EFI booting crashes

EFI booting crashes

[Andreas Schwab]

Has anyone sucessfully booted 5.10 via EFI?  When I try that, I get this
crash:

[    7.677382] Unable to handle kernel paging request at virtual address 00000000200a2388
[    7.678710] Oops [#1]
[    7.678873] Modules linked in:
[    7.679242] CPU: 0 PID: 7 Comm: kworker/u2:0 Not tainted 5.10.3-1-default #1 openSUSE Tumbleweed
[    7.679954] Workqueue: efi_rts_wq efi_call_rts
[    7.680296] epc: 000000002002c33c ra : 000000002002c496 sp : ffffffe07eacfd10
[    7.680656]  gp : ffffffe001367ab8 tp : ffffffe07eac0000 t0 : 00000000000002ea
[    7.681031]  t1 : ffffffe07ea08c6c t2 : ffffffe000a025f4 s0 : ffffffe07ea9fd80
[    7.681400]  s1 : 00000000200a2338 a0 : ffffffe07ea9fd98 a1 : ffffffe000c15080
[    7.681756]  a2 : 0000000000000000 a3 : ffffffe07ea9fd80 a4 : ffffffe07ea9fd78
[    7.682023]  a5 : 0000000000000000 a6 : ffffffe000c15080 a7 : 0000000000045b96
[    7.682380]  s2 : 0000000000000000 s3 : 0000000000000000 s4 : 0000000000000000
[    7.682795]  s5 : ffffffe07ea9fd80 s6 : ffffffe07ea9fd78 s7 : 0000000000000022
[    7.683216]  s8 : ffffffe00140c698 s9 : ffffffe00003d580 s10: ffffffe00003d580
[    7.683630]  s11: ffffffe07ea08c00 t3 : 0000000000000000 t4 : 000000000000010a
[    7.684205]  t5 : 0009be2b8189352a t6 : 00000000000bafbf
[    7.684543] status: 0000000000000120 badaddr: 00000000200a2388 cause: 000000000000000d
[    7.685557] ---[ end trace 7579eddbb881c1ff ]---

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

Re: EFI booting crashes

[Atish Patra]

On Mon, Jan 4, 2021 at 5:29 AM Andreas Schwab <schwab@suse.de> wrote:
>
> Has anyone sucessfully booted 5.10 via EFI?  When I try that, I get this
> crash:
>

I just tested them with 5.11-rc2 with bootefi command from U-Boot on
Qemu. I booted both busybox and a Fedora image.

[root@fedora-riscv ~]# cat /sys/kernel/debug/efi_page_tables
---[ UEFI runtime start ]---
0x0000000020000000-0x0000000020001000    0x00000000be730000         4K
PTE     D A . . . W R V
0x0000000020014000-0x0000000020017000    0x00000000be734000        12K
PTE     D A . . . W R V
0x0000000020028000-0x000000002002c000    0x00000000be738000        16K
PTE     D A . . . W R V
0x000000002003a000-0x000000002003b000    0x00000000bff6a000         4K
PTE     D A . . X W R V
---[ UEFI runtime end ]---

The panic seems to have been caused by invalid runtime services mapping.
Can you give more details on the platform and UEFI firmware (U-Boot/EDK2) used ?
If you can share the opensuse image, I can try that as well.

> [    7.677382] Unable to handle kernel paging request at virtual address 00000000200a2388
> [    7.678710] Oops [#1]
> [    7.678873] Modules linked in:
> [    7.679242] CPU: 0 PID: 7 Comm: kworker/u2:0 Not tainted 5.10.3-1-default #1 openSUSE Tumbleweed
> [    7.679954] Workqueue: efi_rts_wq efi_call_rts
> [    7.680296] epc: 000000002002c33c ra : 000000002002c496 sp : ffffffe07eacfd10
> [    7.680656]  gp : ffffffe001367ab8 tp : ffffffe07eac0000 t0 : 00000000000002ea
> [    7.681031]  t1 : ffffffe07ea08c6c t2 : ffffffe000a025f4 s0 : ffffffe07ea9fd80
> [    7.681400]  s1 : 00000000200a2338 a0 : ffffffe07ea9fd98 a1 : ffffffe000c15080
> [    7.681756]  a2 : 0000000000000000 a3 : ffffffe07ea9fd80 a4 : ffffffe07ea9fd78
> [    7.682023]  a5 : 0000000000000000 a6 : ffffffe000c15080 a7 : 0000000000045b96
> [    7.682380]  s2 : 0000000000000000 s3 : 0000000000000000 s4 : 0000000000000000
> [    7.682795]  s5 : ffffffe07ea9fd80 s6 : ffffffe07ea9fd78 s7 : 0000000000000022
> [    7.683216]  s8 : ffffffe00140c698 s9 : ffffffe00003d580 s10: ffffffe00003d580
> [    7.683630]  s11: ffffffe07ea08c00 t3 : 0000000000000000 t4 : 000000000000010a
> [    7.684205]  t5 : 0009be2b8189352a t6 : 00000000000bafbf
> [    7.684543] status: 0000000000000120 badaddr: 00000000200a2388 cause: 000000000000000d
> [    7.685557] ---[ end trace 7579eddbb881c1ff ]---
>
> Andreas.
>
> --
> Andreas Schwab, SUSE Labs, schwab@suse.de
> GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
> "And now for something completely different."
>
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-riscv



--
Regards,
Atish

_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

Re: EFI booting crashes

[Andreas Schwab]

On Jan 04 2021, Atish Patra wrote:

> Can you give more details on the platform and UEFI firmware (U-Boot/EDK2) used ?

I'm using qemu 5.2.0 with u-boot 2020.10:

http://download.opensuse.org/ports/riscv/tumbleweed/repo/oss/riscv64/u-boot-qemu-riscv64smode-2020.10-7.1.riscv64.rpm

> If you can share the opensuse image, I can try that as well.

http://download.opensuse.org/ports/riscv/tumbleweed/images/openSUSE-Tumbleweed-RISC-V-JeOS-efi.riscv64.raw.xz

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

Re: EFI booting crashes

[Andreas Schwab]

On Jan 04 2021, Atish Patra wrote:

> I just tested them with 5.11-rc2 with bootefi command from U-Boot on
> Qemu. I booted both busybox and a Fedora image.

What happens if you enable CONFIG_INTEGRITY_PLATFORM_KEYRING?

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

Re: EFI booting crashes

[Andreas Schwab]

Looking closer, the fault address is pointing to the GOT of u-boot,
coming from loading the address of efi_var_buf in efi_var_mem_find:

    80200338:   00078497                auipc   s1,0x78
    8020033c:   9e84b483                ld      s1,-1560(s1) # 80277d20 <_GLOBAL_OFFSET_TABLE_+0x80>

I wonder how this is supposed to work?  Surely the GOT isn't mapped in
the EFI runtime memory.

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

Re: EFI booting crashes

[Atish Patra]

On Wed, Jan 13, 2021 at 4:21 AM Andreas Schwab <schwab@suse.de> wrote:
>
> On Jan 04 2021, Atish Patra wrote:
>
> > I just tested them with 5.11-rc2 with bootefi command from U-Boot on
> > Qemu. I booted both busybox and a Fedora image.
>
> What happens if you enable CONFIG_INTEGRITY_PLATFORM_KEYRING?
>

Ahh that enables LOAD_UEFI_KEYS which is not tested at all. I am not
surprised if something fell through cracks. I am looking into it.

> Andreas.
>
> --
> Andreas Schwab, SUSE Labs, schwab@suse.de
> GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
> "And now for something completely different."



-- 
Regards,
Atish

_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

Re: EFI booting crashes

[Atish Patra]

On Wed, Jan 13, 2021 at 5:46 AM Andreas Schwab <schwab@suse.de> wrote:
>
> Looking closer, the fault address is pointing to the GOT of u-boot,
> coming from loading the address of efi_var_buf in efi_var_mem_find:
>
>     80200338:   00078497                auipc   s1,0x78
>     8020033c:   9e84b483                ld      s1,-1560(s1) # 80277d20 <_GLOBAL_OFFSET_TABLE_+0x80>
>
> I wonder how this is supposed to work?  Surely the GOT isn't mapped in
> the EFI runtime memory.
>

You are right. The code snippet where the fault happened is
efi_get_variable_runtime->efi_get_variable_mem->efi_var_mem_find->efi_var_buf

efi_var_buf is at 0x200b2338 where the regions that are mapped are

[    0.181783] Remapping and enabling EFI services.
[    0.182923] efi_create_mapping: virt 20008000 phys be738000
num_pages 1                                     [    0.184485]
efi_create_mapping: virt 2001c000 phys be73c000  num_pages 3
[    0.185068] efi_create_mapping: virt 20020000 phys be740000  num_pages 4
[    0.185692] efi_create_mapping: virt 2003d000 phys bff6d000  num_pages 1

efi runtime services doesn't have mapping for that address which
explains the panic in the kernel.

efi_var_mem_find code was added during the same time as kernel EFI
patches were merged. Most likely, those patches caused a regression
which was never noticed.

It seems that during allocation efi_var_buf was allocated at be740000
which is mapped correctly as a runtime service data. However, the load
address during execution is invalid(0x200b2338). I am debugging this
further.

> Andreas.
>
> --
> Andreas Schwab, SUSE Labs, schwab@suse.de
> GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
> "And now for something completely different."



-- 
Regards,
Atish

_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

Re: EFI booting crashes

[Andreas Schwab]

On Jan 13 2021, Atish Patra wrote:

> efi_var_buf is at 0x200b2338

That's its GOT entry, not the variable itself.

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

Re: EFI booting crashes

[Atish Patra]

On Thu, Jan 14, 2021 at 1:40 AM Andreas Schwab <schwab@suse.de> wrote:
>
> On Jan 13 2021, Atish Patra wrote:
>
> > efi_var_buf is at 0x200b2338
>
> That's its GOT entry, not the variable itself.
>

Yes. efi_var_buf is a global pointer so it's location is in GOT.

> Andreas.
>
> --
> Andreas Schwab, SUSE Labs, schwab@suse.de
> GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
> "And now for something completely different."



-- 
Regards,
Atish

_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv

Re: EFI booting crashes

[Atish Patra]

On Thu, Jan 14, 2021 at 1:29 PM Atish Patra <atishp@atishpatra.org> wrote:
>
> On Thu, Jan 14, 2021 at 1:40 AM Andreas Schwab <schwab@suse.de> wrote:
> >
> > On Jan 13 2021, Atish Patra wrote:
> >
> > > efi_var_buf is at 0x200b2338
> >
> > That's its GOT entry, not the variable itself.
> >
>
> Yes. efi_var_buf is a global pointer so it's location is in GOT.
>

Illias has fixed it in U-boot. It works for me.
Here is the patch
https://patchwork.ozlabs.org/project/uboot/patch/20210115160016.181511-1-ilias.apalodimas@linaro.org/


> > Andreas.
> >
> > --
> > Andreas Schwab, SUSE Labs, schwab@suse.de
> > GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
> > "And now for something completely different."
>
>
>
> --
> Regards,
> Atish



-- 
Regards,
Atish

_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv