1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2017-2018 John H. Baldwin <jhb@FreeBSD.org> 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 29 #include <sys/param.h> 30 #ifndef WITHOUT_CAPSICUM 31 #include <sys/capsicum.h> 32 #endif 33 #ifdef __FreeBSD__ 34 #include <sys/endian.h> 35 #else 36 #include <endian.h> 37 #endif 38 #include <sys/ioctl.h> 39 #include <sys/mman.h> 40 #include <sys/queue.h> 41 #include <sys/socket.h> 42 #include <machine/atomic.h> 43 #include <machine/specialreg.h> 44 #include <machine/vmm.h> 45 #include <netinet/in.h> 46 #include <assert.h> 47 #ifndef WITHOUT_CAPSICUM 48 #include <capsicum_helpers.h> 49 #endif 50 #include <err.h> 51 #include <errno.h> 52 #include <fcntl.h> 53 #include <netdb.h> 54 #include <pthread.h> 55 #include <pthread_np.h> 56 #include <stdbool.h> 57 #include <stdio.h> 58 #include <stdlib.h> 59 #include <string.h> 60 #include <sysexits.h> 61 #include <unistd.h> 62 #include <vmmapi.h> 63 64 #include "bhyverun.h" 65 #include "config.h" 66 #include "debug.h" 67 #include "gdb.h" 68 #include "mem.h" 69 #include "mevent.h" 70 71 /* 72 * GDB_SIGNAL_* numbers are part of the GDB remote protocol. Most stops 73 * use SIGTRAP. 74 */ 75 #define GDB_SIGNAL_TRAP 5 76 77 #define GDB_BP_SIZE 1 78 #define GDB_BP_INSTR (uint8_t []){0xcc} 79 #define GDB_PC_REGNAME VM_REG_GUEST_RIP 80 81 _Static_assert(sizeof(GDB_BP_INSTR) == GDB_BP_SIZE, 82 "GDB_BP_INSTR has wrong size"); 83 84 static void gdb_resume_vcpus(void); 85 static void check_command(int fd); 86 87 static struct mevent *read_event, *write_event; 88 89 static cpuset_t vcpus_active, vcpus_suspended, vcpus_waiting; 90 static pthread_mutex_t gdb_lock; 91 static pthread_cond_t idle_vcpus; 92 static bool first_stop, report_next_stop, swbreak_enabled; 93 94 /* 95 * An I/O buffer contains 'capacity' bytes of room at 'data'. For a 96 * read buffer, 'start' is unused and 'len' contains the number of 97 * valid bytes in the buffer. For a write buffer, 'start' is set to 98 * the index of the next byte in 'data' to send, and 'len' contains 99 * the remaining number of valid bytes to send. 100 */ 101 struct io_buffer { 102 uint8_t *data; 103 size_t capacity; 104 size_t start; 105 size_t len; 106 }; 107 108 struct breakpoint { 109 uint64_t gpa; 110 uint8_t shadow_inst[GDB_BP_SIZE]; 111 TAILQ_ENTRY(breakpoint) link; 112 }; 113 114 /* 115 * When a vCPU stops to due to an event that should be reported to the 116 * debugger, information about the event is stored in this structure. 117 * The vCPU thread then sets 'stopped_vcpu' if it is not already set 118 * and stops other vCPUs so the event can be reported. The 119 * report_stop() function reports the event for the 'stopped_vcpu' 120 * vCPU. When the debugger resumes execution via continue or step, 121 * the event for 'stopped_vcpu' is cleared. vCPUs will loop in their 122 * event handlers until the associated event is reported or disabled. 123 * 124 * An idle vCPU will have all of the boolean fields set to false. 125 * 126 * When a vCPU is stepped, 'stepping' is set to true when the vCPU is 127 * released to execute the stepped instruction. When the vCPU reports 128 * the stepping trap, 'stepped' is set. 129 * 130 * When a vCPU hits a breakpoint set by the debug server, 131 * 'hit_swbreak' is set to true. 132 */ 133 struct vcpu_state { 134 bool stepping; 135 bool stepped; 136 bool hit_swbreak; 137 }; 138 139 static struct io_buffer cur_comm, cur_resp; 140 static uint8_t cur_csum; 141 static struct vmctx *ctx; 142 static int cur_fd = -1; 143 static TAILQ_HEAD(, breakpoint) breakpoints; 144 static struct vcpu_state *vcpu_state; 145 static struct vcpu **vcpus; 146 static int cur_vcpu, stopped_vcpu; 147 static bool gdb_active = false; 148 149 struct gdb_reg { 150 enum vm_reg_name id; 151 int size; 152 }; 153 154 static const struct gdb_reg gdb_regset[] = { 155 { .id = VM_REG_GUEST_RAX, .size = 8 }, 156 { .id = VM_REG_GUEST_RBX, .size = 8 }, 157 { .id = VM_REG_GUEST_RCX, .size = 8 }, 158 { .id = VM_REG_GUEST_RDX, .size = 8 }, 159 { .id = VM_REG_GUEST_RSI, .size = 8 }, 160 { .id = VM_REG_GUEST_RDI, .size = 8 }, 161 { .id = VM_REG_GUEST_RBP, .size = 8 }, 162 { .id = VM_REG_GUEST_RSP, .size = 8 }, 163 { .id = VM_REG_GUEST_R8, .size = 8 }, 164 { .id = VM_REG_GUEST_R9, .size = 8 }, 165 { .id = VM_REG_GUEST_R10, .size = 8 }, 166 { .id = VM_REG_GUEST_R11, .size = 8 }, 167 { .id = VM_REG_GUEST_R12, .size = 8 }, 168 { .id = VM_REG_GUEST_R13, .size = 8 }, 169 { .id = VM_REG_GUEST_R14, .size = 8 }, 170 { .id = VM_REG_GUEST_R15, .size = 8 }, 171 { .id = VM_REG_GUEST_RIP, .size = 8 }, 172 { .id = VM_REG_GUEST_RFLAGS, .size = 4 }, 173 { .id = VM_REG_GUEST_CS, .size = 4 }, 174 { .id = VM_REG_GUEST_SS, .size = 4 }, 175 { .id = VM_REG_GUEST_DS, .size = 4 }, 176 { .id = VM_REG_GUEST_ES, .size = 4 }, 177 { .id = VM_REG_GUEST_FS, .size = 4 }, 178 { .id = VM_REG_GUEST_GS, .size = 4 }, 179 }; 180 181 #ifdef GDB_LOG 182 #include <stdarg.h> 183 #include <stdio.h> 184 185 static void __printflike(1, 2) 186 debug(const char *fmt, ...) 187 { 188 static FILE *logfile; 189 va_list ap; 190 191 if (logfile == NULL) { 192 logfile = fopen("/tmp/bhyve_gdb.log", "w"); 193 if (logfile == NULL) 194 return; 195 #ifndef WITHOUT_CAPSICUM 196 if (caph_limit_stream(fileno(logfile), CAPH_WRITE) == -1) { 197 fclose(logfile); 198 logfile = NULL; 199 return; 200 } 201 #endif 202 setlinebuf(logfile); 203 } 204 va_start(ap, fmt); 205 vfprintf(logfile, fmt, ap); 206 va_end(ap); 207 } 208 #else 209 #ifndef __FreeBSD__ 210 /* 211 * A totally empty debug() makes the compiler grumpy due to how its used with 212 * some control flow here. 213 */ 214 #define debug(...) do { } while (0) 215 #else 216 #define debug(...) 217 #endif 218 #endif 219 220 static void remove_all_sw_breakpoints(void); 221 222 static int 223 guest_paging_info(struct vcpu *vcpu, struct vm_guest_paging *paging) 224 { 225 uint64_t regs[4]; 226 const int regset[4] = { 227 VM_REG_GUEST_CR0, 228 VM_REG_GUEST_CR3, 229 VM_REG_GUEST_CR4, 230 VM_REG_GUEST_EFER 231 }; 232 233 if (vm_get_register_set(vcpu, nitems(regset), regset, regs) == -1) 234 return (-1); 235 236 /* 237 * For the debugger, always pretend to be the kernel (CPL 0), 238 * and if long-mode is enabled, always parse addresses as if 239 * in 64-bit mode. 240 */ 241 paging->cr3 = regs[1]; 242 paging->cpl = 0; 243 if (regs[3] & EFER_LMA) 244 paging->cpu_mode = CPU_MODE_64BIT; 245 else if (regs[0] & CR0_PE) 246 paging->cpu_mode = CPU_MODE_PROTECTED; 247 else 248 paging->cpu_mode = CPU_MODE_REAL; 249 if (!(regs[0] & CR0_PG)) 250 paging->paging_mode = PAGING_MODE_FLAT; 251 else if (!(regs[2] & CR4_PAE)) 252 paging->paging_mode = PAGING_MODE_32; 253 else if (regs[3] & EFER_LME) 254 paging->paging_mode = PAGING_MODE_64; 255 else 256 paging->paging_mode = PAGING_MODE_PAE; 257 return (0); 258 } 259 260 /* 261 * Map a guest virtual address to a physical address (for a given vcpu). 262 * If a guest virtual address is valid, return 1. If the address is 263 * not valid, return 0. If an error occurs obtaining the mapping, 264 * return -1. 265 */ 266 static int 267 guest_vaddr2paddr(struct vcpu *vcpu, uint64_t vaddr, uint64_t *paddr) 268 { 269 struct vm_guest_paging paging; 270 int fault; 271 272 if (guest_paging_info(vcpu, &paging) == -1) 273 return (-1); 274 275 /* 276 * Always use PROT_READ. We really care if the VA is 277 * accessible, not if the current vCPU can write. 278 */ 279 if (vm_gla2gpa_nofault(vcpu, &paging, vaddr, PROT_READ, paddr, 280 &fault) == -1) 281 return (-1); 282 if (fault) 283 return (0); 284 return (1); 285 } 286 287 static uint64_t 288 guest_pc(struct vm_exit *vme) 289 { 290 return (vme->rip); 291 } 292 293 static void 294 io_buffer_reset(struct io_buffer *io) 295 { 296 297 io->start = 0; 298 io->len = 0; 299 } 300 301 /* Available room for adding data. */ 302 static size_t 303 io_buffer_avail(struct io_buffer *io) 304 { 305 306 return (io->capacity - (io->start + io->len)); 307 } 308 309 static uint8_t * 310 io_buffer_head(struct io_buffer *io) 311 { 312 313 return (io->data + io->start); 314 } 315 316 static uint8_t * 317 io_buffer_tail(struct io_buffer *io) 318 { 319 320 return (io->data + io->start + io->len); 321 } 322 323 static void 324 io_buffer_advance(struct io_buffer *io, size_t amount) 325 { 326 327 assert(amount <= io->len); 328 io->start += amount; 329 io->len -= amount; 330 } 331 332 static void 333 io_buffer_consume(struct io_buffer *io, size_t amount) 334 { 335 336 io_buffer_advance(io, amount); 337 if (io->len == 0) { 338 io->start = 0; 339 return; 340 } 341 342 /* 343 * XXX: Consider making this move optional and compacting on a 344 * future read() before realloc(). 345 */ 346 memmove(io->data, io_buffer_head(io), io->len); 347 io->start = 0; 348 } 349 350 static void 351 io_buffer_grow(struct io_buffer *io, size_t newsize) 352 { 353 uint8_t *new_data; 354 size_t avail, new_cap; 355 356 avail = io_buffer_avail(io); 357 if (newsize <= avail) 358 return; 359 360 new_cap = io->capacity + (newsize - avail); 361 new_data = realloc(io->data, new_cap); 362 if (new_data == NULL) 363 err(1, "Failed to grow GDB I/O buffer"); 364 io->data = new_data; 365 io->capacity = new_cap; 366 } 367 368 static bool 369 response_pending(void) 370 { 371 372 if (cur_resp.start == 0 && cur_resp.len == 0) 373 return (false); 374 if (cur_resp.start + cur_resp.len == 1 && cur_resp.data[0] == '+') 375 return (false); 376 return (true); 377 } 378 379 static void 380 close_connection(void) 381 { 382 383 /* 384 * XXX: This triggers a warning because mevent does the close 385 * before the EV_DELETE. 386 */ 387 pthread_mutex_lock(&gdb_lock); 388 mevent_delete(write_event); 389 mevent_delete_close(read_event); 390 write_event = NULL; 391 read_event = NULL; 392 io_buffer_reset(&cur_comm); 393 io_buffer_reset(&cur_resp); 394 cur_fd = -1; 395 396 remove_all_sw_breakpoints(); 397 398 /* Clear any pending events. */ 399 memset(vcpu_state, 0, guest_ncpus * sizeof(*vcpu_state)); 400 401 /* Resume any stopped vCPUs. */ 402 gdb_resume_vcpus(); 403 pthread_mutex_unlock(&gdb_lock); 404 } 405 406 static uint8_t 407 hex_digit(uint8_t nibble) 408 { 409 410 if (nibble <= 9) 411 return (nibble + '0'); 412 else 413 return (nibble + 'a' - 10); 414 } 415 416 static uint8_t 417 parse_digit(uint8_t v) 418 { 419 420 if (v >= '0' && v <= '9') 421 return (v - '0'); 422 if (v >= 'a' && v <= 'f') 423 return (v - 'a' + 10); 424 if (v >= 'A' && v <= 'F') 425 return (v - 'A' + 10); 426 return (0xF); 427 } 428 429 /* Parses big-endian hexadecimal. */ 430 static uintmax_t 431 parse_integer(const uint8_t *p, size_t len) 432 { 433 uintmax_t v; 434 435 v = 0; 436 while (len > 0) { 437 v <<= 4; 438 v |= parse_digit(*p); 439 p++; 440 len--; 441 } 442 return (v); 443 } 444 445 static uint8_t 446 parse_byte(const uint8_t *p) 447 { 448 449 return (parse_digit(p[0]) << 4 | parse_digit(p[1])); 450 } 451 452 static void 453 send_pending_data(int fd) 454 { 455 ssize_t nwritten; 456 457 if (cur_resp.len == 0) { 458 mevent_disable(write_event); 459 return; 460 } 461 nwritten = write(fd, io_buffer_head(&cur_resp), cur_resp.len); 462 if (nwritten == -1) { 463 warn("Write to GDB socket failed"); 464 close_connection(); 465 } else { 466 io_buffer_advance(&cur_resp, nwritten); 467 if (cur_resp.len == 0) 468 mevent_disable(write_event); 469 else 470 mevent_enable(write_event); 471 } 472 } 473 474 /* Append a single character to the output buffer. */ 475 static void 476 send_char(uint8_t data) 477 { 478 io_buffer_grow(&cur_resp, 1); 479 *io_buffer_tail(&cur_resp) = data; 480 cur_resp.len++; 481 } 482 483 /* Append an array of bytes to the output buffer. */ 484 static void 485 send_data(const uint8_t *data, size_t len) 486 { 487 488 io_buffer_grow(&cur_resp, len); 489 memcpy(io_buffer_tail(&cur_resp), data, len); 490 cur_resp.len += len; 491 } 492 493 static void 494 format_byte(uint8_t v, uint8_t *buf) 495 { 496 497 buf[0] = hex_digit(v >> 4); 498 buf[1] = hex_digit(v & 0xf); 499 } 500 501 /* 502 * Append a single byte (formatted as two hex characters) to the 503 * output buffer. 504 */ 505 static void 506 send_byte(uint8_t v) 507 { 508 uint8_t buf[2]; 509 510 format_byte(v, buf); 511 send_data(buf, sizeof(buf)); 512 } 513 514 static void 515 start_packet(void) 516 { 517 518 send_char('$'); 519 cur_csum = 0; 520 } 521 522 static void 523 finish_packet(void) 524 { 525 526 send_char('#'); 527 send_byte(cur_csum); 528 debug("-> %.*s\n", (int)cur_resp.len, io_buffer_head(&cur_resp)); 529 } 530 531 /* 532 * Append a single character (for the packet payload) and update the 533 * checksum. 534 */ 535 static void 536 append_char(uint8_t v) 537 { 538 539 send_char(v); 540 cur_csum += v; 541 } 542 543 /* 544 * Append an array of bytes (for the packet payload) and update the 545 * checksum. 546 */ 547 static void 548 append_packet_data(const uint8_t *data, size_t len) 549 { 550 551 send_data(data, len); 552 while (len > 0) { 553 cur_csum += *data; 554 data++; 555 len--; 556 } 557 } 558 559 static void 560 append_string(const char *str) 561 { 562 563 #ifdef __FreeBSD__ 564 append_packet_data(str, strlen(str)); 565 #else 566 append_packet_data((const uint8_t *)str, strlen(str)); 567 #endif 568 } 569 570 static void 571 append_byte(uint8_t v) 572 { 573 uint8_t buf[2]; 574 575 format_byte(v, buf); 576 append_packet_data(buf, sizeof(buf)); 577 } 578 579 static void 580 append_unsigned_native(uintmax_t value, size_t len) 581 { 582 size_t i; 583 584 for (i = 0; i < len; i++) { 585 append_byte(value); 586 value >>= 8; 587 } 588 } 589 590 static void 591 append_unsigned_be(uintmax_t value, size_t len) 592 { 593 char buf[len * 2]; 594 size_t i; 595 596 for (i = 0; i < len; i++) { 597 #ifdef __FreeBSD__ 598 format_byte(value, buf + (len - i - 1) * 2); 599 #else 600 format_byte(value, (uint8_t *)(buf + (len - i - 1) * 2)); 601 #endif 602 value >>= 8; 603 } 604 #ifdef __FreeBSD__ 605 append_packet_data(buf, sizeof(buf)); 606 #else 607 append_packet_data((const uint8_t *)buf, sizeof(buf)); 608 #endif 609 } 610 611 static void 612 append_integer(unsigned int value) 613 { 614 615 if (value == 0) 616 append_char('0'); 617 else 618 append_unsigned_be(value, (fls(value) + 7) / 8); 619 } 620 621 static void 622 append_asciihex(const char *str) 623 { 624 625 while (*str != '\0') { 626 append_byte(*str); 627 str++; 628 } 629 } 630 631 static void 632 send_empty_response(void) 633 { 634 635 start_packet(); 636 finish_packet(); 637 } 638 639 static void 640 send_error(int error) 641 { 642 643 start_packet(); 644 append_char('E'); 645 append_byte(error); 646 finish_packet(); 647 } 648 649 static void 650 send_ok(void) 651 { 652 653 start_packet(); 654 append_string("OK"); 655 finish_packet(); 656 } 657 658 static int 659 parse_threadid(const uint8_t *data, size_t len) 660 { 661 662 if (len == 1 && *data == '0') 663 return (0); 664 if (len == 2 && memcmp(data, "-1", 2) == 0) 665 return (-1); 666 if (len == 0) 667 return (-2); 668 return (parse_integer(data, len)); 669 } 670 671 /* 672 * Report the current stop event to the debugger. If the stop is due 673 * to an event triggered on a specific vCPU such as a breakpoint or 674 * stepping trap, stopped_vcpu will be set to the vCPU triggering the 675 * stop. If 'set_cur_vcpu' is true, then cur_vcpu will be updated to 676 * the reporting vCPU for vCPU events. 677 */ 678 static void 679 report_stop(bool set_cur_vcpu) 680 { 681 struct vcpu_state *vs; 682 683 start_packet(); 684 if (stopped_vcpu == -1) { 685 append_char('S'); 686 append_byte(GDB_SIGNAL_TRAP); 687 } else { 688 vs = &vcpu_state[stopped_vcpu]; 689 if (set_cur_vcpu) 690 cur_vcpu = stopped_vcpu; 691 append_char('T'); 692 append_byte(GDB_SIGNAL_TRAP); 693 append_string("thread:"); 694 append_integer(stopped_vcpu + 1); 695 append_char(';'); 696 if (vs->hit_swbreak) { 697 debug("$vCPU %d reporting swbreak\n", stopped_vcpu); 698 if (swbreak_enabled) 699 append_string("swbreak:;"); 700 } else if (vs->stepped) 701 debug("$vCPU %d reporting step\n", stopped_vcpu); 702 else 703 debug("$vCPU %d reporting ???\n", stopped_vcpu); 704 } 705 finish_packet(); 706 report_next_stop = false; 707 } 708 709 /* 710 * If this stop is due to a vCPU event, clear that event to mark it as 711 * acknowledged. 712 */ 713 static void 714 discard_stop(void) 715 { 716 struct vcpu_state *vs; 717 718 if (stopped_vcpu != -1) { 719 vs = &vcpu_state[stopped_vcpu]; 720 vs->hit_swbreak = false; 721 vs->stepped = false; 722 stopped_vcpu = -1; 723 } 724 report_next_stop = true; 725 } 726 727 static void 728 gdb_finish_suspend_vcpus(void) 729 { 730 731 if (first_stop) { 732 first_stop = false; 733 stopped_vcpu = -1; 734 } else if (report_next_stop) { 735 assert(!response_pending()); 736 report_stop(true); 737 send_pending_data(cur_fd); 738 } 739 } 740 741 /* 742 * vCPU threads invoke this function whenever the vCPU enters the 743 * debug server to pause or report an event. vCPU threads wait here 744 * as long as the debug server keeps them suspended. 