# Copyright (C) 2021-2023 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # Test a binary that uses MTE and exercise various MTE-related scenarios. global hex global decimal # Return TAG in hex format with no leading zeroes. proc get_hex_tag { tag } { return [format "%x" $tag] } # Return TAG in the NN format where N is 4 bits of the byte. proc get_tag_nn { tag } { return [format "%02x" $tag] } # Return the address of PTR with a tag of TAG. proc get_tagged_ptr { tag ptr } { set addr [get_hexadecimal_valueof $ptr -1] return [get_valueof "/x" \ "${addr} & (0xf0ffffffffffffff) | ((unsigned long) ${tag} << 56)" \ "0" "fetch pointer ${ptr} with tag ${tag}"] } # Return the logical TAG from PTR. proc get_ltag_from_ptr { ptr } { set addr [get_hexadecimal_valueof $ptr -1] return [get_valueof "/x" "${addr} >> 56 & 0xf" -1 \ "fetch tag from pointer ${ptr}"] } require is_aarch64_target standard_testfile if { [prepare_for_testing "failed to prepare" ${testfile} ${srcfile}] } { return -1 } if ![runto_main] { return -1 } # Targets that don't support memory tagging should not execute the # runtime memory tagging tests. if {![supports_memtag]} { unsupported "memory tagging unsupported" return -1 } gdb_breakpoint "access_memory" if [gdb_continue "access_memory"] { return -1 } # Fetch a known pointer to an area mapped with PROT_MTE. set tagged_ptr_symbol "tagged_ptr" set tagged_ptr_addr [get_hexadecimal_valueof $tagged_ptr_symbol -1] if {$tagged_ptr_addr == -1} { unresolved "unexpected pointer or tag value" return -1 } # Fetch a known pointer to an area not mapped with PROT_MTE. set untagged_ptr_symbol "untagged_ptr" set untagged_ptr_addr [get_hexadecimal_valueof $untagged_ptr_symbol -1] if {$untagged_ptr_addr == -1} { unresolved "unexpected pointer or tag value" return -1 } with_test_prefix "literals" { # Test inspecting an allocation tag from a pointer to a memory area that # is not mapped with PROT_MTE. set msg "Address ${untagged_ptr_addr} not in a region mapped with a memory tagging flag\." gdb_test "memory-tag print-allocation-tag ${untagged_ptr_addr}" $msg \ "memory-tag print-allocation-tag with an untagged address" gdb_test "memory-tag set-allocation-tag ${untagged_ptr_addr} 1 00" $msg \ "memory-tag set-allocation-tag with an untagged address" set addr_tagged 0 set addr_tagged_valid 0 # Test setting and showing the logical tags for a literal address. for {set i 0} {$i < 32} {incr i} { with_test_prefix "tag ${i}" { set addr_tagged [get_tagged_ptr $i ${tagged_ptr_addr}] } set tag_hexnz [get_hex_tag [expr $i % 16]] gdb_test "memory-tag print-logical-tag ${addr_tagged}" \ " = 0x${tag_hexnz}" \ "print-logical-tag with tag ${i}" set tag_hexnn [get_tag_nn $i] gdb_test "memory-tag with-logical-tag ${addr_tagged} ${tag_hexnn}" \ " = \\(void \\*\\) ${addr_tagged}" \ "with-logical-tag with tag ${i}" } set atag_msg "Allocation tag\\(s\\) updated successfully\." # Test setting and showing the allocation tags. for {set i 0} {$i < 32} {incr i} { set tag_hexnn [get_tag_nn $i] gdb_test "memory-tag set-allocation-tag ${tagged_ptr_addr} 1 ${tag_hexnn}" \ $atag_msg \ "set-allocation-tag with tag ${i}" set tag_hexnz [get_hex_tag [expr $i % 16]] gdb_test "memory-tag print-allocation-tag ${tagged_ptr_addr}" " = 0x${tag_hexnz}" \ "print-allocation-tag with tag ${i}" } # Test tag mismatches. with_test_prefix "tag mismatches" { for {set i 0} {$i < 32} {incr i} { # Set the allocation tag to a known value. set tag_hexnn [get_tag_nn $i] gdb_test "memory-tag set-allocation-tag ${tagged_ptr_addr} 1 ${tag_hexnn}" \ $atag_msg \ "set-allocation-tag with tag ${i}" set atag_hexnz [get_hex_tag [expr $i % 16]] # Validate that the logical tag matches the allocation tag. with_test_prefix "tag ${i}" { set addr_tagged [get_tagged_ptr $i ${tagged_ptr_addr}] } gdb_test "memory-tag check ${addr_tagged}" \ "Memory tags for address $hex match \\(0x${atag_hexnz}\\)\." \ "check match with tag ${i}" # Get a pointer with the logical tag that does not match the # allocation tag. set ltag [expr $i + 1] with_test_prefix "fetch mismatch tag ${i}" { set addr_tagged [get_tagged_ptr $ltag ${tagged_ptr_addr}] } # Validate that the logical tag does not match the allocation # tag. set ltag_hexnz [get_hex_tag [expr [expr $i + 1]% 16]] gdb_test "memory-tag check ${addr_tagged}" \ "Logical tag \\(0x${ltag_hexnz}\\) does not match the allocation tag \\(0x${atag_hexnz}\\) for address $hex\." \ "check mismatch with tag ${i}" } } } with_test_prefix "symbolic" { # Test inspecting an allocation tag from a pointer to a memory area that # is not mapped with PROT_MTE. set msg "Address ${untagged_ptr_addr} not in a region mapped with a memory tagging flag\." gdb_test "memory-tag print-allocation-tag ${untagged_ptr_symbol}" $msg \ "memory-tag print-allocation-tag with an untagged address" gdb_test "memory-tag set-allocation-tag ${untagged_ptr_symbol} 1 00" $msg \ "memory-tag set-allocation-tag with an untagged address" # Test setting and showing the logical tags for a literal address. for {set i 0} {$i < 32} {incr i} { set addr_tagged 0 with_test_prefix "tag ${i}" { set addr_tagged [get_tagged_ptr $i ${tagged_ptr_addr}] gdb_test_no_output "set variable ${tagged_ptr_symbol} = ${addr_tagged}" \ "update value of symbol ${tagged_ptr_symbol}" } set tag_hexnz [get_hex_tag [expr $i % 16]] gdb_test "memory-tag print-logical-tag ${tagged_ptr_symbol}" \ " = 0x${tag_hexnz}" \ "print-logical-tag with tag ${i}" set tag_hexnn [get_tag_nn $i] gdb_test "memory-tag with-logical-tag ${tagged_ptr_symbol} ${tag_hexnn}" \ " = \\(void \\*\\) ${addr_tagged}" \ "with-logical-tag with tag ${i}" } # Reset the tagged ptr to its original value gdb_test_no_output "set variable ${tagged_ptr_symbol} = ${tagged_ptr_addr}" \ "reset ${tagged_ptr_symbol} to ${tagged_ptr_addr}" set atag_msg "Allocation tag\\(s\\) updated successfully\." # Test setting and showing the allocation tags. for {set i 0} {$i < 32} {incr i} { set tag_hexnn [get_tag_nn $i] gdb_test "memory-tag set-allocation-tag ${tagged_ptr_symbol} 1 ${tag_hexnn}" \ $atag_msg \ "set-allocation-tag with tag ${i}" set tag_hexnz [get_hex_tag [expr $i % 16]] gdb_test "memory-tag print-allocation-tag ${tagged_ptr_symbol}" \ " = 0x${tag_hexnz}" \ "print-allocation-tag with tag ${i}" } # Test tag mismatches. with_test_prefix "tag mismatches" { for {set i 0} {$i < 32} {incr i} { # Set the allocation tag to a known value (0). set tag_hexnn [get_tag_nn $i] gdb_test "memory-tag set-allocation-tag ${tagged_ptr_symbol} 1 ${tag_hexnn}" \ $atag_msg \ "set-allocation-tag with tag ${i}" set atag_hexnz [get_hex_tag [expr $i % 16]] # Validate that the logical tag matches the allocation tag. with_test_prefix "tag ${i}" { set addr_tagged [get_tagged_ptr $i ${tagged_ptr_addr}] } with_test_prefix "tag ${i}" { gdb_test_no_output "set variable ${tagged_ptr_symbol} = ${addr_tagged}" \ "set ${tagged_ptr_symbol} to a matching logical tag" } gdb_test "memory-tag check ${tagged_ptr_symbol}" \ "Memory tags for address $hex match \\(0x${atag_hexnz}\\)\." \ "check match with tag ${i}" # Get a pointer with the logical tag that does not match the # allocation tag. set ltag [expr $i + 1] with_test_prefix "fetch mismatch tag ${i}" { set addr_tagged [get_tagged_ptr $ltag ${tagged_ptr_addr}] } with_test_prefix "tag ${i}" { gdb_test_no_output "set variable ${tagged_ptr_symbol} = ${addr_tagged}" \ "set ${tagged_ptr_symbol} to a mismatching logical tag" } # Validate that the logical tag does not match the allocation # tag. set ltag_hexnz [get_hex_tag [expr [expr $i + 1]% 16]] gdb_test "memory-tag check ${tagged_ptr_symbol}" \ "Logical tag \\(0x${ltag_hexnz}\\) does not match the allocation tag \\(0x${atag_hexnz}\\) for address $hex\." \ "check mismatch with tag ${i}" } # Reset the tagged ptr to its original value gdb_test_no_output "set variable ${tagged_ptr_symbol} = ${tagged_ptr_addr}" \ "reset ${tagged_ptr_symbol} to ${tagged_ptr_addr}" } } # Test the memory tagging extensions for the "print" command. with_test_prefix "print command" { set untagged_ptr [get_tagged_ptr 0 ${tagged_ptr_addr}] with_test_prefix "fetch ltag" { set ltag [get_ltag_from_ptr ${tagged_ptr_addr}] } if {$ltag == -1} { unresolved "unexpected tag value" return -1 } set atag [expr [expr $ltag + 1] % 16] set atag_hexnn [get_tag_nn $atag] gdb_test "memory-tag set-allocation-tag ${tagged_ptr_symbol} 1 ${atag_hexnn}" \ $atag_msg \ "make atag and ltag different" set atag_hexnz [get_hex_tag $atag] gdb_test "p/x ${tagged_ptr_symbol}" \ [multi_line \ "Logical tag \\(${ltag}\\) does not match the allocation tag \\(0x${atag_hexnz}\\)\." \ "\\\$\[0-9\]+ = ${untagged_ptr}"] \ "show tag mismatch" } # Test the memory tagging extensions for the "x" command. with_test_prefix "x command" { # Check if the allocation tags match what we expect. gdb_test "x/gxm ${tagged_ptr_symbol}" \ [multi_line \ "" \ "$hex:\[ \t\]+$hex"] \ "outputs tag information" # Also make sure no tag information is output for memory areas without # PROT_MTE mappings. gdb_test "x/gxm ${untagged_ptr_symbol}" \ "$hex:\[ \t\]+$hex" \ "does not output tag information" } # Validate the presence of the MTE registers. foreach reg {"tag_ctl" } { gdb_test "info registers $reg" \ "$reg\[ \t\]+$hex\[ \t\]+$decimal" \ "register $reg available" } # Run until a crash and confirm GDB displays memory tag violation # information. gdb_test "continue" \ [multi_line \ "Program received signal SIGSEGV, Segmentation fault" \ "Memory tag violation while accessing address $hex" \ "Allocation tag $hex" \ "Logical tag $hex\." \ "$hex in access_memory \\(.*\\) at .*" \ ".*tagged_ptr\\\[0\\\] = 'a';"] \ "display tag violation information" # Restart to execute the async tag fault test. with_test_prefix "async" { if ![runto_main] { return -1 } gdb_breakpoint "access_memory" if [gdb_continue "access_memory"] { fail "could not run to tagged memory test function" return -1 } # Force a tag fault. gdb_test "memory-tag set-allocation-tag tagged_ptr 1 05" \ $atag_msg \ "make atag and ltag different" # Force the tag fault to be async. gdb_test_no_output "set \$tag_ctl=0x7fff5" "set tag_ctl to async" # Run until a crash and confirm GDB displays memory tag violation # information for async mode gdb_test "continue" \ [multi_line \ "Program received signal SIGSEGV, Segmentation fault" \ "Memory tag violation" \ "Fault address unavailable\." \ "$hex in .* \\(.*\\) .*"] \ "display tag violation information" }