From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-vs1-f42.google.com (mail-vs1-f42.google.com [209.85.217.42]) by mx.groups.io with SMTP id smtpd.web11.10921.1658862760853149643 for ; Tue, 26 Jul 2022 12:12:41 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=GckHoBTT; spf=pass (domain: gmail.com, ip: 209.85.217.42, mailfrom: pedro.falcato@gmail.com) Received: by mail-vs1-f42.google.com with SMTP id c3so14560302vsc.6 for ; Tue, 26 Jul 2022 12:12:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ewk6xK2UGef7SqSR5U5J3UHd/Zq8yh9xEOhhZ7E4C5U=; b=GckHoBTTQDU+AyGp1VF1IqcuzWhv2qOEciiaFpnNse14U/sK9wpOsXuLdCsPlw5oGG ue6Bh0sr7uaiJFOMv2hTe0XCm8UHfRtYqvvX2o9xepX/uGTNQZAuCYalQ/1gK3UjxpRN o6kW9xvSGNdmFx0XJHqf22nr7lQIWXoNGpDRVQTx6RmwKH5patjvEmCWaQklxHiLUOtU m3mkqcmsSeTnceTLc7/uglvFcjPpcwxB4raIt7DWu4RAKIf6gwJfYL7dlymHQse1AHZh dDSEoa0nRikeke9zUp1azXAnhKCWzKXd7RXNQwEDY+brT8meophAQ0ybKzGxuDH64FKs h34A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ewk6xK2UGef7SqSR5U5J3UHd/Zq8yh9xEOhhZ7E4C5U=; b=cR/DWR7cVIMMk62LA9zyURsLWLDOhBWRceB2cvX11M1wlK5mW6GA+RFZ8/2xYVmww6 YiEEkZzxHMiS7RL51p0cpn6crIRXEAyYtO2GAexgCJ2KpuwqZFFtY6Hf9wDxqsdvWy4n wbDlmHb/wGB/n2/4mCSOtTiU0i4lw83TNmoDuOjxNxGkDO7/Yq0W+HVrMFb0a4ucoYcW Udsh53Z0uknphbjF1Ir/waAwceyMXVPjIC/d2WAQZg++4R68uHyoLNCU2nCIqbqz/soy 7Xp1iHDIGpwDWcRVtAVeE/Y3sl1iCLv7IvzjZp9rc/CC3aJs2X22iwyTufPdG2OJE4Hr 1cRg== X-Gm-Message-State: AJIora/CW6qe7x7Am3sYNklFCzaQPaQE7lXPX4h2dSv2jh9A3+oz9uVR 3wP/ich8rVEGRYXC/8E7isZLifNRMVZMU8zkyK645IM0KKY= X-Google-Smtp-Source: AGRyM1utVAYVSIi2T9zkzxYSem9BjYuX1Rs2yhQDb6RVch7Pp4VY5WH12cL8esox8/fAmoq80sSjZKHS3+r99kt1u94= X-Received: by 2002:a67:af07:0:b0:358:3951:343e with SMTP id v7-20020a67af07000000b003583951343emr5355235vsl.6.1658862759475; Tue, 26 Jul 2022 12:12:39 -0700 (PDT) MIME-Version: 1.0 References: <15b0ac38-4b55-4b19-3f76-506c5b858949@gmail.com> <170523E2507C1293.4676@groups.io> <116DE63D-B96C-4D2F-9CF6-299F053329D7@apple.com> <57E4EE5B-4A4C-4592-A811-14DB025C58E1@apple.com> <17a84748-381f-e438-a338-c6ab0dbabdc6@gmail.com> In-Reply-To: <17a84748-381f-e438-a338-c6ab0dbabdc6@gmail.com> From: "Pedro Falcato" Date: Tue, 26 Jul 2022 20:12:27 +0100 Message-ID: Subject: Re: [edk2-devel] Casting i128 into f64 in UEFI Rust pagefaults To: edk2-devel-groups-io , Ayush Singh Cc: Andrew Fish , Mike Kinney , "mikuback@linux.microsoft.com" , "Gaibusab, Jabeena B" , "Yao, Jiewen" Content-Type: multipart/alternative; boundary="00000000000082811505e4ba1569" --00000000000082811505e4ba1569 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Fyi, please don't file bugs upstream just now. You're not sure if they're LLVM problems (and they're likely not, else they would affect everyone else, not just UEFI code). Try to get a simpler, reliable repro (and do share with us!) before saying it's an LLVM bug. In my experience, most "what the hell" "compiler bugs" ended up being things I accidentally set up wrong, or didn't set up at all, and broke things in a subtle way. On Tue, Jul 26, 2022 at 6:43 AM Ayush Singh wrote: > Hi Andrew. Thanks for all your work. The more I look at this, the more it > feels like it might be a problem on the LLVM side instead of Rust. I also > found some more tests (all related to numbers btw) which can cause > different types of exceptions, so I think I will try filing bugs upstream= . > > Yours Sincerely, > > Ayush Singh > > > On 7/26/22 00:24, Andrew Fish wrote: > > I guess I could at least dump to the end (req)=E2=80=A6. Going backwards = is a bit > painful in x86. > > (lldb) dis -s 0x0000000140001B60 -b -c 30 > > hello_world_std.efi[0x140001b60]: 48 8b 09 movq > (%rcx), %rcx > > hello_world_std.efi[0x140001b63]: 48 01 c1 addq > %rax, %rcx > > hello_world_std.efi[0x140001b66]: 4c 89 c2 movq > %r8, %rdx > > hello_world_std.efi[0x140001b69]: 48 11 c2 adcq > %rax, %rdx > > hello_world_std.efi[0x140001b6c]: 48 31 c1 xorq > %rax, %rcx > > hello_world_std.efi[0x140001b6f]: 48 31 c2 xorq > %rax, %rdx > > hello_world_std.efi[0x140001b72]: 48 be 00 00 00 00 00 00 00 80 movabsq > $-0x8000000000000000, %rsi ; imm =3D 0x8000000000000000 > > hello_world_std.efi[0x140001b7c]: 4c 21 c6 andq > %r8, %rsi > > hello_world_std.efi[0x140001b7f]: e8 5c 55 00 00 callq > 0x1400070e0 > > hello_world_std.efi[0x140001b84]: 48 09 f0 orq > %rsi, %rax > > hello_world_std.efi[0x140001b87]: 48 83 c4 20 addq > $0x20, %rsp > > hello_world_std.efi[0x140001b8b]: 5e popq > %rsi > > hello_world_std.efi[0x140001b8c]: c3 retq > > hello_world_std.efi[0x140001b8d]: cc int3 > > hello_world_std.efi[0x140001b8e]: cc int3 > > hello_world_std.efi[0x140001b8f]: cc int3 > > hello_world_std.efi[0x140001b90]: e9 db 55 00 00 jmp > 0x140007170 > > hello_world_std.efi[0x140001b95]: cc int3 > =E2=80=A6 > > Then we can guess based on how functions get aligned to find the start=E2= =80=A6. > > hello_world_std.efi[0x140001b50]: 56 > pushq %rsi > > hello_world_std.efi[0x140001b51]: 48 83 ec 20 > subq $0x20, %rsp > > hello_world_std.efi[0x140001b55]: 4c 8b 41 08 > movq 0x8(%rcx), %r8 > > hello_world_std.efi[0x140001b59]: 4c 89 c0 > movq %r8, %rax > > hello_world_std.efi[0x140001b5c]: 48 c1 f8 3f > sarq $0x3f, %rax > > hello_world_std.efi[0x140001b60]: 48 8b 09 > movq (%rcx), %rcx > > hello_world_std.efi[0x140001b63]: 48 01 c1 > addq %rax, %rcx > > hello_world_std.efi[0x140001b66]: 4c 89 c2 > movq %r8, %rdx > > hello_world_std.efi[0x140001b69]: 48 11 c2 > adcq %rax, %rdx > > hello_world_std.efi[0x140001b6c]: 48 31 c1 > xorq %rax, %rcx > > hello_world_std.efi[0x140001b6f]: 48 31 c2 > xorq %rax, %rdx > > hello_world_std.efi[0x140001b72]: 48 be 00 00 00 00 00 00 00 80 > movabsq $-0x8000000000000000, %rsi ; imm =3D 0x8000000000000000 > > hello_world_std.efi[0x140001b7c]: 4c 21 c6 > andq %r8, %rsi > > hello_world_std.efi[0x140001b7f]: e8 5c 55 00 00 > callq 0x1400070e0 > > hello_world_std.efi[0x140001b84]: 48 09 f0 > orq %rsi, %rax > > hello_world_std.efi[0x140001b87]: 48 83 c4 20 > addq $0x20, %rsp > > hello_world_std.efi[0x140001b8b]: 5e > popq %rsi > > hello_world_std.efi[0x140001b8c]: c3 > retq > > So the faulting function is getting passed a bad pointer as its 1st arg. > > Thanks, > > Andrew Fish > > On Jul 25, 2022, at 11:45 AM, Andrew Fish > wrote: > > Ops=E2=80=A6 Looks like your PE/COFF is linked at 0x0000000140000000, > so 0x140001b60 is the interesting bit. > > (lldb) dis -s 0x0000000140001B60 -b > hello_world_std.efi[0x140001b60]: 48 8b 09 movq > (%rcx), %rcx > hello_world_std.efi[0x140001b63]: 48 01 c1 addq > %rax, %rcx > hello_world_std.efi[0x140001b66]: 4c 89 c2 movq > %r8, %rdx > hello_world_std.efi[0x140001b69]: 48 11 c2 adcq > %rax, %rdx > hello_world_std.efi[0x140001b6c]: 48 31 c1 xorq > %rax, %rcx > hello_world_std.efi[0x140001b6f]: 48 31 c2 xorq > %rax, %rdx > hello_world_std.efi[0x140001b72]: 48 be 00 00 00 00 00 00 00 80 movabsq > $-0x8000000000000000, %rsi ; imm =3D 0x8000000000000000 > hello_world_std.efi[0x140001b7c]: 4c 21 c6 andq > %r8, %rsi > > RCX - FFFFFFFFFFFFFFFF > > So yea that looks like the fault. > > I don=E2=80=99t see that pattern in your .s file=E2=80=A6. > > Can you figure out what function is @ 0x140001b60 in the PE/COFF image. > Do you have a map file from the linker? > > Thanks, > > Andrew Fish > > PS Again sorry I don=E2=80=99t have anything installed to crack PDB files= . > > Thanks, > > Andrew Fish > > On Jul 25, 2022, at 10:51 AM, Andrew Fish via groups.io > wrote: > > Ayush, > > CR2 is the fault address so 0xFFFFFFFFFFFFFFFF. Given for EFI Virt =3D=3D > Physical the fault address looks like a bad pointer. > > Sorry I=E2=80=99ve not used VC++ in a long time so I don=E2=80=99t know h= ow to debug with > VC++, but If I was using clang/lldb I=E2=80=99d look at the source and as= sembly for > the fault address. > > The image base is: 0x000000000603C000 > The fault PC/RIP is: 000000000603DB60 > > So the faulting code is at 0x1B60 in the image. Given the images are > linked at zero you should be able to load the build product into the > debugger and look at what code is at offset 0x1B60. The same should work > for any tools that dump the binary. > > Thanks, > > Andrew Fish > > On Jul 25, 2022, at 10:33 AM, Ayush Singh > wrote: > > Hello everyone.While running Rust tests in UEFI environment, I have come > across a numeric test that causes a pagefault. A simple reproducible > example for this is given below: > > ```rust > > fn main() { > use std::hint::black_box as b; > > let z: i128 =3D b(1); > assert!((-z as f64) < 0.0); > } > > ``` > > > The exception output is as follows: > > ``` > > !!!! X64 Exception Type - 0E(#PF - Page-Fault) CPU Apic ID - 00000000 !!