745 */ 746 static void 747 _gdb_cpu_suspend(struct vcpu *vcpu, bool report_stop) 748 { 749 int vcpuid = vcpu_id(vcpu); 750 751 debug("$vCPU %d suspending\n", vcpuid); 752 CPU_SET(vcpuid, &vcpus_waiting); 753 if (report_stop && CPU_CMP(&vcpus_waiting, &vcpus_suspended) == 0) 754 gdb_finish_suspend_vcpus(); 755 while (CPU_ISSET(vcpuid, &vcpus_suspended)) 756 pthread_cond_wait(&idle_vcpus, &gdb_lock); 757 CPU_CLR(vcpuid, &vcpus_waiting); 758 debug("$vCPU %d resuming\n", vcpuid); 759 } 760 761 /* 762 * Invoked at the start of a vCPU thread's execution to inform the 763 * debug server about the new thread. 764 */ 765 void 766 gdb_cpu_add(struct vcpu *vcpu) 767 { 768 int vcpuid; 769 770 if (!gdb_active) 771 return; 772 vcpuid = vcpu_id(vcpu); 773 debug("$vCPU %d starting\n", vcpuid); 774 pthread_mutex_lock(&gdb_lock); 775 assert(vcpuid < guest_ncpus); 776 assert(vcpus[vcpuid] == NULL); 777 vcpus[vcpuid] = vcpu; 778 CPU_SET(vcpuid, &vcpus_active); 779 if (!TAILQ_EMPTY(&breakpoints)) { 780 vm_set_capability(vcpu, VM_CAP_BPT_EXIT, 1); 781 debug("$vCPU %d enabled breakpoint exits\n", vcpuid); 782 } 783 784 /* 785 * If a vcpu is added while vcpus are stopped, suspend the new 786 * vcpu so that it will pop back out with a debug exit before 787 * executing the first instruction. 788 */ 789 if (!CPU_EMPTY(&vcpus_suspended)) { 790 CPU_SET(vcpuid, &vcpus_suspended); 791 _gdb_cpu_suspend(vcpu, false); 792 } 793 pthread_mutex_unlock(&gdb_lock); 794 } 795 796 /* 797 * Invoked by vCPU before resuming execution. This enables stepping 798 * if the vCPU is marked as stepping. 799 */ 800 static void 801 gdb_cpu_resume(struct vcpu *vcpu) 802 { 803 struct vcpu_state *vs; 804 int error; 805 806 vs = &vcpu_state[vcpu_id(vcpu)]; 807 808 /* 809 * Any pending event should already be reported before 810 * resuming. 811 */ 812 assert(vs->hit_swbreak == false); 813 assert(vs->stepped == false); 814 if (vs->stepping) { 815 error = vm_set_capability(vcpu, VM_CAP_MTRAP_EXIT, 1); 816 assert(error == 0); 817 } 818 } 819 820 /* 821 * Handler for VM_EXITCODE_DEBUG used to suspend a vCPU when the guest 822 * has been suspended due to an event on different vCPU or in response 823 * to a guest-wide suspend such as Ctrl-C or the stop on attach. 824 */ 825 void 826 gdb_cpu_suspend(struct vcpu *vcpu) 827 { 828 829 if (!gdb_active) 830 return; 831 pthread_mutex_lock(&gdb_lock); 832 _gdb_cpu_suspend(vcpu, true); 833 gdb_cpu_resume(vcpu); 834 pthread_mutex_unlock(&gdb_lock); 835 } 836 837 static void 838 gdb_suspend_vcpus(void) 839 { 840 841 assert(pthread_mutex_isowned_np(&gdb_lock)); 842 debug("suspending all CPUs\n"); 843 vcpus_suspended = vcpus_active; 844 vm_suspend_all_cpus(ctx); 845 if (CPU_CMP(&vcpus_waiting, &vcpus_suspended) == 0) 846 gdb_finish_suspend_vcpus(); 847 } 848 849 /* 850 * Handler for VM_EXITCODE_MTRAP reported when a vCPU single-steps via 851 * the VT-x-specific MTRAP exit. 852 */ 853 void 854 gdb_cpu_mtrap(struct vcpu *vcpu) 855 { 856 struct vcpu_state *vs; 857 int vcpuid; 858 859 if (!gdb_active) 860 return; 861 vcpuid = vcpu_id(vcpu); 862 debug("$vCPU %d MTRAP\n", vcpuid); 863 pthread_mutex_lock(&gdb_lock); 864 vs = &vcpu_state[vcpuid]; 865 if (vs->stepping) { 866 vs->stepping = false; 867 vs->stepped = true; 868 vm_set_capability(vcpu, VM_CAP_MTRAP_EXIT, 0); 869 while (vs->stepped) { 870 if (stopped_vcpu == -1) { 871 debug("$vCPU %d reporting step\n", vcpuid); 872 stopped_vcpu = vcpuid; 873 gdb_suspend_vcpus(); 874 } 875 _gdb_cpu_suspend(vcpu, true); 876 } 877 gdb_cpu_resume(vcpu); 878 } 879 pthread_mutex_unlock(&gdb_lock); 880 } 881 882 static struct breakpoint * 883 find_breakpoint(uint64_t gpa) 884 { 885 struct breakpoint *bp; 886 887 TAILQ_FOREACH(bp, &breakpoints, link) { 888 if (bp->gpa == gpa) 889 return (bp); 890 } 891 return (NULL); 892 } 893 894 void 895 gdb_cpu_breakpoint(struct vcpu *vcpu, struct vm_exit *vmexit) 896 { 897 struct breakpoint *bp; 898 struct vcpu_state *vs; 899 uint64_t gpa; 900 int error, vcpuid; 901 902 if (!gdb_active) { 903 EPRINTLN("vm_loop: unexpected VMEXIT_DEBUG"); 904 exit(4); 905 } 906 vcpuid = vcpu_id(vcpu); 907 pthread_mutex_lock(&gdb_lock); 908 error = guest_vaddr2paddr(vcpu, guest_pc(vmexit), &gpa); 909 assert(error == 1); 910 bp = find_breakpoint(gpa); 911 if (bp != NULL) { 912 vs = &vcpu_state[vcpuid]; 913 assert(vs->stepping == false); 914 assert(vs->stepped == false); 915 assert(vs->hit_swbreak == false); 916 vs->hit_swbreak = true; 917 vm_set_register(vcpu, GDB_PC_REGNAME, guest_pc(vmexit)); 918 for (;;) { 919 if (stopped_vcpu == -1) { 920 debug("$vCPU %d reporting breakpoint at rip %#lx\n", 921 vcpuid, guest_pc(vmexit)); 922 stopped_vcpu = vcpuid; 923 gdb_suspend_vcpus(); 924 } 925 _gdb_cpu_suspend(vcpu, true); 926 if (!vs->hit_swbreak) { 927 /* Breakpoint reported. */ 928 break; 929 } 930 bp = find_breakpoint(gpa); 931 if (bp == NULL) { 932 /* Breakpoint was removed. */ 933 vs->hit_swbreak = false; 934 break; 935 } 936 } 937 gdb_cpu_resume(vcpu); 938 } else { 939 debug("$vCPU %d injecting breakpoint at rip %#lx\n", vcpuid, 940 guest_pc(vmexit)); 941 error = vm_set_register(vcpu, VM_REG_GUEST_ENTRY_INST_LENGTH, 942 vmexit->u.bpt.inst_length); 943 assert(error == 0); 944 error = vm_inject_exception(vcpu, IDT_BP, 0, 0, 0); 945 assert(error == 0); 946 } 947 pthread_mutex_unlock(&gdb_lock); 948 } 949 950 static bool 951 gdb_step_vcpu(struct vcpu *vcpu) 952 { 953 int error, val, vcpuid; 954 955 vcpuid = vcpu_id(vcpu); 956 debug("$vCPU %d step\n", vcpuid); 957 error = vm_get_capability(vcpu, VM_CAP_MTRAP_EXIT, &val); 958 if (error < 0) 959 return (false); 960 961 discard_stop(); 962 vcpu_state[vcpuid].stepping = true; 963 vm_resume_cpu(vcpu); 964 CPU_CLR(vcpuid, &vcpus_suspended); 965 pthread_cond_broadcast(&idle_vcpus); 966 return (true); 967 } 968 969 