* [edk2-devel] Alignment fault in __memcpy when SbsaQemu is built uncompressed
@ 2024-06-22 18:04 Rebecca Cran
2024-06-24 16:47 ` Marcin Juszkiewicz
2024-06-29 15:26 ` Ard Biesheuvel
0 siblings, 2 replies; 4+ messages in thread
From: Rebecca Cran @ 2024-06-22 18:04 UTC (permalink / raw)
To: devel@edk2.groups.io; +Cc: Ard Biesheuvel, Marcin Juszkiewicz
I decided to do some testing around the cost of copying vs decompressing
and moved all the drivers in SbsaQemu into the uncompressed section (as
described in
https://github.com/tianocore/tianocore.github.io/wiki/ArmPkg-Compression),
but firmware built with CLANGDWARF causes an alignment fault when
writing the last 64 bytes in __memcpy via FvReadFile -> AllocateCopyPool
-> InternalAllocateCopyPool -> InternalMemCopyMem -> __memcpy
(AArch64/CopyMem.S in BaseMemoryLibOptDxe).
InternalAllocateCopyPool calls CopyMem with Memory=0x1000694d018,
Buffer=0x10a71300, AllocationSize=274476.
The instruction that causes the fault is:
ldp x14, x15, [x4, #-64]
Where x4=0x10ab432c
The crash log is:
Synchronous Exception at 0x0000010007F48628
PC 0x010007F48628 (0x010007F42000+0x00006628) [ 0] DxeCore.dll
PC 0x010007F484CC (0x010007F42000+0x000064CC) [ 0] DxeCore.dll
PC 0x010007F4A404 (0x010007F42000+0x00008404) [ 0] DxeCore.dll
PC 0x010007F4A558 (0x010007F42000+0x00008558) [ 0] DxeCore.dll
PC 0x010007F79BF0 (0x010007F42000+0x00037BF0) [ 0] DxeCore.dll
PC 0x010007F7A210 (0x010007F42000+0x00038210) [ 0] DxeCore.dll
PC 0x0100078A192C (0x010007880000+0x0002192C) [ 1] BdsDxe.dll
PC 0x0100078A2674 (0x010007880000+0x00022674) [ 1] BdsDxe.dll
PC 0x01000789781C (0x010007880000+0x0001781C) [ 1] BdsDxe.dll
PC 0x010007898330 (0x010007880000+0x00018330) [ 1] BdsDxe.dll
PC 0x01000788C6F4 (0x010007880000+0x0000C6F4) [ 1] BdsDxe.dll
PC 0x01000788CFCC (0x010007880000+0x0000CFCC) [ 1] BdsDxe.dll
PC 0x01000788A400 (0x010007880000+0x0000A400) [ 1] BdsDxe.dll
PC 0x010007F51648 (0x010007F42000+0x0000F648) [ 2] DxeCore.dll
PC 0x010007F43654 (0x010007F42000+0x00001654) [ 2] DxeCore.dll
PC 0x010007F43024 (0x010007F42000+0x00001024) [ 2] DxeCore.dll
[ 0]
/home/bcran/src/tiano/Build/SbsaQemu/NOOPT_CLANGDWARF/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
[ 1]
/home/bcran/src/tiano/Build/SbsaQemu/NOOPT_CLANGDWARF/AARCH64/MdeModulePkg/Universal/BdsDxe/BdsDxe/DEBUG/BdsDxe.dll
[ 2]
/home/bcran/src/tiano/Build/SbsaQemu/NOOPT_CLANGDWARF/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
X0 0x000001000694D018 X1 0x0000000010AB42F8 X2
0xFFFFFFFFFFFFFFE4 X3 0x000001000698FFD0
X4 0x0000000010AB432C X5 0x0000010006990044 X6
0x0000000000000000 X7 0x0000000000000000
X8 0x0000000000000000 X9 0x0000000000000000 X10
0x0000000000000000 X11 0x0000000000000000
X12 0x0000000000000000 X13 0x0000000000000000 X14
0x0000000000000023 X15 0x0000000000000031
X16 0x0000010007F41DB0 X17 0x0000000000000000 X18
0x0000000000000000 X19 0x0000000000000000
X20 0x0000000000000000 X21 0x0000000000000000 X22
0x0000000000000000 X23 0x0000000000000000
X24 0x0000000000000000 X25 0x0000000000000000 X26
0x0000000000000000 X27 0x0000000000000000
X28 0x0000000000000000 FP 0x0000010007F41860 LR 0x0000010007F484CC
V0 0xAFAFAFAFAFAFAFAF AFAFAFAFAFAFAFAF V1 0xFFFFFF80FFFFFFD0
0000010007F41540
V2 0x0000000000000000 0000000000000000 V3 0x0000000000000000
0000000000000000
V4 0x0000000000000000 0000000000000000 V5 0x0000000000000000
0000000000000000
V6 0x0000000000000000 0000000000000000 V7 0x0000000000000000
0000000000000000
V8 0x0000000000000000 0000000000000000 V9 0x0000000000000000
0000000000000000
V10 0x0000000000000000 0000000000000000 V11 0x0000000000000000
0000000000000000
V12 0x0000000000000000 0000000000000000 V13 0x0000000000000000
0000000000000000
V14 0x0000000000000000 0000000000000000 V15 0x0000000000000000
0000000000000000
V16 0x0000000000000000 0000000000000000 V17 0x0000000000000000
0000000000000000
V18 0x0000000000000000 0000000000000000 V19 0x0000000000000000
0000000000000000
V20 0x0000000000000000 0000000000000000 V21 0x0000000000000000
0000000000000000
V22 0x0000000000000000 0000000000000000 V23 0x0000000000000000
0000000000000000
V24 0x0000000000000000 0000000000000000 V25 0x0000000000000000
0000000000000000
V26 0x0000000000000000 0000000000000000 V27 0x0000000000000000
0000000000000000
V28 0x0000000000000000 0000000000000000 V29 0x0000000000000000
0000000000000000
V30 0x0000000000000000 0000000000000000 V31 0x0000000000000000
0000000000000000
SP 0x0000010007F41840 ELR 0x0000010007F48628 SPSR 0x80000209 FPSR
0x00000000
ESR 0x96000021 FAR 0x0000000010AB42EC
ESR : EC 0x25 IL 0x1 ISS 0x00000021
Data abort: Alignment fault
Stack dump:
0010007F41740: 0000000000000000 0000000000000000 0000000000000000
0000000000000000
0010007F41760: 0000000000000000 0000000000000000 0000000000000000
0000000000000000
0010007F41780: 0000000000000000 0000000000000000 0000000000000000
0000000000000000
0010007F417A0: 0000000000000000 0000000000000000 0000000000000000
0000000000000000
0010007F417C0: 0000000000000000 0000000000000000 0000000000000000
0000000000000000
0010007F417E0: 0000000000000000 0000000000000000 0000000000000000
0000000000000000
0010007F41800: 0000000000000000 0000000000000000 0000010007F48618
0000000020000209
0010007F41820: 0000000000000000 0000000000000000 0000000000000000
0000000000000040
> 0010007F41840: 000000000004302C 0000000010A71300 000001000694D018
0000010007F4A3E4
0010007F41860: 0000010007F41890 0000010007F4A404 000001000694D018
0000000010A71300
0010007F41880: 000000000004302C 0000000407F4A538 0000010007F418C0
0000010007F4A558
0010007F418A0: 0000010007F79BF0 0000000020000209 0000000010A71300
000000000004302C
0010007F418C0: 0000010007F41980 0000010007F79BF0 0004302C00000000
000001000753D098
0010007F418E0: 0000010007F41970 0000000100000000 000000000004302C
0000000000000000
0010007F41900: 0000000010A71300 0000000000000000 0000000000043014
0900000000000200
0010007F41920: 45037614462CAA21 312366F4B68A6E83 000001000753D098
0000000000000000
ASSERT [ArmCpuDxe] DefaultExceptionHandler.c(343): ((BOOLEAN)(0==1))
--
Rebecca Cran
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119677): https://edk2.groups.io/g/devel/message/119677
Mute This Topic: https://groups.io/mt/106820121/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [edk2-devel] Alignment fault in __memcpy when SbsaQemu is built uncompressed
2024-06-22 18:04 [edk2-devel] Alignment fault in __memcpy when SbsaQemu is built uncompressed Rebecca Cran
@ 2024-06-24 16:47 ` Marcin Juszkiewicz
2024-06-29 15:26 ` Ard Biesheuvel
1 sibling, 0 replies; 4+ messages in thread
From: Marcin Juszkiewicz @ 2024-06-24 16:47 UTC (permalink / raw)
To: Rebecca Cran, devel@edk2.groups.io; +Cc: Ard Biesheuvel, Leif Lindholm
W dniu 22.06.2024 o 20:04, Rebecca Cran pisze:
> I decided to do some testing around the cost of copying vs
> decompressing and moved all the drivers in SbsaQemu into the
> uncompressed section (as described in
> https://github.com/tianocore/tianocore.github.io/wiki/ArmPkg-Compression),
> but firmware built with CLANGDWARF causes an alignment fault when
> writing the last 64 bytes in __memcpy via FvReadFile ->
> AllocateCopyPool -> InternalAllocateCopyPool -> InternalMemCopyMem ->
> __memcpy (AArch64/CopyMem.S in BaseMemoryLibOptDxe).