= !! > ExceptionData - 0000000000000000 I:0 R:0 U:0 W:0 P:0 PK:0 SS:0 SGX:0 > RIP - 000000000603DB60, CS - 0000000000000038, RFLAGS - 000000000000024= 6 > RAX - 0000000000000000, RCX - FFFFFFFFFFFFFFFF, RDX - FFFFFFFFFFFFFFFF > RBX - 0000000000000000, RSP - 0000000007EDF1D0, RBP - 0000000007EDF4C0 > RSI - 0000000007EDF360, RDI - 0000000007EDF3C0 > R8 - 0000000000000000, R9 - 0000000000000038, R10 - 0000000000000000 > R11 - 0000000000000000, R12 - 00000000060C6018, R13 - 0000000007EDF520 > R14 - 0000000007EDF6A8, R15 - 0000000005FA9490 > DS - 0000000000000030, ES - 0000000000000030, FS - 0000000000000030 > GS - 0000000000000030, SS - 0000000000000030 > CR0 - 0000000080010033, CR2 - FFFFFFFFFFFFFFFF, CR3 - 0000000007C01000 > CR4 - 0000000000000668, CR8 - 0000000000000000 > DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000 > DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400 > GDTR - 00000000079DE000 0000000000000047, LDTR - 0000000000000000 > IDTR - 0000000007418018 0000000000000FFF, TR - 0000000000000000 > FXSAVE_STATE - 0000000007EDEE30 > !!!! Find image based on IP(0x603DB60) > /var/home/ayush/Documents/Programming/Rust/uefi/hello_world_std/target/x8= 6_64-unknown-uefi/debug/deps/hello_world_std-338028f9369e2d42.pdb > (ImageBase=3D000000000603C000, EntryPoint=3D000000000603D8C0) !!!! > > ``` > > > From my testing, the exception only occurs when a few conditions are met. > > 1. The binary is compiled in Debug mode. No error in Release mode. > > 2. `i128` is in a black_box [1]. Does not occur if `black_box` is not > present. > > 3. It has to be `i128`. `i64` or something else work fine. > > 4. The cast has to be done on `-z`. Doing the same with `+z` is fine. > > > I have also been discussing this in the Rust zulipchat [2], so feel free > to chime in there. > > > Additionally, here are links for more information about this program: > > 1. Assembly: > https://rust-lang.zulipchat.com/user_uploads/4715/od51Y9Dkfjahcg9HHcOud8F= m/hello_world_std-338028f9369e2d42.s > > 2. EFI Binary: > https://rust-lang.zulipchat.com/user_uploads/4715/CknqtXLR8SaJZmyOnXctQkp= L/hello_world_std.efi > > 3. PDB file: > https://rust-lang.zulipchat.com/user_uploads/4715/zV4i6DsjgQXotp_gS1naEsU= 0/hello_world_std-338028f9369e2d42.pdb > > > Yours Sincerely, > > Ayush Singh > > > [1]: https://doc.rust-lang.org/std/hint/fn.black_box.html > > [2]: > https://rust-lang.zulipchat.com/#narrow/stream/182449-t-compiler.2Fhelp/t= opic/Casting.20i128.20to.20f64.20in.20black_box.20causes.20exception.20in.2= 0UEFI > > > > > > >=20 > > --=20 Pedro Falcato --00000000000082811505e4ba1569 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Fyi, please don't file bugs upstream just now. Yo= u're not sure if they're LLVM problems (and they're likely not,= else they would affect everyone else, not just UEFI code). Try to get a si= mpler, reliable repro (and do share with us!) before saying it's an LLV= M bug.
In my experience, most "what the hell" "com= piler bugs" ended up being things I accidentally set up wrong, or didn= 't set up at all, and broke things in a subtle way.

