TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_docs / refs/heads/integration / . / debug / abort_dumps.rst
blob: ba6c13e7b46d8a14a37cb0f5167b88f1166fea0f [file] [log] [blame]
Joakim Bech8e5c5b32018-10-25 08:18:32 +0200[diff] [blame]1.. _abort_dumps:
2
3Abort dumps / call stack
4########################
5When OP-TEE encounters a serious error condition, it prints diagnostic
6information to the secure console. The message contains a call stack if
7``CFG_UNWIND=y`` (enabled by default).
8
9The following errors will trigger a dump:
10
11 - Data or prefetch abort exception in the TEE core (kernel mode) or in a TA
12 (user mode),
13
14 - When a user-mode Trusted Application panics, either by calling
15 ``TEE_Panic()`` directly or due to some error detected by the TEE Core
16 Internal API,
17
18 - When the TEE core detects a fatal error and decides to hang the system
19 because there is no way to proceed safely (core panic).
20
21The messages look slightly different depending on:
22
23 - Whether the error is an exception or a panic,
24
25 - The exception/privilege level when the exception occurred (PL0/EL0 if a
26 user mode Trusted Application was running, PL1/EL1 if it was the TEE core),
27
28 - Whether the TEE and TA are 32 or 64 bits,
29
30 - The exact type of exception (data or prefetch abort, translation fault,
31 read or write permission fault, alignment errors etc).
32
33Here is an example of a panic in a 32-bit Trusted Application, running on a
3432-bit TEE core (QEMU):
35
36.. code-block:: bash
37
38 E/TC:0 TA panicked with code 0x0
39 E/TC:0 Status of TA 484d4143-2d53-4841-3120-4a6f636b6542 (0xe07ba50) (active)
40 E/TC:0 arch: arm load address: 0x101000 ctx-idr: 1
41 E/TC:0 stack: 0x100000 4096
42 E/TC:0 region 0: va 0x100000 pa 0xe31d000 size 0x1000 flags rw-
43 E/TC:0 region 1: va 0x101000 pa 0xe300000 size 0xf000 flags r-x
44 E/TC:0 region 2: va 0x110000 pa 0xe30f000 size 0x3000 flags r--
45 E/TC:0 region 3: va 0x113000 pa 0xe312000 size 0xb000 flags rw-
46 E/TC:0 region 4: va 0 pa 0 size 0 flags ---
47 E/TC:0 region 5: va 0 pa 0 size 0 flags ---
48 E/TC:0 region 6: va 0 pa 0 size 0 flags ---
49 E/TC:0 region 7: va 0 pa 0 size 0 flags ---
50 E/TC:0 Call stack:
51 E/TC:0 0x001044a8
52 E/TC:0 0x0010ba59
53 E/TC:0 0x00101093
54 E/TC:0 0x001013ed
55 E/TC:0 0x00101545
56 E/TC:0 0x0010441b
57 E/TC:0 0x00104477
58 D/TC:0 user_ta_enter:452 tee_user_ta_enter: TA panicked with code 0x0
59 D/TC:0 tee_ta_invoke_command:649 Error: ffff3024 of 3
60 D/TC:0 tee_ta_close_session:402 tee_ta_close_session(0xe07be98)
61 D/TC:0 tee_ta_close_session:421 Destroy session
62 D/TC:0 tee_ta_close_session:447 Destroy TA ctx
63
64
65The above dump was triggered by the TA when entering an irrecoverable error
66ending up in a ``TEE_Panic(0)`` call.
67
68OP-TEE provides a helper script called ``symbolize.py`` to facilitate the
69analysis of such issues. It is located in the OP-TEE OS source tree in
70``scripts/symbolize.py`` and is also copied to the TA development kit.
71Whenever you are confronted with an error message reporting a serious error and
72containing a ``"Call stack:"`` line, you may use the symbolize script.
73
74``symbolize.py`` reads its input from ``stdin`` and writes extended debug
75information to ``stdout``. The ``-d`` (directories) option tells the script
76where to look for TA ELF file(s) (``<uuid>.stripped.elf``) or for ``tee.elf``
77(the TEE core). Please refer to ``symbolize.py --help`` for details.
78
79Typical output:
80
81.. code-block:: bash
82
83 $ cat dump.txt | ./optee_os/scripts/symbolize.py -d ./optee_examples/*/ta
84 # (or run the script, copy and paste the dump, then press Ctrl+D)
85 E/TC:0 TA panicked with code 0x0
86 E/TC:0 Status of TA 484d4143-2d53-4841-3120-4a6f636b6542 (0xe07ba50) (active)
87 E/TC:0 arch: arm load address: 0x101000 ctx-idr: 1
88 E/TC:0 stack: 0x100000 4096
89 E/TC:0 region 0: va 0x100000 pa 0xe31d000 size 0x1000 flags rw-
90 E/TC:0 region 1: va 0x101000 pa 0xe300000 size 0xf000 flags r-x .ta_head .text .rodata
91 E/TC:0 region 2: va 0x110000 pa 0xe30f000 size 0x3000 flags r-- .rodata .ARM.extab .ARM.extab.text.utee_panic .ARM.extab.text.__aeabi_ldivmod .ARM.extab.text.__aeabi_uldivmod .ARM.exidx .got .dynsym .rel.got .dynamic .dynstr .hash .rel.dyn
92 E/TC:0 region 3: va 0x113000 pa 0xe312000 size 0xb000 flags rw- .data .bss
93 E/TC:0 region 4: va 0 pa 0 size 0 flags ---
94 E/TC:0 region 5: va 0 pa 0 size 0 flags ---
95 E/TC:0 region 6: va 0 pa 0 size 0 flags ---
96 E/TC:0 region 7: va 0 pa 0 size 0 flags ---
97 E/TC:0 Call stack:
98 E/TC:0 0x001044a8 utee_panic at optee_os/lib/libutee/arch/arm/utee_syscalls_a32.S:74
99 E/TC:0 0x0010ba59 TEE_Panic at optee_os/lib/libutee/tee_api_panic.c:35
100 E/TC:0 0x00101093 hmac_sha1 at optee_examples/hotp/ta/hotp_ta.c:63
101 E/TC:0 0x001013ed get_hotp at optee_examples/hotp/ta/hotp_ta.c:171
102 E/TC:0 0x00101545 TA_InvokeCommandEntryPoint at optee_examples/hotp/ta/hotp_ta.c:225
103 E/TC:0 0x0010441b entry_invoke_command at optee_os/lib/libutee/arch/arm/user_ta_entry.c:207
104 E/TC:0 0x00104477 __utee_entry at optee_os/lib/libutee/arch/arm/user_ta_entry.c:235
105 D/TC:0 user_ta_enter:452 tee_user_ta_enter: TA panicked with code 0x0 ???
106 D/TC:0 tee_ta_invoke_command:649 Error: ffff3024 of 3
107 D/TC:0 tee_ta_close_session:402 tee_ta_close_session(0xe07be98)
108 D/TC:0 tee_ta_close_session:421 Destroy session
109 D/TC:0 tee_ta_close_session:447 Destroy TA ctx
110
111The Python script uses several tools from the GNU Binutils package to perform
112the following tasks:
113
114 1. Translate the call stack addresses into function names, file names and
115 line numbers.
116
117 2. Convert the abort address to a symbol plus some offset and/or an ELF
118 section name plus some offset.
119
120 3. Print the names of the ELF sections contained in each memory region of a
121 TA.
122
123Note that to successfully run ``symbolize.py`` you must also make your toolchain
124visible on the ``PATH`` (i.e., ``export PATH=<my-toolchain-path>/bin:$PATH``).