From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) by sourceware.org (Postfix) with ESMTPS id DDBB33858D20 for ; Wed, 17 Apr 2024 21:04:45 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org DDBB33858D20 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org DDBB33858D20 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::62a ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1713387888; cv=none; b=wRf7qhinEtqivdSYCXF3pfPrx3T7uHYj0C1sY6IUPlIAfEY9H2mLdAuHPchUYNyphMvsrTRFR2MnXkazgKtp8kjOws7tO3wDzNchPO3j5OYj2WszsMxbOra9Ng632R/3coOXTj8s85Qtt4mF1cUvlXjed4xm5tsvf1qZoro4XaU= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1713387888; c=relaxed/simple; bh=j7SI6KBouw5s1x7hjKXi+/dHaLQcg1MRpC+MG9oX1p4=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=VbRZqImcESw8cLcttddXSmB66+HYp9rWn4yh9mFT3ee5tNvJJ94TjwDqukb1kvQOXy6om4+v2gGC0c2WeKYIgbtdb8t++C9kA7LuSNACUFskwCk1w3GK+sDI/QGuFreFagnyGOSYMyNUEIinl99EF5KYKHTo4eSJUYA9OpSg2eQ= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pl1-x62a.google.com with SMTP id d9443c01a7336-1e2c725e234so10316635ad.1 for ; Wed, 17 Apr 2024 14:04:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713387884; x=1713992684; darn=sourceware.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=fJ7XyEtQsvtRIoeeFIKoIUWbMbumaqOAzHgJMop3bvE=; b=SHBC5SE9pl4rWA7SboIrs/vG5jcDJxCNwC3bR+WPF2j9JHY1h7MZzupzhqBpvhT5yV T8wTo5cYYFoh/0E0JLbLJjy9DNRRo2cUtjwtkebfLX5UtRfkWaayPf48bEUMK5jx+/F1 585NEFBe9r3+G8W+xsmLhsjHcTpgR4qANWhnjO+wyU4kBvTxsOXWTRElJFcKjGzdnBDr Z+vIsKskbIKhWoLSD7RXLjc+dY0BL0m1qyWW28BIdiHfUssWmR44olCGFpjQiw9BrOIv g1D0t4vQZwSHB8XvvRZ3YBYDkEXCJpg7XA2okWfacs559fBBr/HHHVgtxiu7j/1F4T5h d+1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713387884; x=1713992684; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=fJ7XyEtQsvtRIoeeFIKoIUWbMbumaqOAzHgJMop3bvE=; b=NyrriI0qKJ2DxnbbEGLvngIWQF0jwmFsW4YVUEhxUCxqg2+7d4xycmNJagSZlSrdW7 24er7r4fi2RTpohuCPBL14wrl0+zNV+QnAYMn8x6WIhZzOh6w0bvYZEwJ0So5ODqjVo3 ya52bm9yJl8fA3k4HRrdiZUdNipxshyYbFo1uOpG+3wY9hsQyVUTvAOVUT9m7m0gSrLa iucSUwyuRKB7pXO9TMGems3ZleFwSH1FFdqmXxgLCaoeX8+NNNPBTN7ldA8XKSMedRQL IdS4RDp9nwtsIL1X87/TRq3tAQlLHXZwOiLUX2bdXGhMCIO1WXkLy2NJpTPs+MbOrXpc Hkyg== X-Gm-Message-State: AOJu0Yx0BMOabcq0U84IELUPfVo5InzJVH4Di3a53r9ReaOWaNIbpW2R ZAKeGacYdMI5/srAgkaa/x7iHnXo0w1guGc/6lckIHlLyFflGUUbSPM1iSlCti24LwjZEQQiP/a x X-Google-Smtp-Source: AGHT+IF4Eza+tskyFNSrDo6tCa3kC0DWImTlNWDmp0fpiGCZrCC84E/BsxWj6IUDV1YRuNwAU39ERQ== X-Received: by 2002:a17:902:cec3:b0:1e5:560d:8519 with SMTP id d3-20020a170902cec300b001e5560d8519mr545306plg.0.1713387884508; Wed, 17 Apr 2024 14:04:44 -0700 (PDT) Received: from amd.. ([2804:7f0:b403:ad57:3e7c:3fff:fe7a:e83b]) by smtp.gmail.com with ESMTPSA id l9-20020a170903120900b001e3e0aa9776sm80494plh.27.2024.04.17.14.04.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Apr 2024 14:04:43 -0700 (PDT) From: Gustavo Romero To: gdb-patches@sourceware.org Cc: luis.machado@arm.com, thiago.bauermann@linaro.org, eliz@gnu.org, tom@tromey.com, gustavo.romero@linaro.org Subject: [PATCH v5 0/8] Add another way to check tagged addresses on remote targets Date: Wed, 17 Apr 2024 21:04:16 +0000 Message-Id: <20240417210424.216374-1-gustavo.romero@linaro.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: This series introduces a new method to check for memory tagged addresses on remote targets. This new method is based on a new packet, qIsAddressTagged. GDB now sends first a qIsAddressTagged packet to the stub for checking an address and if the stub sends an empty reply GDB attemps to use the current code path as a fallback mechanism, so no change in stubs not supporting the new packet is required. Stubs that support the new packet just need to implement the check and reply accordingly to qIsAddressTagged queries. This new mechanism allows for checking memory tagged addresses in an OS-agnostic way, which is necessary when debugging targets that do not support '/proc//smaps', as the current method of reading the smaps contents fails in such cases. Updates in v2: * Fixed build error "no match for ‘operator!=’ (operand types are ‘packet_result’ and ‘packet_status’)" reported by Linaro CI bot, caused by a last-minute rebase * Added instructions on how to test the series on a remote target using QEMU gdbstub (-g option) -- see below Updates in v3: * Changed packet name to qMemTagCheckAddr for consistence * Documented the new packet in gdb.texinfo and NEWS * Changed target hook name to is_address_tagged * Fixed several GNU Style nonconformities * Split commit that adds the target hook and the qMemTagCheckAddr in two commits * Tested fallback mechanism using gdbserver (use of vFile requests instead of qMemTagCheckAddr) * Fixed off-by-one error * Changed targe hook signature to take gdbarch as an argument for better modularity Updates in v4: * Changed packet name to qIsAddressTagged as per Luis's suggestion * Removed the need for memory-tagging-check-add+ feature in qSupport to use the qIsAddressTagged packet; now GDB first attempts to use the packet to check the address and if the stub returns empty the fallback mechanism (the current code path that reads smaps) is used * Fixed documentation as per Eli's review * Added unittests for qIsAddressTagged request and replies * Fixed "gdb: Introduce is_address_tagged target hook" commit message * Removed wrong assert in aarch64_linux_tagged_address_p that crashed GDB, for instance, on "memory-tag check 0x0", because 0x0 address is actually valid in this context * Added several comments in the code as per Luis's reviews Updates in v5: * Use of GDB feature auto detect to find out if the qIsAddressTagged packet is supported by the stub, hence this packet is sent only one time if it's not supported by the stub * More fixes in the documentation * Use of reference instead of pointer for param. 'tagged' in check_is_address_tagged_reply function * Adjusted unit test cases as per Luis's comments * Updated QEMU prototype so the stub now replies to qIsAddressTagged queries, for testing this series using QEMU (as per comments about testing below) ---- This series can be tested with the 'mte_t' binary found in: https://people.linaro.org/~gustavo.romero/gdb, using the GDB 'memory-tag print-allocation-tag' command to show the allocation tag for array pointer 'a'. To download mte_t: $ wget https://people.linaro.org/~gustavo.romero/gdb/mte_t $ chmod +x ./mte_t ... or build it from source: $ wget https://people.linaro.org/~gustavo.romero/gdb/mte_t.c $ gcc -march=armv8.5-a+memtag -static -g3 -O0 mte_t.c -o mte_t For example, testing the address check for the aarch64_linux_nat.c target: gromero@arm64:~/code$ ~/git/binutils-gdb_remote/build/gdb/gdb -q ./mte_t Reading symbols from ./mte_t... (gdb) run Starting program: /home/gromero/code/mte_t a[] address is 0xfffff7ffc000 a[0] = 1 a[1] = 2 0x100fffff7ffc000 a[0] = 3 a[1] = 2 Expecting SIGSEGV... Program received signal SIGSEGV, Segmentation fault Memory tag violation Fault address unavailable. 