1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2017-2018 John H. Baldwin <jhb@FreeBSD.org> 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include <sys/cdefs.h> 29 #include <sys/param.h> 30 #ifndef WITHOUT_CAPSICUM 31 #include <sys/capsicum.h> 32 #endif 33 #include <sys/endian.h> 34 #include <sys/ioctl.h> 35 #include <sys/mman.h> 36 #include <sys/queue.h> 37 #include <sys/socket.h> 38 #include <machine/atomic.h> 39 #include <machine/specialreg.h> 40 #include <machine/vmm.h> 41 #include <netinet/in.h> 42 #include <assert.h> 43 #ifndef WITHOUT_CAPSICUM 44 #include <capsicum_helpers.h> 45 #endif 46 #include <err.h> 47 #include <errno.h> 48 #include <fcntl.h> 49 #include <netdb.h> 50 #include <pthread.h> 51 #include <pthread_np.h> 52 #include <stdbool.h> 53 #include <stdio.h> 54 #include <stdlib.h> 55 #include <string.h> 56 #include <sysexits.h> 57 #include <unistd.h> 58 #include <vmmapi.h> 59 60 #include "bhyverun.h" 61 #include "config.h" 62 #include "gdb.h" 63 #include "mem.h" 64 #include "mevent.h" 65 66 /* 67 * GDB_SIGNAL_* numbers are part of the GDB remote protocol. Most stops 68 * use SIGTRAP. 69 */ 70 #define GDB_SIGNAL_TRAP 5 71 72 static void gdb_resume_vcpus(void); 73 static void check_command(int fd); 74 75 static struct mevent *read_event, *write_event; 76 77 static cpuset_t vcpus_active, vcpus_suspended, vcpus_waiting; 78 static pthread_mutex_t gdb_lock; 79 static pthread_cond_t idle_vcpus; 80 static bool first_stop, report_next_stop, swbreak_enabled; 81 82 /* 83 * An I/O buffer contains 'capacity' bytes of room at 'data'. For a 84 * read buffer, 'start' is unused and 'len' contains the number of 85 * valid bytes in the buffer. For a write buffer, 'start' is set to 86 * the index of the next byte in 'data' to send, and 'len' contains 87 * the remaining number of valid bytes to send. 88 */ 89 struct io_buffer { 90 uint8_t *data; 91 size_t capacity; 92 size_t start; 93 size_t len; 94 }; 95 96 struct breakpoint { 97 uint64_t gpa; 98 uint8_t shadow_inst; 99 TAILQ_ENTRY(breakpoint) link; 100 }; 101 102 /* 103 * When a vCPU stops to due to an event that should be reported to the 104 * debugger, information about the event is stored in this structure. 105 * The vCPU thread then sets 'stopped_vcpu' if it is not already set 106 * and stops other vCPUs so the event can be reported. The 107 * report_stop() function reports the event for the 'stopped_vcpu' 108 * vCPU. When the debugger resumes execution via continue or step, 109 * the event for 'stopped_vcpu' is cleared. vCPUs will loop in their 110 * event handlers until the associated event is reported or disabled. 111 * 112 * An idle vCPU will have all of the boolean fields set to false. 113 * 114 * When a vCPU is stepped, 'stepping' is set to true when the vCPU is 115 * released to execute the stepped instruction. When the vCPU reports 116 * the stepping trap, 'stepped' is set. 117 * 118 * When a vCPU hits a breakpoint set by the debug server, 119 * 'hit_swbreak' is set to true. 120 */ 121 struct vcpu_state { 122 bool stepping; 123 bool stepped; 124 bool hit_swbreak; 125 }; 126 127 static struct io_buffer cur_comm, cur_resp; 128 static uint8_t cur_csum; 129 static struct vmctx *ctx; 130 static int cur_fd = -1; 131 static TAILQ_HEAD(, breakpoint) breakpoints; 132 static struct vcpu_state *vcpu_state; 133 static struct vcpu **vcpus; 134 static int cur_vcpu, stopped_vcpu; 135 static bool gdb_active = false; 136 137 static const int gdb_regset[] = { 138 VM_REG_GUEST_RAX, 139 VM_REG_GUEST_RBX, 140 VM_REG_GUEST_RCX, 141 VM_REG_GUEST_RDX, 142 VM_REG_GUEST_RSI, 143 VM_REG_GUEST_RDI, 144 VM_REG_GUEST_RBP, 145 VM_REG_GUEST_RSP, 146 VM_REG_GUEST_R8, 147 VM_REG_GUEST_R9, 148 VM_REG_GUEST_R10, 149 VM_REG_GUEST_R11, 150 VM_REG_GUEST_R12, 151 VM_REG_GUEST_R13, 152 VM_REG_GUEST_R14, 153 VM_REG_GUEST_R15, 154 VM_REG_GUEST_RIP, 155 VM_REG_GUEST_RFLAGS, 156 VM_REG_GUEST_CS, 157 VM_REG_GUEST_SS, 158 VM_REG_GUEST_DS, 159 VM_REG_GUEST_ES, 160 VM_REG_GUEST_FS, 161 VM_REG_GUEST_GS 162 }; 163 164 static const int gdb_regsize[] = { 165 8, 166 8, 167 8, 168 8, 169 8, 170 8, 171 8, 172 8, 173 8, 174 8, 175 8, 176 8, 177 8, 178 8, 179 8, 180 8, 181 8, 182 4, 183 4, 184 4, 185 4, 186 4, 187 4, 188 4 189 }; 190 191 #ifdef GDB_LOG 192 #include <stdarg.h> 193 #include <stdio.h> 194 195 static void __printflike(1, 2) 196 debug(const char *fmt, ...) 197 { 198 static FILE *logfile; 199 va_list ap; 200 201 if (logfile == NULL) { 202 logfile = fopen("/tmp/bhyve_gdb.log", "w"); 203 if (logfile == NULL) 204 return; 205 #ifndef WITHOUT_CAPSICUM 206 if (caph_limit_stream(fileno(logfile), CAPH_WRITE) == -1) { 207 fclose(logfile); 208 logfile = NULL; 209 return; 210 } 211 #endif 212 setlinebuf(logfile); 213 } 214 va_start(ap, fmt); 215 vfprintf(logfile, fmt, ap); 216 va_end(ap); 217 } 218 #else 219 #define debug(...) 220 #endif 221 222 static void remove_all_sw_breakpoints(void); 223 224 static int 225 guest_paging_info(struct vcpu *vcpu, struct vm_guest_paging *paging) 226 { 227 uint64_t regs[4]; 228 const int regset[4] = { 229 VM_REG_GUEST_CR0, 230 VM_REG_GUEST_CR3, 231 VM_REG_GUEST_CR4, 232 VM_REG_GUEST_EFER 233 }; 234 235 if (vm_get_register_set(vcpu, nitems(regset), regset, regs) == -1) 236 return (-1); 237 238 /* 239 * For the debugger, always pretend to be the kernel (CPL 0), 240 * and if long-mode is enabled, always parse addresses as if 241 * in 64-bit mode. 242 */ 243 paging->cr3 = regs[1]; 244 paging->cpl = 0; 245 if (regs[3] & EFER_LMA) 246 paging->cpu_mode = CPU_MODE_64BIT; 247 else if (regs[0] & CR0_PE) 248 paging->cpu_mode = CPU_MODE_PROTECTED; 249 else 250 paging->cpu_mode = CPU_MODE_REAL; 251 if (!(regs[0] & CR0_PG)) 252 paging->paging_mode = PAGING_MODE_FLAT; 253 else if (!(regs[2] & CR4_PAE)) 254 paging->paging_mode = PAGING_MODE_32; 255 else if (regs[3] & EFER_LME) 256 paging->paging_mode = (regs[2] & CR4_LA57) ? 257 PAGING_MODE_64_LA57 : PAGING_MODE_64; 258 else 259 paging->paging_mode = PAGING_MODE_PAE; 260 return (0); 261 } 262 263 /* 264 * Map a guest virtual address to a physical address (for a given vcpu). 265 * If a guest virtual address is valid, return 1. If the address is 266 * not valid, return 0. If an error occurs obtaining the mapping, 267 * return -1. 268 */ 269 static int 270 guest_vaddr2paddr(struct vcpu *vcpu, uint64_t vaddr, uint64_t *paddr) 271 { 272 struct vm_guest_paging paging; 273 int fault; 274 275 if (guest_paging_info(vcpu, &paging) == -1) 276 return (-1); 277 278 /* 279 * Always use PROT_READ. We really care if the VA is 280 * accessible, not if the current vCPU can write. 281 */ 282 if (vm_gla2gpa_nofault(vcpu, &paging, vaddr, PROT_READ, paddr, 283 &fault) == -1) 284 return (-1); 285 if (fault) 286 return (0); 287 return (1); 288 } 289 290 static void 291 io_buffer_reset(struct io_buffer *io) 292 { 293 294 io->start = 0; 295 io->len = 0; 296 } 297 298 /* Available room for adding data. */ 299 static size_t 300 io_buffer_avail(struct io_buffer *io) 301 { 302 303 return (io->capacity - (io->start + io->len)); 304 } 305 306 static uint8_t * 307 io_buffer_head(struct io_buffer *io) 308 { 309 310 return (io->data + io->start); 311 } 312 313 static uint8_t * 314 io_buffer_tail(struct io_buffer *io) 315 { 316 317 return (io->data + io->start + io->len); 318 } 319 320 static void 321 io_buffer_advance(struct io_buffer *io, size_t amount) 322 { 323 324 assert(amount <= io->len); 325 io->start += amount; 326 io->len -= amount; 327 } 328 329 static void 330 io_buffer_consume(struct io_buffer *io, size_t amount) 331 { 332 333 io_buffer_advance(io, amount); 334 if (io->len == 0) { 335 io->start = 0; 336 return; 337 } 338 339 /* 340 * XXX: Consider making this move optional and compacting on a 341 * future read() before realloc(). 342 */ 343 memmove(io->data, io_buffer_head(io), io->len); 344 io->start = 0; 345 } 346 347 static void 348 io_buffer_grow(struct io_buffer *io, size_t newsize) 349 { 350 uint8_t *new_data; 351 size_t avail, new_cap; 352 353 avail = io_buffer_avail(io); 354 if (newsize <= avail) 355 return; 356 357 new_cap = io->capacity + (newsize - avail); 358 new_data = realloc(io->data, new_cap); 359 if (new_data == NULL) 360 err(1, "Failed to grow GDB I/O buffer"); 361 io->data = new_data; 362 io->capacity = new_cap; 363 } 364 365 static bool 366 response_pending(void) 367 { 368 369 if (cur_resp.start == 0 && cur_resp.len == 0) 370 return (false); 371 if (cur_resp.start + cur_resp.len == 1 && cur_resp.data[0] == '+') 372 return (false); 373 return (true); 374 } 375 376 static void 377 close_connection(void) 378 { 379 380 /* 381 * XXX: This triggers a warning because mevent does the close 382 * before the EV_DELETE. 383 */ 384 pthread_mutex_lock(&gdb_lock); 385 mevent_delete(write_event); 386 mevent_delete_close(read_event); 387 write_event = NULL; 388 read_event = NULL; 389 io_buffer_reset(&cur_comm); 390 io_buffer_reset(&cur_resp); 391 cur_fd = -1; 392 393 remove_all_sw_breakpoints(); 394 395 /* Clear any pending events. */ 396 memset(vcpu_state, 0, guest_ncpus * sizeof(*vcpu_state)); 397 398 /* Resume any stopped vCPUs. */ 399 gdb_resume_vcpus(); 400 pthread_mutex_unlock(&gdb_lock); 401 } 402 403 static uint8_t 404 hex_digit(uint8_t nibble) 405 { 406 407 if (nibble <= 9) 408 return (nibble + '0'); 409 else 410 return (nibble + 'a' - 10); 411 } 412 413 static uint8_t 414 parse_digit(uint8_t v) 415 { 416 417 if (v >= '0' && v <= '9') 418 return (v - '0'); 419 if (v >= 'a' && v <= 'f') 420 return (v - 'a' + 10); 421 if (v >= 'A' && v <= 'F') 422 return (v - 'A' + 10); 423 return (0xF); 424 } 425 426 /* Parses big-endian hexadecimal. */ 427 static uintmax_t 428 parse_integer(const uint8_t *p, size_t len) 429 { 430 uintmax_t v; 431 432 v = 0; 433 while (len > 0) { 434 v <<= 4; 435 v |= parse_digit(*p); 436 p++; 437 len--; 438 } 439 return (v); 440 } 441 442 static uint8_t 443 parse_byte(const uint8_t *p) 444 { 445 446 return (parse_digit(p[0]) << 4 | parse_digit(p[1])); 447 } 448 449 static void 450 send_pending_data(int fd) 451 { 452 ssize_t nwritten; 453 454 if (cur_resp.len == 0) { 455 mevent_disable(write_event); 456 return; 457 } 458 nwritten = write(fd, io_buffer_head(&cur_resp), cur_resp.len); 459 if (nwritten == -1) { 460 warn("Write to GDB socket failed"); 461 close_connection(); 462 } else { 463 io_buffer_advance(&cur_resp, nwritten); 464 if (cur_resp.len == 0) 465 mevent_disable(write_event); 466 else 467 mevent_enable(write_event); 468 } 469 } 470 471 /* Append a single character to the output buffer. */ 472 static void 473 send_char(uint8_t data) 474 { 475 io_buffer_grow(&cur_resp, 1); 476 *io_buffer_tail(&cur_resp) = data; 477 cur_resp.len++; 478 } 479 480 /* Append an array of bytes to the output buffer. */ 481 static void 482 send_data(const uint8_t *data, size_t len) 483 { 484 485 io_buffer_grow(&cur_resp, len); 486 memcpy(io_buffer_tail(&cur_resp), data, len); 487 cur_resp.len += len; 488 } 489 490 static void 491 format_byte(uint8_t v, uint8_t *buf) 492 { 493 494 buf[0] = hex_digit(v >> 4); 495 buf[1] = hex_digit(v & 0xf); 496 } 497 498 /* 499 * Append a single byte (formatted as two hex characters) to the 500 * output buffer. 501 */ 502 static void 503 send_byte(uint8_t v) 504 { 505 uint8_t buf[2]; 506 507 format_byte(v, buf); 508 send_data(buf, sizeof(buf)); 509 } 510 511 static void 512 start_packet(void) 513 { 514 515 send_char('$'); 516 cur_csum = 0; 517 } 518 519 static void 520 finish_packet(void) 521 { 522 523 send_char('#'); 524 send_byte(cur_csum); 525 debug("-> %.*s\n", (int)cur_resp.len, io_buffer_head(&cur_resp)); 526 } 527 528 /* 529 * Append a single character (for the packet payload) and update the 530 * checksum. 531 */ 532 static void 533 append_char(uint8_t v) 534 { 535 536 send_char(v); 537 cur_csum += v; 538 } 539 540 /* 541 * Append an array of bytes (for the packet payload) and update the 542 * checksum. 543 */ 544 static void 545 append_packet_data(const uint8_t *data, size_t len) 546 { 547 548 send_data(data, len); 549 while (len > 0) { 550 cur_csum += *data; 551 data++; 552 len--; 553 } 554 } 555 556 static void 557 append_string(const char *str) 558 { 559 560 append_packet_data(str, strlen(str)); 561 } 562 563 static void 564 append_byte(uint8_t v) 565 { 566 uint8_t buf[2]; 567 568 format_byte(v, buf); 569 append_packet_data(buf, sizeof(buf)); 570 } 571 572 static void 573 append_unsigned_native(uintmax_t value, size_t len) 574 { 575 size_t i; 576 577 for (i = 0; i < len; i++) { 578 append_byte(value); 579 value >>= 8; 580 } 581 } 582 583 static void 584 append_unsigned_be(uintmax_t value, size_t len) 585 { 586 char buf[len * 2]; 587 size_t i; 588 589 for (i = 0; i < len; i++) { 590 format_byte(value, buf + (len - i - 1) * 2); 591 value >>= 8; 592 } 593 append_packet_data(buf, sizeof(buf)); 594 } 595 596 static void 597 append_integer(unsigned int value) 598 { 599 600 if (value == 0) 601 append_char('0'); 602 else 603 append_unsigned_be(value, (fls(value) + 7) / 8); 604 } 605 606 static void 607 append_asciihex(const char *str) 608 { 609 610 while (*str != '\0') { 611 append_byte(*str); 612 str++; 613 } 614 } 615 616 static void 617 send_empty_response(void) 618 { 619 620 start_packet(); 621 finish_packet(); 622 } 623 624 static void 625 send_error(int error) 626 { 627 628 start_packet(); 629 append_char('E'); 630 append_byte(error); 631 finish_packet(); 632 } 633 634 static void 635 send_ok(void) 636 { 637 638 start_packet(); 639 append_string("OK"); 640 finish_packet(); 641 } 642 643 static int 644 parse_threadid(const uint8_t *data, size_t len) 645 { 646 647 if (len == 1 && *data == '0') 648 return (0); 649 if (len == 2 && memcmp(data, "-1", 2) == 0) 650 return (-1); 651 if (len == 0) 652 return (-2); 653 return (parse_integer(data, len)); 654 } 655 656 /* 657 * Report the current stop event to the debugger. If the stop is due 658 * to an event triggered on a specific vCPU such as a breakpoint or 659 * stepping trap, stopped_vcpu will be set to the vCPU triggering the 660 * stop. If 'set_cur_vcpu' is true, then cur_vcpu will be updated to 661 * the reporting vCPU for vCPU events. 662 */ 663 static void 664 report_stop(bool set_cur_vcpu) 665 { 666 struct vcpu_state *vs; 667 668 start_packet(); 669 if (stopped_vcpu == -1) { 670 append_char('S'); 671 append_byte(GDB_SIGNAL_TRAP); 672 } else { 673 vs = &vcpu_state[stopped_vcpu]; 674 if (set_cur_vcpu) 675 cur_vcpu = stopped_vcpu; 676 append_char('T'); 677 append_byte(GDB_SIGNAL_TRAP); 678 append_string("thread:"); 679 append_integer(stopped_vcpu + 1); 680 append_char(';'); 681 if (vs->hit_swbreak) { 682 debug("$vCPU %d reporting swbreak\n", stopped_vcpu); 683 if (swbreak_enabled) 684 append_string("swbreak:;"); 685 } else if (vs->stepped) 686 debug("$vCPU %d reporting step\n", stopped_vcpu); 687 else 688 debug("$vCPU %d reporting ???\n", stopped_vcpu); 689 } 690 finish_packet(); 691 report_next_stop = false; 692 } 693 694 /* 695 * If this stop is due to a vCPU event, clear that event to mark it as 696 * acknowledged. 697 */ 698 static void 699 discard_stop(void) 700 { 701 struct vcpu_state *vs; 702 703 if (stopped_vcpu != -1) { 704 vs = &vcpu_state[stopped_vcpu]; 705 vs->hit_swbreak = false; 706 vs->stepped = false; 707 stopped_vcpu = -1; 708 } 709 report_next_stop = true; 710 } 711 712 static void 713 gdb_finish_suspend_vcpus(void) 714 { 715 716 if (first_stop) { 717 first_stop = false; 718 stopped_vcpu = -1; 719 } else if (report_next_stop) { 720 assert(!response_pending()); 721 report_stop(true); 722 send_pending_data(cur_fd); 723 } 724 } 725 726 /* 727 * vCPU threads invoke this function whenever the vCPU enters the 728 * debug server to pause or report an event. vCPU threads wait here 729 * as long as the debug server keeps them suspended. 730 */ 731 static void 732 _gdb_cpu_suspend(struct vcpu *vcpu, bool report_stop) 733 { 734 int vcpuid = vcpu_id(vcpu); 735 736 debug("$vCPU %d suspending\n", vcpuid); 737 CPU_SET(vcpuid, &vcpus_waiting); 738 if (report_stop && CPU_CMP(&vcpus_waiting, &vcpus_suspended) == 0) 739 gdb_finish_suspend_vcpus(); 740 while (CPU_ISSET(vcpuid, &vcpus_suspended)) 741 pthread_cond_wait(&idle_vcpus, &gdb_lock); 742 CPU_CLR(vcpuid, &vcpus_waiting); 743 debug("$vCPU %d resuming\n", vcpuid); 744 } 745 746 /* 747 * Invoked at the start of a vCPU thread's execution to inform the 748 * debug server about the new thread. 749 */ 750 void 751 gdb_cpu_add(struct vcpu *vcpu) 752 { 753 int vcpuid; 754 755 if (!gdb_active) 756 return; 757 vcpuid = vcpu_id(vcpu); 758 debug("$vCPU %d starting\n", vcpuid); 759 pthread_mutex_lock(&gdb_lock); 760 assert(vcpuid < guest_ncpus); 761 assert(vcpus[vcpuid] == NULL); 762 vcpus[vcpuid] = vcpu; 763 CPU_SET(vcpuid, &vcpus_active); 764 if (!TAILQ_EMPTY(&breakpoints)) { 765 vm_set_capability(vcpu, VM_CAP_BPT_EXIT, 1); 766 debug("$vCPU %d enabled breakpoint exits\n", vcpu); 767 } 768 769 /* 770 * If a vcpu is added while vcpus are stopped, suspend the new 771 * vcpu so that it will pop back out with a debug exit before 772 * executing the first instruction. 773 */ 774 if (!CPU_EMPTY(&vcpus_suspended)) { 775 CPU_SET(vcpuid, &vcpus_suspended); 776 _gdb_cpu_suspend(vcpu, false); 777 } 778 pthread_mutex_unlock(&gdb_lock); 779 } 780 781 /* 782 * Invoked by vCPU before resuming execution. This enables stepping 783 * if the vCPU is marked as stepping. 784 */ 785 static void 786 gdb_cpu_resume(struct vcpu *vcpu) 787 { 788 struct vcpu_state *vs; 789 int error; 790 791 vs = &vcpu_state[vcpu_id(vcpu)]; 792 793 /* 794 * Any pending event should already be reported before 795 * resuming. 796 */ 797 assert(vs->hit_swbreak == false); 798 assert(vs->stepped == false); 799 if (vs->stepping) { 800 error = vm_set_capability(vcpu, VM_CAP_MTRAP_EXIT, 1); 801 assert(error == 0); 802 803 error = vm_set_capability(vcpu, VM_CAP_MASK_HWINTR, 1); 804 assert(error == 0); 805 } 806 } 807 808 /* 809 * Handler for VM_EXITCODE_DEBUG used to suspend a vCPU when the guest 810 * has been suspended due to an event on different vCPU or in response 811 * to a guest-wide suspend such as Ctrl-C or the stop on attach. 812 */ 813 void 814 gdb_cpu_suspend(struct vcpu *vcpu) 815 { 816 817 if (!gdb_active) 818 return; 819 pthread_mutex_lock(&gdb_lock); 820 _gdb_cpu_suspend(vcpu, true); 821 gdb_cpu_resume(vcpu); 822 pthread_mutex_unlock(&gdb_lock); 823 } 824 825 static void 826 gdb_suspend_vcpus(void) 827 { 828 829 assert(pthread_mutex_isowned_np(&gdb_lock)); 830 debug("suspending all CPUs\n"); 831 vcpus_suspended = vcpus_active; 832 vm_suspend_all_cpus(ctx); 833 if (CPU_CMP(&vcpus_waiting, &vcpus_suspended) == 0) 834 gdb_finish_suspend_vcpus(); 835 } 836 837 /* 838 * Handler for VM_EXITCODE_MTRAP reported when a vCPU single-steps via 839 * the VT-x-specific MTRAP exit. 840 */ 841 void 842 gdb_cpu_mtrap(struct vcpu *vcpu) 843 { 844 struct vcpu_state *vs; 845 int vcpuid; 846 847 if (!gdb_active) 848 return; 849 vcpuid = vcpu_id(vcpu); 850 debug("$vCPU %d MTRAP\n", vcpuid); 851 pthread_mutex_lock(&gdb_lock); 852 vs = &vcpu_state[vcpuid]; 853 if (vs->stepping) { 854 vs->stepping = false; 855 vs->stepped = true; 856 vm_set_capability(vcpu, VM_CAP_MTRAP_EXIT, 0); 857 vm_set_capability(vcpu, VM_CAP_MASK_HWINTR, 0); 858 859 while (vs->stepped) { 860 if (stopped_vcpu == -1) { 861 debug("$vCPU %d reporting step\n", vcpuid); 862 stopped_vcpu = vcpuid; 863 gdb_suspend_vcpus(); 864 } 865 _gdb_cpu_suspend(vcpu, true); 866 } 867 gdb_cpu_resume(vcpu); 868 } 869 pthread_mutex_unlock(&gdb_lock); 870 } 871 872 static struct breakpoint * 873 find_breakpoint(uint64_t gpa) 874 { 875 struct breakpoint *bp; 876 877 TAILQ_FOREACH(bp, &breakpoints, link) { 878 if (bp->gpa == gpa) 879 return (bp); 880 } 881 return (NULL); 882 } 883 884 void 885 gdb_cpu_breakpoint(struct vcpu *vcpu, struct vm_exit *vmexit) 886 { 887 struct breakpoint *bp; 888 struct vcpu_state *vs; 889 uint64_t gpa; 890 int error, vcpuid; 891 892 if (!gdb_active) { 893 fprintf(stderr, "vm_loop: unexpected VMEXIT_DEBUG\n"); 894 exit(4); 895 } 896 vcpuid = vcpu_id(vcpu); 897 pthread_mutex_lock(&gdb_lock); 898 error = guest_vaddr2paddr(vcpu, vmexit->rip, &gpa); 899 assert(error == 1); 900 bp = find_breakpoint(gpa); 901 if (bp != NULL) { 902 vs = &vcpu_state[vcpuid]; 903 assert(vs->stepping == false); 904 assert(vs->stepped == false); 905 assert(vs->hit_swbreak == false); 906 vs->hit_swbreak = true; 907 vm_set_register(vcpu, VM_REG_GUEST_RIP, vmexit->rip); 908 for (;;) { 909 if (stopped_vcpu == -1) { 910 debug("$vCPU %d reporting breakpoint at rip %#lx\n", 911 vcpuid, vmexit->rip); 912 stopped_vcpu = vcpuid; 913 gdb_suspend_vcpus(); 914 } 915 _gdb_cpu_suspend(vcpu, true); 916 if (!vs->hit_swbreak) { 917 /* Breakpoint reported. */ 918 break; 919 } 920 bp = find_breakpoint(gpa); 921 if (bp == NULL) { 922 /* Breakpoint was removed. */ 923 vs->hit_swbreak = false; 924 break; 925 } 926 } 927 gdb_cpu_resume(vcpu); 928 } else { 929 debug("$vCPU %d injecting breakpoint at rip %#lx\n", vcpuid, 930 vmexit->rip); 931 error = vm_set_register(vcpu, VM_REG_GUEST_ENTRY_INST_LENGTH, 932 vmexit->u.bpt.inst_length); 933 assert(error == 0); 934 error = vm_inject_exception(vcpu, IDT_BP, 0, 0, 0); 935 assert(error == 0); 936 } 937 pthread_mutex_unlock(&gdb_lock); 938 } 939 940 static bool 941 gdb_step_vcpu(struct vcpu *vcpu) 942 { 943 int error, val, vcpuid; 944 945 vcpuid = vcpu_id(vcpu); 946 debug("$vCPU %d step\n", vcpuid); 947 error = vm_get_capability(vcpu, VM_CAP_MTRAP_EXIT, &val); 948 if (error < 0) 949 return (false); 950 951 discard_stop(); 952 vcpu_state[vcpuid].stepping = true; 953 vm_resume_cpu(vcpu); 954 CPU_CLR(vcpuid, &vcpus_suspended); 955 pthread_cond_broadcast(&idle_vcpus); 956 return (true); 957 } 958 959 static void 960 gdb_resume_vcpus(void) 961 { 962 963 assert(pthread_mutex_isowned_np(&gdb_lock)); 964 vm_resume_all_cpus(ctx); 965 debug("resuming all CPUs\n"); 966 CPU_ZERO(&vcpus_suspended); 967 pthread_cond_broadcast(&idle_vcpus); 968 } 969 970 static void 971 gdb_read_regs(void) 972 { 973 uint64_t regvals[nitems(gdb_regset)]; 974 975 if (vm_get_register_set(vcpus[cur_vcpu], nitems(gdb_regset), 976 gdb_regset, regvals) == -1) { 977 send_error(errno); 978 return; 979 } 980 start_packet(); 981 for (size_t i = 0; i < nitems(regvals); i++) 982 append_unsigned_native(regvals[i], gdb_regsize[i]); 983 finish_packet(); 984 } 985 986 static void 987 gdb_read_mem(const uint8_t *data, size_t len) 988 { 989 uint64_t gpa, gva, val; 990 uint8_t *cp; 991 size_t resid, todo, bytes; 992 bool started; 993 int error; 994 995 /* Skip 'm' */ 996 data += 1; 997 len -= 1; 998 999 /* Parse and consume address. */ 1000 cp = memchr(data, ',', len); 1001 if (cp == NULL || cp == data) { 1002 send_error(EINVAL); 1003 return; 1004 } 1005 gva = parse_integer(data, cp - data); 1006 len -= (cp - data) + 1; 1007 data += (cp - data) + 1; 1008 1009 /* Parse length. */ 1010 resid = parse_integer(data, len); 1011 1012 started = false; 1013 while (resid > 0) { 1014 error = guest_vaddr2paddr(vcpus[cur_vcpu], gva, &gpa); 1015 if (error == -1) { 1016 if (started) 1017 finish_packet(); 1018 else 1019 send_error(errno); 1020 return; 1021 } 1022 if (error == 0) { 1023 if (started) 1024 finish_packet(); 1025 else 1026 send_error(EFAULT); 1027 return; 1028 } 1029 1030 /* Read bytes from current page. */ 1031 todo = getpagesize() - gpa % getpagesize(); 1032 if (todo > resid) 1033 todo = resid; 1034 1035 cp = paddr_guest2host(ctx, gpa, todo); 1036 if (cp != NULL) { 1037 /* 1038 * If this page is guest RAM, read it a byte 1039 * at a time. 1040 */ 1041 if (!started) { 1042 start_packet(); 1043 started = true; 1044 } 1045 while (todo > 0) { 1046 append_byte(*cp); 1047 cp++; 1048 gpa++; 1049 gva++; 1050 resid--; 1051 todo--; 1052 } 1053 } else { 1054 /* 1055 * If this page isn't guest RAM, try to handle 1056 * it via MMIO. For MMIO requests, use 1057 * aligned reads of words when possible. 1058 */ 1059 while (todo > 0) { 1060 if (gpa & 1 || todo == 1) 1061 bytes = 1; 1062 else if (gpa & 2 || todo == 2) 1063 bytes = 2; 1064 else 1065 bytes = 4; 1066 error = read_mem(vcpus[cur_vcpu], gpa, &val, 1067 bytes); 1068 if (error == 0) { 1069 if (!started) { 1070 start_packet(); 1071 started = true; 1072 } 1073 gpa += bytes; 1074 gva += bytes; 1075 resid -= bytes; 1076 todo -= bytes; 1077 while (bytes > 0) { 1078 append_byte(val); 1079 val >>= 8; 1080 bytes--; 1081 } 1082 } else { 1083 if (started) 1084 finish_packet(); 1085 else 1086 send_error(EFAULT); 1087 return; 1088 } 1089 } 1090 } 1091 assert(resid == 0 || gpa % getpagesize() == 0); 1092 } 1093 if (!started) 1094 start_packet(); 1095 finish_packet(); 1096 } 1097 1098 static void 1099 gdb_write_mem(const uint8_t *data, size_t len) 1100 { 1101 uint64_t gpa, gva, val; 1102 uint8_t *cp; 1103 size_t resid, todo, bytes; 1104 int error; 1105 1106 /* Skip 'M' */ 1107 data += 1; 1108 len -= 1; 1109 1110 /* Parse and consume address. */ 1111 cp = memchr(data, ',', len); 1112 if (cp == NULL || cp == data) { 1113 send_error(EINVAL); 1114 return; 1115 } 1116 gva = parse_integer(data, cp - data); 1117 len -= (cp - data) + 1; 1118 data += (cp - data) + 1; 1119 1120 /* Parse and consume length. */ 1121 cp = memchr(data, ':', len); 1122 if (cp == NULL || cp == data) { 1123 send_error(EINVAL); 1124 return; 1125 } 1126 resid = parse_integer(data, cp - data); 1127 len -= (cp - data) + 1; 1128 data += (cp - data) + 1; 1129 1130 /* Verify the available bytes match the length. */ 1131 if (len != resid * 2) { 1132 send_error(EINVAL); 1133 return; 1134 } 1135 1136 while (resid > 0) { 1137 error = guest_vaddr2paddr(vcpus[cur_vcpu], gva, &gpa); 1138 if (error == -1) { 1139 send_error(errno); 1140 return; 1141 } 1142 if (error == 0) { 1143 send_error(EFAULT); 1144 return; 1145 } 1146 1147 /* Write bytes to current page. */ 1148 todo = getpagesize() - gpa % getpagesize(); 1149 if (todo > resid) 1150 todo = resid; 1151 1152 cp = paddr_guest2host(ctx, gpa, todo); 1153 if (cp != NULL) { 1154 /* 1155 * If this page is guest RAM, write it a byte 1156 * at a time. 1157 */ 1158 while (todo > 0) { 1159 assert(len >= 2); 1160 *cp = parse_byte(data); 1161 data += 2; 1162 len -= 2; 1163 cp++; 1164 gpa++; 1165 gva++; 1166 resid--; 1167 todo--; 1168 } 1169 } else { 1170 /* 1171 * If this page isn't guest RAM, try to handle 1172 * it via MMIO. For MMIO requests, use 1173 * aligned writes of words when possible. 1174 */ 1175 while (todo > 0) { 1176 if (gpa & 1 || todo == 1) { 1177 bytes = 1; 1178 val = parse_byte(data); 1179 } else if (gpa & 2 || todo == 2) { 1180 bytes = 2; 1181 val = be16toh(parse_integer(data, 4)); 1182 } else { 1183 bytes = 4; 1184 val = be32toh(parse_integer(data, 8)); 1185 } 1186 error = write_mem(vcpus[cur_vcpu], gpa, val, 1187 bytes); 1188 if (error == 0) { 1189 gpa += bytes; 1190 gva += bytes; 1191 resid -= bytes; 1192 todo -= bytes; 1193 data += 2 * bytes; 1194 len -= 2 * bytes; 1195 } else { 1196 send_error(EFAULT); 1197 return; 1198 } 1199 } 1200 } 1201 assert(resid == 0 || gpa % getpagesize() == 0); 1202 } 1203 assert(len == 0); 1204 send_ok(); 1205 } 1206 1207 static bool 1208 set_breakpoint_caps(bool enable) 1209 { 1210 cpuset_t mask; 1211 int vcpu; 1212 1213 mask = vcpus_active; 1214 while (!CPU_EMPTY(&mask)) { 1215 vcpu = CPU_FFS(&mask) - 1; 1216 CPU_CLR(vcpu, &mask); 1217 if (vm_set_capability(vcpus[vcpu], VM_CAP_BPT_EXIT, 1218 enable ? 