From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp-relay-internal-0.canonical.com (smtp-relay-internal-0.canonical.com [185.125.188.122]) by mx.groups.io with SMTP id smtpd.web11.3965.1644626926715386752 for ; Fri, 11 Feb 2022 16:48:47 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@canonical.com header.s=20210705 header.b=j46m8G/C; spf=pass (domain: canonical.com, ip: 185.125.188.122, mailfrom: dann.frazier@canonical.com) Received: from mail-il1-f200.google.com (mail-il1-f200.google.com [209.85.166.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 522563F071 for ; Sat, 12 Feb 2022 00:48:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1644626924; bh=tXnqKDNqT9WO6Z/ZZlmZK5Zf40kE0W6qmtK1LyszTC8=; h=Date:From:To:Subject:Message-ID:References:MIME-Version: Content-Type:In-Reply-To; b=j46m8G/CXdtB405mLB+uaK1Z/h6M8RCp5XjbN5iFd/KugNYFkCUjozGpE5sI0ndlL hKS7PVhgYIKE/RUFNIFu+cL/tX2yWOjituVLpcwWau7iuR7mPX2nPPoy0sdzByia+s emJ3sKmXWVYomY8NdKvA2koR9QS9ECqPv0annNUduxb6oDjQehs2Of7CDGxhfH8cXs 7XdmcK37+3mK9zCWlsFhm3ZvxZjXxrCyYhay9CaJvZU0P2RkiwxQ7lOen/2XQdCPcb Jkf8iNveoAO+MNzClZEDt7R5/0jqDbwBScla3UQrl9nsTj/Uc9dyAjJ0tBvNzOnP9J rbdmGDlXcVJ/g== Received: by mail-il1-f200.google.com with SMTP id q15-20020a92ca4f000000b002be3e7707ffso7005956ilo.4 for ; Fri, 11 Feb 2022 16:48:44 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=tXnqKDNqT9WO6Z/ZZlmZK5Zf40kE0W6qmtK1LyszTC8=; b=oVMRvum71ZMUUXjRN/8+q7St+SOzo0XYus3n4tR0ljBa/E8HPWKGBUWd+MyWW6blzS kBI6z4LUOGrXeR1zISe6kzYpSsJt5bTYVQQp94H1fOkTGXbHdUhDqrxPKqTCgITvwSHl KOMEn8YHuY9Q4mt7xxPJ2dLhiDKRrJYH/ygOU5syp8s8/vQcoPKOC/zzRZZp2eVu1Sz1 UqtBKAfTWGXtsGL4iCnQZdltGIZaczuqD33ZmvFJMJU12dyQ0WN/mt8iap5i702zrBI4 G18dmY3lXai42g7uITOB7csdTVTn/r/0p0SBClimYYpu5QPh9hXyvnxyWNtBVYhHUwAp aynQ== X-Gm-Message-State: AOAM530Ie/RssJ3KOCmLLhjCPW9dK1wRLgVjTaEU116ImRgWrIHGpPee vD2Dnde/6gFQfLDm8EeikqBwbmaDSNa1p3K+siJdlNo47eMHrmhUuDN2SApFehTbWiVc+uT8JpN 3pElMEdRiDHv7pRIxixfuNdBL3h6Wl2k= X-Received: by 2002:a5d:9d8f:: with SMTP id ay15mr2166747iob.142.1644626922063; Fri, 11 Feb 2022 16:48:42 -0800 (PST) X-Google-Smtp-Source: ABdhPJzNBCVlNTaaqa4PcF6Oj/ogZFLyTkx+z1vKvS8yl6SSC1H8GJvBKzXtNeRYehxlY+0MGzCBHQ== X-Received: by 2002:a5d:9d8f:: with SMTP id ay15mr2166733iob.142.1644626921660; Fri, 11 Feb 2022 16:48:41 -0800 (PST) Received: from xps13.dannf (c-71-196-238-11.hsd1.co.comcast.net. [71.196.238.11]) by smtp.gmail.com with ESMTPSA id l12sm15101891iow.48.2022.02.11.16.48.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Feb 2022 16:48:40 -0800 (PST) Date: Fri, 11 Feb 2022 17:48:38 -0700 From: "dann frazier" To: devel@edk2.groups.io, aaron.young@oracle.com Subject: Re: [edk2-devel] Regression found with latest edk2/OVMF SECUREBOOT/SMM build Message-ID: References: MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Feb 11, 2022 at 06:31:35PM +0000, Aaron Young wrote: > Hello, my apologies if this has already been discovered/discussed/addressed, but we are seeing a reproducible exception with latest (c9b7c6e0cc7da76b74bcdd8c90cef956d5ae971c) OVMF x86_64 build with SECURE_BOOT/SMM enabled: > > Exception: > > !!!! X64 Exception Type - 06(#UD - Invalid Opcode) CPU Apic ID - 00000000 !!!! > RIP - 00000000000E0000, CS - 0000000000000038, RFLAGS - 0000000000010046 > RAX - 0000000000000000, RCX - 000000007FED2920, RDX - 0000000000000000 > RBX - 000000007DB93D98, RSP - 000000007FF26718, RBP - 000000007FFE1630 > RSI - 000000007E9EE018, RDI - 0000000000000000 > R8 - 000000007FED3230, R9 - 0000000000000210, R10 - 000000000000002D > R11 - 000000007FF26482, R12 - 000000007EAC2201, R13 - 000000007FFFD2B0 > R14 - 000000007FF26A88, R15 - 2000000000000000 > DS - 0000000000000020, ES - 0000000000000020, FS - 0000000000000020 > GS - 0000000000000020, SS - 0000000000000020 > CR0 - 0000000080010033, CR2 - 0000000000000000, CR3 - 000000007FF16000 > CR4 - 0000000000000668, CR8 - 0000000000000000 > DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000 > DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400 > GDTR - 000000007FED9000 000000000000004F, LDTR - 0000000000000000 > IDTR - 000000007FF20000 00000000000001FF, TR - 0000000000000040 > FXSAVE_STATE - 000000007FF26370 > !!!! Can't find image information. !!!! > > > OVMF Debug Log tail: > > Stacks - 0x7FF21000 > mSmmStackSize - 0x6000 > PcdCpuSmmStackGuard - 0x1 > mXdSupported - 0x1 > One Semaphore Size = 0x40 > Total Semaphores Size = 0x1140 > PhysicalAddressBits = 40, 5LPageTable = 0. > 5LevelPaging Needed - 0 > 1GPageTable Support - 0 > PcdCpuSmmRestrictedMemoryAccess - 1 > PhysicalAddressBits - 36 > Initialize IDT IST field for SMM Stack Guard > InstallProtocolInterface: 26EEB3DE-B689-492E-80F0-BE8BD7DA4BA7 7FFC6100 > SMM IPL registered SMM Entry Point address 7FFE5274 > SmmInstallProtocolInterface: EB346B97-975F-4A9F-8B22-F8E92BB3D569 7FFC6040 > SmmInstallProtocolInterface: 69B792EA-39CE-402D-A2A6-F721DE351DFE 7FFC6020 > CpuSmm: SpinLock Size = 0x40, PcdCpuSmmMpTokenCountPerChunk = 0x40 > SmmInstallProtocolInterface: 5D5450D7-990C-4180-A803-8E63F0608307 7FFC6200 > SmmInstallProtocolInterface: 1D202CAB-C8AB-4D5C-94F7-3CFCC0D3D335 7FFC6140 > SMM CPU Module exit from SMRAM with EFI_SUCCESS > SMM IPL closed SMRAM window > InstallProtocolInterface: 5B1B31A1-9562-11D2-8E3F-00A0C969723B 7DB93E18 > SmmInstallProtocolInterface: 5B1B31A1-9562-11D2-8E3F-00A0C969723B 7FFE16C0 > Loading SMM driver at 0x0007FECA000 EntryPoint=0x0007FECFE6C FvbServicesSmm.efi > > > Failure bisected to this commit: > > commit ade62c18f4742301bbef474ac10518bde5972fba > Author: Brijesh Singh via groups.io > Date: Thu Dec 9 11:27:42 2021 +0800 > > OvmfPkg/MemEncryptSevLib: add support to validate system RAM > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 I hit the same thing preparing a 202202-rc1 for Debian. Strangely it only seems to impact our 2M images - FD_SIZE_4MB is OK: !!!! X64 Exception Type - 06(#UD - Invalid Opcode) CPU Apic ID - 00000000 !!!! RIP - 000000000000FF00, CS - 0000000000000038, RFLAGS - 0000000000000002 RAX - 0000000000000000, RCX - 000000000FF77040, RDX - 0000000000000000 RBX - 000000000FFF2690, RSP - 000000000FFCA6B8, RBP - 0000000000000000 RSI - 000000000FFFB701, RDI - 