Project

General

Profile

Actions

Bug #3236

closed

Panic running efivar

Added by daftaupe almost 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
04/30/2020
Due date:
% Done:

0%

Estimated time:

Description

Hello,

I tried loading the efirt module then running efivar but got a panic.

Got the following backtrace when using the dump I got (kgdb then bt) :

(kgdb) bt
#0 _get_mycpu () at ./machine/thread.h:69
#1 panic (fmt=fmt@entry=0xffffffff805dce3e "%s") at /usr/src/sys/kern/kern_shutdown.c:868
#2 0xffffffff8058333e in trap_fatal (frame=frame@entry=0xfffff800bc3195e8, eva=2129260136) at /usr/src/sys/platform/pc64/x86_64/trap.c:1116
#3 0xffffffff8058374c in trap_pfault (frame=0xfffff800bc3195e8, usermode=0) at /usr/src/sys/platform/pc64/x86_64/trap.c:943
#4 0xffffffff8055f9ea in calltrap () at /usr/src/sys/platform/pc64/x86_64/exception.S:321
#5 0xffffffff82000d53 in efi_var_nextname (namesize=namesize@entry=0xfffff800bc319870, name=name@entry=0xfffff800bc8f2c00, vendor=vendor@entry=0xfffff800bc319878)
at /usr/src/sys/dev/misc/efirt/../../../platform/pc64/x86_64/efirt.c:562
#6 0xffffffff82000fd3 in efidev_ioctl (ap=<optimized out>) at /usr/src/sys/dev/misc/efirt/efidev.c:146
#7 0xffffffff802b6d35 in dev_dioctl (dev=dev@entry=0xfffff80066c86700, cmd=cmd@entry=3224913157, data=data@entry=0xfffff800bc319868 "", fflag=<optimized out>,
cred=cred@entry=0xfffff8004676ddb0, msg=msg@entry=0xfffff800bc319960, fp=0xfffff800770f1d00) at /usr/src/sys/kern/kern_device.c:251
#8 0xffffffff8042e555 in devfs_fo_ioctl (fp=0xfffff800770f1d00, com=3224913157, data=0xfffff800bc319868 "", ucred=0xfffff8004676ddb0, msg=0xfffff800bc319960)
at /usr/src/sys/vfs/devfs/devfs_vnops.c:1548
#9 0xffffffff80321d1b in fo_ioctl (msg=0xfffff800bc319960, cred=<optimized out>, data=<optimized out>, com=<optimized out>, fp=0xfffff800770f1d00) at /usr/src/sys/sys/file2.h:84
#10 mapped_ioctl (fd=<optimized out>, com=<optimized out>, uspc_data=<optimized out>, map=0x0, msg=<optimized out>) at /usr/src/sys/kern/sys_generic.c:717
#11 0xffffffff80584856 in syscall2 (frame=0xfffff800bc3199f8) at /usr/src/sys/platform/pc64/x86_64/trap.c:1317
#12 0xffffffff805601fd in Xfast_syscall () at /usr/src/sys/platform/pc64/x86_64/exception.S:450
#13 0x000000000000002b in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Is that enough info ?

Actions #1

Updated by swildner almost 4 years ago

Actions #2

Updated by dillon almost 4 years ago

Looks like it may be trying to access a userspace address without using copyout(). SMAP caught it. I'm looking at it now.

-Matt

Actions #3

Updated by dillon almost 4 years ago

  • Status changed from New to Closed

Fix pushed to master and cherry-picked over to release. The SMAP/SMEP protections were interfering with the EFI code, both have to be disabled along with additional failsafe checks done in trap() to allow the page fault to proceed. This is because the direct mapping for the EFI address space uses user-space addresses.

-Matt

Actions

Also available in: Atom PDF