commit c0c57c8fa58346f3b0837a02c313e447c91b74c9
author Jerome Forissier <jerome@forissier.org> Wed Jan 08 14:57:32 2020 +0100
committer Jérôme Forissier <jerome@forissier.org> Wed Jan 08 17:10:29 2020 +0100
tree 2540d14b935424dc5c41f6f956c29c16e43f7c00
parent 824b34c04a9451983460de00a4f112c025eea311

symbolize.py: fix stack dump of TEE core with pager

Commit 105e09c24479 ("symbolize.py: add support for TEE core ASLR") has
introduced support for ASLR by using addresses relative to the .text
section. To this end, the '-j.text' option is passed to addr2line.
Unfortunately, it happens that addr2line does not like to be given
addresses that are outside the specified section. This can happen when
CFG_WITH_PAGER=y as shown in the following example:

 D/TC:4 0 TEE load address @ 0x3f000000
 D/TC:4 0 Call stack:
 D/TC:4 0  0x000000003f0080ac read_pc at optee_os/core/arch/arm/include/arm64.h:237
 D/TC:4 0  0x000000003f062984 ?? ??:0
 D/TC:4 0  0x000000003f007be4 wq_wait_final at optee_os/core/arch/arm/kernel/wait_queue.c:88
 D/TC:4 0  0x000000003f007698 __mutex_lock at optee_os/core/arch/arm/kernel/mutex.c:57
 D/TC:4 0  0x000000003f06c204 ?? ??:0
 D/TC:4 0  0x000000003f067160 ?? ??:0
 D/TC:4 0  0x000000003f06221c ?? ??:0
 D/TC:4 0  0x000000003f006298 thread_std_smc_entry at optee_os/core/arch/arm/kernel/thread_optee_smc_a64.S:162

The addresses that cannot be resolved happen to be inside section
.text_pageable, not .text (excerpt from readelf -e tee.elf):

 [Nr] Name              Type             Address           Offset
 [ 1] .text             PROGBITS         000000003f000000  00010000
 [11] .text_pageable    PROGBITS         000000003f05f388  0006f388

This commit choses a different approch. Instead of using relative
addresses, we keep absolute ones but correct them with the load address
in the ELF file:

 corrected address = supplied address - runtime start address
                                      + link time load address

Fixes: 105e09c24479 ("symbolize.py: add support for TEE core ASLR")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

scripts/symbolize.py

diff --git a/scripts/symbolize.py b/scripts/symbolize.py
index 5208edd..206e820 100755
--- a/scripts/symbolize.py
+++ b/scripts/symbolize.py
@@ -162,12 +162,7 @@
         cmd = self.arch_prefix('addr2line')
         if not cmd:
             return
-        args = [cmd]
-        if elf_name == 'tee.elf' and self._tee_load_addr != '0x0':
-            args += ['-j.text']
-        args += ['-f', '-p', '-e', elf]
-        self._addr2line = self.my_Popen(args)
-        self._addr2line_elf_name = elf_name
+        self._addr2line = self.my_Popen([cmd, '-f', '-p', '-e', elf])
 
     # If addr falls into a region that maps a TA ELF file, return the load
     # address of that file.
@@ -214,6 +209,9 @@
         self.spawn_addr2line(self.elf_for_addr(addr))
         if not reladdr or not self._addr2line:
             return '???'
+        if self.elf_for_addr(addr) == 'tee.elf':
+            reladdr = '0x{:x}'.format(int(reladdr, 16) +
+                                      int(self.first_vma('tee.elf'), 16))
         try:
             print(reladdr, file=self._addr2line.stdin)
             ret = self._addr2line.stdout.readline().rstrip('\n')
@@ -330,6 +328,10 @@
                     self._sections[elf_name].append([name, int(vma, 16),
                                                      int(size, 16)])
 
+    def first_vma(self, elf_name):
+        self.read_sections(elf_name)
+        return '0x{:x}'.format(self._sections[elf_name][0][1])
+
     def overlaps(self, section, addr, size):
         sec_addr = section[1]
         sec_size = section[2]