arm: Fix broken page table permissions checks in remote GDB

The remote GDB interface currently doesn't check if translations are valid before reading memory. This causes a panic when GDB tries to access unmapped memory (e.g., when getting a stack trace). There are two reasons for this: 1) The function used to check for valid translations (virtvalid()) doesn't work and panics on invalid translations. 2) The method in the GDB interface used to test if a translation is valid (RemoteGDB::acc) always returns true regardless of the return from virtvalid(). This changeset fixes both of these issues.
2015-03-02 04:00:27 -05:00 · 2015-03-02 04:00:27 -05:00 · 34dcd90b61
commit 34dcd90b61
parent 670f44e05e
2 changed files with 25 additions and 17 deletions
--- a/src/arch/arm/remote_gdb.cc
+++ b/src/arch/arm/remote_gdb.cc
@ -142,6 +142,7 @@
 #include "arch/arm/system.hh"
 #include "arch/arm/utility.hh"
 #include "arch/arm/vtophys.hh"
+#include "base/chunk_generator.hh"
 #include "base/intmath.hh"
 #include "base/remote_gdb.hh"
 #include "base/socket.hh"
@ -172,16 +173,12 @@ bool
 RemoteGDB::acc(Addr va, size_t len)
 {
    if (FullSystem) {
-        Addr last_va;
-        va       = truncPage(va);
-        last_va  = roundPage(va + len);
-
-        do  {
-            if (virtvalid(context, va)) {
-                return true;
+        for (ChunkGenerator gen(va, len, PageBytes); !gen.done(); gen.next()) {
+            if (!virtvalid(context, gen.addr())) {
+                DPRINTF(GDBAcc, "acc:   %#x mapping is invalid\n", va);
+                return false;
            }
-            va += PageBytes;
-        } while (va < last_va);
+        }

        DPRINTF(GDBAcc, "acc:   %#x mapping is valid\n", va);
        return true;
--- a/src/arch/arm/vtophys.cc
+++ b/src/arch/arm/vtophys.cc
@ -63,8 +63,8 @@ ArmISA::vtophys(Addr vaddr)
    fatal("VTOPHYS: Can't convert vaddr to paddr on ARM without a thread context");
 }

-Addr
-ArmISA::vtophys(ThreadContext *tc, Addr addr)
+static std::pair<bool, Addr>
+try_translate(ThreadContext *tc, Addr addr)
 {
    Fault fault;
    // Set up a functional memory Request to pass to the TLB
@ -82,22 +82,33 @@ ArmISA::vtophys(ThreadContext *tc, Addr addr)
    tlb = static_cast<ArmISA::TLB*>(tc->getDTBPtr());
    fault = tlb->translateFunctional(&req, tc, BaseTLB::Read, TLB::NormalTran);
    if (fault == NoFault)
-        return req.getPaddr();
+        return std::make_pair(true, req.getPaddr());

    tlb = static_cast<ArmISA::TLB*>(tc->getITBPtr());
    fault = tlb->translateFunctional(&req, tc, BaseTLB::Read, TLB::NormalTran);
    if (fault == NoFault)
-        return req.getPaddr();
+        return std::make_pair(true, req.getPaddr());

-    panic("Table walkers support functional accesses. We should never get here\n");
+    return std::make_pair(false, 0);
+}
+
+Addr
+ArmISA::vtophys(ThreadContext *tc, Addr addr)
+{
+    const std::pair<bool, Addr> translation(try_translate(tc, addr));
+
+    if (translation.first)
+        return translation.second;
+    else
+        panic("Table walkers support functional accesses. We should never get here\n");
 }

 bool
 ArmISA::virtvalid(ThreadContext *tc, Addr vaddr)
 {
-    if (vtophys(tc, vaddr) != -1)
-        return true;
-    return false;
+    const std::pair<bool, Addr> translation(try_translate(tc, vaddr));
+
+    return translation.first;
 }