static void 970 gdb_resume_vcpus(void) 971 { 972 973 assert(pthread_mutex_isowned_np(&gdb_lock)); 974 vm_resume_all_cpus(ctx); 975 debug("resuming all CPUs\n"); 976 CPU_ZERO(&vcpus_suspended); 977 pthread_cond_broadcast(&idle_vcpus); 978 } 979 980 static void 981 gdb_read_regs(void) 982 { 983 uint64_t regvals[nitems(gdb_regset)]; 984 int regnums[nitems(gdb_regset)]; 985 986 for (size_t i = 0; i < nitems(gdb_regset); i++) 987 regnums[i] = gdb_regset[i].id; 988 if (vm_get_register_set(vcpus[cur_vcpu], nitems(gdb_regset), 989 regnums, regvals) == -1) { 990 send_error(errno); 991 return; 992 } 993 start_packet(); 994 for (size_t i = 0; i < nitems(gdb_regset); i++) 995 append_unsigned_native(regvals[i], gdb_regset[i].size); 996 finish_packet(); 997 } 998 999 static void 1000 gdb_read_one_reg(const uint8_t *data, size_t len) 1001 { 1002 uint64_t regval; 1003 uintmax_t reg; 1004 1005 reg = parse_integer(data, len); 1006 if (reg >= nitems(gdb_regset)) { 1007 send_error(EINVAL); 1008 return; 1009 } 1010 1011 if (vm_get_register(vcpus[cur_vcpu], gdb_regset[reg].id, ®val) == 1012 -1) { 1013 send_error(errno); 1014 return; 1015 } 1016 1017 start_packet(); 1018 append_unsigned_native(regval, gdb_regset[reg].size); 1019 finish_packet(); 1020 } 1021 1022 static void 1023 gdb_read_mem(const uint8_t *data, size_t len) 1024 { 1025 uint64_t gpa, gva, val; 1026 uint8_t *cp; 1027 size_t resid, todo, bytes; 1028 bool started; 1029 int error; 1030 1031 assert(len >= 1); 1032 1033 /* Skip 'm' */ 1034 data += 1; 1035 len -= 1; 1036 1037 /* Parse and consume address. */ 1038 cp = memchr(data, ',', len); 1039 if (cp == NULL || cp == data) { 1040 send_error(EINVAL); 1041 return; 1042 } 1043 gva = parse_integer(data, cp - data); 1044 len -= (cp - data) + 1; 1045 data += (cp - data) + 1; 1046 1047 /* Parse length. */ 1048 resid = parse_integer(data, len); 1049 1050 started = false; 1051 while (resid > 0) { 1052 error = guest_vaddr2paddr(vcpus[cur_vcpu], gva, &gpa); 1053 if (error == -1) { 1054 if (started) 1055 finish_packet(); 1056 else 1057 send_error(errno); 1058 return; 1059 } 1060 if (error == 0) { 1061 if (started) 1062 finish_packet(); 1063 else 1064 send_error(EFAULT); 1065 return; 1066 } 1067 1068 /* Read bytes from current page. */ 1069 todo = getpagesize() - gpa % getpagesize(); 1070 if (todo > resid) 1071 todo = resid; 1072 1073 cp = paddr_guest2host(ctx, gpa, todo); 1074 if (cp != NULL) { 1075 /* 1076 * If this page is guest RAM, read it a byte 1077 * at a time. 1078 */ 1079 if (!started) { 1080 start_packet(); 1081 started = true; 1082 } 1083 while (todo > 0) { 1084 append_byte(*cp); 1085 cp++; 1086 gpa++; 1087 gva++; 1088 resid--; 1089 todo--; 1090 } 1091 } else { 1092 /* 1093 * If this page isn't guest RAM, try to handle 1094 * it via MMIO. For MMIO requests, use 1095 * aligned reads of words when possible. 1096 */ 1097 while (todo > 0) { 1098 if (gpa & 1 || todo == 1) 1099 bytes = 1; 1100 else if (gpa & 2 || todo == 2) 1101 bytes = 2; 1102 else 1103 bytes = 4; 1104 error = read_mem(vcpus[cur_vcpu], gpa, &val, 1105 bytes); 1106 if (error == 0) { 1107 if (!started) { 1108 start_packet(); 1109 started = true; 1110 } 1111 gpa += bytes; 1112 gva += bytes; 1113 resid -= bytes; 1114 todo -= bytes; 1115 while (bytes > 0) { 1116 append_byte(val); 1117 val >>= 8; 1118 bytes--; 1119 } 1120 } else { 1121 if (started) 1122 finish_packet(); 1123 else 1124 send_error(EFAULT); 1125 return; 1126 } 1127 } 1128 } 1129 assert(resid == 0 || gpa % getpagesize() == 0); 1130 } 1131 if (!started) 1132 start_packet(); 1133 finish_packet(); 1134 } 1135 1136 static void 1137 gdb_write_mem(const uint8_t *data, size_t len) 1138 { 1139 uint64_t gpa, gva, val; 1140 uint8_t *cp; 1141 size_t resid, todo, bytes; 1142 int error; 1143 1144 assert(len >= 1); 1145 1146 /* Skip 'M' */ 1147 data += 1; 1148 len -= 1; 1149 1150 /* Parse and consume address. */ 1151 cp = memchr(data, ',', len); 1152 if (cp == NULL || cp == data) { 1153 send_error(EINVAL); 1154 return; 1155 } 1156 gva = parse_integer(data, cp - data); 1157 len -= (cp - data) + 1; 1158 data += (cp - data) + 1; 1159 1160 /* Parse and consume length. */ 1161 cp = memchr(data, ':', len); 1162 if (cp == NULL || cp == data) { 1163 send_error(EINVAL); 1164 return; 1165 } 1166 resid = parse_integer(data, cp - data); 1167 len -= (cp - data) + 1; 1168 data += (cp - data) + 1; 1169 1170 /* Verify the available bytes match the length. */ 1171 if (len != resid * 2) { 1172 send_error(EINVAL); 1173 return; 1174 } 1175 1176 while (resid > 0) { 1177 error = guest_vaddr2paddr(vcpus[cur_vcpu], gva, &gpa); 1178 if (error == -1) { 1179 send_error(errno); 1180 return; 1181 } 1182 if (error == 0) { 1183 send_error(EFAULT); 1184 return; 1185 } 1186 1187 /* Write bytes to current page. */ 1188 todo = getpagesize() - gpa % getpagesize(); 1189 if (todo > resid) 1190 todo = resid; 1191 1192 cp = paddr_guest2host(ctx, gpa, todo); 1193 if (cp != NULL) { 1194 /* 1195 * If this page is guest RAM, write it a byte 1196 * at a time. 1197 */ 1198 while (todo > 0) { 1199 assert(len >= 2); 1200 *cp = parse_byte(data); 1201 data += 2; 1202 len -= 2; 1203 cp++; 1204 gpa++; 1205 gva++; 1206 resid--; 1207 todo--; 1208 } 1209 } else { 1210 /* 1211 * If this page isn't guest RAM, try to handle 1212 * it via MMIO. For MMIO requests, use 1213 * aligned writes of words when possible. 1214 */ 1215 while (todo > 0) { 1216 if (gpa & 1 || todo == 1) { 1217 bytes = 1; 1218 val = parse_byte(data); 1219 } else if (gpa & 2 || todo == 2) { 1220 bytes = 2; 1221 val = be16toh(parse_integer(data, 4)); 1222 } else { 1223 bytes = 4; 1224 val = be32toh(parse_integer(data, 8)); 1225 } 1226 error = write_mem(vcpus[cur_vcpu], gpa, val, 1227 bytes); 1228 if (error == 0) { 1229 gpa += bytes; 1230 gva += bytes; 1231 resid -= bytes; 1232 todo -= bytes; 1233 data += 2 * bytes; 1234 len -= 2 * bytes; 1235 } else { 1236 send_error(EFAULT); 1237 return; 1238 } 1239 } 1240 } 1241 assert(resid == 0 || gpa % getpagesize() == 0); 1242 } 1243 assert(len == 0); 1244 send_ok(); 1245 } 1246 1247 static bool 1248 set_breakpoint_caps(bool enable) 1249 { 1250 cpuset_t mask; 1251 int vcpu; 1252 1253 mask = vcpus_active; 1254 while (!CPU_EMPTY(&mask)) { 1255 vcpu = CPU_FFS(&mask) - 1; 1256 CPU_CLR(vcpu, &mask); 1257 if (vm_set_capability(vcpus[vcpu], VM_CAP_BPT_EXIT, 1258 enable ? 1 : 0) < 0) 1259 return (false); 1260 debug("$vCPU %d %sabled breakpoint exits\n", vcpu, 1261 enable ? "en" : "dis"); 1262 } 1263 return (true); 1264 } 1265 1266 static void 1267 remove_all_sw_breakpoints(void) 1268 { 1269 struct breakpoint *bp, *nbp; 1270 uint8_t *cp; 1271 1272 if (TAILQ_EMPTY(&breakpoints)) 1273 return; 1274 1275 TAILQ_FOREACH_SAFE(bp, &breakpoints, link, nbp) { 1276 debug("remove breakpoint at %#lx\n", bp->gpa); 1277 cp = paddr_guest2host(ctx, bp->gpa, sizeof(bp->shadow_inst)); 1278 memcpy(cp, bp->shadow_inst, sizeof(bp->shadow_inst)); 1279 TAILQ_REMOVE(&breakpoints, bp, link); 1280 free(bp); 1281 } 1282 TAILQ_INIT(&breakpoints); 1283 set_breakpoint_caps(false); 1284 } 1285 1286 static void 1287 update_sw_breakpoint(uint64_t gva, int kind, bool insert) 1288 { 1289 struct breakpoint *bp; 1290 uint64_t gpa; 1291 uint8_t *cp; 1292 int error; 1293 1294 if (kind != GDB_BP_SIZE) { 1295 send_error(EINVAL); 1296 return; 1297 } 1298 1299 error = guest_vaddr2paddr(vcpus[cur_vcpu], gva, &gpa); 1300 if (error == -1) { 1301 send_error(errno); 1302 return; 1303 } 1304 if (error == 0) { 1305 send_error(EFAULT); 1306 return; 1307 } 1308 1309 cp = paddr_guest2host(ctx, gpa, sizeof(bp->shadow_inst)); 1310 1311 /* Only permit breakpoints in guest RAM. */ 1312 if (cp == NULL) { 1313 send_error(EFAULT); 1314 return; 1315 } 1316 1317 /* Find any existing breakpoint. */ 1318 bp = find_breakpoint(gpa); 1319 1320 /* 1321 * Silently ignore duplicate commands since the protocol 1322 * requires these packets to be idempotent. 1323 */ 1324 if (insert) { 1325 if (bp == NULL) { 1326 if (TAILQ_EMPTY(&breakpoints) && 1327 !set_breakpoint_caps(true)) { 1328 send_empty_response(); 1329 return; 1330 } 1331 bp = malloc(sizeof(*bp)); 1332 bp->gpa = gpa; 1333 memcpy(bp->shadow_inst, cp, sizeof(bp->shadow_inst)); 1334 memcpy(cp, GDB_BP_INSTR, sizeof(bp->shadow_inst)); 1335 TAILQ_INSERT_TAIL(&breakpoints, bp, link); 1336 debug("new breakpoint at %#lx\n", gpa); 1337 } 1338 } else { 1339 if (bp != NULL) { 1340 debug("remove breakpoint at %#lx\n", gpa); 1341 memcpy(cp, bp->shadow_inst, sizeof(bp->shadow_inst)); 1342 TAILQ_REMOVE(&breakpoints, bp, link); 1343 free(bp); 1344 if (TAILQ_EMPTY(&breakpoints)) 1345 set_breakpoint_caps(false); 1346 } 1347 } 1348 send_ok(); 1349 } 1350 1351 static void 1352 parse_breakpoint(const uint8_t *data, size_t len) 1353 { 1354 uint64_t gva; 1355 uint8_t *cp; 1356 bool insert; 1357 int kind, type; 1358 1359 insert = data[0] == 'Z'; 1360 1361 /* Skip 'Z/z' */ 1362 data += 1; 1363 len -= 1; 1364 1365 /* Parse and consume type. */ 1366 cp = memchr(data, ',', len); 1367 if (cp == NULL || cp == data) { 1368 send_error(EINVAL); 1369 return; 1370 } 1371 type = parse_integer(data, cp - data); 1372 len -= (cp - data) + 1; 1373 data += (cp - data) + 1; 1374 1375 /* Parse and consume address. */ 1376 cp = memchr(data, ',', len); 1377 if (cp == NULL || cp == data) { 1378 send_error(EINVAL); 1379 return; 1380 } 1381 gva = parse_integer(data, cp - data); 1382 len -= (cp - data) + 1; 1383 data += (cp - data) + 1; 1384 1385 /* Parse and consume kind. */ 1386 cp = memchr(data, ';', len); 1387 if (cp == data) { 1388 send_error(EINVAL); 1389 return; 1390 } 1391 if (cp != NULL) { 1392 /* 1393 * We do not advertise support for either the 1394 * ConditionalBreakpoints or BreakpointCommands 1395 * features, so we should not be getting conditions or 1396 * commands from the remote end. 1397 */ 1398 send_empty_response(); 1399 return; 1400 } 1401 kind = parse_integer(data, len); 1402 data += len; 1403 len = 0; 1404 1405 switch (type) { 1406 case 0: 1407 update_sw_breakpoint(gva, kind, insert); 1408 break; 1409 default: 1410 send_empty_response(); 1411 break; 1412 } 1413 } 1414 1415 static bool 1416 command_equals(const uint8_t *data, size_t len, const char *cmd) 1417 { 1418 1419 if (strlen(cmd) > len) 1420 return (false); 1421 return (memcmp(data, cmd, strlen(cmd)) == 0); 1422 } 1423 1424 static void 1425 check_features(const uint8_t *data, size_t len) 1426 { 1427 char *feature, *next_feature, *str, *value; 1428 bool supported; 1429 1430 str = malloc(len + 1); 1431 memcpy(str, data, len); 1432 str[len] = '\0'; 1433 next_feature = str; 1434 1435 while ((feature = strsep(&next_feature, ";")) != NULL) { 1436 /* 1437 * Null features shouldn't exist, but skip if they 1438 * do. 1439 */ 1440 if (strcmp(feature, "") == 0) 1441 continue; 1442 1443 /* 1444 * Look for the value or supported / not supported 1445 * flag. 1446 */ 1447 value = strchr(feature, '='); 1448 if (value != NULL) { 1449 *value = '\0'; 1450 value++; 1451 supported = true; 1452 } else { 1453 value = feature + strlen(feature) - 1; 1454 switch (*value) { 1455 case '+': 1456 supported = true; 1457 break; 1458 case '-': 1459 supported = false; 1460 break; 1461 default: 1462 /* 1463 * This is really a protocol error, 1464 * but we just ignore malformed 1465 * features for ease of 1466 * implementation. 1467 */ 1468 continue; 1469 } 1470 value = NULL; 1471 } 1472 1473 if (strcmp(feature, "swbreak") == 0) 1474 swbreak_enabled = supported; 1475 1476 #ifndef __FreeBSD__ 1477 /* 1478 * The compiler dislikes 'supported' being set but never used. 1479 * Make it happy here. 1480 */ 1481 if (supported) { 1482 debug("feature '%s' supported\n", feature); 1483 } 1484 #endif /* __FreeBSD__ */ 1485 } 1486 free(str); 1487 1488 start_packet(); 1489 1490 /* This is an arbitrary limit. */ 1491 append_string("PacketSize=4096"); 1492 append_string(";swbreak+"); 1493 finish_packet(); 1494 } 1495 1496 static void 1497 gdb_query(const uint8_t *data, size_t len) 1498 { 1499 1500 /* 1501 * TODO: 1502 * - qSearch 1503 */ 1504 if (command_equals(data, len, "qAttached")) { 1505 start_packet(); 1506 append_char('1'); 1507 finish_packet(); 1508 } else if (command_equals(data, len, "qC")) { 1509 start_packet(); 1510 append_string("QC"); 1511 append_integer(cur_vcpu + 1); 1512 finish_packet(); 1513 } else if (command_equals(data, len, "qfThreadInfo")) { 1514 cpuset_t mask; 1515 bool first; 1516 int vcpu; 1517 1518 if (CPU_EMPTY(&vcpus_active)) { 1519 send_error(EINVAL); 1520 return; 1521 } 1522 mask = vcpus_active; 1523 start_packet(); 1524 append_char('m'); 1525 first = true; 1526 while (!CPU_EMPTY(&mask)) { 1527 vcpu = CPU_FFS(&mask) - 1; 1528 CPU_CLR(vcpu, &mask); 1529 if (first) 1530 first = false; 1531 else 1532 append_char(','); 1533 append_integer(vcpu + 1); 1534 } 1535 finish_packet(); 1536 } else if (command_equals(data, len, "qsThreadInfo")) { 1537 start_packet(); 1538 append_char('l'); 1539 finish_packet(); 1540 } else if (command_equals(data, len, "qSupported")) { 1541 data += strlen("qSupported"); 1542 len -= strlen("qSupported"); 1543 check_features(data, len); 1544 } else if (command_equals(data, len, "qThreadExtraInfo")) { 1545 char buf[16]; 1546 int tid; 1547 1548 data += strlen("qThreadExtraInfo"); 1549 len -= strlen("qThreadExtraInfo"); 1550 if (len == 0 || *data != ',') { 1551 send_error(EINVAL); 1552 return; 1553 } 1554 tid = parse_threadid(data + 1, len - 1); 1555 if (tid <= 0 || !CPU_ISSET(tid - 1, &vcpus_active)) { 1556 send_error(EINVAL); 1557 return; 1558 } 1559 1560 snprintf(buf, sizeof(buf), "vCPU %d", tid - 1); 1561 start_packet(); 1562 append_asciihex(buf); 1563 finish_packet(); 1564 } else 1565 send_empty_response(); 1566 } 1567 1568 static void 1569 handle_command(const uint8_t *data, size_t len) 1570 { 1571 1572 /* Reject packets with a sequence-id. */ 1573 if (len >= 3 && data[0] >= '0' && data[0] <= '9' && 1574 data[0] >= '0' && data[0] <= '9' && data[2] == ':') { 1575 send_empty_response(); 1576 return; 1577 } 1578 1579 switch (*data) { 1580 case 'c': 1581 if (len != 1) { 1582 send_error(EINVAL); 1583 break; 1584 } 1585 1586 discard_stop(); 1587 gdb_resume_vcpus(); 1588 break; 1589 case 'D': 1590 send_ok(); 1591 1592 /* TODO: Resume any stopped CPUs. */ 1593 break; 1594 case 'g': 1595 gdb_read_regs(); 1596 break; 1597 case 'p': 1598 gdb_read_one_reg(data + 1, len - 1); 1599 break; 1600 case 'H': { 1601 int tid; 1602 1603 if (len < 2 || (data[1] != 'g' && data[1] != 'c')) { 1604 send_error(EINVAL); 1605 break; 1606 } 1607 tid = parse_threadid(data + 2, len - 2); 1608 if (tid == -2) { 1609 send_error(EINVAL); 1610 break; 1611 } 1612 1613 if (CPU_EMPTY(&vcpus_active)) { 1614 send_error(EINVAL); 1615 break; 1616 } 1617 if (tid == -1 || tid == 0) 1618 cur_vcpu = CPU_FFS(&vcpus_active) - 1; 1619 else if (CPU_ISSET(tid - 1, &vcpus_active)) 1620 cur_vcpu = tid - 1; 1621 else { 1622 send_error(EINVAL); 1623 break; 1624 } 1625 send_ok(); 1626 break; 1627 } 1628 case 'm': 1629 gdb_read_mem(data, len); 1630 break; 1631 case 'M': 1632 gdb_write_mem(data, len); 1633 break; 1634 case 'T': { 1635 int tid; 1636 1637 tid = parse_threadid(data + 1, len - 1); 1638 if (tid <= 0 || !CPU_ISSET(tid - 1, &vcpus_active)) { 1639 send_error(EINVAL); 1640 return; 1641 } 1642 send_ok(); 1643 break; 1644 } 1645 case 'q': 1646 gdb_query(data, len); 1647 break; 1648 case 's': 1649 if (len != 1) { 1650 send_error(EINVAL); 1651 break; 1652 } 1653 1654 /* Don't send a reply until a stop occurs. */ 1655 if (!gdb_step_vcpu(vcpus[cur_vcpu])) { 1656 send_error(EOPNOTSUPP); 1657 break; 1658 } 1659 break; 1660 case 'z': 1661 case 'Z': 1662 parse_breakpoint(data, len); 1663 break; 1664 case '?': 1665 report_stop(false); 1666 break; 1667 case 'G': /* TODO */ 1668 case 'v': 1669 /* Handle 'vCont' */ 1670 /* 'vCtrlC' */ 1671 case 'P': /* TODO */ 1672 case 'Q': /* TODO */ 1673 case 't': /* TODO */ 1674 case 'X': /* TODO */ 1675 default: 1676 send_empty_response(); 1677 } 1678 } 1679 1680 /* Check for a valid packet in the command buffer. */ 1681 static void 1682 check_command(int fd) 1683 { 1684 uint8_t *head, *hash, *p, sum; 1685 size_t avail, plen; 1686 1687 for (;;) { 1688 avail = cur_comm.len; 1689 if (avail == 0) 1690 return; 1691 head = io_buffer_head(&cur_comm); 1692 switch (*head) { 1693 case 0x03: 1694 debug("<- Ctrl-C\n"); 1695 io_buffer_consume(&cur_comm, 1); 1696 1697 gdb_suspend_vcpus(); 1698 break; 1699 case '+': 1700 /* ACK of previous response. */ 1701 debug("<- +\n"); 1702 if (response_pending()) 1703 io_buffer_reset(&cur_resp); 1704 io_buffer_consume(&cur_comm, 1); 1705 if (stopped_vcpu != -1 && report_next_stop) { 1706 report_stop(true); 1707 send_pending_data(fd); 1708 } 1709 break; 1710 case '-': 1711 /* NACK of previous response. */ 1712 debug("<- -\n"); 1713 if (response_pending()) { 1714 cur_resp.len += cur_resp.start; 1715 cur_resp.start = 0; 1716 if (cur_resp.data[0] == '+') 1717 io_buffer_advance(&cur_resp, 1); 1718 debug("-> %.