1 : 0) < 0) 1219 return (false); 1220 debug("$vCPU %d %sabled breakpoint exits\n", vcpu, 1221 enable ? "en" : "dis"); 1222 } 1223 return (true); 1224 } 1225 1226 static void 1227 remove_all_sw_breakpoints(void) 1228 { 1229 struct breakpoint *bp, *nbp; 1230 uint8_t *cp; 1231 1232 if (TAILQ_EMPTY(&breakpoints)) 1233 return; 1234 1235 TAILQ_FOREACH_SAFE(bp, &breakpoints, link, nbp) { 1236 debug("remove breakpoint at %#lx\n", bp->gpa); 1237 cp = paddr_guest2host(ctx, bp->gpa, 1); 1238 *cp = bp->shadow_inst; 1239 TAILQ_REMOVE(&breakpoints, bp, link); 1240 free(bp); 1241 } 1242 TAILQ_INIT(&breakpoints); 1243 set_breakpoint_caps(false); 1244 } 1245 1246 static void 1247 update_sw_breakpoint(uint64_t gva, int kind, bool insert) 1248 { 1249 struct breakpoint *bp; 1250 uint64_t gpa; 1251 uint8_t *cp; 1252 int error; 1253 1254 if (kind != 1) { 1255 send_error(EINVAL); 1256 return; 1257 } 1258 1259 error = guest_vaddr2paddr(vcpus[cur_vcpu], gva, &gpa); 1260 if (error == -1) { 1261 send_error(errno); 1262 return; 1263 } 1264 if (error == 0) { 1265 send_error(EFAULT); 1266 return; 1267 } 1268 1269 cp = paddr_guest2host(ctx, gpa, 1); 1270 1271 /* Only permit breakpoints in guest RAM. */ 1272 if (cp == NULL) { 1273 send_error(EFAULT); 1274 return; 1275 } 1276 1277 /* Find any existing breakpoint. */ 1278 bp = find_breakpoint(gpa); 1279 1280 /* 1281 * Silently ignore duplicate commands since the protocol 1282 * requires these packets to be idempotent. 1283 */ 1284 if (insert) { 1285 if (bp == NULL) { 1286 if (TAILQ_EMPTY(&breakpoints) && 1287 !set_breakpoint_caps(true)) { 1288 send_empty_response(); 1289 return; 1290 } 1291 bp = malloc(sizeof(*bp)); 1292 bp->gpa = gpa; 1293 bp->shadow_inst = *cp; 1294 *cp = 0xcc; /* INT 3 */ 1295 TAILQ_INSERT_TAIL(&breakpoints, bp, link); 1296 debug("new breakpoint at %#lx\n", gpa); 1297 } 1298 } else { 1299 if (bp != NULL) { 1300 debug("remove breakpoint at %#lx\n", gpa); 1301 *cp = bp->shadow_inst; 1302 TAILQ_REMOVE(&breakpoints, bp, link); 1303 free(bp); 1304 if (TAILQ_EMPTY(&breakpoints)) 1305 set_breakpoint_caps(false); 1306 } 1307 } 1308 send_ok(); 1309 } 1310 1311 static void 1312 parse_breakpoint(const uint8_t *data, size_t len) 1313 { 1314 uint64_t gva; 1315 uint8_t *cp; 1316 bool insert; 1317 int kind, type; 1318 1319 insert = data[0] == 'Z'; 1320 1321 /* Skip 'Z/z' */ 1322 data += 1; 1323 len -= 1; 1324 1325 /* Parse and consume type. */ 1326 cp = memchr(data, ',', len); 1327 if (cp == NULL || cp == data) { 1328 send_error(EINVAL); 1329 return; 1330 } 1331 type = parse_integer(data, cp - data); 1332 len -= (cp - data) + 1; 1333 data += (cp - data) + 1; 1334 1335 /* Parse and consume address. */ 1336 cp = memchr(data, ',', len); 1337 if (cp == NULL || cp == data) { 1338 send_error(EINVAL); 1339 return; 1340 } 1341 gva = parse_integer(data, cp - data); 1342 len -= (cp - data) + 1; 1343 data += (cp - data) + 1; 1344 1345 /* Parse and consume kind. */ 1346 cp = memchr(data, ';', len); 1347 if (cp == data) { 1348 send_error(EINVAL); 1349 return; 1350 } 1351 if (cp != NULL) { 1352 /* 1353 * We do not advertise support for either the 1354 * ConditionalBreakpoints or BreakpointCommands 1355 * features, so we should not be getting conditions or 1356 * commands from the remote end. 1357 */ 1358 send_empty_response(); 1359 return; 1360 } 1361 kind = parse_integer(data, len); 1362 data += len; 1363 len = 0; 1364 1365 switch (type) { 1366 case 0: 1367 update_sw_breakpoint(gva, kind, insert); 1368 break; 1369 default: 1370 send_empty_response(); 1371 break; 1372 } 1373 } 1374 1375 static bool 1376 command_equals(const uint8_t *data, size_t len, const char *cmd) 1377 { 1378 1379 if (strlen(cmd) > len) 1380 return (false); 1381 return (memcmp(data, cmd, strlen(cmd)) == 0); 1382 } 1383 1384 static void 1385 check_features(const uint8_t *data, size_t len) 1386 { 1387 char *feature, *next_feature, *str, *value; 1388 bool supported; 1389 1390 str = malloc(len + 1); 1391 memcpy(str, data, len); 1392 str[len] = '\0'; 1393 next_feature = str; 1394 1395 while ((feature = strsep(&next_feature, ";")) != NULL) { 1396 /* 1397 * Null features shouldn't exist, but skip if they 1398 * do. 1399 */ 1400 if (strcmp(feature, "") == 0) 1401 continue; 1402 1403 /* 1404 * Look for the value or supported / not supported 1405 * flag. 1406 */ 1407 value = strchr(feature, '='); 1408 if (value != NULL) { 1409 *value = '\0'; 1410 value++; 1411 supported = true; 1412 } else { 1413 value = feature + strlen(feature) - 1; 1414 switch (*value) { 1415 case '+': 1416 supported = true; 1417 break; 1418 case '-': 1419 supported = false; 1420 break; 1421 default: 1422 /* 1423 * This is really a protocol error, 1424 * but we just ignore malformed 1425 * features for ease of 1426 * implementation. 1427 */ 1428 continue; 1429 } 1430 value = NULL; 1431 } 1432 1433 if (strcmp(feature, "swbreak") == 0) 1434 swbreak_enabled = supported; 1435 } 1436 free(str); 1437 1438 start_packet(); 1439 1440 /* This is an arbitrary limit. */ 1441 append_string("PacketSize=4096"); 1442 append_string(";swbreak+"); 1443 finish_packet(); 1444 } 1445 1446 static void 1447 gdb_query(const uint8_t *data, size_t len) 1448 { 1449 1450 /* 1451 * TODO: 1452 * - qSearch 1453 */ 1454 if (command_equals(data, len, "qAttached")) { 1455 start_packet(); 1456 append_char('1'); 1457 finish_packet(); 1458 } else if (command_equals(data, len, "qC")) { 1459 start_packet(); 1460 append_string("QC"); 1461 append_integer(cur_vcpu + 1); 1462 finish_packet(); 1463 } else if (command_equals(data, len, "qfThreadInfo")) { 1464 cpuset_t mask; 1465 bool first; 1466 int vcpu; 1467 1468 if (CPU_EMPTY(&vcpus_active)) { 1469 send_error(EINVAL); 1470 return; 1471 } 1472 mask = vcpus_active; 1473 start_packet(); 1474 append_char('m'); 