From: Tomas Vanek <vanekt@fbl.cz>
To: gdb-patches@sourceware.org
Cc: Tomas Vanek <vanekt@fbl.cz>
Subject: [RFC PATCH 4/5] gdb/arm: Unwinding of secure procedure with cmse_nonsecure_entry attribute
Date: Sat, 5 Nov 2022 10:44:35 +0100 [thread overview]
Message-ID: <1667641476-31602-4-git-send-email-vanekt@fbl.cz> (raw)
In-Reply-To: <1667641476-31602-1-git-send-email-vanekt@fbl.cz>
This patch depends on pending:
"gdb/arm: PR 29738 Cache value for stack pointers for dwarf2 frames"
A secure procedure with cmse_nonsecure_entry attribute is compiled with
an epilogue ending by a return to the non-secure mode:
bxns lr
When a non-secure context called such procedure, the dwarf2 unwinder
did not know about cmse_nonsecure_entry attribute, did not see 'bxns'
at the return and therefore assumed a normal return keeping the security
state unchanged. This caused incorrect unwinding of the frames following
this one as the secure stack was used instead of non-secure.
Detect a procedure with cmse_nonsecure_entry attribute when unwinding
a secure frame. Change the security state to non-secure and use
the proper stack if the cmse_nonsecure_entry was detected.
The detection of the cmse_nonsecure_entry attribute is based on the split
secure gateway veneer and the rest of procedure with the name prefixed
by '__acle_se_'. This is documented in
https://developer.arm.com/documentation/100748/0619/Security-features-supported-in-Arm-Compiler-for-Embedded/Overview-of-building-Secure-and-Non-secure-images-with-the-Armv8-M-Security-Extension
and GCC conforms this model too.
To choose main or process non-secure stack we need xPSR and SPSEL
bit of CONTROL_NS. For simplicity CONTROL_NS is not tracked for changes
in the inner frames, the CONTROL_NS value is passed unchanged from
the innermost frame.
Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
---
gdb/arm-tdep.c | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 71 insertions(+), 8 deletions(-)
diff --git a/gdb/arm-tdep.c b/gdb/arm-tdep.c
index 4180277..4fac09b 100644
--- a/gdb/arm-tdep.c
+++ b/gdb/arm-tdep.c
@@ -5125,6 +5125,7 @@ enum arm_vfp_cprc_base_type
frame_info_ptr this_frame)
{
arm_gdbarch_tdep *tdep = gdbarch_tdep<arm_gdbarch_tdep> (gdbarch);
+ bool is_sp = (regnum == ARM_SP_REGNUM);
if (is_pacbti_pseudo (gdbarch, regnum))
{
@@ -5140,12 +5141,10 @@ enum arm_vfp_cprc_base_type
reg->how = DWARF2_FRAME_REG_FN;
reg->loc.fn = arm_dwarf2_prev_register;
}
- else if (regnum == ARM_SP_REGNUM)
- reg->how = DWARF2_FRAME_REG_CFA;
- else if (arm_is_alternative_sp_register (tdep, regnum))
+ else if (is_sp || arm_is_alternative_sp_register (tdep, regnum))
{
/* Identify what stack pointers that are synced with sp. */
- bool override_with_sp_value = false;
+ bool override_with_sp_value = is_sp;
if (tdep->have_sec_ext)
{
@@ -5165,24 +5164,88 @@ enum arm_vfp_cprc_base_type
= get_frame_register_unsigned (this_frame,
tdep->m_profile_psp_ns_regnum);
+ bool is_secure = (sp == msp_s || sp == psp_s);
+ bool return_to_ns = false;
+ if (is_secure)
+ {
+ CORE_ADDR func = get_frame_func (this_frame);
+ struct bound_minimal_symbol sym
+ = lookup_minimal_symbol_by_pc (func);
+ if (sym.minsym)
+ {
+ const char *name = sym.minsym->natural_name ();
+ arm_debug_printf ("ret to ns check minsym %s", name);
+ return_to_ns = strncmp (name, "__acle_se_", 10) == 0;
+ }
+ }
+
+ bool ns_process_stack = false;
+ if (return_to_ns &&
+ (is_sp ||
+ regnum == tdep->m_profile_msp_s_regnum ||
+ regnum == tdep->m_profile_psp_s_regnum))
+ {
+ bool spsel = true;
+
+ if (tdep->m_profile_control_ns_regnum >= 0)
+ {
+ ULONGEST control_ns
+ = get_frame_register_unsigned (this_frame,
+ tdep->m_profile_control_ns_regnum);
+ spsel = (control_ns & (1 << 1)) != 0;
+ }
+
+ if (spsel)
+ {
+ ULONGEST xpsr = get_frame_register_unsigned (this_frame,
+ ARM_PS_REGNUM);
+ ns_process_stack = (xpsr & 0x1ff) == 0;
+ }
+
+ if (is_sp)
+ {
+ reg->how = DWARF2_FRAME_REG_SAVED_GDB_REG;
+ reg->loc.reg = ns_process_stack ?
