(In reply to DodoLeDev from comment #0)
> Created attachment 305081 [details]
> My full dmesg output
> 
> Hi everyone!
> I'm coming to you today because my Linux Kernel encounters bugs during
> startup that I didn't have when using an older kernel.
> 
> When digging into the dmesg, I get this error:
> ```
> [   30.024294] ------------[ cut here ]------------
> [   30.024305] [Firmware Bug]: Page fault caused by firmware at PA:
> 0x66059210
> [   30.024312] WARNING: CPU: 3 PID: 12 at arch/x86/platform/efi/quirks.c:743
> efi_crash_gracefully_on_page_fault+0x57/0x100
> [   30.024326] Modules linked in: processor_thermal_rapl rfkill roles
> intel_lpss mei_me cec intel_rapl_common idma64 snd(+) mei intel_ishtp
> intel_soc_dts_iosf soundcore intel_gtt vfat fat i2c_hid_acpi intel_vbtn
> int3400_thermal i2c_hid video int3403_thermal int340x_thermal_zone
> sparse_keymap soc_button_array wmi wireless_hotkey acpi_thermal_rel mac_hid
> pkcs8_key_parser crypto_user fuse loop zram ip_tables x_tables ext4
> crc32c_generic crc16 mbcache jbd2 dm_crypt cbc encrypted_keys trusted
> asn1_encoder tee mmc_block usbhid crct10dif_pclmul crc32_pclmul crc32c_intel
> polyval_generic serio_raw gf128mul atkbd rtsx_pci_sdmmc ghash_clmulni_intel
> libps2 sha512_ssse3 vivaldi_fmap mmc_core aesni_intel dm_mod crypto_simd
> xhci_pci cryptd xhci_pci_renesas rtsx_pci i8042 serio
> [   30.024407] CPU: 3 PID: 12 Comm: kworker/u8:1 Not tainted 6.5.2-arch1-1
> #1 d2912f929551bc8e9b95af790b8285a77c25fa29
> [   30.024412] Hardware name: HP HP ProBook x360 11 G1 EE/82EE, BIOS 01.27
> 04/19/2019
> [   30.024415] Workqueue: efi_rts_wq efi_call_rts
> [   30.024423] RIP: 0010:efi_crash_gracefully_on_page_fault+0x57/0x100
> [   30.024429] Code: 03 00 48 81 fb ff 0f 00 00 0f 86 95 00 00 00 48 3d 30
> 1c d8 a9 0f 85 89 00 00 00 48 89 de 48 c7 c7 c8 e5 a4 a8 e8 59 d7 00 00 <0f>
> 0b 83 3d 50 be 8d 02 0a 74 7c e8 69 1f 00 00 e8 74 43 cd 00 b9
> [   30.024432] RSP: 0018:ffffaac1400b7b20 EFLAGS: 00010082
> [   30.024435] RAX: 0000000000000000 RBX: 0000000066059210 RCX:
> 0000000000000027
> [   30.024438] RDX: ffff9d097bda16c8 RSI: 0000000000000001 RDI:
> ffff9d097bda16c0
> [   30.024440] RBP: ffffaac1400b7bd8 R08: 0000000000000000 R09:
> ffffaac1400b79b0
> [   30.024442] R10: 0000000000000003 R11: ffffffffa92ca068 R12:
> 0000000066059210
> [   30.024444] R13: 0000000000000000 R14: 0000000000000000 R15:
> 0000000000000000
> [   30.024446] FS:  0000000000000000(0000) GS:ffff9d097bd80000(0000)
> knlGS:0000000000000000
> [   30.024449] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [   30.024451] CR2: 0000000066059210 CR3: 000000010022e000 CR4:
> 00000000003506e0
> [   30.024454] Call Trace:
> [   30.024458]  <TASK>
> [   30.024460]  ? efi_crash_gracefully_on_page_fault+0x57/0x100
> [   30.024465]  ? __warn+0x81/0x130
> [   30.024474]  ? efi_crash_gracefully_on_page_fault+0x57/0x100
> [   30.024478]  ? report_bug+0x171/0x1a0
> [   30.024483]  ? prb_read_valid+0x1b/0x30
> [   30.024488]  ? handle_bug+0x3c/0x80
> [   30.024491]  ? exc_invalid_op+0x17/0x70
> [   30.024494]  ? asm_exc_invalid_op+0x1a/0x20
> [   30.024500]  ? efi_crash_gracefully_on_page_fault+0x57/0x100
> [   30.024505]  page_fault_oops+0x2d9/0x4e0
> [   30.024511]  exc_page_fault+0x7f/0x180
> [   30.024517]  asm_exc_page_fault+0x26/0x30
> [   30.024521] RIP: 0010:0xfffffffefb033d44
> [   30.024540] Code: d1 b9 04 00 00 00 e9 b7 ff ff ff cc cc cc 48 8b 05 f9
> 4a 00 00 48 ff 60 30 cc 48 83 ec 28 48 8b 05 e9 4a 00 00 4c 8d 44 24 40 <ff>
> 50 40 48 8b 4c 24 40 33 d2 48 85 c0 48 0f 48 ca 48 8b c1 48 83
> [   30.024543] RSP: 0018:ffffaac1400b7c80 EFLAGS: 00010082
> [   30.024545] RAX: 00000000660591d0 RBX: 0000000000000002 RCX:
> 0000000000000004
> [   30.024547] RDX: 0000000000000002 RSI: 0000000000000000 RDI:
> 0000000000000002
> [   30.024549] RBP: ffffaac1400b7d50 R08: ffffaac1400b7cc0 R09:
> ffffaac1400b7db0
> [   30.024551] R10: 0000000000000000 R11: 0000000000000000 R12:
> 0000000000000000
> [   30.024553] R13: 0000000000083fb0 R14: ffffaac1400b7db0 R15:
> ffffaac1400b7db8
> [   30.024559]  ? update_load_avg+0x7e/0x780
> [   30.024565]  ? __switch_to_asm+0x3e/0x70
> [   30.024571]  ? finish_task_switch.isra.0+0x94/0x2f0
> [   30.024576]  ? __efi_call+0x2c/0x40
> [   30.024579]  ? efi_call_rts+0x325/0x790
> [   30.024584]  ? process_one_work+0x1e1/0x3f0
> [   30.024588]  ? worker_thread+0x51/0x390
> [   30.024591]  ? __pfx_worker_thread+0x10/0x10
> [   30.024594]  ? kthread+0xe8/0x120
> [   30.024597]  ? __pfx_kthread+0x10/0x10
> [   30.024601]  ? ret_from_fork+0x34/0x50
> [   30.024605]  ? __pfx_kthread+0x10/0x10
> [   30.024608]  ? ret_from_fork_asm+0x1b/0x30
> [   30.024615]  </TASK>
> [   30.024616] ---[ end trace 0000000000000000 ]---
> [   30.024638] efi: Froze efi_rts_wq and disabled EFI Runtime Services
> [   30.024676] ------------[ cut here ]------------
> [   30.024679] WARNING: CPU: 2 PID: 433 at
> drivers/firmware/efi/runtime-wrappers.c:376
> virt_efi_query_variable_info+0x170/0x1a0
> [   30.024688] Modules linked in: processor_thermal_rapl rfkill roles
> intel_lpss mei_me cec intel_rapl_common idma64 snd(+) mei intel_ishtp
> intel_soc_dts_iosf soundcore intel_gtt vfat fat i2c_hid_acpi intel_vbtn
> int3400_thermal i2c_hid video int3403_thermal int340x_thermal_zone
> sparse_keymap soc_button_array wmi wireless_hotkey acpi_thermal_rel mac_hid
> pkcs8_key_parser crypto_user fuse loop zram ip_tables x_tables ext4
> crc32c_generic crc16 mbcache jbd2 dm_crypt cbc encrypted_keys trusted
> asn1_encoder tee mmc_block usbhid crct10dif_pclmul crc32_pclmul crc32c_intel
> polyval_generic serio_raw gf128mul atkbd rtsx_pci_sdmmc ghash_clmulni_intel
> libps2 sha512_ssse3 vivaldi_fmap mmc_core aesni_intel dm_mod crypto_simd
> xhci_pci cryptd xhci_pci_renesas rtsx_pci i8042 serio
> [   30.024751] CPU: 2 PID: 433 Comm: bootctl Tainted: G        W         
> 6.5.2-arch1-1 #1 d2912f929551bc8e9b95af790b8285a77c25fa29
> [   30.024755] Hardware name: HP HP ProBook x360 11 G1 EE/82EE, BIOS 01.27
> 04/19/2019
> [   30.024757] RIP: 0010:virt_efi_query_variable_info+0x170/0x1a0
> [   30.024762] Code: 84 c0 75 2d 48 c7 c7 68 5b ad a8 e8 3a 5e 69 ff 48 8b
> 1d 8b f2 ec 01 48 b8 15 00 00 00 00 00 00 80 48 39 c3 0f 85 0a ff ff ff <0f>
> 0b e9 03 ff ff ff 48 c7 c7 58 1c d8 a9 e8 8d a6 2d 00 eb d1 48
> [   30.024765] RSP: 0018:ffffaac140747c30 EFLAGS: 00010246
> [   30.024769] RAX: 8000000000000015 RBX: 8000000000000015 RCX:
> 0000000000000002
> [   30.024771] RDX: 0000000000000001 RSI: 0000000000000002 RDI:
> ffffffffa9d81c60
> [   30.024773] RBP: ffffaac140747c70 R08: 0000000000000000 R09:
> 0000000000000000
> [   30.024775] R10: 0000000000000001 R11: 0000000000000030 R12:
> ffffaac140747c68
> [   30.024777] R13: ffffaac140747c60 R14: ffff9d0904c30400 R15:
> ffff9d0908914f00
> [   30.024779] FS:  00007f807c655480(0000) GS:ffff9d097bd00000(0000)
> knlGS:0000000000000000
> [   30.024782] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [   30.024784] CR2: 000055930a4430a0 CR3: 000000010abe0000 CR4:
> 00000000003506e0
> [   30.024787] Call Trace:
> [   30.024789]  <TASK>
> [   30.024791]  ? virt_efi_query_variable_info+0x170/0x1a0
> [   30.024795]  ? __warn+0x81/0x130
> [   30.024799]  ? virt_efi_query_variable_info+0x170/0x1a0
> [   30.024804]  ? report_bug+0x171/0x1a0
> [   30.024808]  ? handle_bug+0x3c/0x80
> [   30.024810]  ? exc_invalid_op+0x17/0x70
> [   30.024813]  ? asm_exc_invalid_op+0x1a/0x20
> [   30.024818]  ? virt_efi_query_variable_info+0x170/0x1a0
> [   30.024823]  efi_query_variable_store+0x72/0x1f0
> [   30.024829]  ? efivar_validate+0x100/0x1b0
> [   30.024834]  efivar_set_variable_locked+0xa6/0xf0
> [   30.024839]  efivar_entry_set_get_size+0x8b/0x160
> [   30.024844]  efivarfs_file_write+0xbd/0x190
> [   30.024850]  vfs_write+0xf2/0x420
> [   30.024857]  ksys_write+0x6f/0xf0
> [   30.024861]  do_syscall_64+0x60/0x90
> [   30.024867]  ? syscall_exit_to_user_mode+0x2b/0x40
> [   30.024872]  ? do_syscall_64+0x6c/0x90
> [   30.024876]  ? do_user_addr_fault+0x225/0x640
> [   30.024881]  ? exc_page_fault+0x7f/0x180
> [   30.024885]  entry_SYSCALL_64_after_hwframe+0x6e/0xd8
> [   30.024889] RIP: 0033:0x7f807c504664
> [   30.024898] Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00
> 00 00 00 00 f3 0f 1e fa 80 3d 05 1d 14 00 00 74 13 b8 01 00 00 00 0f 05 <48>
> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 48 89 54 24 18 48
> [   30.024901] RSP: 002b:00007ffff4d86ff8 EFLAGS: 00000202 ORIG_RAX:
> 0000000000000001
> [   30.024904] RAX: ffffffffffffffda RBX: 0000000000000024 RCX:
> 00007f807c504664
> [   30.024906] RDX: 0000000000000024 RSI: 000055930ae84c50 RDI:
> 0000000000000007
> [   30.024908] RBP: 000055930ae84c50 R08: 0000000000000000 R09:
> 0000000000000000
> [   30.024910] R10: 00000000000001a4 R11: 0000000000000202 R12:
> 0000000000000007
> [   30.024912] R13: 0000000000000000 R14: 00007ffff4d87030 R15:
> 000055930ae84c50
> [   30.024916]  </TASK>
> [   30.024918] ---[ end trace 0000000000000000 ]---
> [   30.024935] efi: EFI Runtime Services are disabled!
> ```
> (full dmesg output attached to this issue)
> 
> This bug doesn't prevent me from booting up properly, but it disables any
> access to the efi variables on my system:
> 
> ```
> $ efibootmgr
> EFI variables are not supported on this system.
> $ bootctl status
> Failed to read EFI variable
> LoaderFirmwareType-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f: Input/output error
> Failed to read EFI variable
> LoaderFirmwareInfo-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f: Input/output error
> Failed to read EFI variable LoaderInfo-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f:
> Input/output error
> Failed to read EFI variable
> LoaderImageIdentifier-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f: Input/output
> error
> Failed to read EFI variable LoaderDevicePartUUID: Input/output error
> Failed to read EFI boot order: Erreur d'entrée/sortie
> Failed to determine entries reported by boot loader, ignoring: Erreur
> d'entrée/sortie
> Failed to read EFI variable "LoaderEntryDefault", ignoring: Erreur
> d'entrée/sortie
> Failed to read EFI variable "LoaderEntrySelected", ignoring: Erreur
> d'entrée/sortie
> System:
>       Firmware: n/a (n/a)
>  Firmware Arch: x64
>    Secure Boot: disabled (unsupported)
>   TPM2 Support: yes
>   Boot into FW: failed (Input/output error)
> 
> Current Boot Loader:
>       Product: n/a
>      Features: ✗ Boot counting
>                ✗ Menu timeout control
>                ✗ One-shot menu timeout control
>                ✗ Default entry control
>                ✗ One-shot entry control
>                ✗ Support for XBOOTLDR partition
>                ✗ Support for passing random seed to OS
>                ✗ Load drop-in drivers
>                ✗ Support Type #1 sort-key field
>                ✗ Support @saved pseudo-entry
>                ✗ Support Type #1 devicetree field
>                ✗ Enroll SecureBoot keys
>                ✗ Retain SHIM protocols
>                ✗ Boot loader sets ESP information
>           ESP: n/a
>          File: └─n/a
> ```
> (I'm using systemd-boot, but systemd don't understand it)
> 
> However, when using an older linux kernel (<=6.3), I'm able to access
> efivars (through efibootmgr or bootctl status), but don't have any way to
> edit them without causing the same error as shown before (but that's another
> problem).
> 

