From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 56229 invoked by alias); 2 Feb 2016 16:47:26 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 56207 invoked by uid 89); 2 Feb 2016 16:47:25 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.3 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 spammy=Saving, Corp, sk:return_, understood X-HELO: mga09.intel.com Received: from mga09.intel.com (HELO mga09.intel.com) (134.134.136.24) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 02 Feb 2016 16:47:23 +0000 Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga102.jf.intel.com with ESMTP; 02 Feb 2016 08:47:20 -0800 X-ExtLoop1: 1 Received: from irsmsx101.ger.corp.intel.com ([163.33.3.153]) by orsmga002.jf.intel.com with ESMTP; 02 Feb 2016 08:47:19 -0800 Received: from irsmsx112.ger.corp.intel.com (10.108.20.5) by IRSMSX101.ger.corp.intel.com (163.33.3.153) with Microsoft SMTP Server (TLS) id 14.3.248.2; Tue, 2 Feb 2016 16:47:18 +0000 Received: from irsmsx104.ger.corp.intel.com ([169.254.5.210]) by irsmsx112.ger.corp.intel.com ([169.254.1.159]) with mapi id 14.03.0248.002; Tue, 2 Feb 2016 16:47:18 +0000 From: "Tedeschi, Walfred" To: "brobecker@adacore.com" , "eliz@gnu.org" CC: "gdb-patches@sourceware.org" Subject: RE: [PATCH V3 2/2] Add mpx-bnd-init-on-return set/show command for inferior calls. Date: Tue, 02 Feb 2016 16:47:00 -0000 Message-ID: References: <1452688799-15633-1-git-send-email-walfred.tedeschi@intel.com> <1452688799-15633-3-git-send-email-walfred.tedeschi@intel.com> In-Reply-To: <1452688799-15633-3-git-send-email-walfred.tedeschi@intel.com> Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-IsSubscribed: yes X-SW-Source: 2016-02/txt/msg00061.txt.bz2 Joel, I know that we are under release right now.=20 But, in any case, have you had the chance to take a look on this patch? Should we wait post release for seeing this one? Also this one: https://sourceware.org/ml/gdb-patches/2016-01/msg00254.html Thanks and regards, -Fred -----Original Message----- From: Tedeschi, Walfred=20 Sent: Wednesday, January 13, 2016 1:40 PM To: brobecker@adacore.com; eliz@gnu.org Cc: gdb-patches@sourceware.org; Tedeschi, Walfred Subject: [PATCH V3 2/2] Add mpx-bnd-init-on-return set/show command for inf= erior calls. When using the return command, execution of a function is aborted and prese= nt values are returned from that point. That can cause bound violations in= the MPX context. To avoid such side-effects a new set variable was added = "mpx-bnd-init-on-return" which controls the initialization of bound registe= r when using the return command. As bound initialization it is understood the set of the BND register to zer= o allowing the associated pointer to access the whole memory. As default the value of "mpx-bnd-init-on-return" is set to 1. So bound reg= ister are initilized when using the "return" command. 2016-01-13 Walfred Tedeschi * i386-tdep.c (mpx_bnd_init_on_return): new external variable. (show_mpx_init_on_return): New function. (_initialize_i386_tdepamd64_init_abi): Add new commands set/show mpx-bnd-init-on-return. * amd64-tdep.c (amd64_return_value): Use mpx-bnd-init-on-return. * NEWS: Add entry for set/show mpx-bnd-init-on-return command. gdb/doc/ChangeLog: * gdb.texinfo (Intel Memory Protection Extensions): Add documentation on using set/show mpx-bnd-init-on-return. gdb/testsuite/ChangeLog: * amd64-mpx-call.c: New file. * amd64-mpx-call.exp: New file. --- gdb/NEWS | 4 + gdb/amd64-tdep.c | 32 ++++++++ gdb/doc/gdb.texinfo | 12 +++ gdb/i386-tdep.c | 27 +++++++ gdb/testsuite/gdb.arch/amd64-mpx-call.c | 126 ++++++++++++++++++++++++++= ++++ gdb/testsuite/gdb.arch/amd64-mpx-call.exp | 90 +++++++++++++++++++++ 6 files changed, 291 insertions(+) create mode 100644 gdb/testsuite/gdb.arch/amd64-mpx-call.c create mode 100644 gdb/testsuite/gdb.arch/amd64-mpx-call.exp diff --git a/gdb/NEWS b/gdb/NEWS index a222dfb..80022ec 100644 --- a/gdb/NEWS +++ b/gdb/NEWS @@ -3,6 +3,10 @@ =20 *** Changes since GDB 7.10 =20 +* show mpx-bnd-init-on-return + set mpx-bnd-init-on-return on i386 and amd64 + Support for set bound registers to INIT state when using the command re= turn. + * Record btrace now supports non-stop mode. =20 * Support for tracepoints on aarch64-linux was added in GDBserver. diff --git a/gdb/amd64-tdep.c b/gdb/amd64-tdep.c index 732e91b..0ce41d1 100= 644 --- a/gdb/amd64-tdep.c +++ b/gdb/amd64-tdep.c @@ -708,12 +708,14 @@ amd64_return_value (struct gdbarch *gdbarch, struct v= alue *function, gdb_byte *readbuf, const gdb_byte *writebuf) { enum amd64_reg_class theclass[2]; + struct gdbarch_tdep *tdep =3D gdbarch_tdep (gdbarch); int len =3D TYPE_LENGTH (type); static int integer_regnum[] =3D { AMD64_RAX_REGNUM, AMD64_RDX_REGNUM }; static int sse_regnum[] =3D { AMD64_XMM0_REGNUM, AMD64_XMM1_REGNUM }; int integer_reg =3D 0; int sse_reg =3D 0; int i; + extern int mpx_bnd_init_on_return; =20 gdb_assert (!(readbuf && writebuf)); =20 @@ -739,6 +741,25 @@ amd64_return_value (struct gdbarch *gdbarch, struct va= lue *function, =20 regcache_raw_read_unsigned (regcache, AMD64_RAX_REGNUM, &addr); read_memory (addr, readbuf, TYPE_LENGTH (type)); + + /* In MPX-enabled programs, if the class is MEMORY, boundary is + expected to be stored in bnd0 register. + + if the return value we are setting is due to the use of the + "return" command (WRITEBUF is not NULL), it is likely that + the return is made prematurely, and therefore bnd0 register + unset could then cause the program to receive a spurious + bound violation, but this is only done if + "set mpx-bnd-init-on-return" is true. */ + + if (writebuf !=3D NULL + && mpx_bnd_init_on_return && I387_BND0R_REGNUM (tdep) > 0) + { + gdb_byte bnd_buf[16]; + + memset (bnd_buf, 0, 16); + regcache_raw_write (regcache, I387_BND0R_REGNUM (tdep), bnd_buf); + } } =20 return RETURN_VALUE_ABI_RETURNS_ADDRESS; @@ -833,6 +854,17 @@ amd64_= return_value (struct gdbarch *gdbarch, struct value *function, writebuf + i * 8); } =20 + if (I387_BND0R_REGNUM (tdep) > 0) + { + gdb_byte bnd_buf[16]; + int i, init_bnd; + + memset (bnd_buf, 0, 16); + if (writebuf && mpx_bnd_init_on_return) + for (i =3D 0; i < I387_NUM_BND_REGS; i++) + regcache_raw_write (regcache, I387_BND0R_REGNUM (tdep) + i, bnd_buf); + } + return RETURN_VALUE_REGISTER_CONVENTION; } =20 diff --git a/gdb/doc/gdb.texinfo b/gdb/doc/gdb.texinfo index ccde84a..27020= ee 100644 --- a/gdb/doc/gdb.texinfo +++ b/gdb/doc/gdb.texinfo @@ -22072,6 +22072,18 @@ can access the whole memory, in this case the regi= ster bound register associated to it has value 0, e.g. if the register ass= ociated is bnd0raw its value will be @{0x0, 0x0@}. =20 +While the using the @command{return} bounds can propagate through=20 +execution causing a boundary violation. +The behaviour of initializing bounds when using @command{return} can be=20 +controlled and vizualized via the following commands: +@table @code +@kindex set mpx-bnd-init-on-return +When set to true bound registers will be set to the INIT state when=20 +using the "return" command. +@kindex show mpx-bnd-init-on-return +Show the state of mpx-bnd-init-on-return. +@end table + @node Alpha @subsection Alpha =20 diff --git a/gdb/i386-tdep.c b/gdb/i386-tdep.c index ebb21fc..4c3fa02 100644 --- a/gdb/i386-tdep.c +++ b/gdb/i386-tdep.c @@ -8864,6 +8864,24 @@ i386_mpx_set_bounds (char *args, int from_tty) bt_entry[i]); } =20 +/* The value of the "set mpx-bnd-init-on-return setting. */ + +int mpx_bnd_init_on_return =3D 1; + +/* Show state of the setting variable mpx-bnd-init-on-return. */ + +static void +show_mpx_bnd_init_on_return (struct ui_file *file, int from_tty, + struct cmd_list_element *c, const char *value) { + if (mpx_bnd_init_on_return) + fprintf_filtered (file, + _("BND registers will be initialized on return.\n")); + else + fprintf_filtered (file, + _("BND registers will not be initialized on return.\n")); } + static struct cmd_list_element *mpx_set_cmdlist, *mpx_show_cmdlist; =20 /* Helper function for the CLI commands. */ @@ -8940,6 +8958,15 @@ Show I= ntel(R) Memory Protection Extensions specific variables."), in the bound table.", &mpx_set_cmdlist); =20 + add_setshow_boolean_cmd ("mpx-bnd-init-on-return", no_class, + &mpx_bnd_init_on_return, _("\ + Set the bnd registers to INIT state when returning from a call."),=20 +_("\ Show the state of the mpx-bnd-init-on-return."), + NULL, + NULL, + show_mpx_bnd_init_on_return, + &setlist, &showlist); + gdbarch_register_osabi_sniffer (bfd_arch_i386, bfd_target_coff_flavour, i386_coff_osabi_sniffer); =20 diff --git a/gdb/testsuite/gdb.arch/amd64-mpx-call.c b/gdb/testsuite/gdb.ar= ch/amd64-mpx-call.c new file mode 100644 index 0000000..d05b8a8 --- /dev/null +++ b/gdb/testsuite/gdb.arch/amd64-mpx-call.c @@ -0,0 +1,126 @@ +/* Test for inferior function calls MPX context. + + Copyright (C) 2016 Free Software Foundation, Inc. + + Contributed by Intel Corp. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see=20 + . */ + +#include +#include "x86-cpuid.h" + +#define OUR_SIZE 5 + +int gx[OUR_SIZE]; +int ga[OUR_SIZE]; +int gb[OUR_SIZE]; +int gc[OUR_SIZE]; +int gd[OUR_SIZE]; + +unsigned int +have_mpx (void) +{ + unsigned int eax, ebx, ecx, edx; + + if (!__get_cpuid (1, &eax, &ebx, &ecx, &edx)) + return 0; + + if ((ecx & bit_OSXSAVE) =3D=3D bit_OSXSAVE) + { + if (__get_cpuid_max (0, NULL) < 7) + return 0; + + __cpuid_count (7, 0, eax, ebx, ecx, edx); + + if ((ebx & bit_MPX) =3D=3D bit_MPX) + return 1; + else + return 0; + } + return 0; +} + +int +bp1 (int value) +{ + return 1; +} + +int +bp2 (int value) +{ + return 1; +} + +int +upper (int *p, int *a, int *b, int *c, int *d, int len) { + int value; + + value =3D *(p + len); + value =3D *(a + len); + value =3D *(b + len); + value =3D *(c + len); + value =3D *(d + len); + + value =3D value - value + 1; + return value; +} + +int * +upper_ptr (int *p, int *a, int *b, int *c, int *d, int len) { + int value; + + value =3D *(p + len); + value =3D *(a + len); + value =3D *(b + len); + value =3D *(c + len); /* bkpt 2. */ + value =3D *(d + len); /* bkpt 3. */ + free (p); + p =3D calloc (OUR_SIZE * 2, sizeof (int)); + + return ++p; +} + + +int +main (void) +{ + if (have_mpx ()) + { + int sx[OUR_SIZE]; + int sa[OUR_SIZE]; + int sb[OUR_SIZE]; + int sc[OUR_SIZE]; + int sd[OUR_SIZE]; + int *x, *a, *b, *c, *d; + + x =3D calloc (OUR_SIZE, sizeof (int)); + a =3D calloc (OUR_SIZE, sizeof (int)); + b =3D calloc (OUR_SIZE, sizeof (int)); + c =3D calloc (OUR_SIZE, sizeof (int)); + d =3D calloc (OUR_SIZE, sizeof (int)); + + upper (sx, sa, sb, sc, sd, 0); /* bkpt 1. */ + x =3D upper_ptr (sx, sa, sb, sc, sd, 0); + + free (x); + free (a); + free (b); + free (c); + free (d); + } + return 0; +} diff --git a/gdb/testsuite/gdb.arch/amd64-mpx-call.exp b/gdb/testsuite/gdb.= arch/amd64-mpx-call.exp new file mode 100644 index 0000000..d9c6eba --- /dev/null +++ b/gdb/testsuite/gdb.arch/amd64-mpx-call.exp @@ -0,0 +1,90 @@ +# Copyright (C) 2016 Free Software Foundation, Inc. +# +# Contributed by Intel Corp. # # This=20 +program is free software; you can redistribute it and/or modify # it=20 +under the terms of the GNU General Public License as published by # the=20 +Free Software Foundation; either version 3 of the License, or # (at=20 +your option) any later version. +# +# This program is distributed in the hope that it will be useful, # but=20 +WITHOUT ANY WARRANTY; without even the implied warranty of #=20 +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU=20 +General Public License for more details. +# +# You should have received a copy of the GNU General Public License #=20 +along with this program. If not, see . + + +if { ![istarget i?86-*-*] && ![istarget x86_64-*-* ] } { + verbose "Skipping x86 MPX tests." + return +} + +standard_testfile + +set comp_flags "-mmpx -fcheck-pointer-bounds -I${srcdir}/../nat" + +if {[prepare_for_testing ${testfile}.exp ${testfile} ${srcfile} \ + [list debug nowarnings additional_flags=3D${comp_flags}]] } { + return -1 +} + +if ![runto_main] { + untested "could not run to main" + return -1 +} + +gdb_test_multiple "print have_mpx ()" "have mpx" { + -re ".*=3D 1\r\n$gdb_prompt " { + pass "check whether processor supports MPX" + } + -re ".*=3D 0\r\n$gdb_prompt " { + verbose "processor does not support MPX; skipping MPX tests" + return + } +} + +# Needed by the return command. +gdb_test_no_output "set confirm off" + +set break "bkpt 1." +gdb_breakpoint [gdb_get_line_number "${break}"]=20 +gdb_continue_to_breakpoint "${break}" ".*${break}.*" +gdb_test "p upper (x, a, b, c, d, 0)" "=3D 1"\ + "test the call of int function - int" +gdb_test "p upper_ptr (x, a, b, c, d, 0)"\ + "=3D \\\(int \\\*\\\) $hex" "test the call of function - ptr" + +set break "bkpt 2." +gdb_breakpoint [gdb_get_line_number "${break}"]=20 +gdb_continue_to_breakpoint "${break}" ".*${break}.*" +gdb_test "p \$bound0 =3D \$bnd0" "" "Saving the\ + bnd0 result in a convenience variable 1" + +gdb_test "return a" "#0 $hex in main.*" "First return" +gdb_test "p \(\$bnd0\.ubound =3D=3D \$bound0\.ubound\)"\ + "=3D 0" "return with bnd initialization off - ubound" +gdb_test "p \(\$bnd0\.lbound =3D=3D\$bound0\.lbound\)"\ + "=3D 0" "return with bnd initialization off - lbound" + +# Retesting with initialization off.=20 +# All breakpoints were deleted need to recreate what we need. +runto_main +gdb_test_no_output "set mpx-bnd-init-on-return off"\ + "Turn off initialization on return" + +set break "bkpt 3." +gdb_breakpoint [gdb_get_line_number "${break}"]=20 +gdb_continue_to_breakpoint "${break}" ".*${break}.*" +gdb_test "p \$bound0 =3D \$bnd0" "" "Saving the\ + bnd0 result in a convenience variable 2" +gdb_test "return a" "#0 $hex in main.*" "Second return" +gdb_test "p \(\$bnd0\.ubound =3D=3D \$bound0\.ubound\)"\ + "=3D 1" "return with bnd initialization on - ubound" +gdb_test "p \(\$bnd0\.lbound =3D=3D\$bound0\.lbound\)"\ + "=3D 1" "return with bnd initialization on - lbound" + +gdb_test "show mpx-bnd-init-on-return"\ + "BND registers will not be initialized on return\\."\ + "double check initialization on return" -- 2.1.4 Intel Deutschland GmbH Registered Address: Am Campeon 10-12, 85579 Neubiberg, Germany Tel: +49 89 99 8853-0, www.intel.de Managing Directors: Christin Eisenschmid, Christian Lamprechter Chairperson of the Supervisory Board: Nicole Lau Registered Office: Munich Commercial Register: Amtsgericht Muenchen HRB 186928