Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

could you help data-abort, undef-abort, prefetch-abort and stack_abt[5] overflow #4445

Closed
carrionbent opened this issue Mar 4, 2021 · 2 comments
Closed

could you help data-abort, undef-abort, prefetch-abort and stack_abt[5] overflow #4445

carrionbent opened this issue Mar 4, 2021 · 2 comments

Comments

@carrionbent
Copy link

carrionbent commented Mar 4, 2021
edited
Loading

Recently, I'm porting ldelf related patches to version 3.2.0,when I run xtest (1008、1011), some panics appear,including data-abort、prefetch-abort and undef-abort, and the call stack is as follows,could you please give me some help?

E/TC:? 0 User TA prefetch-abort at address 0xc0118640 (translation fault)
E/TC:? 0 esr 0x82000005 ttbr0 0x20000450fb080 ttbr1 0x00000000 cidr 0x0
E/TC:? 0 cpu #4 cpsr 0x60000100
E/TC:? 0 x0 00000000c0118640 x1 0000000080118640
E/TC:? 0 x2 0000000000000001 x3 00000000801186b0
E/TC:? 0 x4 000000000000000a x5 000000008001ad40
E/TC:? 0 x6 0000000000000100 x7 00000000450de850
E/TC:? 0 x8 00000000450de854 x9 0000000000004988
E/TC:? 0 x10 0000000000000095 x11 00000000000000ee
E/TC:? 0 x12 0000000000000000 x13 0000000080118780
E/TC:? 0 x14 0000000000000000 x15 0000000000000000
E/TC:? 0 x16 00000000800320a8 x17 000000008011a3f0
E/TC:? 0 x18 0000000000000000 x19 0000000045105170
E/TC:? 0 x20 0000000000000000 x21 00000000450ca710
E/TC:? 0 x22 0000000000000710 x23 0000000000000000
E/TC:? 0 x24 0000000000000000 x25 0000000000000000
E/TC:? 0 x26 0000000000000000 x27 0000000000000000
E/TC:? 0 x28 0000000000000000 x29 0000000080118620
E/TC:? 0 x30 0000000080019ebc elr 00000000c0118640
E/TC:? 0 sp_el0 0000000080118620
E/LD: Status of TA 5b9e0e40-2636-11e1-ad9e-0002a5d5c51b
E/LD: arch: aarch64
E/LD: region 0: va 0x80004000 pa 0x45200000 size 0x002000 flags rw-s (ldelf)
E/LD: region 1: va 0x80006000 pa 0x45202000 size 0x00d000 flags r-xs (ldelf)
E/LD: region 2: va 0x80013000 pa 0x4520f000 size 0x001000 flags rw-s (ldelf)
E/LD: region 3: va 0x80014000 pa 0x45210000 size 0x002000 flags rw-s (ldelf)
E/LD: region 4: va 0x80016000 pa 0x4522f000 size 0x001000 flags r--s
E/LD: region 5: va 0x80017000 pa 0x00001000 size 0x01b000 flags r-xs [0] .ta_head .text .plt .eh_frame .rodata .gnu.hash .dynsym .dynstr .hash .rela.dyn .dynamic .got .rela.got .rela.plt .data .bss
E/LD: region 6: va 0x80032000 pa 0x0001c000 size 0x0e4000 flags rw-s [0] .bss
E/LD: region 7: va 0x80116000 pa 0x45212000 size 0x003000 flags rw-s (stack)
E/LD: region 8: va 0x80119000 pa 0x00000000 size 0x002000 flags r-xs [1]
E/LD: region 9: va 0x8011b000 pa 0x00001000 size 0x002000 flags rw-s [1]
E/LD: [0] 5b9e0e40-2636-11e1-ad9e-0002a5d5c51b @ 0x80017000 (/xtest/out/debug/ta/os_test/5b9e0e40-2636-11e1-ad9e-0002a5d5c51b.elf)
E/LD: [1] ffd2bded-ab7d-4988-95ee-e4962fff7154 @ 0x80119000
E/LD: Call stack:
E/LD: 0x00000000c0118640 ???
E/LD: 0x000000008001a85c mdbg_update_hdr at /optee_os/lib/libutils/isoc/bget_malloc.c:694
E/LD: 0x0000000080020ce4 mpi_mul_hlp at /optee_os/lib/libmbedtls/mbedtls/library/bignum.c:1303
E/LD: 0x0000000080020d78 mpi_mul_hlp at /optee_os/lib/libmbedtls/mbedtls/library/bignum.c:1300
E/LD: 0x000000008001ad6c gen_malloc_add_pool at /optee_os/lib/libutils/isoc/bget_malloc.c:980
E/LD: 0x000000004500b924 ???
D/TC:? 0 user_ta_enter:190 tee_user_ta_enter: TA panicked with code 0xdeadbeef
D/TC:? 0 destroy_ta_ctx_from_session:311 Remove references to context
(0x450de820)
D/TC:? 0 destroy_context:296 Destroy TA ctx (0x450de820)
D/TC:? 0 tee_ta_close_session:496 csess 0x450de8b0 id 1

========================================================================

E/TC:? 0 User TA data-abort at address 0x0 (translation fault)
E/TC:? 0 esr 0x92000045 ttbr0 0x20000450fb080 ttbr1 0x00000000 cidr 0x0
E/TC:? 0 cpu #4 cpsr 0x60000100
E/TC:? 0 x0 0000000000000000 x1 00000000801186b0
E/TC:? 0 x2 0000000000000001 x3 00000000801186b0
E/TC:? 0 x4 000000000000000a x5 000000008001ad40
E/TC:? 0 x6 0000000000000100 x7 00000000450de850
E/TC:? 0 x8 00000000450de854 x9 0000000045105070
E/TC:? 0 x10 0000000000000095 x11 00000000000000ee
E/TC:? 0 x12 0000000000000000 x13 0000000080118780
E/TC:? 0 x14 0000000000000000 x15 0000000000000000
E/TC:? 0 x16 000000004502e210 x17 000000008011a384
E/TC:? 0 x18 0000000000000000 x19 0000000045105170
E/TC:? 0 x20 0000000000000000 x21 00000000450ca710
E/TC:? 0 x22 0000000000000710 x23 0000000000000000
E/TC:? 0 x24 0000000000000000 x25 0000000000000000
E/TC:? 0 x26 0000000000000000 x27 0000000000000000
E/TC:? 0 x28 0000000000000000 x29 0000000080118620
E/TC:? 0 x30 000000008001a860 elr 0000000080019e84
E/TC:? 0 sp_el0 0000000080118620
E/LD: Status of TA 5b9e0e40-2636-11e1-ad9e-0002a5d5c51b
E/LD: arch: aarch64
E/LD: region 0: va 0x80004000 pa 0x45200000 size 0x002000 flags rw-s (ldelf)
E/LD: region 1: va 0x80006000 pa 0x45202000 size 0x00d000 flags r-xs (ldelf)
E/LD: region 2: va 0x80013000 pa 0x4520f000 size 0x001000 flags rw-s (ldelf)
E/LD: region 3: va 0x80014000 pa 0x45210000 size 0x002000 flags rw-s (ldelf)
E/LD: region 4: va 0x80016000 pa 0x4522f000 size 0x001000 flags r--s
E/LD: region 5: va 0x80017000 pa 0x00001000 size 0x01b000 flags r-xs [0] .ta_head .text .plt .eh_frame .rodata .gnu.hash .dynsym .dynstr .hash .rela.dyn .dynamic .got .rela.got .rela.plt .data .bss
E/LD: region 6: va 0x80032000 pa 0x0001c000 size 0x0e4000 flags rw-s [0] .bss
E/LD: region 7: va 0x80116000 pa 0x45212000 size 0x003000 flags rw-s (stack)
E/LD: region 8: va 0x80119000 pa 0x00000000 size 0x002000 flags r-xs [1]
E/LD: region 9: va 0x8011b000 pa 0x00001000 size 0x002000 flags rw-s [1]
E/LD: [0] 5b9e0e40-2636-11e1-ad9e-0002a5d5c51b @ 0x80017000 (/xtest/out/debug/ta/os_test/5b9e0e40-2636-11e1-ad9e-0002a5d5c51b.elf)
E/LD: [1] ffd2bded-ab7d-4988-95ee-e4962fff7154 @ 0x80119000
E/LD: Call stack:
E/LD: 0x0000000080019e84 bget at /optee_os/lib/libutils/isoc/bget.c:660
E/LD: 0x000000008001a85c mdbg_update_hdr at /optee_os/lib/libutils/isoc/bget_malloc.c:694
E/LD: 0x0000000080020ce4 mpi_mul_hlp at /optee_os/lib/libmbedtls/mbedtls/library/bignum.c:1303
E/LD: 0x0000000080020d78 mpi_mul_hlp at /optee_os/lib/libmbedtls/mbedtls/library/bignum.c:1300
E/LD: 0x000000008001ad6c gen_malloc_add_pool at /optee_os/lib/libutils/isoc/bget_malloc.c:980
E/LD: 0x000000004500b924 ???
D/TC:? 0 user_ta_enter:190 tee_user_ta_enter: TA panicked with code 0xdeadbeef
D/TC:? 0 destroy_ta_ctx_from_session:311 Remove references to context
(0x450de820)
D/TC:? 0 destroy_context:296 Destroy TA ctx (0x450de820)
D/TC:? 0 tee_ta_close_session:496 csess 0x450de8b0 id 1
D/TC:? 0 tee_ta_close_session:515 Destroy session
D/TC:? 0 tee_ta_init_pseudo_ta_session:273 Lookup pseudo TA
5b9e0e40-2636-11e1-ad9e-0002a5d5c51b
D/TC:? 0 load_ldelf:740 ldelf load address 0x80006000

==========================================================
E/TC:? 0 User TA undef-abort at address 0x80019dfc
E/TC:? 0 esr 0x02000000 ttbr0 0x20000450fb080 ttbr1 0x00000000 cidr 0x0
E/TC:? 0 cpu #4 cpsr 0x60000100
E/TC:? 0 x0 0000000000000005 x1 00000000801186b0
E/TC:? 0 x2 0000000000000001 x3 00000000801186b0
E/TC:? 0 x4 000000000000000a x5 000000008001ad40
E/TC:? 0 x6 0000000000000100 x7 00000000450de850
E/TC:? 0 x8 00000000450de854 x9 0000000000004988
E/TC:? 0 x10 0000000000000095 x11 00000000000000ee
E/TC:? 0 x12 0000000000000000 x13 0000000080118780
E/TC:? 0 x14 0000000000000000 x15 0000000000000000
E/TC:? 0 x16 000000004501c764 x17 000000008011a378
E/TC:? 0 x18 0000000000000000 x19 0000000045105170
E/TC:? 0 x20 0000000000000000 x21 00000000450ca710
E/TC:? 0 x22 0000000000000710 x23 0000000000000000
E/TC:? 0 x24 0000000000000000 x25 0000000000000000
E/TC:? 0 x26 0000000000000000 x27 0000000000000000
E/TC:? 0 x28 0000000000000000 x29 0000000080118620
E/TC:? 0 x30 0000000080019ec4 elr 0000000080019dfc
E/TC:? 0 sp_el0 0000000080118620
E/LD: Status of TA 5b9e0e40-2636-11e1-ad9e-0002a5d5c51b
E/LD: arch: aarch64
E/LD: region 0: va 0x80004000 pa 0x45200000 size 0x002000 flags rw-s (ldelf)
E/LD: region 1: va 0x80006000 pa 0x45202000 size 0x00d000 flags r-xs (ldelf)
E/LD: region 2: va 0x80013000 pa 0x4520f000 size 0x001000 flags rw-s (ldelf)
E/LD: region 3: va 0x80014000 pa 0x45210000 size 0x002000 flags rw-s (ldelf)
E/LD: region 4: va 0x80016000 pa 0x4522f000 size 0x001000 flags r--s
E/LD: region 5: va 0x80017000 pa 0x00001000 size 0x01b000 flags r-xs [0] .ta_head .text .plt .eh_frame .rodata .gnu.hash .dynsym .dynstr .hash .rela.dyn .dynamic .got .rela.got .rela.plt .data .bss
E/LD: region 6: va 0x80032000 pa 0x0001c000 size 0x0e4000 flags rw-s [0] .bss
E/LD: region 7: va 0x80116000 pa 0x45212000 size 0x003000 flags rw-s (stack)
E/LD: region 8: va 0x80119000 pa 0x00000000 size 0x002000 flags r-xs [1]
E/LD: region 9: va 0x8011b000 pa 0x00001000 size 0x002000 flags rw-s [1]
E/LD: [0] 5b9e0e40-2636-11e1-ad9e-0002a5d5c51b @ 0x80017000 (/xtest/out/debug/ta/os_test/5b9e0e40-2636-11e1-ad9e-0002a5d5c51b.elf)
E/LD: [1] ffd2bded-ab7d-4988-95ee-e4962fff7154 @ 0x80119000
E/TC:? 0 User TA undef-abort at address 0x80019dfc create_free_block.constprop.25+300 .text+11740
E/LD: Call stack:
E/LD: 0x0000000080019dfc create_free_block at /optee_os/lib/libutils/isoc/bget_malloc.c:422
E/LD: 0x000000008001a85c mdbg_update_hdr at /optee_os/lib/libutils/isoc/bget_malloc.c:694
E/LD: 0x0000000080020ce4 mpi_mul_hlp at /optee_os/lib/libmbedtls/mbedtls/library/bignum.c:1303
E/LD: 0x0000000080020d78 mpi_mul_hlp at /optee_os/lib/libmbedtls/mbedtls/library/bignum.c:1300
E/LD: 0x000000008001ad6c gen_malloc_add_pool at /optee_os/lib/libutils/isoc/bget_malloc.c:980
E/LD: 0x000000004500b924 ???
D/TC:? 0 user_ta_enter:190 tee_user_ta_enter: TA panicked with code 0xdeadbeef
D/TC:? 0 destroy_ta_ctx_from_session:311 Remove references to context

