[RFC,4/5] gdb/arm: Unwinding of secure procedure with cmse_nonsecure_entry attribute
Commit Message
This patch depends on pending:
"gdb/arm: PR 29738 Cache value for stack pointers for dwarf2 frames"
A secure procedure with cmse_nonsecure_entry attribute is compiled with
an epilogue ending by a return to the non-secure mode:
bxns lr
When a non-secure context called such procedure, the dwarf2 unwinder
did not know about cmse_nonsecure_entry attribute, did not see 'bxns'
at the return and therefore assumed a normal return keeping the security
state unchanged. This caused incorrect unwinding of the frames following
this one as the secure stack was used instead of non-secure.
Detect a procedure with cmse_nonsecure_entry attribute when unwinding
a secure frame. Change the security state to non-secure and use
the proper stack if the cmse_nonsecure_entry was detected.
The detection of the cmse_nonsecure_entry attribute is based on the split
secure gateway veneer and the rest of procedure with the name prefixed
by '__acle_se_'. This is documented in
https://developer.arm.com/documentation/100748/0619/Security-features-supported-in-Arm-Compiler-for-Embedded/Overview-of-building-Secure-and-Non-secure-images-with-the-Armv8-M-Security-Extension
and GCC conforms this model too.
To choose main or process non-secure stack we need xPSR and SPSEL
bit of CONTROL_NS. For simplicity CONTROL_NS is not tracked for changes
in the inner frames, the CONTROL_NS value is passed unchanged from
the innermost frame.
Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
---
gdb/arm-tdep.c | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 71 insertions(+), 8 deletions(-)
@@ -5125,6 +5125,7 @@ enum arm_vfp_cprc_base_type
frame_info_ptr this_frame)
{
arm_gdbarch_tdep *tdep = gdbarch_tdep<arm_gdbarch_tdep> (gdbarch);
+ bool is_sp = (regnum == ARM_SP_REGNUM);
if (is_pacbti_pseudo (gdbarch, regnum))
{
@@ -5140,12 +5141,10 @@ enum arm_vfp_cprc_base_type
reg->how = DWARF2_FRAME_REG_FN;
reg->loc.fn = arm_dwarf2_prev_register;
}
- else if (regnum == ARM_SP_REGNUM)
- reg->how = DWARF2_FRAME_REG_CFA;
- else if (arm_is_alternative_sp_register (tdep, regnum))
+ else if (is_sp || arm_is_alternative_sp_register (tdep, regnum))
{
/* Identify what stack pointers that are synced with sp. */
- bool override_with_sp_value = false;
+ bool override_with_sp_value = is_sp;
if (tdep->have_sec_ext)
{
@@ -5165,24 +5164,88 @@ enum arm_vfp_cprc_base_type
= get_frame_register_unsigned (this_frame,
tdep->m_profile_psp_ns_regnum);
+ bool is_secure = (sp == msp_s || sp == psp_s);
+ bool return_to_ns = false;
+ if (is_secure)
+ {
+ CORE_ADDR func = get_frame_func (this_frame);
+ struct bound_minimal_symbol sym
+ = lookup_minimal_symbol_by_pc (func);
+ if (sym.minsym)
+ {
+ const char *name = sym.minsym->natural_name ();
+ arm_debug_printf ("ret to ns check minsym %s", name);
+ return_to_ns = strncmp (name, "__acle_se_", 10) == 0;
+ }
+ }
+
+ bool ns_process_stack = false;
+ if (return_to_ns &&
+ (is_sp ||
+ regnum == tdep->m_profile_msp_s_regnum ||
+ regnum == tdep->m_profile_psp_s_regnum))
+ {
+ bool spsel = true;
+
+ if (tdep->m_profile_control_ns_regnum >= 0)
+ {
+ ULONGEST control_ns
+ = get_frame_register_unsigned (this_frame,
+ tdep->m_profile_control_ns_regnum);
+ spsel = (control_ns & (1 << 1)) != 0;
+ }
+
+ if (spsel)
+ {
+ ULONGEST xpsr = get_frame_register_unsigned (this_frame,
+ ARM_PS_REGNUM);
+ ns_process_stack = (xpsr & 0x1ff) == 0;
+ }
+
+ if (is_sp)
+ {
+ reg->how = DWARF2_FRAME_REG_SAVED_GDB_REG;
+ reg->loc.reg = ns_process_stack ?
+ tdep->m_profile_psp_ns_regnum :
+ tdep->m_profile_msp_ns_regnum;
+ return;
+ }
+ }
+
+ if (return_to_ns)
+ {
+ if (regnum == tdep->m_profile_msp_regnum)
+ {
+ reg->how = DWARF2_FRAME_REG_SAVED_GDB_REG;
+ reg->loc.reg = tdep->m_profile_msp_ns_regnum;
+ return;
+ }
+ else if (regnum == tdep->m_profile_psp_regnum)
+ {
+ reg->how = DWARF2_FRAME_REG_SAVED_GDB_REG;
+ reg->loc.reg = tdep->m_profile_psp_ns_regnum;
+ return;
+ }
+ }
+
bool is_msp = (regnum == tdep->m_profile_msp_regnum)
&& (msp_s == sp || msp_ns == sp);
bool is_msp_s = (regnum == tdep->m_profile_msp_s_regnum)
- && (msp_s == sp);
+ && (msp_s == sp || (return_to_ns && !ns_process_stack));
bool is_msp_ns = (regnum == tdep->m_profile_msp_ns_regnum)
&& (msp_ns == sp);
bool is_psp = (regnum == tdep->m_profile_psp_regnum)
&& (psp_s == sp || psp_ns == sp);
bool is_psp_s = (regnum == tdep->m_profile_psp_s_regnum)
- && (psp_s == sp);
+ && (psp_s == sp || (return_to_ns && ns_process_stack));
bool is_psp_ns = (regnum == tdep->m_profile_psp_ns_regnum)
&& (psp_ns == sp);
- override_with_sp_value = is_msp || is_msp_s || is_msp_ns
+ override_with_sp_value = is_sp || is_msp || is_msp_s || is_msp_ns
|| is_psp || is_psp_s || is_psp_ns;
}
- else if (tdep->is_m)
+ else if (tdep->is_m && !is_sp)
{
CORE_ADDR sp
= get_frame_register_unsigned (this_frame, ARM_SP_REGNUM);