1475 first = true; 1476 while (!CPU_EMPTY(&mask)) { 1477 vcpu = CPU_FFS(&mask) - 1; 1478 CPU_CLR(vcpu, &mask); 1479 if (first) 1480 first = false; 1481 else 1482 append_char(','); 1483 append_integer(vcpu + 1); 1484 } 1485 finish_packet(); 1486 } else if (command_equals(data, len, "qsThreadInfo")) { 1487 start_packet(); 1488 append_char('l'); 1489 finish_packet(); 1490 } else if (command_equals(data, len, "qSupported")) { 1491 data += strlen("qSupported"); 1492 len -= strlen("qSupported"); 1493 check_features(data, len); 1494 } else if (command_equals(data, len, "qThreadExtraInfo")) { 1495 char buf[16]; 1496 int tid; 1497 1498 data += strlen("qThreadExtraInfo"); 1499 len -= strlen("qThreadExtraInfo"); 1500 if (*data != ',') { 1501 send_error(EINVAL); 1502 return; 1503 } 1504 tid = parse_threadid(data + 1, len - 1); 1505 if (tid <= 0 || !CPU_ISSET(tid - 1, &vcpus_active)) { 1506 send_error(EINVAL); 1507 return; 1508 } 1509 1510 snprintf(buf, sizeof(buf), "vCPU %d", tid - 1); 1511 start_packet(); 1512 append_asciihex(buf); 1513 finish_packet(); 1514 } else 1515 send_empty_response(); 1516 } 1517 1518 static void 1519 handle_command(const uint8_t *data, size_t len) 1520 { 1521 1522 /* Reject packets with a sequence-id. */ 1523 if (len >= 3 && data[0] >= '0' && data[0] <= '9' && 1524 data[0] >= '0' && data[0] <= '9' && data[2] == ':') { 1525 send_empty_response(); 1526 return; 1527 } 1528 1529 switch (*data) { 1530 case 'c': 1531 if (len != 1) { 1532 send_error(EINVAL); 1533 break; 1534 } 1535 1536 discard_stop(); 1537 gdb_resume_vcpus(); 1538 break; 1539 case 'D': 1540 send_ok(); 1541 1542 /* TODO: Resume any stopped CPUs. */ 1543 break; 1544 case 'g': { 1545 gdb_read_regs(); 1546 break; 1547 } 1548 case 'H': { 1549 int tid; 1550 1551 if (data[1] != 'g' && data[1] != 'c') { 1552 send_error(EINVAL); 1553 break; 1554 } 1555 tid = parse_threadid(data + 2, len - 2); 1556 if (tid == -2) { 1557 send_error(EINVAL); 1558 break; 1559 } 1560 1561 if (CPU_EMPTY(&vcpus_active)) { 1562 send_error(EINVAL); 1563 break; 1564 } 1565 if (tid == -1 || tid == 0) 1566 cur_vcpu = CPU_FFS(&vcpus_active) - 1; 1567 else if (CPU_ISSET(tid - 1, &vcpus_active)) 1568 cur_vcpu = tid - 1; 1569 else { 1570 send_error(EINVAL); 1571 break; 1572 } 1573 send_ok(); 1574 break; 1575 } 1576 case 'm': 1577 gdb_read_mem(data, len); 1578 break; 1579 case 'M': 1580 gdb_write_mem(data, len); 1581 break; 1582 case 'T': { 1583 int tid; 1584 1585 tid = parse_threadid(data + 1, len - 1); 1586 if (tid <= 0 || !CPU_ISSET(tid - 1, &vcpus_active)) { 1587 send_error(EINVAL); 1588 return; 1589 } 1590 send_ok(); 1591 break; 1592 } 1593 case 'q': 1594 gdb_query(data, len); 1595 break; 1596 case 's': 1597 if (len != 1) { 1598 send_error(EINVAL); 1599 break; 1600 } 1601 1602 /* Don't send a reply until a stop occurs. */ 1603 if (!gdb_step_vcpu(vcpus[cur_vcpu])) { 1604 send_error(EOPNOTSUPP); 1605 break; 1606 } 1607 break; 1608 case 'z': 1609 case 'Z': 1610 parse_breakpoint(data, len); 1611 break; 1612 case '?': 1613 report_stop(false); 1614 break; 1615 case 'G': /* TODO */ 1616 case 'v': 1617 /* Handle 'vCont' */ 1618 /* 'vCtrlC' */ 1619 case 'p': /* TODO */ 1620 case 'P': /* TODO */ 1621 case 'Q': /* TODO */ 1622 case 't': /* TODO */ 1623 case 'X': /* TODO */ 1624 default: 1625 send_empty_response(); 1626 } 1627 } 1628 1629 /* Check for a valid packet in the command buffer. */ 1630 static void 1631 check_command(int fd) 1632 { 1633 uint8_t *head, *hash, *p, sum; 1634 size_t avail, plen; 1635 1636 for (;;) { 1637 avail = cur_comm.len; 1638 if (avail == 0) 1639 return; 1640 head = io_buffer_head(&cur_comm); 1641 switch (*head) { 1642 case 0x03: 1643 debug("<- Ctrl-C\n"); 1644 io_buffer_consume(&cur_comm, 1); 1645 1646 gdb_suspend_vcpus(); 1647 break; 1648 case '+': 1649 /* ACK of previous response. */ 1650 debug("<- +\n"); 1651 if (response_pending()) 1652 io_buffer_reset(&cur_resp); 1653 io_buffer_consume(&cur_comm, 1); 1654 if (stopped_vcpu != -1 && report_next_stop) { 1655 report_stop(true); 1656 send_pending_data(fd); 1657 } 1658 break; 1659 case '-': 1660 /* NACK of previous response. */ 1661 debug("<- -\n"); 1662 if (response_pending()) { 1663 cur_resp.len += cur_resp.start; 1664 cur_resp.start = 0; 1665 if (cur_resp.data[0] == '+') 1666 io_buffer_advance(&cur_resp, 1); 1667 debug("-> %.*s\n", (int)cur_resp.len, 1668 io_buffer_head(&cur_resp)); 1669 } 1670 io_buffer_consume(&cur_comm, 1); 1671 send_pending_data(fd); 1672 break; 1673 case '$': 1674 /* Packet. */ 1675 1676 if (response_pending()) { 1677 warnx("New GDB command while response in " 1678 "progress"); 1679 io_buffer_reset(&cur_resp); 1680 } 1681 1682 /* Is packet complete? */ 1683 hash = memchr(head, '#', avail); 1684 if (hash == NULL) 1685 return; 1686 plen = (hash - head + 1) + 2; 1687 if (avail < plen) 1688 return; 1689 debug("<- %.