From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-vk1-f180.google.com (mail-vk1-f180.google.com [209.85.221.180]) by mx.groups.io with SMTP id smtpd.web10.2126.1689267437487439799 for ; Thu, 13 Jul 2023 09:57:17 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="signature has expired" header.i=@gmail.com header.s=20221208 header.b=LsaekUw3; spf=pass (domain: gmail.com, ip: 209.85.221.180, mailfrom: pedro.falcato@gmail.com) Received: by mail-vk1-f180.google.com with SMTP id 71dfb90a1353d-47e1c7c1148so641399e0c.0 for ; Thu, 13 Jul 2023 09:57:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1689267436; x=1691859436; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=uPMH+lwhKRnbZA6Sb1YI3/FtC/gT5VJsgoPDvz0DZYc=; b=LsaekUw3TZKHc/pjZBbCcGAEpg1u0XUltag9n3e4oqSLf/Y6pMsDAU0hucqr+mDtzn U9YLYV5Ko9XLQO5JcqzoifYIVvCYl04T/U7D2uGhT8skAkhHWobXK+lnGats4lepABkN yf0tM+aez9MoG92wgzyUsLeRJNx9I8GXkcqVAxQFvBaM0HjzcdYBLmdFDSLLysRjnKtY pVVi2xX2WxcxmmU41X2lAARPdkVO3rluw/kmBlq5+N4IefTNfzIV8+aaJLoa3O552DeY UGkDU6esSsPBMpNbwvCcpTbYBpWnLb9o/fHlv/TyAOmmxqFp4GCb8P6GZLJrxo/N+xoB TgDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689267436; x=1691859436; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uPMH+lwhKRnbZA6Sb1YI3/FtC/gT5VJsgoPDvz0DZYc=; b=RlEuFekeL2BZ5tpQDW+Dsa2Ffv6av8jbrTeYsL54MuDxLCOWuWe0kxwuPTvI+TX3sR ilh75tH/C1qJFvuvbmD/X+oKwzxcj6bTdtZqvBEvFZMCoRV11PdaC/+to6hLSnVot9hX g8BKr977vyMxOWNG/XC4tQxHfCmSgJN6OaixCN+uDOWn/3aJ85LSjt+A17Hi8vdNhtcm lv+//4zWBVdK6yu8eotIjTtyhc+Kao3PkaG9OCLk22CPsWhCcrbb8acuvWctW9xqacUS YKCOqfkqGrLKOFYYypRa5DNX6GyvsA2mlomskSaHodEiWc4fVMYfq1noy7xTEAmVEj9+ fwtA== X-Gm-Message-State: ABy/qLaj3EaqQhJADwXoctbv97dBLlt/Y/SqTEfIOzfMva73oLOPl7k7 /x8cSJlxwZxBE5wIrgrCdf56nn5JefaLDkkXE1M= X-Google-Smtp-Source: APBJJlGj6qz+/YzA+AKCLiBWWxbjBDLWi6HD6JRQqKkhAgG8whranp5m44SkySwJpb4hio7gvqIvtJnS4N1bFlPVJr4= X-Received: by 2002:a05:6122:181e:b0:47d:57a0:b8ba with SMTP id ay30-20020a056122181e00b0047d57a0b8bamr143934vkb.6.1689267435048; Thu, 13 Jul 2023 09:57:15 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: "Pedro Falcato" Date: Thu, 13 Jul 2023 17:57:03 +0100 Message-ID: Subject: Re: [edk2-devel] ArmVirtPkg: non-executable EFI_LOADER_DATA breaks GRUB on Ubuntu 22.04 To: Gerd Hoffmann Cc: devel@edk2.groups.io, osy@turing.llc, Ard Biesheuvel , Leif Lindholm , dann frazier Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Jul 11, 2023 at 7:58=E2=80=AFAM Gerd Hoffmann w= rote: > > On Mon, Jul 10, 2023 at 04:58:15PM +0100, Pedro Falcato wrote: > > On Mon, Jul 10, 2023 at 2:28=E2=80=AFPM wrote: > > > > > > I have an existing install of Ubuntu 22.04 on a QEMU virtual machine = which I've decided to update the UEFI firmware. After doing so, GRUB no lon= ger boots ("Synchronous Exception" message seen). After a git bisect sessio= n, I found the problematic 2997ae38739756ecba9b0de19e86032ebc689ef9. The co= mment says GRUB should have been fixed in 2017, but for one reason or anoth= er, my VM which was built in 2022 still had the issue. Regardless, I don't = think it's a good idea to break GRUB, even if it's fixed in 2017. In the ve= ry least, a better error message would be preferable to crashing with an "S= ynchronous Exception." Googling this error message shows that other people = may be hitting this issue as well but the vague error symptom means its imp= ossible to know if it's the same issue or not. > > > > +CC Some of the folks involved in the original discussion > > > > In the original thread, people discussed some alternative behavior to > > just crashing on a NX fault. Is this still an alternative? > > The idea is: Improve page fault handler to (a) print a big'n'fat > warning, and (b) loosening up memory permissions for the faulting > page address. > > No patch for that emerged (yet?). Ack. I can work on that. > > I'm kind of thinking this should be addressed by distros anyway.... > > How is $CURRENT_YEAR Ubuntu still shipping bad GRUBs? I know the > > situation around GRUB and distro patching is complicated but... > > Do we have any idea of how many distros/GRUBs are affected by this? > > Too many :( Ugh, even the latest releases? > > Personally, I would like to avoid loosening up memory permissions. > > Well, you can't have both. You have to pick between strict nx handling > and grub bug compatibility ... Yes. IMO it should be ok to add a hack around NX handling if there's a solid plan for dealing with this from the distros' side (and phasing this out). And I'm assuming upstream GRUB has this fixed. This whole situation is kind of messy as firmware people add new restrictions that weren't really there in the first place. Also, what's the situation on this for x86? I assume it's a lot worse there= ? --=20 Pedro