1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2017-2018 John H. Baldwin <jhb@FreeBSD.org> 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include <sys/cdefs.h> 29 __FBSDID("$FreeBSD$"); 30 31 #include <sys/param.h> 32 #ifndef WITHOUT_CAPSICUM 33 #include <sys/capsicum.h> 34 #endif 35 #include <sys/ioctl.h> 36 #include <sys/mman.h> 37 #include <sys/socket.h> 38 #include <machine/atomic.h> 39 #include <machine/specialreg.h> 40 #include <machine/vmm.h> 41 #include <netinet/in.h> 42 #include <assert.h> 43 #ifndef WITHOUT_CAPSICUM 44 #include <capsicum_helpers.h> 45 #endif 46 #include <err.h> 47 #include <errno.h> 48 #include <fcntl.h> 49 #include <pthread.h> 50 #include <pthread_np.h> 51 #include <stdbool.h> 52 #include <stdio.h> 53 #include <stdlib.h> 54 #include <string.h> 55 #include <sysexits.h> 56 #include <unistd.h> 57 #include <vmmapi.h> 58 59 #include "bhyverun.h" 60 #include "mem.h" 61 #include "mevent.h" 62 63 /* 64 * GDB_SIGNAL_* numbers are part of the GDB remote protocol. Most stops 65 * use SIGTRAP. 66 */ 67 #define GDB_SIGNAL_TRAP 5 68 69 static void gdb_resume_vcpus(void); 70 static void check_command(int fd); 71 72 static struct mevent *read_event, *write_event; 73 74 static cpuset_t vcpus_active, vcpus_suspended, vcpus_waiting; 75 static pthread_mutex_t gdb_lock; 76 static pthread_cond_t idle_vcpus; 77 static bool stop_pending, first_stop; 78 static int stepping_vcpu, stopped_vcpu; 79 80 /* 81 * An I/O buffer contains 'capacity' bytes of room at 'data'. For a 82 * read buffer, 'start' is unused and 'len' contains the number of 83 * valid bytes in the buffer. For a write buffer, 'start' is set to 84 * the index of the next byte in 'data' to send, and 'len' contains 85 * the remaining number of valid bytes to send. 86 */ 87 struct io_buffer { 88 uint8_t *data; 89 size_t capacity; 90 size_t start; 91 size_t len; 92 }; 93 94 static struct io_buffer cur_comm, cur_resp; 95 static uint8_t cur_csum; 96 static int cur_vcpu; 97 static struct vmctx *ctx; 98 static int cur_fd = -1; 99 100 const int gdb_regset[] = { 101 VM_REG_GUEST_RAX, 102 VM_REG_GUEST_RBX, 103 VM_REG_GUEST_RCX, 104 VM_REG_GUEST_RDX, 105 VM_REG_GUEST_RSI, 106 VM_REG_GUEST_RDI, 107 VM_REG_GUEST_RBP, 108 VM_REG_GUEST_RSP, 109 VM_REG_GUEST_R8, 110 VM_REG_GUEST_R9, 111 VM_REG_GUEST_R10, 112 VM_REG_GUEST_R11, 113 VM_REG_GUEST_R12, 114 VM_REG_GUEST_R13, 115 VM_REG_GUEST_R14, 116 VM_REG_GUEST_R15, 117 VM_REG_GUEST_RIP, 118 VM_REG_GUEST_RFLAGS, 119 VM_REG_GUEST_CS, 120 VM_REG_GUEST_SS, 121 VM_REG_GUEST_DS, 122 VM_REG_GUEST_ES, 123 VM_REG_GUEST_FS, 124 VM_REG_GUEST_GS 125 }; 126 127 const int gdb_regsize[] = { 128 8, 129 8, 130 8, 131 8, 132 8, 133 8, 134 8, 135 8, 136 8, 137 8, 138 8, 139 8, 140 8, 141 8, 142 8, 143 8, 144 8, 145 4, 146 4, 147 4, 148 4, 149 4, 150 4, 151 4 152 }; 153 154 #ifdef GDB_LOG 155 #include <stdarg.h> 156 #include <stdio.h> 157 158 static void __printflike(1, 2) 159 debug(const char *fmt, ...) 160 { 161 static FILE *logfile; 162 va_list ap; 163 164 if (logfile == NULL) { 165 logfile = fopen("/tmp/bhyve_gdb.log", "w"); 166 if (logfile == NULL) 167 return; 168 #ifndef WITHOUT_CAPSICUM 169 if (caph_limit_stream(fileno(logfile), CAPH_WRITE) == -1) { 170 fclose(logfile); 171 logfile = NULL; 172 return; 173 } 174 #endif 175 setlinebuf(logfile); 176 } 177 va_start(ap, fmt); 178 vfprintf(logfile, fmt, ap); 179 va_end(ap); 180 } 181 #else 182 #define debug(...) 183 #endif 184 185 static int 186 guest_paging_info(int vcpu, struct vm_guest_paging *paging) 187 { 188 uint64_t regs[4]; 189 const int regset[4] = { 190 VM_REG_GUEST_CR0, 191 VM_REG_GUEST_CR3, 192 VM_REG_GUEST_CR4, 193 VM_REG_GUEST_EFER 194 }; 195 196 if (vm_get_register_set(ctx, vcpu, nitems(regset), regset, regs) == -1) 197 return (-1); 198 199 /* 200 * For the debugger, always pretend to be the kernel (CPL 0), 201 * and if long-mode is enabled, always parse addresses as if 202 * in 64-bit mode. 203 */ 204 paging->cr3 = regs[1]; 205 paging->cpl = 0; 206 if (regs[3] & EFER_LMA) 207 paging->cpu_mode = CPU_MODE_64BIT; 208 else if (regs[0] & CR0_PE) 209 paging->cpu_mode = CPU_MODE_PROTECTED; 210 else 211 paging->cpu_mode = CPU_MODE_REAL; 212 if (!(regs[0] & CR0_PG)) 213 paging->paging_mode = PAGING_MODE_FLAT; 214 else if (!(regs[2] & CR4_PAE)) 215 paging->paging_mode = PAGING_MODE_32; 216 else if (regs[3] & EFER_LME) 217 paging->paging_mode = PAGING_MODE_64; 218 else 219 paging->paging_mode = PAGING_MODE_PAE; 220 return (0); 221 } 222 223 /* 224 * Map a guest virtual address to a physical address (for a given vcpu). 225 * If a guest virtual address is valid, return 1. If the address is 226 * not valid, return 0. If an error occurs obtaining the mapping, 227 * return -1. 228 */ 229 static int 230 guest_vaddr2paddr(int vcpu, uint64_t vaddr, uint64_t *paddr) 231 { 232 struct vm_guest_paging paging; 233 int fault; 234 235 if (guest_paging_info(vcpu, &paging) == -1) 236 return (-1); 237 238 /* 239 * Always use PROT_READ. We really care if the VA is 240 * accessible, not if the current vCPU can write. 241 */ 242 if (vm_gla2gpa_nofault(ctx, vcpu, &paging, vaddr, PROT_READ, paddr, 243 &fault) == -1) 244 return (-1); 245 if (fault) 246 return (0); 247 return (1); 248 } 249 250 static void 251 io_buffer_reset(struct io_buffer *io) 252 { 253 254 io->start = 0; 255 io->len = 0; 256 } 257 258 /* Available room for adding data. */ 259 static size_t 260 io_buffer_avail(struct io_buffer *io) 261 { 262 263 return (io->capacity - (io->start + io->len)); 264 } 265 266 static uint8_t * 267 io_buffer_head(struct io_buffer *io) 268 { 269 270 return (io->data + io->start); 271 } 272 273 static uint8_t * 274 io_buffer_tail(struct io_buffer *io) 275 { 276 277 return (io->data + io->start + io->len); 278 } 279 280 static void 281 io_buffer_advance(struct io_buffer *io, size_t amount) 282 { 283 284 assert(amount <= io->len); 285 io->start += amount; 286 io->len -= amount; 287 } 288 289 static void 290 io_buffer_consume(struct io_buffer *io, size_t amount) 291 { 292 293 io_buffer_advance(io, amount); 294 if (io->len == 0) { 295 io->start = 0; 296 return; 297 } 298 299 /* 300 * XXX: Consider making this move optional and compacting on a 301 * future read() before realloc(). 302 */ 303 memmove(io->data, io_buffer_head(io), io->len); 304 io->start = 0; 305 } 306 307 static void 308 io_buffer_grow(struct io_buffer *io, size_t newsize) 309 { 310 uint8_t *new_data; 311 size_t avail, new_cap; 312 313 avail = io_buffer_avail(io); 314 if (newsize <= avail) 315 return; 316 317 new_cap = io->capacity + (newsize - avail); 318 new_data = realloc(io->data, new_cap); 319 if (new_data == NULL) 320 err(1, "Failed to grow GDB I/O buffer"); 321 io->data = new_data; 322 io->capacity = new_cap; 323 } 324 325 static bool 326 response_pending(void) 327 { 328 329 if (cur_resp.start == 0 && cur_resp.len == 0) 330 return (false); 331 if (cur_resp.start + cur_resp.len == 1 && cur_resp.data[0] == '+') 332 return (false); 333 return (true); 334 } 335 336 static void 337 close_connection(void) 338 { 339 340 /* 341 * XXX: This triggers a warning because mevent does the close 342 * before the EV_DELETE. 343 */ 344 pthread_mutex_lock(&gdb_lock); 345 mevent_delete(write_event); 346 mevent_delete_close(read_event); 347 write_event = NULL; 348 read_event = NULL; 349 io_buffer_reset(&cur_comm); 350 io_buffer_reset(&cur_resp); 351 cur_fd = -1; 352 353 /* Resume any stopped vCPUs. */ 354 gdb_resume_vcpus(); 355 pthread_mutex_unlock(&gdb_lock); 356 } 357 358 static uint8_t 359 hex_digit(uint8_t nibble) 360 { 361 362 if (nibble <= 9) 363 return (nibble + '0'); 364 else 365 return (nibble + 'a' - 10); 366 } 367 368 static uint8_t 369 parse_digit(uint8_t v) 370 { 371 372 if (v >= '0' && v <= '9') 373 return (v - '0'); 374 if (v >= 'a' && v <= 'f') 375 return (v - 'a' + 10); 376 if (v >= 'A' && v <= 'F') 377 return (v - 'A' + 10); 378 return (0xF); 379 } 380 381 /* Parses big-endian hexadecimal. */ 382 static uintmax_t 383 parse_integer(const uint8_t *p, size_t len) 384 { 385 uintmax_t v; 386 387 v = 0; 388 while (len > 0) { 389 v <<= 4; 390 v |= parse_digit(*p); 391 p++; 392 len--; 393 } 394 return (v); 395 } 396 397 static uint8_t 398 parse_byte(const uint8_t *p) 399 { 400 401 return (parse_digit(p[0]) << 4 | parse_digit(p[1])); 402 } 403 404 static void 405 send_pending_data(int fd) 406 { 407 ssize_t nwritten; 408 409 if (cur_resp.len == 0) { 410 mevent_disable(write_event); 411 return; 412 } 413 nwritten = write(fd, io_buffer_head(&cur_resp), cur_resp.len); 414 if (nwritten == -1) { 415 warn("Write to GDB socket failed"); 416 close_connection(); 417 } else { 418 io_buffer_advance(&cur_resp, nwritten); 419 if (cur_resp.len == 0) 420 mevent_disable(write_event); 421 else 422 mevent_enable(write_event); 423 } 424 } 425 426 /* Append a single character to the output buffer. */ 427 static void 428 send_char(uint8_t data) 429 { 430 io_buffer_grow(&cur_resp, 1); 431 *io_buffer_tail(&cur_resp) = data; 432 cur_resp.len++; 433 } 434 435 /* Append an array of bytes to the output buffer. */ 436 static void 437 send_data(const uint8_t *data, size_t len) 438 { 439 440 io_buffer_grow(&cur_resp, len); 441 memcpy(io_buffer_tail(&cur_resp), data, len); 442 cur_resp.len += len; 443 } 444 445 static void 446 format_byte(uint8_t v, uint8_t *buf) 447 { 448 449 buf[0] = hex_digit(v >> 4); 450 buf[1] = hex_digit(v & 0xf); 451 } 452 453 /* 454 * Append a single byte (formatted as two hex characters) to the 455 * output buffer. 456 */ 457 static void 458 send_byte(uint8_t v) 459 { 460 uint8_t buf[2]; 461 462 format_byte(v, buf); 463 send_data(buf, sizeof(buf)); 464 } 465 466 static void 467 start_packet(void) 468 { 469 470 send_char('$'); 471 cur_csum = 0; 472 } 473 474 static void 475 finish_packet(void) 476 { 477 478 send_char('#'); 479 send_byte(cur_csum); 480 debug("-> %.*s\n", (int)cur_resp.len, io_buffer_head(&cur_resp)); 481 } 482 483 /* 484 * Append a single character (for the packet payload) and update the 485 * checksum. 486 */ 487 static void 488 append_char(uint8_t v) 489 { 490 491 send_char(v); 492 cur_csum += v; 493 } 494 495 /* 496 * Append an array of bytes (for the packet payload) and update the 497 * checksum. 498 */ 499 static void 500 append_packet_data(const uint8_t *data, size_t len) 501 { 502 503 send_data(data, len); 504 while (len > 0) { 505 cur_csum += *data; 506 data++; 507 len--; 508 } 509 } 510 511 static void 512 append_string(const char *str) 513 { 514 515 append_packet_data(str, strlen(str)); 516 } 517 518 static void 519 append_byte(uint8_t v) 520 { 521 uint8_t buf[2]; 522 523 format_byte(v, buf); 524 append_packet_data(buf, sizeof(buf)); 525 } 526 527 static void 528 append_unsigned_native(uintmax_t value, size_t len) 529 { 530 size_t i; 531 532 for (i = 0; i < len; i++) { 533 append_byte(value); 534 value >>= 8; 535 } 536 } 537 538 static void 539 append_unsigned_be(uintmax_t value, size_t len) 540 { 541 char buf[len * 2]; 542 size_t i; 543 544 for (i = 0; i < len; i++) { 545 format_byte(value, buf + (len - i - 1) * 2); 546 value >>= 8; 547 } 548 append_packet_data(buf, sizeof(buf)); 549 } 550 551 static void 552 append_integer(unsigned int value) 553 { 554 555 if (value == 0) 556 append_char('0'); 557 else 558 append_unsigned_be(value, fls(value) + 7 / 8); 559 } 560 561 static void 562 append_asciihex(const char *str) 563 { 564 565 while (*str != '\0') { 566 append_byte(*str); 567 str++; 568 } 569 } 570 571 static void 572 send_empty_response(void) 573 { 574 575 start_packet(); 576 finish_packet(); 577 } 578 579 static void 580 send_error(int error) 581 { 582 583 start_packet(); 584 append_char('E'); 585 append_byte(error); 586 finish_packet(); 587 } 588 589 static void 590 send_ok(void) 591 { 592 593 start_packet(); 594 append_string("OK"); 595 finish_packet(); 596 } 597 598 static int 599 parse_threadid(const uint8_t *data, size_t len) 600 { 601 602 if (len == 1 && *data == '0') 603 return (0); 604 if (len == 2 && memcmp(data, "-1", 2) == 0) 605 return (-1); 606 if (len == 0) 607 return (-2); 608 return (parse_integer(data, len)); 609 } 610 611 static void 612 report_stop(void) 613 { 614 615 start_packet(); 616 if (stopped_vcpu == -1) 617 append_char('S'); 618 else 619 append_char('T'); 620 append_byte(GDB_SIGNAL_TRAP); 621 if (stopped_vcpu != -1) { 622 append_string("thread:"); 623 append_integer(stopped_vcpu + 1); 624 append_char(';'); 625 } 626 stopped_vcpu = -1; 627 finish_packet(); 628 } 629 630 static void 631 gdb_finish_suspend_vcpus(void) 632 { 633 634 if (first_stop) { 635 first_stop = false; 636 stopped_vcpu = -1; 637 } else if (response_pending()) 638 stop_pending = true; 639 else { 640 report_stop(); 641 send_pending_data(cur_fd); 642 } 643 } 644 645 static void 646 _gdb_cpu_suspend(int vcpu, bool report_stop) 647 { 648 649 debug("$vCPU %d suspending\n", vcpu); 650 CPU_SET(vcpu, &vcpus_waiting); 651 if (report_stop && CPU_CMP(&vcpus_waiting, &vcpus_suspended) == 0) 652 gdb_finish_suspend_vcpus(); 653 while (CPU_ISSET(vcpu, &vcpus_suspended) && vcpu != stepping_vcpu) 654 pthread_cond_wait(&idle_vcpus, &gdb_lock); 655 CPU_CLR(vcpu, &vcpus_waiting); 656 debug("$vCPU %d resuming\n", vcpu); 657 } 658 659 void 660 gdb_cpu_add(int vcpu) 661 { 662 663 debug("$vCPU %d starting\n", vcpu); 664 pthread_mutex_lock(&gdb_lock); 665 CPU_SET(vcpu, &vcpus_active); 666 667 /* 668 * If a vcpu is added while vcpus are stopped, suspend the new 669 * vcpu so that it will pop back out with a debug exit before 670 * executing the first instruction. 671 */ 672 if (!CPU_EMPTY(&vcpus_suspended)) { 673 CPU_SET(vcpu, &vcpus_suspended); 674 _gdb_cpu_suspend(vcpu, false); 675 } 676 pthread_mutex_unlock(&gdb_lock); 677 } 678 679 void 680 gdb_cpu_suspend(int vcpu) 681 { 682 683 pthread_mutex_lock(&gdb_lock); 684 _gdb_cpu_suspend(vcpu, true); 685 pthread_mutex_unlock(&gdb_lock); 686 } 687 688 void 689 gdb_cpu_mtrap(int vcpu) 690 { 691 692 debug("$vCPU %d MTRAP\n", vcpu); 693 pthread_mutex_lock(&gdb_lock); 694 if (vcpu == stepping_vcpu) { 695 stepping_vcpu = -1; 696 vm_set_capability(ctx, vcpu, VM_CAP_MTRAP_EXIT, 0); 697 vm_suspend_cpu(ctx, vcpu); 698 assert(stopped_vcpu == -1); 699 stopped_vcpu = vcpu; 700 _gdb_cpu_suspend(vcpu, true); 701 } 702 pthread_mutex_unlock(&gdb_lock); 703 } 704 705 static void 706 gdb_suspend_vcpus(void) 707 { 708 709 assert(pthread_mutex_isowned_np(&gdb_lock)); 710 debug("suspending all CPUs\n"); 711 vcpus_suspended = vcpus_active; 712 vm_suspend_cpu(ctx, -1); 713 if (CPU_CMP(&vcpus_waiting, &vcpus_suspended) == 0) 714 gdb_finish_suspend_vcpus(); 715 } 716 717 static bool 718 gdb_step_vcpu(int vcpu) 719 { 720 int error, val; 721 722 debug("$vCPU %d step\n", vcpu); 723 error = vm_get_capability(ctx, vcpu, VM_CAP_MTRAP_EXIT, &val); 724 if (error < 0) 725 return (false); 726 error = vm_set_capability(ctx, vcpu, VM_CAP_MTRAP_EXIT, 1); 727 vm_resume_cpu(ctx, vcpu); 728 stepping_vcpu = vcpu; 729 pthread_cond_broadcast(&idle_vcpus); 730 return (true); 731 } 732 733 static void 734 gdb_resume_vcpus(void) 735 { 736 737 assert(pthread_mutex_isowned_np(&gdb_lock)); 738 vm_resume_cpu(ctx, -1); 739 debug("resuming all CPUs\n"); 740 CPU_ZERO(&vcpus_suspended); 741 pthread_cond_broadcast(&idle_vcpus); 742 } 743 744 static void 745 gdb_read_regs(void) 746 { 747 uint64_t regvals[nitems(gdb_regset)]; 748 int i; 749 750 if (vm_get_register_set(ctx, cur_vcpu, nitems(gdb_regset), 751 gdb_regset, regvals) == -1) { 752 send_error(errno); 753 return; 754 } 755 start_packet(); 756 for (i = 0; i < nitems(regvals); i++) 757 append_unsigned_native(regvals[i], gdb_regsize[i]); 758 finish_packet(); 759 } 760 761 static void 762 gdb_read_mem(const uint8_t *data, size_t len) 763 { 764 uint64_t gpa, gva, val; 765 uint8_t *cp; 766 size_t resid, todo, bytes; 767 bool started; 768 int error; 769 770 /* Skip 'm' */ 771 data += 1; 772 len -= 1; 773 774 /* Parse and consume address. */ 775 cp = memchr(data, ',', len); 776 if (cp == NULL || cp == data) { 777 send_error(EINVAL); 778 return; 779 } 780 gva = parse_integer(data, cp - data); 781 len -= (cp - data) + 1; 782 data += (cp - data) + 1; 783 784 /* Parse length. */ 785 resid = parse_integer(data, len); 786 787 started = false; 788 while (resid > 0) { 789 error = guest_vaddr2paddr(cur_vcpu, gva, &gpa); 790 if (error == -1) { 791 if (started) 792 finish_packet(); 793 else 794 send_error(errno); 795 return; 796 } 797 if (error == 0) { 798 if (started) 799 finish_packet(); 800 else 801 send_error(EFAULT); 802 return; 803 } 804 805 /* Read bytes from current page. */ 806 todo = getpagesize() - gpa % getpagesize(); 807 if (todo > resid) 808 todo = resid; 809 810 cp = paddr_guest2host(ctx, gpa, todo); 811 if (cp != NULL) { 812 /* 813 * If this page is guest RAM, read it a byte 814 * at a time. 815 */ 816 if (!started) { 817 start_packet(); 818 started = true; 819 } 820 while (todo > 0) { 821 append_byte(*cp); 822 cp++; 823 gpa++; 824 gva++; 825 resid--; 826 todo--; 827 } 828 } else { 829 /* 830 * If this page isn't guest RAM, try to handle 831 * it via MMIO. For MMIO requests, use 832 * aligned reads of words when possible. 833 */ 834 while (todo > 0) { 835 if (gpa & 1 || todo == 1) 836 bytes = 1; 837 else if (gpa & 2 || todo == 2) 838 bytes = 2; 839 else 840 bytes = 4; 841 error = read_mem(ctx, cur_vcpu, gpa, &val, 842 bytes); 843 if (error == 0) { 844 if (!started) { 845 start_packet(); 846 started = true; 847 } 848 gpa += bytes; 849 gva += bytes; 850 resid -= bytes; 851 todo -= bytes; 852 while (bytes > 0) { 853 append_byte(val); 854 val >>= 8; 855 bytes--; 856 } 857 } else { 858 if (started) 859 finish_packet(); 860 else 861 send_error(EFAULT); 862 return; 863 } 864 } 865 } 866 assert(resid == 0 || gpa % getpagesize() == 0); 867 } 868 if (!started) 869 start_packet(); 870 finish_packet(); 871 } 872 873 static void 874 gdb_write_mem(const uint8_t *data, size_t len) 875 { 876 uint64_t gpa, gva, val; 877 uint8_t *cp; 878 size_t resid, todo, bytes; 879 int error; 880 881 /* Skip 'M' */ 882 data += 1; 883 len -= 1; 884 885 /* Parse and consume address. */ 886 cp = memchr(data, ',', len); 887 if (cp == NULL || cp == data) { 888 send_error(EINVAL); 889 return; 890 } 891 gva = parse_integer(data, cp - data); 892 len -= (cp - data) + 1; 893 data += (cp - data) + 1; 894 895 /* Parse and consume length. */ 896 cp = memchr(data, ':', len); 897 if (cp == NULL || cp == data) { 898 send_error(EINVAL); 899 return; 900 } 901 resid = parse_integer(data, cp - data); 902 len -= (cp - data) + 1; 903 data += (cp - data) + 1; 904 905 /* Verify the available bytes match the length. */ 906 if (len != resid * 2) { 907 send_error(EINVAL); 908 return; 909 } 910 911 while (resid > 0) { 912 error = guest_vaddr2paddr(cur_vcpu, gva, &gpa); 913 if (error == -1) { 914 send_error(errno); 915 return; 916 } 917 if (error == 0) { 918 send_error(EFAULT); 919 return; 920 } 921 922 /* Write bytes to current page. */ 923 todo = getpagesize() - gpa % getpagesize(); 924 if (todo > resid) 925 todo = resid; 926 927 cp = paddr_guest2host(ctx, gpa, todo); 928 if (cp != NULL) { 929 /* 930 * If this page is guest RAM, write it a byte 931 * at a time. 932 */ 933 while (todo > 0) { 934 assert(len >= 2); 935 *cp = parse_byte(data); 936 data += 2; 937 len -= 2; 938 cp++; 939 gpa++; 940 gva++; 941 resid--; 942 todo--; 943 } 944 } else { 945 /* 946 * If this page isn't guest RAM, try to handle 947 * it via MMIO. For MMIO requests, use 948 * aligned writes of words when possible. 949 */ 950 while (todo > 0) { 951 if (gpa & 1 || todo == 1) { 952 bytes = 1; 953 val = parse_byte(data); 954 } else if (gpa & 2 || todo == 2) { 955 bytes = 2; 956 val = parse_byte(data) | 957 (parse_byte(data + 2) << 8); 958 } else { 959 bytes = 4; 960 val = parse_byte(data) | 961 (parse_byte(data + 2) << 8) | 962 (parse_byte(data + 4) << 16) | 963 (parse_byte(data + 6) << 24); 964 } 965 error = write_mem(ctx, cur_vcpu, gpa, val, 966 bytes); 967 if (error == 0) { 968 gpa += bytes; 969 gva += bytes; 970 resid -= bytes; 971 todo -= bytes; 972 data += 2 * bytes; 973 len -= 2 * bytes; 974 } else { 975 send_error(EFAULT); 976 return; 977 } 978 } 979 } 980 assert(resid == 0 || gpa % getpagesize() == 0); 981 } 982 assert(len == 0); 983 send_ok(); 984 } 985 986 static bool 987 command_equals(const uint8_t *data, size_t len, const char *cmd) 988 { 989 990 if (strlen(cmd) > len) 991 return (false); 992 return (memcmp(data, cmd, strlen(cmd)) == 0); 993 } 994 995 static void 996 gdb_query(const uint8_t *data, size_t len) 997 { 998 999 /* 1000 * TODO: 1001 * - qSearch 1002 * - qSupported 1003 */ 1004 if (command_equals(data, len, "qAttached")) { 1005 start_packet(); 1006 append_char('1'); 1007 finish_packet(); 1008 } else if (command_equals(data, len, "qC")) { 1009 start_packet(); 1010 append_string("QC"); 1011 append_integer(cur_vcpu + 1); 1012 finish_packet(); 1013 } else if (command_equals(data, len, "qfThreadInfo")) { 1014 cpuset_t mask; 1015 bool first; 1016 int vcpu; 1017 1018 if (CPU_EMPTY(&vcpus_active)) { 1019 send_error(EINVAL); 1020 return; 1021 } 1022 mask = vcpus_active; 1023 start_packet(); 1024 append_char('m'); 1025 first = true; 1026 while (!CPU_EMPTY(&mask)) { 1027 vcpu = CPU_FFS(&mask) - 1; 1028 CPU_CLR(vcpu, &mask); 1029 if (first) 1030 first = false; 1031 else 1032 append_char(','); 1033 append_integer(vcpu + 1); 1034 } 1035 finish_packet(); 1036 } else if (command_equals(data, len, "qsThreadInfo")) { 1037 start_packet(); 1038 append_char('l'); 1039 finish_packet(); 1040 } else if (command_equals(data, len, "qThreadExtraInfo")) { 1041 char buf[16]; 1042 int tid; 1043 1044 data += strlen("qThreadExtraInfo"); 1045 len -= strlen("qThreadExtraInfo"); 1046 if (*data != ',') { 1047 send_error(EINVAL); 1048 return; 1049 } 1050 tid = parse_threadid(data + 1, len - 1); 1051 if (tid <= 0 || !CPU_ISSET(tid - 1, &vcpus_active)) { 1052 send_error(EINVAL); 1053 return; 1054 } 1055 1056 snprintf(buf, sizeof(buf), "vCPU %d", tid - 1); 1057 start_packet(); 1058 append_asciihex(buf); 1059 finish_packet(); 1060 } else 1061 send_empty_response(); 1062 } 1063 1064 static void 1065 handle_command(const uint8_t *data, size_t len) 1066 { 1067 1068 /* Reject packets with a sequence-id. */ 1069 if (len >= 3 && data[0] >= '0' && data[0] <= '9' && 1070 data[0] >= '0' && data[0] <= '9' && data[2] == ':') { 1071 send_empty_response(); 1072 return; 1073 } 1074 1075 switch (*data) { 1076 case 'c': 1077 if (len != 1) { 1078 send_error(EINVAL); 1079 break; 1080 } 1081 1082 /* Don't send a reply until a stop occurs. */ 1083 gdb_resume_vcpus(); 1084 break; 1085 case 'D': 1086 send_ok(); 1087 1088 /* TODO: Resume any stopped CPUs. */ 1089 break; 1090 case 'g': { 1091 gdb_read_regs(); 1092 break; 1093 } 1094 case 'H': { 1095 int tid; 1096 1097 if (data[1] != 'g' && data[1] != 'c') { 1098 send_error(EINVAL); 1099 break; 1100 } 1101 tid = parse_threadid(data + 2, len - 2); 1102 if (tid == -2) { 1103 send_error(EINVAL); 1104 break; 1105 } 1106 1107 if (CPU_EMPTY(&vcpus_active)) { 1108 send_error(EINVAL); 1109 break; 1110 } 1111 if (tid == -1 || tid == 0) 1112 cur_vcpu = CPU_FFS(&vcpus_active) - 1; 1113 else if (CPU_ISSET(tid - 1, &vcpus_active)) 1114 cur_vcpu = tid - 1; 1115 else { 1116 send_error(EINVAL); 1117 break; 1118 } 1119 send_ok(); 1120 break; 1121 } 1122 case 'm': 1123 gdb_read_mem(data, len); 1124 break; 1125 case 'M': 1126 gdb_write_mem(data, len); 1127 break; 1128 case 'T': { 1129 int tid; 1130 1131 tid = parse_threadid(data + 1, len - 1); 1132 if (tid <= 0 || !CPU_ISSET(tid - 1, &vcpus_active)) { 1133 send_error(EINVAL); 1134 return; 1135 } 1136 send_ok(); 1137 break; 1138 } 1139 case 'q': 1140 gdb_query(data, len); 1141 break; 1142 case 's': 1143 if (len != 1) { 1144 send_error(EINVAL); 1145 break; 1146 } 1147 1148 /* Don't send a reply until a stop occurs. */ 1149 if (!gdb_step_vcpu(cur_vcpu)) { 1150 send_error(EOPNOTSUPP); 1151 break; 1152 } 1153 break; 1154 case '?': 1155 /* XXX: Only if stopped? */ 1156 /* For now, just report that we are always stopped. */ 1157 start_packet(); 1158 append_char('S'); 1159 append_byte(GDB_SIGNAL_TRAP); 1160 finish_packet(); 1161 break; 1162 case 'G': /* TODO */ 1163 case 'v': 1164 /* Handle 'vCont' */ 1165 /* 'vCtrlC' */ 1166 case 'p': /* TODO */ 1167 case 'P': /* TODO */ 1168 case 'Q': /* TODO */ 1169 case 't': /* TODO */ 1170 case 'X': /* TODO */ 1171 case 'z': /* TODO */ 1172 case 'Z': /* TODO */ 1173 default: 1174 send_empty_response(); 1175 } 1176 } 1177 1178 /* Check for a valid packet in the command buffer. */ 1179 static void 1180 check_command(int fd) 1181 { 1182 uint8_t *head, *hash, *p, sum; 1183 size_t avail, plen; 1184 1185 for (;;) { 1186 avail = cur_comm.len; 1187 if (avail == 0) 1188 return; 1189 head = io_buffer_head(&cur_comm); 1190 switch (*head) { 1191 case 0x03: 1192 debug("<- Ctrl-C\n"); 1193 io_buffer_consume(&cur_comm, 1); 1194 1195 gdb_suspend_vcpus(); 1196 break; 1197 case '+': 1198 /* ACK of previous response. */ 1199 debug("<- +\n"); 1200 if (response_pending()) 1201 io_buffer_reset(&cur_resp); 1202 io_buffer_consume(&cur_comm, 1); 1203 if (stop_pending) { 1204 stop_pending = false; 1205 report_stop(); 1206 send_pending_data(fd); 1207 } 1208 break; 1209 case '-': 1210 /* NACK of previous response. */ 1211 debug("<- -\n"); 1212 if (response_pending()) { 1213 cur_resp.len += cur_resp.start; 1214 cur_resp.start = 0; 1215 if (cur_resp.data[0] == '+') 1216 io_buffer_advance(&cur_resp, 1); 1217 debug("-> %.*s\n", (int)cur_resp.len, 1218 io_buffer_head(&cur_resp)); 1219 } 1220 io_buffer_consume(&cur_comm, 1); 1221 send_pending_data(fd); 1222 break; 1223 case '$': 1224 /* Packet. */ 1225 1226 if (response_pending()) { 1227 warnx("New GDB command while response in " 1228 "progress"); 1229 io_buffer_reset(&cur_resp); 1230 } 1231 1232 /* Is packet complete? */ 1233 hash = memchr(head, '#', avail); 1234 if (hash == NULL) 1235 return; 1236 plen = (hash - head + 1) + 2; 1237 if (avail < plen) 1238 return; 1239 debug("<- %.*s\n", (int)plen, head); 1240 1241 /* Verify checksum. */ 1242 for (sum = 0, p = head + 1; p < hash; p++) 1243 sum += *p; 1244 if (sum != parse_byte(hash + 1)) { 1245 io_buffer_consume(&cur_comm, plen); 1246 debug("-> -\n"); 1247 send_char('-'); 1248 send_pending_data(fd); 1249 break; 1250 } 1251 send_char('+'); 1252 1253 handle_command(head + 1, hash - (head + 1)); 1254 io_buffer_consume(&cur_comm, plen); 1255 if (!response_pending()) 1256 debug("-> +\n"); 1257 send_pending_data(fd); 1258 break; 1259 default: 1260 /* XXX: Possibly drop connection instead. */ 1261 debug("-> %02x\n", *head); 1262 io_buffer_consume(&cur_comm, 1); 1263 break; 1264 } 1265 } 1266 } 1267 1268 static void 1269 gdb_readable(int fd, enum ev_type event, void *arg) 1270 { 1271 ssize_t nread; 1272 int pending; 1273 1274 if (ioctl(fd, FIONREAD, &pending) == -1) { 1275 warn("FIONREAD on GDB socket"); 1276 return; 1277 } 1278 1279 /* 1280 * 'pending' might be zero due to EOF. We need to call read 1281 * with a non-zero length to detect EOF. 1282 */ 1283 if (pending == 0) 1284 pending = 1; 1285 1286 /* Ensure there is room in the command buffer. */ 1287 io_buffer_grow(&cur_comm, pending); 1288 assert(io_buffer_avail(&cur_comm) >= pending); 1289 1290 nread = read(fd, io_buffer_tail(&cur_comm), io_buffer_avail(&cur_comm)); 1291 if (nread == 0) { 1292 close_connection(); 1293 } else if (nread == -1) { 1294 if (errno == EAGAIN) 1295 return; 1296 1297 warn("Read from GDB socket"); 1298 close_connection(); 1299 } else { 1300 cur_comm.len += nread; 1301 pthread_mutex_lock(&gdb_lock); 1302 check_command(fd); 1303 pthread_mutex_unlock(&gdb_lock); 1304 } 1305 } 1306 1307 static void 1308 gdb_writable(int fd, enum ev_type event, void *arg) 1309 { 1310 1311 send_pending_data(fd); 1312 } 1313 1314 static void 1315 new_connection(int fd, enum ev_type event, void *arg) 1316 { 1317 int optval, s; 1318 1319 s = accept4(fd, NULL, NULL, SOCK_NONBLOCK); 1320 if (s == -1) { 1321 if (arg != NULL) 1322 err(1, "Failed accepting initial GDB connection"); 1323 1324 /* Silently ignore errors post-startup. */ 1325 return; 1326 } 1327 1328 optval = 1; 1329 if (setsockopt(s, SOL_SOCKET, SO_NOSIGPIPE, &optval, sizeof(optval)) == 1330 -1) { 1331 warn("Failed to disable SIGPIPE for GDB connection"); 1332 close(s); 1333 return; 1334 } 1335 1336 pthread_mutex_lock(&gdb_lock); 1337 if (cur_fd != -1) { 1338 close(s); 1339 warnx("Ignoring additional GDB connection."); 1340 } 1341 1342 read_event = mevent_add(s, EVF_READ, gdb_readable, NULL); 1343 if (read_event == NULL) { 1344 if (arg != NULL) 1345 err(1, "Failed to setup initial GDB connection"); 1346 pthread_mutex_unlock(&gdb_lock); 1347 return; 1348 } 1349 write_event = mevent_add(s, EVF_WRITE, gdb_writable, NULL); 1350 if (write_event == NULL) { 1351 if (arg != NULL) 1352 err(1, "Failed to setup initial GDB connection"); 1353 mevent_delete_close(read_event); 1354 read_event = NULL; 1355 } 1356 1357 cur_fd = s; 1358 cur_vcpu = 0; 1359 stepping_vcpu = -1; 1360 stopped_vcpu = -1; 1361 stop_pending = false; 1362 1363 /* Break on attach. */ 1364 first_stop = true; 1365 gdb_suspend_vcpus(); 1366 pthread_mutex_unlock(&gdb_lock); 1367 } 1368 1369 #ifndef WITHOUT_CAPSICUM 1370 void 1371 limit_gdb_socket(int s) 1372 { 1373 cap_rights_t rights; 1374 unsigned long ioctls[] = { FIONREAD }; 1375 1376 cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE, 1377 CAP_SETSOCKOPT, CAP_IOCTL); 1378 if (caph_rights_limit(s, &rights) == -1) 1379 errx(EX_OSERR, "Unable to apply rights for sandbox"); 1380 if (caph_ioctls_limit(s, ioctls, nitems(ioctls)) == -1) 1381 errx(EX_OSERR, "Unable to apply rights for sandbox"); 1382 } 1383 #endif 1384 1385 void 1386 init_gdb(struct vmctx *_ctx, int sport, bool wait) 1387 { 1388 struct sockaddr_in sin; 1389 int error, flags, s; 1390 1391 debug("==> starting on %d, %swaiting\n", sport, wait ? "" : "not "); 1392 1393 error = pthread_mutex_init(&gdb_lock, NULL); 1394 if (error != 0) 1395 errc(1, error, "gdb mutex init"); 1396 error = pthread_cond_init(&idle_vcpus, NULL); 1397 if (error != 0) 1398 errc(1, error, "gdb cv init"); 1399 1400 ctx = _ctx; 1401 s = socket(PF_INET, SOCK_STREAM, 0); 1402 if (s < 0) 1403 err(1, "gdb socket create"); 1404 1405 sin.sin_len = sizeof(sin); 1406 sin.sin_family = AF_INET; 1407 sin.sin_addr.s_addr = htonl(INADDR_ANY); 1408 sin.sin_port = htons(sport); 1409 1410 if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) < 0) 1411 err(1, "gdb socket bind"); 1412 1413 if (listen(s, 1) < 0) 1414 err(1, "gdb socket listen"); 1415 1416 if (wait) { 1417 /* 1418 * Set vcpu 0 in vcpus_suspended. This will trigger the 1419 * logic in gdb_cpu_add() to suspend the first vcpu before 1420 * it starts execution. The vcpu will remain suspended 1421 * until a debugger connects. 1422 */ 1423 stepping_vcpu = -1; 1424 stopped_vcpu = -1; 1425 CPU_SET(0, &vcpus_suspended); 1426 } 1427 1428 flags = fcntl(s, F_GETFL); 1429 if (fcntl(s, F_SETFL, flags | O_NONBLOCK) == -1) 1430 err(1, "Failed to mark gdb socket non-blocking"); 1431 1432 #ifndef WITHOUT_CAPSICUM 1433 limit_gdb_socket(s); 1434 #endif 1435 mevent_add(s, EVF_READ, new_connection, NULL); 1436 } 1437