* icache-dcache coherence on ARM
@ 2019-05-06 19:30 Xiaozhu Meng
2019-05-06 20:52 ` John Baldwin
0 siblings, 1 reply; 5+ messages in thread
From: Xiaozhu Meng @ 2019-05-06 19:30 UTC (permalink / raw)
To: gdb
Hi,
I am reading gdb's source code to hopefully get answers for a question that
I have in my other project.
On ARM, the architecture does not guarantee that icache and dcache are
coherent. When GDB writes a software breakpoint into the inferior's address
space, is it possible that the inferior executes outdated code in icache
and thus miss the software breakpoint?
I try to search around the gdb code base to understand whether GDB flushes
icache or not, but could not find answers.
I appreciate any feedback!
Thanks,
--Xiaozhu
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: icache-dcache coherence on ARM
2019-05-06 19:30 icache-dcache coherence on ARM Xiaozhu Meng
@ 2019-05-06 20:52 ` John Baldwin
2019-05-06 21:17 ` Xiaozhu Meng
0 siblings, 1 reply; 5+ messages in thread
From: John Baldwin @ 2019-05-06 20:52 UTC (permalink / raw)
To: Xiaozhu Meng, gdb
On 5/6/19 12:30 PM, Xiaozhu Meng wrote:
> Hi,
>
> I am reading gdb's source code to hopefully get answers for a question that
> I have in my other project.
>
> On ARM, the architecture does not guarantee that icache and dcache are
> coherent. When GDB writes a software breakpoint into the inferior's address
> space, is it possible that the inferior executes outdated code in icache
> and thus miss the software breakpoint?
>
> I try to search around the gdb code base to understand whether GDB flushes
> icache or not, but could not find answers.
>
> I appreciate any feedback!
I suspect that the cache flushing is done by the host OS kernel in response
to the write. This is what happens on FreeBSD at least where any executable
page in a process written to via ptrace(PT_IO) has its i-cache flushed by this
code in sys/kern/sys_process.c in proc_rwmem():
/*
* Now do the i/o move.
*/
error = uiomove_fromphys(&m, page_offset, len, uio);
/* Make the I-cache coherent for breakpoints. */
if (writing && error == 0) {
vm_map_lock_read(map);
if (vm_map_check_protection(map, pageno, pageno +
PAGE_SIZE, VM_PROT_EXECUTE))
vm_sync_icache(map, uva, len);
vm_map_unlock_read(map);
}
--
John Baldwin
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: icache-dcache coherence on ARM
2019-05-06 20:52 ` John Baldwin
@ 2019-05-06 21:17 ` Xiaozhu Meng
2019-05-06 21:37 ` John Baldwin
0 siblings, 1 reply; 5+ messages in thread
From: Xiaozhu Meng @ 2019-05-06 21:17 UTC (permalink / raw)
To: John Baldwin; +Cc: gdb
Hi John,
Thanks for your reply!
I asked this question because our project on Linux actually encountered
this problem where we use ptrace to write new code into the inferior and
then continue the inferior. The continued inferior sometimes works as
expected, but sometimes crashes due to SIGILLs on seemingly legitimate
instructions.
So, I am very interested in seeing how GDB deals with this problem on
Linux.
Thanks,
--Xiaozhu
On Mon, May 6, 2019 at 3:52 PM John Baldwin <jhb@freebsd.org> wrote:
> On 5/6/19 12:30 PM, Xiaozhu Meng wrote:
> > Hi,
> >
> > I am reading gdb's source code to hopefully get answers for a question
> that
> > I have in my other project.
> >
> > On ARM, the architecture does not guarantee that icache and dcache are
> > coherent. When GDB writes a software breakpoint into the inferior's
> address
> > space, is it possible that the inferior executes outdated code in icache
> > and thus miss the software breakpoint?
> >
> > I try to search around the gdb code base to understand whether GDB
> flushes
> > icache or not, but could not find answers.
> >
> > I appreciate any feedback!
>
> I suspect that the cache flushing is done by the host OS kernel in response
> to the write. This is what happens on FreeBSD at least where any
> executable
> page in a process written to via ptrace(PT_IO) has its i-cache flushed by
> this
> code in sys/kern/sys_process.c in proc_rwmem():
>
> /*
> * Now do the i/o move.
> */
> error = uiomove_fromphys(&m, page_offset, len, uio);
>
> /* Make the I-cache coherent for breakpoints. */
> if (writing && error == 0) {
> vm_map_lock_read(map);
> if (vm_map_check_protection(map, pageno, pageno +
> PAGE_SIZE, VM_PROT_EXECUTE))
> vm_sync_icache(map, uva, len);
> vm_map_unlock_read(map);
> }
>
>
> --
> John Baldwin
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: icache-dcache coherence on ARM
2019-05-06 21:17 ` Xiaozhu Meng
@ 2019-05-06 21:37 ` John Baldwin
2019-05-07 2:52 ` Xiaozhu Meng
0 siblings, 1 reply; 5+ messages in thread
From: John Baldwin @ 2019-05-06 21:37 UTC (permalink / raw)
To: Xiaozhu Meng; +Cc: gdb
On 5/6/19 2:17 PM, Xiaozhu Meng wrote:
> Hi John,
>
> Thanks for your reply!
>
> I asked this question because our project on Linux actually encountered
> this problem where we use ptrace to write new code into the inferior and
> then continue the inferior. The continued inferior sometimes works as
> expected, but sometimes crashes due to SIGILLs on seemingly legitimate
> instructions.
>
> So, I am very interested in seeing how GDB deals with this problem on
> Linux.
I do not see any explicit cache management in linux-nat.c or arm-linux-nat.c,
so my best guess is that GDB is relying on the kernel to manage this on
Linux as well. I do see that TARGET_OBJECT_MEMORY on Linux can sometimes
use /proc/<pid>/mem instead of ptrace(). I'm not very familiar with the
Linux kernel, but one thing to check might be that both ptrace and procfs
are doing the i-cache invalidation.
--
John Baldwin
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: icache-dcache coherence on ARM
2019-05-06 21:37 ` John Baldwin
@ 2019-05-07 2:52 ` Xiaozhu Meng
0 siblings, 0 replies; 5+ messages in thread
From: Xiaozhu Meng @ 2019-05-07 2:52 UTC (permalink / raw)
To: John Baldwin; +Cc: gdb
Hi John,
Thanks for hinting that GDB may also use procfs. I replaced ptrace() with
procfs to write code to the inferior and my code is now always working as
expected!
I appreciate your helps!
Thanks,
--Xiaozhu
On Mon, May 6, 2019 at 4:37 PM John Baldwin <jhb@freebsd.org> wrote:
> On 5/6/19 2:17 PM, Xiaozhu Meng wrote:
> > Hi John,
> >
> > Thanks for your reply!
> >
> > I asked this question because our project on Linux actually encountered
> > this problem where we use ptrace to write new code into the inferior and
> > then continue the inferior. The continued inferior sometimes works as
> > expected, but sometimes crashes due to SIGILLs on seemingly legitimate
> > instructions.
> >
> > So, I am very interested in seeing how GDB deals with this problem on
> > Linux.
>
> I do not see any explicit cache management in linux-nat.c or
> arm-linux-nat.c,
> so my best guess is that GDB is relying on the kernel to manage this on
> Linux as well. I do see that TARGET_OBJECT_MEMORY on Linux can sometimes
> use /proc/<pid>/mem instead of ptrace(). I'm not very familiar with the
> Linux kernel, but one thing to check might be that both ptrace and procfs
> are doing the i-cache invalidation.
>
> --
> John Baldwin
>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-05-07 2:52 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-06 19:30 icache-dcache coherence on ARM Xiaozhu Meng
2019-05-06 20:52 ` John Baldwin
2019-05-06 21:17 ` Xiaozhu Meng
2019-05-06 21:37 ` John Baldwin
2019-05-07 2:52 ` Xiaozhu Meng
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).