From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 1585) id 46869385AC3E; Wed, 26 Oct 2022 12:03:57 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 46869385AC3E DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1666785837; bh=07Ovooqdv+xas5lTCQ8MRDndE+3EsrVk2gC8BBK5vcY=; h=From:To:Subject:Date:From; b=pR/JKG/v8yFdgo/cx2vPMaX/gGv7bD9iytLh/kCtT1U8DeqLjqT7w4Ps/4bVLn9g1 4W7c+5eNe68UY2IJagzh0R3nBV3mfGqob1P1V2qFXsnYylP4tsF60eX0PBlBHsbPQW 32JolsdfH9ZdZ13bhUxI8RqU4+Q/LcDZ8Xa+Slyc= Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Luis Machado To: gdb-cvs@sourceware.org Subject: [binutils-gdb] gdb/arm: Fix M-profile EXC_RETURN X-Act-Checkin: binutils-gdb X-Git-Author: Luis Machado X-Git-Refname: refs/heads/master X-Git-Oldrev: b2e9e754e122d97511bbd6b990e38a23dafb6176 X-Git-Newrev: 23295de1317433210cb0303ef304e68763607c78 Message-Id: <20221026120357.46869385AC3E@sourceware.org> Date: Wed, 26 Oct 2022 12:03:57 +0000 (GMT) List-Id: https://sourceware.org/git/gitweb.cgi?p=3Dbinutils-gdb.git;h=3D23295de13174= 33210cb0303ef304e68763607c78 commit 23295de1317433210cb0303ef304e68763607c78 Author: Luis Machado Date: Wed Oct 26 13:00:50 2022 +0100 gdb/arm: Fix M-profile EXC_RETURN =20 Arm v8-M Architecture Reference Manual, D1.2.95 EXC_RETURN, Exception Return Payload describes ES bit: =20 "ES, bit [0] Exception Secure. The security domain the exception was taken to. The possible values of this bit are: 0 Non-secure. 1 Secure" =20 arm-tdep.c:3443, arm_m_exception_cache () function tests this bit: =20 exception_domain_is_secure =3D (bit (lr, 0) =3D=3D 0); =20 The test is negated! =20 Later on line 3553, the condition evaluates if an additional state context is stacked: =20 /* With the Security extension, the hardware saves R4..R11 too. */ if (tdep->have_sec_ext && secure_stack_used && (!default_callee_register_stacking || exception_domain_is_secu= re)) =20 RM, B3.19 Exception entry, context stacking reads: RPLHM "In a PE with the Security Extension, on taking an exception, the PE hardware: ... 2. If exception entry requires a transition from Secure state to Non-secure state, the PE hardware extends the stack frame and also saves additional state context." =20 So we should test for !exception_domain_is_secure instead of non-negated value! These two bugs compensate each other so unstacking works correctly. =20 But another test of exception_domain_is_secure (negated due to the first bug) prevents arm_unwind_secure_frames to work as expected: =20 /* Unwinding from non-secure to secure can trip security measures. In order to avoid the debugger being intrusive, rely on the user to configure the requested mode. */ if (secure_stack_used && !exception_domain_is_secure && !arm_unwind_secure_frames) =20 Test with GNU gdb (GDB) 13.0.50.20221016-git. Stopped in a non-secure handler: =20 (gdb) set arm unwind-secure-frames 0 (gdb) bt #0 HAL_SYSTICK_Callback () at C:/dvl/stm32l5trustzone/GPIO_IOToggle_T= rustZone/NonSecure/Src/nsmain.c:490 #1 0x0804081c in SysTick_Handler () at C:/dvl/stm32l5trustzone/GPIO_IOToggle_TrustZone/NonSecure/Src/n= sstm32l5xx_it.c:134 #2 #3 HAL_GPIO_ReadPin (GPIOx=3D0x52020800, GPIO_Pin=3D8192) at C:/dvl/stm32l5trustzone/GPIO_IOToggle_TrustZone/Drivers/STM32L5= xx_HAL_Driver/Src/stm32l5xx_hal_gpio.c:386 #4 0x0c000338 in SECURE_Mode () at C:/dvl/stm32l5trustzone/GPIO_IOTog= gle_TrustZone/Secure/Src/main.c:86 #5 0x080403f2 in main () at C:/dvl/stm32l5trustzone/GPIO_IOToggle_Tru= stZone/NonSecure/Src/nsmain.c:278 Backtrace stopped: previous frame inner to this frame (corrupt stack?) =20 The frames #3 and #4 are secure. backtrace should stop before #3. =20 Stopped in a secure handler: =20 (gdb) bt #0 HAL_SYSTICK_Callback () at C:/dvl/stm32l5trustzone/GPIO_IOToggle_T= rustZone/Secure/Src/main.c:425 #1 0x0c000b6a in SysTick_Handler () at C:/dvl/stm32l5trustzone/GPIO_IOToggle_TrustZone/Secure/Src/stm3= 2l5xx_it.c:234 warning: Non-secure to secure stack unwinding disabled. #2 =20 The exception from secure to secure erroneously stops unwinding. It sho= uld continue as far as the security unlimited backtrace: =20 (gdb) set arm unwind-secure-frames 1 (gdb) si <-- used to rebuild frame cache after change of unwind-secure= -frames 0x0c0008e6 425 if (SecureTimingDelay !=3D 0U) (gdb) bt #0 0x0c0008e6 in HAL_SYSTICK_Callback () at C:/dvl/stm32l5trustzone/G= PIO_IOToggle_TrustZone/Secure/Src/main.c:425 #1 0x0c000b6a in SysTick_Handler () at C:/dvl/stm32l5trustzone/GPIO_IOToggle_TrustZone/Secure/Src/stm3= 2l5xx_it.c:234 #2 #3 0x0c000328 in SECURE_Mode () at C:/dvl/stm32l5trustzone/GPIO_IOTog= gle_TrustZone/Secure/Src/main.c:88 #4 0x080403f2 in main () at C:/dvl/stm32l5trustzone/GPIO_IOToggle_Tru= stZone/NonSecure/Src/nsmain.c:278 =20 Backtrace stopped: previous frame inner to this frame (corrupt stack?) =20 Set exception_domain_is_secure to the value expected by its name. Fix exception_domain_is_secure usage in the additional state context stacking condition. =20 Signed-off-by: Tomas Vanek Diff: --- gdb/arm-tdep.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gdb/arm-tdep.c b/gdb/arm-tdep.c index 247e5522b8e..7cb3f5f3050 100644 --- a/gdb/arm-tdep.c +++ b/gdb/arm-tdep.c @@ -3489,7 +3489,7 @@ arm_m_exception_cache (frame_info_ptr this_frame) { secure_stack_used =3D (bit (lr, 6) !=3D 0); default_callee_register_stacking =3D (bit (lr, 5) !=3D 0); - exception_domain_is_secure =3D (bit (lr, 0) =3D=3D 0); + exception_domain_is_secure =3D (bit (lr, 0) !=3D 0); =20 /* Unwinding from non-secure to secure can trip security measures. In order to avoid the debugger being @@ -3599,7 +3599,7 @@ arm_m_exception_cache (frame_info_ptr this_frame) =20 /* With the Security extension, the hardware saves R4..R11 too. */ if (tdep->have_sec_ext && secure_stack_used - && (!default_callee_register_stacking || exception_domain_is_secure)) + && (!default_callee_register_stacking || !exception_domain_is_secure)) { /* Read R4..R11 from the integer callee registers. */ cache->saved_regs[4].set_addr (unwound_sp + 0x08);