From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 1585) id 22B103857024; Wed, 26 Oct 2022 12:03:47 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 22B103857024 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1666785827; bh=3mV1MGjdEv5F755kgmon9BI0io83JLrGiNdcIj/yK2I=; h=From:To:Subject:Date:From; b=BVyDh7gD/xZl3qZACBAIgqw2VoRH3W7H76+JAkhByWFuEn9HL9DawY52pv1uz8n/1 e74eNKKuWf6V2u1Xj1wHVmcJeNCz5wY1NC8hdODdLk59qCR/HEIqIfvuJYtLIndzcl NZJwb7m7R4Qdc3bIFnj4Rpe9RqD6Q9JuOo4jH/a8= Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Luis Machado To: gdb-cvs@sourceware.org Subject: [binutils-gdb] gdb/arm: Terminate frame unwinding in M-profile lockup X-Act-Checkin: binutils-gdb X-Git-Author: Luis Machado X-Git-Refname: refs/heads/master X-Git-Oldrev: 99033a63c7ba0997ef737392eef15337d6783078 X-Git-Newrev: 8b73ee207c9c4b2d692a82a29d1cee2dcfa07394 Message-Id: <20221026120347.22B103857024@sourceware.org> Date: Wed, 26 Oct 2022 12:03:47 +0000 (GMT) List-Id: https://sourceware.org/git/gitweb.cgi?p=3Dbinutils-gdb.git;h=3D8b73ee207c9c= 4b2d692a82a29d1cee2dcfa07394 commit 8b73ee207c9c4b2d692a82a29d1cee2dcfa07394 Author: Luis Machado Date: Wed Oct 26 12:59:13 2022 +0100 gdb/arm: Terminate frame unwinding in M-profile lockup =20 In the lockup state the PC value of the the outer frame is irreversibly lost. The other registers are intact so LR likely contains PC of some frame next to the outer one, but we cannot analyze the nearest outer frame without knowing its PC therefore we do not know SP fixup for this frame. =20 The frame unwinder possibly gets mad due to the wrong SP value. To prevent problems terminate unwinding if PC contains the magic value of the lockup state. =20 Example session wihtout this change, Cortex-M33 CPU in lockup, gdb 13.0.50.20221016-git: ---------------- (gdb) c Continuing. =20 Program received signal SIGINT, Interrupt. 0xeffffffe in ?? () (gdb) bt #0 0xeffffffe in ?? () #1 0x0c000a9c in HardFault_Handler () at C:/dvl/stm32l5trustzone/GPIO_IOToggle_TrustZone/Secure/Src/stm= 32l5xx_it.c:99 #2 0x2002ffd8 in ?? () Backtrace stopped: previous frame identical to this frame (corrupt st= ack?) (gdb) ---------------- The frame #1 is at correct PC taken from LR, #2 is a total nonsense. =20 With the change: ---------------- (gdb) c Continuing. =20 Program received signal SIGINT, Interrupt. warning: ARM M in lockup state, stack unwinding terminated. (gdb) bt #0 (gdb) ---------------- =20 There is a visible drawback of emitting a warning in a cache buildnig r= outine as introduced in Torbj=C3=B6rn SVENSSON's [PATCH v4] gdb/arm: Stop unwinding on error, but do not assert The warning is printed just once and not repeated on each backtrace com= mand. =20 Signed-off-by: Tomas Vanek Diff: --- gdb/arm-tdep.c | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++-= -- 1 file changed, 53 insertions(+), 3 deletions(-) diff --git a/gdb/arm-tdep.c b/gdb/arm-tdep.c index 2af6aa1eff1..ae0882f9c4a 100644 --- a/gdb/arm-tdep.c +++ b/gdb/arm-tdep.c @@ -724,9 +724,30 @@ arm_pc_is_thumb (struct gdbarch *gdbarch, CORE_ADDR me= maddr) return 0; } =20 +static inline bool +arm_m_addr_is_lockup (CORE_ADDR addr) +{ + switch (addr) + { + /* Values for lockup state. + For more details see "B1.5.15 Unrecoverable exception cases" in + both ARMv6-M and ARMv7-M Architecture Reference Manuals, or + see "B4.32 Lockup" in ARMv8-M Architecture Reference Manual. */ + case 0xeffffffe: + case 0xfffffffe: + case 0xffffffff: + return true; + + default: + /* Address is not lockup. */ + return false; + } +} + /* Determine if the address specified equals any of these magic return values, called EXC_RETURN, defined by the ARM v6-M, v7-M and v8-M - architectures. + architectures. Also include lockup magic PC value. + Check also for FNC_RETURN if we have the v8-M security extension. =20 From ARMv6-M Reference Manual B1.5.8 Table B1-5 Exception return behavior @@ -769,6 +790,9 @@ arm_pc_is_thumb (struct gdbarch *gdbarch, CORE_ADDR mem= addr) static int arm_m_addr_is_magic (struct gdbarch *gdbarch, CORE_ADDR addr) { + if (arm_m_addr_is_lockup (addr)) + return 1; + arm_gdbarch_tdep *tdep =3D gdbarch_tdep (gdbarch); if (tdep->have_sec_ext) { @@ -3355,6 +3379,31 @@ arm_m_exception_cache (frame_info_ptr this_frame) describes which bits in LR that define which stack was used prior to the exception and if FPU is used (causing extended stack frame). = */ =20 + /* In the lockup state PC contains a lockup magic value. + The PC value of the the next outer frame is irreversibly + lost. The other registers are intact so LR likely contains + PC of some frame next to the outer one, but we cannot analyze + the next outer frame without knowing its PC + therefore we do not know SP fixup for this frame. + Some heuristics to resynchronize SP might be possible. + For simplicity, just terminate the unwinding to prevent it going + astray and attempting to read data/addresses it shouldn't, + which may cause further issues due to side-effects. */ + CORE_ADDR pc =3D get_frame_pc (this_frame); + if (arm_m_addr_is_lockup (pc)) + { + /* The lockup can be real just in the innermost frame + as the CPU is stopped and cannot create more frames. + If we hit lockup magic PC in the other frame, it is + just a sentinel at the top of stack: do not warn then. */ + if (frame_relative_level (this_frame) =3D=3D 0) + warning (_("ARM M in lockup state, stack unwinding terminated.")); + + /* Terminate any further stack unwinding. */ + arm_cache_set_active_sp_value (cache, tdep, 0); + return cache; + } + CORE_ADDR lr =3D get_frame_register_unsigned (this_frame, ARM_LR_REGNUM); =20 /* ARMv7-M Architecture Reference "A2.3.1 Arm core registers" @@ -3824,11 +3873,12 @@ arm_m_exception_unwind_sniffer (const struct frame_= unwind *self, return arm_m_addr_is_magic (gdbarch, this_pc); } =20 -/* Frame unwinder for M-profile exceptions. */ +/* Frame unwinder for M-profile exceptions (EXC_RETURN on stack), + lockup and secure/nonsecure interstate function calls (FNC_RETURN). */ =20 struct frame_unwind arm_m_exception_unwind =3D { - "arm m exception", + "arm m exception lockup sec_fnc", SIGTRAMP_FRAME, arm_m_exception_frame_unwind_stop_reason, arm_m_exception_this_id,