From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from ma1-aaemail-dr-lapp01.apple.com (ma1-aaemail-dr-lapp01.apple.com [17.171.2.60]) by mx.groups.io with SMTP id smtpd.web11.1.1658774731912713886 for ; Mon, 25 Jul 2022 11:45:32 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@apple.com header.s=20180706 header.b=HcVlYVSy; spf=pass (domain: apple.com, ip: 17.171.2.60, mailfrom: afish@apple.com) Received: from pps.filterd (ma1-aaemail-dr-lapp01.apple.com [127.0.0.1]) by ma1-aaemail-dr-lapp01.apple.com (8.16.0.42/8.16.0.42) with SMTP id 26PIYeC6016149; Mon, 25 Jul 2022 11:45:30 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=+7+YhT16bcKy1X3irmBd37kr+Vru9LobhoZUBDEAH2o=; b=HcVlYVSykuB7s1Mx0w72kZv2bb+brbD/MPQdJkHmdHMxu6Q8uJIpg0SrE7LxdRbxaGhy ZQsCkCfCpciYhVxaVc5k12ABeBsLIHn1PKAnAoczTTDsQwTl70AeFrXW7hZvzFPQm2Vz ehk4ksfykTGwouSXGMZYZxIVacJNIS0fycRq57T8CjGghIeTRgoj1d8MNksHoKj4cJ5m YyDZy3Mc3V2qwHVtHGAFnnvLwH5w4VZDGztbe4uoWb8C9gcfyD9NRfVK7thuMc57x23u 4Xx/9q/2EA3fImjs+Bxyfui0rjdudgZRXSInlp0rxCKd9nALGQMQtFy+JtvY39OK25b5 xA== Received: from rn-mailsvcp-mta-lapp02.rno.apple.com (rn-mailsvcp-mta-lapp02.rno.apple.com [10.225.203.150]) by ma1-aaemail-dr-lapp01.apple.com with ESMTP id 3hgfn39w7c-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Mon, 25 Jul 2022 11:45:30 -0700 Received: from rn-mailsvcp-mmp-lapp02.rno.apple.com (rn-mailsvcp-mmp-lapp02.rno.apple.com [17.179.253.15]) by rn-mailsvcp-mta-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.18.20220407 64bit (built Apr 7 2022)) with ESMTPS id <0RFL00425ART2KM0@rn-mailsvcp-mta-lapp02.rno.apple.com>; Mon, 25 Jul 2022 11:45:29 -0700 (PDT) Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp02.rno.apple.com by rn-mailsvcp-mmp-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.18.20220407 64bit (built Apr 7 2022)) id <0RFL00J00A37WQ00@rn-mailsvcp-mmp-lapp02.rno.apple.com>; Mon, 25 Jul 2022 11:45:29 -0700 (PDT) X-Va-A: X-Va-T-CD: f900b3001c7ef03eb53e4f1f41858654 X-Va-E-CD: fa9e1aa2e33b303a80c7290ebbbc84ef X-Va-R-CD: b22de2176895e5e0422f5f3b61053f8b X-Va-CD: 0 X-Va-ID: a28d21b2-3b77-4b24-98e1-6e96ec36e780 X-V-A: X-V-T-CD: f900b3001c7ef03eb53e4f1f41858654 X-V-E-CD: fa9e1aa2e33b303a80c7290ebbbc84ef X-V-R-CD: b22de2176895e5e0422f5f3b61053f8b X-V-CD: 0 X-V-ID: f9426617-84da-42d8-bb24-be66d1bdb582 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.517,18.0.883 definitions=2022-07-25_12:2022-07-25,2022-07-25 signatures=0 Received: from smtpclient.apple (unknown [17.235.32.128]) by rn-mailsvcp-mmp-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.18.20220407 64bit (built Apr 7 2022)) with ESMTPSA id <0RFL00SIBARP7L00@rn-mailsvcp-mmp-lapp02.rno.apple.com>; Mon, 25 Jul 2022 11:45:26 -0700 (PDT) From: "Andrew Fish" Message-id: <116DE63D-B96C-4D2F-9CF6-299F053329D7@apple.com> MIME-version: 1.0 (Mac OS X Mail 16.0 \(3729.0.22.1.1\)) Subject: Re: [edk2-devel] Casting i128 into f64 in UEFI Rust pagefaults Date: Mon, 25 Jul 2022 11:45:15 -0700 In-reply-to: <170523E2507C1293.4676@groups.io> Cc: ayushdevel1325@gmail.com, Mike Kinney , "mikuback@linux.microsoft.com" , "Gaibusab, Jabeena B" , "Yao, Jiewen" To: edk2-devel-groups-io , Andrew Fish References: <15b0ac38-4b55-4b19-3f76-506c5b858949@gmail.com> <170523E2507C1293.4676@groups.io> X-Mailer: Apple Mail (2.3729.0.22.1.1) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.517,18.0.883 definitions=2022-07-25_12:2022-07-25,2022-07-25 signatures=0 Content-type: multipart/alternative; boundary="Apple-Mail=_2CD1AC7F-3358-4045-B3C0-385E68E9E5CF" --Apple-Mail=_2CD1AC7F-3358-4045-B3C0-385E68E9E5CF Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Ops=E2=80=A6 Looks like your PE/COFF is linked at 0x0000000140000000, so 0x= 140001b60 is the interesting bit. (lldb) dis -s 0x0000000140001B60 -b hello_world_std.efi[0x140001b60]: 48 8b 09 movq (%r= cx), %rcx hello_world_std.efi[0x140001b63]: 48 01 c1 addq %ra= x, %rcx hello_world_std.efi[0x140001b66]: 4c 89 c2 movq %r8= , %rdx hello_world_std.efi[0x140001b69]: 48 11 c2 adcq %ra= x, %rdx hello_world_std.efi[0x140001b6c]: 48 31 c1 xorq %ra= x, %rcx hello_world_std.efi[0x140001b6f]: 48 31 c2 xorq %ra= x, %rdx hello_world_std.efi[0x140001b72]: 48 be 00 00 00 00 00 00 00 80 movabsq $-= 0x8000000000000000, %rsi ; imm =3D 0x8000000000000000=20 hello_world_std.efi[0x140001b7c]: 4c 21 c6 andq %r8= , %rsi RCX - FFFFFFFFFFFFFFFF So yea that looks like the fault.=20 I don=E2=80=99t see that pattern in your .s file=E2=80=A6.=20 Can you figure out what function is @ 0x140001b60 in the PE/COFF image. Do = you have a map file from the linker? Thanks, Andrew Fish PS Again sorry I don=E2=80=99t have anything installed to crack PDB files.= =20 Thanks, Andrew Fish > On Jul 25, 2022, at 10:51 AM, Andrew Fish via groups.io wrote: >=20 > Ayush, >=20 > CR2 is the fault address so 0xFFFFFFFFFFFFFFFF. Given for EFI Virt =3D=3D= Physical the fault address looks like a bad pointer.=20 >=20 > Sorry I=E2=80=99ve not used VC++ in a long time so I don=E2=80=99t know h= ow to debug with VC++, but If I was using clang/lldb I=E2=80=99d look at th= e source and assembly for the fault address.=20 >=20 > The image base is: 0x000000000603C000 > The fault PC/RIP is: 000000000603DB60 >=20 > So the faulting code is at 0x1B60 in the image. Given the images are link= ed at zero you should be able to load the build product into the debugger a= nd look at what code is at offset 0x1B60. The same should work for any tool= s that dump the binary.=20 >=20 > Thanks, >=20 > Andrew Fish >=20 >> On Jul 25, 2022, at 10:33 AM, Ayush Singh wro= te: >>=20 >> Hello everyone.While running Rust tests in UEFI environment, I have come= across a numeric test that causes a pagefault. A simple reproducible examp= le for this is given below: >>=20 >> ```rust >>=20 >> fn main() { >> use std::hint::black_box as b; >>=20 >> let z: i128 =3D b(1); >> assert!((-z as f64) < 0.0); >> } >>=20 >> ``` >>=20 >>=20 >> The exception output is as follows: >>=20 >> ``` >>=20 >> !!!! X64 Exception Type - 0E(#PF - Page-Fault) CPU Apic ID - 00000000 != !!! >> ExceptionData - 0000000000000000 I:0 R:0 U:0 W:0 P:0 PK:0 SS:0 SGX:0 >> RIP - 000000000603DB60, CS - 0000000000000038, RFLAGS - 00000000000002= 46 >> RAX - 0000000000000000, RCX - FFFFFFFFFFFFFFFF, RDX - FFFFFFFFFFFFFFFF >> RBX - 0000000000000000, RSP - 0000000007EDF1D0, RBP - 0000000007EDF4C0 >> RSI - 0000000007EDF360, RDI - 0000000007EDF3C0 >> R8 - 0000000000000000, R9 - 0000000000000038, R10 - 0000000000000000 >> R11 - 0000000000000000, R12 - 00000000060C6018, R13 - 0000000007EDF520 >> R14 - 0000000007EDF6A8, R15 - 0000000005FA9490 >> DS - 0000000000000030, ES - 0000000000000030, FS - 0000000000000030 >> GS - 0000000000000030, SS - 0000000000000030 >> CR0 - 0000000080010033, CR2 - FFFFFFFFFFFFFFFF, CR3 - 0000000007C01000 >> CR4 - 0000000000000668, CR8 - 0000000000000000 >> DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000 >> DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400 >> GDTR - 00000000079DE000 0000000000000047, LDTR - 0000000000000000 >> IDTR - 0000000007418018 0000000000000FFF, TR - 0000000000000000 >> FXSAVE_STATE - 0000000007EDEE30 >> !!!! Find image based on IP(0x603DB60) /var/home/ayush/Documents/Program= ming/Rust/uefi/hello_world_std/target/x86_64-unknown-uefi/debug/deps/hello_= world_std-338028f9369e2d42.pdb (ImageBase=3D000000000603C000, EntryPoint=3D= 000000000603D8C0) !!!! >>=20 >> ``` >>=20 >>=20 >> From my testing, the exception only occurs when a few conditions are met= . >>=20 >> 1. The binary is compiled in Debug mode. No error in Release mode. >>=20 >> 2. `i128` is in a black_box [1]. Does not occur if `black_box` is not pr= esent. >>=20 >> 3. It has to be `i128`. `i64` or something else work fine. >>=20 >> 4. The cast has to be done on `-z`. Doing the same with `+z` is fine. >>=20 >>=20 >> I have also been discussing this in the Rust zulipchat [2], so feel free= to chime in there. >>=20 >>=20 >> Additionally, here are links for more information about this program: >>=20 >> 1. Assembly: https://rust-lang.zulipchat.com/user_uploads/4715/od51Y9Dkf= jahcg9HHcOud8Fm/hello_world_std-338028f9369e2d42.s >>=20 >> 2. EFI Binary: https://rust-lang.zulipchat.com/user_uploads/4715/CknqtXL= R8SaJZmyOnXctQkpL/hello_world_std.efi >>=20 >> 3. PDB file: https://rust-lang.zulipchat.com/user_uploads/4715/zV4i6Dsjg= QXotp_gS1naEsU0/hello_world_std-338028f9369e2d42.pdb >>=20 >>=20 >> Yours Sincerely, >>=20 >> Ayush Singh >>=20 >>=20 >> [1]: https://doc.rust-lang.org/std/hint/fn.black_box.html >>=20 >> [2]: https://rust-lang.zulipchat.com/#narrow/stream/182449-t-compiler.2F= help/topic/Casting.20i128.20to.20f64.20in.20black_box.20causes.20exception.= 20in.20UEFI >>=20 >>=20 >>=20 >=20 >=20 --Apple-Mail=_2CD1AC7F-3358-4045-B3C0-385E68E9E5CF Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Ops=E2=80=A6 Looks like your PE/C= OFF is linked at 0x0000000140000000, so 0x140001b60 is the intere= sting bit.

(lldb) dis -s 0x00000= 00140001B60 -b

hello_world_std.efi[0x140001b60]: = 48 8b 09                   &nb= sp;   movq   (%rcx), %rcx

hello_world_s= td.efi[0x140001b63]: 48 01 c1             &nb= sp;         addq   %rax, %rcx

hello_world_std.efi[0x140001b66]: 4c 89 c2       &nb= sp;               movq   %r8, %rdx<= /span>

hello_world_std.efi[0x140001b69]: 48 11 c2  =                     adcq=   %rax, %rdx

hello_world_std.efi[0x140001b6= c]: 48 31 c1                  =     xorq   %rax, %rcx

hello_world= _std.efi[0x140001b6f]: 48 31 c2             &= nbsp;         xorq   %rax, %rdx

hello_world_std.efi[0x140001b72]: 48 be 00 00 00 00 00 00 00 80&nbs= p; movabsq $-0x8000000000000000, %rsi ; imm =3D 0x8000000000000000 

hello_world_std.efi[0x140001b7c]: 4c 21 c6   &= nbsp;                   andq &= nbsp; %r8, %rsi


 RCX - FFFFFFFFFFFFFFFF

So yea that lo= oks like the fault. 

I don=E2=80=99t see that pattern in your= .s file=E2=80=A6. 

Can you figure out what function is @&nbs= p;0x140001b60 i= n the PE/COFF image. Do you have a map file from the linker?

<= /div>
Thank= s,

Andrew Fish

PS Again sorry I don=E2=80=99t have anythi= ng installed to crack PDB files. 

Thanks,
<= span style=3D"font-variant-ligatures: no-common-ligatures">
Andrew Fi= sh

On Jul 25, 2022, at = 10:51 AM, Andrew Fish via groups.io <afish=3Dapple.com@groups.io> wro= te:

Ayus= h,

CR2 = is the fault address so 0xFFFFFFFFFFFFFFFF. Given for EFI Virt =3D=3D Physi= cal the fault address looks like a bad pointer. 

Sorry I=E2=80=99ve not used V= C++ in a long time so I don=E2=80=99t know how to debug with VC++, but If I= was using clang/lldb I=E2=80=99d look at the source and assembly for the f= ault address. 

