backtrace-clang.S source code [linux/arch/arm/lib/backtrace-clang.S]

1	/ SPDX-License-Identifier: GPL-2.0-only /
2	/*
3	* linux/arch/arm/lib/backtrace-clang.S
4	*
5	* Copyright (C) 2019 Nathan Huckleberry
6	*
7	*/
8	#include <linux/kern_levels.h>
9	#include <linux/linkage.h>
10	#include <asm/assembler.h>
11	.text
12
13	/ fp is 0 or stack frame /
14
15	#define frame r4
16	#define sv_fp r5
17	#define sv_pc r6
18	#define mask r7
19	#define sv_lr r8
20	#define loglvl r9
21
22	ENTRY(c_backtrace)
23
24	#if !defined(CONFIG_FRAME_POINTER) \|\| !defined(CONFIG_PRINTK)
25	ret lr
26	ENDPROC(c_backtrace)
27	#else
28
29
30	/*
31	* Clang does not store pc or sp in function prologues so we don't know exactly
32	* where the function starts.
33	*
34	* We can treat the current frame's lr as the saved pc and the preceding
35	* frame's lr as the current frame's lr, but we can't trace the most recent
36	* call. Inserting a false stack frame allows us to reference the function
37	* called last in the stacktrace.
38	*
39	* If the call instruction was a bl we can look at the callers branch
40	* instruction to calculate the saved pc. We can recover the pc in most cases,
41	* but in cases such as calling function pointers we cannot. In this case,
42	* default to using the lr. This will be some address in the function, but will
43	* not be the function start.
44	*
45	* Unfortunately due to the stack frame layout we can't dump r0 - r3, but these
46	* are less frequently saved.
47	*
48	* Stack frame layout:
49	* <larger addresses>
50	* saved lr
51	* frame=> saved fp
52	* optionally saved caller registers (r4 - r10)
53	* optionally saved arguments (r0 - r3)
54	* <top of stack frame>
55	* <smaller addresses>
56	*
57	* Functions start with the following code sequence:
58	* corrected pc => stmfd sp!, {..., fp, lr}
59	* add fp, sp, #x
60	* stmfd sp!, {r0 - r3} (optional)
61	*
62	*
63	*
64	*
65	*
66	*
67	* The diagram below shows an example stack setup for dump_stack.
68	*
69	* The frame for c_backtrace has pointers to the code of dump_stack. This is
70	* why the frame of c_backtrace is used to for the pc calculation of
71	* dump_stack. This is why we must move back a frame to print dump_stack.
72	*
73	* The stored locals for dump_stack are in dump_stack's frame. This means that
74	* to fully print dump_stack's frame we need both the frame for dump_stack (for
75	* locals) and the frame that was called by dump_stack (for pc).
76	*
77	* To print locals we must know where the function start is. If we read the
78	* function prologue opcodes we can determine which variables are stored in the
79	* stack frame.
80	*
81	* To find the function start of dump_stack we can look at the stored LR of
82	* show_stack. It points at the instruction directly after the bl dump_stack.
83	* We can then read the offset from the bl opcode to determine where the branch
84	* takes us. The address calculated must be the start of dump_stack.
85	*
86	* c_backtrace frame dump_stack:
87	* {[LR] } ============\| ...
88	* {[FP] } =======\| \| bl c_backtrace
89	* \| \|=> ...
90	* {[R4-R10]} \|
91	* {[R0-R3] } \| show_stack:
92	* dump_stack frame \| ...
93	* {[LR] } =============\| bl dump_stack
94	* {[FP] } <=======\| \|=> ...
95	* {[R4-R10]}
96	* {[R0-R3] }
97	*/
98
99	stmfd sp!, {r4 - r9, fp, lr} @ Save an extra register
100	@ to ensure `8` byte alignment
101	movs frame, r0 @ if frame pointer is zero
102	beq no_frame @ we have no stack frames
103	mov loglvl, r2
104	tst r1, #`0x10` @ `26` or `32`-bit mode?
105	moveq mask, #`0xfc000003`
106	movne mask, #`0` @ mask for `32`-bit
107
108	/*
109	* Switches the current frame to be the frame for dump_stack.
110	*/
111	add frame, sp, #`24` @ switch to false frame
112	for_each_frame: tst frame, mask @ Check for address exceptions
113	bne no_frame
114
115	/*
116	* sv_fp is the stack frame with the locals for the current considered
117	* function.
118	*
119	* sv_pc is the saved lr frame the frame above. This is a pointer to a code
120	* address within the current considered function, but it is not the function
121	* start. This value gets updated to be the function start later if it is
122	* possible.
123	*/
124	`1001`: ldr sv_pc, [frame, #`4`] @ get saved `'pc'`
125	`1002`: ldr sv_fp, [frame, #`0`] @ get saved fp
126
127	teq sv_fp, mask @ make sure next frame exists
128	beq no_frame
129
130	/*
131	* sv_lr is the lr from the function that called the current function. This is
132	* a pointer to a code address in the current function's caller. sv_lr-4 is
133	* the instruction used to call the current function.
134	*
135	* This sv_lr can be used to calculate the function start if the function was
136	* called using a bl instruction. If the function start can be recovered sv_pc
137	* is overwritten with the function start.
138	*
139	* If the current function was called using a function pointer we cannot
140	* recover the function start and instead continue with sv_pc as an arbitrary
141	* value within the current function. If this is the case we cannot print
142	* registers for the current function, but the stacktrace is still printed
143	* properly.
144	*/
145	`1003`: ldr sv_lr, [sv_fp, #`4`] @ get saved lr from next frame
146
147	`1004`: ldr r0, [sv_lr, #-`4`] @ get call instruction
148	ldr r3, .Lopcode+`4`
149	and r2, r3, r0 @ is this a bl call
150	teq r2, r3
151	bne finished_setup @ give up if it's not
152	and r0, #`0xffffff` @ get call offset `24`-bit int
153	lsl r0, r0, #`8` @ sign extend offset
154	asr r0, r0, #`8`
155	ldr sv_pc, [sv_fp, #`4`] @ get lr address
156	add sv_pc, sv_pc, #-`4` @ get call instruction address
157	add sv_pc, sv_pc, #`8` @ take care of prefetch
158	add sv_pc, sv_pc, r0, lsl #`2`@ find function start
159
160	finished_setup:
161
162	bic sv_pc, sv_pc, mask @ mask PC/LR for the mode
163
164	/*
165	* Print the function (sv_pc) and where it was called from (sv_lr).
166	*/
167	mov r0, sv_pc
168
169	mov r1, sv_lr
170	mov r2, frame
171	bic r1, r1, mask @ mask PC/LR for the mode
172	mov r3, loglvl
173	bl dump_backtrace_entry
174
175	/*
176	* Test if the function start is a stmfd instruction to determine which
177	* registers were stored in the function prologue.
178	*
179	* If we could not recover the sv_pc because we were called through a function
180	* pointer the comparison will fail and no registers will print. Unwinding will
181	* continue as if there had been no registers stored in this frame.
182	*/
183	`1005`: ldr r1, [sv_pc, #`0`] @ if stmfd sp!, {..., fp, lr}
184	ldr r3, .Lopcode @ instruction exists,
185	teq r3, r1, lsr #`11`
186	ldr r0, [frame] @ locals are stored in
187	@ the preceding frame
188	subeq r0, r0, #`4`
189	mov r2, loglvl
190	bleq dump_backtrace_stm @ dump saved registers
191
192	/*
193	* If we are out of frames or if the next frame is invalid.
194	*/
195	teq sv_fp, #`0` @ zero saved fp means
196	beq no_frame @ no further frames
197
198	cmp sv_fp, frame @ next frame must be
199	mov frame, sv_fp @ above the current frame
200	#ifdef CONFIG_IRQSTACKS
201	@
202	@ Kernel stacks may be discontiguous in memory. If the next
203	@ frame is below the previous frame, accept it as long as it
204	@ lives in kernel memory.
205	@
206	cmpls sv_fp, #PAGE_OFFSET
207	#endif
208	bhi for_each_frame
209
210	`1006`: adr r0, .Lbad
211	mov r1, loglvl
212	mov r2, frame
213	bl _printk
214	no_frame: ldmfd sp!, {r4 - r9, fp, pc}
215	ENDPROC(c_backtrace)
216	.pushsection __ex_table,"a"
217	.align `3`
218	.long `1001b`, `1006b`
219	.long `1002b`, `1006b`
220	.long `1003b`, `1006b`
221	.long `1004b`, finished_setup
222	.long `1005b`, `1006b`
223	.popsection
224
225	.Lbad: .asciz "%sBacktrace aborted due to bad frame pointer <%p>\n"
226	.align
227	.Lopcode: .word `0xe92d4800` >> `11` @ stmfd sp!, {... fp, lr}
228	.word `0x0b000000` @ bl if these bits are set
229
230	#endif
231

source code of linux/arch/arm/lib/backtrace-clang.S