Re: Boot with EFI stub fails on VMWare during decompression

public inbox for linux-efi@vger.kernel.org
 help / color / mirror / Atom feed

From: "Bruno Prémont" <bonbons-ud5FBsm0p/xEiooADzr8i9i2O/JbrIOy@public.gmane.org>
To: Matt Fleming <matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
Cc: linux-efi <linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: Boot with EFI stub fails on VMWare during decompression
Date: Wed, 21 Jan 2015 14:54:20 +0100	[thread overview]
Message-ID: <20150121145420.76511d61@pluto.restena.lu> (raw)
In-Reply-To: <20150120190238.GB12079-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>

On Tue, 20 Jan 2015 19:02:38 +0000 Matt Fleming wrote:
> On Fri, 16 Jan, at 11:03:44AM, Bruno Prémont wrote:
> > Register dump:
> > rax            0x1000   4096
> > rbx            0x23f78cb        37714123
> > rcx            0x0      0
> > rdx            0x0      0
> > rsi            0x0      0
> > rdi            0x23f7863        37714019
> > rbp            0x1a363b4        0x1a363b4
> > rsp            0x2404b20        0x2404b20
> > r8             0x2404ee0        37768928
> > r9             0x4      4
> > r10            0x3      3
> > r11            0x9      9
> > r12            0x13dcbbc        20827068
> > r13            0x1e000000       503316480      (this seems to point to decompressed kernel)
> 
> [...]
>  
> > while on the failing one I get (just enough efi_printk to cause kernel to boot):
> > [    0.000000] efi: EFI v2.30 by VMware, Inc.
> > [    0.000000] efi:  SMBIOS=0x1ffaf000  ACPI 2.0=0x1ff9f000 
> > [    0.000000] efi: mem00: [ACPI Memory NVS    |   |  |  |  |   |WB|WT|WC|UC] range=[0x0000000000000000-0x0000000000001000) (0MB)
> 
> [..]
> 
> > [    0.000000] efi: mem23: [Boot Data          |   |  |  |  |   |WB|WT|WC|UC] range=[0x000000001dee8000-0x000000001e547000) (6MB)
> 
> Oops. It sure looks like the EFI boot stub is trashing an EFI boot data
> region. That would certainly explain the memory corruption you're seeing
> (since the firmware assumes no one else is touch its data areas).
> 
> By any chance have you modified CONFIG_PHYSICAL_START in your .config?

As mentioned in the other mail, it's left at default value:
  CONFIG_PHYSICAL_START=0x1000000

> The suspect code is probably this from
> arch/x86/boot/compressed/head_64.S:
> 
> ---
> 
> 	/*
> 	 * Compute the decompressed kernel start address.  It is where
> 	 * we were loaded at aligned to a 2M boundary. %rbp contains the
> 	 * decompressed kernel start address.
> 	 *
> 	 * If it is a relocatable kernel then decompress and run the kernel
> 	 * from load address aligned to 2MB addr, otherwise decompress and
> 	 * run the kernel from LOAD_PHYSICAL_ADDR
> 	 *
> 	 * We cannot rely on the calculation done in 32-bit mode, since we
> 	 * may have been invoked via the 64-bit entry point.
> 	 */
> 
> 	/* Start with the delta to where the kernel will run at. */
> #ifdef CONFIG_RELOCATABLE

I've put a breakpoint here (hlt-loop) and have following details:

(gdb) info registers
rax            0x0      0
rbx            0x1e53ae18       508800536
rcx            0xffffffff       4294967295
rdx            0x1ded8f98       502108056
rsi            0x1000   4096
rdi            0xffffffff       4294967295
rbp            0x1c003e00       0x1c003e00
rsp            0x1ffd7b68       0x1ffd7b68
r8             0x0      0
r9             0x0      0
r10            0x0      0
r11            0x0      0
r12            0x1ffd7dc8       536706504
r13            0x1ffd7dc0       536706496
r14            0x0      0
r15            0x1ffd7dc0       536706496
rip            0x10002ad        0x10002ad
eflags         0x46     [ PF ZF ]
cs             0x18     24
ss             0x0      0
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0
(gdb) disassemble /r 0x10002ac,+64
Dump of assembler code from 0x10002ac to 0x10002ec:
   0x00000000010002ac:  f4      hlt    
=> 0x00000000010002ad:  eb fd   jmp    0x10002ac
   0x00000000010002af:  48 8d 2d 4a fd ff ff    lea    -0x2b6(%rip),%rbp        # 0x1000000
   0x00000000010002b6:  8b 86 30 02 00 00       mov    0x230(%rsi),%eax
   0x00000000010002bc:  ff c8   dec    %eax
   0x00000000010002be:  48 01 c5        add    %rax,%rbp
   0x00000000010002c1:  48 f7 d0        not    %rax
   0x00000000010002c4:  48 21 c5        and    %rax,%rbp
   0x00000000010002c7:  48 81 fd 00 00 00 01    cmp    $0x1000000,%rbp
   0x00000000010002ce:  7d 07   jge    0x10002d7
   0x00000000010002d0:  48 c7 c5 00 00 00 01    mov    $0x1000000,%rbp
   0x00000000010002d7:  48 8d 9d 00 60 a3 00    lea    0xa36000(%rbp),%rbx
   0x00000000010002de:  48 8d a3 00 ec 9c 00    lea    0x9cec00(%rbx),%rsp
   0x00000000010002e5:  6a 00   pushq  $0x0
   0x00000000010002e7:  9d      popfq  
   0x00000000010002e8:  56      push   %rsi
   0x00000000010002e9:  48 8d 35 08 29 9c 00    lea    0x9c2908(%rip),%rsi        # 0x19c2bf8


> 	leaq	startup_32(%rip) /* - $startup_32 */, %rbp
> 	movl	BP_kernel_alignment(%rsi), %eax
> 	decl	%eax
> 	addq	%rax, %rbp
> 	notq	%rax
> 	andq	%rax, %rbp
> 	cmpq	$LOAD_PHYSICAL_ADDR, %rbp
> 	jge	1f
> #endif
> 	movq	$LOAD_PHYSICAL_ADDR, %rbp
> 1:
> 
> You may want to snoop around this code to make sure that we're not
> making some crazy calculation mistakes wrt where we decompress the
> kernel.

So the default LOAD_PHYSICAL_ADDR is being selected/used.

This all happens after efi_main() as far as I can understand.
Is there a way to let efi_printk() do string formatting? It should have
both source and destination addresses as it is doing the relocation (or at
least one step of it).

Bruno

next prev parent reply	other threads:[~2015-01-21 13:54 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-01-16 10:03 Boot with EFI stub fails on VMWare during decompression Bruno Prémont
     [not found] ` <20150116110344.715cc887-I2t2yFIzmohO7ya8xxV06g@public.gmane.org>
2015-01-16 11:15   ` Bruno Prémont
     [not found]     ` <20150116121545.56e4454b-I2t2yFIzmohO7ya8xxV06g@public.gmane.org>
2015-01-16 14:42       ` Bruno Prémont
2015-01-20 19:02   ` Matt Fleming
     [not found]     ` <20150120190238.GB12079-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
2015-01-21  7:09       ` Bruno Prémont
2015-01-21 13:54       ` Bruno Prémont [this message]
     [not found]         ` <20150121145420.76511d61-I2t2yFIzmohO7ya8xxV06g@public.gmane.org>
2015-01-26 11:23           ` Matt Fleming

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150121145420.76511d61@pluto.restena.lu \
    --to=bonbons-ud5fbsm0p/xeiooadzr8i9i2o/jbrioy@public.gmane.org \
    --cc=linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox