runtime]
Oct 19 12:33:39 thumbstick kernel: [ 215.958194] [<ffffffff811c0951>] ? handle_mm_fault+0x1131/0x1820
Oct 19 12:33:39 thumbstick kernel: [ 215.959104] [<ffffffff8122123f>] do_vfs_ioctl+0x29f/0x490
Oct 19 12:33:39 thumbstick kernel: [ 215.960007] [<ffffffff8106b504>] ? __do_page_fault+0x1b4/0x400
Oct 19 12:33:39 thumbstick kernel: [ 215.960912] [<ffffffff812214a9>] SyS_ioctl+0x79/0x90
Oct 19 12:33:39 thumbstick kernel: [ 215.961813] [<ffffffff818318b2>] entry_SYSCALL_64_fastpath+0x16/0x71
Oct 19 12:33:39 thumbstick kernel: [ 215.962707] Code: Bad RIP value.
Oct 19 12:33:39 thumbstick kernel: [ 215.963602] RIP [<000000000d8b65ff>] 0xd8b65ff
Oct 19 12:33:39 thumbstick kernel: [ 215.964502] RSP <ffff880127defcb8>
Oct 19 12:33:39 thumbstick kernel: [ 215.965408] CR2: 000000000d8b65ff
Oct 19 12:33:39 thumbstick kernel: [ 215.966307] ---[ end trace 4747c7a70ae4b098 ]---
==========================================================================

See original description
Revision history for this message
Greg Land (greg.land) wrote :
description: updated
Revision history for this message
Greg Land (greg.land) wrote :
Revision history for this message
Alex Hung (alexhung) wrote :

@Greg,

I noticed you run fwts 16.03.00. Please give the latest version 16.09.00 a try.

You can install it from stable PPA: https://wiki.ubuntu.com/FirmwareTestSuite#PPA

Alex Hung (alexhung)
Changed in fwts:
status: New → Incomplete
Revision history for this message
Greg Land (greg.land) wrote :
Download full text (6.1 KiB)

Done same result

Results.log:
=====================================================================================
Results generated by fwts: Version V16.09.00 (2016-09-09 01:49:56).

Some of this work - Copyright (c) 1999 - 2016, Intel Corp. All rights reserved.
Some of this work - Copyright (c) 2010 - 2016, Canonical.
Some of this work - Copyright (c) 2016 IBM.

This test run on 20/10/16 at 11:05:06 on host Linux thumbstick 4.4.0-45-generic
#66-Ubuntu SMP Wed Oct 19 14:12:37 UTC 2016 x86_64.

Command: "fwts uefirttime".
Running tests: uefirttime.

uefirttime: UEFI Runtime service time interface tests.
--------------------------------------------------------------------------------
Test 1 of 35: Test UEFI RT service get time interface.
=====================================================================================

Kern.log excerpt (FullKernLogV16.09.00.log)
=====================================================================================
Oct 20 11:05:06 thumbstick kernel: [ 218.866964] efi_runtime: module verification failed: signature and/or required key missing - tainting kernel
Oct 20 11:05:06 thumbstick kernel: [ 218.867852] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
Oct 20 11:05:06 thumbstick kernel: [ 218.868083] BUG: unable to handle kernel paging request at ffff8800be8c8000
Oct 20 11:05:06 thumbstick kernel: [ 218.868321] IP: [<ffff8800be8c8000>] 0xffff8800be8c8000
Oct 20 11:05:06 thumbstick kernel: [ 218.868873] PGD 3201067 PUD 12dffe067 PMD 80000000be8001e3
Oct 20 11:05:06 thumbstick kernel: [ 218.869488] Oops: 0011 [#1] SMP
Oct 20 11:05:06 thumbstick kernel: [ 218.870096] Modules linked in: efi_runtime(OE) nls_iso8859_1 intel_rapl x86_pkg_temp_thermal intel_powerclamp snd_hda_codec_hdmi coretemp ppdev kvm_intel kvm snd_hda_codec_realtek snd_hda_codec_generic snd_hda_intel irqbypass snd_hda_codec snd_hda_core snd_hwdep dcdbas snd_pcm snd_timer snd soundcore joydev serio_raw input_leds mei_me mei shpchp 8250_fintek lpc_ich parport_pc parport mac_hid ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid0 multipath linear uas usb_storage raid1 hid_generic usbhid hid nouveau crct10dif_pclmul crc32_pclmul mxm_wmi aesni_intel wmi i2c_algo_bit aes_x86_64 ttm lrw gf128mul drm_kms_helper glue_helper ablk_helper e1000e syscopyarea cryptd sysfillrect sysimgblt fb_sys_fops ptp ahci psmouse drm libahci pps_core fjes video
Oct 20 11:05:06 thumbstick kernel: [ 218.874578] CPU: 0 PID: 7287 Comm: fwts Tainted: G OE 4.4.0-45-generic #66-Ubuntu
Oct 20 11:05:06 thumbstick kernel: [ 218.875376] Hardware name: Dell Inc. OptiPlex 790/0D28YY, BIOS A18 09/24/2013
Oct 20 11:05:06 thumbstick kernel: [ 218.876215] task: ffff8800c4ef44c0 ti: ffff8800cc42c000 task.ti: ffff8800cc42c000
Oct 20 11:05:06 thumbstick kernel: [ 218.877056] RIP: 0010:[<ffff8800be8c8000>] [<ffff8800be8c8000>] 0xffff8800be8c8000
Oct 20 11:05:06 thumbstick kernel: [ 218.877910] RSP: 0018:ffff8800cc42fcd8 EFLAGS: 00010082
Oct 20 11:05:06 thumbstick kerne...

Read more...

Revision history for this message
Greg Land (greg.land) wrote :
Revision history for this message
Greg Land (greg.land) wrote :
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for Firmware Test Suite because there has been no activity for 60 days.]

Changed in fwts:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.