*s\n", (int)plen, head); 1690 1691 /* Verify checksum. */ 1692 for (sum = 0, p = head + 1; p < hash; p++) 1693 sum += *p; 1694 if (sum != parse_byte(hash + 1)) { 1695 io_buffer_consume(&cur_comm, plen); 1696 debug("-> -\n"); 1697 send_char('-'); 1698 send_pending_data(fd); 1699 break; 1700 } 1701 send_char('+'); 1702 1703 handle_command(head + 1, hash - (head + 1)); 1704 io_buffer_consume(&cur_comm, plen); 1705 if (!response_pending()) 1706 debug("-> +\n"); 1707 send_pending_data(fd); 1708 break; 1709 default: 1710 /* XXX: Possibly drop connection instead. */ 1711 debug("-> %02x\n", *head); 1712 io_buffer_consume(&cur_comm, 1); 1713 break; 1714 } 1715 } 1716 } 1717 1718 static void 1719 gdb_readable(int fd, enum ev_type event __unused, void *arg __unused) 1720 { 1721 size_t pending; 1722 ssize_t nread; 1723 int n; 1724 1725 if (ioctl(fd, FIONREAD, &n) == -1) { 1726 warn("FIONREAD on GDB socket"); 1727 return; 1728 } 1729 assert(n >= 0); 1730 pending = n; 1731 1732 /* 1733 * 'pending' might be zero due to EOF. We need to call read 1734 * with a non-zero length to detect EOF. 1735 */ 1736 if (pending == 0) 1737 pending = 1; 1738 1739 /* Ensure there is room in the command buffer. */ 1740 io_buffer_grow(&cur_comm, pending); 1741 assert(io_buffer_avail(&cur_comm) >= pending); 1742 1743 nread = read(fd, io_buffer_tail(&cur_comm), io_buffer_avail(&cur_comm)); 1744 if (nread == 0) { 1745 close_connection(); 1746 } else if (nread == -1) { 1747 if (errno == EAGAIN) 1748 return; 1749 1750 warn("Read from GDB socket"); 1751 close_connection(); 1752 } else { 1753 cur_comm.len += nread; 1754 pthread_mutex_lock(&gdb_lock); 1755 check_command(fd); 1756 pthread_mutex_unlock(&gdb_lock); 1757 } 1758 } 1759 1760 static void 1761 gdb_writable(int fd, enum ev_type event __unused, void *arg __unused) 1762 { 1763 1764 send_pending_data(fd); 1765 } 1766 1767 static void 1768 new_connection(int fd, enum ev_type event __unused, void *arg) 1769 { 1770 int optval, s; 1771 1772 s = accept4(fd, NULL, NULL, SOCK_NONBLOCK); 1773 if (s == -1) { 1774 if (arg != NULL) 1775 err(1, "Failed accepting initial GDB connection"); 1776 1777 /* Silently ignore errors post-startup. */ 1778 return; 1779 } 1780 1781 optval = 1; 1782 if (setsockopt(s, SOL_SOCKET, SO_NOSIGPIPE, &optval, sizeof(optval)) == 1783 -1) { 1784 warn("Failed to disable SIGPIPE for GDB connection"); 1785 close(s); 1786 return; 1787 } 1788 1789 pthread_mutex_lock(&gdb_lock); 1790 if (cur_fd != -1) { 1791 close(s); 1792 warnx("Ignoring additional GDB connection."); 1793 } 1794 1795 read_event = mevent_add(s, EVF_READ, gdb_readable, NULL); 1796 if (read_event == NULL) { 1797 if (arg != NULL) 1798 err(1, "Failed to setup initial GDB connection"); 1799 pthread_mutex_unlock(&gdb_lock); 1800 return; 1801 } 1802 write_event = mevent_add(s, EVF_WRITE, gdb_writable, NULL); 1803 if (write_event == NULL) { 1804 if (arg != NULL) 1805 err(1, "Failed to setup initial GDB connection"); 1806 mevent_delete_close(read_event); 1807 read_event = NULL; 1808 } 1809 1810 cur_fd = s; 1811 cur_vcpu = 0; 1812 stopped_vcpu = -1; 1813 1814 /* Break on attach. */ 1815 first_stop = true; 1816 report_next_stop = false; 1817 gdb_suspend_vcpus(); 1818 pthread_mutex_unlock(&gdb_lock); 1819 } 1820 1821 #ifndef WITHOUT_CAPSICUM 1822 static void 1823 limit_gdb_socket(int s) 1824 { 1825 cap_rights_t rights; 1826 unsigned long ioctls[] = { FIONREAD }; 1827 1828 cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE, 1829 CAP_SETSOCKOPT, CAP_IOCTL); 1830 if (caph_rights_limit(s, &rights) == -1) 1831 errx(EX_OSERR, "Unable to apply rights for sandbox"); 1832 if (caph_ioctls_limit(s, ioctls, nitems(ioctls)) == -1) 1833 errx(EX_OSERR, "Unable to apply rights for sandbox"); 1834 } 1835 #endif 1836 1837 void 1838 init_gdb(struct vmctx *_ctx) 1839 { 1840 int error, flags, optval, s; 1841 struct addrinfo hints; 1842 struct addrinfo *gdbaddr; 1843 const char *saddr, *value; 1844 char *sport; 1845 bool wait; 1846 1847 value = get_config_value("gdb.port"); 1848 if (value == NULL) 1849 return; 1850 sport = strdup(value); 1851 if (sport == NULL) 1852 errx(4, "Failed to allocate memory"); 1853 1854 wait = get_config_bool_default("gdb.wait", false); 1855 1856 saddr = get_config_value("gdb.address"); 1857 if (saddr == NULL) { 1858 saddr = "localhost"; 1859 } 1860 1861 debug("==> starting on %s:%s, %swaiting\n", 1862 saddr, sport, wait ? "" : "not "); 1863 1864 error = pthread_mutex_init(&gdb_lock, NULL); 1865 if (error != 0) 1866 errc(1, error, "gdb mutex init"); 1867 error = pthread_cond_init(&idle_vcpus, NULL); 1868 if (error != 0) 1869 errc(1, error, "gdb cv init"); 1870 1871 memset(&hints, 0, sizeof(hints)); 1872 hints.ai_family = AF_UNSPEC; 1873 hints.ai_socktype = SOCK_STREAM; 1874 hints.ai_flags = AI_NUMERICSERV | AI_PASSIVE; 1875 1876 error = getaddrinfo(saddr, sport, &hints, &gdbaddr); 1877 if (error != 0) 1878 errx(1, "gdb address resolution: %s", gai_strerror(error)); 1879 1880 ctx = _ctx; 1881 s = socket(gdbaddr->ai_family, gdbaddr->ai_socktype, 0); 1882 if (s < 0) 1883 err(1, "gdb socket create"); 1884 1885 optval = 1; 1886 (void)setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval)); 1887 1888 if (bind(s, gdbaddr->ai_addr, gdbaddr->ai_addrlen) < 0) 1889 err(1, "gdb socket bind"); 1890 1891 if (listen(s, 1) < 0) 1892 err(1, "gdb socket listen"); 1893 1894 stopped_vcpu = -1; 1895 TAILQ_INIT(&breakpoints); 1896 vcpus = calloc(guest_ncpus, sizeof(*vcpus)); 1897 vcpu_state = calloc(guest_ncpus, sizeof(*vcpu_state)); 1898 if (wait) { 1899 /* 1900 * Set vcpu 0 in vcpus_suspended. This will trigger the 1901 * logic in gdb_cpu_add() to suspend the first vcpu before 1902 * it starts execution. The vcpu will remain suspended 1903 * until a debugger connects. 1904 */ 1905 CPU_SET(0, &vcpus_suspended); 1906 stopped_vcpu = 0; 1907 } 1908 1909 flags = fcntl(s, F_GETFL); 1910 if (fcntl(s, F_SETFL, flags | O_NONBLOCK) == -1) 1911 err(1, "Failed to mark gdb socket non-blocking"); 1912 1913 #ifndef WITHOUT_CAPSICUM 1914 limit_gdb_socket(s); 1915 #endif 1916 mevent_add(s, EVF_READ, new_connection, NULL); 1917 gdb_active = true; 1918 freeaddrinfo(gdbaddr); 1919 free(sport); 1920 } 1921