53f8b0719d24e1eb545b90c61cfc482c86bcf57a
2 * Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved.
4 * SPDX-License-Identifier: BSD-3-Clause
11 #include <arch_helpers.h>
12 #include <common/debug.h>
13 #include <drivers/console.h>
15 /* Maximum number of entries in the backtrace to display */
16 #define UNWIND_LIMIT 20U
19 * If -fno-omit-frame-pointer is used:
21 * - AArch64: The AAPCS defines the format of the frame records and mandates the
22 * usage of r29 as frame pointer.
24 * - AArch32: The format of the frame records is not defined in the AAPCS.
25 * However, at least GCC and Clang use the same format. When they are forced
26 * to only generate A32 code (with -marm), they use r11 as frame pointer and a
27 * similar format as in AArch64. If interworking with T32 is enabled, the
28 * frame pointer is r7 and the format is different. This is not supported by
29 * this implementation of backtrace, so it is needed to use -marm.
32 /* Frame records form a linked list in the stack */
34 /* Previous frame record in the list */
35 struct frame_record
*parent
;
36 /* Return address of the function at this level */
37 uintptr_t return_addr
;
41 * Strip the Pointer Authentication Code (PAC) from the address to retrieve the
44 * The PAC field is stored on the high bits of the address and defined as:
45 * - PAC field = Xn[54:bottom_PAC_bit], when address tagging is used.
46 * - PAC field = Xn[63:56, 54:bottom_PAC_bit], without address tagging.
48 * With bottom_PAC_bit = 64 - TCR_ELx.TnSZ
51 static uintptr_t demangle_address(uintptr_t addr
)
53 unsigned int el
, t0sz
, bottom_pac_bit
;
54 uint64_t tcr
, pac_mask
;
57 * Different virtual address space size can be defined for each EL.
58 * Ensure that we use the proper one by reading the corresponding
61 el
= get_current_el();
65 } else if (el
== 2U) {
71 /* T0SZ = TCR_ELx[5:0] */
73 bottom_pac_bit
= 64 - t0sz
;
74 pac_mask
= (1ULL << bottom_pac_bit
) - 1;
76 /* demangle the address with the computed mask */
77 return (addr
& pac_mask
);
79 #endif /* ENABLE_PAUTH */
81 static const char *get_el_str(unsigned int el
)
85 } else if (el
== 2U) {
93 * Returns true if the address points to a virtual address that can be read at
94 * the current EL, false otherwise.
97 static bool is_address_readable(uintptr_t addr
)
99 unsigned int el
= get_current_el();
103 * When pointer authentication is enabled, the LR value saved on the
104 * stack contains a PAC. It must be stripped to retrieve the return
107 addr
= demangle_address(addr
);
112 } else if (el
== 2U) {
120 /* If PAR.F == 1 the address translation was aborted. */
121 if ((read_par_el1() & PAR_F_MASK
) != 0U)
126 #else /* if AARCH32 */
127 static bool is_address_readable(uintptr_t addr
)
129 unsigned int el
= get_current_el();
133 } else if (el
== 2U) {
141 /* If PAR.F == 1 the address translation was aborted. */
142 if ((read64_par() & PAR_F_MASK
) != 0U)
150 * Returns true if all the bytes in a given object are in mapped memory and an
151 * LDR using this pointer would succeed, false otherwise.
153 static bool is_valid_object(uintptr_t addr
, size_t size
)
160 /* Detect overflows */
161 if ((addr
+ size
) < addr
)
164 /* A pointer not aligned properly could trigger an alignment fault. */
165 if ((addr
& (sizeof(uintptr_t) - 1U)) != 0U)
168 /* Check that all the object is readable */
169 for (size_t i
= 0; i
< size
; i
++) {
170 if (!is_address_readable(addr
+ i
))
178 * Returns true if the specified address is correctly aligned and points to a
179 * valid memory region.
181 static bool is_valid_jump_address(uintptr_t addr
)
186 /* Check alignment. Both A64 and A32 use 32-bit opcodes */
187 if ((addr
& (sizeof(uint32_t) - 1U)) != 0U)
190 if (!is_address_readable(addr
))
197 * Returns true if the pointer points at a valid frame record, false otherwise.
199 static bool is_valid_frame_record(struct frame_record
*fr
)
201 return is_valid_object((uintptr_t)fr
, sizeof(struct frame_record
));
205 * Adjust the frame-pointer-register value by 4 bytes on AArch32 to have the
206 * same layout as AArch64.
208 static struct frame_record
*adjust_frame_record(struct frame_record
*fr
)
213 return (struct frame_record
*)((uintptr_t)fr
- 4U);
217 static void unwind_stack(struct frame_record
*fr
, uintptr_t current_pc
,
218 uintptr_t link_register
)
221 static const char *backtrace_str
= "%u: %s: 0x%lx\n";
222 const char *el_str
= get_el_str(get_current_el());
224 if (!is_valid_frame_record(fr
)) {
225 printf("ERROR: Corrupted frame pointer (frame record address = %p)\n",
230 if (fr
->return_addr
!= link_register
) {
231 printf("ERROR: Corrupted stack (frame record address = %p)\n",
236 /* The level 0 of the backtrace is the current backtrace function */
237 printf(backtrace_str
, 0U, el_str
, current_pc
);
240 * The last frame record pointer in the linked list at the beginning of
241 * the stack should be NULL unless stack is corrupted.
243 for (unsigned int i
= 1U; i
< UNWIND_LIMIT
; i
++) {
244 /* If an invalid frame record is found, exit. */
245 if (!is_valid_frame_record(fr
))
248 * A32 and A64 are fixed length so the address from where the
249 * call was made is the instruction before the return address,
250 * which is always 4 bytes before it.
252 call_site
= fr
->return_addr
- 4U;
256 * When pointer authentication is enabled, the LR value saved on
257 * the stack contains a PAC. It must be stripped to retrieve the
260 call_site
= demangle_address(call_site
);
264 * If the address is invalid it means that the frame record is
265 * probably corrupted.
267 if (!is_valid_jump_address(call_site
))
270 printf(backtrace_str
, i
, el_str
, call_site
);
272 fr
= adjust_frame_record(fr
->parent
);
275 printf("ERROR: Max backtrace depth reached\n");
279 * Display a backtrace. The cookie string parameter is displayed along the
280 * trace to help filter the log messages.
282 * Many things can prevent displaying the expected backtrace. For example,
283 * compiler optimizations can use a branch instead of branch with link when it
284 * detects a tail call. The backtrace level for this caller will not be
285 * displayed, as it does not appear in the call stack anymore. Also, assembly
286 * functions will not be displayed unless they setup AAPCS compliant frame
287 * records on AArch64 and compliant with GCC-specific frame record format on
290 * Usage of the trace: addr2line can be used to map the addresses to function
291 * and source code location when given the ELF file compiled with debug
292 * information. The "-i" flag is highly recommended to improve display of
293 * inlined function. The *.dump files generated when building each image can
296 * WARNING: In case of corrupted stack, this function could display security
297 * sensitive information past the beginning of the stack so it must not be used
298 * in production build. This function is only compiled in when ENABLE_BACKTRACE
301 void backtrace(const char *cookie
)
303 uintptr_t return_address
= (uintptr_t)__builtin_return_address(0U);
304 struct frame_record
*fr
= __builtin_frame_address(0U);
306 /* Printing the backtrace may crash the system, flush before starting */
307 (void)console_flush();
309 fr
= adjust_frame_record(fr
);
311 printf("BACKTRACE: START: %s\n", cookie
);
313 unwind_stack(fr
, (uintptr_t)&backtrace
, return_address
);
315 printf("BACKTRACE: END: %s\n", cookie
);