Bug #3236
closed
Panic running efivar
0%
Description
Hello,
I tried loading the efirt module then running efivar but got a panic.
Got the following backtrace when using the dump I got (kgdb then bt) :
(kgdb) bt
#0 _get_mycpu () at ./machine/thread.h:69
#1 panic (fmt=fmt@entry=0xffffffff805dce3e "%s") at /usr/src/sys/kern/kern_shutdown.c:868
#2 0xffffffff8058333e in trap_fatal (frame=frame@entry=0xfffff800bc3195e8, eva=2129260136) at /usr/src/sys/platform/pc64/x86_64/trap.c:1116
#3 0xffffffff8058374c in trap_pfault (frame=0xfffff800bc3195e8, usermode=0) at /usr/src/sys/platform/pc64/x86_64/trap.c:943
#4 0xffffffff8055f9ea in calltrap () at /usr/src/sys/platform/pc64/x86_64/exception.S:321
#5 0xffffffff82000d53 in efi_var_nextname (namesize=namesize@entry=0xfffff800bc319870, name=name@entry=0xfffff800bc8f2c00, vendor=vendor@entry=0xfffff800bc319878)
at /usr/src/sys/dev/misc/efirt/../../../platform/pc64/x86_64/efirt.c:562
#6 0xffffffff82000fd3 in efidev_ioctl (ap=<optimized out>) at /usr/src/sys/dev/misc/efirt/efidev.c:146
#7 0xffffffff802b6d35 in dev_dioctl (dev=dev@entry=0xfffff80066c86700, cmd=cmd@entry=3224913157, data=data@entry=0xfffff800bc319868 "", fflag=<optimized out>,
cred=cred@entry=0xfffff8004676ddb0, msg=msg@entry=0xfffff800bc319960, fp=0xfffff800770f1d00) at /usr/src/sys/kern/kern_device.c:251
#8 0xffffffff8042e555 in devfs_fo_ioctl (fp=0xfffff800770f1d00, com=3224913157, data=0xfffff800bc319868 "", ucred=0xfffff8004676ddb0, msg=0xfffff800bc319960)
at /usr/src/sys/vfs/devfs/devfs_vnops.c:1548
#9 0xffffffff80321d1b in fo_ioctl (msg=0xfffff800bc319960, cred=<optimized out>, data=<optimized out>, com=<optimized out>, fp=0xfffff800770f1d00) at /usr/src/sys/sys/file2.h:84
#10 mapped_ioctl (fd=<optimized out>, com=<optimized out>, uspc_data=<optimized out>, map=0x0, msg=<optimized out>) at /usr/src/sys/kern/sys_generic.c:717
#11 0xffffffff80584856 in syscall2 (frame=0xfffff800bc3199f8) at /usr/src/sys/platform/pc64/x86_64/trap.c:1317
#12 0xffffffff805601fd in Xfast_syscall () at /usr/src/sys/platform/pc64/x86_64/exception.S:450
#13 0x000000000000002b in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
Is that enough info ?
Updated by swildner over 4 years ago
FWIW, I have bisected it and the first bad commit is this one:
https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/921ef7b6495969fa8fb02d6b7ec9b34d80c01c6c
Updated by dillon over 4 years ago
Looks like it may be trying to access a userspace address without using copyout(). SMAP caught it. I'm looking at it now.
-Matt
Updated by dillon over 4 years ago
- Status changed from New to Closed
Fix pushed to master and cherry-picked over to release. The SMAP/SMEP protections were interfering with the EFI code, both have to be disabled along with additional failsafe checks done in trap() to allow the page fault to proceed. This is because the direct mapping for the EFI address space uses user-space addresses.
-Matt