Dear Joerg and other x86 developers,
I work on a Lenovo Ideapad Miix 300-10IBY (intel baytrail based)
for hardware tests.
I have fedora 34 installed on, and since I updated to the 5.13.x
versions, the tablet very often freezes at Lenovo startup logo.
I did a bisect and found that the commit that introduced
the bug is:
commit 79419e13e8082cc15d174df979a363528e31f2e7
Author: Joerg Roedel <[email protected]>
Date: Wed Mar 10 09:43:21 2021 +0100
x86/boot/compressed/64: Setup IDT in startup_32 boot path
This boot path needs exception handling when it is used with SEV-ES.
Setup an IDT and provide a helper function to write IDT entries for
use in 32-bit protected mode.
Signed-off-by: Joerg Roedel <[email protected]>
Signed-off-by: Borislav Petkov <[email protected]>
Link: https://lkml.kernel.org/r/[email protected]
I tried also to checkout a v5.13 and revert this commit
together with the following:
fef81c86262879d4b1176ef51a834c15b805ebb9
"x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path"
e927e62d8e370ebfc0d702fec22bc752249ebcef
"x86/boot/compressed/64: Add CPUID sanity check to 32-bit boot-path"
1ccdbf748d862bc2ea106fa9f2300983c77860fe
"x86/boot/compressed/64: Add 32-bit boot #VC handler"
to ensure an errorless build. The kernel works fine on tablet
without those changes.
My efibootmgr -v output is:
BootCurrent: 0000
Timeout: 2 seconds
BootOrder: 0000,0001,2001,2002,2003
Boot0000* Fedora HD(1,GPT,1bb602be-6ed0-4ef5-aee4-b26891963c4a,0x800,0xaf000)/File(\EFI\fedora\shimia32.efi)
Boot0001* Fedora HD(1,GPT,1bb602be-6ed0-4ef5-aee4-b26891963c4a,0x800,0xaf000)/File(\EFI\fedora\shim.efi)RC
Boot2001* EFI USB Device RC
Boot2002* EFI DVD/CDROM RC
Boot2003* EFI Network RC
This means that on startup is followed the 32-bit boot-path.
CONFIG_AMD_MEM_ENCRYPT=y
Tell me if can help, I started contributing to linux kernel
five months ago in staging subsystem. I'd be glad to contribute
to such a core area of the kernel.
thank you in advance,
fabio
On Thu, Aug 19, 2021 at 12:02:31PM +0200, Fabio Aiuto wrote:
> CONFIG_AMD_MEM_ENCRYPT=y
Lemme see if I understand it correctly: you have this enabled on an
Intel-based tablet?
Does it boot plain 5.13.x (without any reverts) fine with that config
item disabled?
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Hi,
On 8/19/21 12:12 PM, Borislav Petkov wrote:
> On Thu, Aug 19, 2021 at 12:02:31PM +0200, Fabio Aiuto wrote:
>> CONFIG_AMD_MEM_ENCRYPT=y
>
> Lemme see if I understand it correctly: you have this enabled on an
> Intel-based tablet?
Fabio is using the standard Fedora kernels which as generic distro
kernels have this enabled.
He used the Fedora .config when bisecting because in general when
debugging it is a good idea to change as little variables as
possible (even if using a distro-kernel-config leads to long
build times for the bisect).
Regards,
Hans
On Thu, Aug 19, 2021 at 12:47:05PM +0200, Hans de Goede wrote:
> Fabio is using the standard Fedora kernels which as generic distro
> kernels have this enabled.
Right, I suspected but wanted to make sure. Then my second question
would need answering:
Does it boot plain 5.13.x (without any reverts) fine with that config
item disabled?
> (even if using a distro-kernel-config leads to long build times for
> the bisect).
Yah, tell me about it. :-\
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Hello Borislav,
On Thu, Aug 19, 2021 at 12:12:13PM +0200, Borislav Petkov wrote:
> On Thu, Aug 19, 2021 at 12:02:31PM +0200, Fabio Aiuto wrote:
> > CONFIG_AMD_MEM_ENCRYPT=y
>
> Lemme see if I understand it correctly: you have this enabled on an
> Intel-based tablet?
Yes I have, as Hans replied I use for rebuild the configuration
provided by Fedora 34 distribution.
>
> Does it boot plain 5.13.x (without any reverts) fine with that config
> item disabled?
I rebuilt a plain v5.13 kernel (no reverts) with that config
disabled and everything goes fine.
>
> --
> Regards/Gruss,
> Boris.
>
> https://people.kernel.org/tglx/notes-about-netiquette
thank you,
fabio
Hi Fabio,
thanks for your report!
On Thu, Aug 19, 2021 at 02:16:53PM +0200, Fabio Aiuto wrote:
> I rebuilt a plain v5.13 kernel (no reverts) with that config
> disabled and everything goes fine.
Can you please try the attached patch? I think the problem is that the
32-bit EFI boot path sets up its own IDT before ExitBootServices() is
called.
Regards,
Joerg
Hi Joerg,
On Thu, Aug 19, 2021 at 03:33:40PM +0200, Joerg Roedel wrote:
> Hi Fabio,
>
> thanks for your report!
you are welcome,
>
> On Thu, Aug 19, 2021 at 02:16:53PM +0200, Fabio Aiuto wrote:
> > I rebuilt a plain v5.13 kernel (no reverts) with that config
> > disabled and everything goes fine.
>
> Can you please try the attached patch? I think the problem is that the
> 32-bit EFI boot path sets up its own IDT before ExitBootServices() is
> called.
shall I restore back CONFIG_AMD_MEM_ENCRYPT?
thank you,
fabio
>
> Regards,
>
> Joerg
> diff --git a/arch/x86/boot/compressed/efi_thunk_64.S b/arch/x86/boot/compressed/efi_thunk_64.S
> index 95a223b3e56a..99cfd5dea23c 100644
> --- a/arch/x86/boot/compressed/efi_thunk_64.S
> +++ b/arch/x86/boot/compressed/efi_thunk_64.S
> @@ -39,7 +39,7 @@ SYM_FUNC_START(__efi64_thunk)
> /*
> * Convert x86-64 ABI params to i386 ABI
> */
> - subq $32, %rsp
> + subq $64, %rsp
> movl %esi, 0x0(%rsp)
> movl %edx, 0x4(%rsp)
> movl %ecx, 0x8(%rsp)
> @@ -49,14 +49,19 @@ SYM_FUNC_START(__efi64_thunk)
> leaq 0x14(%rsp), %rbx
> sgdt (%rbx)
>
> + addq $16, %rbx
> + sidt (%rbx)
> +
> /*
> - * Switch to gdt with 32-bit segments. This is the firmware GDT
> - * that was installed when the kernel started executing. This
> - * pointer was saved at the EFI stub entry point in head_64.S.
> + * Switch to idt and gdt with 32-bit segments. This is the firmware GDT
> + * and IDT that was installed when the kernel started executing. The
> + * pointers were saved at the EFI stub entry point in head_64.S.
> *
> * Pass the saved DS selector to the 32-bit code, and use far return to
> * restore the saved CS selector.
> */
> + leaq efi32_boot_idt(%rip), %rax
> + lidt (%rax)
> leaq efi32_boot_gdt(%rip), %rax
> lgdt (%rax)
>
> @@ -67,7 +72,7 @@ SYM_FUNC_START(__efi64_thunk)
> pushq %rax
> lretq
>
> -1: addq $32, %rsp
> +1: addq $64, %rsp
> movq %rdi, %rax
>
> pop %rbx
> @@ -132,6 +137,9 @@ SYM_FUNC_START_LOCAL(efi_enter32)
> */
> cli
>
> + lidtl (%ebx)
> + subl $16, %ebx
> +
> lgdtl (%ebx)
>
> movl %cr4, %eax
> @@ -166,6 +174,11 @@ SYM_DATA_START(efi32_boot_gdt)
> .quad 0
> SYM_DATA_END(efi32_boot_gdt)
>
> +SYM_DATA_START(efi32_boot_idt)
> + .word 0
> + .quad 0
> +SYM_DATA_END(efi32_boot_idt)
> +
> SYM_DATA_START(efi32_boot_cs)
> .word 0
> SYM_DATA_END(efi32_boot_cs)
> diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
> index a2347ded77ea..572c535cf45b 100644
> --- a/arch/x86/boot/compressed/head_64.S
> +++ b/arch/x86/boot/compressed/head_64.S
> @@ -319,6 +319,9 @@ SYM_INNER_LABEL(efi32_pe_stub_entry, SYM_L_LOCAL)
> movw %cs, rva(efi32_boot_cs)(%ebp)
> movw %ds, rva(efi32_boot_ds)(%ebp)
>
> + /* Store firmware IDT descriptor */
> + sidtl rva(efi32_boot_idt)(%ebp)
> +
> /* Disable paging */
> movl %cr0, %eax
> btrl $X86_CR0_PG_BIT, %eax
On Thu, Aug 19, 2021 at 03:43:28PM +0200, Fabio Aiuto wrote:
> shall I restore back CONFIG_AMD_MEM_ENCRYPT?
Yes, please restore it.
Thanks,
Joerg
Hello Joerg,
On Thu, Aug 19, 2021 at 03:49:28PM +0200, Joerg Roedel wrote:
> On Thu, Aug 19, 2021 at 03:43:28PM +0200, Fabio Aiuto wrote:
> > shall I restore back CONFIG_AMD_MEM_ENCRYPT?
>
> Yes, please restore it.
>
> Thanks,
>
> Joerg
Your patch works. I've tested the boot 10 times and
worked fine. Tell me if you want me to test some other
ways.
thank you,
fabio