-
Bug
-
Resolution: Done-Errata
-
Major
-
rhel-9.5
-
grub2-2.06-92.el9
-
None
-
Moderate
-
rhel-sst-desktop-firmware-bootloaders
-
ssg_display
-
3
-
False
-
-
None
-
None
-
-
aarch64
-
None
What were you trying to do that didn't work?
A UEFI permission fault occurs when the aarch64 grub attempts to execute the first instruction in the kernel when the system has UEFI NX enforcing FW.
This problem was originally noted by rhn-engineering-ghoffman when testing RHEL-25537 and was originally suspected to be a kernel problem by RHEL-39186.
Please provide the package NVR for which bug is seen:
grub2-efi-aa64-2.06-82.el9.aarch64
How reproducible:
100%
Steps to reproduce
- Install an UEFI NX enforcing OVMF by installing the Fedora 40 edk2-experimental-20240524-4.fc40.noarch rpm on a RHEL 9.5 aarch64 system.
- Create a VM using that installed UEFI NX enforcing OVMF, e.g.
virt-install --name arm64-nx-guest \
--vcpus=4 --memory 8192 \
--boot loader=/usr/share/edk2/experimental/QEMU_EFI-strictnx-pflash.raw,loader.readonly=yes,loader.type=pflash,nvram.template=/usr/share/edk2/aarch64/vars-template-pflash.raw \
--boot bootmenu.enable=on \
--graphics none \
--disk /home/virtimages/arm64-guest.img,size=100,sparse=yes \
--os-variant=rhel9.4 \
--location /home/downloads/RHEL-9.5.0-20240708.2-aarch64-dvd1.iso \
--autoconsole text \
--install kernel_args="console=ttyS0" \
--extra-args "console=ttyS0"
Actual results
Example results, with grub debug=linux
*Red Hat Enterprise Linux (5.14.0-481.rhel39186.lss001.el9.aarch64) 9.5 (Pl>
loader/arm64/linux.c:62: UEFI stub kernel:
loader/arm64/linux.c:63: PE/COFF header @ 00000040
loader/arm64/linux.c:338: num_sections : 2
loader/arm64/linux.c:341: raw_size : 12644352
loader/arm64/linux.c:343: virt_size : 12644352
loader/arm64/linux.c:341: raw_size : 512
loader/arm64/linux.c:343: virt_size : 263168
loader/arm64/linux.c:394: kernel mem size : 12911616
loader/arm64/linux.c:395: kernel entry offset : 11432
loader/arm64/linux.c:396: kernel alignment : 0x1000
loader/arm64/linux.c:397: kernel size : 0xc10200
loader/arm64/linux.c:407: kernel numpages: 3154
loader/arm64/linux.c:415: kernel @ 0x2394bc000
loader/arm64/linux.c:289: Loading initrd
loader/arm64/linux.c:251: max_addr: 0x0000000040000000,
INITRD_MAX_ADDRESS_OFFSET: 0x0000000800000000
loader/arm64/linux.c:255: calling grub_efi_allocate_pages_real
(0x000000083fffffff, 0x00003071, EFI_ALLOCATE_MAX_ADDRESS, EFI_LOADER_DATA)
loader/arm64/linux.c:260: got 0x000000023644b000
GetMemoryAttributes: BaseAddress == 0x23C117000, Length == 0x1000
GetMemoryAttributes: RegionAddress == 0x23C117000, RegionLength == 0x14000, RegionAttributes == 0x78C
GetMemoryAttributes: Union == 78C, Intersection == 78C
GetMemoryAttributes: BaseAddress == 0x47674000, Length == 0x1000
GetMemoryAttributes: RegionAddress == 0x47674000, RegionLength == 0x3000, RegionAttributes == 0x6000000000070C
GetMemoryAttributes: Union == 6000000000070C, Intersection == 6000000000070C
UpdateRegionMappingRecursive(0): 23634B000 - 23644B000 set 400 clr FF9F000000000B3F
UpdateRegionMappingRecursive(1): 23634B000 - 23644B000 set 400 clr FF9F000000000B3F
UpdateRegionMappingRecursive(2): 23634B000 - 23644B000 set 400 clr FF9F000000000B3F
UpdateRegionMappingRecursive(3): 236200000 - 236400000 set 6000000000070C clr 0
UpdateRegionMappingRecursive(3): 23634B000 - 236400000 set 400 clr FF9F000000000B3F
