Firmware Test Suite

Bug #1635347
Comment #0

Comment 0 for bug 1635347

Revision history for this message

Greg Land (greg.land) wrote on 2016-10-20:

Bug:
=================================================================================================
Command: sudo fwts uefirttime
System: Dell Inc. OptiPlex 790/0D28YY
FTWS Versions Tested: fwts-live-16.09.00.img (failed)
fwts 16.03.00 installed on ubuntu 16.04 server ran from usb installed via apt (failed)
Bios Versions Tested: A14, A18(latest) Failed with both
Results: Kernel terminates FWTS violently... Afterwords the kernel is unstable and will fail to shutdown in "strange" ways. Suspected damage to kernel data structures caused by efi_runtime.ko.

Full results.log:
=================================================================================================
Results generated by fwts: Version V16.03.00 (2016-03-14 09:10:20).

This test run on 19/10/16 at 12:33:39 on host Linux thumbstick 4.4.0-43-generic
#63-Ubuntu SMP Wed Oct 12 13:48:03 UTC 2016 x86_64.

Command: "fwts uefirttime".
Running tests: uefirttime.

uefirttime: UEFI Runtime service time interface tests.
--------------------------------------------------------------------------------
Test 1 of 35: Test UEFI RT service get time interface.
=================================================================================================

Klog excerpt: (full log in attachments)
=================================================================================================
Oct 19 12:33:39 thumbstick kernel: [ 215.931359] EFI_RUNTIME Driver v0.1
Oct 19 12:33:39 thumbstick kernel: [ 215.931895] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
Oct 19 12:33:39 thumbstick kernel: [ 215.932226] BUG: unable to handle kernel paging request at 000000000d8b65ff
Oct 19 12:33:39 thumbstick kernel: [ 215.932558] IP: [<000000000d8b65ff>] 0xd8b65ff
Oct 19 12:33:39 thumbstick kernel: [ 215.933258] PGD 3201067 PUD 3202067 PMD 800000000d8001e3
Oct 19 12:33:39 thumbstick kernel: [ 215.933958] Oops: 0011 [#1] SMP
Oct 19 12:33:39 thumbstick kernel: [ 215.934649] Modules linked in: efi_runtime(OE) nls_iso8859_1 snd_hda_codec_hdmi intel_rapl ppdev x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel snd_hda_codec_realtek snd_hda_codec_generic kvm snd_hda_intel snd_hda_codec snd_hda_core dcdbas snd_hwdep irqbypass snd_pcm snd_timer snd soundcore joydev serio_raw input_leds mei_me mei shpchp 8250_fintek lpc_ich parport_pc parport mac_hid ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid0 multipath linear raid1 hid_generic usbhid hid uas usb_storage nouveau crct10dif_pclmul crc32_pclmul mxm_wmi aesni_intel wmi aes_x86_64 i2c_algo_bit lrw gf128mul ttm glue_helper ablk_helper drm_kms_helper cryptd syscopyarea e1000e sysfillrect sysimgblt fb_sys_fops ahci ptp psmouse drm libahci pps_core fjes video
Oct 19 12:33:39 thumbstick kernel: [ 215.939521] CPU: 0 PID: 7181 Comm: fwts Tainted: G OE 4.4.0-43-generic #63-Ubuntu
Oct 19 12:33:39 thumbstick kernel: [ 215.940383] Hardware name: Dell Inc. OptiPlex 790/0D28YY, BIOS A18 09/24/2013
Oct 19 12:33:39 thumbstick kernel: [ 215.941247] task: ffff8800c4a7d280 ti: ffff880127dec000 task.ti: ffff880127dec000
Oct 19 12:33:39 thumbstick kernel: [ 215.942123] RIP: 0010:[<000000000d8b65ff>] [<000000000d8b65ff>] 0xd8b65ff
Oct 19 12:33:39 thumbstick kernel: [ 215.942998] RSP: 0018:ffff880127defcb8 EFLAGS: 00010086
Oct 19 12:33:39 thumbstick kernel: [ 215.943875] RAX: 00000000ccae3e18 RBX: ffff880127defe00 RCX: 00000000ccae3e18
Oct 19 12:33:39 thumbstick kernel: [ 215.944755] RDX: ffff880127defe00 RSI: ffff880127defe00 RDI: ffff880127defdf0
Oct 19 12:33:39 thumbstick kernel: [ 215.945637] RBP: ffff880127defdb0 R08: 0000000000000000 R09: 00007f93ad186770
Oct 19 12:33:39 thumbstick kernel: [ 215.946520] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000202
Oct 19 12:33:39 thumbstick kernel: [ 215.947401] R13: ffff880127defdf0 R14: 0000000080187003 R15: 0000000000097000
Oct 19 12:33:39 thumbstick kernel: [ 215.948284] FS: 00007f93adffe800(0000) GS:ffff880129200000(0000) knlGS:0000000000000000
Oct 19 12:33:39 thumbstick kernel: [ 215.949175] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Oct 19 12:33:39 thumbstick kernel: [ 215.950055] CR2: 000000000d8b65ff CR3: 0000000000097000 CR4: 00000000000406f0
Oct 19 12:33:39 thumbstick kernel: [ 215.950946] Stack:
Oct 19 12:33:39 thumbstick kernel: [ 215.951829] fffffffeffb83350 ffff8800cce8b360 000003f000000000 000003f000000000
Oct 19 12:33:39 thumbstick kernel: [ 215.952732] 0000001000000008 fffffffeffb83330 ffffffff81079eee ffff880127defe00
Oct 19 12:33:39 thumbstick kernel: [ 215.953643] 000000000000009e ffff00000000002d 07000000ffffff00 00007f93adffe800
Oct 19 12:33:39 thumbstick kernel: [ 215.954554] Call Trace:
Oct 19 12:33:39 thumbstick kernel: [ 215.955464] [<ffffffff81079eee>] ? efi_call+0x7e/0x100
Oct 19 12:33:39 thumbstick kernel: [ 215.956370] [<ffffffff816de243>] ? virt_efi_get_time+0x53/0x90
Oct 19 12:33:39 thumbstick kernel: [ 215.957279] [<ffffffffc0750b18>] efi_runtime_ioctl+0xa78/0xfd6 [efi_runtime]
Oct 19 12:33:39 thumbstick kernel: [ 215.958194] [<ffffffff811c0951>] ? handle_mm_fault+0x1131/0x1820
Oct 19 12:33:39 thumbstick kernel: [ 215.959104] [<ffffffff8122123f>] do_vfs_ioctl+0x29f/0x490
Oct 19 12:33:39 thumbstick kernel: [ 215.960007] [<ffffffff8106b504>] ? __do_page_fault+0x1b4/0x400
Oct 19 12:33:39 thumbstick kernel: [ 215.960912] [<ffffffff812214a9>] SyS_ioctl+0x79/0x90
Oct 19 12:33:39 thumbstick kernel: [ 215.961813] [<ffffffff818318b2>] entry_SYSCALL_64_fastpath+0x16/0x71
Oct 19 12:33:39 thumbstick kernel: [ 215.962707] Code: Bad RIP value.
Oct 19 12:33:39 thumbstick kernel: [ 215.963602] RIP [<000000000d8b65ff>] 0xd8b65ff
Oct 19 12:33:39 thumbstick kernel: [ 215.964502] RSP <ffff880127defcb8>
Oct 19 12:33:39 thumbstick kernel: [ 215.965408] CR2: 000000000d8b65ff
Oct 19 12:33:39 thumbstick kernel: [ 215.966307] ---[ end trace 4747c7a70ae4b098 ]---
=================================================================================================

