From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <anatol.pomozov@gmail.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=2607:f8b0:400c:c05::229; helo=mail-vk0-x229.google.com;
 envelope-from=anatol.pomozov@gmail.com; receiver=edk2-devel@lists.01.org 
Received: from mail-vk0-x229.google.com (mail-vk0-x229.google.com
 [IPv6:2607:f8b0:400c:c05::229])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 0518221E49028
 for <edk2-devel@lists.01.org>; Tue, 13 Mar 2018 16:22:37 -0700 (PDT)
Received: by mail-vk0-x229.google.com with SMTP id z190so909020vkg.1
 for <edk2-devel@lists.01.org>; Tue, 13 Mar 2018 16:29:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:from:date:message-id:subject:to;
 bh=GF24aIFk5rO3dlOlYVyNLWURA/u0hZtOlBQDEQ6ENXw=;
 b=kNXzNaaoUvcFrRtpmlMydbynJDwqNGxF0Oo4+DEqEMkMhSP+loKrNGbGHhF76VoAQj
 ehC5Wr3BH+79rpi9C2u9jXrYIVpT7VyIT13f369c+1egmwvtAj86hYTVP6ptXEkIhTOt
 Ajio5TlQaJWtrbdGCxdmgvdT0Oq+Lj47XJ1w5WcDEr72GT2nYeL2SZXG8IqDK4MbPAC3
 fD9EvRhs/3HyLdhA+2CpT+wJYgz+lISOQUdHw0sYdqVXBwb5ezVd4H/aLzZHxXSxGLWZ
 OenIoWsQR7QUfwRuuzXdH/xudQvQaGF9kGg1A1C1RBB44VLr01KHp29qka/EHmIi1kr1
 OMbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=GF24aIFk5rO3dlOlYVyNLWURA/u0hZtOlBQDEQ6ENXw=;
 b=sVJb/MlHxYPgEoSepKnXzohTxHWRsE+EiZRtZgdUb0Ph+B9haZoIOKOXuNNrlL/pJf
 6WnqElb067v0eOx/8B31V7ApSIgy927f779AHTJ6XsT5PvQN98jchKGvvHP4MdDC3lSE
 GByOcjE3h4GmIL5IpIA+RdoJJGHgSUaSLptAvgODYk2tBU2D6Hu7LJk0ftilZf1hn4r2
 brkn+iCsHI+9WwtDhSF/sjzlzeSZET8zbYFBZE8QAtbjYVeq5U/PBEMvIQnr/UYqFMee
 CIYzEO5GUBlIU+m5IBV96qM1tUMuvqqAcE0w2CGrYwtf8bDHTtJo3qEKHcFFSukk3Vh8
 jmEA==
X-Gm-Message-State: AElRT7G5Q9AoWLDTm4PHKOVbwhUzk6FGMhR+RvbhcmQ9VTfOH0sJ08VU
 J1BhD7AIy2wi5h203+HbVnn5FX858mVLBaxdHKPwodYa
X-Google-Smtp-Source: AG47ELuVPTlsjr9HZGMFne35t3wNP4r1gko3wINnCDvUM13WQvWF7PMCyMdgoZNjU5x9/7OjrNImXtmDBcKvhY4p9Kg=
X-Received: by 10.31.155.65 with SMTP id d62mr1912316vke.112.1520983738344;
 Tue, 13 Mar 2018 16:28:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.31.150.67 with HTTP; Tue, 13 Mar 2018 16:28:57 -0700 (PDT)
From: Anatol Pomozov <anatol.pomozov@gmail.com>
Date: Tue, 13 Mar 2018 16:28:57 -0700
Message-ID: <CAOMFOmXPqoGk6T9_fqGnFJ72NCqDfitE5iTriO+YBQo+D8VBzQ@mail.gmail.com>
To: edk2-devel@lists.01.org
Subject: EFI ExitBootServices() function crashes in QEMU
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Mar 2018 23:22:38 -0000
Content-Type: text/plain; charset="UTF-8"

Hello

I am implementing a simple UEFI bootloader. Most EFI functions that I
tried work me - I can clear Console, print text, successfully read
files from system partition, allocate memory pages.

But if I try to read memory map and then call ExitBootServices() QEMU
crashes for me:
  > qemu-system-x86_64: Trying to execute code outside RAM or ROM at
0x00000000000b0000

I tried to enable QEMU cpu debugging and I see that at some point flow
jumps to address 0 then executes "00" operations until it reaches
0xb0000 (video memory?) that contains non-zero data and crashes.

Here is my bootloader code (this one is based on GNU-EFI but I also
tried one based on xefi from Fuchsia).



EFI_STATUS efi_main(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SysTab) {
    InitializeLib(ImageHandle, SysTab);

    UINTN mkey = 0, dsize = 0;
    UINT32 dversion = 0;
    UINTN msize = 32768;
    EFI_MEMORY_DESCRIPTOR *mmap = AllocatePool(msize);
    if (!mmap) {
        Print(L"AllocatePool failed\n");
        goto error;
    }

    SysTab->BootServices->GetMemoryMap(&msize, mmap, &mkey, &dsize, &dversion);

    EFI_STATUS st = SysTab->BootServices->ExitBootServices(ImageHandle, mkey);
    // QEMU crashes here ^^^^^^^^^^^^^^^^^^^^^^^^^^
    // qemu-system-x86_64: Trying to execute code outside RAM or ROM
at 0x00000000000b0000
error:
    return EFI_SUCCESS;
}



And here is my Makefile:



ARCH            = x86_64

OBJS            = bootloader.o
TARGET          = bootloader.efi

EFIINC          = /usr/include/efi
EFIINCS         = -I$(EFIINC) -I$(EFIINC)/$(ARCH) -I$(EFIINC)/protocol
EFILIB          = /usr/lib
EFI_CRT_OBJS    = $(EFILIB)/crt0-efi-$(ARCH).o
EFI_LDS         = $(EFILIB)/elf_$(ARCH)_efi.lds

CFLAGS          = $(EFIINCS) -fno-stack-protector -fPIC -fshort-wchar
-mno-red-zone -Wall -std=c11

ifeq ($(ARCH),x86_64)
  CFLAGS += -DHAVE_USE_MS_ABI
endif

LDFLAGS         = -nostdlib -znocombreloc -T $(EFI_LDS) -shared
-Bsymbolic -L $(EFILIB) $(EFI_CRT_OBJS)

all: $(TARGET)

bootloader.so: $(OBJS)
   ld $(LDFLAGS) $(OBJS) -o $@ -lefi -lgnuefi

%.efi: %.so
   objcopy -j .text -j .sdata -j .data -j .dynamic -j .dynsym  -j .rel
-j .rela -j .reloc --target=efi-app-$(ARCH) $^ $@

hda/EFI/BOOT/BOOTX64.EFI: bootloader.efi
   mkdir -p hda/EFI/BOOT/
   cp bootloader.efi hda/EFI/BOOT/BOOTX64.EFI

run: hda/EFI/BOOT/BOOTX64.EFI
   qemu-system-x86_64 --bios OVMF_CODE.fd -hda fat:rw:hda -net none



The sourcecode is simple and clear, I think the problem either in the
Makefile (CFLAGS/LDFLAGS) or OVMF.

So my questions: in what cases ExitBootServices() can cause execution
of NULL pointer? How to debug this issue with OVMF?

Or maybe you see something wrong with my CFLAGS/LDFLAGS?