UpdateRegionMappingRecursive(3): 236400000 - 236600000 set 6000000000070C clr 0
UpdateRegionMappingRecursive(3): 236400000 - 23644B000 set 400 clr FF9F000000000B3F
GetMemoryAttributes: BaseAddress == 0x23C117000, Length == 0x1000
GetMemoryAttributes: RegionAddress == 0x23C117000, RegionLength == 0x14000, RegionAttributes == 0x78C
GetMemoryAttributes: Union == 78C, Intersection == 78C
GetMemoryAttributes: BaseAddress == 0x47674000, Length == 0x1000
GetMemoryAttributes: RegionAddress == 0x47674000, RegionLength == 0x3000, RegionAttributes == 0x6000000000070C
GetMemoryAttributes: Union == 6000000000070C, Intersection == 6000000000070C
UpdateRegionMappingRecursive(0): 23624B000 - 23634B000 set 400 clr FF9F000000000B3F
UpdateRegionMappingRecursive(1): 23624B000 - 23634B000 set 400 clr FF9F000000000B3F
UpdateRegionMappingRecursive(2): 23624B000 - 23634B000 set 400 clr FF9F000000000B3F
UpdateRegionMappingRecursive(3): 23624B000 - 23634B000 set 400 clr FF9F000000000B3F
GetMemoryAttributes: BaseAddress == 0x23C117000, Length == 0x1000
GetMemoryAttributes: RegionAddress == 0x23C117000, RegionLength == 0x14000, RegionAttributes == 0x78C
GetMemoryAttributes: Union == 78C, Intersection == 78C
GetMemoryAttributes: BaseAddress == 0x47674000, Length == 0x1000
GetMemoryAttributes: RegionAddress == 0x47674000, RegionLength == 0x3000, RegionAttributes == 0x6000000000070C
GetMemoryAttributes: Union == 6000000000070C, Intersection == 6000000000070C
UpdateRegionMappingRecursive(0): 23614B000 - 23624B000 set 400 clr FF9F000000000B3F
UpdateRegionMappingRecursive(1): 23614B000 - 23624B000 set 400 clr FF9F000000000B3F
UpdateRegionMappingRecursive(2): 23614B000 - 23624B000 set 400 clr FF9F000000000B3F
UpdateRegionMappingRecursive(3): 236000000 - 236200000 set 6000000000070C clr 0
UpdateRegionMappingRecursive(3): 23614B000 - 236200000 set 400 clr FF9F000000000B3F
UpdateRegionMappingRecursive(3): 236200000 - 23624B000 set 400 clr FF9F000000000B3F
GetMemoryAttributes: BaseAddress == 0x23C117000, Length == 0x1000
GetMemoryAttributes: RegionAddress == 0x23C117000, RegionLength == 0x14000, RegionAttributes == 0x78C
GetMemoryAttributes: Union == 78C, Intersection == 78C
GetMemoryAttributes: BaseAddress == 0x47674000, Length == 0x1000
GetMemoryAttributes: RegionAddress == 0x47674000, RegionLength == 0x3000, RegionAttributes == 0x6000000000070C
GetMemoryAttributes: Union == 6000000000070C, Intersection == 6000000000070C
UpdateRegionMappingRecursive(0): 23604B000 - 23614B000 set 400 clr FF9F000000000B3F
UpdateRegionMappingRecursive(1): 23604B000 - 23614B000 set 400 clr FF9F000000000B3F
UpdateRegionMappingRecursive(2): 23604B000 - 23614B000 set 400 clr FF9F000000000B3F
UpdateRegionMappingRecursive(3): 23604B000 - 23614B000 set 400 clr FF9F000000000B3F
loader/arm64/linux.c:305: [addr=0x23644b000, size=0x3070553]
loader/efi/fdt.c:65: allocating 1155 bytes for fdt
loader/arm64/linux.c:96: Initrd @ 0x23644b000-0x2394bb553
loader/arm64/linux.c:123: Installed/updated FDT configuration table @
0x23c730000
loader/arm64/linux.c:181: linux command line:
'BOOT_IMAGE=(hd0,gpt2)/vmlinuz-5.14.0-481.rhel39186.lss001.el9.aarch64
root=UUID=fc792a58-5195-432e-ad0f-370bb5fb7ce9 ro
crashkernel=1G-4G:256M,4G-64G:320M,64G-:576M console=ttyS0'
loader/efi/linux.c:167: kernel_addr: 0x2394bc000 handover_offset: 0x2ca8
params: 0x2394bc000
GetMemoryAttributes: BaseAddress == 0x2394BC000, Length == 0x1000
