Bug 1592148
Summary: | pxeboot shim crash using newer edk2 firmware | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Mark Salter <msalter> | ||||
Component: | shim-unsigned-aarch64 | Assignee: | Peter Jones <pjones> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | rawhide | CC: | awilliam, pbrobinson, pjones | ||||
Target Milestone: | --- | Keywords: | Tracking | ||||
Target Release: | --- | ||||||
Hardware: | aarch64 | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | shim-unsigned-aarch64-15.4-1.fc34 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | |||||||
: | 1603594 (view as bug list) | Environment: | |||||
Last Closed: | 2021-04-23 21:03:16 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 245418, 1603594 | ||||||
Attachments: |
|
Created attachment 1452455 [details]
Patch to move DEFAULT_LOADER_CHAR into writable data section
Here's a patch which fixes the problem for me.
This bug appears to have been reported against 'rawhide' during the Fedora 29 development cycle. Changing version to '29'. This still happening for you, Mark? Because I'm just setting up PXE install testing in openQA and it seems to be happening to me there - x86_64 BIOS and UEFI tests and ppc64 test work OK, aarch64 test blows up with 'Synchronous Exception'... Yes, still happening. This message is a reminder that Fedora 29 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora 29 on 2019-11-26. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '29'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 29 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. let's bump this to f31 at least, I'm pretty sure I was seeing it on f31 in #c3 above. Mark is this still an issue? Yes, it is still a problem in Fedora (I tried with fc32, but it doesn't look like shim has been rebuilt since fc28). Looking to refresh my memory, I see Laszlo Ersek ran across this too and got a patch upstream: https://github.com/rhboot/shim/commit/9813e8bc8b3295f343809fac43298a73a93ffc97 But that hasn't made its way into Fedora yet. Thanks, we should have a new shim build soon I believe. FEDORA-2021-c3d587d52c has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2021-c3d587d52c FEDORA-2021-cab258a413 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-cab258a413 FEDORA-2021-cab258a413 has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-cab258a413` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-cab258a413 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2021-cab258a413 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report. |
Description of problem: I have an AMD Seattle board (aarch64) running with fairly new upstream edk2 firmware. Under the right circumstances (alignment, section flags, etc), this firmware will mark text sections of EFI objects read-only. Trying to install rawhide via pxeboot, I hit the following: >>Start PXE over IPv4.. Station IP address is 192.168.0.12 Server IP address is 192.168.0.1 NBP filename is pxelinux/bootaa64.efi NBP filesize is 858216 Bytes Downloading NBP file... NBP file downloaded successfully. Loading driver at 0x083F823B000 EntryPoint=0x083F823C000 Loading driver at 0x083F823B000 EntryPoint=0x083F823C000 Synchronous Exception at 0x00000083F8243B64 PC 0x0083F8243B64 PC 0x0083F8244468 PC 0x0083F82446FC PC 0x0083F8241754 PC 0x0083F8241B24 PC 0x0083F8242B4C PC 0x0083F823C030 PC 0x0083FF624B98 (0x0083FF61E000+0x00006B98) [ 1] DxeCore.dll PC 0x0083F8315388 (0x0083F82FE000+0x00017388) [ 2] UiApp.dll PC 0x0083F83218FC (0x0083F82FE000+0x000238FC) [ 2] UiApp.dll PC 0x0083FB7183B0 (0x0083FB6FC000+0x0001C3B0) [ 3] SetupBrowser.dll PC 0x0083FB719178 (0x0083FB6FC000+0x0001D178) [ 3] SetupBrowser.dll PC 0x0083FB6FE064 (0x0083FB6FC000+0x00002064) [ 3] SetupBrowser.dll PC 0x0083F82FFCE8 (0x0083F82FE000+0x00001CE8) [ 4] UiApp.dll PC 0x0083F8301538 (0x0083F82FE000+0x00003538) [ 4] UiApp.dll PC 0x0083F830145C (0x0083F82FE000+0x0000345C) [ 4] UiApp.dll PC 0x0083F82FF880 (0x0083F82FE000+0x00001880) [ 4] UiApp.dll PC 0x0083F82FF064 (0x0083F82FE000+0x00001064) [ 4] UiApp.dll PC 0x0083FF624B98 (0x0083FF61E000+0x00006B98) [ 5] DxeCore.dll PC 0x0083F86D215C (0x0083F86BC000+0x0001615C) [ 6] BdsDxe.dll PC 0x0083F86D7E54 (0x0083F86BC000+0x0001BE54) [ 6] BdsDxe.dll PC 0x0083F86BF360 (0x0083F86BC000+0x00003360) [ 