[Bug tdep/29716] Arm v8 M-profile FNC_RETURN unwinder uses wrong stack

["torbjorn.svensson at st dot com" <sourceware-bugzilla@sourceware.org>]

https://sourceware.org/bugzilla/show_bug.cgi?id=29716

Torbjörn SVENSSON <torbjorn.svensson at st dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |torbjorn.svensson at st dot com

--- Comment #3 from Torbjörn SVENSSON <torbjorn.svensson at st dot com> ---
(In reply to tomas.vanek from comment #0)
> Discovered on STM32L552 with Cortex-M33, should be same for all ARMv8-M
> devices with the security extension.
> 
> A secure code runs in thread mode and uses MSP_S because CONTROL_S bit SPSEL
> = 0
> A non-secure function is called from secure code.
> Command 'backtrace' does not show the correct stack frames:
> 
>  (gdb) bt
>  #0  NonSecureFc ()
>  #1  <signal handler called>
>  #2  0x00000000 in ?? ()
>  Backtrace stopped: previous frame identical to this frame (corrupt stack?)
> 
> The problem is in arm-tdep.c:3394, function arm_m_exception_cache (),
> block if (fnc_return):
> 
>   ULONGEST xpsr = get_frame_register_unsigned (this_frame, ARM_PS_REGNUM);
>   if ((xpsr & 0xff) != 0)
>     /* Handler mode: This is the mode that exceptions are handled in.  */
>     arm_cache_switch_prev_sp (cache, tdep, tdep->m_profile_msp_s_regnum);
>   else
>     /* Thread mode: This is the normal mode that programs run in.  */
>     arm_cache_switch_prev_sp (cache, tdep, tdep->m_profile_psp_s_regnum);
> 
> This code does not comply
> Arm®v8-M Architecture Reference Manual
> B3.8 Stack pointer
> IDMLS "In Thread mode, CONTROL.SPSEL determines whether the PE uses the main
> or process stack"
> 
> and uses process stack regardless of SPSEL.
> 
> The test should check SPSEL bit of CONTROL_S register.
> Unfortunately the current arm-tdep is not aware of this register, we need to
> look up the register number in arm_gdbarch_init().
> 
> Moreover stack unwinders probably do not keep track of CONTROL_S updates.
> Even if we neglect usually very seldom updates of SPSEL and use the value
> from the innermost frame we have better chance to see correct stack frames.


I have not been able to reproduce this issue after applying below patch series.
Maybe they are still there, maybe they are indirectly fixed.
https://sourceware.org/pipermail/gdb-patches/2022-November/193391.html

@Tomas, can you take a look at them and see if it resolves the issues you've
seen?

Regarding the use of CONTROL.SPSEL instead of the xspr value; you can't use
CONTROL as it's not stacked on EXC_RETURN/FNC_RETURN and to my knowledge, it's
not part of the DWARF2 info either.

-- 
You are receiving this mail because:
You are on the CC list for the bug.