1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2017-2018 John H. Baldwin <jhb@FreeBSD.org>
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
26 */
27
28 #include <sys/cdefs.h>
29
30 #include <sys/param.h>
31 #ifndef WITHOUT_CAPSICUM
32 #include <sys/capsicum.h>
33 #endif
34 #ifdef __FreeBSD__
35 #include <sys/endian.h>
36 #else
37 #include <endian.h>
38 #endif
39 #include <sys/ioctl.h>
40 #include <sys/mman.h>
41 #include <sys/queue.h>
42 #include <sys/socket.h>
43 #include <machine/atomic.h>
44 #include <machine/specialreg.h>
45 #include <machine/vmm.h>
46 #include <netinet/in.h>
47 #include <assert.h>
48 #ifndef WITHOUT_CAPSICUM
49 #include <capsicum_helpers.h>
50 #endif
51 #include <err.h>
52 #include <errno.h>
53 #include <fcntl.h>
54 #include <netdb.h>
55 #include <pthread.h>
56 #include <pthread_np.h>
57 #include <stdbool.h>
58 #include <stdio.h>
59 #include <stdlib.h>
60 #include <string.h>
61 #include <sysexits.h>
62 #include <unistd.h>
63 #include <vmmapi.h>
64
65 #include "bhyverun.h"
66 #include "config.h"
67 #include "gdb.h"
68 #include "mem.h"
69 #include "mevent.h"
70
71 /*
72 * GDB_SIGNAL_* numbers are part of the GDB remote protocol. Most stops
73 * use SIGTRAP.
74 */
75 #define GDB_SIGNAL_TRAP 5
76
77 static void gdb_resume_vcpus(void);
78 static void check_command(int fd);
79
80 static struct mevent *read_event, *write_event;
81
82 static cpuset_t vcpus_active, vcpus_suspended, vcpus_waiting;
83 static pthread_mutex_t gdb_lock;
84 static pthread_cond_t idle_vcpus;
85 static bool first_stop, report_next_stop, swbreak_enabled;
86
87 /*
88 * An I/O buffer contains 'capacity' bytes of room at 'data'. For a
89 * read buffer, 'start' is unused and 'len' contains the number of
90 * valid bytes in the buffer. For a write buffer, 'start' is set to
91 * the index of the next byte in 'data' to send, and 'len' contains
92 * the remaining number of valid bytes to send.
93 */
94 struct io_buffer {
95 uint8_t *data;
96 size_t capacity;
97 size_t start;
98 size_t len;
99 };
100
101 struct breakpoint {
102 uint64_t gpa;
103 uint8_t shadow_inst;
104 TAILQ_ENTRY(breakpoint) link;
105 };
106
107 /*
108 * When a vCPU stops to due to an event that should be reported to the
109 * debugger, information about the event is stored in this structure.
110 * The vCPU thread then sets 'stopped_vcpu' if it is not already set
111 * and stops other vCPUs so the event can be reported. The
112 * report_stop() function reports the event for the 'stopped_vcpu'
113 * vCPU. When the debugger resumes execution via continue or step,
114 * the event for 'stopped_vcpu' is cleared. vCPUs will loop in their
115 * event handlers until the associated event is reported or disabled.
116 *
117 * An idle vCPU will have all of the boolean fields set to false.
118 *
119 * When a vCPU is stepped, 'stepping' is set to true when the vCPU is
120 * released to execute the stepped instruction. When the vCPU reports
121 * the stepping trap, 'stepped' is set.
122 *
123 * When a vCPU hits a breakpoint set by the debug server,
124 * 'hit_swbreak' is set to true.
125 */
126 struct vcpu_state {
127 bool stepping;
128 bool stepped;
129 bool hit_swbreak;
130 };
131
132 static struct io_buffer cur_comm, cur_resp;
133 static uint8_t cur_csum;
134 static struct vmctx *ctx;
135 static int cur_fd = -1;
136 static TAILQ_HEAD(, breakpoint) breakpoints;
137 static struct vcpu_state *vcpu_state;
138 static struct vcpu **vcpus;
139 static int cur_vcpu, stopped_vcpu;
140 static bool gdb_active = false;
141
142 static const int gdb_regset[] = {
143 VM_REG_GUEST_RAX,
144 VM_REG_GUEST_RBX,
145 VM_REG_GUEST_RCX,
146 VM_REG_GUEST_RDX,
147 VM_REG_GUEST_RSI,
148 VM_REG_GUEST_RDI,
149 VM_REG_GUEST_RBP,
150 VM_REG_GUEST_RSP,
151 VM_REG_GUEST_R8,
152 VM_REG_GUEST_R9,
153 VM_REG_GUEST_R10,
154 VM_REG_GUEST_R11,
155 VM_REG_GUEST_R12,
156 VM_REG_GUEST_R13,
157 VM_REG_GUEST_R14,
158 VM_REG_GUEST_R15,
159 VM_REG_GUEST_RIP,
160 VM_REG_GUEST_RFLAGS,
161 VM_REG_GUEST_CS,
162 VM_REG_GUEST_SS,
163 VM_REG_GUEST_DS,
164 VM_REG_GUEST_ES,
165 VM_REG_GUEST_FS,
166 VM_REG_GUEST_GS
167 };
168
169 static const int gdb_regsize[] = {
170 8,
171 8,
172 8,
173 8,
174 8,
175 8,
176 8,
177 8,
178 8,
179 8,
180 8,
181 8,
182 8,
183 8,
184 8,
185 8,
186 8,
187 4,
188 4,
189 4,
190 4,
191 4,
192 4,
193 4
194 };
195
196 #ifdef GDB_LOG
197 #include <stdarg.h>
198 #include <stdio.h>
199
200 static void __printflike(1, 2)
debug(const char * fmt,...)201 debug(const char *fmt, ...)
202 {
203 static FILE *logfile;
204 va_list ap;
205
206 if (logfile == NULL) {
207 logfile = fopen("/tmp/bhyve_gdb.log", "w");
208 if (logfile == NULL)
209 return;
210 #ifndef WITHOUT_CAPSICUM
211 if (caph_limit_stream(fileno(logfile), CAPH_WRITE) == -1) {
212 fclose(logfile);
213 logfile = NULL;
214 return;
215 }
216 #endif
217 setlinebuf(logfile);
218 }
219 va_start(ap, fmt);
220 vfprintf(logfile, fmt, ap);
221 va_end(ap);
222 }
223 #else
224 #ifndef __FreeBSD__
225 /*
226 * A totally empty debug() makes the compiler grumpy due to how its used with
227 * some control flow here.
228 */
229 #define debug(...) do { } while (0)
230 #else
231 #define debug(...)
232 #endif
233 #endif
234
235 static void remove_all_sw_breakpoints(void);
236
237 static int
guest_paging_info(struct vcpu * vcpu,struct vm_guest_paging * paging)238 guest_paging_info(struct vcpu *vcpu, struct vm_guest_paging *paging)
239 {
240 uint64_t regs[4];
241 const int regset[4] = {
242 VM_REG_GUEST_CR0,
243 VM_REG_GUEST_CR3,
244 VM_REG_GUEST_CR4,
245 VM_REG_GUEST_EFER
246 };
247
248 if (vm_get_register_set(vcpu, nitems(regset), regset, regs) == -1)
249 return (-1);
250
251 /*
252 * For the debugger, always pretend to be the kernel (CPL 0),
253 * and if long-mode is enabled, always parse addresses as if
254 * in 64-bit mode.
255 */
256 paging->cr3 = regs[1];
257 paging->cpl = 0;
258 if (regs[3] & EFER_LMA)
259 paging->cpu_mode = CPU_MODE_64BIT;
260 else if (regs[0] & CR0_PE)
261 paging->cpu_mode = CPU_MODE_PROTECTED;
262 else
263 paging->cpu_mode = CPU_MODE_REAL;
264 if (!(regs[0] & CR0_PG))
265 paging->paging_mode = PAGING_MODE_FLAT;
266 else if (!(regs[2] & CR4_PAE))
267 paging->paging_mode = PAGING_MODE_32;
268 else if (regs[3] & EFER_LME)
269 paging->paging_mode = PAGING_MODE_64;
270 else
271 paging->paging_mode = PAGING_MODE_PAE;
272 return (0);
273 }
274
275 /*
276 * Map a guest virtual address to a physical address (for a given vcpu).
277 * If a guest virtual address is valid, return 1. If the address is
278 * not valid, return 0. If an error occurs obtaining the mapping,
279 * return -1.
280 */
281 static int
guest_vaddr2paddr(struct vcpu * vcpu,uint64_t vaddr,uint64_t * paddr)282 guest_vaddr2paddr(struct vcpu *vcpu, uint64_t vaddr, uint64_t *paddr)
283 {
284 struct vm_guest_paging paging;
285 int fault;
286
287 if (guest_paging_info(vcpu, &paging) == -1)
288 return (-1);
289
290 /*
291 * Always use PROT_READ. We really care if the VA is
292 * accessible, not if the current vCPU can write.
293 */
294 if (vm_gla2gpa_nofault(vcpu, &paging, vaddr, PROT_READ, paddr,
295 &fault) == -1)
296 return (-1);
297 if (fault)
298 return (0);
299 return (1);
300 }
301
302 static void
io_buffer_reset(struct io_buffer * io)303 io_buffer_reset(struct io_buffer *io)
304 {
305
306 io->start = 0;
307 io->len = 0;
308 }
309
310 /* Available room for adding data. */
311 static size_t
io_buffer_avail(struct io_buffer * io)312 io_buffer_avail(struct io_buffer *io)
313 {
314
315 return (io->capacity - (io->start + io->len));
316 }
317
318 static uint8_t *
io_buffer_head(struct io_buffer * io)319 io_buffer_head(struct io_buffer *io)
320 {
321
322 return (io->data + io->start);
323 }
324
325 static uint8_t *
io_buffer_tail(struct io_buffer * io)326 io_buffer_tail(struct io_buffer *io)
327 {
328
329 return (io->data + io->start + io->len);
330 }
331
332 static void
io_buffer_advance(struct io_buffer * io,size_t amount)333 io_buffer_advance(struct io_buffer *io, size_t amount)
334 {
335
336 assert(amount <= io->len);
337 io->start += amount;
338 io->len -= amount;
339 }
340
341 static void
io_buffer_consume(struct io_buffer * io,size_t amount)342 io_buffer_consume(struct io_buffer *io, size_t amount)
343 {
344
345 io_buffer_advance(io, amount);
346 if (io->len == 0) {
347 io->start = 0;
348 return;
349 }
350
351 /*
352 * XXX: Consider making this move optional and compacting on a
353 * future read() before realloc().
354 */
355 memmove(io->data, io_buffer_head(io), io->len);
356 io->start = 0;
357 }
358
359 static void
io_buffer_grow(struct io_buffer * io,size_t newsize)360 io_buffer_grow(struct io_buffer *io, size_t newsize)
361 {
362 uint8_t *new_data;
363 size_t avail, new_cap;
364
365 avail = io_buffer_avail(io);
366 if (newsize <= avail)
367 return;
368
369 new_cap = io->capacity + (newsize - avail);
370 new_data = realloc(io->data, new_cap);
371 if (new_data == NULL)
372 err(1, "Failed to grow GDB I/O buffer");
373 io->data = new_data;
374 io->capacity = new_cap;
375 }
376
377 static bool
response_pending(void)378 response_pending(void)
379 {
380
381 if (cur_resp.start == 0 && cur_resp.len == 0)
382 return (false);
383 if (cur_resp.start + cur_resp.len == 1 && cur_resp.data[0] == '+')
384 return (false);
385 return (true);
386 }
387
388 static void
close_connection(void)389 close_connection(void)
390 {
391
392 /*
393 * XXX: This triggers a warning because mevent does the close
394 * before the EV_DELETE.
395 */
396 pthread_mutex_lock(&gdb_lock);
397 mevent_delete(write_event);
398 mevent_delete_close(read_event);
399 write_event = NULL;
400 read_event = NULL;
401 io_buffer_reset(&cur_comm);
402 io_buffer_reset(&cur_resp);
403 cur_fd = -1;
404
405 remove_all_sw_breakpoints();
406
407 /* Clear any pending events. */
408 memset(vcpu_state, 0, guest_ncpus * sizeof(*vcpu_state));
409
410 /* Resume any stopped vCPUs. */
411 gdb_resume_vcpus();
412 pthread_mutex_unlock(&gdb_lock);
413 }
414
415 static uint8_t
hex_digit(uint8_t nibble)416 hex_digit(uint8_t nibble)
417 {
418
419 if (nibble <= 9)
420 return (nibble + '0');
421 else
422 return (nibble + 'a' - 10);
423 }
424
425 static uint8_t
parse_digit(uint8_t v)426 parse_digit(uint8_t v)
427 {
428
429 if (v >= '0' && v <= '9')
430 return (v - '0');
431 if (v >= 'a' && v <= 'f')
432 return (v - 'a' + 10);
433 if (v >= 'A' && v <= 'F')
434 return (v - 'A' + 10);
435 return (0xF);
436 }
437
438 /* Parses big-endian hexadecimal. */
439 static uintmax_t
parse_integer(const uint8_t * p,size_t len)440 parse_integer(const uint8_t *p, size_t len)
441 {
442 uintmax_t v;
443
444 v = 0;
445 while (len > 0) {
446 v <<= 4;
447 v |= parse_digit(*p);
448 p++;
449 len--;
450 }
451 return (v);
452 }
453
454 static uint8_t
parse_byte(const uint8_t * p)455 parse_byte(const uint8_t *p)
456 {
457
458 return (parse_digit(p[0]) << 4 | parse_digit(p[1]));
459 }
460
461 static void
send_pending_data(int fd)462 send_pending_data(int fd)
463 {
464 ssize_t nwritten;
465
466 if (cur_resp.len == 0) {
467 mevent_disable(write_event);
468 return;
469 }
470 nwritten = write(fd, io_buffer_head(&cur_resp), cur_resp.len);
471 if (nwritten == -1) {
472 warn("Write to GDB socket failed");
473 close_connection();
474 } else {
475 io_buffer_advance(&cur_resp, nwritten);
476 if (cur_resp.len == 0)
477 mevent_disable(write_event);
478 else
479 mevent_enable(write_event);
480 }
481 }
482
483 /* Append a single character to the output buffer. */
484 static void
send_char(uint8_t data)485 send_char(uint8_t data)
486 {
487 io_buffer_grow(&cur_resp, 1);
488 *io_buffer_tail(&cur_resp) = data;
489 cur_resp.len++;
490 }
491
492 /* Append an array of bytes to the output buffer. */
493 static void
send_data(const uint8_t * data,size_t len)494 send_data(const uint8_t *data, size_t len)
495 {
496
497 io_buffer_grow(&cur_resp, len);
498 memcpy(io_buffer_tail(&cur_resp), data, len);
499 cur_resp.len += len;
500 }
501
502 static void
format_byte(uint8_t v,uint8_t * buf)503 format_byte(uint8_t v, uint8_t *buf)
504 {
505
506 buf[0] = hex_digit(v >> 4);
507 buf[1] = hex_digit(v & 0xf);
508 }
509
510 /*
511 * Append a single byte (formatted as two hex characters) to the
512 * output buffer.
513 */
514 static void
send_byte(uint8_t v)515 send_byte(uint8_t v)
516 {
517 uint8_t buf[2];
518
519 format_byte(v, buf);
520 send_data(buf, sizeof(buf));
521 }
522
523 static void
start_packet(void)524 start_packet(void)
525 {
526
527 send_char('$');
528 cur_csum = 0;
529 }
530
531 static void
finish_packet(void)532 finish_packet(void)
533 {
534
535 send_char('#');
536 send_byte(cur_csum);
537 debug("-> %.*s\n", (int)cur_resp.len, io_buffer_head(&cur_resp));
538 }
539
540 /*
541 * Append a single character (for the packet payload) and update the
542 * checksum.
543 */
544 static void
append_char(uint8_t v)545 append_char(uint8_t v)
546 {
547
548 send_char(v);
549 cur_csum += v;
550 }
551
552 /*
553 * Append an array of bytes (for the packet payload) and update the
554 * checksum.
555 */
556 static void
append_packet_data(const uint8_t * data,size_t len)557 append_packet_data(const uint8_t *data, size_t len)
558 {
559
560 send_data(data, len);
561 while (len > 0) {
562 cur_csum += *data;
563 data++;
564 len--;
565 }
566 }
567
568 static void
append_string(const char * str)569 append_string(const char *str)
570 {
571
572 #ifdef __FreeBSD__
573 append_packet_data(str, strlen(str));
574 #else
575 append_packet_data((const uint8_t *)str, strlen(str));
576 #endif
577 }
578
579 static void
append_byte(uint8_t v)580 append_byte(uint8_t v)
581 {
582 uint8_t buf[2];
583
584 format_byte(v, buf);
585 append_packet_data(buf, sizeof(buf));
586 }
587
588 static void
append_unsigned_native(uintmax_t value,size_t len)589 append_unsigned_native(uintmax_t value, size_t len)
590 {
591 size_t i;
592
593 for (i = 0; i < len; i++) {
594 append_byte(value);
595 value >>= 8;
596 }
597 }
598
599 static void
append_unsigned_be(uintmax_t value,size_t len)600 append_unsigned_be(uintmax_t value, size_t len)
601 {
602 char buf[len * 2];
603 size_t i;
604
605 for (i = 0; i < len; i++) {
606 #ifdef __FreeBSD__
607 format_byte(value, buf + (len - i - 1) * 2);
608 #else
609 format_byte(value, (uint8_t *)(buf + (len - i - 1) * 2));
610 #endif
611 value >>= 8;
612 }
613 #ifdef __FreeBSD__
614 append_packet_data(buf, sizeof(buf));
615 #else
616 append_packet_data((const uint8_t *)buf, sizeof(buf));
617 #endif
618 }
619
620 static void
append_integer(unsigned int value)621 append_integer(unsigned int value)
622 {
623
624 if (value == 0)
625 append_char('0');
626 else
627 append_unsigned_be(value, (fls(value) + 7) / 8);
628 }
629
630 static void
append_asciihex(const char * str)631 append_asciihex(const char *str)
632 {
633
634 while (*str != '\0') {
635 append_byte(*str);
636 str++;
637 }
638 }
639
640 static void
send_empty_response(void)641 send_empty_response(void)
642 {
643
644 start_packet();
645 finish_packet();
646 }
647
648 static void
send_error(int error)649 send_error(int error)
650 {
651
652 start_packet();
653 append_char('E');
654 append_byte(error);
655 finish_packet();
656 }
657
658 static void
send_ok(void)659 send_ok(void)
660 {
661
662 start_packet();
663 append_string("OK");
664 finish_packet();
665 }
666
667 static int
parse_threadid(const uint8_t * data,size_t len)668 parse_threadid(const uint8_t *data, size_t len)
669 {
670
671 if (len == 1 && *data == '0')
672 return (0);
673 if (len == 2 && memcmp(data, "-1", 2) == 0)
674 return (-1);
675 if (len == 0)
676 return (-2);
677 return (parse_integer(data, len));
678 }
679
680 /*
681 * Report the current stop event to the debugger. If the stop is due
682 * to an event triggered on a specific vCPU such as a breakpoint or
683 * stepping trap, stopped_vcpu will be set to the vCPU triggering the
684 * stop. If 'set_cur_vcpu' is true, then cur_vcpu will be updated to
685 * the reporting vCPU for vCPU events.
686 */
687 static void
report_stop(bool set_cur_vcpu)688 report_stop(bool set_cur_vcpu)
689 {
690 struct vcpu_state *vs;
691
692 start_packet();
693 if (stopped_vcpu == -1) {
694 append_char('S');
695 append_byte(GDB_SIGNAL_TRAP);
696 } else {
697 vs = &vcpu_state[stopped_vcpu];
698 if (set_cur_vcpu)
699 cur_vcpu = stopped_vcpu;
700 append_char('T');
701 append_byte(GDB_SIGNAL_TRAP);
702 append_string("thread:");
703 append_integer(stopped_vcpu + 1);
704 append_char(';');
705 if (vs->hit_swbreak) {
706 debug("$vCPU %d reporting swbreak\n", stopped_vcpu);
707 if (swbreak_enabled)
708 append_string("swbreak:;");
709 } else if (vs->stepped)
710 debug("$vCPU %d reporting step\n", stopped_vcpu);
711 else
712 debug("$vCPU %d reporting ???\n", stopped_vcpu);
713 }
714 finish_packet();
715 report_next_stop = false;
716 }
717
718 /*
719 * If this stop is due to a vCPU event, clear that event to mark it as
720 * acknowledged.
721 */
722 static void
discard_stop(void)723 discard_stop(void)
724 {
725 struct vcpu_state *vs;
726
727 if (stopped_vcpu != -1) {
728 vs = &vcpu_state[stopped_vcpu];
729 vs->hit_swbreak = false;
730 vs->stepped = false;
731 stopped_vcpu = -1;
732 }
733 report_next_stop = true;
734 }
735
736 static void
gdb_finish_suspend_vcpus(void)737 gdb_finish_suspend_vcpus(void)
738 {
739
740 if (first_stop) {
741 first_stop = false;
742 stopped_vcpu = -1;
743 } else if (report_next_stop) {
744 assert(!response_pending());
745 report_stop(true);
746 send_pending_data(cur_fd);
747 }
748 }
749
750 /*
751 * vCPU threads invoke this function whenever the vCPU enters the
752 * debug server to pause or report an event. vCPU threads wait here
753 * as long as the debug server keeps them suspended.
754 */
755 static void
_gdb_cpu_suspend(struct vcpu * vcpu,bool report_stop)756 _gdb_cpu_suspend(struct vcpu *vcpu, bool report_stop)
757 {
758 int vcpuid = vcpu_id(vcpu);
759
760 debug("$vCPU %d suspending\n", vcpuid);
761 CPU_SET(vcpuid, &vcpus_waiting);
762 if (report_stop && CPU_CMP(&vcpus_waiting, &vcpus_suspended) == 0)
763 gdb_finish_suspend_vcpus();
764 while (CPU_ISSET(vcpuid, &vcpus_suspended))
765 pthread_cond_wait(&idle_vcpus, &gdb_lock);
766 CPU_CLR(vcpuid, &vcpus_waiting);
767 debug("$vCPU %d resuming\n", vcpuid);
768 }
769
770 /*
771 * Invoked at the start of a vCPU thread's execution to inform the
772 * debug server about the new thread.
773 */
774 void
gdb_cpu_add(struct vcpu * vcpu)775 gdb_cpu_add(struct vcpu *vcpu)
776 {
777 int vcpuid;
778
779 if (!gdb_active)
780 return;
781 vcpuid = vcpu_id(vcpu);
782 debug("$vCPU %d starting\n", vcpuid);
783 pthread_mutex_lock(&gdb_lock);
784 assert(vcpuid < guest_ncpus);
785 assert(vcpus[vcpuid] == NULL);
786 vcpus[vcpuid] = vcpu;
787 CPU_SET(vcpuid, &vcpus_active);
788 if (!TAILQ_EMPTY(&breakpoints)) {
789 vm_set_capability(vcpu, VM_CAP_BPT_EXIT, 1);
790 debug("$vCPU %d enabled breakpoint exits\n", vcpu);
791 }
792
793 /*
794 * If a vcpu is added while vcpus are stopped, suspend the new
795 * vcpu so that it will pop back out with a debug exit before
796 * executing the first instruction.
797 */
798 if (!CPU_EMPTY(&vcpus_suspended)) {
799 CPU_SET(vcpuid, &vcpus_suspended);
800 _gdb_cpu_suspend(vcpu, false);
801 }
802 pthread_mutex_unlock(&gdb_lock);
803 }
804
805 /*
806 * Invoked by vCPU before resuming execution. This enables stepping
807 * if the vCPU is marked as stepping.
808 */
809 static void
gdb_cpu_resume(struct vcpu * vcpu)810 gdb_cpu_resume(struct vcpu *vcpu)
811 {
812 struct vcpu_state *vs;
813 int error;
814
815 vs = &vcpu_state[vcpu_id(vcpu)];
816
817 /*
818 * Any pending event should already be reported before
819 * resuming.
820 */
821 assert(vs->hit_swbreak == false);
822 assert(vs->stepped == false);
823 if (vs->stepping) {
824 error = vm_set_capability(vcpu, VM_CAP_MTRAP_EXIT, 1);
825 assert(error == 0);
826 }
827 }
828
829 /*
830 * Handler for VM_EXITCODE_DEBUG used to suspend a vCPU when the guest
831 * has been suspended due to an event on different vCPU or in response
832 * to a guest-wide suspend such as Ctrl-C or the stop on attach.
833 */
834 void
gdb_cpu_suspend(struct vcpu * vcpu)835 gdb_cpu_suspend(struct vcpu *vcpu)
836 {
837
838 if (!gdb_active)
839 return;
840 pthread_mutex_lock(&gdb_lock);
841 _gdb_cpu_suspend(vcpu, true);
842 gdb_cpu_resume(vcpu);
843 pthread_mutex_unlock(&gdb_lock);
844 }
845
846 static void
gdb_suspend_vcpus(void)847 gdb_suspend_vcpus(void)
848 {
849
850 assert(pthread_mutex_isowned_np(&gdb_lock));
851 debug("suspending all CPUs\n");
852 vcpus_suspended = vcpus_active;
853 vm_suspend_all_cpus(ctx);
854 if (CPU_CMP(&vcpus_waiting, &vcpus_suspended) == 0)
855 gdb_finish_suspend_vcpus();
856 }
857
858 /*
859 * Handler for VM_EXITCODE_MTRAP reported when a vCPU single-steps via
860 * the VT-x-specific MTRAP exit.
861 */
862 void
gdb_cpu_mtrap(struct vcpu * vcpu)863 gdb_cpu_mtrap(struct vcpu *vcpu)
864 {
865 struct vcpu_state *vs;
866 int vcpuid;
867
868 if (!gdb_active)
869 return;
870 vcpuid = vcpu_id(vcpu);
871 debug("$vCPU %d MTRAP\n", vcpuid);
872 pthread_mutex_lock(&gdb_lock);
873 vs = &vcpu_state[vcpuid];
874 if (vs->stepping) {
875 vs->stepping = false;
876 vs->stepped = true;
877 vm_set_capability(vcpu, VM_CAP_MTRAP_EXIT, 0);
878 while (vs->stepped) {
879 if (stopped_vcpu == -1) {
880 debug("$vCPU %d reporting step\n", vcpuid);
881 stopped_vcpu = vcpuid;
882 gdb_suspend_vcpus();
883 }
884 _gdb_cpu_suspend(vcpu, true);
885 }
886 gdb_cpu_resume(vcpu);
887 }
888 pthread_mutex_unlock(&gdb_lock);
889 }
890
891 static struct breakpoint *
find_breakpoint(uint64_t gpa)892 find_breakpoint(uint64_t gpa)
893 {
894 struct breakpoint *bp;
895
896 TAILQ_FOREACH(bp, &breakpoints, link) {
897 if (bp->gpa == gpa)
898 return (bp);
899 }
900 return (NULL);
901 }
902
903 void
gdb_cpu_breakpoint(struct vcpu * vcpu,struct vm_exit * vmexit)904 gdb_cpu_breakpoint(struct vcpu *vcpu, struct vm_exit *vmexit)
905 {
906 struct breakpoint *bp;
907 struct vcpu_state *vs;
908 uint64_t gpa;
909 int error, vcpuid;
910
911 if (!gdb_active) {
912 fprintf(stderr, "vm_loop: unexpected VMEXIT_DEBUG\n");
913 exit(4);
914 }
915 vcpuid = vcpu_id(vcpu);
916 pthread_mutex_lock(&gdb_lock);
917 error = guest_vaddr2paddr(vcpu, vmexit->rip, &gpa);
918 assert(error == 1);
919 bp = find_breakpoint(gpa);
920 if (bp != NULL) {
921 vs = &vcpu_state[vcpuid];
922 assert(vs->stepping == false);
923 assert(vs->stepped == false);
924 assert(vs->hit_swbreak == false);
925 vs->hit_swbreak = true;
926 vm_set_register(vcpu, VM_REG_GUEST_RIP, vmexit->rip);
927 for (;;) {
928 if (stopped_vcpu == -1) {
929 debug("$vCPU %d reporting breakpoint at rip %#lx\n",
930 vcpuid, vmexit->rip);
931 stopped_vcpu = vcpuid;
932 gdb_suspend_vcpus();
933 }
934 _gdb_cpu_suspend(vcpu, true);
935 if (!vs->hit_swbreak) {
936 /* Breakpoint reported. */
937 break;
938 }
939 bp = find_breakpoint(gpa);
940 if (bp == NULL) {
941 /* Breakpoint was removed. */
942 vs->hit_swbreak = false;
943 break;
944 }
945 }
946 gdb_cpu_resume(vcpu);
947 } else {
948 debug("$vCPU %d injecting breakpoint at rip %#lx\n", vcpuid,
949 vmexit->rip);
950 error = vm_set_register(vcpu, VM_REG_GUEST_ENTRY_INST_LENGTH,
951 vmexit->u.bpt.inst_length);
952 assert(error == 0);
953 error = vm_inject_exception(vcpu, IDT_BP, 0, 0, 0);
954 assert(error == 0);
955 }
956 pthread_mutex_unlock(&gdb_lock);
957 }
958
959 static bool
gdb_step_vcpu(struct vcpu * vcpu)960 gdb_step_vcpu(struct vcpu *vcpu)
961 {
962 int error, val, vcpuid;
963
964 vcpuid = vcpu_id(vcpu);
965 debug("$vCPU %d step\n", vcpuid);
966 error = vm_get_capability(vcpu, VM_CAP_MTRAP_EXIT, &val);
967 if (error < 0)
968 return (false);
969
970 discard_stop();
971 vcpu_state[vcpuid].stepping = true;
972 vm_resume_cpu(vcpu);
973 CPU_CLR(vcpuid, &vcpus_suspended);
974 pthread_cond_broadcast(&idle_vcpus);
975 return (true);
976 }
977
978 static void
gdb_resume_vcpus(void)979 gdb_resume_vcpus(void)
980 {
981
982 assert(pthread_mutex_isowned_np(&gdb_lock));
983 vm_resume_all_cpus(ctx);
984 debug("resuming all CPUs\n");
985 CPU_ZERO(&vcpus_suspended);
986 pthread_cond_broadcast(&idle_vcpus);
987 }
988
989 static void
gdb_read_regs(void)990 gdb_read_regs(void)
991 {
992 uint64_t regvals[nitems(gdb_regset)];
993
994 if (vm_get_register_set(vcpus[cur_vcpu], nitems(gdb_regset),
995 gdb_regset, regvals) == -1) {
996 send_error(errno);
997 return;
998 }
999 start_packet();
1000 for (size_t i = 0; i < nitems(regvals); i++)
1001 append_unsigned_native(regvals[i], gdb_regsize[i]);
1002 finish_packet();
1003 }
1004
1005 static void
gdb_read_mem(const uint8_t * data,size_t len)1006 gdb_read_mem(const uint8_t *data, size_t len)
1007 {
1008 uint64_t gpa, gva, val;
1009 uint8_t *cp;
1010 size_t resid, todo, bytes;
1011 bool started;
1012 int error;
1013
1014 /* Skip 'm' */
1015 data += 1;
1016 len -= 1;
1017
1018 /* Parse and consume address. */
1019 cp = memchr(data, ',', len);
1020 if (cp == NULL || cp == data) {
1021 send_error(EINVAL);
1022 return;
1023 }
1024 gva = parse_integer(data, cp - data);
1025 len -= (cp - data) + 1;
1026 data += (cp - data) + 1;
1027
1028 /* Parse length. */
1029 resid = parse_integer(data, len);
1030
1031 started = false;
1032 while (resid > 0) {
1033 error = guest_vaddr2paddr(vcpus[cur_vcpu], gva, &gpa);
1034 if (error == -1) {
1035 if (started)
1036 finish_packet();
1037 else
1038 send_error(errno);
1039 return;
1040 }
1041 if (error == 0) {
1042 if (started)
1043 finish_packet();
1044 else
1045 send_error(EFAULT);
1046 return;
1047 }
1048
1049 /* Read bytes from current page. */
1050 todo = getpagesize() - gpa % getpagesize();
1051 if (todo > resid)
1052 todo = resid;
1053
1054 cp = paddr_guest2host(ctx, gpa, todo);
1055 if (cp != NULL) {
1056 /*
1057 * If this page is guest RAM, read it a byte
1058 * at a time.
