From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 37DBC3896815; Thu, 30 Apr 2020 19:39:11 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 37DBC3896815 From: "simark at simark dot ca" To: gdb-prs@sourceware.org Subject: [Bug breakpoints/25901] New: Intel CET / control flow instruction `endbr64` breaks prologue analysis Date: Thu, 30 Apr 2020 19:39:11 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gdb X-Bugzilla-Component: breakpoints X-Bugzilla-Version: HEAD X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: simark at simark dot ca X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gdb-prs@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb-prs mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Apr 2020 19:39:11 -0000 https://sourceware.org/bugzilla/show_bug.cgi?id=3D25901 Bug ID: 25901 Summary: Intel CET / control flow instruction `endbr64` breaks prologue analysis Product: gdb Version: HEAD Status: NEW Severity: normal Priority: P2 Component: breakpoints Assignee: unassigned at sourceware dot org Reporter: simark at simark dot ca Target Milestone: --- I get failures when running a simple `make check TESTS=3D"gdb.base/break.ex= p"` on Ubuntu 20.04. FAIL: gdb.base/break.exp: breakpoint at start of multi line if conditional FAIL: gdb.base/break.exp: breakpoint at start of multi line while condition= al FAIL: gdb.base/break.exp: breakpoint info FAIL: gdb.base/break.exp: info break 3-5 FAIL: gdb.base/break.exp: check disable with history values FAIL: gdb.base/break.exp: check disable with convenience values FAIL: gdb.base/break.exp: run until function breakpoint FAIL: gdb.base/break.exp: run until file:function(6) breakpoint FAIL: gdb.base/break.exp: run until file:function(5) breakpoint FAIL: gdb.base/break.exp: run until file:function(4) breakpoint FAIL: gdb.base/break.exp: run until file:function(3) breakpoint FAIL: gdb.base/break.exp: run until file:function(2) breakpoint FAIL: gdb.base/break.exp: run until file:function(1) breakpoint FAIL: gdb.base/break.exp: run until quoted breakpoint FAIL: gdb.base/break.exp: Temporary breakpoint info FAIL: gdb.base/break.exp: run to factorial(6) FAIL: gdb.base/break.exp: continue to factorial(5) FAIL: gdb.base/break.exp: backtrace from factorial(5) FAIL: gdb.base/break.exp: next to recursive call FAIL: gdb.base/break.exp: next over recursive call FAIL: gdb.base/break.exp: backtrace from factorial(5.1) The underlying issue is that control flow protection is enabled in the dist= ro's gcc 9.3.0 compiler. Running: make check TESTS=3D"gdb.base/break.exp" RUNTESTFLAGS=3D"--target_board=3Dunix/-fcf-protection=3Dnone" does not show failures. Let's take this dummy program: int main(void) { return 0; } and build it without control flow protection: $ gcc test.c -g3 -O0 -fcf-protection=3Dnone $ readelf --debug-dump=3Ddecodedline a.out=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 Contents of the .debug_line section: CU: ./test.c: File name Line number Starting address Vie= w=20=20=20 Stmt test.c 2 0x1129=20=20= =20=20=20=20=20=20=20=20=20 x test.c 3 0x112d=20=20= =20=20=20=20=20=20=20=20=20 x test.c 4 0x1132=20=20= =20=20=20=20=20=20=20=20=20 x test.c 4 0x1134=20=20= =20=20=20=20=20=20=20=20=20 x $ ./gdb -q -nx --data-directory=3Ddata-directory a.out Reading symbols from a.out... (gdb) disassemble main Dump of assembler code for function main: 0x0000000000001129 <+0>: push %rbp 0x000000000000112a <+1>: mov %rsp,%rbp 0x000000000000112d <+4>: mov $0x0,%eax 0x0000000000001132 <+9>: pop %rbp 0x0000000000001133 <+10>: retq=20=20=20 End of assembler dump. (gdb) b main Breakpoint 1 at 0x112d: file test.c, line 3. The breakpoint is correctly put after the prologue. Let's now build it with control flow protection: $ gcc test.c -g3 -O0 -fcf-protection=3Dfull $ readelf --debug-dump=3Ddecodedline a.out=20=20=20=20=20=20=20=20=20=20=20= =20 Contents of the .debug_line section: CU: ./test.c: File name Line number Starting address Vie= w=20=20=20 Stmt test.c 2 0x1129=20=20= =20=20=20=20=20=20=20=20=20 x test.c 3 0x1131=20=20= =20=20=20=20=20=20=20=20=20 x test.c 4 0x1136=20=20= =20=20=20=20=20=20=20=20=20 x test.c 4 0x1138=20=20= =20=20=20=20=20=20=20=20=20 x $ ./gdb -q -nx --data-directory=3Ddata-directory a.out Reading symbols from a.out... (gdb) disassemble main Dump of assembler code for function main: 0x0000000000001129 <+0>: endbr64=20 0x000000000000112d <+4>: push %rbp 0x000000000000112e <+5>: mov %rsp,%rbp 0x0000000000001131 <+8>: mov $0x0,%eax 0x0000000000001136 <+13>: pop %rbp 0x0000000000001137 <+14>: retq=20=20=20 End of assembler dump. (gdb) b main Breakpoint 1 at 0x1129: file test.c, line 2. The breakpoint is wrongfully put at the first byte of the function. --=20 You are receiving this mail because: You are on the CC list for the bug.=