[Bug 2019537] [NEW] load shim fbaa64.efi cause exception on arm64

Jianyong Wu 2019537 at bugs.launchpad.net
Mon May 15 07:36:20 UTC 2023 

Public bug reported:

Exception generates when start ubuntu:22.04 from edk2 based on qemu on
arm64:

FSOpen: Open '\EFI\BOOT\BOOTAA64.EFI' Success
[Bds] Expand PciRoot(0x0)/Pci(0x4,0x0) -> PciRoot(0x0)/Pci(0x4,0x0)/HD(15,GPT,06DEE026-3035-4AA3-89C2-9E5F5C2B6643,0x800,0x31801)/\EFI\BOOT\BOOTAA64.EFI
BdsDxe: loading Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x4,0x0)
[Security] 3rd party image[0] can be loaded after EndOfDxe: PciRoot(0x0)/Pci(0x4,0x0)/HD(15,GPT,06DEE026-3035-4AA3-89C2-9E5F5C2B6643,0x800,0x31801)/\EFI\BOOT\BOOTAA64.EFI.
InstallProtocolInterface: 5B1B31A1-9562-11D2-8E3F-00A0C969723B 13EB8CAC0
Loading driver at 0x0013C739000 EntryPoint=0x0013C757000
Loading driver at 0x0013C739000 EntryPoint=0x0013C757000
InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF 13EC6B318
ProtectUefiImageCommon - 0x3EB8CAC0
  - 0x000000013C739000 - 0x00000000000D7000
SetUefiImageMemoryAttributes - 0x000000013C739000 - 0x000000000001E000 (0x0000000000004008)
SetUefiImageMemoryAttributes - 0x000000013C757000 - 0x0000000000067000 (0x0000000000020008)
SetUefiImageMemoryAttributes - 0x000000013C7BE000 - 0x0000000000052000 (0x0000000000004008)
BdsDxe: starting Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x4,0x0)
InstallProtocolInterface: 605DAB50-E046-4300-ABB6-3DD810DD8B23 13C7EC9A0
FSOpen: Open '\EFI\BOOT\fbaa64.efi' Success
FSOpen: Open '\EFI\BOOT\fbaa64.efi' Success
SetMemoryAttributes: BaseAddress == 0x13C6F0000, Length == 0x19000, Attributes == 0x4000
ClearMemoryAttributes: BaseAddress == 0x13C6F0000, Length == 0x19000, Attributes == 0x22000


Synchronous Exception at 0x000000013C6F4000


Synchronous Exception at 0x000000013C6F4000
PC 0x00013C6F4000
PC 0x00013C7593F4
PC 0x00013C759608
PC 0x00013C75A32C
PC 0x00013C757030
PC 0x000047876468 (0x00004786F000+0x00007468) [ 1] DxeCore.dll
PC 0x00013FCDC688 (0x00013FCD6000+0x00006688) [ 2] BdsDxe.dll
PC 0x00013FCDF670 (0x00013FCD6000+0x00009670) [ 2] BdsDxe.dll
PC 0x000047878D88 (0x00004786F000+0x00009D88) [ 3] DxeCore.dll
[ 1] /root/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
[ 2] /root/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Universal/BdsDxe/BdsDxe/DEBUG/BdsDxe.dll
[ 3] /root/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll

  X0 0x000000013F2B3218   X1 0x000000013FFD0018   X2 0x000000013C6F4000   X3 0x0000000000000000
  X4 0x000000013FD4C0E8   X5 0x000000004786E400   X6 0x000000008000004F   X7 0x0000000000000000
  X8 0x000000004786E3D0   X9 0x0000000000000002  X10 0x000000013C6F0000  X11 0x0000000000000003
 X12 0x0000000000000002  X13 0x0000000000000002  X14 0x0000000000000001  X15 0x0000000000000002
 X16 0x000000013FD45260  X17 0x00000000C19CD528  X18 0x0000000000000011  X19 0x000000013C7D8000
 X20 0x0000000000000000  X21 0x000000013F2B3218  X22 0x000000013C7EC930  X23 0x0000000000000001
 X24 0x000000013C7EC000  X25 0x000000013C7EC9F8  X26 0x000000013C7ECA00  X27 0x000000013C7ECA08
 X28 0x000000013C7ECA10   FP 0x000000004786E740   LR 0x000000013C7593F4