What kernel version do you have this regression? Do you mean v6.1 doesn't have it?

Hello!
I'm coming with some bad news:
It seems that even on Linux kernel 6.1, the bug is still here!

But now you may ask: how could the bug be here now and not before, while still using the same kernel version?

The answer is simple: it seems that the bug is present on my installation, but not when using a live USB.

I suspect my setup to be the main cause of this problem.


Now my question is: do you know what could write something in NVRAM at startup, if it's a program or module that caused this crash, and is there a way to disable writing to NVRAM, even by the kernel?

Thanks in advance

This seems unrelated to NVRAM.

Can you try booting normally but with the USB stick inserted? The UEFI driver stack could be the culprit here, which allocates memory at boot, and this could result in a different memory layout, causing the crash.

Please check whether the patch I cc'ed you on fixes the issue on your system or not (6.4 or older).

https://lore.kernel.org/linux-efi/20230911081024.3489875-2-ardb@google.com/T/#u

Okay!
After further investigations, I finally found the main cause of this behavior change, and it's perfectly unrelated to kernel updates: it was systemd-boot which tried to add some RandomSeed variables at startup.

HOWEVER, I've found that efibootmgr was not able to work correctly when I moved to 6.5: reading efi variables should work until I try to write something to it. bootctl status and efi-readvar works without any problem, but efibootmgr suddently stopped working when updating the linux kernel from 6.4(.12) to 6.5(.2).

```
$ efibootmgr # on 6.4.12
BootCurrent: 000x
Timeout: 0 seconds
BootOrder: 000x,000x,000x,000x,000x
Boot000x* xxxxxxxxxxxxxxxxxxxxxx
Boot000x* xxxxxxxxxxxxxxxxxxxxxx
Boot000x* xxxxxxxxxxxxxxxxxxxxxx
Boot000x* xxxxxxxxxxxxxxxxxxxxxx
Boot000x* xxxxxxxxxxxxxxxxxxxxxx
Boot000x* xxxxxxxxxxxxxxxxxxxxxx

$ efibootmgr # on 6.5.2
EFI variables are not supported on this system
```

Moreover, efibootmgr causes the famous kernel crash without any ability to only read variables. (funnily, even efibootmgr --help make it crash!)

efibootmgr appears to use a "forbidden" method to read efi variables since kernel 6.5...

The efibootmgr issue on v6.5 is not unexpected: it calls statfs() on the efivarfs mount point, which now calls QueryVariableInfo() internally, which is what causes your firmware to crash.

Please test the patch I provided. Without feedback on whether or not that patch improves your situation on v6.4 or older, I won't be able to help you further.