[Bug 1205588] New: Page Fault when booting with PE NX-compatibility DLL Characteristic flag
https://bugzilla.suse.com/show_bug.cgi?id=1205588 Bug ID: 1205588 Summary: Page Fault when booting with PE NX-compatibility DLL Characteristic flag Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Bootloader Assignee: screening-team-bugs@suse.de Reporter: jlee@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I am trying the "Page Fault when booting with PE NX-compatibility DLL Characteristic flag" support in openSUSE TW: When PcdDxeNxMemoryProtectionPolicy be set to 0x4 (protect EfiLoaderData) in OVMF, openSUSE TW can not boot. We got a Page Fault: Loading Linux 6.1.0-rc5-default+.old ... Loading initial ramdisk ... !!!! X64 Exception Type - 0E(#PF - Page-Fault) CPU Apic ID - 00000000 !!!! ExceptionData - 0000000000000011 I:1 R:0 U:0 W:0 P:1 PK:0 SS:0 SGX:0 RIP - 0000000076A6F390, CS - 0000000000000038, RFLAGS - 0000000000210206 RAX - 000000007DA98DF8, RCX - 0000000076A6F390, RDX - 000000007DED3000 RBX - 0000000076A6F000, RSP - 000000007FF0D5A8, RBP - 000000007DED3000 RSI - 000000007F9EE018, RDI - 000000007E7A9718 R8 - 0000000076A6F000, R9 - 0000000000000190, R10 - 000000007FF1D658 R11 - 0000000000000004, R12 - 0000000000000190, R13 - 000000007DA98E00 R14 - 000000007DA936B4, R15 - 000000007BF0CBD5 DS - 0000000000000030, ES - 0000000000000030, FS - 0000000000000030 GS - 0000000000000030, SS - 0000000000000030 CR0 - 0000000080010033, CR2 - 0000000076A6F390, CR3 - 000000007FC01000 CR4 - 0000000000000668, CR8 - 0000000000000000 DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000 DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400 GDTR - 000000007F9DE000 0000000000000047, LDTR - 0000000000000000 IDTR - 000000007F2E9018 0000000000000FFF, TR - 0000000000000000 FXSAVE_STATE - 000000007FF0D200 !!!! Find image based on IP(0x7BF0BAB5) (No PDB) (ImageBase=000000007BDEB7A0, EntryPoint=000000007C92A0AF) !!!! The same EFI_STUB kernel can direct boot by EFI boot manager with the following boot entry: echo " root=UUID=6ffd1fb1-ddac-4105-a25a-20a602c93e7d showopts console=ttyS0,115200n8 console=tty0 earlyprintk=tty0 debug loglevel=9 efi=debug nomodeset initrd=\EFI\opensuse\initrd-6.1.0-rc5-default+" | \ iconv -f ascii -t ucs2 | efibootmgr -v -cL "vmlinuz-6.1.0-rc5-default+.efi (EFISTUB)" -d /dev/vda -p 1 -l '\EFI\opensuse\vmlinuz-6.1.0-rc5-default+.efi' --append-binary-args - Looks that the Page Fault is in grub2. The grub2 rpm is grub2-x86_64-efi-2.06-31.1.noarch. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1205588 Joey Lee <jlee@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mchang@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1205588 Joey Lee <jlee@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |glin@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1205588 https://bugzilla.suse.com/show_bug.cgi?id=1205588#c1 --- Comment #1 from Joey Lee <jlee@suse.com> --- I have tested kernel in kernel-default-6.0.8-1.1.x86_64 rpm for openSUSE TW. It also works for booting with PcdDxeNxMemoryProtectionPolicy=0x4. But the same kernel can not boot with grub2-x86_64-efi-2.06-31.1.noarch. I will put shim to openSUSE:Factory and also produce a OVMF with PcdDxeNxMemoryProtectionPolicy=0x7BD4 for debugging. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1205588 https://bugzilla.suse.com/show_bug.cgi?id=1205588#c2 --- Comment #2 from Michael Chang <mchang@suse.com> --- The 2.06 grub set the kernel memory as LOADER_DATA, while it should be LOADER_CODE. We can provide a test package later. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1205588 https://bugzilla.suse.com/show_bug.cgi?id=1205588#c3 --- Comment #3 from Joey Lee <jlee@suse.com> --- Created attachment 863004 --> https://bugzilla.suse.com/attachment.cgi?id=863004&action=edit ovmf-bsc1205588-debug-nx-4k-align.patch I have applied this patch to enable NV/4K-alignment in OVMF for debugging: https://build.opensuse.org/package/show/home:joeyli:branches:Virtualization:... -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1205588 https://bugzilla.suse.com/show_bug.cgi?id=1205588#c4 --- Comment #4 from Joey Lee <jlee@suse.com> --- (In reply to Joey Lee from comment #3)
Created attachment 863004 [details] ovmf-bsc1205588-debug-nx-4k-align.patch
I have applied this patch to enable NV/4K-alignment in OVMF for debugging:
https://build.opensuse.org/package/show/home:joeyli:branches:Virtualization: bsc1205588/ovmf
NX-enabled shim 15.7 is also available here: https://build.opensuse.org/project/show/devel:openSUSE:Factory For testing NX, please use both of the above ovmf and shim. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1205588 Chenzi Cao <chcao@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|screening-team-bugs@suse.de |bootloader-maintainers@suse | |.de -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1205588 https://bugzilla.suse.com/show_bug.cgi?id=1205588#c18 --- Comment #18 from Maintenance Automation <maint-coord+maintenance-robot@suse.de> --- SUSE-SU-2023:1702-1: An update that solves one vulnerability, contains two features and has 10 fixes can now be installed. Category: security (important) Bug References: 1185232, 1185261, 1185441, 1185621, 1187071, 1187260, 1193282, 1198458, 1201066, 1202120, 1205588 CVE References: CVE-2022-28737 Jira References: PED-127, PED-1273 Sources used: openSUSE Leap Micro 5.3 (src): shim-15.7-150300.4.11.1 openSUSE Leap 15.4 (src): shim-15.7-150300.4.11.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): shim-15.7-150300.4.11.1 SUSE Linux Enterprise Micro 5.3 (src): shim-15.7-150300.4.11.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): shim-15.7-150300.4.11.1 SUSE Linux Enterprise Micro 5.4 (src): shim-15.7-150300.4.11.1 Basesystem Module 15-SP4 (src): shim-15.7-150300.4.11.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): shim-15.7-150300.4.11.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): shim-15.7-150300.4.11.1 SUSE Linux Enterprise Real Time 15 SP3 (src): shim-15.7-150300.4.11.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): shim-15.7-150300.4.11.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): shim-15.7-150300.4.11.1 SUSE Manager Proxy 4.2 (src): shim-15.7-150300.4.11.1 SUSE Manager Retail Branch Server 4.2 (src): shim-15.7-150300.4.11.1 SUSE Manager Server 4.2 (src): shim-15.7-150300.4.11.1 SUSE Enterprise Storage 7.1 (src): shim-15.7-150300.4.11.1 SUSE Linux Enterprise Micro 5.1 (src): shim-15.7-150300.4.11.1 SUSE Linux Enterprise Micro 5.2 (src): shim-15.7-150300.4.11.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): shim-15.7-150300.4.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1205588 Joey Lee <jlee@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dennis.tseng@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1205588 https://bugzilla.suse.com/show_bug.cgi?id=1205588#c19 --- Comment #19 from Joey Lee <jlee@suse.com> --- (In reply to Joey Lee from comment #1)
I have tested kernel in kernel-default-6.0.8-1.1.x86_64 rpm for openSUSE TW. It also works for booting with PcdDxeNxMemoryProtectionPolicy=0x4. But the same kernel can not boot with grub2-x86_64-efi-2.06-31.1.noarch.
Just for note, kernel introduced EFI_DXE_MEM_ATTRIBUTES=y by 82e0d6d76a patch since v5.19-rc1. So 15-SP5 and Tumbleweed kernels can boot with NX memory protection firmware. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1205588 https://bugzilla.suse.com/show_bug.cgi?id=1205588#c21 --- Comment #21 from Joey Lee <jlee@suse.com> --- After discussion with grub2 expert, Michael Chang in mail, I removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to enable the NX compatibility flag. It's useful for further development and testing. The submitreq is here: https://build.opensuse.org/request/show/1078224 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1205588 https://bugzilla.suse.com/show_bug.cgi?id=1205588#c22 --- Comment #22 from Joey Lee <jlee@suse.com> --- Created attachment 866239 --> https://bugzilla.suse.com/attachment.cgi?id=866239&action=edit mu_tiano_platforms-release-202202.tar.bz2 This tarball includes 3 fd images which built from mu_tiano_platforms for testing. Please check the README in tarball https://github.com/microsoft/mu_tiano_platforms -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1205588 https://bugzilla.suse.com/show_bug.cgi?id=1205588#c23 --- Comment #23 from Joey Lee <jlee@suse.com> --- Created attachment 866240 --> https://bugzilla.suse.com/attachment.cgi?id=866240&action=edit hackweek22-wrap-up-Joey-20220203.pdf The attached PDF has building process of Microsoft Mu project for reference. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com