GetMemoryAttributes: RegionAddress == 0x239400000, RegionLength == 0xC00000, RegionAttributes == 0x6000000000070C
GetMemoryAttributes: Union == 6000000000070C, Intersection == 6000000000070C
GetMemoryAttributes: BaseAddress == 0x47674000, Length == 0x1000
GetMemoryAttributes: RegionAddress == 0x47674000, RegionLength == 0x3000, RegionAttributes == 0x6000000000070C
GetMemoryAttributes: Union == 6000000000070C, Intersection == 6000000000070C
ClearMemoryAttributes: BaseAddress == 0x47674000, Length == 0x1000, Attributes == 0x26000
UpdateRegionMappingRecursive(0): 47674000 - 47675000 set 400 clr FF9F000000000F3F
UpdateRegionMappingRecursive(1): 47674000 - 47675000 set 400 clr FF9F000000000F3F
UpdateRegionMappingRecursive(2): 47674000 - 47675000 set 400 clr FF9F000000000F3F
UpdateRegionMappingRecursive(3): 47674000 - 47675000 set 400 clr FF9F000000000F3F
GetMemoryAttributes: BaseAddress == 0x47674000, Length == 0x1000
GetMemoryAttributes: RegionAddress == 0x47674000, RegionLength == 0x1000, RegionAttributes == 0x70C
GetMemoryAttributes: Union == 70C, Intersection == 70C
GetMemoryAttributes: BaseAddress == 0x47674000, Length == 0x1000
GetMemoryAttributes: RegionAddress == 0x47674000, RegionLength == 0x1000, RegionAttributes == 0x70C
GetMemoryAttributes: Union == 70C, Intersection == 70C
Synchronous Exception at 0x00000002394BECA8
PC 0x0002394BECA8
PC 0x00023BF02604
PC 0x00023BF00B38
PC 0x00023BF00BC4
PC 0x00023C0E2058
PC 0x00023C0E2674
PC 0x00023C0E2738
PC 0x00023C0556E4
PC 0x00023C056350
PC 0x00023C0574F0
PC 0x00023C05754C
PC 0x00023C04F9A0
PC 0x00023C028148
PC 0x00023C069A74
PC 0x00023C0692C0
PC 0x00023C069C18
PC 0x00023C0692C0
PC 0x00023C06A12C
PC 0x00023C06613C
PC 0x00023C04F594
PC 0x00023C04F8FC
PC 0x00023C04FA6C
PC 0x00023C04FCC0
PC 0x00023C04FE48
PC 0x00023C04FE90
PC 0x00023C12424C
PC 0x00023C124D7C
PC 0x00023C124F80
PC 0x00023C658570
PC 0x00023C658620
PC 0x00023C659890
PC 0x00023C656030
PC 0x00004767DC28 (0x000047676000+0x00007C28) [ 1] DxeCore.dll
PC 0x00023FCC2BD0 (0x00023FCBC000+0x00006BD0) [ 2] BdsDxe.dll
PC 0x00023FCC49D4 (0x00023FCBC000+0x000089D4) [ 2] BdsDxe.dll
PC 0x00004768001C (0x000047676000+0x0000A01C) [ 3] DxeCore.dll
[ 1] /builddir/build/BUILD/edk2-3e722403cd16/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
[ 2] /builddir/build/BUILD/edk2-3e722403cd16/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Universal/BdsDxe/BdsDxe/DEBUG/BdsDxe.dll
[ 3] /builddir/build/BUILD/edk2-3e722403cd16/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
X0 0x000000023F00DB18 X1 0x000000023FFD0018 X2 0x00000002394BC000 X3 0x00000002394BECA8
X4 0x000000023F00DB18 X5 0x000000023BF046B8 X6 0x000000023BF046C8 X7 0x000000023BF046D0
X8 0x0000000000000002 X9 0x0000000000000001 X10 0x0000000000000002 X11 0x00000000000000FF
X12 0x0000000000000002 X13 0x0000000000000000 X14 0x0000000000000000 X15 0x0000000000000000
X16 0x000000023FD2D290 X17 0x0000000050E1937B X18 0x0000000000000011 X19 0x000000023C6DA000
X20 0x0000000000000000 X21 0x000000023F00DB18 X22 0x000000023C6EE288 X23 0x000000023F00DB18
X24 0x0000000047675A40 X25 0x000000023C6EE288 X26 0x000000023C6EE350 X27 0x000000023C6EE358
X28 0x000000023C6EE360 FP 0x0000000047675280 LR 0x000000023BF02604
V0 0x0000000000000001 0002000000000030 V1 0x0000000000000000 0000000000000043
V2 0x7363732F332C3140 6567646972622D69 V3 0x0000000000000000 0000000000000000
V4 0x0000000000100000 0000000000000000 V5 0x4010040140100401 4010040140100401
V6 0x0010000000000000 0010000000000000 V7 0x0000000000000000 0000000000000000
V8 0x0000000000000000 0000000000000000 V9 0x0000000000000000 0000000000000000
V10 0x0000000000000000 0000000000000000 V11 0x0000000000000000 0000000000000000
V12 0x0000000000000000 0000000000000000 V13 0x0000000000000000 0000000000000000
V14 0x0000000000000000 0000000000000000 V15 0x0000000000000000 0000000000000000
V16 0x0000000000000000 0000000000000000 V17 0x0000000000000000 0000000000000000
V18 0x0000000000000000 0000000000000000 V19 0x0000000000000000 0000000000000000
V20 0x0000000000000000 0000000000000000 V21 0x0000000000000000 0000000000000000
V22 0x0000000000000000 0000000000000000 V23 0x0000000000000000 0000000000000000
V24 0x0000000000000000 0000000000000000 V25 0x0000000000000000 0000000000000000
V26 0x0000000000000000 0000000000000000 V27 0x0000000000000000 0000000000000000
V28 0x0000000000000000 0000000000000000 V29 0x000000023FABA5A0 000000023FAB8124
V30 0x0000000047675830 0000000047675830 V31 0xFFFFFF80FFFFFFD0 0000000047675800
SP 0x0000000047675280 ELR 0x00000002394BECA8 SPSR 0x60000205 FPSR 0x00000000
ESR 0x8600000E FAR 0x00000002394BECA8
ESR : EC 0x21 IL 0x1 ISS 0x0000000E
Instruction abort: Permission fault, second level
Stack dump:
0000047675180: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
00000476751A0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
00000476751C0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
00000476751E0: 000000023FAB8124 000000023FABA5A0 0000000047675830 0000000047675830
0000047675200: 0000000047675800 FFFFFF80FFFFFFD0 000000023C10F764 0000000080000205
0000047675220: 0000000000000000 00000000DBADC0DE 1DE7EC7EDBADC0DE 4010040140100401
0000047675240: 0000000047675280 000000023BF025B8 0000000000C50400 00000002394BC000
0000047675260: 0000000047674000 000000023A10C400 00000002394BC000 0000000000000040
0000047675280: 0000000047675300 000000023BF00B38 0000000000000000 0000000000000000
00000476752A0: 00000002394BC000 0000000000002CA8 0000000000C50400 00000002394BC000
00000476752C0: 0000000000000007 00000002394BECA8 0000000000000000 000000023F00D7C0
00000476752E0: 0000000000000000 0000000000000007 0000000000000000 0000000000000007
0000047675300: 0000000047675340 000000023BF00BC4 0000000047675340 000000023BC96A80
0000047675320: 0000000000C50400 00000002394BC000 0000000047675370 000000003C06958C
0000047675340: 0000000047675350 000000023C0E2058 0000000047675380 000000023C0E2674
0000047675360: 0000000047675380 000000023C0E5020 000000023C0728C4 000000023C0E5020
Synchronous Exception at 0x00000002394BECA8
ASSERT [ArmCpuDxe] /builddir/build/BUILD/edk2-3e722403cd16/ArmPkg/Library/DefaultExceptionHandlerLib/AArch64/DefaultExceptionHandler.c(343): ((BOOLEAN)(0==1))
grub_cmd_linux() in grub-core/loader/arm64/linux.c uses grub_efi_allocate_any_pages() to allocate memory for the kernel image. That will be EfiLoaderData memory. With NX enforcing FW, that will be NX protected. It doesn't appear that grub clears this NX protection before attempting to transfer control to the kernel at its entry point.
Note that the Fedora 40 grub2-efi-aa64-2.06-119.fc40.aarch64 does not encounter this problem, i.e. it can boot the RHEL 9.5 kernel in this VM.
- links to
-
RHBA-2024:132763
grub2 bug fix and enhancement update
