[edk2-devel] Alignment fault in __memcpy when SbsaQemu is built uncompressed

[edk2-devel] Alignment fault in __memcpy when SbsaQemu is built uncompressed

[Rebecca Cran]

I decided to do some testing around the cost of copying vs decompressing 
and moved all the drivers in SbsaQemu into the uncompressed section (as 
described in 
https://github.com/tianocore/tianocore.github.io/wiki/ArmPkg-Compression), 
but firmware built with CLANGDWARF causes an alignment fault when 
writing the last 64 bytes in __memcpy via FvReadFile -> AllocateCopyPool 
-> InternalAllocateCopyPool -> InternalMemCopyMem -> __memcpy 
(AArch64/CopyMem.S in BaseMemoryLibOptDxe).


InternalAllocateCopyPool calls CopyMem with Memory=0x1000694d018, 
Buffer=0x10a71300, AllocationSize=274476.

The instruction that causes the fault is:

ldp x14, x15, [x4, #-64]

Where x4=0x10ab432c


The crash log is:

Synchronous Exception at 0x0000010007F48628
PC 0x010007F48628 (0x010007F42000+0x00006628) [ 0] DxeCore.dll
PC 0x010007F484CC (0x010007F42000+0x000064CC) [ 0] DxeCore.dll
PC 0x010007F4A404 (0x010007F42000+0x00008404) [ 0] DxeCore.dll
PC 0x010007F4A558 (0x010007F42000+0x00008558) [ 0] DxeCore.dll
PC 0x010007F79BF0 (0x010007F42000+0x00037BF0) [ 0] DxeCore.dll
PC 0x010007F7A210 (0x010007F42000+0x00038210) [ 0] DxeCore.dll
PC 0x0100078A192C (0x010007880000+0x0002192C) [ 1] BdsDxe.dll
PC 0x0100078A2674 (0x010007880000+0x00022674) [ 1] BdsDxe.dll
PC 0x01000789781C (0x010007880000+0x0001781C) [ 1] BdsDxe.dll
PC 0x010007898330 (0x010007880000+0x00018330) [ 1] BdsDxe.dll
PC 0x01000788C6F4 (0x010007880000+0x0000C6F4) [ 1] BdsDxe.dll
PC 0x01000788CFCC (0x010007880000+0x0000CFCC) [ 1] BdsDxe.dll
PC 0x01000788A400 (0x010007880000+0x0000A400) [ 1] BdsDxe.dll
PC 0x010007F51648 (0x010007F42000+0x0000F648) [ 2] DxeCore.dll
PC 0x010007F43654 (0x010007F42000+0x00001654) [ 2] DxeCore.dll
PC 0x010007F43024 (0x010007F42000+0x00001024) [ 2] DxeCore.dll

[ 0] 
/home/bcran/src/tiano/Build/SbsaQemu/NOOPT_CLANGDWARF/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
[ 1] 
/home/bcran/src/tiano/Build/SbsaQemu/NOOPT_CLANGDWARF/AARCH64/MdeModulePkg/Universal/BdsDxe/BdsDxe/DEBUG/BdsDxe.dll
[ 2] 
/home/bcran/src/tiano/Build/SbsaQemu/NOOPT_CLANGDWARF/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll

   X0 0x000001000694D018   X1 0x0000000010AB42F8   X2 
0xFFFFFFFFFFFFFFE4   X3 0x000001000698FFD0
   X4 0x0000000010AB432C   X5 0x0000010006990044   X6 
0x0000000000000000   X7 0x0000000000000000
   X8 0x0000000000000000   X9 0x0000000000000000  X10 
0x0000000000000000  X11 0x0000000000000000
  X12 0x0000000000000000  X13 0x0000000000000000  X14 
0x0000000000000023  X15 0x0000000000000031
  X16 0x0000010007F41DB0  X17 0x0000000000000000  X18 
0x0000000000000000  X19 0x0000000000000000
  X20 0x0000000000000000  X21 0x0000000000000000  X22 
0x0000000000000000  X23 0x0000000000000000
  X24 0x0000000000000000  X25 0x0000000000000000  X26 
0x0000000000000000  X27 0x0000000000000000
  X28 0x0000000000000000   FP 0x0000010007F41860   LR 0x0000010007F484CC

   V0 0xAFAFAFAFAFAFAFAF AFAFAFAFAFAFAFAF   V1 0xFFFFFF80FFFFFFD0 
0000010007F41540
   V2 0x0000000000000000 0000000000000000   V3 0x0000000000000000 
0000000000000000
   V4 0x0000000000000000 0000000000000000   V5 0x0000000000000000 
0000000000000000
   V6 0x0000000000000000 0000000000000000   V7 0x0000000000000000 
0000000000000000
   V8 0x0000000000000000 0000000000000000   V9 0x0000000000000000 
0000000000000000
  V10 0x0000000000000000 0000000000000000  V11 0x0000000000000000 
0000000000000000
  V12 0x0000000000000000 0000000000000000  V13 0x0000000000000000 
0000000000000000
  V14 0x0000000000000000 0000000000000000  V15 0x0000000000000000 
0000000000000000
  V16 0x0000000000000000 0000000000000000  V17 0x0000000000000000 
0000000000000000
  V18 0x0000000000000000 0000000000000000  V19 0x0000000000000000 
0000000000000000
  V20 0x0000000000000000 0000000000000000  V21 0x0000000000000000 
0000000000000000
  V22 0x0000000000000000 0000000000000000  V23 0x0000000000000000 
0000000000000000
  V24 0x0000000000000000 0000000000000000  V25 0x0000000000000000 
0000000000000000
  V26 0x0000000000000000 0000000000000000  V27 0x0000000000000000 
0000000000000000
  V28 0x0000000000000000 0000000000000000  V29 0x0000000000000000 
0000000000000000
  V30 0x0000000000000000 0000000000000000  V31 0x0000000000000000 
0000000000000000

   SP 0x0000010007F41840  ELR 0x0000010007F48628  SPSR 0x80000209 FPSR 
0x00000000
  ESR 0x96000021          FAR 0x0000000010AB42EC

  ESR : EC 0x25  IL 0x1  ISS 0x00000021

Data abort: Alignment fault

Stack dump:
   0010007F41740: 0000000000000000 0000000000000000 0000000000000000 
0000000000000000
   0010007F41760: 0000000000000000 0000000000000000 0000000000000000 
0000000000000000
   0010007F41780: 0000000000000000 0000000000000000 0000000000000000 
0000000000000000
   0010007F417A0: 0000000000000000 0000000000000000 0000000000000000 
0000000000000000
   0010007F417C0: 0000000000000000 0000000000000000 0000000000000000 
0000000000000000
   0010007F417E0: 0000000000000000 0000000000000000 0000000000000000 
0000000000000000
   0010007F41800: 0000000000000000 0000000000000000 0000010007F48618 
0000000020000209
   0010007F41820: 0000000000000000 0000000000000000 0000000000000000 
0000000000000040
 > 0010007F41840: 000000000004302C 0000000010A71300 000001000694D018 
0000010007F4A3E4
   0010007F41860: 0000010007F41890 0000010007F4A404 000001000694D018 
0000000010A71300
   0010007F41880: 000000000004302C 0000000407F4A538 0000010007F418C0 
0000010007F4A558
   0010007F418A0: 0000010007F79BF0 0000000020000209 0000000010A71300 
000000000004302C
   0010007F418C0: 0000010007F41980 0000010007F79BF0 0004302C00000000 
000001000753D098
   0010007F418E0: 0000010007F41970 0000000100000000 000000000004302C 
0000000000000000
   0010007F41900: 0000000010A71300 0000000000000000 0000000000043014 
0900000000000200
   0010007F41920: 45037614462CAA21 312366F4B68A6E83 000001000753D098 
0000000000000000
ASSERT [ArmCpuDxe] DefaultExceptionHandler.c(343): ((BOOLEAN)(0==1))


-- 
Rebecca Cran



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119677): https://edk2.groups.io/g/devel/message/119677
Mute This Topic: https://groups.io/mt/106820121/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] Alignment fault in __memcpy when SbsaQemu is built uncompressed

[Marcin Juszkiewicz]

W dniu 22.06.2024 o 20:04, Rebecca Cran pisze:
> I decided to do some testing around the cost of copying vs
> decompressing and moved all the drivers in SbsaQemu into the
> uncompressed section (as described in 
> https://github.com/tianocore/tianocore.github.io/wiki/ArmPkg-Compression),
> but firmware built with CLANGDWARF causes an alignment fault when
> writing the last 64 bytes in __memcpy via FvReadFile ->
> AllocateCopyPool -> InternalAllocateCopyPool -> InternalMemCopyMem ->
> __memcpy (AArch64/CopyMem.S in BaseMemoryLibOptDxe).

I can confirm that managed to reproduce failure. Sorry, but that's all I 
can say at the moment. No idea what is going on here.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119698): https://edk2.groups.io/g/devel/message/119698
Mute This Topic: https://groups.io/mt/106820121/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] Alignment fault in __memcpy when SbsaQemu is built uncompressed

[Ard Biesheuvel]

On Sat, 22 Jun 2024 at 20:04, Rebecca Cran <rebecca@bsdio.com> wrote:
>
> I decided to do some testing around the cost of copying vs decompressing
> and moved all the drivers in SbsaQemu into the uncompressed section (as
> described in
> https://github.com/tianocore/tianocore.github.io/wiki/ArmPkg-Compression),
> but firmware built with CLANGDWARF causes an alignment fault when
> writing the last 64 bytes in __memcpy via FvReadFile -> AllocateCopyPool
> -> InternalAllocateCopyPool -> InternalMemCopyMem -> __memcpy
> (AArch64/CopyMem.S in BaseMemoryLibOptDxe).
>
>
> InternalAllocateCopyPool calls CopyMem with Memory=0x1000694d018,
> Buffer=0x10a71300, AllocationSize=274476.
>
> The instruction that causes the fault is:
>
> ldp x14, x15, [x4, #-64]
>
> Where x4=0x10ab432c
>

It looks like the FvReadFile() call is doing a memory copy from the
firmware volume (FV), which seems to be mapped with device attributes
rather than normal memory. With a compressed image, the FV will be
decompressed to normal RAM, so this can never happen at this stage in
the boot (BDS phase)

Looking at Platform/Qemu/SbsaQemu/SbsaQemu.fdf and
Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c, the entire
flash device (FD) which should cover the uncompressed FV is mapped
with cacheable attributes, but the address in question ^^^ is outside
of the predefined window of

BaseAddress   = 0x10000000|gArmTokenSpaceGuid.PcdFdBaseAddress
Size          = 0x003C0000|gArmTokenSpaceGuid.PcdFdSize

Did you update PcdFdSize to account for the larger footprint of the FV?


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119728): https://edk2.groups.io/g/devel/message/119728
Mute This Topic: https://groups.io/mt/106820121/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] Alignment fault in __memcpy when SbsaQemu is built uncompressed

[Rebecca Cran]

On 6/29/24 9:26 AM, Ard Biesheuvel wrote:

> It looks like the FvReadFile() call is doing a memory copy from the
> firmware volume (FV), which seems to be mapped with device attributes
> rather than normal memory. With a compressed image, the FV will be
> decompressed to normal RAM, so this can never happen at this stage in
> the boot (BDS phase)
>
> Looking at Platform/Qemu/SbsaQemu/SbsaQemu.fdf and
> Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c, the entire
> flash device (FD) which should cover the uncompressed FV is mapped
> with cacheable attributes, but the address in question ^^^ is outside
> of the predefined window of
>
> BaseAddress   = 0x10000000|gArmTokenSpaceGuid.PcdFdBaseAddress
> Size          = 0x003C0000|gArmTokenSpaceGuid.PcdFdSize
>
> Did you update PcdFdSize to account for the larger footprint of the FV?


I updated the .fdf file to set the Size to 0x00EC0000 and updated the 
NumBlocks, offsets etc.


-- 
Rebecca Cran



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119729): https://edk2.groups.io/g/devel/message/119729
Mute This Topic: https://groups.io/mt/106820121/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-