Hi Michael,
> On 28 Mar 2018, at 11:36, Matt Evans <[email protected]> wrote:
>
> Howdy Michael,
>
>> On 28 Mar 2018, at 06:54, Michael Ellerman <[email protected]> wrote:
>>
>> Matt Evans <[email protected]> writes:
>>
>>> When using SIG_DBG_BRANCH_TRACING, MSR.BE is left enabled in the
>>> user context when single_step_exception() prepares the SIGTRAP
>>> delivery. The resulting branch-trap-within-the-SIGTRAP-handler
>>> isn't healthy.
>>>
>>> Commit 2538c2d08f46141550a1e68819efa8fe31c6e3dc broke this, by
>>> replacing an MSR mask operation of ~(MSR_SE | MSR_BE) with a call
>>> to clear_single_step() which only clears MSR_SE.
>>>
>>> This patch adds a new helper, clear_br_trace(), which clears the
>>> debug trap before invoking the signal handler. This helper is a
>>> NOP for BookE as SIG_DBG_BRANCH_TRACING isn't supported on BookE.
>>>
>>> Signed-off-by: Matt Evans <[email protected]>
>>
>> Hi Matt!
>>
>> It seems we might not be regularly testing this code :}
>
> I know, rite? ;-)
>
>> How did you hit/find the bug? And do you have a test case by any chance?
>>
>> I found the test code at the bottom of:
>> https://lwn.net/Articles/114587/
>>
>> But it didn't immediately work.
>
> I'm using this feature as part of a debug harness I wrote to log a program’s
> control flow (to create a “known good” pattern to compare a PPC interpreter
> against). So at least the feature has /one/ user. ;-)
>
> The symptoms of the bug are that if you use single-stepping you get a
> sequence of SIGTRAPs representing each instruction completion (good), but if
> you use branch tracing the process just dies with SIGTRAP (looks like it’s
> never caught by the signal handler). What’s really happening is that there
> /is/ a signal delivered to the handler, but (because branch tracing is left
> on) that then causes a second debug exception from the handler itself, i.e.
> whilst SIGTRAP’s masked.
>
> OK, let me have a dig to reduce my program to something very basic and I’ll
> post something — sorry, I should’ve got a PoC ready before. (I did start out
> inspired by that post you linked to, but IIRC I don’t think it worked out of
> the box for me either.)
I’ve put a simple SIG_DBG_BRANCH_TRACING test program here:
http://ozlabs.org/~matt/files/sig_dbg_brtrace_test.c
It’s commented regarding expected output. I’ve only tested this on a G4 — it
should work on PPC64 too but the ISA says support for branch tracing is
optional for an implementation. I’d be interested in what POWERx does. :)
Cheers,
Matt