1059 */
1060 if (!started) {
1061 start_packet();
1062 started = true;
1063 }
1064 while (todo > 0) {
1065 append_byte(*cp);
1066 cp++;
1067 gpa++;
1068 gva++;
1069 resid--;
1070 todo--;
1071 }
1072 } else {
1073 /*
1074 * If this page isn't guest RAM, try to handle
1075 * it via MMIO. For MMIO requests, use
1076 * aligned reads of words when possible.
1077 */
1078 while (todo > 0) {
1079 if (gpa & 1 || todo == 1)
1080 bytes = 1;
1081 else if (gpa & 2 || todo == 2)
1082 bytes = 2;
1083 else
1084 bytes = 4;
1085 error = read_mem(vcpus[cur_vcpu], gpa, &val,
1086 bytes);
1087 if (error == 0) {
1088 if (!started) {
1089 start_packet();
1090 started = true;
1091 }
1092 gpa += bytes;
1093 gva += bytes;
1094 resid -= bytes;
1095 todo -= bytes;
1096 while (bytes > 0) {
1097 append_byte(val);
1098 val >>= 8;
1099 bytes--;
1100 }
1101 } else {
1102 if (started)
1103 finish_packet();
1104 else
1105 send_error(EFAULT);
1106 return;
1107 }
1108 }
1109 }
1110 assert(resid == 0 || gpa % getpagesize() == 0);
1111 }
1112 if (!started)
1113 start_packet();
1114 finish_packet();
1115 }
1116
1117 static void
gdb_write_mem(const uint8_t * data,size_t len)1118 gdb_write_mem(const uint8_t *data, size_t len)
1119 {
1120 uint64_t gpa, gva, val;
1121 uint8_t *cp;
1122 size_t resid, todo, bytes;
1123 int error;
1124
1125 /* Skip 'M' */
1126 data += 1;
1127 len -= 1;
1128
1129 /* Parse and consume address. */
1130 cp = memchr(data, ',', len);
1131 if (cp == NULL || cp == data) {
1132 send_error(EINVAL);
1133 return;
1134 }
1135 gva = parse_integer(data, cp - data);
1136 len -= (cp - data) + 1;
1137 data += (cp - data) + 1;
1138
1139 /* Parse and consume length. */
1140 cp = memchr(data, ':', len);
1141 if (cp == NULL || cp == data) {
1142 send_error(EINVAL);
1143 return;
1144 }
1145 resid = parse_integer(data, cp - data);
1146 len -= (cp - data) + 1;
1147 data += (cp - data) + 1;
1148
1149 /* Verify the available bytes match the length. */
1150 if (len != resid * 2) {
1151 send_error(EINVAL);
1152 return;
1153 }
1154
1155 while (resid > 0) {
1156 error = guest_vaddr2paddr(vcpus[cur_vcpu], gva, &gpa);
1157 if (error == -1) {
1158 send_error(errno);
1159 return;
1160 }
1161 if (error == 0) {
1162 send_error(EFAULT);
1163 return;
1164 }
1165
1166 /* Write bytes to current page. */
1167 todo = getpagesize() - gpa % getpagesize();
1168 if (todo > resid)
1169 todo = resid;
1170
1171 cp = paddr_guest2host(ctx, gpa, todo);
1172 if (cp != NULL) {
1173 /*
1174 * If this page is guest RAM, write it a byte
1175 * at a time.
1176 */
1177 while (todo > 0) {
1178 assert(len >= 2);
1179 *cp = parse_byte(data);
1180 data += 2;
1181 len -= 2;
1182 cp++;
1183 gpa++;
1184 gva++;
1185 resid--;
1186 todo--;
1187 }
1188 } else {
1189 /*
1190 * If this page isn't guest RAM, try to handle
1191 * it via MMIO. For MMIO requests, use
1192 * aligned writes of words when possible.
1193 */
1194 while (todo > 0) {
1195 if (gpa & 1 || todo == 1) {
1196 bytes = 1;
1197 val = parse_byte(data);
1198 } else if (gpa & 2 || todo == 2) {
1199 bytes = 2;
1200 val = be16toh(parse_integer(data, 4));
1201 } else {
1202 bytes = 4;
1203 val = be32toh(parse_integer(data, 8));
1204 }
1205 error = write_mem(vcpus[cur_vcpu], gpa, val,
1206 bytes);
1207 if (error == 0) {
1208 gpa += bytes;
1209 gva += bytes;
1210 resid -= bytes;
1211 todo -= bytes;
1212 data += 2 * bytes;
1213 len -= 2 * bytes;
1214 } else {
1215 send_error(EFAULT);
1216 return;
1217 }
1218 }
1219 }
1220 assert(resid == 0 || gpa % getpagesize() == 0);
1221 }
1222 assert(len == 0);
1223 send_ok();
1224 }
1225
1226 static bool
set_breakpoint_caps(bool enable)1227 set_breakpoint_caps(bool enable)
1228 {
1229 cpuset_t mask;
1230 int vcpu;
1231
1232 mask = vcpus_active;
1233 while (!CPU_EMPTY(&mask)) {
1234 vcpu = CPU_FFS(&mask) - 1;
1235 CPU_CLR(vcpu, &mask);
1236 if (vm_set_capability(vcpus[vcpu], VM_CAP_BPT_EXIT,
1237 enable ? 1 : 0) < 0)
1238 return (false);
1239 debug("$vCPU %d %sabled breakpoint exits\n", vcpu,
1240 enable ? "en" : "dis");
1241 }
1242 return (true);
1243 }
1244
1245 static void
remove_all_sw_breakpoints(void)1246 remove_all_sw_breakpoints(void)
1247 {
1248 struct breakpoint *bp, *nbp;
1249 uint8_t *cp;
1250
1251 if (TAILQ_EMPTY(&breakpoints))
1252 return;
1253
1254 TAILQ_FOREACH_SAFE(bp, &breakpoints, link, nbp) {
1255 debug("remove breakpoint at %#lx\n", bp->gpa);
1256 cp = paddr_guest2host(ctx, bp->gpa, 1);
1257 *cp = bp->shadow_inst;
1258 TAILQ_REMOVE(&breakpoints, bp, link);
1259 free(bp);
1260 }
1261 TAILQ_INIT(&breakpoints);
1262 set_breakpoint_caps(false);
1263 }
1264
1265 static void
update_sw_breakpoint(uint64_t gva,int kind,bool insert)1266 update_sw_breakpoint(uint64_t gva, int kind, bool insert)
1267 {
1268 struct breakpoint *bp;
1269 uint64_t gpa;
1270 uint8_t *cp;
1271 int error;
1272
1273 if (kind != 1) {
1274 send_error(EINVAL);
1275 return;
1276 }
1277
1278 error = guest_vaddr2paddr(vcpus[cur_vcpu], gva, &gpa);
1279 if (error == -1) {
1280 send_error(errno);
1281 return;
1282 }
1283 if (error == 0) {
1284 send_error(EFAULT);
1285 return;
1286 }
1287
1288 cp = paddr_guest2host(ctx, gpa, 1);
1289
1290 /* Only permit breakpoints in guest RAM. */
1291 if (cp == NULL) {
1292 send_error(EFAULT);
1293 return;
1294 }
1295
1296 /* Find any existing breakpoint. */
1297 bp = find_breakpoint(gpa);
1298
1299 /*
1300 * Silently ignore duplicate commands since the protocol
1301 * requires these packets to be idempotent.
1302 */
1303 if (insert) {
1304 if (bp == NULL) {
1305 if (TAILQ_EMPTY(&breakpoints) &&
1306 !set_breakpoint_caps(true)) {
1307 send_empty_response();
1308 return;
1309 }
1310 bp = malloc(sizeof(*bp));
1311 bp->gpa = gpa;
1312 bp->shadow_inst = *cp;
1313 *cp = 0xcc; /* INT 3 */
1314 TAILQ_INSERT_TAIL(&breakpoints, bp, link);
1315 debug("new breakpoint at %#lx\n", gpa);
1316 }
1317 } else {
1318 if (bp != NULL) {
1319 debug("remove breakpoint at %#lx\n", gpa);
1320 *cp = bp->shadow_inst;
1321 TAILQ_REMOVE(&breakpoints, bp, link);
1322 free(bp);
1323 if (TAILQ_EMPTY(&breakpoints))
1324 set_breakpoint_caps(false);
1325 }
1326 }
1327 send_ok();
1328 }
1329
1330 static void
parse_breakpoint(const uint8_t * data,size_t len)1331 parse_breakpoint(const uint8_t *data, size_t len)
1332 {
1333 uint64_t gva;
1334 uint8_t *cp;
1335 bool insert;
1336 int kind, type;
1337
1338 insert = data[0] == 'Z';
1339
1340 /* Skip 'Z/z' */
1341 data += 1;
1342 len -= 1;
1343
1344 /* Parse and consume type. */
1345 cp = memchr(data, ',', len);
1346 if (cp == NULL || cp == data) {
1347 send_error(EINVAL);
1348 return;
1349 }
1350 type = parse_integer(data, cp - data);
1351 len -= (cp - data) + 1;
1352 data += (cp - data) + 1;
1353
1354 /* Parse and consume address. */
1355 cp = memchr(data, ',', len);
1356 if (cp == NULL || cp == data) {
1357 send_error(EINVAL);
1358 return;
1359 }
1360 gva = parse_integer(data, cp - data);
1361 len -= (cp - data) + 1;
1362 data += (cp - data) + 1;
1363
1364 /* Parse and consume kind. */
1365 cp = memchr(data, ';', len);
1366 if (cp == data) {
1367 send_error(EINVAL);
1368 return;
1369 }
1370 if (cp != NULL) {
1371 /*
1372 * We do not advertise support for either the
1373 * ConditionalBreakpoints or BreakpointCommands
1374 * features, so we should not be getting conditions or
1375 * commands from the remote end.
1376 */
1377 send_empty_response();
1378 return;
1379 }
1380 kind = parse_integer(data, len);
1381 data += len;
1382 len = 0;
1383
1384 switch (type) {
1385 case 0:
1386 update_sw_breakpoint(gva, kind, insert);
1387 break;
1388 default:
1389 send_empty_response();
1390 break;
1391 }
1392 }
1393
1394 static bool
command_equals(const uint8_t * data,size_t len,const char * cmd)1395 command_equals(const uint8_t *data, size_t len, const char *cmd)
1396 {
1397
1398 if (strlen(cmd) > len)
1399 return (false);
1400 return (memcmp(data, cmd, strlen(cmd)) == 0);
1401 }
1402
1403 static void
check_features(const uint8_t * data,size_t len)1404 check_features(const uint8_t *data, size_t len)
1405 {
1406 char *feature, *next_feature, *str, *value;
1407 bool supported;
1408
1409 str = malloc(len + 1);
1410 memcpy(str, data, len);
1411 str[len] = '\0';
1412 next_feature = str;
1413
1414 while ((feature = strsep(&next_feature, ";")) != NULL) {
1415 /*
1416 * Null features shouldn't exist, but skip if they
1417 * do.
1418 */
1419 if (strcmp(feature, "") == 0)
1420 continue;
1421
1422 /*
1423 * Look for the value or supported / not supported
1424 * flag.
1425 */
1426 value = strchr(feature, '=');
1427 if (value != NULL) {
1428 *value = '\0';
1429 value++;
1430 supported = true;
1431 } else {
1432 value = feature + strlen(feature) - 1;
1433 switch (*value) {
1434 case '+':
1435 supported = true;
1436 break;
1437 case '-':
1438 supported = false;
1439 break;
1440 default:
1441 /*
1442 * This is really a protocol error,
1443 * but we just ignore malformed
1444 * features for ease of
1445 * implementation.
1446 */
1447 continue;
1448 }
1449 value = NULL;
1450 }
1451
1452 if (strcmp(feature, "swbreak") == 0)
1453 swbreak_enabled = supported;
1454
1455 #ifndef __FreeBSD__
1456 /*
1457 * The compiler dislikes 'supported' being set but never used.
1458 * Make it happy here.
1459 */
1460 if (supported) {
1461 debug("feature '%s' supported\n", feature);
1462 }
1463 #endif /* __FreeBSD__ */
1464 }
1465 free(str);
1466
1467 start_packet();
1468
1469 /* This is an arbitrary limit. */
1470 append_string("PacketSize=4096");
1471 append_string(";swbreak+");
1472 finish_packet();
1473 }
1474
1475 static void
gdb_query(const uint8_t * data,size_t len)1476 gdb_query(const uint8_t *data, size_t len)
1477 {
1478
1479 /*
1480 * TODO:
1481 * - qSearch
1482 */
1483 if (command_equals(data, len, "qAttached")) {
1484 start_packet();
1485 append_char('1');
1486 finish_packet();
1487 } else if (command_equals(data, len, "qC")) {
1488 start_packet();
1489 append_string("QC");
1490 append_integer(cur_vcpu + 1);
1491 finish_packet();
1492 } else if (command_equals(data, len, "qfThreadInfo")) {
1493 cpuset_t mask;
1494 bool first;
1495 int vcpu;
1496
1497 if (CPU_EMPTY(&vcpus_active)) {
1498 send_error(EINVAL);
1499 return;
1500 }
1501 mask = vcpus_active;
1502 start_packet();
1503 append_char('m');
1504 first = true;
1505 while (!CPU_EMPTY(&mask)) {
1506 vcpu = CPU_FFS(&mask) - 1;
1507 CPU_CLR(vcpu, &mask);
1508 if (first)
1509 first = false;
1510 else
1511 append_char(',');
1512 append_integer(vcpu + 1);
1513 }
1514 finish_packet();
1515 } else if (command_equals(data, len, "qsThreadInfo")) {
1516 start_packet();
1517 append_char('l');
1518 finish_packet();
1519 } else if (command_equals(data, len, "qSupported")) {
1520 data += strlen("qSupported");
1521 len -= strlen("qSupported");
1522 check_features(data, len);
1523 } else if (command_equals(data, len, "qThreadExtraInfo")) {
1524 char buf[16];
1525 int tid;
1526
1527 data += strlen("qThreadExtraInfo");
1528 len -= strlen("qThreadExtraInfo");
1529 if (*data != ',') {
1530 send_error(EINVAL);
1531 return;
1532 }
1533 tid = parse_threadid(data + 1, len - 1);
1534 if (tid <= 0 || !CPU_ISSET(tid - 1, &vcpus_active)) {
1535 send_error(EINVAL);
1536 return;
1537 }
1538
1539 snprintf(buf, sizeof(buf), "vCPU %d", tid - 1);
1540 start_packet();
1541 append_asciihex(buf);
1542 finish_packet();
1543 } else
1544 send_empty_response();
1545 }
1546
1547 static void
handle_command(const uint8_t * data,size_t len)1548 handle_command(const uint8_t *data, size_t len)
1549 {
1550
1551 /* Reject packets with a sequence-id. */
1552 if (len >= 3 && data[0] >= '0' && data[0] <= '9' &&
1553 data[0] >= '0' && data[0] <= '9' && data[2] == ':') {
1554 send_empty_response();
1555 return;
1556 }
1557
1558 switch (*data) {
1559 case 'c':
1560 if (len != 1) {
1561 send_error(EINVAL);
1562 break;
1563 }
1564
1565 discard_stop();
1566 gdb_resume_vcpus();
1567 break;
1568 case 'D':
1569 send_ok();
1570
1571 /* TODO: Resume any stopped CPUs. */
1572 break;
1573 case 'g': {
1574 gdb_read_regs();
1575 break;
1576 }
1577 case 'H': {
1578 int tid;
1579
1580 if (data[1] != 'g' && data[1] != 'c') {
1581 send_error(EINVAL);
1582 break;
1583 }
1584 tid = parse_threadid(data + 2, len - 2);
1585 if (tid == -2) {
1586 send_error(EINVAL);
1587 break;
1588 }
1589
1590 if (CPU_EMPTY(&vcpus_active)) {
1591 send_error(EINVAL);
1592 break;
1593 }
1594 if (tid == -1 || tid == 0)
1595 cur_vcpu = CPU_FFS(&vcpus_active) - 1;
1596 else if (CPU_ISSET(tid - 1, &vcpus_active))
1597 cur_vcpu = tid - 1;
1598 else {
1599 send_error(EINVAL);
1600 break;
1601 }
1602 send_ok();
1603 break;
1604 }
1605 case 'm':
1606 gdb_read_mem(data, len);
1607 break;
1608 case 'M':
1609 gdb_write_mem(data, len);
1610 break;
1611 case 'T': {
1612 int tid;
1613
1614 tid = parse_threadid(data + 1, len - 1);
1615 if (tid <= 0 || !CPU_ISSET(tid - 1, &vcpus_active)) {
1616 send_error(EINVAL);
1617 return;
1618 }
1619 send_ok();
1620 break;
1621 }
1622 case 'q':
1623 gdb_query(data, len);
1624 break;
1625 case 's':
1626 if (len != 1) {
1627 send_error(EINVAL);
1628 break;
1629 }
1630
1631 /* Don't send a reply until a stop occurs. */
1632 if (!gdb_step_vcpu(vcpus[cur_vcpu])) {
1633 send_error(EOPNOTSUPP);
1634 break;
1635 }
1636 break;
1637 case 'z':
1638 case 'Z':
1639 parse_breakpoint(data, len);
1640 break;
1641 case '?':
1642 report_stop(false);
1643 break;
1644 case 'G': /* TODO */
1645 case 'v':
1646 /* Handle 'vCont' */
1647 /* 'vCtrlC' */
1648 case 'p': /* TODO */
1649 case 'P': /* TODO */
1650 case 'Q': /* TODO */
1651 case 't': /* TODO */
1652 case 'X': /* TODO */
1653 default:
1654 send_empty_response();
1655 }
1656 }
1657
1658 /* Check for a valid packet in the command buffer. */
1659 static void
check_command(int fd)1660 check_command(int fd)
1661 {
1662 uint8_t *head, *hash, *p, sum;
1663 size_t avail, plen;
1664
1665 for (;;) {
1666 avail = cur_comm.len;
1667 if (avail == 0)
1668 return;
1669 head = io_buffer_head(&cur_comm);
1670 switch (*head) {
1671 case 0x03:
1672 debug("<- Ctrl-C\n");
1673 io_buffer_consume(&cur_comm, 1);
1674
1675 gdb_suspend_vcpus();
1676 break;
1677 case '+':
1678 /* ACK of previous response. */
1679 debug("<- +\n");
1680 if (response_pending())
1681 io_buffer_reset(&cur_resp);
1682 io_buffer_consume(&cur_comm, 1);
1683 if (stopped_vcpu != -1 && report_next_stop) {
1684 report_stop(true);
1685 send_pending_data(fd);
1686 }
1687 break;
1688 case '-':
1689 /* NACK of previous response. */
1690 debug("<- -\n");
1691 if (response_pending()) {
1692 cur_resp.len += cur_resp.start;
1693 cur_resp.start = 0;
1694 if (cur_resp.data[0] == '+')
1695 io_buffer_advance(&cur_resp, 1);
1696 debug("-> %.*s\n", (int)cur_resp.len,
1697 io_buffer_head(&cur_resp));
1698 }
1699 io_buffer_consume(&cur_comm, 1);
1700 send_pending_data(fd);
1701 break;
1702 case '$':
1703 /* Packet. */
1704
1705 if (response_pending()) {
1706 warnx("New GDB command while response in "
1707 "progress");
1708 io_buffer_reset(&cur_resp);
1709 }
1710
1711 /* Is packet complete? */
1712 hash = memchr(head, '#', avail);
1713 if (hash == NULL)
1714 return;
1715 plen = (hash - head + 1) + 2;
1716 if (avail < plen)
1717 return;
1718 debug("<- %.*s\n", (int)plen, head);
1719
1720 /* Verify checksum. */
1721 for (sum = 0, p = head + 1; p < hash; p++)
1722 sum += *p;
1723 if (sum != parse_byte(hash + 1)) {
1724 io_buffer_consume(&cur_comm, plen);
1725 debug("-> -\n");
1726 send_char('-');
1727 send_pending_data(fd);
1728 break;
1729 }
1730 send_char('+');
1731
1732 handle_command(head + 1, hash - (head + 1));
1733 io_buffer_consume(&cur_comm, plen);
1734 if (!response_pending()) {
1735 debug("-> +\n");
1736 }
1737 send_pending_data(fd);
1738 break;
1739 default:
1740 /* XXX: Possibly drop connection instead. */
1741 debug("-> %02x\n", *head);
1742 io_buffer_consume(&cur_comm, 1);
1743 break;
1744 }
1745 }
1746 }
1747
1748 static void
gdb_readable(int fd,enum ev_type event __unused,void * arg __unused)1749 gdb_readable(int fd, enum ev_type event __unused, void *arg __unused)
1750 {
1751 size_t pending;
1752 ssize_t nread;
1753 int n;
1754
1755 if (ioctl(fd, FIONREAD, &n) == -1) {
1756 warn("FIONREAD on GDB socket");
1757 return;
1758 }
1759 assert(n >= 0);
1760 pending = n;
1761
1762 /*
1763 * 'pending' might be zero due to EOF. We need to call read
1764 * with a non-zero length to detect EOF.
1765 */
1766 if (pending == 0)
1767 pending = 1;
1768
1769 /* Ensure there is room in the command buffer. */
1770 io_buffer_grow(&cur_comm, pending);
1771 assert(io_buffer_avail(&cur_comm) >= pending);
1772
1773 nread = read(fd, io_buffer_tail(&cur_comm), io_buffer_avail(&cur_comm));
1774 if (nread == 0) {
1775 close_connection();
1776 } else if (nread == -1) {
1777 if (errno == EAGAIN)
1778 return;
1779
1780 warn("Read from GDB socket");
1781 close_connection();
1782 } else {
1783 cur_comm.len += nread;
1784 pthread_mutex_lock(&gdb_lock);
1785 check_command(fd);
1786 pthread_mutex_unlock(&gdb_lock);
1787 }
1788 }
1789
1790 static void
gdb_writable(int fd,enum ev_type event __unused,void * arg __unused)1791 gdb_writable(int fd, enum ev_type event __unused, void *arg __unused)
1792 {
1793
1794 send_pending_data(fd);
1795 }
1796
1797 static void
new_connection(int fd,enum ev_type event __unused,void * arg)1798 new_connection(int fd, enum ev_type event __unused, void *arg)
1799 {
1800 int optval, s;
1801
1802 s = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
1803 if (s == -1) {
1804 if (arg != NULL)
1805 err(1, "Failed accepting initial GDB connection");
1806
1807 /* Silently ignore errors post-startup. */
1808 return;
1809 }
1810
1811 optval = 1;
1812 if (setsockopt(s, SOL_SOCKET, SO_NOSIGPIPE, &optval, sizeof(optval)) ==
1813 -1) {
1814 warn("Failed to disable SIGPIPE for GDB connection");
1815 close(s);
1816 return;
1817 }
1818
1819 pthread_mutex_lock(&gdb_lock);
1820 if (cur_fd != -1) {
1821 close(s);
1822 warnx("Ignoring additional GDB connection.");
1823 }
1824
1825 read_event = mevent_add(s, EVF_READ, gdb_readable, NULL);
1826 if (read_event == NULL) {
1827 if (arg != NULL)
1828 err(1, "Failed to setup initial GDB connection");
1829 pthread_mutex_unlock(&gdb_lock);
1830 return;
1831 }
1832 write_event = mevent_add(s, EVF_WRITE, gdb_writable, NULL);
1833 if (write_event == NULL) {
1834 if (arg != NULL)
1835 err(1, "Failed to setup initial GDB connection");
1836 mevent_delete_close(read_event);
1837 read_event = NULL;
1838 }
1839
1840 cur_fd = s;
1841 cur_vcpu = 0;
1842 stopped_vcpu = -1;
1843
1844 /* Break on attach. */
1845 first_stop = true;
1846 report_next_stop = false;
1847 gdb_suspend_vcpus();
1848 pthread_mutex_unlock(&gdb_lock);
1849 }
1850
1851 #ifndef WITHOUT_CAPSICUM
1852 static void
limit_gdb_socket(int s)1853 limit_gdb_socket(int s)
1854 {
1855 cap_rights_t rights;
1856 unsigned long ioctls[] = { FIONREAD };
1857
1858 cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE,
1859 CAP_SETSOCKOPT, CAP_IOCTL);
1860 if (caph_rights_limit(s, &rights) == -1)
1861 errx(EX_OSERR, "Unable to apply rights for sandbox");
1862 if (caph_ioctls_limit(s, ioctls, nitems(ioctls)) == -1)
1863 errx(EX_OSERR, "Unable to apply rights for sandbox");
1864 }
1865 #endif
1866
1867
1868 #ifndef __FreeBSD__
1869 /*
1870 * Equivalent to init_gdb() below, but without configuring the listening socket.
1871 * This will allow the bhyve process to tolerate mdb attaching/detaching from
1872 * the instance while it is running.
1873 */
1874 void
init_mdb(struct vmctx * _ctx)1875 init_mdb(struct vmctx *_ctx)
1876 {
1877 int error;
1878 bool wait;
1879
1880 wait = get_config_bool_default("gdb.wait", false);
1881
1882 error = pthread_mutex_init(&gdb_lock, NULL);
1883 if (error != 0)
1884 errc(1, error, "gdb mutex init");
1885 error = pthread_cond_init(&idle_vcpus, NULL);
1886 if (error != 0)
1887 errc(1, error, "gdb cv init");
1888
1889 ctx = _ctx;
1890 stopped_vcpu = -1;
1891 TAILQ_INIT(&breakpoints);
1892 vcpu_state = calloc(guest_ncpus, sizeof(*vcpu_state));
1893 if (wait) {
1894 /*
1895 * Set vcpu 0 in vcpus_suspended. This will trigger the
1896 * logic in gdb_cpu_add() to suspend the first vcpu before
1897 * it starts execution. The vcpu will remain suspended
1898 * until a debugger connects.
1899 */
1900 CPU_SET(0, &vcpus_suspended);
1901 stopped_vcpu = 0;
1902 }
1903 }
1904 #endif
1905
1906 void
init_gdb(struct vmctx * _ctx)1907 init_gdb(struct vmctx *_ctx)
1908 {
1909 int error, flags, optval, s;
1910 struct addrinfo hints;
1911 struct addrinfo *gdbaddr;
1912 const char *saddr, *value;
1913 char *sport;
1914 bool wait;
1915
1916 value = get_config_value("gdb.port");
1917 if (value == NULL)
1918 return;
1919 sport = strdup(value);
1920 if (sport == NULL)
1921 errx(4, "Failed to allocate memory");
1922
1923 wait = get_config_bool_default("gdb.wait", false);
1924
1925 saddr = get_config_value("gdb.address");
1926 if (saddr == NULL) {
1927 saddr = "localhost";
1928 }
1929
1930 debug("==> starting on %s:%s, %swaiting\n",
1931 saddr, sport, wait ? "" : "not ");
1932
1933 error = pthread_mutex_init(&gdb_lock, NULL);
1934 if (error != 0)
1935 errc(1, error, "gdb mutex init");
1936 error = pthread_cond_init(&idle_vcpus, NULL);
1937 if (error != 0)
1938 errc(1, error, "gdb cv init");
1939
1940 memset(&hints, 0, sizeof(hints));
1941 hints.ai_family = AF_UNSPEC;
1942 hints.ai_socktype = SOCK_STREAM;
1943 hints.ai_flags = AI_NUMERICSERV | AI_PASSIVE;
1944
1945 error = getaddrinfo(saddr, sport, &hints, &gdbaddr);
1946 if (error != 0)
1947 errx(1, "gdb address resolution: %s", gai_strerror(error));
1948
1949 ctx = _ctx;
1950 s = socket(gdbaddr->ai_family, gdbaddr->ai_socktype, 0);
1951 if (s < 0)
1952 err(1, "gdb socket create");
1953
1954 optval = 1;
1955 (void)setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval));
1956
1957 if (bind(s, gdbaddr->ai_addr, gdbaddr->ai_addrlen) < 0)
1958 err(1, "gdb socket bind");
1959
1960 if (listen(s, 1) < 0)
1961 err(1, "gdb socket listen");
1962
1963 stopped_vcpu = -1;
1964 TAILQ_INIT(&breakpoints);
1965 vcpus = calloc(guest_ncpus, sizeof(*vcpus));
1966 vcpu_state = calloc(guest_ncpus, sizeof(*vcpu_state));
1967 if (wait) {
1968 /*
1969 * Set vcpu 0 in vcpus_suspended. This will trigger the
1970 * logic in gdb_cpu_add() to suspend the first vcpu before
1971 * it starts execution. The vcpu will remain suspended
1972 * until a debugger connects.
1973 */
1974 CPU_SET(0, &vcpus_suspended);
1975 stopped_vcpu = 0;
1976 }
1977
1978 flags = fcntl(s, F_GETFL);
1979 if (fcntl(s, F_SETFL, flags | O_NONBLOCK) == -1)
1980 err(1, "Failed to mark gdb socket non-blocking");
1981
1982 #ifndef WITHOUT_CAPSICUM
1983 limit_gdb_socket(s);
1984 #endif
1985 mevent_add(s, EVF_READ, new_connection, NULL);
1986 gdb_active = true;
1987 freeaddrinfo(gdbaddr);
1988 free(sport);
1989 }
1990