-
Notifications
You must be signed in to change notification settings - Fork 291
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dmidecode fails when booted with 1f123ac2359cd923e9144f944a4bddf597fddbb5 #249
Comments
Bisect seems to be suggesting fecc2df, tested on qemu 5.1.0. |
With secure boot enabled, lockdown prevents reads from /dev/mem. Newer dmidecode should be using sysfs instead. Can you help us establish if you're seeing this change in behavior with or without secure boot enabled? If you're seeing it with secure boot enabled, then the /dev/mem failure is expected and prior to that fix your kernel was failing to enforce lockdown. If you're seeing it with secure boot disabled, then something else may have changed, and we should look into this further. |
dmidecode does use sysfs when possible, it works fine with the older shim, but the dmi tables entries are missing in the newer shim, causing it to fallback to /dev/mem. This happens regardless of secureboot or not. I should also mention I am using ovmf edk2-stable201911 as part of Yocto Project. |
As of 018b74d commit, I am still getting errors:
|
Still same for 39b96c0
|
7defee6 seems to be working, very strange. It might have something to do with switch to the gitsubmodule copy of gnu-efi. |
Issue seems to be happening sporadically while on real hardware, I'm not sure what else is happening. |
Found a likely buffer overflow in import_mok_state() introduced in fecc2df:
There is an extra sizeof(config_template) write at the end of p. Adding a one liner: |
Strange, line 998 already has it to begin with(?), please ignore my last message. Edit: not sure how I missed line 998 already having it but looks like the issue is in the 2nd loop where p is advanced by sizeof(config_template) regardless when v->data_size is 0, while the size calculation skips it. |
Fix the case where data_size is 0, so config_template is not implicitly copied like the size calculation above. upstream-status: rhboot#249 Signed-off-by: Jonathan Yong <jonathan.yong@intel.com>
@jsetje ping? Tested on Tiger Lake, Ice Lake and Comet Lake boards. |
Fix the case where data_size is 0, so config_template is not implicitly copied like the size calculation above. upstream-status: rhboot#249 Signed-off-by: Jonathan Yong <jonathan.yong@intel.com>
For the record, I encountered a firmware crash due to this bug. When booting my testing AArch64 shim, the firmware crashed with the following message:
It turned out that shim accidentally overwrote the directory cache of the Fat driver and zeroed several fields of |
Fix the case where data_size is 0, so config_template is not implicitly copied like the size calculation above. upstream-status: #249 Signed-off-by: Jonathan Yong <jonathan.yong@intel.com>
I think this was closed with #365. |
For folks dealing with shims that don't have this fix: Another symptom of this bug is that importing a single mok cert will break at least a couple versions of OVMF and hang the system. Since the corruption is caused by overrunning a buffer that's rounded to page size, two certs can be added as a workaround once the system is recovered. At least on OVMF this symptom is (unsurprisingly) masked by 361. |
When booted with shim, dmidecode fails to run:
Any ideas about this?
Edit: formatting
The text was updated successfully, but these errors were encountered: