System description:
13-inch, Mid 2009 MacBook Pro (MacBookPro5,5) with memory upgraded to 8 GB.
Observed behavior:
On boot, system immediately hangs at:
probing: pc0 mem[
Steps to reproduce:
- Boot from a USB installer of 6.9 (hangs)
- Boot from a CD installer of 6.9 (works), install the system, and
reboot (hangs)
- Upgrade from 6.8 to 6.9 and reboot (hangs)
- Compile the 6.8 version of the boot code with 6.9 and install on
the EFI partition (hangs)
Workaround:
Copy the BOOTX64.EFI from 6.8 release to the EFI system partition.
Diagnosis:
I added some debug printf statements to the code and found that it was
hanging at this line in src/sys/arch/amd64/stand/efiboot/efiboot.c:
(++bm)->type = BIOS_MAP_END;
This appears to be a buffer overrun on:
bios_memmap_t bios_memmap[64];
Updating to a size of 128 allows the machine to boot. With some
additional debug statements, I found that it processes 204 records
from GetMemoryMap into 74 entries in bios_memmap.
I'm not sure how a fixed size 64 was chosen, since the UEFI memory map
of the system could be arbitrarily long, so I can't say how long this
array needs to be to work on every system. At the very least, it
should probably be doubled with some assertions and a panic if it runs
out of room.
I'm also not quite sure why the 6.8 copy of BOOTX64.EFI works, other
than it is just happily clobbering memory. The fact that the 6.8
version of the code fails when compiled on 6.9 makes me think maybe
there is some checking added by the 6.9 compiler chain that detects
the overrun and halts?
--
David