0x0000000000418658 in write () (gdb) bt #0 0x0000000000418658 in write () #1 0x000000000040a3bc in _IO_new_file_write () #2 0x0000000000409574 in new_do_write () #3 0x000000000040ae20 in _IO_new_do_write () #4 0x000000000040b55c in _IO_new_file_overflow () #5 0x0000000000407414 in puts () #6 0x000000000040088c in main () at mte_t.c:119 (gdb) frame 6 #6 0x000000000040088c in main () at mte_t.c:119 119 printf("...haven't got one\n"); (gdb) memory-tag print-logical-tag a $1 = 0x1 (gdb) memory-tag print-allocation-tag &a[16] $2 = 0x0 (gdb) # Tag mismatch (gdb) Testing address check on a core file: gromero@arm64:~/code$ ulimit -c unlimited gromero@arm64:~/code$ ./mte_t a[] address is 0xffffb3bcc000 a[0] = 1 a[1] = 2 0x900ffffb3bcc000 a[0] = 3 a[1] = 2 Expecting SIGSEGV... Segmentation fault (core dumped) gromero@arm64:~/code$ ~/git/binutils-gdb_remote/build/gdb/gdb -q ./mte_t ./core Reading symbols from ./mte_t... [New LWP 256036] Core was generated by `./mte_t'. Program terminated with signal SIGSEGV, Segmentation fault Memory tag violation Fault address unavailable. #0 0x0000000000418658 in write () (gdb) bt #0 0x0000000000418658 in write () #1 0x000000000040a3bc in _IO_new_file_write () #2 0x0000000000409574 in new_do_write () #3 0x000000000040ae20 in _IO_new_do_write () #4 0x000000000040b55c in _IO_new_file_overflow () #5 0x0000000000407414 in puts () #6 0x000000000040088c in main () at mte_t.c:119 (gdb) frame 6 #6 0x000000000040088c in main () at mte_t.c:119 119 printf("...haven't got one\n"); (gdb) memory-tag print-logical-tag a $1 = 0x9 (gdb) memory-tag print-allocation-tag &a[16] $2 = 0x0 (gdb) # Tag mismatch (gdb) Finally, testing the new packet on a remote target using QEMU gdbstub which supports the new 'memory-tagging-check-add+' feature (WIP). Clone and build QEMU: $ git clone --depth=1 --single-branch -b mte https://github.com/gromero/qemu.git $ mkdir qemu/build && cd qemu/build $ ../configure --target-list=aarch64-linux-user --disable-docs $ make -j $ wget https://people.linaro.org/~gustavo.romero/gdb/mte_t $ chmod +x ./mte_t $ ./qemu-aarch64 -g 1234 ./mte_t ... and connect to QEMU gdbstub from GDB: gromero@amd:~/git/binutils-gdb/build$ ./gdb/gdb -q (gdb) target remote localhost:1234 Remote debugging using localhost:1234 Reading /tmp/qemu/build/mte_t from remote target... warning: File transfers from remote targets can be slow. Use "set sysroot" to access files locally instead. Reading /tmp/qemu/build/mte_t from remote target... Reading symbols from target:/tmp/qemu/build/mte_t... (gdb) c Continuing. Program received signal SIGSEGV, Segmentation fault Memory tag violation Fault address unavailable. 0x0000000000407290 in puts () (gdb) bt #0 0x0000000000407290 in puts () #1 0x000000000040088c in main () at mte_t.c:119 (gdb) frame 1 #1 0x000000000040088c in main () at mte_t.c:119 119 (gdb) memory-tag print-allocation-tag a $1 = 0x2 (gdb) set debug remote on (gdb) memory-tag print-allocation-tag a [remote] Sending packet: $qMemTagAddrCheck:200400000802000#1f [remote] Received Ack [remote] Packet received: 01 [remote] Sending packet: $qMemTags:400000802000,1:1#6f [remote] Received Ack [remote] Packet received: m02 $2 = 0x2 (gdb) Also, below is a test of the fallback mechanism using the gdbserver, which must use vFile requests instead of the new packet: In one terminal: gromero@arm64:~/git/binutils-gdb_remote/build$ ./gdbserver/gdbserver localhost:1234 /home/gromero/code/mte_t ... in another terminal: gromero@arm64:~/git/binutils-gdb_remote/build$ gdb/gdb -q (gdb) target remote localhost:1234 Remote debugging using localhost:1234 Reading /home/gromero/code/mte_t from remote target... warning: File transfers from remote targets can be slow. Use "set sysroot" to access files locally instead. Reading /home/gromero/code/mte_t from remote target... Reading symbols from target:/home/gromero/code/mte_t... Reading /home/gromero/.local/lib/debug/.build-id/a1/fb8db7731a11f85efa2ae80005bdb590796021.debug from remote target... Reading /usr/lib/debug/.build-id/a1/fb8db7731a11f85efa2ae80005bdb590796021.debug from remote target... 0x0000000000400580 in _start () (gdb) b 103 Breakpoint 1 at 0x400818: file mte_t.c, line 103. (gdb) c Continuing. Breakpoint 1, main () at mte_t.c:103 103 set_tag(a); (gdb) n 105 printf("%p\n", a); (gdb) set debug remote on (gdb) memory-tag print-allocation-tag a [remote] Sending packet: $m400948,4#06 [remote] Packet received: 3f030094 [remote] Sending packet: $m400944,4#02 [remote] Packet received: 60003fd6 [remote] Sending packet: $m400948,4#06 [remote] Packet received: 3f030094 [remote] Sending packet: $vFile:setfs:0#bf [remote] Packet received: F0 [remote] Sending packet: $vFile:open:2f70726f632f3236353634362f736d617073,0,1c0#b0 [remote] Packet received: F8 [remote] remote_hostio_pread: readahead cache miss 28 [remote] Sending packet: $vFile:pread:8,2001f,0#5f [remote] Packet received: Feaa;00400000-0047e000 r-xp 00000000 fe:02 5663492 /home/gromero/code/mte_t\nSize: 504 kB\nKernelPageSize: 4 kB\nMMUPageSize: 4 kB\nRss: 440 kB\nPss: 440 kB\nPss_Dirty: 12 kB\nShared_Clean: 0 kB\nShared_Dirty: 0 kB\nPrivate_Clean: 428 kB\nPrivate_Dirty: 12 kB\nReferenced: 440 kB\nAnonymous: 12 kB\nKSM: 0 kB\nLazyFree: 0 kB\nAnonHugePages: [3247 bytes omitted] [remote] remote_hostio_pread: readahead cache miss 29 [remote] Sending packet: $vFile:pread:8,2001f,eaa#56 [remote] Packet received: Fb96;fffff7ffc000-fffff7ffd000 rw-p 00000000 00:00 0 \nSize: 4 kB\nKernelPageSize: 4 kB\nMMUPageSize: 4 kB\nRss: 4 kB\nPss: 4 kB\nPss_Dirty: 4 kB\nShared_Clean: 0 kB\nShared_Dirty: 0 kB\nPrivate_Clean: 0 kB\nPrivate_Dirty: 4 kB\nReferenced: 4 kB\nAnonymous: 4 kB\nKSM: 0 kB\nLazyFree: 0 kB\nAnonHugePages: 0 kB\nShmemPmdMapped: 0 kB\nFilePmdMap [2459 bytes omitted] [remote] remote_hostio_pread: readahead cache miss 30 [remote] Sending packet: $vFile:pread:8,2001f,1a40#25 [remote] Packet received: F0; [remote] Sending packet: $vFile:close:8#b8 [remote] Packet received: F0 [remote] Sending packet: $qMemTags:fffff7ffc000,1:1#15 [remote] Packet received: m0e $1 = 0xe (gdb) Cheers, Gustavo Gustavo Romero (8): gdb: aarch64: Remove MTE address checking from get_memtag gdb: aarch64: Move MTE address check out of set_memtag gdb: aarch64: Remove MTE address checking from memtag_matches_p gdb: Use passed gdbarch instead of calling current_inferior gdb: Introduce is_address_tagged target hook gdb: Add qIsAddressTagged packet gdb/testsuite: Add unit tests for qIsAddressTagged packet gdb: Document qIsAddressTagged packet gdb/NEWS | 10 +++ gdb/aarch64-linux-nat.c | 15 ++++ gdb/aarch64-linux-tdep.c | 22 +----- gdb/arch-utils.c | 2 +- gdb/arch-utils.h | 2 +- gdb/corelow.c | 10 +++ gdb/doc/gdb.texinfo | 37 +++++++++- gdb/gdbarch-gen.h | 4 +- gdb/gdbarch.c | 2 +- gdb/gdbarch_components.py | 2 +- gdb/printcmd.c | 32 ++++---- gdb/remote.c | 151 ++++++++++++++++++++++++++++++++++++++ gdb/target-delegates.c | 30 ++++++++ gdb/target.c | 6 ++ gdb/target.h | 6 ++ 15 files changed, 288 insertions(+), 43 deletions(-) -- 2.34.1