=
On Tue, Ju= l 26, 2022 at 6:43 AM Ayush Singh <ayushdevel1325@gmail.com> wrote:
=20 =20 =20

Hi Andrew. Thanks for all your work. The more I look at this, the more it feels like it might be a problem on the LLVM side instead of Rust. I also found some more tests (all related to numbers btw) which can cause different types of exceptions, so I think I will try filing bugs upstream.

Yours Sincerely,

Ayush Singh


On 7/26/22 00:24, Andrew Fish wrote:
=20 I guess I could at least dump to the end (req)=E2=80=A6. Going backwa= rds is a bit painful in x86.=C2=A0

(lldb) dis -s 0x0000000140001B60 -b -c 30=

hello_world_std.efi[0x140001b60]: 48 8b 09 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 movq =C2=A0 (%rcx), %rcx

hello_world_std.efi[0x140001b63]: 48 01 c1 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 addq =C2=A0 %rax, %rcx

hello_world_std.efi[0x140001b66]: 4c 89 c2 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 movq =C2=A0 %r8, %rdx

hello_world_std.efi[0x140001b69]: 48 11 c2 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 adcq =C2=A0 %rax, %rdx

hello_world_std.efi[0x140001b6c]: 48 31 c1 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 xorq =C2=A0 %rax, %rcx

hello_world_std.efi[0x140001b6f]: 48 31 c2 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 xorq =C2=A0 %rax, %rdx

hello_world_std.efi[0x140001b72]: 48 be 00 00 00 00 00 00 00 80=C2=A0 movabsq $-0x800000000000000= 0, %rsi ; imm =3D 0x8000000000000000=C2=A0

hello_world_std.efi[0x140001b7c]: 4c 21 c6 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 andq =C2=A0 %r8, %rsi

hello_world_std.efi[0x140001b7f]: e8 5c 55 00 00 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 callq=C2=A0 0x1400070e0

hello_world_std.efi[0x140001b84]: 48 09 f0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 orq=C2=A0 =C2=A0 %rsi, %rax

hello_world_std.efi[0x140001b87]: 48 83 c4 20=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 addq =C2=A0 $0x20, %rsp

hello_world_std.efi[0x140001b8b]: 5e =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 popq =C2=A0 %rsi

hello_world_std.efi[0x140001b8c]: c3 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 retq=C2=A0 =C2=A0

hello_world_std.efi[0x140001b8d]: cc =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 int3=C2=A0 =C2=A0

hello_world_std.efi[0x140001b8e]: cc =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 int3=C2=A0 =C2=A0

hello_world_std.efi[0x140001b8f]: cc =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 int3=C2=A0 =C2=A0

hello_world_std.efi[0x140001b90]: e9 db 55 00 00 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 jmp=C2=A0 =C2=A0 0x140007170

hello_world_std.efi[0x140001b95]: cc =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 int3=C2=A0 =C2=A0

=E2= =80=A6
The= n we can guess based on how functions get aligned to find the start=E2=80=A6.

hello_world_std.efi[0x140001b50]: 56 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 pushq=C2=A0 = %rsi

hello_world_std.efi[0x140001b51]: 48 83 ec 20=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 subq =C2=A0 $0x20, %rsp

hello_world_std.efi[0x140001b55]: 4c 8b 41 08=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 movq =C2=A0 0x8(%rcx), %r8

hello_world_std.efi[0x140001b59]: 4c 89 c0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 movq =C2=A0 %r8, %rax

hello_world_std.efi[0x140001b5c]: 48 c1 f8 3f=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 sarq =C2=A0 $0x3f, %rax

hello_world_std.efi[0x140001b60]: 48 8b 09 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 movq =C2=A0 (%rcx), %rcx

hello_world_std.efi[0x140001b63]: 48 01 c1 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 addq =C2=A0 %rax, %rcx

hello_world_std.efi[0x140001b66]: 4c 89 c2 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 movq =C2=A0 %r8, %rdx

hello_world_std.efi[0x140001b69]: 48 11 c2 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 adcq =C2=A0 %rax, %rdx

hello_world_std.efi[0x140001b6c]: 48 31 c1 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 xorq =C2=A0 %rax, %rcx

hello_world_std.efi[0x140001b6f]: 48 31 c2 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 xorq =C2=A0 %rax, %rdx

hello_world_std.efi[0x140001b72]: 48 be 00 00 00 00 00 00 00 80=C2=A0 =C2=A0 =C2=A0 =C2=A0 mo= vabsq $-0x8000000000000000, %rsi ; imm =3D 0x8000000000000000=C2= =A0

hello_world_std.efi[0x140001b7c]: 4c 21 c6 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 andq =C2=A0 %r8, %rsi

hello_world_std.efi[0x140001b7f]: e8 5c 55 00 00 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 callq=C2=A0 0x1400070e0

hello_world_std.efi[0x140001b84]: 48 09 f0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 orq=C2=A0 =C2=A0 %rsi, %ra= x

hello_world_std.efi[0x140001b87]: 48 83 c4 20=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 addq =C2=A0 $0x20, %rsp

hello_world_std.efi[0x140001b8b]: 5e =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 popq =C2=A0 = %rsi

hello_world_std.efi[0x140001b8c]: c3 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 retq=C2=A0 = =C2=A0


So the faulting function is getting passed a bad pointer as its 1st arg.=C2=A0
Tha= nks,
And= rew Fish

On Jul 25, 2022, at 11:45 AM, Andrew Fish <afis= h@apple.com> wrote:

=20
Ops=E2=80=A6 Looks like your PE/COFF is linked at=C2=A00x0000000140000000, so=C2=A00x140001b60 is the interesting bit.

