Target descriptions are allocated lazily, that is fine in GDBserver,
but it is not safe to call malloc in gdb_collect in IPA, because we
can set a fast tracepoint in malloc, and when the tracepoint is hit,
gdb_collect/malloc is called, deadlock or memory corruption may be
triggered.
#0 0xf7cfc200 in malloc ()
#1 0xf7efdc07 in operator new(unsigned int) ()
#2 0xf7ef7636 in allocate_target_description() ()
#3 0xf7efcbe1 in i386_create_target_description(unsigned long long, bool) ()
#4 0xf7efb474 in i386_linux_read_description(unsigned long long) ()
#5 0xf7efb190 in get_ipa_tdesc(int) ()
#6 0xf7ef9baa in gdb_collect ()
The fix is to initialize all target descriptions earlier, when the
IPA is loaded. In order to guarantee malloc is not called in IPA
in gdb_collect, I change the test to set a breakpoint on malloc, if
IPA gdb_collect calls malloc, program will hit the breakpoint, and
test fail.
continue
Continuing.
Thread 1 "" hit Breakpoint 5, 0xf7cfc200 in malloc ()
(gdb) FAIL: gdb.trace/ftrace.exp: advance through tracing
gdb/gdbserver:
2017-12-07 Yao Qi <yao.qi@linaro.org>
* linux-aarch64-ipa.c (initialize_low_tracepoint): Call
aarch64_linux_read_description.
* linux-amd64-ipa.c (idx2mask): New array.
(get_ipa_tdesc): Move idx2mask out.
(initialize_low_tracepoint): Initialize target descriptions.
* linux-i386-ipa.c (idx2mask): New array.
(get_ipa_tdesc): Move idx2mask out.
(initialize_low_tracepoint): Initialize target descriptions.
gdb/testsuite:
2017-12-07 Yao Qi <yao.qi@linaro.org>
* gdb.trace/ftrace.exp (run_trace_experiment): Set breakpoint on
malloc and catch syscall.
This applies the second part of GDB's End of Year Procedure, which
updates the copyright year range in all of GDB's files.
gdb/ChangeLog:
Update copyright year range in all GDB files.
These files need AT_PHDR, which is defined in elf.h. If HAVE_GETAUXVAL
is set, it's implicitely included by sys/auxv.h. Include it manually
for the opposite case.
gdb/gdbserver/ChangeLog:
* linux-aarch64-ipa.c: Add <elf.h> include.
* linux-ppc-ipa.c: Add <elf.h> include.
* linux-s390-ipa.c: Add <elf.h> include.
Targets may have various requirements on the required location of the jump
pad area. Currently IPA allocates it at the lowest possible address,
so that it is reachable by branches from the executable. However, this
fails on powerpc, which has executable link address (0x10000000) much
larger than branch reach (+/- 32MiB).
This makes jump pad buffer allocation a target hook instead. The current
implementations are as follows:
- i386 and s390: Branches can reach anywhere, so just mmap it. This
avoids the linear search dance.
- x86_64: Branches have +/-2GiB of reach, and executable is loaded low,
so just call mmap with MAP_32BIT. Likewise avoids the linear search.
- aarch64: Branches have +-128MiB of reach, executable loaded at 4MiB.
Do a linear search from 4MiB-size downwards to page_size.
- s390x: Branches have +-4GiB of reach, executable loaded at 2GiB.
Do like on aarch64.
gdb/gdbserver/ChangeLog:
* linux-aarch64-ipa.c: Add <sys/mman.h> and <sys/auxv.h> includes.
(alloc_jump_pad_buffer): New function.
* linux-amd64-ipa.c: Add <sys/mman.h> include.
(alloc_jump_pad_buffer): New function.
* linux-i386-ipa.c (alloc_jump_pad_buffer): New function.
* linux-s390-ipa.c: Add <sys/mman.h> and <sys/auxv.h> includes.
(alloc_jump_pad_buffer): New function.
* tracepoint.c (getauxval) [!HAVE_GETAUXVAL]: New function.
(initialize_tracepoint): Delegate to alloc_jump_pad_buffer.
* tracepoint.h (alloc_jump_pad_buffer): New prototype.
(getauxval) [!HAVE_GETAUXVAL]: New prototype.
On powerpc64, qSymbol for a function returns the function code address,
and not the descriptor address. Since we emit code calling gdb_collect
and some other functions, we need the descriptor (no way to know the
proper TOC address without it). To get the descriptor address, make
global function pointer variables in the IPA pointing to the relevant
functions and read them instead of asking for them directly via qSymbol.
gdb/gdbserver/ChangeLog:
* linux-aarch64-ipa.c: Rename gdb_agent_get_raw_reg to get_raw_reg.
* linux-amd64-ipa.c: Likewise.
* linux-i386-ipa.c: Likewise.
* linux-s390-ipa.c: Likewise.
* tracepoint.c: IPA-export gdb_collect_ptr instead of gdb_collect,
ditto for get_raw_reg_ptr, get_trace_state_variable_value_ptr,
set_trace_state_variable_value_ptr.
(struct ipa_sym_addresses): Likewise.
(symbol_list): Likewise.
(install_fast_tracepoint): Dereference gdb_collect_ptr instead of
accessing gdb_collect directly.
(gdb_collect_ptr_type): New typedef.
(get_raw_reg_ptr_type): New typedef.
(get_trace_state_variable_value_ptr_type): New typedef.
(set_trace_state_variable_value_ptr_type): New typedef.
(gdb_collect_ptr): New global.
(get_raw_reg_ptr): New global.
(get_trace_state_variable_value_ptr): New global.
(set_trace_state_variable_value_ptr): New global.
(get_raw_reg_func_addr): Dereference get_raw_reg_ptr instead of
accessing get_raw_reg directly.
(get_get_tsv_func_addr): Likewise for
get_trace_state_variable_value_ptr.
(get_set_tsv_func_addr): Likewise for
set_trace_state_variable_value_ptr.
* tracepoint.h: Rename gdb_agent_get_raw_reg to get_raw_reg.
If gdbserver and IPA are using different tdesc, they will disagree
about 'R' trace packet size. This results in mangled traces.
To make sure they pick the same tdesc, gdbserver pokes the tdesc
(specified as an index in a target-specific list) into a global
variable in IPA. In theory, IPA could find out the tdesc on its
own, but that may be complex (in particular, I don't know how to
tell whether we have LAST_BREAK on s390 without messing with ptrace),
and we'd have to duplicate the logic.
Tested on i386 and x86_64. On i386, it fixes two FAILs in ftrace.exp.
On x86_64, these failures have been KFAILed - one of them works now,
but the other now fails due to an unrelated reason (ugh).
gdb/gdbserver/ChangeLog:
PR gdb/13808
* Makefile.in: Add i386-*-linux-ipa.o and amd64-*-linux-ipa.o.
* configure.srv: Ditto.
* linux-aarch64-ipa.c (get_ipa_tdesc): New function.
(initialize_low_tracepoint): Remove ipa_tdesc assignment.
* linux-amd64-ipa.c: Add "linux-x86-tdesc.h" include.
(init_registers_amd64_linux): Remove prototype.
(tdesc_amd64_linux): Remove declaration.
(get_ipa_tdesc): New function.
(initialize_low_tracepoint): Remove ipa_tdesc assignment,
initialize remaining tdescs.
* linux-i386-ipa.c: Add "linux-x86-tdesc.h" include.
(init_registers_i386_linux): Remove prototype.
(tdesc_i386_linux): Remove declaration.
(get_ipa_tdesc): New function.
(initialize_low_tracepoint): Remove ipa_tdesc assignment,
initialize remaining tdescs.
* linux-low.c (linux_get_ipa_tdesc_idx): New function.
(linux_target_ops): wire in linux_get_ipa_tdesc_idx.
* linux-low.h (struct linux_target_ops): Add get_ipa_tdesc_idx.
* linux-x86-low.c: Move tdesc declarations to linux-x86-tdesc.h.
(x86_get_ipa_tdesc_idx): New function.
(the_low_target): Wire in x86_get_ipa_tdesc_idx.
* linux-x86-tdesc.h: New file.
* target.h (struct target_ops): Add get_ipa_tdesc_idx.
(target_get_ipa_tdesc_idx): New macro.
* tracepoint.c (ipa_tdesc_idx): New macro.
(struct ipa_sym_addresses): Add addr_ipa_tdesc_idx.
(symbol_list): Add ipa_tdesc_idx.
(cmd_qtstart): Write ipa_tdesc_idx in the target.
(ipa_tdesc): Remove.
(ipa_tdesc_idx): New variable.
(get_context_regcache): Use get_ipa_tdesc.
(gdb_collect): Ditto.
(gdb_probe): Ditto.
* tracepoint.h (get_ipa_tdesc): New prototype.
(ipa_tdesc): Remove.
gdb/testsuite/ChangeLog:
PR gdb/13808
* gdb.trace/ftrace.exp (test_fast_tracepoints): Remove kfail.
This patch adds support for fast tracepoints for aarch64-linux. With this
implementation, a tracepoint can only be placed in a +/- 128MB range of
the jump pad. This is due to the unconditional branch instruction
being limited to a (26 bit << 2) offset from the current PC.
Three target operations are implemented:
- target_install_fast_tracepoint_jump_pad
Building the jump pad the biggest change of this patch. We need to add
functions to emit all instructions needed to save and restore the
current state when the tracepoint is hit. As well as implementing a
lock and creating a collecting_t object identifying the current thread.
Steps performed by the jump pad:
* Save the current state on the stack.
* Push a collecting_t object on the stack. We read the special
tpidr_el0 system register to get the thread ID.
* Spin-lock on the shared memory location of all tracing threads. We
write the address of our collecting_t object there once we have the
lock.
* Call gdb_collect.
* Release the lock.
* Restore the state.
* Execute the replaced instruction which will have been relocated.
* Jump back to the program.
- target_get_thread_area
As implemented in ps_get_thread_area, target_get_thread_area uses ptrace
to fetch the NT_ARM_TLS register. At the architecture level, NT_ARM_TLS
represents the tpidr_el0 system register.
So this ptrace call (if lwpid is the current thread):
~~~
ptrace (PTRACE_GETREGSET, lwpid, NT_ARM_TLS, &iovec);
~~~
Is equivalent to the following instruction:
~~~
msr x0, tpidr_el0
~~~
This instruction is used when creating the collecting_t object that
GDBserver can read to know if a given thread is currently tracing.
So target_get_thread_area must get the same thread IDs as what the jump
pad writes into its collecting_t object.
- target_get_min_fast_tracepoint_insn_len
This just returns 4.
gdb/gdbserver/ChangeLog:
* Makefile.in (linux-aarch64-ipa.o, aarch64-ipa.o): New rules.
* configure.srv (aarch64*-*-linux*): Add linux-aarch64-ipa.o and
aarch64-ipa.o.
* linux-aarch64-ipa.c: New file.
* linux-aarch64-low.c: Include arch/aarch64-insn.h, inttypes.h
and endian.h.
(aarch64_get_thread_area): New target method.
(extract_signed_bitfield): New helper function.
(aarch64_decode_ldr_literal): New function.
(enum aarch64_opcodes): New enum.
(struct aarch64_register): New struct.
(struct aarch64_operand): New struct.
(x0): New static global.
(x1): Likewise.
(x2): Likewise.
(x3): Likewise.
(x4): Likewise.
(w2): Likewise.
(ip0): Likewise.
(sp): Likewise.
(xzr): Likewise.
(aarch64_register): New helper function.
(register_operand): Likewise.
(immediate_operand): Likewise.
(struct aarch64_memory_operand): New struct.
(offset_memory_operand): New helper function.
(preindex_memory_operand): Likewise.
(enum aarch64_system_control_registers): New enum.
(ENCODE): New macro.
(emit_insn): New helper function.
(emit_b): New function.
(emit_bcond): Likewise.
(emit_cb): Likewise.
(emit_tb): Likewise.
(emit_blr): Likewise.
(emit_stp): Likewise.
(emit_ldp_q_offset): Likewise.
(emit_stp_q_offset): Likewise.
(emit_load_store): Likewise.
(emit_ldr): Likewise.
(emit_ldrsw): Likewise.
(emit_str): Likewise.
(emit_ldaxr): Likewise.
(emit_stxr): Likewise.
(emit_stlr): Likewise.
(emit_data_processing_reg): Likewise.
(emit_data_processing): Likewise.
(emit_add): Likewise.
(emit_sub): Likewise.
(emit_mov): Likewise.
(emit_movk): Likewise.
(emit_mov_addr): Likewise.
(emit_mrs): Likewise.
(emit_msr): Likewise.
(emit_sevl): Likewise.
(emit_wfe): Likewise.
(append_insns): Likewise.
(can_encode_int32_in): New helper function.
(aarch64_relocate_instruction): New function.
(aarch64_install_fast_tracepoint_jump_pad): Likewise.
(aarch64_get_min_fast_tracepoint_insn_len): Likewise.
(struct linux_target_ops): Install aarch64_get_thread_area,
aarch64_install_fast_tracepoint_jump_pad and
aarch64_get_min_fast_tracepoint_insn_len.
Yao Qi
Alan Hayward
Joel Brobecker
Marcin Kościelnicki
Pierre Langlois