blob: b66439c5aa1675e12c148ebcea550964d76ef66f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
QEMU abort on Cortex-M breakpoint exception
Description of problem:
When a breakpoint exception is raised in a ARM Cortex-M board QEMU aborts.
```
$ qemu-system-arm --version
QEMU emulator version 8.0.90 (v8.1.0-rc0-21-gd1181d2937)
$ ./qemu-system-arm -M stm32vldiscovery -nographic -device loader,file=raw-bkpt.hex -d in_asm,exec,int
[...]
Trace 0: 0x7fac6c000100 [00800400/0000000000000100/00000110/ff200000]
----------------
IN:
0x00000110: be01 bkpt #1
Linking TBs 0x7fac6c000100 index 0 -> 0x7fac6c0002c0
Trace 0: 0x7fac6c0002c0 [00800400/0000000000000110/00000110/ff200000]
qemu-system-arm: ../target/arm/helper.c:12224: arm_security_space_below_el3: Assertion `!arm_feature(env, ARM_FEATURE_M)' failed.
```
Expected behavior:
```
$ qemu-system-arm --version
QEMU emulator version 7.1.0
$ ./qemu-system-arm -M stm32vldiscovery -nographic -device loader,file=raw-bkpt.hex -d in_asm,exec,int
[...]
Trace 0: 0x7f5408000100 [00800400/00000100/00000110/ff000000]
----------------
IN:
0x00000110: be01 bkpt #1
Linking TBs 0x7f5408000100 [00000100] index 0 -> 0x7f54080002c0 [00000110]
Trace 0: 0x7f54080002c0 [00800400/00000110/00000110/ff000000]
Taking exception 7 [Breakpoint] on CPU 0
...BusFault with BFSR.STKERR
...taking pending nonsecure exception 3
...loading from element 3 of non-secure vector table at 0xc
...loaded new PC 0x0
----------------
```
Steps to reproduce:
1. Run any Cortex-M firmware that raises a breakpoint exception. (minimal example attached)
Additional information:
- Minimal Reproducer:
[raw-bkpt.hex](/uploads/b9289c6f3a4feef015c8a3dffb4fc467/raw-bkpt.hex)
- This is **not** a duplicate of #1658 / #1740
- Stacktrace:
```
#2 0x00007ffff5a68538 in abort () at /usr/lib/libc.so.6
#3 0x00007ffff5a6845c in () at /usr/lib/libc.so.6
#4 0x00007ffff5a783d6 in () at /usr/lib/libc.so.6
#5 0x0000555555c55921 in arm_security_space_below_el3 (env=0x555556dc1b40) at ../target/arm/helper.c:12224
#6 arm_security_space_below_el3 (env=env@entry=0x555556dc1b40) at ../target/arm/helper.c:12222
#7 0x0000555555c48b08 in arm_is_secure_below_el3 (env=0x555556dc1b40) at ../target/arm/cpu.h:2465
#8 arm_is_el2_enabled (env=0x555556dc1b40) at ../target/arm/cpu.h:2517
#9 arm_debug_target_el (env=env@entry=0x555556dc1b40) at ../target/arm/debug_helper.c:24
#10 0x0000555555c49cb5 in helper_exception_bkpt_insn (env=0x555556dc1b40, syndrome=0xe2000001) at ../target/arm/debug_helper.c:510
#11 0x00007fffac0002d9 in code_gen_buffer ()
[...]
```
|