uefi-services: Return event in init #920

JohnAZoidberg · 2023-08-15T06:50:16Z

As mentioned in #917 If the app built with uefi-services exits before ExitBootServices, UEFI will call UnloadImage on it. Then the callback function is not in memory anymore and when ExitBootServices runs, invalid memory is accessed.

QEMU will crash like this when the Linux EFISTUB calls ExitBootServices:

!!!! X64 Exception Type - 06(#UD - Invalid Opcode)  CPU Apic ID - 00000000 !!!!
RIP  - 000000003E13F018, CS  - 0000000000000038, RFLAGS - 0000000000210246
RAX  - 0000000000000000, RCX - 000000003E191E98, RDX - 0000000000000000
RBX  - 0000000000000004, RSP - 000000003FF0FD08, RBP - 000000003FF28740
RSI  - 000000003E167518, RDI - 000000003FF6A5E0
R8   - 000000003FF27140, R9  - 000000003F4807A0, R10 - 0000000000000001
R11  - 00000000000000E1, R12 - 000000003E191EE0, R13 - 0000000000000100
R14  - 000000003FF28840, R15 - 000000003E191E98
DS   - 0000000000000030, ES  - 0000000000000030, FS  - 0000000000000030
GS   - 0000000000000030, SS  - 0000000000000030
CR0  - 0000000080010033, CR2 - 0000000000000000, CR3 - 000000003FC01000
CR4  - 0000000000000668, CR8 - 0000000000000000
DR0  - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000
DR3  - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400
GDTR - 000000003F9DE000 0000000000000047, LDTR - 0000000000000000
IDTR - 000000003F471018 0000000000000FFF,   TR - 0000000000000000
FXSAVE_STATE - 000000003FF0F960
!!!! Find image based on IP(0x3E13F018) (No PDB)  (ImageBase=000000003DF1E000, EntryPoint=000000003DF1F000) !!!!

To avoid the crash, the user should close the event before the app exits.

fn main(image_handle: Handle, mut system_table: SystemTable<Boot>) -> Status {
    let event: Option<Event> = uefi_services::init(&mut system_table).unwrap();
    let boot_services = system_table.boot_services();

    println!("Hello World");

    if let Some(event) = event {
        // Will creash when Linux boots if we don't call this
        boot_services.close_event(event).unwrap();
    }
    Status::SUCCESS
}

It would be nice to have this happen automatically by a Drop implementation but this already lets users do it on their own, if they need.

Checklist

Sensible git history (for example, squash "typo" or "fix" commits). See the Rewriting History guide for help.
Update the changelog (if necessary)

As mentioned in rust-osdev#917 If the app built with uefi-services exits before ExitBootServices, UEFI will call `UnloadImage` on it. Then the callback function is not in memory anymore and when ExitBootServices runs, invalid memory is accessed. QEMU will crash like this when the Linux EFISTUB calls ExitBootServices: ``` !!!! X64 Exception Type - 06(#UD - Invalid Opcode) CPU Apic ID - 00000000 !!!! RIP - 000000003E13F018, CS - 0000000000000038, RFLAGS - 0000000000210246 RAX - 0000000000000000, RCX - 000000003E191E98, RDX - 0000000000000000 RBX - 0000000000000004, RSP - 000000003FF0FD08, RBP - 000000003FF28740 RSI - 000000003E167518, RDI - 000000003FF6A5E0 R8 - 000000003FF27140, R9 - 000000003F4807A0, R10 - 0000000000000001 R11 - 00000000000000E1, R12 - 000000003E191EE0, R13 - 0000000000000100 R14 - 000000003FF28840, R15 - 000000003E191E98 DS - 0000000000000030, ES - 0000000000000030, FS - 0000000000000030 GS - 0000000000000030, SS - 0000000000000030 CR0 - 0000000080010033, CR2 - 0000000000000000, CR3 - 000000003FC01000 CR4 - 0000000000000668, CR8 - 0000000000000000 DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000 DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400 GDTR - 000000003F9DE000 0000000000000047, LDTR - 0000000000000000 IDTR - 000000003F471018 0000000000000FFF, TR - 0000000000000000 FXSAVE_STATE - 000000003FF0F960 !!!! Find image based on IP(0x3E13F018) (No PDB) (ImageBase=000000003DF1E000, EntryPoint=000000003DF1F000) !!!! ``` To avoid the crash, the user should close the event before the app exits. ```rs fn main(image_handle: Handle, mut system_table: SystemTable<Boot>) -> Status { let event: Option<Event> = uefi_services::init(&mut system_table).unwrap(); let boot_services = system_table.boot_services(); println!("Hello World"); if let Some(event) = event { // Will creash when Linux boots if we don't call this boot_services.close_event(event).unwrap(); } Status::SUCCESS } ``` It would be nice to have this happen automatically by a Drop implementation but this already lets users do it on their own, if they need. Signed-off-by: Daniel Schaefer <dhs@frame.work>

nicholasbishop · 2023-10-25T00:26:09Z

Taking another look at this, I think we're still not quite ready to implement a fix from #943. So I will go ahead and merge your fix, as it's a sensible and minimal update that allows applications to solve the issue. Thanks for the PR, sorry it took a while :)

JohnAZoidberg force-pushed the init-return-event branch 2 times, most recently from 04a0037 to e386fc8 Compare August 15, 2023 07:03

JohnAZoidberg force-pushed the init-return-event branch from e386fc8 to e6995a5 Compare August 31, 2023 06:03

nicholasbishop mentioned this pull request Sep 16, 2023

Fix uefi_services memory unsafety if application exits before exiting boot services #943

Closed

nicholasbishop added this pull request to the merge queue Oct 25, 2023

Merged via the queue into rust-osdev:main with commit 2063566 Oct 25, 2023

nicholasbishop mentioned this pull request Oct 25, 2023

Boot Linux after running the application #917

Closed

JohnAZoidberg deleted the init-return-event branch June 25, 2024 01:11

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

uefi-services: Return event in init #920

uefi-services: Return event in init #920

JohnAZoidberg commented Aug 15, 2023 •

edited

Loading

nicholasbishop commented Oct 25, 2023

uefi-services: Return event in init #920

uefi-services: Return event in init #920

Conversation

JohnAZoidberg commented Aug 15, 2023 • edited Loading

Checklist

nicholasbishop commented Oct 25, 2023

JohnAZoidberg commented Aug 15, 2023 •

edited

Loading