000000000FFC0000 R8 - 000000000FF771C8, R9 - 0000000003070002, R10 - 000000000000002D R11 - 000000000FF78FFF, R12 - 000000000DE37498, R13 - 000000000E9EE018 R14 - 000000000FF79000, R15 - 000000000FFFC6F8 DS - 0000000000000020, ES - 0000000000000020, FS - 0000000000000020 GS - 0000000000000020, SS - 0000000000000020 CR0 - 0000000080010033, CR2 - 0000000000000000, CR3 - 000000000FFBB000 CR4 - 0000000000000668, CR8 - 0000000000000000 DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000 DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400 GDTR - 000000000FF7E000 000000000000004F, LDTR - 0000000000000000 IDTR - 000000000FFC4000 00000000000001FF, TR - 0000000000000040 FXSAVE_STATE - 000000000FFCA310 !!!! Can't find image information. !!!! FAIL ====================================================================== FAIL: test_ovmf_ms_secure_boot_unsigned (__main__.BootToShellTest) ---------------------------------------------------------------------- Traceback (most recent call last): File "/home/dannf/git/edk2/debian/tests/shell.py", line 75, in run_cmd_check_secure_boot i = child.expect( File "/usr/lib/python3/dist-packages/pexpect/spawnbase.py", line 343, in expect return self.expect_list(compiled_pattern_list, pexpect.exceptions.TIMEOUT: Timeout exceeded. command: /usr/bin/qemu-system-x86_64 args: ['/usr/bin/qemu-system-x86_64', '-machine', 'q35,accel=tcg', '-no-user-config', '-nodefaults', '-m', '256', '-smp', '2,sockets=2,cores=1,threads=1', '-display', 'none', '-serial', 'stdio', '-chardev', 'pty,id=charserial1', '-device', 'isa-serial,chardev=charserial1,id=serial1', '-drive', 'file=/usr/share/OVMF/OVMF_CODE.ms.fd,if=pflash,format=raw,unit=0,readonly=on', '-drive', 'file=/tmp/tmpbbbbskit,if=pflash,format=raw,unit=1,readonly=off', '-global', 'ICH9-LPC.disable_s3=1', '-drive', 'file=/tmp/tmpaq_0333l,format=raw'] buffer (last 100 chars): b"TR - 0000000000000040\r\r\nFXSAVE_STATE - 000000000FFCA310\r\r\n!!!! Can't find image information. !!!!\r\r\n" before (last 100 chars): b"TR - 0000000000000040\r\r\nFXSAVE_STATE - 000000000FFCA310\r\r\n!!!! Can't find image information. !!!!\r\r\n" after: -dann > > Our build procedure: > > git clone git@linux-git.oraclecorp.com:QEMU/edk2.git edk2 > cd edk2 > git submodule update --init > source ./edksetup.sh > make -C BaseTools > build -t GCC48 -D HTTP_BOOT_ENABLE -D FD_SIZE_4MB -D SECURE_BOOT_ENABLE -D SMM_REQUIRE -D TPM2_ENABLE -a X64 -p OvmfPkg/OvmfPkgX64.dsc > > QEMU command: > > /usr/bin/qemu-system-x86_64 -name guest=Guest8 -m 8192 -smp 8,maxcpus=16 -machine q35,accel=kvm -drive file=/Src/EDK2/edk2-latest1/Build/OvmfX64/DEBUG_GCC48/FV/OVMF_CODE.fd,index=0,if=pflash,format=raw,readonly -drive file=/Src/EDK2/edk2-latest1/Build/OvmfX64/DEBUG_GCC48/FV/OVMF_VARS.fd,index=1,if=pflash,format=raw -drive file=/root/Test/Disks/Guest8.img,format=raw,if=virtio -debugcon file:ovmf_debug.log -global isa-debugcon.iobase=0x402 -monitor stdio -nodefaults -global ICH9-LPC.disable_s3=1 -serial telnet:127.0.0.1:4556,server -vnc 0.0.0.0:1 > > -Aaron Young > aaron.young@oracle.com > > > > >