Bug:
=================================================================================================
Command: sudo fwts uefirttime
System: Dell Inc. OptiPlex 790/0D28YY
FTWS Versions Tested: fwts-live-16.09.00.img (failed)
                      fwts 16.03.00 installed on ubuntu 16.04 server ran from usb installed via apt (failed)
Bios Versions Tested: A14, A18(latest) Failed with both
Results: Kernel terminates FWTS violently... Afterwords the kernel is unstable and will fail to shutdown in "strange" ways. Suspected damage to kernel data structures caused by efi_runtime.ko.

Full results.log:
=================================================================================================
Results generated by fwts: Version V16.03.00 (2016-03-14 09:10:20).

This test run on 19/10/16 at 12:33:39 on host Linux thumbstick 4.4.0-43-generic
#63-Ubuntu SMP Wed Oct 12 13:48:03 UTC 2016 x86_64.

Command: "fwts uefirttime".
Running tests: uefirttime.

Klog excerpt: (full log in attachments)
=================================================================================================
Oct 19 12:33:39 thumbstick kernel: [  215.931359] EFI_RUNTIME Driver v0.1
Oct 19 12:33:39 thumbstick kernel: [  215.931895] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
Oct 19 12:33:39 thumbstick kernel: [  215.932226] BUG: unable to handle kernel paging request at 000000000d8b65ff
Oct 19 12:33:39 thumbstick kernel: [  215.932558] IP: [<000000000d8b65ff>] 0xd8b65ff
Oct 19 12:33:39 thumbstick kernel: [  215.933258] PGD 3201067 PUD 3202067 PMD 800000000d8001e3 
Oct 19 12:33:39 thumbstick kernel: [  215.933958] Oops: 0011 [#1] SMP
Oct 19 12:33:39 thumbstick kernel: [  215.934649] Modules linked in: efi_runtime(OE) nls_iso8859_1 snd_hda_codec_hdmi intel_rapl ppdev x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel snd_hda_codec_realtek snd_hda_codec_generic kvm snd_hda_intel snd_hda_codec snd_hda_core dcdbas snd_hwdep irqbypass snd_pcm snd_timer snd soundcore joydev serio_raw input_leds mei_me mei shpchp 8250_fintek lpc_ich parport_pc parport mac_hid ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid0 multipath linear raid1 hid_generic usbhid hid uas usb_storage nouveau crct10dif_pclmul crc32_pclmul mxm_wmi aesni_intel wmi aes_x86_64 i2c_algo_bit lrw gf128mul ttm glue_helper ablk_helper drm_kms_helper cryptd syscopyarea e1000e sysfillrect sysimgblt fb_sys_fops ahci ptp psmouse drm libahci pps_core fjes video
Oct 19 12:33:39 thumbstick kernel: [  215.939521] CPU: 0 PID: 7181 Comm: fwts Tainted: G           OE   4.4.0-43-generic #63-Ubuntu
Oct 19 12:33:39 thumbstick kernel: [  215.940383] Hardware name: Dell Inc. OptiPlex 790/0D28YY, BIOS A18 09/24/2013
Oct 19 12:33:39 thumbstick kernel: [  215.941247] task: ffff8800c4a7d280 ti: ffff880127dec000 task.ti: ffff880127dec000
Oct 19 12:33:39 thumbstick kernel: [  215.942123] RIP: 0010:[<000000000d8b65ff>]  [<000000000d8b65ff>] 0xd8b65ff
Oct 19 12:33:39 thumbstick kernel: [  215.942998] RSP: 0018:ffff880127defcb8  EFLAGS: 00010086
Oct 19 12:33:39 thumbstick kernel: [  215.943875] RAX: 00000000ccae3e18 RBX: ffff880127defe00 RCX: 00000000ccae3e18
Oct 19 12:33:39 thumbstick kernel: [  215.944755] RDX: ffff880127defe00 RSI: ffff880127defe00 RDI: ffff880127defdf0
Oct 19 12:33:39 thumbstick kernel: [  215.945637] RBP: ffff880127defdb0 R08: 0000000000000000 R09: 00007f93ad186770
Oct 19 12:33:39 thumbstick kernel: [  215.946520] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000202
Oct 19 12:33:39 thumbstick kernel: [  215.947401] R13: ffff880127defdf0 R14: 0000000080187003 R15: 0000000000097000
Oct 19 12:33:39 thumbstick kernel: [  215.948284] FS:  00007f93adffe800(0000) GS:ffff880129200000(0000) knlGS:0000000000000000
Oct 19 12:33:39 thumbstick kernel: [  215.949175] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Oct 19 12:33:39 thumbstick kernel: [  215.950055] CR2: 000000000d8b65ff CR3: 0000000000097000 CR4: 00000000000406f0
Oct 19 12:33:39 thumbstick kernel: [  215.950946] Stack:
Oct 19 12:33:39 thumbstick kernel: [  215.951829]  fffffffeffb83350 ffff8800cce8b360 000003f000000000 000003f000000000
Oct 19 12:33:39 thumbstick kernel: [  215.952732]  0000001000000008 fffffffeffb83330 ffffffff81079eee ffff880127defe00
Oct 19 12:33:39 thumbstick kernel: [  215.953643]  000000000000009e ffff00000000002d 07000000ffffff00 00007f93adffe800
Oct 19 12:33:39 thumbstick kernel: [  215.954554] Call Trace:
Oct 19 12:33:39 thumbstick kernel: [  215.955464]  [<ffffffff81079eee>] ? efi_call+0x7e/0x100
Oct 19 12:33:39 thumbstick kernel: [  215.956370]  [<ffffffff816de243>] ? virt_efi_get_time+0x53/0x90
Oct 19 12:33:39 thumbstick kernel: [  215.957279]  [<ffffffffc0750b18>] efi_runtime_ioctl+0xa78/0xfd6 [efi_runtime]
Oct 19 12:33:39 thumbstick kernel: [  215.958194]  [<ffffffff811c0951>] ? handle_mm_fault+0x1131/0x1820
Oct 19 12:33:39 thumbstick kernel: [  215.959104]  [<ffffffff8122123f>] do_vfs_ioctl+0x29f/0x490
Oct 19 12:33:39 thumbstick kernel: [  215.960007]  [<ffffffff8106b504>] ? __do_page_fault+0x1b4/0x400
Oct 19 12:33:39 thumbstick kernel: [  215.960912]  [<ffffffff812214a9>] SyS_ioctl+0x79/0x90
Oct 19 12:33:39 thumbstick kernel: [  215.961813]  [<ffffffff818318b2>] entry_SYSCALL_64_fastpath+0x16/0x71
Oct 19 12:33:39 thumbstick kernel: [  215.962707] Code:  Bad RIP value.
Oct 19 12:33:39 thumbstick kernel: [  215.963602] RIP  [<000000000d8b65ff>] 0xd8b65ff
Oct 19 12:33:39 thumbstick kernel: [  215.964502]  RSP <ffff880127defcb8>
Oct 19 12:33:39 thumbstick kernel: [  215.965408] CR2: 000000000d8b65ff
Oct 19 12:33:39 thumbstick kernel: [  215.966307] ---[ end trace 4747c7a70ae4b098 ]---
=================================================================================================