I can confirm that managed to reproduce failure. Sorry, but that's all I
can say at the moment. No idea what is going on here.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119698): https://edk2.groups.io/g/devel/message/119698
Mute This Topic: https://groups.io/mt/106820121/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [edk2-devel] Alignment fault in __memcpy when SbsaQemu is built uncompressed
2024-06-22 18:04 [edk2-devel] Alignment fault in __memcpy when SbsaQemu is built uncompressed Rebecca Cran
2024-06-24 16:47 ` Marcin Juszkiewicz
@ 2024-06-29 15:26 ` Ard Biesheuvel
2024-06-29 17:42 ` Rebecca Cran
1 sibling, 1 reply; 4+ messages in thread
From: Ard Biesheuvel @ 2024-06-29 15:26 UTC (permalink / raw)
To: Rebecca Cran, Leif Lindholm; +Cc: devel@edk2.groups.io, Marcin Juszkiewicz
On Sat, 22 Jun 2024 at 20:04, Rebecca Cran <rebecca@bsdio.com> wrote:
>
> I decided to do some testing around the cost of copying vs decompressing
> and moved all the drivers in SbsaQemu into the uncompressed section (as
> described in
> https://github.com/tianocore/tianocore.github.io/wiki/ArmPkg-Compression),
> but firmware built with CLANGDWARF causes an alignment fault when
> writing the last 64 bytes in __memcpy via FvReadFile -> AllocateCopyPool
> -> InternalAllocateCopyPool -> InternalMemCopyMem -> __memcpy
> (AArch64/CopyMem.S in BaseMemoryLibOptDxe).
>
>
> InternalAllocateCopyPool calls CopyMem with Memory=0x1000694d018,
> Buffer=0x10a71300, AllocationSize=274476.
>
> The instruction that causes the fault is:
>
> ldp x14, x15, [x4, #-64]
>
> Where x4=0x10ab432c
>
It looks like the FvReadFile() call is doing a memory copy from the
firmware volume (FV), which seems to be mapped with device attributes
rather than normal memory. With a compressed image, the FV will be
decompressed to normal RAM, so this can never happen at this stage in
the boot (BDS phase)
Looking at Platform/Qemu/SbsaQemu/SbsaQemu.fdf and
Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c, the entire
flash device (FD) which should cover the uncompressed FV is mapped
with cacheable attributes, but the address in question ^^^ is outside
of the predefined window of
BaseAddress = 0x10000000|gArmTokenSpaceGuid.PcdFdBaseAddress
Size = 0x003C0000|gArmTokenSpaceGuid.PcdFdSize
Did you update PcdFdSize to account for the larger footprint of the FV?
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119728): https://edk2.groups.io/g/devel/message/119728
Mute This Topic: https://groups.io/mt/106820121/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [edk2-devel] Alignment fault in __memcpy when SbsaQemu is built uncompressed
2024-06-29 15:26 ` Ard Biesheuvel
@ 2024-06-29 17:42 ` Rebecca Cran
0 siblings, 0 replies; 4+ messages in thread
From: Rebecca Cran @ 2024-06-29 17:42 UTC (permalink / raw)
To: Ard Biesheuvel, Leif Lindholm; +Cc: devel@edk2.groups.io, Marcin Juszkiewicz
On 6/29/24 9:26 AM, Ard Biesheuvel wrote:
> It looks like the FvReadFile() call is doing a memory copy from the
> firmware volume (FV), which seems to be mapped with device attributes
> rather than normal memory. With a compressed image, the FV will be
> decompressed to normal RAM, so this can never happen at this stage in
> the boot (BDS phase)
>
> Looking at Platform/Qemu/SbsaQemu/SbsaQemu.fdf and
> Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c, the entire
> flash device (FD) which should cover the uncompressed FV is mapped
> with cacheable attributes, but the address in question ^^^ is outside
> of the predefined window of
>
> BaseAddress = 0x10000000|gArmTokenSpaceGuid.PcdFdBaseAddress
> Size = 0x003C0000|gArmTokenSpaceGuid.PcdFdSize
>
> Did you update PcdFdSize to account for the larger footprint of the FV?
I updated the .fdf file to set the Size to 0x00EC0000 and updated the
NumBlocks, offsets etc.
--
Rebecca Cran
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119729): https://edk2.groups.io/g/devel/message/119729
Mute This Topic: https://groups.io/mt/106820121/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-06-29 17:42 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-06-22 18:04 [edk2-devel] Alignment fault in __memcpy when SbsaQemu is built uncompressed Rebecca Cran
2024-06-24 16:47 ` Marcin Juszkiewicz
2024-06-29 15:26 ` Ard Biesheuvel
2024-06-29 17:42 ` Rebecca Cran
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox