forked from Imagelibrary/binutils-gdb
6d0020873d
At the moment GDB only handles pointer authentication (pauth) for userspace
addresses and if we're debugging a Linux-hosted program.
The Linux Kernel can be configured to use pauth instructions for some
additional security hardening, but GDB doesn't handle this well.
To overcome this limitation, GDB needs a couple things:
1 - The target needs to advertise pauth support.
2 - The hook to remove non-address bits from a pointer needs to be registered
in aarch64-tdep.c as opposed to aarch64-linux-tdep.c.
There is a patch for QEMU that addresses the first point, and it makes
QEMU's gdbstub expose a couple more pauth mask registers, so overall we will
have up to 4 pauth masks (2 masks or 4 masks):
pauth_dmask
pauth_cmask
pauth_dmask_high
pauth_cmask_high
pauth_dmask and pauth_cmask are the masks used to remove pauth signatures
from userspace addresses. pauth_dmask_high and pauth_cmask_high masks are used
to remove pauth signatures from kernel addresses.
The second point is easily addressed by moving code around.
When debugging a Linux Kernel built with pauth with an unpatched GDB, we get
the following backtrace:
#0 __fput (file=0xffff0000c17a6400) at /repos/linux/fs/file_table.c:296
#1 0xffff8000082bd1f0 in ____fput (work=<optimized out>) at /repos/linux/fs/file_table.c:348
#2 0x30008000080ade30 [PAC] in ?? ()
#3 0x30d48000080ade30 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
With a patched GDB, we get something a lot more meaningful:
#0 __fput (file=0xffff0000c1bcfa00) at /repos/linux/fs/file_table.c:296
#1 0xffff8000082bd1f0 in ____fput (work=<optimized out>) at /repos/linux/fs/file_table.c:348
#2 0xffff8000080ade30 [PAC] in task_work_run () at /repos/linux/kernel/task_work.c:179
#3 0xffff80000801db90 [PAC] in resume_user_mode_work (regs=0xffff80000a96beb0) at /repos/linux/include/linux/resume_user_mode.h:49
#4 do_notify_resume (regs=regs@entry=0xffff80000a96beb0, thread_flags=4) at /repos/linux/arch/arm64/kernel/signal.c:1127
#5 0xffff800008fb9974 [PAC] in prepare_exit_to_user_mode (regs=0xffff80000a96beb0) at /repos/linux/arch/arm64/kernel/entry-common.c:137
#6 exit_to_user_mode (regs=0xffff80000a96beb0) at /repos/linux/arch/arm64/kernel/entry-common.c:142
#7 el0_svc (regs=0xffff80000a96beb0) at /repos/linux/arch/arm64/kernel/entry-common.c:638
#8 0xffff800008fb9d34 [PAC] in el0t_64_sync_handler (regs=<optimized out>) at /repos/linux/arch/arm64/kernel/entry-common.c:655
#9 0xffff800008011548 [PAC] in el0t_64_sync () at /repos/linux/arch/arm64/kernel/entry.S:586
Backtrace stopped: Cannot access memory at address 0xffff80000a96c0c8
175 lines
6.2 KiB
C++
175 lines
6.2 KiB
C++
/* Common target-dependent functionality for AArch64.
|
|
|
|
Copyright (C) 2017-2023 Free Software Foundation, Inc.
|
|
|
|
This file is part of GDB.
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>. */
|
|
|
|
#ifndef ARCH_AARCH64_H
|
|
#define ARCH_AARCH64_H
|
|
|
|
#include "gdbsupport/tdesc.h"
|
|
|
|
/* Holds information on what architectural features are available. This is
|
|
used to select register sets. */
|
|
struct aarch64_features
|
|
{
|
|
/* A non zero VQ value indicates both the presence of SVE and the
|
|
Vector Quotient - the number of 128bit chunks in an SVE Z
|
|
register. */
|
|
uint64_t vq = 0;
|
|
|
|
bool pauth = false;
|
|
bool mte = false;
|
|
|
|
/* A positive TLS value indicates the number of TLS registers available. */
|
|
uint8_t tls = 0;
|
|
};
|
|
|
|
inline bool operator==(const aarch64_features &lhs, const aarch64_features &rhs)
|
|
{
|
|
return lhs.vq == rhs.vq
|
|
&& lhs.pauth == rhs.pauth
|
|
&& lhs.mte == rhs.mte
|
|
&& lhs.tls == rhs.tls;
|
|
}
|
|
|
|
namespace std
|
|
{
|
|
template<>
|
|
struct hash<aarch64_features>
|
|
{
|
|
std::size_t operator()(const aarch64_features &features) const noexcept
|
|
{
|
|
std::size_t h;
|
|
|
|
h = features.vq;
|
|
h = h << 1 | features.pauth;
|
|
h = h << 1 | features.mte;
|
|
/* Shift by two bits for now. We may need to increase this in the future
|
|
if more TLS registers get added. */
|
|
h = h << 2 | features.tls;
|
|
return h;
|
|
}
|
|
};
|
|
}
|
|
|
|
/* Create the aarch64 target description. */
|
|
|
|
target_desc *
|
|
aarch64_create_target_description (const aarch64_features &features);
|
|
|
|
/* Given a pointer value POINTER and a MASK of non-address bits, remove the
|
|
non-address bits from the pointer and sign-extend the result if required.
|
|
The sign-extension is required so we can handle kernel addresses
|
|
correctly. */
|
|
CORE_ADDR aarch64_remove_top_bits (CORE_ADDR pointer, CORE_ADDR mask);
|
|
|
|
/* Given CMASK and DMASK the two PAC mask registers, return the correct PAC
|
|
mask to use for removing non-address bits from a pointer. */
|
|
CORE_ADDR
|
|
aarch64_mask_from_pac_registers (const CORE_ADDR cmask, const CORE_ADDR dmask);
|
|
|
|
/* Register numbers of various important registers.
|
|
Note that on SVE, the Z registers reuse the V register numbers and the V
|
|
registers become pseudo registers. */
|
|
enum aarch64_regnum
|
|
{
|
|
AARCH64_X0_REGNUM, /* First integer register. */
|
|
AARCH64_FP_REGNUM = AARCH64_X0_REGNUM + 29, /* Frame register, if used. */
|
|
AARCH64_LR_REGNUM = AARCH64_X0_REGNUM + 30, /* Return address. */
|
|
AARCH64_SP_REGNUM, /* Stack pointer. */
|
|
AARCH64_PC_REGNUM, /* Program counter. */
|
|
AARCH64_CPSR_REGNUM, /* Current Program Status Register. */
|
|
AARCH64_V0_REGNUM, /* First fp/vec register. */
|
|
AARCH64_V31_REGNUM = AARCH64_V0_REGNUM + 31, /* Last fp/vec register. */
|
|
AARCH64_SVE_Z0_REGNUM = AARCH64_V0_REGNUM, /* First SVE Z register. */
|
|
AARCH64_SVE_Z31_REGNUM = AARCH64_V31_REGNUM, /* Last SVE Z register. */
|
|
AARCH64_FPSR_REGNUM, /* Floating Point Status Register. */
|
|
AARCH64_FPCR_REGNUM, /* Floating Point Control Register. */
|
|
AARCH64_SVE_P0_REGNUM, /* First SVE predicate register. */
|
|
AARCH64_SVE_P15_REGNUM = AARCH64_SVE_P0_REGNUM + 15, /* Last SVE predicate
|
|
register. */
|
|
AARCH64_SVE_FFR_REGNUM, /* SVE First Fault Register. */
|
|
AARCH64_SVE_VG_REGNUM, /* SVE Vector Granule. */
|
|
|
|
/* Other useful registers. */
|
|
AARCH64_LAST_X_ARG_REGNUM = AARCH64_X0_REGNUM + 7,
|
|
AARCH64_STRUCT_RETURN_REGNUM = AARCH64_X0_REGNUM + 8,
|
|
AARCH64_LAST_V_ARG_REGNUM = AARCH64_V0_REGNUM + 7
|
|
};
|
|
|
|
/* Sizes of various AArch64 registers. */
|
|
#define AARCH64_TLS_REGISTER_SIZE 8
|
|
#define V_REGISTER_SIZE 16
|
|
|
|
/* PAC-related constants. */
|
|
/* Bit 55 is used to select between a kernel-space and user-space address. */
|
|
#define VA_RANGE_SELECT_BIT_MASK 0x80000000000000ULL
|
|
/* Mask with 1's in bits 55~63, used to remove the top byte of pointers
|
|
(Top Byte Ignore). */
|
|
#define AARCH64_TOP_BITS_MASK 0xff80000000000000ULL
|
|
|
|
/* Pseudo register base numbers. */
|
|
#define AARCH64_Q0_REGNUM 0
|
|
#define AARCH64_D0_REGNUM (AARCH64_Q0_REGNUM + AARCH64_D_REGISTER_COUNT)
|
|
#define AARCH64_S0_REGNUM (AARCH64_D0_REGNUM + 32)
|
|
#define AARCH64_H0_REGNUM (AARCH64_S0_REGNUM + 32)
|
|
#define AARCH64_B0_REGNUM (AARCH64_H0_REGNUM + 32)
|
|
#define AARCH64_SVE_V0_REGNUM (AARCH64_B0_REGNUM + 32)
|
|
|
|
#define AARCH64_PAUTH_DMASK_REGNUM(pauth_reg_base) (pauth_reg_base)
|
|
#define AARCH64_PAUTH_CMASK_REGNUM(pauth_reg_base) (pauth_reg_base + 1)
|
|
/* The high versions of these masks are used for bare metal/kernel-mode pointer
|
|
authentication support. */
|
|
#define AARCH64_PAUTH_DMASK_HIGH_REGNUM(pauth_reg_base) (pauth_reg_base + 2)
|
|
#define AARCH64_PAUTH_CMASK_HIGH_REGNUM(pauth_reg_base) (pauth_reg_base + 3)
|
|
|
|
/* This size is only meant for Linux, not bare metal. QEMU exposes 4 masks. */
|
|
#define AARCH64_PAUTH_REGS_SIZE (16)
|
|
|
|
#define AARCH64_X_REGS_NUM 31
|
|
#define AARCH64_V_REGS_NUM 32
|
|
#define AARCH64_SVE_Z_REGS_NUM AARCH64_V_REGS_NUM
|
|
#define AARCH64_SVE_P_REGS_NUM 16
|
|
#define AARCH64_NUM_REGS AARCH64_FPCR_REGNUM + 1
|
|
#define AARCH64_SVE_NUM_REGS AARCH64_SVE_VG_REGNUM + 1
|
|
|
|
/* There are a number of ways of expressing the current SVE vector size:
|
|
|
|
VL : Vector Length.
|
|
The number of bytes in an SVE Z register.
|
|
VQ : Vector Quotient.
|
|
The number of 128bit chunks in an SVE Z register.
|
|
VG : Vector Granule.
|
|
The number of 64bit chunks in an SVE Z register. */
|
|
|
|
#define sve_vg_from_vl(vl) ((vl) / 8)
|
|
#define sve_vl_from_vg(vg) ((vg) * 8)
|
|
#ifndef sve_vq_from_vl
|
|
#define sve_vq_from_vl(vl) ((vl) / 0x10)
|
|
#endif
|
|
#ifndef sve_vl_from_vq
|
|
#define sve_vl_from_vq(vq) ((vq) * 0x10)
|
|
#endif
|
|
#define sve_vq_from_vg(vg) (sve_vq_from_vl (sve_vl_from_vg (vg)))
|
|
#define sve_vg_from_vq(vq) (sve_vg_from_vl (sve_vl_from_vq (vq)))
|
|
|
|
|
|
/* Maximum supported VQ value. Increase if required. */
|
|
#define AARCH64_MAX_SVE_VQ 16
|
|
|
|
#endif /* ARCH_AARCH64_H */
|