Page MenuHomeFreeBSD

amd64 efi rt: handle #BP
ClosedPublic

Authored by kib on Nov 21 2024, 5:01 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Oct 18, 3:27 PM
Unknown Object (File)
Wed, Oct 15, 11:02 PM
Unknown Object (File)
Wed, Oct 15, 11:02 PM
Unknown Object (File)
Wed, Oct 15, 11:02 PM
Unknown Object (File)
Sat, Oct 11, 5:56 AM
Unknown Object (File)
Wed, Oct 1, 3:23 PM
Unknown Object (File)
Sat, Sep 27, 5:29 PM
Unknown Object (File)
Fri, Sep 26, 6:21 PM
Subscribers

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

kib requested review of this revision.Nov 21 2024, 5:01 AM
sys/amd64/amd64/trap.c
613

I think the check has to come before kdb_trap().

Reorder checks. Explain why I did not wanted to do it initially.

I suppose this is ok, but it'd be nice to understand the problem a bit better. Do all EFI calls trap, or just GetTime? Perhaps we should have a dedicated flag for catching this, instead of overloading TDF_NOFAULTING.

This revision is now accepted and ready to land.Nov 21 2024, 6:49 PM

Also, isn't loader susceptible to the same problem?

Loader runs in efi context as a process. Any traps are handled by the FW in handlers they set up, no?

Also I don't think the loader gets time or reboots the system... though it does call the variable runtime routines

Reformulating what @imp said, loader is executing in EFI boot services environment, while EFI RT is EFI runtime services client. The switch of the environment is supposed to pass ownership of the machine to OS, and also the rt code must be relocated. The later is known to be often buggy. This is why I implemented onfault handling for RT calls.

Executing INT3 from RT code seems to be a deliberate action, sort of assert(). I am not sure it is productive to try to debug the BIOS.

Mark rt call region with TDP_EFIRT. It allows to not depend on the implementation detail of disabling page faults in the region.

This revision now requires review to proceed.Nov 21 2024, 7:42 PM
markj added inline comments.
sys/amd64/amd64/trap.c
608

Maybe we should skip this path if frame->tf_rip >= KERNBASE.

This revision is now accepted and ready to land.Nov 21 2024, 7:50 PM
sys/amd64/amd64/trap.c
608

I am not sure. Right now the fact that RT mappings are all fit into userspace portion of VA is an implementation detail, and there is some desire to allow for (almost) arbitrary mappings. This would be a small obstacle, of course, but pcb_onfault is set very late, so tf_rip check would not improve the situation with kdb.

I'd meant to click 'Accept Changes' but got busy, for what it's worth.

sys/amd64/amd64/trap.c
608

I think we should not skip mark's proposal. When we're calling EFIRT, we have the FW's map in place. When that map is in place, KERNBASE isn't necessarily meaningful (though I think that it might be in the current map). When we fully support LinuxBoot, for example, we'll need to have mappings that are effectively arbitrary (though to date, I've not seen any KERBASE or bigger addresses). I'm curious when we'd see it when TDP_EFIRT is set....

sys/amd64/amd64/trap.c
608

Sorry, I do not quite follow the text. Initially it seems that you are pro adding the restriction for %rip to the check. But the later part sounds as vaguely debating it.

As I noted above, the difference between presence and absence of the check right now is for coverage of dozen or less instructions in the asm trampoline between setting pcb_onfault, and the moment when the transfer to the EFI code is really made (and returning/fault catching section).