+ tdep->m_profile_psp_ns_regnum :
+ tdep->m_profile_msp_ns_regnum;
+ return;
+ }
+ }
+
+ if (return_to_ns)
+ {
+ if (regnum == tdep->m_profile_msp_regnum)
+ {
+ reg->how = DWARF2_FRAME_REG_SAVED_GDB_REG;
+ reg->loc.reg = tdep->m_profile_msp_ns_regnum;
+ return;
+ }
+ else if (regnum == tdep->m_profile_psp_regnum)
+ {
+ reg->how = DWARF2_FRAME_REG_SAVED_GDB_REG;
+ reg->loc.reg = tdep->m_profile_psp_ns_regnum;
+ return;
+ }
+ }
+
bool is_msp = (regnum == tdep->m_profile_msp_regnum)
&& (msp_s == sp || msp_ns == sp);
bool is_msp_s = (regnum == tdep->m_profile_msp_s_regnum)
- && (msp_s == sp);
+ && (msp_s == sp || (return_to_ns && !ns_process_stack));
bool is_msp_ns = (regnum == tdep->m_profile_msp_ns_regnum)
&& (msp_ns == sp);
bool is_psp = (regnum == tdep->m_profile_psp_regnum)
&& (psp_s == sp || psp_ns == sp);
bool is_psp_s = (regnum == tdep->m_profile_psp_s_regnum)
- && (psp_s == sp);
+ && (psp_s == sp || (return_to_ns && ns_process_stack));
bool is_psp_ns = (regnum == tdep->m_profile_psp_ns_regnum)
&& (psp_ns == sp);
- override_with_sp_value = is_msp || is_msp_s || is_msp_ns
+ override_with_sp_value = is_sp || is_msp || is_msp_s || is_msp_ns
|| is_psp || is_psp_s || is_psp_ns;
}
- else if (tdep->is_m)
+ else if (tdep->is_m && !is_sp)
{
CORE_ADDR sp
= get_frame_register_unsigned (this_frame, ARM_SP_REGNUM);
--
1.9.1
next prev parent reply other threads:[~2022-11-05 9:45 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-05 9:44 [RFC PATCH 1/5] gdb/arm: Introduce control_s and control_ns registers Tomas Vanek
2022-11-05 9:44 ` [RFC PATCH 2/5] gdb/arm: PR 29716 Fix FNC_RETURN stack selection in exception unwinder Tomas Vanek
2022-11-11 9:23 ` Luis Machado
2022-11-05 9:44 ` [RFC PATCH 3/5] gdb/dwarf2: Add dwarf2_frame_reg_rule for GDB register number Tomas Vanek
2022-11-05 9:44 ` Tomas Vanek [this message]
2022-11-05 9:44 ` [RFC PATCH 5/5] HACK frame inner than comparison for Arm M-profile sec ext Tomas Vanek
2022-11-08 11:23 ` [RFC PATCH 1/5] gdb/arm: Introduce control_s and control_ns registers Luis Machado
2022-11-08 15:52 ` Tomas Vanek
2022-11-08 15:58 ` Tomas Vanek
2022-11-09 15:27 ` Luis Machado
2022-11-08 16:48 ` Torbjorn SVENSSON
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1667641476-31602-4-git-send-email-vanekt@fbl.cz \
--to=vanekt@fbl.cz \
--cc=gdb-patches@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).