From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) by mx.groups.io with SMTP id smtpd.web12.2507.1644878751824077948 for ; Mon, 14 Feb 2022 14:45:52 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@canonical.com header.s=20210705 header.b=os8uaF6+; spf=pass (domain: canonical.com, ip: 185.125.188.123, mailfrom: dann.frazier@canonical.com) Received: from mail-io1-f69.google.com (mail-io1-f69.google.com [209.85.166.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 3AAA43F1D0 for ; Mon, 14 Feb 2022 22:45:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1644878749; bh=W4y+9iR/oT+UAJF66Orqpm08ewX+x2tyffwDGL7T2fg=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:In-Reply-To; b=os8uaF6++JorJAGdbPd6NDj9p957MedtCpId3jfmcb2G//9xkx8v6itShL0bkxFmL SIWcBx/1xaEwgXNySe+9eXShkO0Gnaca6/LZb8KcXMhYLUDlv7un1LvxGAvwww+k9C pKWxH2eCGxMrk7FGNtTqpMGjMn5seYAsWGnIM6mHw+iz54sg7wY1AJRNQ6jQxtJ9V0 3rqpTsS2BCEVZ+LiIrG4B4kpTqmOazaMpMPwSVPv5bgIS5imqWIXKvTyAMDtuQI4Yq zFQ4Mn7cz27k03nbw0KFVlulYtH8Poht1L4v+ofNS9yDkVyNHElrs5dFhD1JGjnjW8 mO7RW0SNaUZXg== Received: by mail-io1-f69.google.com with SMTP id q5-20020a0566022f0500b00638278a161fso11547567iow.11 for ; Mon, 14 Feb 2022 14:45:49 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=W4y+9iR/oT+UAJF66Orqpm08ewX+x2tyffwDGL7T2fg=; b=0VcL22XpmDy4SMEw8JGkYVR1TLvRbmQJWzQkrFF5/MquSPNKZsROpyNFArypdQnMwW +oZ5IbkKdZydMOtTwO1/tklqPao83YI11MdygxcyCwS8g2b2dgObH2lTCLqC1rOhJp3H EU4LJ4+kkTHCRdDblsdu0V/nhqsLmZxO0mC5j+5cwhRpVQUu9u5dZCTx5cz7Q5QQurgM JQWAPTLRTUm+djh7SAw8DgrxTnurya18LOxsjHeQ/aJfFxBahDeVJyDo6O+3DPUpocvQ 0LqOC4oozsasx0Fja7YN3AOG6GXNCEhfWWOXAFB2JKQATuqzF9YaOcN4VPfvxR/idwo+ 2K7g== X-Gm-Message-State: AOAM532TajrwWuuKbxgK7TvB//0gYnY61p+wClbhAWvlXw/cT/2/F5BI +pDiuVk/CNZN1i46StjyWwDmITKCDCUSy8PSlVFy1BMy4zJecYpdZVw4dq8Gvt+SH1LW5Z+SO95 w5Dl+fb3ip7FlrtMNXM/c1P+JCO94jBk= X-Received: by 2002:a02:b808:: with SMTP id o8mr756733jam.129.1644878747030; Mon, 14 Feb 2022 14:45:47 -0800 (PST) X-Google-Smtp-Source: ABdhPJyqfRaP3f94BeNSKQiRuUTBx8pxBCnp5aga/jRCd5bN4KJbmxEVFVvIj2Hn7gukOFDeOlvCEg== X-Received: by 2002:a02:b808:: with SMTP id o8mr756706jam.129.1644878746401; Mon, 14 Feb 2022 14:45:46 -0800 (PST) Received: from xps13.dannf (c-71-196-238-11.hsd1.co.comcast.net. [71.196.238.11]) by smtp.gmail.com with ESMTPSA id k10sm12076386ilu.63.2022.02.14.14.45.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 14 Feb 2022 14:45:45 -0800 (PST) Date: Mon, 14 Feb 2022 15:45:42 -0700 From: "dann frazier" To: devel@edk2.groups.io Cc: aaron.young@oracle.com, Brijesh Singh Subject: Re: [edk2-devel] Regression found with latest edk2/OVMF SECUREBOOT/SMM build Message-ID: References: <16D2E37A1DF179C5.26336@groups.io> MIME-Version: 1.0 In-Reply-To: <16D2E37A1DF179C5.26336@groups.io> Content-Type: text/plain; charset=us-ascii Content-Disposition: inline [+ Brijesh] On Fri, Feb 11, 2022 at 05:48:38PM -0700, dann frazier wrote: > On Fri, Feb 11, 2022 at 06:31:35PM +0000, Aaron Young wrote: > > Hello, my apologies if this has already been discovered/discussed/addressed, but we are seeing a reproducible exception with latest (c9b7c6e0cc7da76b74bcdd8c90cef956d5ae971c) OVMF x86_64 build with SECURE_BOOT/SMM enabled: > > > > Exception: > > > > !!!! X64 Exception Type - 06(#UD - Invalid Opcode) CPU Apic ID - 00000000 !!!! > > RIP - 00000000000E0000, CS - 0000000000000038, RFLAGS - 0000000000010046 > > RAX - 0000000000000000, RCX - 000000007FED2920, RDX - 0000000000000000 > > RBX - 000000007DB93D98, RSP - 000000007FF26718, RBP - 000000007FFE1630 > > RSI - 000000007E9EE018, RDI - 0000000000000000 > > R8 - 000000007FED3230, R9 - 0000000000000210, R10 - 000000000000002D > > R11 - 000000007FF26482, R12 - 000000007EAC2201, R13 - 000000007FFFD2B0 > > R14 - 000000007FF26A88, R15 - 2000000000000000 > > DS - 0000000000000020, ES - 0000000000000020, FS - 0000000000000020 > > GS - 0000000000000020, SS - 0000000000000020 > > CR0 - 0000000080010033, CR2 - 0000000000000000, CR3 - 000000007FF16000 > > CR4 - 0000000000000668, CR8 - 0000000000000000 > > DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000 > > DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400 > > GDTR - 000000007FED9000 000000000000004F, LDTR - 0000000000000000 > > IDTR - 000000007FF20000 00000000000001FF, TR - 0000000000000040 > > FXSAVE_STATE - 000000007FF26370 > > !!!! Can't find image information. !!!! > > > > > > OVMF Debug Log tail: > > > > Stacks - 0x7FF21000 > > mSmmStackSize - 0x6000 > > PcdCpuSmmStackGuard - 0x1 > > mXdSupported - 0x1 > > One Semaphore Size = 0x40 > > Total Semaphores Size = 0x1140 > > PhysicalAddressBits = 40, 5LPageTable = 0. > > 5LevelPaging Needed - 0 > > 1GPageTable Support - 0 > > PcdCpuSmmRestrictedMemoryAccess - 1 > > PhysicalAddressBits - 36 > > Initialize IDT IST field for SMM Stack Guard > > InstallProtocolInterface: 26EEB3DE-B689-492E-80F0-BE8BD7DA4BA7 7FFC6100 > > SMM IPL registered SMM Entry Point address 7FFE5274 > > SmmInstallProtocolInterface: EB346B97-975F-4A9F-8B22-F8E92BB3D569 7FFC6040 > > SmmInstallProtocolInterface: 69B792EA-39CE-402D-A2A6-F721DE351DFE 7FFC6020 > > CpuSmm: SpinLock Size = 0x40, PcdCpuSmmMpTokenCountPerChunk = 0x40 > > SmmInstallProtocolInterface: 5D5450D7-990C-4180-A803-8E63F0608307 7FFC6200 > > SmmInstallProtocolInterface: 1D202CAB-C8AB-4D5C-94F7-3CFCC0D3D335 7FFC6140 > > SMM CPU Module exit from SMRAM with EFI_SUCCESS > > SMM IPL closed SMRAM window > > InstallProtocolInterface: 5B1B31A1-9562-11D2-8E3F-00A0C969723B 7DB93E18 > > SmmInstallProtocolInterface: 5B1B31A1-9562-11D2-8E3F-00A0C969723B 7FFE16C0 > > Loading SMM driver at 0x0007FECA000 EntryPoint=0x0007FECFE6C FvbServicesSmm.efi > > > > > > Failure bisected to this commit: > > > > commit ade62c18f4742301bbef474ac10518bde5972fba > > Author: Brijesh Singh via groups.io > > Date: Thu Dec 9 11:27:42 2021 +0800 > > > > OvmfPkg/MemEncryptSevLib: add support to validate system RAM > > > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 > > I hit the same thing preparing a 202202-rc1 for Debian. Strangely it > only seems to impact our 2M images - FD_SIZE_4MB is OK: > > !!!! X64 Exception Type - 06(#UD - Invalid Opcode) CPU Apic ID - 00000000 !!!! > RIP - 000000000000FF00, CS - 0000000000000038, RFLAGS - 0000000000000002 > RAX - 0000000000000000, RCX - 000000000FF77040, RDX - 0000000000000000 > RBX - 000000000FFF2690, RSP - 000000000FFCA6B8, RBP - 0000000000000000 > RSI - 000000000FFFB701, RDI - 000000000FFC0000 > R8 - 000000000FF771C8, R9 - 0000000003070002, R10 - 000000000000002D > R11 - 000000000FF78FFF, R12 - 000000000DE37498, R13 - 000000000E9EE018 > R14 - 000000000FF79000, R15 - 000000000FFFC6F8 > DS - 0000000000000020, ES - 0000000000000020, FS - 0000000000000020 > GS - 0000000000000020, SS - 0000000000000020 > CR0 - 0000000080010033, CR2 - 0000000000000000, CR3 - 000000000FFBB000 > CR4 - 0000000000000668, CR8 - 0000000000000000 > DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000 > DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400 > GDTR - 000000000FF7E000 000000000000004F, LDTR - 0000000000000000 > IDTR - 000000000FFC4000 00000000000001FF, TR - 0000000000000040 > FXSAVE_STATE - 000000000FFCA310 > !!!! Can't find image information. !!!! > FAIL > > ====================================================================== > FAIL: test_ovmf_ms_secure_boot_unsigned (__main__.BootToShellTest) > ---------------------------------------------------------------------- > Traceback (most recent call last): > File "/home/dannf/git/edk2/debian/tests/shell.py", line 75, in run_cmd_check_secure_boot > i = child.expect( > File "/usr/lib/python3/dist-packages/pexpect/spawnbase.py", line 343, in expect > return self.expect_list(compiled_pattern_list, > pexpect.exceptions.TIMEOUT: Timeout exceeded. > > command: /usr/bin/qemu-system-x86_64 > args: ['/usr/bin/qemu-system-x86_64', '-machine', 'q35,accel=tcg', '-no-user-config', '-nodefaults', '-m', '256', '-smp', '2,sockets=2,cores=1,threads=1', '-display', 'none', '-serial', 'stdio', '-chardev', 'pty,id=charserial1', '-device', 'isa-serial,chardev=charserial1,id=serial1', '-drive', 'file=/usr/share/OVMF/OVMF_CODE.ms.fd,if=pflash,format=raw,unit=0,readonly=on', '-drive', 'file=/tmp/tmpbbbbskit,if=pflash,format=raw,unit=1,readonly=off', '-global', 'ICH9-LPC.disable_s3=1', '-drive', 'file=/tmp/tmpaq_0333l,format=raw'] > buffer (last 100 chars): b"TR - 0000000000000040\r\r\nFXSAVE_STATE - 000000000FFCA310\r\r\n!!!! Can't find image information. !!!!\r\r\n" > before (last 100 chars): b"TR - 0000000000000040\r\r\nFXSAVE_STATE - 000000000FFCA310\r\r\n!!!! Can't find image information. !!!!\r\r\n" > after: fyi, I went ahead and filed a bug for this and attached a full debug log to it: https://bugzilla.tianocore.org/show_bug.cgi?id=3835 -dann > > > > > Our build procedure: > > > > git clone git@linux-git.oraclecorp.com:QEMU/edk2.git edk2 > > cd edk2 > > git submodule update --init > > source ./edksetup.sh > > make -C BaseTools > > build -t GCC48 -D HTTP_BOOT_ENABLE -D FD_SIZE_4MB -D SECURE_BOOT_ENABLE -D SMM_REQUIRE -D TPM2_ENABLE -a X64 -p OvmfPkg/OvmfPkgX64.dsc > > > > QEMU command: > > > > /usr/bin/qemu-system-x86_64 -name guest=Guest8 -m 8192 -smp 8,maxcpus=16 -machine q35,accel=kvm -drive file=/Src/EDK2/edk2-latest1/Build/OvmfX64/DEBUG_GCC48/FV/OVMF_CODE.fd,index=0,if=pflash,format=raw,readonly -drive file=/Src/EDK2/edk2-latest1/Build/OvmfX64/DEBUG_GCC48/FV/OVMF_VARS.fd,index=1,if=pflash,format=raw -drive file=/root/Test/Disks/Guest8.img,format=raw,if=virtio -debugcon file:ovmf_debug.log -global isa-debugcon.iobase=0x402 -monitor stdio -nodefaults -global ICH9-LPC.disable_s3=1 -serial telnet:127.0.0.1:4556,server -vnc 0.0.0.0:1 > > > > -Aaron Young > > aaron.young@oracle.com > > > > > > > > > > > > > > >