  V0 0xAFAFAFAFAFAFAFAF AFAFAFAFAFAFAFAF   V1 0x0000000000000000 0000000000000000
  V2 0x0000000000000000 0000000000000000   V3 0x0000000000000000 0000000000000000
  V4 0x0000000000000000 0000000000000000   V5 0x0000000000000000 0000000000000000
  V6 0x0000000000000000 0000000000000000   V7 0x0000000000000000 0000000000000000
  V8 0x0000000000000000 0000000000000000   V9 0x0000000000000000 0000000000000000
 V10 0x0000000000000000 0000000000000000  V11 0x0000000000000000 0000000000000000
 V12 0x0000000000000000 0000000000000000  V13 0x0000000000000000 0000000000000000
 V14 0x0000000000000000 0000000000000000  V15 0x0000000000000000 0000000000000000
 V16 0x0000000000000000 0000000000000000  V17 0x0000000000000000 0000000000000000
 V18 0x0000000000000000 0000000000000000  V19 0x0000000000000000 0000000000000000
 V20 0x0000000000000000 0000000000000000  V21 0x0000000000000000 0000000000000000
 V22 0x0000000000000000 0000000000000000  V23 0x0000000000000000 0000000000000000
 V24 0x0000000000000000 0000000000000000  V25 0x0000000000000000 0000000000000000
 V26 0x0000000000000000 0000000000000000  V27 0x0000000000000000 0000000000000000
 V28 0x0000000000000000 0000000000000000  V29 0x0000000000000000 0000000000000000
 V30 0x0000000000000000 0000000000000000  V31 0x0000000000000000 0000000000000000

  SP 0x000000004786E740  ELR 0x000000013C6F4000  SPSR 0x60000205  FPSR 0x00000000
 ESR 0x8600000F          FAR 0x000000013C6F4000

 ESR : EC 0x21  IL 0x1  ISS 0x0000000F

Instruction abort: Permission fault, third level

Stack dump:
  000004786E640: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
  000004786E660: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
  000004786E680: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
  000004786E6A0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
  000004786E6C0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
  000004786E6E0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
  000004786E700: 0000000000000000 0000000000000000 000000013FD49A74 0000000040000304
  000004786E720: 0000000000000000 000000008600000F 000000013C6F4000 000000013C709098
> 000004786E740: 000000004786E7A0 000000013C759608 0000000000000001 000000013C7D8000
  000004786E760: 000000013F2B3218 0000000000000000 000160184786E7A0 000000013C6F4000
  000004786E780: 000000013C6F0000 0000000000000019 000000013CB41D18 000000013C709018
  000004786E7A0: 000000004786E800 000000013C75A32C 0000000000000000 000000013C757428
  000004786E7C0: 000000013C7EC9DF 000000013F2B3218 000000004786E870 000000013C75A2F0
  000004786E7E0: 000000013EB8CAC0 000000013F29D030 000000013F2B3520 000000013F2B3120
  000004786E800: 000000004786E8A0 000000013C757030 0000000000000000 0000000000000000
  000004786E820: 000000013FCEE000 0000000000000000 0000000000000001 000000013FCEE1B8
ASSERT [ArmCpuDxe] /root/edk2/ArmPkg/Library/DefaultExceptionHandlerLib/AArch64/DefaultExceptionHandler.c(333): ((BOOLEAN)(0==1))


>From the log, I think that BOOTAA64.EFI fails to update memory attribute correctly for fbaa64.efi, that is, the memory region for text segment of fbaa64.efi is set to no executable which cause the intruction exception.
I try to fix it by rebuilding shim to replace BOOTAA64.EFI and it works. Maybe, we need update shim using the latest code.