6] BdsDxe.dll PC 0x0083FF620494 (0x0083FF61E000+0x00002494) [ 7] DxeCore.dll PC 0x0083FF61F414 (0x0083FF61E000+0x00001414) [ 7] DxeCore.dll PC 0x0083FF61F024 (0x0083FF61E000+0x00001024) [ 7] DxeCore.dll [ 1] /home/msalter/work/amd/edk2/Build/Overdrive/DEBUG_GCC49/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll [ 2] /home/msalter/work/amd/edk2/Build/Overdrive/DEBUG_GCC49/AARCH64/MdeModulePkg/Application/UiApp/UiApp/DEBUG/UiApp.dll [ 3] /home/msalter/work/amd/edk2/Build/Overdrive/DEBUG_GCC49/AARCH64/MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe/DEBUG/SetupBrowser.dll [ 4] /home/msalter/work/amd/edk2/Build/Overdrive/DEBUG_GCC49/AARCH64/MdeModulePkg/Application/UiApp/UiApp/DEBUG/UiApp.dll [ 5] /home/msalter/work/amd/edk2/Build/Overdrive/DEBUG_GCC49/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll [ 6] /home/msalter/work/amd/edk2/Build/Overdrive/DEBUG_GCC49/AARCH64/MdeModulePkg/Universal/BdsDxe/BdsDxe/DEBUG/BdsDxe.dll [ 7] /home/msalter/work/amd/edk2/Build/Overdrive/DEBUG_GCC49/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll X0 0x00000083F82B2718 X1 0x000000000000002F X2 0x0000000000000000 X3 0x00000083F82DE700 X4 0x0000000000000030 X5 0x0000000000000000 X6 0x00000083FF6479B0 X7 0x0000000000000000 X8 0x00000083FC01F588 X9 0x0000000200000000 X10 0x00000083F8410000 X11 0x00000083F8410FFF X12 0x0000000000000000 X13 0x000000000000000E X14 0x0000000000000403 X15 0x000000000009FE90 X16 0x00000083FF61D800 X17 0x0000000000000000 X18 0x0000000000000000 X19 0x0000000000000013 X20 0x0000000000000000 X21 0x0000000000000000 X22 0x0000000000000000 X23 0x0000000000000000 X24 0x0000000000000000 X25 0x0000000000000000 X26 0x0000000000000000 X27 0x0000000000000000 X28 0x0000000000000000 FP 0x00000083FF61D5E0 LR 0x00000083F8244468 V0 0xAFAFAFAFAFAFAFAF AFAFAFAFAFAFAFAF V1 0x6D6D732F626D732F 0000000000003030 V2 0x0000000000003030 3030306330654075 V3 0x0000000100000001 0000000000000000 V4 0x0000000000000000 0000000000000000 V5 0x4010040140100401 4010040140100401 V6 0x0000000001010000 0000000001010000 V7 0x0000040C00020000 0000000000000000 V8 0x0000000000000000 00400000A0000000 V9 0x0000000000000000 0000000000000090 V10 0x0000000000000000 0000000000000000 V11 0x0000000000000000 0000000000000000 V12 0x0000000000000000 0000000000002080 V13 0x0000000000000000 0040000008000000 V14 0x0000000000000000 0001000010010000 V15 0x0000000000000000 0000000010000000 V16 0x0000010000022800 8000000000001034 V17 0x0102000008000000 0000010808000000 V18 0x2141800101600000 0002000000000000 V19 0x8802044600000200 0000800000000000 V20 0x4A18000000400800 0000000000002000 V21 0x0001800801200004 0000000800000000 V22 0x8000C84202020000 0000000000400000 V23 0x0422000110804200 0000030080000000 V24 0x0000000000004000 0000000000000000 V25 0x0000043008000100 0000000000000000 V26 0x84000C2A00000010 0000000000800000 V27 0x1073012400006000 0000000080800000 V28 0x0010000000000100 0000020000000000 V29 0x4108000000404220 0000000400200808 V30 0x2023040300000000 0800000000840000 V31 0x2251660200000000 0000000000000000 SP 0x00000083FF61D5C0 ELR 0x00000083F8243B64 SPSR 0x60000209 FPSR 0x00000000 ESR 0x9600004F FAR 0x00000083F82B2718 ESR : EC 0x25 IL 0x1 ISS 0x0000004F Data abort: Permission fault, third level So firmware loads the shim and jumps to its entry point and it eventually hits the permission fault. The backtrace for the shim looks like: Synchronous Exception at 0x00000083F8243B64 PC 0x0083F8243B64 in translate_slashes PC 0x0083F8244468 in parseDhcp4 PC 0x0083F82446FC in parseNetbootinfo PC 0x0083F8241754 in start_image PC 0x0083F8241B24 in init_grub PC 0x0083F8242B4C in efi_main PC 0x0083F823C030 in _start translate_slashes is passed DEFAULT_LOADER_CHAR which is a string literal that translate_slashes then tries to write into causing the permission fault. Version-Release number of selected component (if applicable): How reproducible: 100% Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: The code which writes to a string literal has been around in shim for a while now. The other piece of the puzzle was a change to gnu-efi which split text and data into separate sections and set text read-only flags. This went into gnu-efi 3.0.6 so only those shims built with gnu-efi-3.0.6 or later have their text section read-only.