(lldb) dis -s 0x0000000140001B60 -= b
hello_world_std.efi[0x140001b60]: 48 8b 09 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 movq =C2=A0 (%rcx), %rcx
hello_world_std.efi[0x140001b63]: 48 01 c1 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 addq =C2=A0 %rax, %rcx
hello_world_std.efi[0x140001b66]: 4c 89 c2 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 movq =C2=A0 %r8, %rdx
hello_world_std.efi[0x140001b69]: 48 11 c2 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 adcq =C2=A0 %rax, %rdx
hello_world_std.efi[0x140001b6c]: 48 31 c1 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 xorq =C2=A0 %rax, %rcx
hello_world_std.efi[0x140001b6f]: 48 31 c2 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 xorq =C2=A0 %rax, %rdx
hello_world_std.efi[0x140001b72]: 48 be 00 00 00 00 00 00 00 80=C2=A0 movabsq $-0x8000000000000000, %rsi ; imm =3D 0x8000000000000000=C2=A0
hello_world_std.efi[0x140001b7c]: 4c 21 c6 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 andq =C2=A0 %r8, %rsi

=C2=A0RCX - FFFFFFFFFFFFFFFF

So yea that looks like the fault.=C2=A0

I don=E2=80=99t see that pattern in your .s file=E2=80=A6.=C2=A0

Can you figure out what function is @=C2=A00x140001b60 in the PE/COFF image. Do you have a map file from the linker?

Thanks,

Andrew Fish

PS Again sorry I don=E2=80=99t have anything installed to crack PDB files.=C2=A0

Thanks,

Andrew Fish

On Jul 25, 2022, at 10:51 AM, Andrew Fish via grou= ps.io = <afish=3Dapple.com@groups.io> wrote:

=20 Ayush,=

CR2 is the fault address so 0xFFFFFFFFFFFFFFFF. Given for EFI Virt =3D=3D Physical the fault address looks like a bad pointer.=C2=A0

Sorry I=E2=80=99ve not used VC++ in a long time so I don=E2=80=99t know = how to debug with VC++, but If I was using clang/lldb I=E2=80=99d look at the source and ass= embly for the fault address.=C2=A0

The image base is: 0x000000000603C000
The fault PC/RIP is: 000000000603DB60

So the faulting code is at 0x1B60 in the image. Given the images are linked at zero you should be able to load the build product into the debugger and look at what code is at offset 0x1B60. The same should work for any tools that dump the binary.=C2=A0

Thanks,

Andrew Fish

On Jul 25, 2022, at 10:33 AM, Ayush Singh <ayushdevel1325@gmail.com> wrote:

Hello everyone.While running Rust tests in UEFI environment, I have come across a numeric test that causes a pagefault. A simple reproducible example for this is given below:




















https://rust-lang.zulipc= hat.com/user_uploads/4715/od51Y9Dkfjahcg9HHcOud8Fm/hello_world_std-338028f9= 369e2d42.s

https://rust-lang.zulipchat.com/user_upl= oads/4715/CknqtXLR8SaJZmyOnXctQkpL/hello_world_std.efi

https://rust-lang.zulipcha= t.com/user_uploads/4715/zV4i6DsjgQXotp_gS1naEsU0/hello_world_std-338028f936= 9e2d42.pdb





https://doc.rust-lang.org/std/hint/fn.black= _box.html

https://rust-lang= .zulipchat.com/#narrow/stream/182449-t-compiler.2Fhelp/topic/Casting.20i128= .20to.20f64.20in.20black_box.20causes.20exception.20in.20UEFI




--
Pedro Falcato
--00000000000082811505e4ba1569--