armv7/Aarch32: crash in stack unwind (DPRINT_STACK()) #1069
Comments
|
I think maybe more register need to be passed to unwind_stack? |
|
Yes I think so too. Is the function called due an abort/panic or something else? |
|
No, i just call the EPRINT_STACK directly in the normal flow(in a static TA), and the EPRINT_STACK itself cause a abort. |
|
This seems to be a bug. |
|
@prime-zeng could you please try this? diff --git a/core/arch/arm/kernel/unwind_arm32.c b/core/arch/arm/kernel/unwind_arm32.c
index fa75e96..b8b53c8 100644
--- a/core/arch/arm/kernel/unwind_arm32.c
+++ b/core/arch/arm/kernel/unwind_arm32.c
@@ -248,7 +248,7 @@ static bool unwind_exec_insn(struct unwind_state *state)
mask = unwind_exec_read_byte(state);
if (mask == 0 || (mask & 0xf0) != 0)
- return 1;
+ return false;
/* Update SP */
update_vsp = 1; |
|
@jforissier it doesn't work. Maybe i can try to build a full unwind_state, and pass it to the unwind_stack? |
|
@prime-zeng yes, maybe that's required. Please try and let me know if that works, then I can test on HiKey (I can reproduce an issue where the unwind would dump correct information then loop forever on PC=0x00000004. Hopefully it is the same root cause). |
jforissier
changed the title
|
@jforissier : try add |
Save general purpose registers and the frame pointer before starting the unwind operation. Also, set PC to the begining of the print_stack function since there's no point in going further. Fixes: OP-TEE#1069 Signed-off-by: Jerome Forissier <[email protected]>
|
Hi @prime-zeng, Could you please check if #1102 works for you? In addition to the code you've given above, I had to prevent unwinding past |
print_stack() must save r7 and r11 in the unwind_state structure. Not doing so will likely result in a crash dunring unwind. Register r7 is typically used as a frame pointer by GCC in Thumb2 mode, while r11 (a.k.a. fp) is the frame pointer in ARM mode. Also, set PC to the begining of print_stack() since there's no point in going further inside the function. Fixes: OP-TEE#1069 Signed-off-by: Jerome Forissier <[email protected]> Tested-by: Jerome Forissier <[email protected]> (HiKey) Tested-by: Jerome Forissier <[email protected]> (QEMU) Reviewed-by: Etienne Carriere <[email protected]> Reviewed-by: Jens Wiklander <[email protected]>
print_stack() must save r7 and r11 in the unwind_state structure. Not doing so will likely result in a crash dunring unwind. Register r7 is typically used as a frame pointer by GCC in Thumb2 mode, while r11 (a.k.a. fp) is the frame pointer in ARM mode. Also, set PC to the beginning of print_stack() since there's no point in going further inside the function. Fixes: OP-TEE/optee_os#1069 Signed-off-by: Jerome Forissier <[email protected]> Tested-by: Jerome Forissier <[email protected]> (HiKey) Tested-by: Jerome Forissier <[email protected]> (QEMU) Reviewed-by: Etienne Carriere <[email protected]> Reviewed-by: Jens Wiklander <[email protected]>
DEBUG: [0x0] TEE-CORE:print_stack:376: SP :7e2b2618
ERROR: TEE-CORE: pc 0x7e007d06
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2618
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x0
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x68
ERROR: TEE-CORE:
ERROR: TEE-CORE: core data-abort at address 0x68 (translation fault)
ERROR: TEE-CORE: fsr 0x00000005 ttbr0 0x7e29806a ttbr1 0x7e29806a cidr 0x0
ERROR: TEE-CORE: cpu #0 cpsr 0x00000133
ERROR: TEE-CORE: r0 0x00000008 r4 0x7e20069c r8 0x00000000 r12 0x7e2b25f4
ERROR: TEE-CORE: r1 0x80400000 r5 0x00000000 r9 0x00000000 sp 0x7e2b2598
ERROR: TEE-CORE: r2 0x0000006c r6 0x00000000 r10 0x00000000 lr 0x7e007949
ERROR: TEE-CORE: r3 0x00000068 r7 0x7e2b25a0 r11 0x00000000 pc 0x7e00797e
ERROR: TEE-CORE: Call stack:
ERROR: TEE-CORE: pc 0x7e00797e
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2598
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b25a0
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b25d0
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b25d8
ERROR: TEE-CORE: pc 0x7e007be3
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b25d8
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b25e0
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b25f0
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b25f8
ERROR: TEE-CORE: pc 0x7e007c9b
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b25f8
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b25f8
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b260c
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2618
ERROR: TEE-CORE: pc 0x7e007dcd
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2618
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2620
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2688
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2690
ERROR: TEE-CORE: pc 0x7e00d7d9
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2690
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2690
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2728
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2828
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2830
ERROR: TEE-CORE: pc 0x7e00d81b
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2830
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2830
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2840
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2848
ERROR: TEE-CORE: pc 0x7e00d879
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2848
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2850
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2860
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2868
ERROR: TEE-CORE: pc 0x7e002c1b
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2868
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2868
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2884
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2890
ERROR: TEE-CORE: pc 0x7e00f281
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2890
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b28a0
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b28bc
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b28c8
ERROR: TEE-CORE: pc 0x7e00e497
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b28c8
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b28d0
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2918
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2920
ERROR: TEE-CORE: pc 0x7e00c111
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2920
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2928
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b29a8
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b29b0
ERROR: TEE-CORE: pc 0x7e00c2f7
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b29b0
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b29c0
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b29dc
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b29e8
ERROR: TEE-CORE: pc 0x7e0049fd
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b29e8
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b29e8
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2a0c
DEBUG: [0x0] TEE-CORE:unwind_exec_insn:176: 0x7e2b2a18
ERROR: TEE-CORE: pc 0x7e0010b8
ERROR: TEE-CORE: Panic 'unhandled pageable abort' at core/arch/arm/kernel/abort.c:573 <abort_handler>
The text was updated successfully, but these errors were encountered: