From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web10.2908.1689151294916741583 for ; Wed, 12 Jul 2023 01:41:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=AmmoNyKk; spf=pass (domain: redhat.com, ip: 170.10.133.124, mailfrom: kraxel@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1689151294; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=Uu2cgZrl+mtWsO2UO6+k6RuKRELTPtcEmy1ITasb9b0=; b=AmmoNyKk8gYO9s5X63/nBdSpwv5YmBl0Z/WSXbjBurR+x9wVZuGgw8o65OCjEnoKHLCVRe 6krASnAUpo5g+SCYR0Xmcx3SVsm/KxE2Pf4VY0sntNxxgbvloHZFtWlUGU6npybzfxmcgB z78nyZg38mF0MZ8URan9+Dd6IqFxU0Y= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-510-VeHepPE4M_2qWbO-fs3X1A-1; Wed, 12 Jul 2023 04:41:30 -0400 X-MC-Unique: VeHepPE4M_2qWbO-fs3X1A-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 713A48FBA22; Wed, 12 Jul 2023 08:41:30 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.193.252]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4379E40C2063; Wed, 12 Jul 2023 08:41:30 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id C8E4C1800632; Wed, 12 Jul 2023 10:41:28 +0200 (CEST) Date: Wed, 12 Jul 2023 10:41:28 +0200 From: "Gerd Hoffmann" To: devel@edk2.groups.io, Ard Biesheuvel Subject: heap/page guard broken on aarch64 Message-ID: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi, Tried to debug a bug which looks like memory corruption, turned on page and heap guard: PcdHeapGuardPageType=0x7e PcdHeapGuardPoolType=0x7e PcdHeapGuardPropertyMask=0x03 With that the firmware crashes due to a page fault. Stack trace (with PCs manually mapped to functions): PC 0x000047730268 (0x000047711000+0x0001F268) [ 0] DxeCore.dll -> InternalMemSetMem PC 0x00004771F4EC (0x000047711000+0x0000E4EC) [ 0] DxeCore.dll -> CoreConvertPagesEx PC 0x00004771FED4 (0x000047711000+0x0000EED4) [ 0] DxeCore.dll -> CoreFreePoolPagesI PC 0x000047721368 (0x000047711000+0x00010368) [ 0] DxeCore.dll -> CoreFreePoolI PC 0x000047721564 (0x000047711000+0x00010564) [ 0] DxeCore.dll -> CoreInternalFreePool PC 0x00004772160C (0x000047711000+0x0001060C) [ 0] DxeCore.dll -> CoreFreePool PC 0x00007C574338 (0x00007C560000+0x00014338) [ 1] VariableRuntimeDxe.dll -> FreePool PC 0x00007C574F8C (0x00007C560000+0x00014F8C) [ 1] VariableRuntimeDxe.dll -> ReallocateRuntimePool PC 0x00007C574FE0 (0x00007C560000+0x00014FE0) [ 1] VariableRuntimeDxe.dll -> VarCheckAddTableEntry PC 0x00007C575FF0 (0x00007C560000+0x00015FF0) [ 1] VariableRuntimeDxe.dll -> VarCheckLibVariablePropertySet PC 0x00007C5760B8 (0x00007C560000+0x000160B8) [ 1] VariableRuntimeDxe.dll -> VarCheckUefiLibNullClassConstructor PC 0x00007C578828 (0x00007C560000+0x00018828) [ 1] VariableRuntimeDxe.dll -> _ModuleEntryPoint PC 0x000047718788 (0x000047711000+0x00007788) [ 2] DxeCore.dll -> CoreStartImage PC 0x000047725CC8 (0x000047711000+0x00014CC8) [ 2] DxeCore.dll -> CoreDispatcher PC 0x00004771BFF0 (0x000047711000+0x0000AFF0) [ 2] DxeCore.dll -> _ModuleEntryPoint Some debug logging added shows that the faulting address is right after the memory block which gets freed, looks like the code tries to clear the guard page ... edk2-stable202305 is broken. edk2-stable202302 works. Trying to bisect did not work due to another bug. take care, Gerd