=================================================================

F/TC:? 0 trace_syscall:131 syscall #5 (syscall_open_ta_session)
D/TC:? 0 tee_ta_init_session_with_context:570 Re-open TA 3a2f8978-5dc0-11e8-9c2d-fa7ae01bbebc
F/TC:? 0 trace_syscall:131 syscall #7 (syscall_invoke_ta_command)
F/TC:? 0 trace_syscall:131 syscall #7 (syscall_invoke_ta_command)
D/TC:? 0 system_open_ta_binary:229 Lookup user TA ELF cb3e5ba0-adf1-11e0-998b-0002a5d5c51b (Secure Storage TA)
F/TC:? 0 plat_prng_add_jitter_entropy:73 plat_prng_add_jitter_entropy: 0xB8
F/TC:? 0 plat_prng_add_jitter_entropy:73 plat_prng_add_jitter_entropy: 0x23
F/TC:? 0 plat_prng_add_jitter_entropy:73 plat_prng_add_jitter_entropy: 0x37
F/TC:? 0 plat_prng_add_jitter_entropy:73 plat_prng_add_jitter_entropy: 0xC2
D/TC:? 0 system_open_ta_binary:232 res=0xffff0008
D/TC:? 0 system_open_ta_binary:229 Lookup user TA ELF cb3e5ba0-adf1-11e0-998b-0002a5d5c51b (REE [buffered])
E/TC:4 0 Dead canary at end of 'stack_abt[5]'
E/TC:4 0 Panic at core/arch/arm/kernel/thread.c:201 <thread_check_canaries>
E/TC:4 0 Call stack:
E/TC:4 0 0x000000004500fd88

Looking forward to your reply. Many thanks in advance!
@jenswi-linaro
Copy link
Contributor

So you're backporting ldelf to 3.2.0? That can't be easy, lots of infrastructure had to prepare for ldelf.

At least some of the crashes looks like memory corruption. Perhaps shared memory for code pages isn't working properly?

@carrionbent
Copy link
Author

So you're backporting ldelf to 3.2.0? That can't be easy, lots of infrastructure had to prepare for ldelf.

At least some of the crashes looks like memory corruption. Perhaps shared memory for code pages isn't working properly?

Yes, I have selected some ldelf-related patches from versions 3.3.0, 3.4.0, 3.5.0 and 3.6.0 respectively.

At present, the compilation problem has been solved, and all 3.3.0, 3.4.0 and 3.5.0 xtest cases have passed.

xtest 1006, 1008 and 1011 will fail in version 3.6.0, and other test cases will pass.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jenswi-linaro @carrionbent