Toolchain/binutils-gdb
1
0
Fork 0
forked from Imagelibrary/binutils-gdb
Code Pull Requests Activity
Files
a68f7e9844208ad8cd498f89b5100084ece7d0f6
binutils-gdb/gdb/i386-tdep.h
Andrew Burgess cf141dd8cc gdb: fix reg corruption from displaced stepping on amd64 
This commit aims to address a problem that exists with the current
approach to displaced stepping, and was identified in PR gdb/22921.

Displaced stepping is currently supported on AArch64, ARM, amd64,
i386, rs6000 (ppc), and s390.  Of these, I believe there is a problem
with the current approach which will impact amd64 and ARM, and can
lead to random register corruption when the inferior makes use of
asynchronous signals and GDB is using displaced stepping.

The problem can be found in displaced_step_buffers::finish in
displaced-stepping.c, and is this; after GDB tries to perform a
displaced step, and the inferior stops, GDB classifies the stop into
one of two states, either the displaced step succeeded, or the
displaced step failed.

If the displaced step succeeded then gdbarch_displaced_step_fixup is
called, which has the job of fixing up the state of the current
inferior as if the step had not been performed in a displaced manner.
This all seems just fine.

However, if the displaced step is considered to have not completed
then GDB doesn't call gdbarch_displaced_step_fixup, instead GDB
remains in displaced_step_buffers::finish and just performs a minimal
fixup which involves adjusting the program counter back to its
original value.

The problem here is that for amd64 and ARM setting up for a displaced
step can involve changing the values in some temporary registers.  If
the displaced step succeeds then this is fine; after the step the
temporary registers are restored to their original values in the
architecture specific code.

But if the displaced step does not succeed then the temporary
registers are never restored, and they retain their modified values.

In this context a temporary register is simply any register that is
not otherwise used by the instruction being stepped that the
architecture specific code considers safe to borrow for the lifetime
of the instruction being stepped.

In the bug PR gdb/22921, the amd64 instruction being stepped is
an rip-relative instruction like this:

  jmp    *0x2fe2(%rip)

When we displaced step this instruction we borrow a register, and
modify the instruction to something like:

  jmp    *0x2fe2(%rcx)

with %rcx having its value adjusted to contain the original %rip
value.

Now if the displaced step does not succeed, then %rcx will be left
with a corrupted value.  Obviously corrupting any register is bad; in
the bug report this problem was spotted because %rcx is used as a
function argument register.

And finally, why might a displaced step not succeed?  Asynchronous
signals provides one reason.  GDB sets up for the displaced step and,
at that precise moment, the OS delivers a signal (SIGALRM in the bug
report), the signal stops the inferior at the address of the displaced
instruction.  GDB cancels the displaced instruction, handles the
signal, and then tries again with the displaced step.  But it is that
first cancellation of the displaced step that causes the problem; in
that case GDB (correctly) sees the displaced step as having not
completed, and so does not perform the architecture specific fixup,
leaving the register corrupted.

The reason why I think AArch64, rs600, i386, and s390 are not effected
by this problem is that I don't believe these architectures make use
of any temporary registers, so when a displaced step is not completed
successfully, the minimal fix up is sufficient.

On amd64 we use at most one temporary register.

On ARM, looking at arm_displaced_step_copy_insn_closure, we could
modify up to 16 temporary registers, and the instruction being
displaced stepped could be expanded to multiple replacement
instructions, which increases the chances of this bug triggering.

This commit only aims to address the issue on amd64 for now, though I
believe that the approach I'm proposing here might be applicable for
ARM too.

What I propose is that we always call gdbarch_displaced_step_fixup.

We will now pass an extra argument to gdbarch_displaced_step_fixup,
this a boolean that indicates whether GDB thinks the displaced step
completed successfully or not.

When this flag is false this indicates that the displaced step halted
for some "other" reason.  On ARM GDB can potentially read the
inferior's program counter in order figure out how far through the
sequence of replacement instructions we got, and from that GDB can
figure out what fixup needs to be performed.

On targets like amd64 the problem is slightly easier as displaced
stepping only uses a single replacement instruction.  If the displaced
step didn't complete the GDB knows that the single instruction didn't
execute.

The point is that by always calling gdbarch_displaced_step_fixup, each
architecture can now ensure that the inferior state is fixed up
correctly in all cases, not just the success case.

On amd64 this ensures that we always restore the temporary register
value, and so bug PR gdb/22921 is resolved.

In order to move all architectures to this new API, I have moved the
minimal roll-back version of the code inside the architecture specific
fixup functions for AArch64, rs600, s390, and ARM.  For all of these
except ARM I think this is good enough, as no temporaries are used all
that's needed is the program counter restore anyway.

For ARM the minimal code is no worse than what we had before, though I
do consider this architecture's displaced-stepping broken.

I've updated the gdb.arch/amd64-disp-step.exp test to cover the
'jmpq*' instruction that was causing problems in the original bug, and
also added support for testing the displaced step in the presence of
asynchronous signal delivery.

I've also added two new tests (for amd64 and i386) that check that GDB
can correctly handle displaced stepping over a single instruction that
branches to itself.  I added these tests after a first version of this
patch relied too much on checking the program-counter value in order
to see if the displaced instruction had executed.  This works fine in
almost all cases, but when an instruction branches to itself a pure
program counter check is not sufficient.  The new tests expose this
problem.

Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=22921

Approved-By: Pedro Alves <pedro@palves.net>
2023-04-06 14:22:10 +01:00

489 lines
16 KiB
C++
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/* Target-dependent code for the i386.
Copyright (C) 2001-2023 Free Software Foundation, Inc.
This file is part of GDB.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
#ifndef I386_TDEP_H
#define I386_TDEP_H
#include "gdbarch.h"
#include "infrun.h"
#include "expression.h"
class frame_info_ptr;
struct gdbarch;
struct reggroup;
struct regset;
struct regcache;
/* GDB's i386 target supports both the 32-bit Intel Architecture
(IA-32) and the 64-bit AMD x86-64 architecture. Internally it uses
a similar register layout for both.
- General purpose registers
- FPU data registers
- FPU control registers
- SSE data registers
- SSE control register
The general purpose registers for the x86-64 architecture are quite
different from IA-32. Therefore, gdbarch_fp0_regnum
determines the register number at which the FPU data registers
start. The number of FPU data and control registers is the same
for both architectures. The number of SSE registers however,
differs and is determined by the num_xmm_regs member of `struct
gdbarch_tdep'. */
/* Convention for returning structures. */
enum struct_return
{
pcc_struct_return, /* Return "short" structures in memory. */
reg_struct_return /* Return "short" structures in registers. */
};
/* i386 architecture specific information. */
struct i386_gdbarch_tdep : gdbarch_tdep_base
{
/* General-purpose registers. */
int *gregset_reg_offset = 0;
int gregset_num_regs = 0;
size_t sizeof_gregset = 0;
/* Floating-point registers. */
size_t sizeof_fpregset = 0;
/* Register number for %st(0). The register numbers for the other
registers follow from this one. Set this to -1 to indicate the
absence of an FPU. */
int st0_regnum = 0;
/* Number of MMX registers. */
int num_mmx_regs = 0;
/* Register number for %mm0. Set this to -1 to indicate the absence
of MMX support. */
int mm0_regnum = 0;
/* Number of pseudo YMM registers. */
int num_ymm_regs = 0;
/* Register number for %ymm0. Set this to -1 to indicate the absence
of pseudo YMM register support. */
int ymm0_regnum = 0;
/* Number of AVX512 OpMask registers (K-registers) */
int num_k_regs = 0;
/* Register number for %k0. Set this to -1 to indicate the absence
of AVX512 OpMask register support. */
int k0_regnum = 0;
/* Number of pseudo ZMM registers ($zmm0-$zmm31). */
int num_zmm_regs = 0;
/* Register number for %zmm0. Set this to -1 to indicate the absence
of pseudo ZMM register support. */
int zmm0_regnum = 0;
/* Number of byte registers. */
int num_byte_regs = 0;
/* Register pseudo number for %al. */
int al_regnum = 0;
/* Number of pseudo word registers. */
int num_word_regs = 0;
/* Register number for %ax. */
int ax_regnum = 0;
/* Number of pseudo dword registers. */
int num_dword_regs = 0;
/* Register number for %eax. Set this to -1 to indicate the absence
of pseudo dword register support. */
int eax_regnum = 0;
/* Number of core registers. */
int num_core_regs = 0;
/* Number of SSE registers. */
int num_xmm_regs = 0;
/* Number of SSE registers added in AVX512. */
int num_xmm_avx512_regs = 0;
/* Register number of XMM16, the first XMM register added in AVX512. */
int xmm16_regnum = 0;
/* Number of YMM registers added in AVX512. */
int num_ymm_avx512_regs = 0;
/* Register number of YMM16, the first YMM register added in AVX512. */
int ymm16_regnum = 0;
/* Bits of the extended control register 0 (the XFEATURE_ENABLED_MASK
register), excluding the x87 bit, which are supported by this GDB. */
uint64_t xcr0 = 0;
/* Offset of XCR0 in XSAVE extended state. */
int xsave_xcr0_offset = 0;
/* Register names. */
const char * const *register_names = nullptr;
/* Register number for %ymm0h. Set this to -1 to indicate the absence
of upper YMM register support. */
int ymm0h_regnum = 0;
/* Upper YMM register names. Only used for tdesc_numbered_register. */
const char * const *ymmh_register_names = nullptr;
/* Register number for %ymm16h. Set this to -1 to indicate the absence
of support for YMM16-31. */
int ymm16h_regnum = 0;
/* YMM16-31 register names. Only used for tdesc_numbered_register. */
const char * const *ymm16h_register_names = nullptr;
/* Register number for %bnd0r. Set this to -1 to indicate the absence
bound registers. */
int bnd0r_regnum = 0;
/* Register number for pseudo register %bnd0. Set this to -1 to indicate the absence
bound registers. */
int bnd0_regnum = 0;
/* Register number for %bndcfgu. Set this to -1 to indicate the absence
bound control registers. */
int bndcfgu_regnum = 0;
/* MPX register names. Only used for tdesc_numbered_register. */
const char * const *mpx_register_names = nullptr;
/* Register number for %zmm0h. Set this to -1 to indicate the absence
of ZMM_HI256 register support. */
int zmm0h_regnum = 0;
/* OpMask register names. */
const char * const *k_register_names = nullptr;
/* ZMM register names. Only used for tdesc_numbered_register. */
const char * const *zmmh_register_names = nullptr;
/* XMM16-31 register names. Only used for tdesc_numbered_register. */
const char * const *xmm_avx512_register_names = nullptr;
/* YMM16-31 register names. Only used for tdesc_numbered_register. */
const char * const *ymm_avx512_register_names = nullptr;
/* Number of PKEYS registers. */
int num_pkeys_regs = 0;
/* Register number for PKRU register. */
int pkru_regnum = 0;
/* PKEYS register names. */
const char * const *pkeys_register_names = nullptr;
/* Register number for %fsbase. Set this to -1 to indicate the
absence of segment base registers. */
int fsbase_regnum = 0;
/* Target description. */
const struct target_desc *tdesc = nullptr;
/* Register group function. */
gdbarch_register_reggroup_p_ftype *register_reggroup_p = nullptr;
/* Offset of saved PC in jmp_buf. */
int jb_pc_offset = 0;
/* Convention for returning structures. */
enum struct_return struct_return {};
/* Address range where sigtramp lives. */
CORE_ADDR sigtramp_start = 0;
CORE_ADDR sigtramp_end = 0;
/* Detect sigtramp. */
int (*sigtramp_p) (frame_info_ptr) = nullptr;
/* Get address of sigcontext for sigtramp. */
CORE_ADDR (*sigcontext_addr) (frame_info_ptr) = nullptr;
/* Offset of registers in `struct sigcontext'. */
int *sc_reg_offset = 0;
int sc_num_regs = 0;
/* Offset of saved PC and SP in `struct sigcontext'. Usage of these
is deprecated, please use `sc_reg_offset' instead. */
int sc_pc_offset = 0;
int sc_sp_offset = 0;
/* ISA-specific data types. */
struct type *i386_mmx_type = nullptr;
struct type *i386_ymm_type = nullptr;
struct type *i386_zmm_type = nullptr;
struct type *i387_ext_type = nullptr;
struct type *i386_bnd_type = nullptr;
/* Process record/replay target. */
/* The map for registers because the AMD64's registers order
in GDB is not same as I386 instructions. */
const int *record_regmap = nullptr;
/* Parse intx80 args. */
int (*i386_intx80_record) (struct regcache *regcache) = nullptr;
/* Parse sysenter args. */
int (*i386_sysenter_record) (struct regcache *regcache) = nullptr;
/* Parse syscall args. */
int (*i386_syscall_record) (struct regcache *regcache) = nullptr;
/* Regsets. */
const struct regset *fpregset = nullptr;
};
/* Floating-point registers. */
/* All FPU control registers (except for FIOFF and FOOFF) are 16-bit
(at most) in the FPU, but are zero-extended to 32 bits in GDB's
register cache. */
/* Return non-zero if REGNUM matches the FP register and the FP
register set is active. */
extern int i386_fp_regnum_p (struct gdbarch *, int);
extern int i386_fpc_regnum_p (struct gdbarch *, int);
/* Register numbers of various important registers. */
enum i386_regnum
{
I386_EAX_REGNUM, /* %eax */
I386_ECX_REGNUM, /* %ecx */
I386_EDX_REGNUM, /* %edx */
I386_EBX_REGNUM, /* %ebx */
I386_ESP_REGNUM, /* %esp */
I386_EBP_REGNUM, /* %ebp */
I386_ESI_REGNUM, /* %esi */
I386_EDI_REGNUM, /* %edi */
I386_EIP_REGNUM, /* %eip */
I386_EFLAGS_REGNUM, /* %eflags */
I386_CS_REGNUM, /* %cs */
I386_SS_REGNUM, /* %ss */
I386_DS_REGNUM, /* %ds */
I386_ES_REGNUM, /* %es */
I386_FS_REGNUM, /* %fs */
I386_GS_REGNUM, /* %gs */
I386_ST0_REGNUM, /* %st(0) */
I386_MXCSR_REGNUM = 40, /* %mxcsr */
I386_YMM0H_REGNUM, /* %ymm0h */
I386_YMM7H_REGNUM = I386_YMM0H_REGNUM + 7,
I386_BND0R_REGNUM,
I386_BND3R_REGNUM = I386_BND0R_REGNUM + 3,
I386_BNDCFGU_REGNUM,
I386_BNDSTATUS_REGNUM,
I386_K0_REGNUM, /* %k0 */
I386_K7_REGNUM = I386_K0_REGNUM + 7,
I386_ZMM0H_REGNUM, /* %zmm0h */
I386_ZMM7H_REGNUM = I386_ZMM0H_REGNUM + 7,
I386_PKRU_REGNUM,
I386_FSBASE_REGNUM,
I386_GSBASE_REGNUM
};
/* Register numbers of RECORD_REGMAP. */
enum record_i386_regnum
{
X86_RECORD_REAX_REGNUM,
X86_RECORD_RECX_REGNUM,
X86_RECORD_REDX_REGNUM,
X86_RECORD_REBX_REGNUM,
X86_RECORD_RESP_REGNUM,
X86_RECORD_REBP_REGNUM,
X86_RECORD_RESI_REGNUM,
X86_RECORD_REDI_REGNUM,
X86_RECORD_R8_REGNUM,
X86_RECORD_R9_REGNUM,
X86_RECORD_R10_REGNUM,
X86_RECORD_R11_REGNUM,
X86_RECORD_R12_REGNUM,
X86_RECORD_R13_REGNUM,
X86_RECORD_R14_REGNUM,
X86_RECORD_R15_REGNUM,
X86_RECORD_REIP_REGNUM,
X86_RECORD_EFLAGS_REGNUM,
X86_RECORD_CS_REGNUM,
X86_RECORD_SS_REGNUM,
X86_RECORD_DS_REGNUM,
X86_RECORD_ES_REGNUM,
X86_RECORD_FS_REGNUM,
X86_RECORD_GS_REGNUM,
};
#define I386_NUM_GREGS 16
#define I386_NUM_XREGS 9
#define I386_SSE_NUM_REGS (I386_MXCSR_REGNUM + 1)
#define I386_AVX_NUM_REGS (I386_YMM7H_REGNUM + 1)
#define I386_MPX_NUM_REGS (I386_BNDSTATUS_REGNUM + 1)
#define I386_AVX512_NUM_REGS (I386_ZMM7H_REGNUM + 1)
#define I386_PKEYS_NUM_REGS (I386_PKRU_REGNUM + 1)
#define I386_NUM_REGS (I386_GSBASE_REGNUM + 1)
/* Size of the largest register. */
#define I386_MAX_REGISTER_SIZE 64
/* Types for i386-specific registers. */
extern struct type *i387_ext_type (struct gdbarch *gdbarch);
/* Checks of different registers. */
extern int i386_byte_regnum_p (struct gdbarch *gdbarch, int regnum);
extern int i386_word_regnum_p (struct gdbarch *gdbarch, int regnum);
extern int i386_dword_regnum_p (struct gdbarch *gdbarch, int regnum);
extern int i386_xmm_regnum_p (struct gdbarch *gdbarch, int regnum);
extern int i386_xmm_avx512_regnum_p (struct gdbarch * gdbarch, int regnum);
extern int i386_ymm_regnum_p (struct gdbarch *gdbarch, int regnum);
extern int i386_ymm_avx512_regnum_p (struct gdbarch *gdbarch, int regnum);
extern int i386_bnd_regnum_p (struct gdbarch *gdbarch, int regnum);
extern int i386_k_regnum_p (struct gdbarch *gdbarch, int regnum);
extern int i386_zmm_regnum_p (struct gdbarch *gdbarch, int regnum);
extern int i386_zmmh_regnum_p (struct gdbarch *gdbarch, int regnum);
extern bool i386_pkru_regnum_p (struct gdbarch *gdbarch, int regnum);
extern const char *i386_pseudo_register_name (struct gdbarch *gdbarch,
int regnum);
extern struct type *i386_pseudo_register_type (struct gdbarch *gdbarch,
int regnum);
extern void i386_pseudo_register_read_into_value (struct gdbarch *gdbarch,
readable_regcache *regcache,
int regnum,
struct value *result);
extern void i386_pseudo_register_write (struct gdbarch *gdbarch,
struct regcache *regcache,
int regnum, const gdb_byte *buf);
extern int i386_ax_pseudo_register_collect (struct gdbarch *gdbarch,
struct agent_expr *ax,
int regnum);
/* Segment selectors. */
#define I386_SEL_RPL 0x0003 /* Requester's Privilege Level mask. */
#define I386_SEL_UPL 0x0003 /* User Privilige Level. */
#define I386_SEL_KPL 0x0000 /* Kernel Privilige Level. */
/* The length of the longest i386 instruction (according to
include/asm-i386/kprobes.h in Linux 2.6. */
#define I386_MAX_INSN_LEN (16)
/* Functions exported from i386-tdep.c. */
extern CORE_ADDR i386_pe_skip_trampoline_code (frame_info_ptr frame,
CORE_ADDR pc, char *name);
extern CORE_ADDR i386_skip_main_prologue (struct gdbarch *gdbarch,
CORE_ADDR pc);
/* The "push_dummy_call" gdbarch method, optionally with the thiscall
calling convention. */
extern CORE_ADDR i386_thiscall_push_dummy_call (struct gdbarch *gdbarch,
struct value *function,
struct regcache *regcache,
CORE_ADDR bp_addr,
int nargs, struct value **args,
CORE_ADDR sp,
function_call_return_method
return_method,
CORE_ADDR struct_addr,
bool thiscall);
/* Return whether the THIS_FRAME corresponds to a sigtramp routine. */
extern int i386_sigtramp_p (frame_info_ptr this_frame);
/* Return non-zero if REGNUM is a member of the specified group. */
extern int i386_register_reggroup_p (struct gdbarch *gdbarch, int regnum,
const struct reggroup *group);
/* Supply register REGNUM from the general-purpose register set REGSET
to register cache REGCACHE. If REGNUM is -1, do this for all
registers in REGSET. */
extern void i386_supply_gregset (const struct regset *regset,
struct regcache *regcache, int regnum,
const void *gregs, size_t len);
/* General-purpose register set. */
extern const struct regset i386_gregset;
/* Floating-point register set. */
extern const struct regset i386_fpregset;
/* Default iterator over core file register note sections. */
extern void
i386_iterate_over_regset_sections (struct gdbarch *gdbarch,
iterate_over_regset_sections_cb *cb,
void *cb_data,
const struct regcache *regcache);
typedef buf_displaced_step_copy_insn_closure
i386_displaced_step_copy_insn_closure;
extern displaced_step_copy_insn_closure_up i386_displaced_step_copy_insn
(struct gdbarch *gdbarch, CORE_ADDR from, CORE_ADDR to,
struct regcache *regs);
extern void i386_displaced_step_fixup
(struct gdbarch *gdbarch, displaced_step_copy_insn_closure *closure,
CORE_ADDR from, CORE_ADDR to, regcache *regs, bool completed_p);
/* Initialize a basic ELF architecture variant. */
extern void i386_elf_init_abi (struct gdbarch_info, struct gdbarch *);
/* Initialize a SVR4 architecture variant. */
extern void i386_svr4_init_abi (struct gdbarch_info, struct gdbarch *);
/* Convert SVR4 register number REG to the appropriate register number
used by GDB. */
extern int i386_svr4_reg_to_regnum (struct gdbarch *gdbarch, int reg);
extern int i386_process_record (struct gdbarch *gdbarch,
struct regcache *regcache, CORE_ADDR addr);
extern const struct target_desc *i386_target_description (uint64_t xcr0,
bool segments);
/* Return true iff the current target is MPX enabled. */
extern int i386_mpx_enabled (void);
/* Functions and variables exported from i386-bsd-tdep.c. */
extern void i386bsd_init_abi (struct gdbarch_info, struct gdbarch *);
extern CORE_ADDR i386obsd_sigtramp_start_addr;
extern CORE_ADDR i386obsd_sigtramp_end_addr;
extern int i386obsd_sc_reg_offset[];
extern int i386bsd_sc_reg_offset[];
/* SystemTap related functions. */
extern int i386_stap_is_single_operand (struct gdbarch *gdbarch,
const char *s);
extern expr::operation_up i386_stap_parse_special_token
(struct gdbarch *gdbarch, struct stap_parse_info *p);
#endif /* i386-tdep.h */
View Git Blame Copy Permalink