• R/O
  • HTTP
  • SSH
  • HTTPS

提交

标签
No Tags

Frequently used words (click to add to your profile)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

Commit MetaInfo

修订版23295de1317433210cb0303ef304e68763607c78 (tree)
时间2022-10-26 21:00:50
作者Luis Machado <luis.machado@arm....>
CommiterLuis Machado

Log Message

gdb/arm: Fix M-profile EXC_RETURN

Arm v8-M Architecture Reference Manual,
D1.2.95 EXC_RETURN, Exception Return Payload
describes ES bit:

"ES, bit [0]

Exception Secure. The security domain the exception was taken to.
The possible values of this bit are:
0 Non-secure.
1 Secure"

arm-tdep.c:3443, arm_m_exception_cache () function tests this bit:

exception_domain_is_secure = (bit (lr, 0) == 0);

The test is negated!

Later on line 3553, the condition evaluates if an additional state
context is stacked:

/* With the Security extension, the hardware saves R4..R11 too. */
if (tdep->have_sec_ext && secure_stack_used
&& (!default_callee_register_stacking || exception_domain_is_secure))

RM, B3.19 Exception entry, context stacking
reads:
RPLHM "In a PE with the Security Extension, on taking an exception,
the PE hardware:

...
  1. If exception entry requires a transition from Secure state to
    Non-secure state, the PE hardware extends the stack frame and also
    saves additional state context."

So we should test for !exception_domain_is_secure instead of non-negated
value!
These two bugs compensate each other so unstacking works correctly.

But another test of exception_domain_is_secure (negated due to the
first bug) prevents arm_unwind_secure_frames to work as expected:

/* Unwinding from non-secure to secure can trip security
      1. In order to avoid the debugger being
        intrusive, rely on the user to configure the requested
      2. */
if (secure_stack_used && !exception_domain_is_secure
&& !arm_unwind_secure_frames)

Test with GNU gdb (GDB) 13.0.50.20221016-git.
Stopped in a non-secure handler:

(gdb) set arm unwind-secure-frames 0
(gdb) bt
#0 HAL_SYSTICK_Callback () at C:/dvl/stm32l5trustzone/GPIO_IOToggle_TrustZone/NonSecure/Src/nsmain.c:490
#1 0x0804081c in SysTick_Handler ()
at C:/dvl/stm32l5trustzone/GPIO_IOToggle_TrustZone/NonSecure/Src/nsstm32l5xx_it.c:134
#2 <signal handler called>
#3 HAL_GPIO_ReadPin (GPIOx=0x52020800, GPIO_Pin=8192)
at C:/dvl/stm32l5trustzone/GPIO_IOToggle_TrustZone/Drivers/STM32L5xx_HAL_Driver/Src/stm32l5xx_hal_gpio.c:386
#4 0x0c000338 in SECURE_Mode () at C:/dvl/stm32l5trustzone/GPIO_IOToggle_TrustZone/Secure/Src/main.c:86
#5 0x080403f2 in main () at C:/dvl/stm32l5trustzone/GPIO_IOToggle_TrustZone/NonSecure/Src/nsmain.c:278
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

The frames #3 and #4 are secure. backtrace should stop before #3.

Stopped in a secure handler:

(gdb) bt
#0 HAL_SYSTICK_Callback () at C:/dvl/stm32l5trustzone/GPIO_IOToggle_TrustZone/Secure/Src/main.c:425
#1 0x0c000b6a in SysTick_Handler ()
at C:/dvl/stm32l5trustzone/GPIO_IOToggle_TrustZone/Secure/Src/stm32l5xx_it.c:234
warning: Non-secure to secure stack unwinding disabled.
#2 <signal handler called>

The exception from secure to secure erroneously stops unwinding. It should
continue as far as the security unlimited backtrace:

(gdb) set arm unwind-secure-frames 1
(gdb) si <-- used to rebuild frame cache after change of unwind-secure-frames
0x0c0008e6 425 if (SecureTimingDelay != 0U)
(gdb) bt
#0 0x0c0008e6 in HAL_SYSTICK_Callback () at C:/dvl/stm32l5trustzone/GPIO_IOToggle_TrustZone/Secure/Src/main.c:425
#1 0x0c000b6a in SysTick_Handler ()
at C:/dvl/stm32l5trustzone/GPIO_IOToggle_TrustZone/Secure/Src/stm32l5xx_it.c:234
#2 <signal handler called>
#3 0x0c000328 in SECURE_Mode () at C:/dvl/stm32l5trustzone/GPIO_IOToggle_TrustZone/Secure/Src/main.c:88
#4 0x080403f2 in main () at C:/dvl/stm32l5trustzone/GPIO_IOToggle_TrustZone/NonSecure/Src/nsmain.c:278
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Set exception_domain_is_secure to the value expected by its name.
Fix exception_domain_is_secure usage in the additional state context
stacking condition.

Signed-off-by: Tomas Vanek <vanekt@fbl.cz>

更改概述

差异

--- a/gdb/arm-tdep.c
+++ b/gdb/arm-tdep.c
@@ -3489,7 +3489,7 @@ arm_m_exception_cache (frame_info_ptr this_frame)
34893489 {
34903490 secure_stack_used = (bit (lr, 6) != 0);
34913491 default_callee_register_stacking = (bit (lr, 5) != 0);
3492- exception_domain_is_secure = (bit (lr, 0) == 0);
3492+ exception_domain_is_secure = (bit (lr, 0) != 0);
34933493
34943494 /* Unwinding from non-secure to secure can trip security
34953495 measures. In order to avoid the debugger being
@@ -3599,7 +3599,7 @@ arm_m_exception_cache (frame_info_ptr this_frame)
35993599
36003600 /* With the Security extension, the hardware saves R4..R11 too. */
36013601 if (tdep->have_sec_ext && secure_stack_used
3602- && (!default_callee_register_stacking || exception_domain_is_secure))
3602+ && (!default_callee_register_stacking || !exception_domain_is_secure))
36033603 {
36043604 /* Read R4..R11 from the integer callee registers. */
36053605 cache->saved_regs[4].set_addr (unwound_sp + 0x08);