arm_adi_v5: fix SIGSEGV due to failing re-examine

Commit 35a503b ("arm_adi_v5: add ap refcount and add get/put
around ap use") modifies the examine functions of mem_ap, cortex_m,
cortex_a and aarch64 by calling dap_put_ap() and then looking again
for the mem-ap and calling dap_get_ap().
This causes an issue if the system is irresponsive and the examine
fails and left the AP pointer to NULL. If the system was already
examined the NULL pointer will cause a SIGSEGV.

Commit b6dad91 ("target/cortex_m: prevent segmentation fault
in cortex_m_poll()") proposes a fix for one specific case and only
on cortex_m.

Modify all the examine functions by skipping look-up for the AP if
it was already set in a previous examine; the target's AP is not
supposed to change during runtime.

Remove the partial fix for cortex_m as it is not needed anymore.

Change-Id: I806ec3b1b02fcc76e141c8dd3a65044febbf0a8c
Signed-off-by: Antonio Borneo <[email protected]>
Fixes: 35a503b ("arm_adi_v5: add ap refcount and add get/put around ap use")
Reviewed-on: https://review.openocd.org/c/openocd/+/7392
Tested-by: jenkins
Reviewed-by: Tomas Vanek <[email protected]>

Author: borneoa

src/target/aarch64.c

@@ -2546,23 +2546,20 @@ static int aarch64_examine_first(struct target *target)
 	if (!pc)
 		return ERROR_FAIL;
 
-	if (armv8->debug_ap) {
-		dap_put_ap(armv8->debug_ap);
-		armv8->debug_ap = NULL;
-	}
-
-	if (pc->adiv5_config.ap_num == DP_APSEL_INVALID) {
-		/* Search for the APB-AB */
-		retval = dap_find_get_ap(swjdp, AP_TYPE_APB_AP, &armv8->debug_ap);
-		if (retval != ERROR_OK) {
-			LOG_ERROR("Could not find APB-AP for debug access");
-			return retval;
-		}
-	} else {
-		armv8->debug_ap = dap_get_ap(swjdp, pc->adiv5_config.ap_num);
-		if (!armv8->debug_ap) {
-			LOG_ERROR("Cannot get AP");
-			return ERROR_FAIL;
+	if (!armv8->debug_ap) {
+		if (pc->adiv5_config.ap_num == DP_APSEL_INVALID) {
+			/* Search for the APB-AB */
+			retval = dap_find_get_ap(swjdp, AP_TYPE_APB_AP, &armv8->debug_ap);
+			if (retval != ERROR_OK) {
+				LOG_ERROR("Could not find APB-AP for debug access");
+				return retval;
+			}
+		} else {
+			armv8->debug_ap = dap_get_ap(swjdp, pc->adiv5_config.ap_num);
+			if (!armv8->debug_ap) {
+				LOG_ERROR("Cannot get AP");
+				return ERROR_FAIL;
+			}
 		}
 	}
 

src/target/cortex_a.c

@@ -2874,23 +2874,20 @@ static int cortex_a_examine_first(struct target *target)
 	int retval = ERROR_OK;
 	uint32_t didr, cpuid, dbg_osreg, dbg_idpfr1;
 
-	if (armv7a->debug_ap) {
-		dap_put_ap(armv7a->debug_ap);
-		armv7a->debug_ap = NULL;
-	}
-
-	if (pc->ap_num == DP_APSEL_INVALID) {
-		/* Search for the APB-AP - it is needed for access to debug registers */
-		retval = dap_find_get_ap(swjdp, AP_TYPE_APB_AP, &armv7a->debug_ap);
-		if (retval != ERROR_OK) {
-			LOG_ERROR("Could not find APB-AP for debug access");
-			return retval;
-		}
-	} else {
-		armv7a->debug_ap = dap_get_ap(swjdp, pc->ap_num);
-		if (!armv7a->debug_ap) {
-			LOG_ERROR("Cannot get AP");
-			return ERROR_FAIL;
+	if (!armv7a->debug_ap) {
+		if (pc->ap_num == DP_APSEL_INVALID) {
+			/* Search for the APB-AP - it is needed for access to debug registers */
+			retval = dap_find_get_ap(swjdp, AP_TYPE_APB_AP, &armv7a->debug_ap);
+			if (retval != ERROR_OK) {
+				LOG_ERROR("Could not find APB-AP for debug access");
+				return retval;
+			}
+		} else {
+			armv7a->debug_ap = dap_get_ap(swjdp, pc->ap_num);
+			if (!armv7a->debug_ap) {
+				LOG_ERROR("Cannot get AP");
+				return ERROR_FAIL;
+			}
 		}
 	}
 

src/target/cortex_m.c

@@ -879,16 +879,6 @@ static int cortex_m_poll(struct target *target)
 	struct cortex_m_common *cortex_m = target_to_cm(target);
 	struct armv7m_common *armv7m = &cortex_m->armv7m;
 
-	/* Check if debug_ap is available to prevent segmentation fault.
-	 * If the re-examination after an error does not find a MEM-AP
-	 * (e.g. the target stopped communicating), debug_ap pointer
-	 * can suddenly become NULL.
-	 */
-	if (!armv7m->debug_ap) {
-		target->state = TARGET_UNKNOWN;
-		return ERROR_TARGET_NOT_EXAMINED;
-	}
-
 	/* Read from Debug Halting Control and Status Register */
 	retval = cortex_m_read_dhcsr_atomic_sticky(target);
 	if (retval != ERROR_OK) {
@@ -2311,23 +2301,20 @@ int cortex_m_examine(struct target *target)
 	/* hla_target shares the examine handler but does not support
 	 * all its calls */
 	if (!armv7m->is_hla_target) {
-		if (armv7m->debug_ap) {
-			dap_put_ap(armv7m->debug_ap);
-			armv7m->debug_ap = NULL;
-		}
-
-		if (cortex_m->apsel == DP_APSEL_INVALID) {
-			/* Search for the MEM-AP */
-			retval = cortex_m_find_mem_ap(swjdp, &armv7m->debug_ap);
-			if (retval != ERROR_OK) {
-				LOG_TARGET_ERROR(target, "Could not find MEM-AP to control the core");
-				return retval;
-			}
-		} else {
-			armv7m->debug_ap = dap_get_ap(swjdp, cortex_m->apsel);
-			if (!armv7m->debug_ap) {
-				LOG_ERROR("Cannot get AP");
-				return ERROR_FAIL;
+		if (!armv7m->debug_ap) {
+			if (cortex_m->apsel == DP_APSEL_INVALID) {
+				/* Search for the MEM-AP */
+				retval = cortex_m_find_mem_ap(swjdp, &armv7m->debug_ap);
+				if (retval != ERROR_OK) {
+					LOG_TARGET_ERROR(target, "Could not find MEM-AP to control the core");
+					return retval;
+				}
+			} else {
+				armv7m->debug_ap = dap_get_ap(swjdp, cortex_m->apsel);
+				if (!armv7m->debug_ap) {
+					LOG_ERROR("Cannot get AP");
+					return ERROR_FAIL;
+				}
 			}
 		}
 

src/target/mem_ap.c

@@ -136,15 +136,12 @@ static int mem_ap_examine(struct target *target)
 	struct mem_ap *mem_ap = target->arch_info;
 
 	if (!target_was_examined(target)) {
-		if (mem_ap->ap) {
-			dap_put_ap(mem_ap->ap);
-			mem_ap->ap = NULL;
-		}
-
-		mem_ap->ap = dap_get_ap(mem_ap->dap, mem_ap->ap_num);
 		if (!mem_ap->ap) {
-			LOG_ERROR("Cannot get AP");
-			return ERROR_FAIL;
+			mem_ap->ap = dap_get_ap(mem_ap->dap, mem_ap->ap_num);
+			if (!mem_ap->ap) {
+				LOG_ERROR("Cannot get AP");
+				return ERROR_FAIL;
+			}
 		}
 		target_set_examined(target);
 		target->state = TARGET_UNKNOWN;