EmulatorPkg x64 Segmentation fault on GCC5 toolchain on Ubuntu (Bugzilla Bug 2639)

[tianocore-issues]

This issue was created automatically with bugzilla2github

Bugzilla Bug 2639

Date: 2020-03-28T15:25:18+00:00
From: @spbrogan
To: guomin.jiang
CC: @ajfish, brian.delgado, f4bug, jeff.westfahl, @jyao1, nobody

See also: https://bugzilla.tianocore.org/show_bug.cgi?id=2668
Last updated: 2022-07-23T07:11:32+00:00

[tianocore-issues]

Comment 11884

Date: 2020-03-28 15:25:18 +0000
From: @spbrogan

• Industry Specification: ---
• Release Observed: EDK II Master
• Releases to Fix: EDK II Master
• Target OS: ---
• Bugzilla Assignee(s): guomin.jiang

As part of setting up Platform CI I am trying to run the emulator to boot to shell.

See the link below for a run that fails.

https://dev.azure.com/tianocore/edk2-ci-play/_build/results?buildId=4922&view=results

Log messages:
INFO - EDK II UNIX Host Emulation Environment from http://www.tianocore.org/edk2/
INFO - BootMode 0x00
INFO - OS Emulator passing in 128 KB of temp RAM at 0x40000000 to SEC
INFO - FD loaded from ../FV/FV_RECOVERY.fd at 0x102000000 contains SEC Core
INFO - 0x102015900 Loading /home/vsts/work/1/s/Build/EmulatorX64/DEBUG_GCC5/X64/MdeModulePkg/Universal/StatusCodeHandler/Pei/StatusCodeHandlerPei/DEBUG/StatusCodeHandlerPei.dll with entry point 0x102017353
INFO - PROGRESS CODE: V03020003 I0
INFO - Loading PEIM 9B3ADA4F-AE56-4C24-8DEA-F03B7558AE50
INFO - 0x10200ea80 Loading /home/vsts/work/1/s/Build/EmulatorX64/DEBUG_GCC5/X64/MdeModulePkg/Universal/PCD/Pei/Pcd/DEBUG/PcdPeim.dll with entry point 0x1020129b1
INFO - Loading PEIM at 0x0010200E840 EntryPoint=0x001020129B1 PcdPeim.efi
INFO - PROGRESS CODE: V03020002 I0
INFO - Install PPI: 06E81C58-4AD7-44BC-8390-F10265F72480
INFO - Install PPI: 01F34D25-4DE2-23AD-3FF3-36353FF323F1
INFO - Install PPI: 4D8B155B-C059-4C8F-8926-06FD4331DB8A
INFO - Install PPI: A60C6B59-E459-425D-9C69-0BCC9CB27D81
INFO - Register PPI Notify: 605EA650-C65C-42E1-BA80-91A52AB618C6
INFO - PROGRESS CODE: V03020003 I0
INFO - Loading PEIM 64196C76-58E3-0B4D-9484-B54F7C4349CA
INFO - 0x102018480 Loading /home/vsts/work/1/s/Build/EmulatorX64/DEBUG_GCC5/X64/EmulatorPkg/BootModePei/BootModePei/DEBUG/BootModePei.dll with entry point 0x102018ce0
INFO - Loading PEIM at 0x00102018240 EntryPoint=0x00102018CE0 BootModePei.efi
INFO - PROGRESS CODE: V03020002 I0
INFO - Emu Boot Mode PEIM Loaded
INFO - Install PPI: 7408D748-FC8C-4EE6-9288-C4BEC092A410
INFO - PROGRESS CODE: V03020003 I0
INFO - Loading PEIM 2D6F6BCC-9681-8E42-8579-B57DCD0060F0
INFO - 0x102019680 Loading /home/vsts/work/1/s/Build/EmulatorX64/DEBUG_GCC5/X64/EmulatorPkg/AutoScanPei/AutoScanPei/DEBUG/AutoScanPei.dll with entry point 0x10201a008
INFO - Loading PEIM at 0x00102019440 EntryPoint=0x0010201A008 AutoScanPei.efi
INFO - PROGRESS CODE: V03020002 I0
INFO - Emu Autoscan PEIM Loaded
INFO - PeiInstallPeiMemory MemoryBegin 0x41000000, MemoryLength 0x4000000
INFO - PROGRESS CODE: V03020003 I0
INFO - Temp Stack : BaseAddress=0x40000000 Length=0x10000
INFO - Temp Heap : BaseAddress=0x40010000 Length=0x10000
INFO - Total temporary memory: 131072 bytes.
INFO - temporary memory stack ever used: 65532 bytes.
INFO - temporary memory heap used for HobList: 3584 bytes.
INFO - temporary memory heap occupied by memory pages: 0 bytes.
INFO - Old Stack size 65536, New stack size 131072
INFO - Stack Hob: BaseAddress=0x41000000 Length=0x20000
INFO - Heap Offset = 0x1010000 Stack Offset = 0x1010000
INFO - Segmentation fault (core dumped)

[tianocore-issues]

Comment 11885

Date: 2020-03-28 15:58:58 +0000
From: @spbrogan

This is probably user error. I need to read thru the build.sh script and get that ported into the PlatformBuild.py file.

[tianocore-issues]

Comment 11888

Date: 2020-03-28 17:48:57 +0000
From: @ajfish

Sean the Seg Fault means the App for the emulator crashed. That seems like a bug even if you did do some kind of wrong configuration?

If you could load the core into the debugger or attach a debugger on crash we would get a stack trace of what failed.

[tianocore-issues]

Comment 11889

Date: 2020-03-28 18:15:49 +0000
From: @spbrogan

Got it running in docker locally and this is what i got.

EDK II UNIX Host Emulation Environment from http://www.tianocore.org/edk2/
BootMode 0x00
OS Emulator passing in 128 KB of temp RAM at 0x40000000 to SEC
FD loaded from ../FV/FV_RECOVERY.fd at 0x102000000 contains SEC Core

0x102000400 Loading /opt/src/edk2/Build/EmulatorX64/DEBUG_GCC5/X64/EmulatorPkg/Sec/Sec/DEBUG/EmuSec.dll with entry point 0x102001722
SEC Has Started
0x102002700 Loading /opt/src/edk2/Build/EmulatorX64/DEBUG_GCC5/X64/MdeModulePkg/Core/Pei/PeiMain/DEBUG/PeiCore.dll with entry point 0x10200bdf0
0x102013e00 Loading /opt/src/edk2/Build/EmulatorX64/DEBUG_GCC5/X64/MdeModulePkg/Universal/ReportStatusCodeRouter/Pei/ReportStatusCodeRouterPei/DEBUG/ReportStatusCodeRouterPei.dll with entry point 0x102014bb0
0x102015780 Loading /opt/src/edk2/Build/EmulatorX64/DEBUG_GCC5/X64/MdeModulePkg/Universal/StatusCodeHandler/Pei/StatusCodeHandlerPei/DEBUG/StatusCodeHandlerPei.dll with entry point 0x1020171d3
PROGRESS CODE: V03020003 I0
Loading PEIM 9B3ADA4F-AE56-4C24-8DEA-F03B7558AE50
0x10200e980 Loading /opt/src/edk2/Build/EmulatorX64/DEBUG_GCC5/X64/MdeModulePkg/Universal/PCD/Pei/Pcd/DEBUG/PcdPeim.dll with entry point 0x1020128b1
Loading PEIM at 0x0010200E740 EntryPoint=0x001020128B1 PcdPeim.efi
PROGRESS CODE: V03020002 I0
Install PPI: 06E81C58-4AD7-44BC-8390-F10265F72480
Install PPI: 01F34D25-4DE2-23AD-3FF3-36353FF323F1
Install PPI: 4D8B155B-C059-4C8F-8926-06FD4331DB8A
Install PPI: A60C6B59-E459-425D-9C69-0BCC9CB27D81
Register PPI Notify: 605EA650-C65C-42E1-BA80-91A52AB618C6
PROGRESS CODE: V03020003 I0
Loading PEIM 64196C76-58E3-0B4D-9484-B54F7C4349CA
0x102018300 Loading /opt/src/edk2/Build/EmulatorX64/DEBUG_GCC5/X64/EmulatorPkg/BootModePei/BootModePei/DEBUG/BootModePei.dll with entry point 0x102018b60
Loading PEIM at 0x001020180C0 EntryPoint=0x00102018B60 BootModePei.efi
PROGRESS CODE: V03020002 I0
Emu Boot Mode PEIM Loaded
Install PPI: 7408D748-FC8C-4EE6-9288-C4BEC092A410
PROGRESS CODE: V03020003 I0
Loading PEIM 2D6F6BCC-9681-8E42-8579-B57DCD0060F0
0x102019500 Loading /opt/src/edk2/Build/EmulatorX64/DEBUG_GCC5/X64/EmulatorPkg/AutoScanPei/AutoScanPei/DEBUG/AutoScanPei.dll with entry point 0x102019e88
Loading PEIM at 0x001020192C0 EntryPoint=0x00102019E88 AutoScanPei.efi
PROGRESS CODE: V03020002 I0
Emu Autoscan PEIM Loaded
PeiInstallPeiMemory MemoryBegin 0x41000000, MemoryLength 0x4000000
PROGRESS CODE: V03020003 I0
Temp Stack : BaseAddress=0x40000000 Length=0x10000
Temp Heap : BaseAddress=0x40010000 Length=0x10000
Total temporary memory: 131072 bytes.
temporary memory stack ever used: 65532 bytes.
temporary memory heap used for HobList: 3584 bytes.
temporary memory heap occupied by memory pages: 0 bytes.
Old Stack size 65536, New stack size 131072
Stack Hob: BaseAddress=0x41000000 Length=0x20000
Heap Offset = 0x1010000 Stack Offset = 0x1010000

Program received signal SIGSEGV, Segmentation fault.
add symbol table from file "/opt/src/edk2/Build/EmulatorX64/DEBUG_GCC5/X64/EmulatorPkg/Sec/Sec/DEBUG/EmuSec.dll" at
.text_addr = 0x102000400
add symbol table from file "/opt/src/edk2/Build/EmulatorX64/DEBUG_GCC5/X64/MdeModulePkg/Core/Pei/PeiMain/DEBUG/PeiCore.dll" at
.text_addr = 0x102002700
add symbol table from file "/opt/src/edk2/Build/EmulatorX64/DEBUG_GCC5/X64/MdeModulePkg/Universal/ReportStatusCodeRouter/Pei/ReportStatusCodeRouterPei/DEBUG/ReportStatusCodeRouterPei.dll" at
.text_addr = 0x102013e00
add symbol table from file "/opt/src/edk2/Build/EmulatorX64/DEBUG_GCC5/X64/MdeModulePkg/Universal/StatusCodeHandler/Pei/StatusCodeHandlerPei/DEBUG/StatusCodeHandlerPei.dll" at
.text_addr = 0x102015780
add symbol table from file "/opt/src/edk2/Build/EmulatorX64/DEBUG_GCC5/X64/MdeModulePkg/Universal/PCD/Pei/Pcd/DEBUG/PcdPeim.dll" at
.text_addr = 0x10200e980
add symbol table from file "/opt/src/edk2/Build/EmulatorX64/DEBUG_GCC5/X64/EmulatorPkg/BootModePei/BootModePei/DEBUG/BootModePei.dll" at
.text_addr = 0x102018300
add symbol table from file "/opt/src/edk2/Build/EmulatorX64/DEBUG_GCC5/X64/EmulatorPkg/AutoScanPei/AutoScanPei/DEBUG/AutoScanPei.dll" at
.text_addr = 0x102019500
PeiLocatePpi (PeiServices=<optimized out>, Guid=0x10200e130, Instance=0, PpiDescriptor=0x0, Ppi=0x4101f0c8)
at /opt/src/edk2/MdeModulePkg/Core/Pei/Ppi/Ppi.c:459
459 if ((((INT32 *)Guid)[0] == ((INT32 *)CheckGuid)[0]) &&
(gdb)

[tianocore-issues]

Comment 11964

Date: 2020-03-31 21:59:29 +0000
From: nobody <>

Emulator IA32 works, but X64 fail in GCC. Platform CI depends on this fix.

Get more details from emulator maintainer.

[tianocore-issues]

Comment 11995

Date: 2020-04-01 09:52:52 +0000
From: nobody <>

Guomin: please check with Ray Ni for the soluiton.

[tianocore-issues]

Comment 12103

Date: 2020-04-07 22:04:16 +0000
From: nobody <>

Guomin is working on it.

[tianocore-issues]

Comment 12140

Date: 2020-04-08 04:28:40 +0000
From: guomin.jiang

*** Bug 403 has been marked as a duplicate of this bug. ***

[tianocore-issues]

Comment 12351

Date: 2020-04-29 06:48:10 +0000
From: Philippe Mathieu-Daudé <>

(In reply to Sean Brogan from comment #3)
> "/opt/src/edk2/Build/EmulatorX64/DEBUG_GCC5/X64/EmulatorPkg/AutoScanPei/
> AutoScanPei/DEBUG/AutoScanPei.dll" at
> PeiLocatePpi (PeiServices=<optimized out>, Guid=0x10200e130, Instance=0,
> PpiDescriptor=0x0, Ppi=0x4101f0c8)
> at /opt/src/edk2/MdeModulePkg/Core/Pei/Ppi/Ppi.c:459
> 459 if ((((INT32 *)Guid)[0] == ((INT32 *)CheckGuid)[0]) &&

Commit 192f6d4 is 13 years old, maybe this code can make better use of today's compiler improvements and optimizations, in particular regarding address alignment:

• //
• // Don't use CompareGuid function here for performance reasons.
• // Instead we compare the GUID as INT32 at a time and branch
• // on the first failed comparison.
• //
• if ((((INT32 *)Guid)[0] == ((INT32 *)CheckGuid)[0]) &&

•    (((INT32 *)Guid)[1] == ((INT32 *)CheckGuid)[1]) &&
  

•    (((INT32 *)Guid)[2] == ((INT32 *)CheckGuid)[2]) &&
  

•    (((INT32 *)Guid)[3] == ((INT32 *)CheckGuid)[3])) {
  

[tianocore-issues]

Comment 12409

Date: 2020-05-05 23:20:12 +0000
From: guomin.jiang

I will check it this week.

[tianocore-issues]

Comment 12452

Date: 2020-05-08 04:47:55 +0000
From: guomin.jiang

I am afraid that i have no time for it until August, please be patient.

[tianocore-issues]

Comment 13042

Date: 2020-07-05 11:03:21 +0000
From: Brian Delgado <<brian.delgado>>

One workaround that got around the error for me was mentioned here: https://edk2.groups.io/g/discuss/topic/67981202#76

EmulatorPkg.dsc
MdeModulePkg/Core/Pei/PeiMain.inf {
<BuildOptions>
GCC:__*_CC_FLAGS = -O0
}

Disabling compiler optimization lets it load properly on my setup (Ubuntu 18.04, GCC-5, edk2 master 627d1d6)

[tianocore-issues]

Comment 13284

Date: 2020-07-31 20:38:52 +0000
From: guomin.jiang

(In reply to Brian Delgado from comment #11)
> One workaround that got around the error for me was mentioned here:
> https://edk2.groups.io/g/discuss/topic/67981202#76
>
> EmulatorPkg.dsc
> MdeModulePkg/Core/Pei/PeiMain.inf {
> <BuildOptions>
> GCC:__*_CC_FLAGS = -O0
> }
>
> Disabling compiler optimization lets it load properly on my setup (Ubuntu
> 18.04, GCC-5, edk2 master 627d1d6)

It is not helpful, but still thank you.

[tianocore-issues]

Comment 18355

Date: 2022-02-14 01:54:18 +0000
From: guomin.jiang

Will check it.

[tianocore-issues]

Comment 18422

Date: 2022-02-21 22:46:02 +0000
From: guomin.jiang

Haven't duplicate it in last code.

Can you double confirm it?

[tianocore-issues]

Comment 18500

Date: 2022-03-01 22:20:52 +0000
From: @lgao4

*** Bug 3093 has been marked as a duplicate of this bug. ***

[tianocore-issues]

Comment 18525

Date: 2022-03-03 04:59:23 +0000
From: guomin.jiang

Verify pass in my environment.

Environment:

• Linux ubuntu 5.4.0-72-generic OVMF fails to boot with SMP enabled #80~18.04.1-Ubuntu SMP Mon Apr 12 23:26:25 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
• gcc (Ubuntu 8.4.0-1ubuntu1~18.04) 8.4.0

Please reopen if you still have problem

*** This bug has been marked as a duplicate of bug 2668 ***

[tianocore-issues]

Comment 19259

Date: 2022-07-18 20:57:10 +0000
From: guomin.jiang

Encounter this issue and reopen it for fixing it.

It is not same with https://bugzilla.tianocore.org/show_bug.cgi?id=2668, there are different symptom

Guomin

[tianocore-issues]

Comment 19326

Date: 2022-07-23 06:51:39 +0000
From: guomin.jiang

Rootcaused the issue

---

First, summarize the difference between below bugs:

https://bugzilla.tianocore.org/show_bug.cgi?id=2639
https://bugzilla.tianocore.org/show_bug.cgi?id=403
https://bugzilla.tianocore.org/show_bug.cgi?id=3093
https://bugzilla.tianocore.org/show_bug.cgi?id=2668

2639, 403, 3093 have same symptom and are same root cause. These issue happened in switch stack in Pei Phase

2668 have different symptom and is not similar root cause. This issue happened in Dxe Phase.

---

Second, Explain why encounter the symptom

2639, 403, 3093 is because

1. ebp is used as Private pointer but it calculate twice.
2. So Private point to the invalid address after second calculation
3. When MigrateMemoryPages consume Private, Segmentation fault happened.

---

Below detail information for your reference:

Two calculation as below:
First is
Dispatcher.c:845 Private = (PEI_CORE_INSTANCE *)((UINTN)(VOID *)Private + StackOffset);
Second is
SwitchRam.S:24 addq %r8, %rbp

Disassemble as below (Please view the Dispatcher.c to compare source and disassemble):
if (StackOffsetPositive) {
0x000000010200b452 <+889>: cmpb $0x0,0x18(%rsp)
0x000000010200b457 <+894>: je 0x10200b467 <PeiCheckAndSwitchStack+910>
0x000000010200b459 <+896>: mov (%rsp),%rax
SecCoreData = (CONST EFI_SEC_PEI_HAND_OFF *)((UINTN)(VOID *)SecCoreData + StackOffset);
0x000000010200b45d <+900>: add (%rsp),%r12 ; r12 is SecCore
Private = (PEI_CORE_INSTANCE *)((UINTN)(VOID *)Private + StackOffset);
0x000000010200b461 <+904>: lea (%r15,%rax,1),%rbp ; r15 and rbp is Private
0x000000010200b465 <+908>: jmp 0x10200b472 <PeiCheckAndSwitchStack+921>
} else {
0x000000010200b467 <+910>: mov %r15,%rbp
SecCoreData = (CONST EFI_SEC_PEI_HAND_OFF *)((UINTN)(VOID *)SecCoreData - StackOffset);
0x000000010200b46a <+913>: sub (%rsp),%r12
Private = (PEI_CORE_INSTANCE *)((UINTN)(VOID *)Private - StackOffset);
0x000000010200b46e <+917>: sub (%rsp),%rbp
}
TemporaryRamSupportPpi->TemporaryRamMigration (
PeiServices,
TemporaryRamBase,
(EFI_PHYSICAL_ADDRESS)(UINTN)(TopOfNewStack - TemporaryStackSize),
TemporaryRamSize
);
0x000000010200b472 <+921>: sub $0x20,%rsp
0x000000010200b476 <+925>: sub %r13,%rbx
0x000000010200b479 <+928>: lea 0x8(%r15),%rcx
0x000000010200b47d <+932>: mov %r14,%rdx
0x000000010200b480 <+935>: mov 0x58(%rsp),%rax
0x000000010200b485 <+940>: mov 0x30(%rsp),%r9
0x000000010200b48a <+945>: mov %rbx,%r8
0x000000010200b48d <+948>: callq *(%rax) ; rax is TemporaryRamSupportPpi->TemporaryRamMigration

TemporaryRamSupportPpi->TemporaryRamMigration is SwitchRam.S:SecTemporaryRamSupport and update the ebp again.

If you use gdb to debug and pause before enter MigrateMemoryPages, you will see that Private beyond 0x42000000. But we haven't used or intialized it yet so it is invalid address

Thanks
Guomin

[tianocore-issues]

Comment 19327

Date: 2022-07-23 07:11:32 +0000
From: guomin.jiang

Sent patch for review

[edk2-devel] [PATCH 1/1] MdeModulePkg/Core: Move Private calculation after TemporaryRamMigration: https://edk2.groups.io/g/devel/message/91757

Guomin