From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id BE5TN/6W2GnT/Q8AWB0awg (envelope-from ) for ; Fri, 10 Apr 2026 02:21:50 -0400 Authentication-Results: simark.ca; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=JW/yhZqD; dkim-atps=neutral Received: by simark.ca (Postfix, from userid 112) id CADE71E0BC; Fri, 10 Apr 2026 02:21:50 -0400 (EDT) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on simark.ca X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_VALIDITY_CERTIFIED_BLOCKED, RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED autolearn=ham autolearn_force=no version=4.0.1 Received: from vm01.sourceware.org (vm01.sourceware.org [38.145.34.32]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id 257221E08C for ; Fri, 10 Apr 2026 02:21:49 -0400 (EDT) Received: from vm01.sourceware.org (localhost [127.0.0.1]) by sourceware.org (Postfix) with ESMTP id 3E4E54BA2E04 for ; Fri, 10 Apr 2026 06:21:48 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3E4E54BA2E04 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=JW/yhZqD Received: from mail-dy1-x1332.google.com (mail-dy1-x1332.google.com [IPv6:2607:f8b0:4864:20::1332]) by sourceware.org (Postfix) with ESMTPS id 1458C4BA2E04 for ; Fri, 10 Apr 2026 06:21:21 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 1458C4BA2E04 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 1458C4BA2E04 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::1332 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1775802081; cv=none; b=IHi7+foD/z6yJXMb1i6C2H5VMAMk6/R19x9VOmgSx1zryXPENzhu7AaBD7Kl4krwFR2G2J6YJYDze43IX0aT5GTfDgoDZaxGMs+qM/YVbvvKp2Hm/yOGYRLnRUsBGsVr5ngJGCPH5qQaoVcU0WkGmhsSb6404fLuR++Dgr2RmHw= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1775802081; c=relaxed/simple; bh=PaIpdiwUuqso1kWAQDYAcknZUSkYFUe1TMEWZvWAhCM=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=du5mrGpvJqZsagyScU6abl1JMBarL4XcHhUKoe224dSOlAgoBWwORBgQiR+gz+O6baIapm/Jp5jU5n3X/3yQN3MWloFrRV5KiZEfr8xSeD8TvIwfFSN8y2NVwMv+bUT+jvKwNzGmwL8DFar3VbMcWEbhxEtfwrZqQb/n4icUa7o= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1458C4BA2E04 Received: by mail-dy1-x1332.google.com with SMTP id 5a478bee46e88-2c54c68db4dso2934652eec.0 for ; Thu, 09 Apr 2026 23:21:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1775802080; x=1776406880; darn=sourceware.org; h=content-transfer-encoding:mime-version:message-id:date:user-agent :references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=M722xqQibvehVAVLm9uOM4gWI06Jiy0yqUBISoGY+7g=; b=JW/yhZqDRW+iOahHxssen3fRRh6kRHQmbEMZwUD4GsDqEtW4Cp4IZw/4m3+MRjDiQS z68qOLs1TSSf3maUozwWa6w4ckOkuRSGBSQ8TneuLNP4g3Yauc2whYYldAbPi4mo4zD2 WQfzRttIDqmxE1+Px2PauwNzBALquqqiuUFCEm4RTaQJfogKNcamCarpn11n01ZMs7JO V7UnA+R3fKR2i91f/vGRNFnnzhXMfGaXRgBGpLBJXua27YujTnLGzpo2LI9PQrU4BgGl ALbYl+/zvqZyxvb4O3ciZLuDdMzo5OSsNzpY/gYBp4JJ5q13aqX9cO1QjzaiUrevSD8G J7Rg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775802080; x=1776406880; h=content-transfer-encoding:mime-version:message-id:date:user-agent :references:in-reply-to:subject:cc:to:from:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=M722xqQibvehVAVLm9uOM4gWI06Jiy0yqUBISoGY+7g=; b=I1T+ub/yu+2Y0QIBdEyE/5k6r3jNGRxi8qubj7MiMHr7DkZansxr7uZEeHmYW+IOKd rUE1yCHZtbBtDz8ajLplV4itRWiy4U+AqkoBOxBBwFaWG/VZsIKC1Lc9MNhrYkiIwxe5 J1E6/SoDzrE1gKcquQvhViqHZaYTCJKzPKlaQPJwgtezCaecDyX/oRK1M//AaYgwWOdM xEf546bN1Pe3SIl/lDbcUEkpfT0j2yNli87/mFT15KpP4Xh/CTk3TI8h1ahiSaM9gh6V f/so5eXCkmUdl2GnHWKWcFbSMFAZhJZr752cTNZ0xalAW1HdCVygnOMl41tnuLpZ6Vcz q9vg== X-Gm-Message-State: AOJu0YwknMEi4u5vvCK4s+hEujRbHjh8UiEhrkbly0wIW0buScmSvH39 Cp3bHD+rUQP5wclqym9QreEBnl2JKthl7qyCPmcCAnpto8+dkd/ixOy4eyuOphLW6eAEVJ6abtJ D6SDg X-Gm-Gg: AeBDieuE4PiEPtGgPlZiUOYXoQdRR5+UrKytaRtdm7wkZg/q7Qy5pkc4VyvJPoZfONk 0CdD2KzdGndj+H81nOI2jSZav7yAA1KHldmRMiWcfDkRf0+2CWpmF9J+0k2Me1NYaJz5ONoca1s t2qaOqbpj57cYrw0aPAhJVmNR4tT5ytL8XVIedz+Z6b9gmMNK4IB0UCTC2I7ZUpe2NWGcSMPZSL 0YILZYyaybHJVuXDRoDgLz7O5NDulekLceffKpiUdNS+/K242vxgNLPYZ5eI881uIFMb+C+i9rZ dtqR8Np7+5/FRoi8rYDiR7pMan9SiXP12cFjACPrJqSL1UGbTgJX4aa34rx7hdpZZ5zfrgP04wr o26QvTQBZe0zVvqh/wtb6L9D5x9B8V7Lfl0fiqqAjv4a/ywx55z2cTy/9IEdeyxqOpbfx5CkhvS 6DtZwrza2BZiZw27ytT4oIGVSFMCu6J4JizQ== X-Received: by 2002:a05:7300:3247:b0:2c7:3a7:c7a7 with SMTP id 5a478bee46e88-2d5898aa87dmr1101621eec.25.1775802079868; Thu, 09 Apr 2026 23:21:19 -0700 (PDT) Received: from localhost ([2804:14d:7e39:8083:f04c:42e3:5943:38f6]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-2d5630ac330sm2850064eec.29.2026.04.09.23.21.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Apr 2026 23:21:19 -0700 (PDT) From: Thiago Jung Bauermann To: "Schimpe, Christina" Cc: "gdb-patches@sourceware.org" Subject: Re: [PATCH v2 6/9] gdb: Add command option 'bt -shadow' to print the shadow stack backtrace. In-Reply-To: (Christina Schimpe's message of "Thu, 9 Apr 2026 15:12:19 +0000") References: <20260123080532.878738-1-christina.schimpe@intel.com> <20260123080532.878738-7-christina.schimpe@intel.com> <87bjh1y3xk.fsf@linaro.org> User-Agent: mu4e 1.14.0; emacs 30.2 Date: Fri, 10 Apr 2026 03:21:17 -0300 Message-ID: <875x5z1gki.fsf@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gdb-patches-bounces~public-inbox=simark.ca@sourceware.org Hello Christina, "Schimpe, Christina" writes: > Thanks a lot for your feedback.=20 You're welcome! Thank you for moving this forward. Sorry for the big delays on my side. More things going on at once than I'd like. > For the hook gdbarch_get_shadow_stack_size I still need your GCS implemen= tation. =F0=9F=98=8A=20 > I suggest a separate patch for this with you as the only author and I'll = include this in my v3 > then, too. Does that make sense? I think you also need aarch64_linux_is_no_return_shadow_stack_address, right? I'm including both in a a patch at the end of this email. There are FIXMEs in them to remind myself to do something better than assert if ssp is an invalid address. Perhaps throw an error as you mention below. Also, feel free to not provide the aarch64 versions of the hooks in this patch and the following one. I was planning to send them after your series goes in. The reason I wanted an aarch64 hook in the first patch was so that existing GCS functionality doesn't regress, but the hooks in the other patches are for new functionality so it's fine to have only the amd64 implementation. >> > + const unsigned long shadow_stack_bytes =3D range.second - *ssp; >> > + >> > + gdb_assert ((shadow_stack_bytes % 8) =3D=3D 0); >>=20 >> I don't think this should be an assert. If it fails, it triggers an inte= rnal error in >> GDB. In this case it could indeed mean an internal error (GDB somehow g= ot >> the SSP or range wrong), but it could also be (and probably more likely)= an >> inconsistent state of the inferior. This can happen in a program being d= ebugged >> so GDB should be able to handle it gracefully, and if possible provide u= seful >> information to the user. > > I agree. This is rather something that is outside GDB's control. > > From the documentation for internal errors: > "Internal errors indicate programming errors such as assertion failures, = as opposed to > more general errors beyond the application's control. " > > So based on that I rather would choose a normal error, not an internal er= ror. > What do you think ? The effect of the error being thrown would be just that the "bt -shadow" command is interrupted, right? If so, I think it's a good idea. >> > + return shadow_stack_bytes / 8; >> > +} --=20 Thiago >From 89f07938071f78c479ac045296afd562ab9ef93a Mon Sep 17 00:00:00 2001 From: Thiago Jung Bauermann Date: Tue, 10 Mar 2026 21:44:35 -0300 Subject: [PATCH] WIP GDB: aarch64-linux: Add gdbarch hooks for printing sha= dow stack Enables bt -shadow. There are still some FIXMEs to address. --- gdb/aarch64-linux-tdep.c | 38 ++++++++++++++++++++++++++++++++++++++ gdb/aarch64-tdep.c | 20 ++++++++++++++++++++ gdb/arch/aarch64.h | 3 +++ 3 files changed, 61 insertions(+) diff --git a/gdb/aarch64-linux-tdep.c b/gdb/aarch64-linux-tdep.c index f37b28067b8a..e9c9b8480aac 100644 --- a/gdb/aarch64-linux-tdep.c +++ b/gdb/aarch64-linux-tdep.c @@ -2615,6 +2615,42 @@ aarch64_linux_get_shadow_stack_pointer (gdbarch *gdb= arch, regcache *regcache, return gcspr; } =20 +/* Return true, if FRAME is a valid shadow stack frame while FRAME.VALUE + does not refer to a return address. This can happen, for instance, in + case of signals: a signal handling specific GCS cap token will be + written to the GCS. In case this is true, configure the string which + describes the frame and is displayed instead of the address in the + shadow stack backtrace. */ + +static bool +aarch64_linux_is_no_return_shadow_stack_address + (gdbarch *gdbarch, + const shadow_stack_frame_info &frame, + std::string &frame_type) +{ + /* FRAME must be a valid shadow stack frame. */ + bool valid_addr + =3D gdbarch_address_in_shadow_stack_memory_range (gdbarch, frame.ssp, + nullptr); + /* FIXME: Shouldn't be an assert. */ + gdb_assert (valid_addr =3D=3D true); + + /* If the GCS entry isn't a cap token, then it should be a return + address. */ + if ((frame.value & AARCH64_GCS_CAP_ADDR_MASK) !=3D frame.ssp) + return false; + + /* When delivering a signal, the Linux kernel writes a cap token with the + token type (bits 0..11) all clear. */ + if ((frame.value & AARCH64_GCS_CAP_TOKEN_MASK) =3D=3D 0) + { + frame_type =3D _(""); + return true; + } + + return false; +} + /* AArch64 Linux implementation of the report_signal_info gdbarch hook. Displays information about possible memory tag violations. */ =20 @@ -3193,6 +3229,8 @@ aarch64_linux_init_abi (struct gdbarch_info info, str= uct gdbarch *gdbarch) { set_gdbarch_get_shadow_stack_pointer (gdbarch, aarch64_linux_get_shadow_stack_pointer); + set_gdbarch_is_no_return_shadow_stack_address (gdbarch, + aarch64_linux_is_no_return_shadow_stack_address); tdep->fn_prev_gcspr =3D dwarf2_prev_ssp; } } diff --git a/gdb/aarch64-tdep.c b/gdb/aarch64-tdep.c index 112d42c6a1ac..6bf63bcc1f97 100644 --- a/gdb/aarch64-tdep.c +++ b/gdb/aarch64-tdep.c @@ -1926,6 +1926,24 @@ aarch64_top_addr_empty_shadow_stack (gdbarch *gdbarc= h, const CORE_ADDR addr, return addr >=3D range.second - 8; } =20 +/* Return the number of elements which are currently on the shadow stack + based on the shadow stack memory RANGE [start_address, end_address) + of the current thread. In case shadow stack is not enabled for the + current thread, return -1. */ + +static long +aarch64_get_shadow_stack_size (gdbarch *gdbarch, const CORE_ADDR ssp, + const std::pair range) +{ + const unsigned long shadow_stack_bytes =3D range.second - ssp; + + /* FIXME: Shouldn't be an assert. */ + gdb_assert ((shadow_stack_bytes % 8) =3D=3D 0); + + /* The oldest entry in the GCS isn't an address, just the value '0'. */ + return shadow_stack_bytes / 8 - 1; +} + /* Implement the "push_dummy_call" gdbarch method. */ =20 static CORE_ADDR @@ -4812,6 +4830,8 @@ aarch64_gdbarch_init (struct gdbarch_info info, struc= t gdbarch_list *arches) set_gdbarch_ssp_regnum (gdbarch, tdep->gcs_reg_base); set_gdbarch_top_addr_empty_shadow_stack (gdbarch, aarch64_top_addr_empty_shadow_stack); + set_gdbarch_get_shadow_stack_size (gdbarch, + aarch64_get_shadow_stack_size); } =20 /* ABI */ diff --git a/gdb/arch/aarch64.h b/gdb/arch/aarch64.h index 0e9715a4268a..7c69bfd01feb 100644 --- a/gdb/arch/aarch64.h +++ b/gdb/arch/aarch64.h @@ -246,6 +246,9 @@ enum aarch64_regnum /* Size of the SME2 ZT0 register in bytes. */ #define AARCH64_SME2_ZT0_SIZE 64 =20 +#define AARCH64_GCS_CAP_TOKEN_MASK ((uint64_t) 0xFFF) +#define AARCH64_GCS_CAP_ADDR_MASK ~AARCH64_GCS_CAP_TOKEN_MASK + /* Feature check for Floating Point Mode Register. */ #ifndef HWCAP2_FPMR #define HWCAP2_FPMR (1ULL << 48)