Re: OVMF/Xen, Debian wheezy can't boot with NX on stack (Was: Re: [edk2] [PATCH] OvmfPkg: prevent code execution from DXE stack)

[Ian Campbell <ian.campbell@citrix.com>]

On Wed, 2015-09-09 at 01:06 -0600, Jan Beulich wrote:
> > > > On 09.09.15 at 00:23, <lersek@redhat.com> wrote:
> > On 09/08/15 19:26, Anthony PERARD wrote:
> > > And I get this on the console:
> > > Welcome to GRUB!
> > > 
> > > !!!! X64 Exception Type - 0E(#PF - Page-Fault)  CPU Apic ID -
> > > 00000000 !!!!
> > > RIP  - 000000000F5F8918, CS  - 0000000000000028, RFLAGS -
> > > 0000000000210206
> > > ExceptionData - 0000000000000011
> > > RAX  - 0000000000000000, RCX - 0000000007FCE000, RDX -
> > > 0000000000000000
> > > RBX  - 000000000B6092C0, RSP - 000000000F5F8590, RBP -
> > > 000000000B608EA0
> > > RSI  - 000000000F5F8838, RDI - 000000000B608EA0
> > > R8   - 0000000000000000, R9  - 000000000B609200, R10 -
> > > 0000000000000000
> > > R11  - 000000000000000A, R12 - 0000000000000000, R13 -
> > > 000000000000001B
> > > R14  - 000000000B609360, R15 - 0000000000000000
> > > DS   - 0000000000000008, ES  - 0000000000000008, FS  -
> > > 0000000000000008
> > > GS   - 0000000000000008, SS  - 0000000000000008
> > > CR0  - 0000000080000033, CR2 - 000000000F5F8918, CR3 -
> > > 000000000F597000
> > > CR4  - 0000000000000668, CR8 - 0000000000000000
> > > DR0  - 0000000000000000, DR1 - 0000000000000000, DR2 -
> > > 0000000000000000
> > > DR3  - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 -
> > > 0000000000000400
> > > GDTR - 000000000F57BF18 000000000000003F, LDTR - 0000000000000000
> > > IDTR - 000000000EEA5018 0000000000000FFF,   TR - 0000000000000000
> > > FXSAVE_STATE - 000000000F5F81F0
> > > !!!! Find PE image 
> > /build/xen-unstable/src/xen-unstable/tools/firmware/ovmf-dir
> > -remote/Build
> > /OvmfX64/DEBUG_GCC49/X64/IntelFrameworkModulePkg/Universal/StatusCode/R
> > untime
> > Dxe/StatusCodeRuntimeDxe/DEBUG/StatusCodeRuntimeDxe.dll 
> > (ImageBase=000000000F556000, EntryPoint=000000000F55628F) !!!!
> > > 
> > > I did check with other guest (Windows, Ubuntu, Debian Jessie), and
> > > they are
> > > working correctly. Debian Wheezy is the only one that fail.
> > 
> > I don't have an environment to reproduce this in. I think we should try
> > to understand this problem better, before deciding how to make it go
> > away.
> > 
> > Please locate the "StatusCodeRuntimeDxe.debug" file in your Build
> > directory (ie. under the location listed in the error report). Then,
> > please disassemble it with "objdump -S". The fault location in the
> > disassembly can be found based on RIP, ImageBase and EntryPoint;
> 
> I don't think the exact instruction at that address really matters. The
> main question appears to be why RIP and RSP both point into the
> same page (see also the subject of Anthony's mail).

I'm not 100% what is going on, but if this (executable code on stack) is
happening in grub is there something which is explicitly forbidden to UEFI
apps by the UEFI spec?

Or is it happening within UEFI itself based on a call from grub.efi?


>  I.e. we need to
> spot the entity setting the stack to a page that also contains code,
> or placing code on the stack. That's unlikely to be found by identifying
> the instruction RIP points to, but rather (sadly not part of the state
> dump) something higher up the call chain.
> 
> Jan
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel