Created attachment 349492 [details] config-3.9.4-hardened from UEFI system sys-kernel/hardened-sources-3.9.4 fails to boot my UEFI system. After grub2 messages nothing happens - only black screen, cursor is not blinking. hardened-sources-3.8.12 and gentoo-sources-3.9.4 boot and work fine. hardened-sources-3.9.4 works fine for my other system, but it has bios. Portage 2.1.11.62 (hardened/linux/amd64, gcc-4.6.3, glibc-2.15-r3, 3.9.4-gentoo x86_64) ================================================================= System Settings ================================================================= KiB Mem: 65830088 total, 60175324 free KiB Swap: 0 total, 0 free Timestamp of tree: Tue, 28 May 2013 00:45:01 +0000 ld GNU ld (GNU Binutils) 2.22 app-shells/bash: 4.2_p45 dev-lang/python: 2.7.3-r3 dev-util/pkgconfig: 0.28 sys-apps/baselayout: 2.2 sys-apps/openrc: 0.11.8 sys-apps/sandbox: 2.5 sys-devel/binutils: 2.22-r1 sys-devel/gcc: 4.6.3 sys-devel/gcc-config: 1.7.3 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82-r4 sys-kernel/linux-headers: 3.7 (virtual/os-headers) sys-libs/glibc: 2.15-r3 Repositories: gentoo nikoli ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=corei7-avx -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/themes/oxygen-gtk/gtk-2.0 /usr/share/themes/oxygen-gtk/gtk-3.0" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=corei7-avx -O2 -pipe" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch protect-owned sandbox sfperms strict test unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j9" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTDIR_OVERLAY="/var/lib/layman/nikoli" USE="X a52 aac acl acpi aes-ni alsa amd64 amr audiofile avx bash-completion bzip2 cairo caps cdda cddb cdio cdparanoia cdr celt cli consolekit cracklib crypt css cups cxx dbus djvu dri dts dv dvd dvdr encode exif fat ffmpeg flac fluidsynth fontconfig fortran gd geoip gif gimp gmp gnutls gphoto2 gpm graphviz gsm gstreamer gtk handbook hardened iconv icu id3tag idn ilbc imagemagick imap imlib ios ipod ipv6 jbig jpeg jpeg2k justify kde kipi lame laptop lcms libass libnotify libproxy libsamplerate lm_sensors lzma lzo mac mad matroska mikmod mmx mmxext mng modplug modules mp3 mp4 mpeg mtp mudflap multilib musepack musicbrainz ncurses networkmanager nls nptl nptlonly ntfs ogg openal openexr opengl openmp opus pam pango pax_kernel pcre pdf pg-intdatetime phonon plasma pm-utils png policykit postscript qt3support qt4 quicktime rar raw readline reiserfs replaygain rtmp sasl scanner semantic-desktop session sid smp sndfile socks5 speex spell sqlite sse sse2 sse3 sse4_1 ssl ssse3 startup-notification svg symlink sysfs taglib theora threads thumbnail tiff truetype tta udev udisks unicode upnp upower usb v4l v4l2 vcd vorbis vpx wavpack webkit webp wifi wma wmf x264 xattr xcb xcomposite xface xinerama xml xmp xpm xscreensaver xv xvid xz zip zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="*" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" GRUB_PLATFORMS="efi-64" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="pdfimport presenter-console presenter-minimizer report-builder" LINGUAS="ru ru_RU en" NGINX_MODULES_HTTP="access auth_basic autoindex fastcgi gzip rewrite" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-3" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7" QEMU_SOFTMMU_TARGETS="i386 x86_64" QEMU_USER_TARGETS="i386 x86_64" RUBY_TARGETS="ruby19" USERLAND="GNU" VIDEO_CARDS="radeon r600 modesetting vesa" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON ================================================================= Package Settings ================================================================= sys-boot/grub-2.00-r3 was built with the following: USE="(multilib) nls test truetype -custom-cflags -debug -device-mapper -doc -efiemu -libzfs -mount -sdl -static" ABI_X86="64" GRUB_PLATFORMS="efi-64 -coreboot -efi-32 -emu -ieee1275 -multiboot -pc -qemu -qemu-mips -yeeloong" CFLAGS="" LDFLAGS=""
Nikoli thanks. On the systems where it does work, do you have the same hardware and same config file? In other words, is the only difference bios vs uefi. I'll pass this upstream so they can keep track of these early boot freeze bugs. There has been a few lately, mostly involving x86. This is the first for amd64.
I've had the same problem with the 3.9 series with uefi. What hardware do you use (lenovo?). I'm guessing something wonky is happening but will not know what until I get a serial adapter for this laptop.
Anthony, i tested only 2 systems: First is amd64 atom nettop with nvidia ion chipset. This system is no-multilib and works fine. Kernel is compiled without support for non amd64 bins. If you need, i will attach kernel config and 'emerge --info'. Second system is UEFI desktop with lga2011 socket. Does not work with 3.9.4 hardened kernel. Matthew, Not lenovo and not laptop, motherboard is Asus P9X79.
i'd need some more files first (bzImage, vmlinux).
I think you already tested this, but this should work. It's a uefi-stub'd bzimage with the initram built in xz'd. http://dev.gentoo.org/~prometheanfire/dist/kernels/kernel-3.9.2-hardened Here is the vmlinux http://dev.gentoo.org/~prometheanfire/dist/kernels/vmlinux-3.9.2-hardened.xz
yeah, it's the one that works in qemu unfortunately ;(. in any case, it seems i have a box here where i can reproduce this, so i can debug it locally, but it'll have to wait till next week as i'm busy before that. in the meantime you could perhaps test vanilla and grsec with various options disabled to see if any of them makes a difference.
Ya, I just ordered a expresscard serial adapter so I can get debug info (hopefully). We'll get to this eventually :D
> i'd need some more files first (bzImage, vmlinux). Sent to your mail.
(In reply to Nikoli from comment #8) > > i'd need some more files first (bzImage, vmlinux). > Sent to your mail. thanks, so if you disable all of grsec, it works but fails when some option gets enabled. now if you have the time you could help us find this option by doing a binary search on the various grsec options, probably starting with PaX related ones. i'll be off the net for some days, so take your time ;).
The kernel-3.9.4-11 works for me. It is VERY basic, gonna start adding stuff to the config to see when it breaks (link to bzimage and config). http://dev.gentoo.org/~prometheanfire/crash-logs/bug-471626/
False positive on it being a vanilla issue (I was setting console on the cmdline inadvertently). More testing yet to do. (on hardened this time).
Hi, any news? 3.9.5 still hangs.
(In reply to Nikoli from comment #12) > Hi, any news? 3.9.5 still hangs. did you manage to find out if there's a PaX option that causes this? based on information from others, i'd start with disabling UDEREF.
Not yet, but i tested default auto settings for desktop and it hangs.
I was able to get a kernel to boot by disabling x86_64 support, so that's something...
I just marked 2.6.32-r170, 3.2.46-r1, 3.9.5. Is this still an issue?
Yes, 3.9.5 fails to boot.
(In reply to Nikoli from comment #17) > Yes, 3.9.5 fails to boot. also 3.9.7? see my comment in the other bug, we have to pass the vmlinuz and config file to pipacs.
blueness, the uefi boot problem is still not fixed, and i haven't got a lead yet unfortunately.
(In reply to PaX Team from comment #19) > blueness, the uefi boot problem is still not fixed, and i haven't got a lead > yet unfortunately. thanks
vanilla (kernel.org sources) triggered this as well 3.9.7, and 3.10-rc7. I'll be attaching configs. I WAS able to boot when mem > 300M though (16G).
Created attachment 352028 [details] config-3.9.7-vanilla
Created attachment 352032 [details] config-3.10-rc7-vanilla can anyone reproduce this, all you should have to do is add mem=300m to the kernel line. (you might need to remove the built in initramfs stuff as well)
Can anyone else reproduce this bug with a vanilla kernel without passing mem= on the kernel command line?
this should be fixed in the latest patches, please test.
Anthony, which version of sys-kernel/hardened-sources has these patches?
(In reply to Nikoli from comment #26) > Anthony, which version of sys-kernel/hardened-sources has these patches? nothing yet, you'll have to wait for today's grsec version (soon out) to make it into gentoo.
(In reply to PaX Team from comment #27) > (In reply to Nikoli from comment #26) > > Anthony, which version of sys-kernel/hardened-sources has these patches? > > nothing yet, you'll have to wait for today's grsec version (soon out) to > make it into gentoo. Please test hardened-sources-3.9.9
It's alive! sys-kernel/hardened-sources-3.9.9 boots and works fine :)
I was able to reproduce the 3433M as being the min needed I may go buy a 2G stick of ram just to see if it's limited to mem= or if it really does get mad when you have 'low' mem I am currently booted on this with a problem system with 16G of ram though
I tested with two gigs of ram, might order a 1G dimm to test as well mem=unset: booted mem=1930M: booted mem=1929M: failed pipacs, can you tell me how to get the uefi debug info? was it memdebug=true or something?
(In reply to Matthew Thode ( prometheanfire ) from comment #31) > pipacs, can you tell me how to get the uefi debug info? was it > memdebug=true or something? memblock=debug and also post /proc/iomem and look for 0x78a.... in there, you'll probably find that some uefi boot or runtime services region is stored at such a physical address and hence not letting the kernel map it would produce the behaviour you're seeing.
Created attachment 353404 [details] iomem Here's a 'dmesg | grep -i efi' as well [ 0.000000] efi: EFI v2.00 by Lenovo [ 0.000000] efi: ACPI=0xdaffe000 ACPI 2.0=0xdaffe014 SMBIOS=0xdae9e000 [ 0.000000] efi: mem00: type=3, attr=0xf, range=[0x0000000000000000-0x0000000000001000) (0MB) [ 0.000000] efi: mem01: type=7, attr=0xf, range=[0x0000000000001000-0x000000000004e000) (0MB) [ 0.000000] efi: mem02: type=3, attr=0xf, range=[0x000000000004e000-0x0000000000058000) (0MB) [ 0.000000] efi: mem03: type=10, attr=0xf, range=[0x0000000000058000-0x0000000000059000) (0MB) [ 0.000000] efi: mem04: type=7, attr=0xf, range=[0x0000000000059000-0x000000000005e000) (0MB) [ 0.000000] efi: mem05: type=4, attr=0xf, range=[0x000000000005e000-0x000000000005f000) (0MB) [ 0.000000] efi: mem06: type=3, attr=0xf, range=[0x000000000005f000-0x00000000000a0000) (0MB) [ 0.000000] efi: mem07: type=2, attr=0xf, range=[0x0000000000100000-0x0000000001d00000) (28MB) [ 0.000000] efi: mem08: type=7, attr=0xf, range=[0x0000000001d00000-0x0000000002000000) (3MB) [ 0.000000] efi: mem09: type=2, attr=0xf, range=[0x0000000002000000-0x0000000003c00000) (28MB) [ 0.000000] efi: mem10: type=7, attr=0xf, range=[0x0000000003c00000-0x0000000020000000) (452MB) [ 0.000000] efi: mem11: type=0, attr=0xf, range=[0x0000000020000000-0x0000000020200000) (2MB) [ 0.000000] efi: mem12: type=7, attr=0xf, range=[0x0000000020200000-0x0000000040000000) (510MB) [ 0.000000] efi: mem13: type=0, attr=0xf, range=[0x0000000040000000-0x0000000040200000) (2MB) [ 0.000000] efi: mem14: type=7, attr=0xf, range=[0x0000000040200000-0x000000005afce000) (429MB) [ 0.000000] efi: mem15: type=2, attr=0xf, range=[0x000000005afce000-0x0000000090b38000) (859MB) [ 0.000000] efi: mem16: type=4, attr=0xf, range=[0x0000000090b38000-0x0000000090b58000) (0MB) [ 0.000000] efi: mem17: type=7, attr=0xf, range=[0x0000000090b58000-0x0000000092f9a000) (36MB) [ 0.000000] efi: mem18: type=4, attr=0xf, range=[0x0000000092f9a000-0x0000000093b28000) (11MB) [ 0.000000] efi: mem19: type=7, attr=0xf, range=[0x0000000093b28000-0x00000000d6f82000) (1076MB) [ 0.000000] efi: mem20: type=1, attr=0xf, range=[0x00000000d6f82000-0x00000000d6f9f000) (0MB) [ 0.000000] efi: mem21: type=7, attr=0xf, range=[0x00000000d6f9f000-0x00000000d7b77000) (11MB) [ 0.000000] efi: mem22: type=4, attr=0xf, range=[0x00000000d7b77000-0x00000000d9f9f000) (36MB) [ 0.000000] efi: mem23: type=7, attr=0xf, range=[0x00000000d9f9f000-0x00000000da22d000) (2MB) [ 0.000000] efi: mem24: type=2, attr=0xf, range=[0x00000000da22d000-0x00000000da236000) (0MB) [ 0.000000] efi: mem25: type=3, attr=0xf, range=[0x00000000da236000-0x00000000da99f000) (7MB) [ 0.000000] efi: mem26: type=5, attr=0x800000000000000f, range=[0x00000000da99f000-0x00000000daac0000) (1MB) [ 0.000000] efi: mem27: type=5, attr=0x800000000000000f, range=[0x00000000daac0000-0x00000000dab9f000) (0MB) [ 0.000000] efi: mem28: type=6, attr=0x800000000000000f, range=[0x00000000dab9f000-0x00000000dacb1000) (1MB) [ 0.000000] efi: mem29: type=6, attr=0x800000000000000f, range=[0x00000000dacb1000-0x00000000dad9f000) (0MB) [ 0.000000] efi: mem30: type=0, attr=0xf, range=[0x00000000dad9f000-0x00000000dae1f000) (0MB) [ 0.000000] efi: mem31: type=0, attr=0xf, range=[0x00000000dae1f000-0x00000000dae9b000) (0MB) [ 0.000000] efi: mem32: type=0, attr=0xf, range=[0x00000000dae9b000-0x00000000dae9c000) (0MB) [ 0.000000] efi: mem33: type=0, attr=0xf, range=[0x00000000dae9c000-0x00000000dae9f000) (0MB) [ 0.000000] efi: mem34: type=10, attr=0xf, range=[0x00000000dae9f000-0x00000000daede000) (0MB) [ 0.000000] efi: mem35: type=10, attr=0xf, range=[0x00000000daede000-0x00000000daf9f000) (0MB) [ 0.000000] efi: mem36: type=9, attr=0xf, range=[0x00000000daf9f000-0x00000000dafdd000) (0MB) [ 0.000000] efi: mem37: type=9, attr=0xf, range=[0x00000000dafdd000-0x00000000dafff000) (0MB) [ 0.000000] efi: mem38: type=4, attr=0xf, range=[0x00000000dafff000-0x00000000db000000) (0MB) [ 0.000000] efi: mem39: type=7, attr=0xf, range=[0x0000000100000000-0x000000041e600000) (12774MB) [ 0.000000] efi: mem40: type=11, attr=0x8000000000000001, range=[0x00000000f80f8000-0x00000000f80f9000) (0MB) [ 0.000000] efi: mem41: type=11, attr=0x8000000000000001, range=[0x00000000fed1c000-0x00000000fed20000) (0MB) [ 0.000000] efi: Could not reserve boot range [0x0000000000-0x0000000fff] [ 0.000000] memblock_reserve: [0x0000000004e000-0x00000000058000] efi_reserve_boot_services+0x128/0x180 [ 0.000000] memblock_reserve: [0x0000000005e000-0x0000000005f000] efi_reserve_boot_services+0x128/0x180 [ 0.000000] efi: Could not reserve boot range [0x000005f000-0x000009ffff] [ 0.000000] memblock_reserve: [0x00000090b38000-0x00000090b58000] efi_reserve_boot_services+0x128/0x180 [ 0.000000] memblock_reserve: [0x00000092f9a000-0x00000093b28000] efi_reserve_boot_services+0x128/0x180 [ 0.000000] memblock_reserve: [0x000000d7b77000-0x000000d9f9f000] efi_reserve_boot_services+0x128/0x180 [ 0.000000] memblock_reserve: [0x000000da236000-0x000000da99f000] efi_reserve_boot_services+0x128/0x180 [ 0.000000] memblock_reserve: [0x000000dafff000-0x000000db000000] efi_reserve_boot_services+0x128/0x180 [ 0.000000] ACPI: UEFI 00000000dafdf000 0003E (v01 LENOVO TP-8A 00001420 PTL 00000002) [ 0.000000] ACPI: UEFI 00000000dafde000 00042 (v01 PTL COMBUF 00000001 PTL 00000001) [ 0.000000] ACPI: UEFI 00000000dafdd000 00292 (v01 LENOVO TP-8A 00001420 PTL 00000002) [ 0.575001] efifb: probing for efifb [ 0.575136] efifb: framebuffer at 0xe0000000, mapped to 0xffffc9000e080000, using 1216k, total 1216k [ 0.575140] efifb: mode is 640x480x32, linelength=2560, pages=1 [ 0.575143] efifb: scrolling: redraw [ 0.575146] efifb: Truecolor: size=8:8:8:8, shift=24:16:8:0 [ 0.577074] fb0: EFI VGA frame buffer device [ 0.641669] fb: conflicting fb hw usage inteldrmfb vs EFI VGA - removing generic driver [ 1.539610] tsc: Refined TSC clocksource calibration: 2491.906 MHz [ 2.178607] EFI Variables Facility v0.08 2004-May-17
uhm, you would have to produce /proc/iomem and dmesg for the 2G RAM case otherwise the UEFI BIOS won't be forced to relocate its stuff ;).
Created attachment 353446 [details] iomem-2G
Created attachment 353448 [details] dmesg-2G
(In reply to Matthew Thode ( prometheanfire ) from comment #36) > Created attachment 353448 [details] > dmesg-2G @prometheanfire Is this fixed? Please close the bug if it is.
confirmed with 3.11.1-hardened-r2 with mem=300M also, keep in mind this is a vanilla kernel bug
try without CONFIG_GRKERNSEC_HIDESYM, making a bug for the grsec specific bug (since the 300M one is vanilla). bug 501270
newest (3.13.3 from grsec upstream) may work for you in low mem - fixed some gcc plugins to work in low-memory environments as well, reported by many, big thanks to niv <n@e-ix.net> for help
(In reply to Matthew Thode ( prometheanfire ) from comment #40) > newest (3.13.3 from grsec upstream) may work for you in low mem > > - fixed some gcc plugins to work in low-memory environments as well, > reported by many, big thanks to niv <n@e-ix.net> for help note that this was about compile time memory consumption (where gcc's garbage collector could prematurely destroy some objects created/needed by the plugins), not kernel runtime so unlikely to help with UEFI ;).
What would you propose as an alternate title then? :P
(In reply to Matthew Thode ( prometheanfire ) from comment #42) > What would you propose as an alternate title then? :P i don't know, what's wrong with the current title? and isn't this bug fixed already anyway?
Good question, unless otherwise noted I'm going to put this in resolved test-request when I look over my bugs next (min 1 week)