The image base is: 0x000000000603C000
The fault PC/RIP is: 000000000603DB60
=
So the faulting code is at 0x1B60 in th= e image. Given the images are linked at zero you should be able to load the= build product into the debugger and look at what code is at offset 0x1B60.= The same should work for any tools that dump the binary. 

Thanks,

Andrew Fish

On Jul 25, 2022, at 10:33 AM, Ayush Sin= gh <ayushdevel1325@gmail.com> wrote:

Hello everyone.While running Rust tests in UEFI environment, I h= ave come across a numeric test that causes a pagefault. A simple reproducib= le example for this is given below:

```rust

<= span style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size:= 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; let= ter-spacing: normal; text-align: start; text-indent: 0px; text-transform: n= one; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px= ; text-decoration: none; float: none; display: inline !important;">fn main(= ) {
    use std::hint::black_box as = b;

    let = z: i128 =3D b(1);
    assert!((-z as= f64) < 0.0);
}
<= br style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 1= 2px; font-style: normal; font-variant-caps: normal; font-weight: 400; lette= r-spacing: normal; text-align: start; text-indent: 0px; text-transform: non= e; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; = text-decoration: none;">```

The exception output is as follows:

```

!!!! X64 Exception Type - 0E(#PF - Page-Fault)  CPU Apic ID -= 00000000 !!!!
ExceptionData - 0000000000000000&nbs= p; I:0 R:0 U:0 W:0 P:0 PK:0 SS:0 SGX:0
RIP  - = 000000000603DB60, CS  - 0000000000000038, RFLAGS - 0000000000000246
RAX  - 0000000000000000, RCX - FFFFFFFFFFFFFFFF,= RDX - FFFFFFFFFFFFFFFF
RBX  - 000000000000000= 0, RSP - 0000000007EDF1D0, RBP - 0000000007EDF4C0
R= SI  - 0000000007EDF360, RDI - 0000000007EDF3C0
R8   - 0000000000000000, R9  - 0000000000000038, R10 - 0000= 000000000000
R11  - 0000000000000000, R12 - 00= 000000060C6018, R13 - 0000000007EDF520
R14  - = 0000000007EDF6A8, R15 - 0000000005FA9490
DS &n= bsp; - 0000000000000030, ES  - 0000000000000030, FS  - 0000000000= 000030
GS   - 0000000000000030, SS  = - 0000000000000030
CR0  - 0000000080010033, CR= 2 - FFFFFFFFFFFFFFFF, CR3 - 0000000007C01000
CR4&nb= sp; - 0000000000000668, CR8 - 0000000000000000
DR0&= nbsp; - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000
DR3  - 0000000000000000, DR6 - 00000000FFFF0FF0,= DR7 - 0000000000000400
GDTR - 00000000079DE000 000= 0000000000047, LDTR - 0000000000000000
IDTR - 00000= 00007418018 0000000000000FFF,   TR - 0000000000000000
FXSAVE_STATE - 0000000007EDEE30
!!!! F= ind image based on IP(0x603DB60) /var/home/ayush/Documents/Programming/Rust= /uefi/hello_world_std/target/x86_64-unknown-uefi/debug/deps/hello_world_std= -338028f9369e2d42.pdb (ImageBase=3D000000000603C000, EntryPoint=3D000000000= 603D8C0) !!!!

```

From my t= esting, the exception only occurs when a few conditions are met.

1. The binary is compiled in Debug m= ode. No error in Release mode.

2. `i128` is in a black_box [1]. Does not occur if `black_box` is not = present.

3. It has to be `= i128`. `i64` or something else work fine.
4. The cast has to be done on `-z`. Doing the same with `+z= ` is fine.


I have also been discussing this in the Rust zulipchat [2], so fe= el free to chime in there.


Additionally, here are links for more information= about this program:

1. As= sembly: https://rust-lang.zulipchat.com/user_uploads/4715/od51Y9Dkfjahcg9HH= cOud8Fm/hello_world_std-338028f9369e2d42.s

2. EFI Binary: https://rust-lang.zulipchat.com/user_uploads/4715/CknqtXLR8Sa= JZmyOnXctQkpL/hello_world_std.efi

3. PDB file: = https://rust-lang.zulipchat.com/user_uploads/4715/zV4i6= DsjgQXotp_gS1naEsU0/hello_world_std-338028f9369e2d42.pdb


Yours Sincerely,

Ayush Singh


[1]: https://doc.rust-lang.org/std/hint/fn.black_box.html

[2]:&nbs= p;https://rust-lang.zulipchat.com/#narrow/stream/182449-t-compiler.2Fhelp/= topic/Casting.20i128.20to.20f64.20in.20black_box.20causes.20exception.20in.= 20UEFI





--Apple-Mail=_2CD1AC7F-3358-4045-B3C0-385E68E9E5CF--