Closed andreiw closed 6 months ago
Pretty sure the issue is with ImageProtocolUnregister calling gCpu->SetMemoryAttributes instead of gCpu->ClearMemoryAttributes. Whoops. @bcran
Agh, ClearMemoryAttributes is not in gCpu, it's part of the memory attributes protocol.
Use gCpu->SetMemoryAttributes with 0 is bad regardless. Either use the memory attributes protocol, which just modifies the underlying attrs. Or go via gDS->SetMemorySpaceAttributes.
...of course only Arm implements EFI_MEMORY_ATTRIBUTE_PROTOCOL (at this time). Moving on...
Needs more experimentation in an Arm environment. It should be enough to load an emulated app, have it execute, unload and then load a native app in the same space.
Weird, I can't seem to repro. @bcran, dumb question, but you're using the regular ArmPkg CpuDxe right?
I've tried forcing the ProtectUefiImageCommon failure path due to section alignment.... no dice. I still see ArmSetMemoryAttributes getting invoked.
Can you instrument the the ArmSetMemoryAttributes path and get a boot log?
--- a/ArmPkg/Drivers/CpuDxe/CpuMmuCommon.c
+++ b/ArmPkg/Drivers/CpuDxe/CpuMmuCommon.c
@@ -217,8 +217,12 @@ CpuSetMemoryAttributes (
if (EFI_ERROR (Status) || (RegionArmAttributes != ArmAttributes) ||
((BaseAddress + Length) > (RegionBaseAddress + RegionLength)))
{
+ DEBUG ((DEBUG_ERROR, "really applying attrs 0x%lx over 0x%lx - 0x%lx\n",
+ EfiAttributes, BaseAddress, Length));
return ArmSetMemoryAttributes (BaseAddress, Length, EfiAttributes, 0);
} else {
+ DEBUG ((DEBUG_ERROR, "skip applying attrs 0x%lx over 0x%lx - 0x%lx\n",
+ EfiAttributes, BaseAddress, Length));
return EFI_SUCCESS;
}
}
Ah... I misread this.
It wasn't failing at the first instruction in the entry point. It did actually register an event, which leaked when the image crashed. This is trivial to detect if building with MAU_WRAPPED_ENTRY_POINTS. Perhaps this is a good reason to do so.
Closing this issue.
The twitter crash had Synchronous Exception at 0xf14fc7e8, which with image base 0xf14f5000 corresponds to offset 0x77E8. This looks like data (no int3 after ret). The region is protected from execution, but MUA is not claiming it.
The strange thing is how anything in the image could have been invoked if it failed to start. Here's a theory: a different image was loaded after the the NVMe driver failed to load, but MUA didn't clean up the protection mappings.
Originally posted by @andreiw in https://github.com/intel/MultiArchUefiPkg/issues/48#issuecomment-2093165553