** Affects: cloud-archive
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/2019537

Title:
  load shim fbaa64.efi cause exception on arm64

Status in Ubuntu Cloud Archive:
  New

Bug description:
  Exception generates when start ubuntu:22.04 from edk2 based on qemu on
  arm64:

  FSOpen: Open '\EFI\BOOT\BOOTAA64.EFI' Success
  [Bds] Expand PciRoot(0x0)/Pci(0x4,0x0) -> PciRoot(0x0)/Pci(0x4,0x0)/HD(15,GPT,06DEE026-3035-4AA3-89C2-9E5F5C2B6643,0x800,0x31801)/\EFI\BOOT\BOOTAA64.EFI
  BdsDxe: loading Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x4,0x0)
  [Security] 3rd party image[0] can be loaded after EndOfDxe: PciRoot(0x0)/Pci(0x4,0x0)/HD(15,GPT,06DEE026-3035-4AA3-89C2-9E5F5C2B6643,0x800,0x31801)/\EFI\BOOT\BOOTAA64.EFI.
  InstallProtocolInterface: 5B1B31A1-9562-11D2-8E3F-00A0C969723B 13EB8CAC0
  Loading driver at 0x0013C739000 EntryPoint=0x0013C757000
  Loading driver at 0x0013C739000 EntryPoint=0x0013C757000
  InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF 13EC6B318
  ProtectUefiImageCommon - 0x3EB8CAC0
    - 0x000000013C739000 - 0x00000000000D7000
  SetUefiImageMemoryAttributes - 0x000000013C739000 - 0x000000000001E000 (0x0000000000004008)
  SetUefiImageMemoryAttributes - 0x000000013C757000 - 0x0000000000067000 (0x0000000000020008)
  SetUefiImageMemoryAttributes - 0x000000013C7BE000 - 0x0000000000052000 (0x0000000000004008)
  BdsDxe: starting Boot0001 "UEFI Misc Device" from PciRoot(0x0)/Pci(0x4,0x0)
  InstallProtocolInterface: 605DAB50-E046-4300-ABB6-3DD810DD8B23 13C7EC9A0
  FSOpen: Open '\EFI\BOOT\fbaa64.efi' Success
  FSOpen: Open '\EFI\BOOT\fbaa64.efi' Success
  SetMemoryAttributes: BaseAddress == 0x13C6F0000, Length == 0x19000, Attributes == 0x4000
  ClearMemoryAttributes: BaseAddress == 0x13C6F0000, Length == 0x19000, Attributes == 0x22000

  
  Synchronous Exception at 0x000000013C6F4000

  
  Synchronous Exception at 0x000000013C6F4000
  PC 0x00013C6F4000
  PC 0x00013C7593F4
  PC 0x00013C759608
  PC 0x00013C75A32C
  PC 0x00013C757030
  PC 0x000047876468 (0x00004786F000+0x00007468) [ 1] DxeCore.dll
  PC 0x00013FCDC688 (0x00013FCD6000+0x00006688) [ 2] BdsDxe.dll
  PC 0x00013FCDF670 (0x00013FCD6000+0x00009670) [ 2] BdsDxe.dll
  PC 0x000047878D88 (0x00004786F000+0x00009D88) [ 3] DxeCore.dll
  [ 1] /root/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
  [ 2] /root/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Universal/BdsDxe/BdsDxe/DEBUG/BdsDxe.dll
  [ 3] /root/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll

    X0 0x000000013F2B3218   X1 0x000000013FFD0018   X2 0x000000013C6F4000   X3 0x0000000000000000
    X4 0x000000013FD4C0E8   X5 0x000000004786E400   X6 0x000000008000004F   X7 0x0000000000000000
    X8 0x000000004786E3D0   X9 0x0000000000000002  X10 0x000000013C6F0000  X11 0x0000000000000003
   X12 0x0000000000000002  X13 0x0000000000000002  X14 0x0000000000000001  X15 0x0000000000000002
   X16 0x000000013FD45260  X17 0x00000000C19CD528  X18 0x0000000000000011  X19 0x000000013C7D8000
   X20 0x0000000000000000  X21 0x000000013F2B3218  X22 0x000000013C7EC930  X23 0x0000000000000001
   X24 0x000000013C7EC000  X25 0x000000013C7EC9F8  X26 0x000000013C7ECA00  X27 0x000000013C7ECA08
   X28 0x000000013C7ECA10   FP 0x000000004786E740   LR 0x000000013C7593F4

    V0 0xAFAFAFAFAFAFAFAF AFAFAFAFAFAFAFAF   V1 0x0000000000000000 0000000000000000
    V2 0x0000000000000000 0000000000000000   V3 0x0000000000000000 0000000000000000
    V4 0x0000000000000000 0000000000000000   V5 0x0000000000000000 0000000000000000
    V6 0x0000000000000000 0000000000000000   V7 0x0000000000000000 0000000000000000
    V8 0x0000000000000000 0000000000000000   V9 0x0000000000000000 0000000000000000
   V10 0x0000000000000000 0000000000000000  V11 0x0000000000000000 0000000000000000
   V12 0x0000000000000000 0000000000000000  V13 0x0000000000000000 0000000000000000
   V14 0x0000000000000000 0000000000000000  V15 0x0000000000000000 0000000000000000
   V16 0x0000000000000000 0000000000000000  V17 0x0000000000000000 0000000000000000
   V18 0x0000000000000000 0000000000000000  V19 0x0000000000000000 0000000000000000
   V20 0x0000000000000000 0000000000000000  V21 0x0000000000000000 0000000000000000
   V22 0x0000000000000000 0000000000000000  V23 0x0000000000000000 0000000000000000
   V24 0x0000000000000000 0000000000000000  V25 0x0000000000000000 0000000000000000
   V26 0x0000000000000000 0000000000000000  V27 0x0000000000000000 0000000000000000
   V28 0x0000000000000000 0000000000000000  V29 0x0000000000000000 0000000000000000
   V30 0x0000000000000000 0000000000000000  V31 0x0000000000000000 0000000000000000

    SP 0x000000004786E740  ELR 0x000000013C6F4000  SPSR 0x60000205  FPSR 0x00000000
   ESR 0x8600000F          FAR 0x000000013C6F4000

   ESR : EC 0x21  IL 0x1  ISS 0x0000000F

  Instruction abort: Permission fault, third level

  Stack dump:
    000004786E640: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
    000004786E660: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
    000004786E680: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
    000004786E6A0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
    000004786E6C0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
    000004786E6E0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
    000004786E700: 0000000000000000 0000000000000000 000000013FD49A74 0000000040000304
    000004786E720: 0000000000000000 000000008600000F 000000013C6F4000 000000013C709098
  > 000004786E740: 000000004786E7A0 000000013C759608 0000000000000001 000000013C7D8000
    000004786E760: 000000013F2B3218 0000000000000000 000160184786E7A0 000000013C6F4000
    000004786E780: 000000013C6F0000 0000000000000019 000000013CB41D18 000000013C709018
    000004786E7A0: 000000004786E800 000000013C75A32C 0000000000000000 000000013C757428
    000004786E7C0: 000000013C7EC9DF 000000013F2B3218 000000004786E870 000000013C75A2F0
    000004786E7E0: 000000013EB8CAC0 000000013F29D030 000000013F2B3520 000000013F2B3120
    000004786E800: 000000004786E8A0 000000013C757030 0000000000000000 0000000000000000
    000004786E820: 000000013FCEE000 0000000000000000 0000000000000001 000000013FCEE1B8
  ASSERT [ArmCpuDxe] /root/edk2/ArmPkg/Library/DefaultExceptionHandlerLib/AArch64/DefaultExceptionHandler.c(333): ((BOOLEAN)(0==1))

  
  From the log, I think that BOOTAA64.EFI fails to update memory attribute correctly for fbaa64.efi, that is, the memory region for text segment of fbaa64.efi is set to no executable which cause the intruction exception.
  I try to fix it by rebuilding shim to replace BOOTAA64.EFI and it works. Maybe, we need update shim using the latest code.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2019537/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list