Skip to content

Commit

Permalink
scripts/symbolize.py: try to resolve abort address to symbol/section[…
Browse files Browse the repository at this point in the history 
…+offset]

Use nm and objdump to find the symbol and ELF section that match the
address reported in the the abort line. This can help debug writes to
read-only data or unaligned accesses to global data, for example.

If the address can be resolved to a symbol plus some offset and/or a
section plus some offset, the abort line is printed again just before
the call stack with the symbolic information added. Not that the
translation cannot be done immediately when the abort line is seen
because at this point we don't know the architecture, and we don't have
the load address of the TA.

Here is an example (the line added by this patch is marked with >>):

   User TA data-abort at address 0x1314d0 (write permission fault)
    fsr 0x0000080f  ttbr0 0x0e07a06a  ttbr1 0x0e07406a  cidr 0x1
    cpu #0          cpsr 0x60000030
    r0 0x00000001      r4 0x00102780    r8 0x00000000   r12 0xb736e358
    r1 0x00102724      r5 0x00121e4f    r9 0x00000000    sp 0x001026e0
    r2 0x00000001      r6 0x001026dc   r10 0x00000000    lr 0x00105cf1
    r3 0x001314d0      r7 0x001026e0   r11 0x00000000    pc 0x00105790
   Status of TA 5b9e0e40-2636-11e1-ad9e-0002a5d5c51b (0xe073b70) (active)
    arch: arm  load address: 0x103000  ctx-idr: 1
    stack: 0x100000 10240
    region 0: va 0x100000 pa 0xe21e000 size 0x3000
    region 1: va 0x103000 pa 0xe100000 size 0x2e000
    region 2: va 0x131000 pa 0xe12e000 size 0xa000
    region 3: va 0x13b000 pa 0xe138000 size 0xe6000
    region 4: va 0 pa 0 size 0
    region 5: va 0 pa 0 size 0
    region 6: va 0 pa 0 size 0
    region 7: va 0 pa 0 size 0
>> User TA data-abort at address 0x1314d0 const_val+4 .rodata+4452 (write permission fault)
   Call stack:
    0x00105790 ta_entry_bad_mem_access at optee_test/ta/os_test/os_test.c:917
    0x00105cf1 TA_InvokeCommandEntryPoint at optee_test/ta/os_test/ta_entry.c:101
    0x00121e33 entry_invoke_command at optee_os/lib/libutee/arch/arm/user_ta_entry.c:207
    0x00121e8f __utee_entry at optee_os/lib/libutee/arch/arm/user_ta_entry.c:235

The test TA does the following:

  const int const_val[3] = { 1, };
  /* ... */
  ((int *)const_val)[1] = 2;

Suggested-by: Zeng Tao <[email protected]>
Signed-off-by: Jerome Forissier <[email protected]>
  • Loading branch information
@jforissier
jforissier committed Aug 25, 2017
1 parent 67a1725 commit 5778064
Showing 1 changed file with 115 additions and 9 deletions.
124 changes: 115 additions & 9 deletions scripts/symbolize.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
CALL_STACK_RE = re.compile('Call stack:')
STACK_ADDR_RE = re.compile(r': (?P<addr>0x[0-9a-f]+)')
X64_REGS_RE = re.compile(': x0 [0-9a-f]{16} x1 [0-9a-f]{16}')
ABORT_ADDR_RE = re.compile('-abort at address (?P<addr>0x[0-9a-f]+)')

epilog = '''
This scripts reads an OP-TEE abort message from stdin and adds debug
Expand Down Expand Up @@ -98,28 +99,36 @@ def get_elf(self, elf_or_uuid):
if elf:
return elf[0]

def arch_prefix(self, cmd):
if self._arch == 'arm':
return 'arm-linux-gnueabihf-' + cmd
elif self._arch == 'aarch64':
return 'aarch64-linux-gnu-' + cmd
else:
return ''

def spawn_addr2line(self):
if not self._addr2line:
elf = self.get_elf(self._bin)
if not elf:
return
if self._arch == 'arm':
cmd = 'arm-linux-gnueabihf-addr2line'
elif self._arch == 'aarch64':
cmd = 'aarch64-linux-gnu-addr2line'
else:
cmd = self.arch_prefix('addr2line')
if not cmd:
return
self._addr2line = subprocess.Popen([cmd, '-f', '-p', '-e', elf],
stdin = subprocess.PIPE,
stdout = subprocess.PIPE)

def resolve(self, addr):
def subtract_load_addr(self, addr):
offs = self._load_addr
if int(offs, 0) > int(addr, 0):
return '???'
reladdr = '0x{:x}'.format(int(addr, 0) - int(offs, 0))
return ''
return '0x{:x}'.format(int(addr, 0) - int(offs, 0))

def resolve(self, addr):
reladdr = self.subtract_load_addr(addr)
self.spawn_addr2line()
if not self._addr2line:
if not reladdr or not self._addr2line:
return '???'
try:
print >> self._addr2line.stdin, reladdr
Expand All @@ -128,13 +137,101 @@ def resolve(self, addr):
ret = '!!!'
return ret

def symbol_plus_offset(self, addr):
ret = None
prevsize = 0
reladdr = self.subtract_load_addr(addr)
elf = self.get_elf(self._bin)
cmd = self.arch_prefix('nm')
if not reladdr or not elf or not cmd:
return ''
ireladdr = int(reladdr, 0)
nm = subprocess.Popen([cmd, '--numeric-sort', '--print-size', elf],
stdin = subprocess.PIPE,
stdout = subprocess.PIPE)
for line in iter(nm.stdout.readline, ''):
try:
addr, size, _, name = line.split()
except:
# Size is missing
addr, _, name = line.split()
size = '0'
iaddr = int(addr, 16)
isize = int(size, 16)
if iaddr == ireladdr:
ret = name
break
if iaddr < ireladdr and iaddr + isize >= ireladdr:
offs = ireladdr - iaddr
ret = name + '+' + str(offs)
break
if iaddr > ireladdr and prevsize == 0:
offs = iaddr + ireladdr
ret = prevname + '+' + str(offs)
break
prevsize = size
prevname = name
if ret is None:
ret = ''
nm.terminate()
return ret

def section_plus_offset(self, addr):
ret = None
reladdr = self.subtract_load_addr(addr)
elf = self.get_elf(self._bin)
cmd = self.arch_prefix('objdump')
if not reladdr or not elf or not cmd:
return ''
iaddr = int(reladdr, 0)
objdump = subprocess.Popen([cmd, '--section-headers', elf],
stdin = subprocess.PIPE,
stdout = subprocess.PIPE)
for line in iter(objdump.stdout.readline, ''):
try:
idx, name, size, vma, lma, offs, algn = line.split()
except:
continue;
ivma = int(vma, 16)
isize = int(size, 16)
if ivma == iaddr:
ret = name
break
if ivma < iaddr and ivma + isize >= iaddr:
offs = iaddr - ivma
ret = name + '+' + str(offs)
break
if ret is None:
ret = ''
objdump.terminate()
return ret

def process_abort(self, line):
ret = ''
match = re.search(ABORT_ADDR_RE, line)
addr = match.group('addr')
pre = match.start('addr')
post = match.end('addr')
sym = self.symbol_plus_offset(addr)
sec = self.section_plus_offset(addr)
if sym or sec:
ret += line[:pre]
ret += addr
if sym:
ret += ' ' + sym
if sec:
ret += ' ' + sec
ret += line[post:]
return ret

def reset(self):
self._call_stack_found = False
self._load_addr = '0'
if self._addr2line:
self._addr2line.terminate()
self._addr2line = None
self._arch = 'arm'
self._saved_abort_line = ''

def write(self, line):
if self._call_stack_found:
Expand All @@ -157,6 +254,10 @@ def write(self, line):
match = re.search(CALL_STACK_RE, line)
if match:
self._call_stack_found = True
# Here is a good place to resolve the abort address
# because the TA load address is known
if self._saved_abort_line:
self._out.write(self.process_abort(self._saved_abort_line))
match = re.search(TA_UUID_RE, line)
if match:
self._bin = match.group('uuid')
Expand All @@ -169,6 +270,11 @@ def write(self, line):
# Assume _arch represents the TEE core. If we have a TA dump,
# it will be overwritten later
self._arch = 'aarch64'
match = re.search(ABORT_ADDR_RE, line)
if match:
# At this point the arch and TA load address are unknown.
# Save the line so We can translate the abort address later.
self._saved_abort_line = line
self._out.write(line)

def flush(self):
Expand Down

0 comments on commit 5778064

Please sign in to comment.