2023-09-22 23:12:01 |
dann frazier |
bug |
|
|
added bug |
2023-09-22 23:15:05 |
dann frazier |
description |
shim 15.7-0ubuntu1
qemu-efi-aarch64 now implements EFI Memory Attribute Protocol. When shim detects this, it uses it to set memory attributes appropriately for the sections of the bootloader image it loads before passing control to it. After this change, fresh Ubuntu VMs began crashing on startup:
--------------------------------------
BdsDxe: loading Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)
BdsDxe: starting Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)
Synchronous Exception at 0x00000000BC300000
Synchronous Exception at 0x00000000BC300000
--------------------------------------
I narrowed this down to only happening when shim executes fbaa64.efi (thus the fresh VM). I found upstream shim is unaffected, so I used bisection to identify the relevant change:
From c7b305152802c8db688605654f75e1195def9fd6 Mon Sep 17 00:00:00 2001
From: Nicholas Bishop <REDACTED>
Date: Mon, 19 Dec 2022 18:56:13 -0500
Subject: [PATCH] pe: Align section size up to page size for mem attrs
Setting memory attributes is generally done at page granularity, and
this is enforced by checks in `get_mem_attrs` and
`update_mem_attrs`. But unlike the section address, the section size
isn't necessarily aligned to 4KiB. Round up the section size to fix
this.
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Please add this patch to shim. |
shim 15.7-0ubuntu1
qemu-efi-aarch64 now implements EFI Memory Attribute Protocol. When shim detects this, it uses it to set memory attributes appropriately for the sections of the bootloader image it loads before passing control to it. After this change, fresh Ubuntu VMs began crashing on startup (bug 2036604):
--------------------------------------
BdsDxe: loading Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)
BdsDxe: starting Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)
Synchronous Exception at 0x00000000BC300000
Synchronous Exception at 0x00000000BC300000
--------------------------------------
I narrowed this down to only happening when shim executes fbaa64.efi (thus the fresh VM). I found upstream shim is unaffected, so I used bisection to identify the relevant change:
From c7b305152802c8db688605654f75e1195def9fd6 Mon Sep 17 00:00:00 2001
From: Nicholas Bishop <REDACTED>
Date: Mon, 19 Dec 2022 18:56:13 -0500
Subject: [PATCH] pe: Align section size up to page size for mem attrs
Setting memory attributes is generally done at page granularity, and
this is enforced by checks in `get_mem_attrs` and
`update_mem_attrs`. But unlike the section address, the section size
isn't necessarily aligned to 4KiB. Round up the section size to fix
this.
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Please add this patch to shim. |
|
2023-09-22 23:18:35 |
dann frazier |
marked as duplicate |
|
2036604 |
|
2023-09-25 17:37:33 |
dann frazier |
removed duplicate marker |
2036604 |
|
|
2023-09-25 17:39:12 |
dann frazier |
summary |
shim crashes on arm64 w/ firmware that supports EFI Memory Attribute Protocol |
Enable NX support for ARM VMs |
|
2023-09-25 17:39:31 |
dann frazier |
bug task added |
|
edk2 (Ubuntu) |
|
2023-09-25 17:45:16 |
dann frazier |
bug watch added |
|
https://github.com/rhboot/shim/issues/614 |
|
2023-09-25 17:45:16 |
dann frazier |
bug task added |
|
edk2 |
|
2023-09-25 17:48:00 |
Bug Watch Updater |
edk2: status |
Unknown |
New |
|
2023-09-25 17:53:56 |
dann frazier |
description |
shim 15.7-0ubuntu1
qemu-efi-aarch64 now implements EFI Memory Attribute Protocol. When shim detects this, it uses it to set memory attributes appropriately for the sections of the bootloader image it loads before passing control to it. After this change, fresh Ubuntu VMs began crashing on startup (bug 2036604):
--------------------------------------
BdsDxe: loading Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)
BdsDxe: starting Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)
Synchronous Exception at 0x00000000BC300000
Synchronous Exception at 0x00000000BC300000
--------------------------------------
I narrowed this down to only happening when shim executes fbaa64.efi (thus the fresh VM). I found upstream shim is unaffected, so I used bisection to identify the relevant change:
From c7b305152802c8db688605654f75e1195def9fd6 Mon Sep 17 00:00:00 2001
From: Nicholas Bishop <REDACTED>
Date: Mon, 19 Dec 2022 18:56:13 -0500
Subject: [PATCH] pe: Align section size up to page size for mem attrs
Setting memory attributes is generally done at page granularity, and
this is enforced by checks in `get_mem_attrs` and
`update_mem_attrs`. But unlike the section address, the section size
isn't necessarily aligned to 4KiB. Round up the section size to fix
this.
Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
Please add this patch to shim. |
EDK2 2023.05-1 introduced the EFI Memory Attribute Protocol, which shim 15.7-0ubuntu1 detects and consumes to implement NX support. Unfortunately, due to bugs in shim's usage of this feature, this caused shim to sometimes crash when handing off execution to the next stage bootloader. We worked around this for mantic by disabling the EFI Memory Attribute Protocol. This bug is to track the tasks required to re-enable it.
shim needs to adopt this patch from upstream (not yet in a release):
From c7b305152802c8db688605654f75e1195def9fd6 Mon Sep 17 00:00:00 2001
From: Nicholas Bishop <REDACTED>
Date: Mon, 19 Dec 2022 18:56:13 -0500
Subject: [PATCH] pe: Align section size up to page size for mem attrs
Setting memory attributes is generally done at page granularity, and
this is enforced by checks in `get_mem_attrs` and
`update_mem_attrs`. But unlike the section address, the section size
isn't necessarily aligned to 4KiB. Round up the section size to fix
this.
Signed-off-by: Nicholas Bishop <REDACTED>
shim should also handle the 64KiB attribute requirements described in Comment #1 which is not yet addressed upstream (see the shim upstream task on this bug).
qemu-efi-{aarch64,arm} should also document this change in NEWS.Debian, as it will break VMs that have not yet updated to the latest version of shim. And we should also cover this in the Ubuntu release notes. |
|
2023-09-25 17:54:26 |
dann frazier |
bug task deleted |
edk2 |
|
|
2023-09-25 17:54:37 |
dann frazier |
bug task added |
|
shim |
|
2023-09-25 17:54:48 |
dann frazier |
edk2 (Ubuntu): assignee |
|
dann frazier (dannf) |
|
2023-09-25 17:54:51 |
dann frazier |
edk2 (Ubuntu): status |
New |
Triaged |
|
2023-09-25 17:55:20 |
dann frazier |
bug task added |
|
ubuntu-release-notes |
|
2023-09-26 19:42:43 |
Bug Watch Updater |
shim: status |
Unknown |
New |
|