*s\n", (int)cur_resp.len, 1719 io_buffer_head(&cur_resp)); 1720 } 1721 io_buffer_consume(&cur_comm, 1); 1722 send_pending_data(fd); 1723 break; 1724 case '$': 1725 /* Packet. */ 1726 1727 if (response_pending()) { 1728 warnx("New GDB command while response in " 1729 "progress"); 1730 io_buffer_reset(&cur_resp); 1731 } 1732 1733 /* Is packet complete? */ 1734 hash = memchr(head, '#', avail); 1735 if (hash == NULL) 1736 return; 1737 plen = (hash - head + 1) + 2; 1738 if (avail < plen) 1739 return; 1740 debug("<- %.*s\n", (int)plen, head); 1741 1742 /* Verify checksum. */ 1743 for (sum = 0, p = head + 1; p < hash; p++) 1744 sum += *p; 1745 if (sum != parse_byte(hash + 1)) { 1746 io_buffer_consume(&cur_comm, plen); 1747 debug("-> -\n"); 1748 send_char('-'); 1749 send_pending_data(fd); 1750 break; 1751 } 1752 send_char('+'); 1753 1754 handle_command(head + 1, hash - (head + 1)); 1755 io_buffer_consume(&cur_comm, plen); 1756 if (!response_pending()) { 1757 debug("-> +\n"); 1758 } 1759 send_pending_data(fd); 1760 break; 1761 default: 1762 /* XXX: Possibly drop connection instead. */ 1763 debug("-> %02x\n", *head); 1764 io_buffer_consume(&cur_comm, 1); 1765 break; 1766 } 1767 } 1768 } 1769 1770 static void 1771 gdb_readable(int fd, enum ev_type event __unused, void *arg __unused) 1772 { 1773 size_t pending; 1774 ssize_t nread; 1775 int n; 1776 1777 if (ioctl(fd, FIONREAD, &n) == -1) { 1778 warn("FIONREAD on GDB socket"); 1779 return; 1780 } 1781 assert(n >= 0); 1782 pending = n; 1783 1784 /* 1785 * 'pending' might be zero due to EOF. We need to call read 1786 * with a non-zero length to detect EOF. 1787 */ 1788 if (pending == 0) 1789 pending = 1; 1790 1791 /* Ensure there is room in the command buffer. */ 1792 io_buffer_grow(&cur_comm, pending); 1793 assert(io_buffer_avail(&cur_comm) >= pending); 1794 1795 nread = read(fd, io_buffer_tail(&cur_comm), io_buffer_avail(&cur_comm)); 1796 if (nread == 0) { 1797 close_connection(); 1798 } else if (nread == -1) { 1799 if (errno == EAGAIN) 1800 return; 1801 1802 warn("Read from GDB socket"); 1803 close_connection(); 1804 } else { 1805 cur_comm.len += nread; 1806 pthread_mutex_lock(&gdb_lock); 1807 check_command(fd); 1808 pthread_mutex_unlock(&gdb_lock); 1809 } 1810 } 1811 1812 static void 1813 gdb_writable(int fd, enum ev_type event __unused, void *arg __unused) 1814 { 1815 1816 send_pending_data(fd); 1817 } 1818 1819 static void 1820 new_connection(int fd, enum ev_type event __unused, void *arg) 1821 { 1822 int optval, s; 1823 1824 s = accept4(fd, NULL, NULL, SOCK_NONBLOCK); 1825 if (s == -1) { 1826 if (arg != NULL) 1827 err(1, "Failed accepting initial GDB connection"); 1828 1829 /* Silently ignore errors post-startup. */ 1830 return; 1831 } 1832 1833 optval = 1; 1834 if (setsockopt(s, SOL_SOCKET, SO_NOSIGPIPE, &optval, sizeof(optval)) == 1835 -1) { 1836 warn("Failed to disable SIGPIPE for GDB connection"); 1837 close(s); 1838 return; 1839 } 1840 1841 pthread_mutex_lock(&gdb_lock); 1842 if (cur_fd != -1) { 1843 close(s); 1844 warnx("Ignoring additional GDB connection."); 1845 } 1846 1847 read_event = mevent_add(s, EVF_READ, gdb_readable, NULL); 1848 if (read_event == NULL) { 1849 if (arg != NULL) 1850 err(1, "Failed to setup initial GDB connection"); 1851 pthread_mutex_unlock(&gdb_lock); 1852 return; 1853 } 1854 write_event = mevent_add(s, EVF_WRITE, gdb_writable, NULL); 1855 if (write_event == NULL) { 1856 if (arg != NULL) 1857 err(1, "Failed to setup initial GDB connection"); 1858 mevent_delete_close(read_event); 1859 read_event = NULL; 1860 } 1861 1862 cur_fd = s; 1863 cur_vcpu = 0; 1864 stopped_vcpu = -1; 1865 1866 /* Break on attach. */ 1867 first_stop = true; 1868 report_next_stop = false; 1869 gdb_suspend_vcpus(); 1870 pthread_mutex_unlock(&gdb_lock); 1871 } 1872 1873 #ifndef WITHOUT_CAPSICUM 1874 static void 1875 limit_gdb_socket(int s) 1876 { 1877 cap_rights_t rights; 1878 unsigned long ioctls[] = { FIONREAD }; 1879 1880 cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE, 1881 CAP_SETSOCKOPT, CAP_IOCTL); 1882 if (caph_rights_limit(s, &rights) == -1) 1883 errx(EX_OSERR, "Unable to apply rights for sandbox"); 1884 if (caph_ioctls_limit(s, ioctls, nitems(ioctls)) == -1) 1885 errx(EX_OSERR, "Unable to apply rights for sandbox"); 1886 } 1887 #endif 1888 1889 1890 #ifndef __FreeBSD__ 1891 /* 1892 * Equivalent to init_gdb() below, but without configuring the listening socket. 1893 * This will allow the bhyve process to tolerate mdb attaching/detaching from 1894 * the instance while it is running. 1895 */ 1896 void 1897 init_mdb(struct vmctx *_ctx) 1898 { 1899 int error; 1900 bool wait; 1901 1902 wait = get_config_bool_default("gdb.wait", false); 1903 1904 error = pthread_mutex_init(&gdb_lock, NULL); 1905 if (error != 0) 1906 errc(1, error, "gdb mutex init"); 1907 error = pthread_cond_init(&idle_vcpus, NULL); 1908 if (error != 0) 1909 errc(1, error, "gdb cv init"); 1910 1911 ctx = _ctx; 1912 stopped_vcpu = -1; 1913 TAILQ_INIT(&breakpoints); 1914 vcpu_state = calloc(guest_ncpus, sizeof(*vcpu_state)); 1915 if (wait) { 1916 /* 1917 * Set vcpu 0 in vcpus_suspended. This will trigger the 1918 * logic in gdb_cpu_add() to suspend the first vcpu before 1919 * it starts execution. The vcpu will remain suspended 1920 * until a debugger connects. 1921 */ 1922 CPU_SET(0, &vcpus_suspended); 1923 stopped_vcpu = 0; 1924 } 1925 } 1926 #endif 1927 1928 void 1929 init_gdb(struct vmctx *_ctx) 1930 { 1931 int error, flags, optval, s; 1932 struct addrinfo hints; 1933 struct addrinfo *gdbaddr; 1934 const char *saddr, *value; 1935 char *sport; 1936 bool wait; 1937 1938 value = get_config_value("gdb.port"); 1939 if (value == NULL) 1940 return; 1941 sport = strdup(value); 1942 if (sport == NULL) 1943 errx(4, "Failed to allocate memory"); 1944 1945 wait = get_config_bool_default("gdb.wait", false); 1946 1947 saddr = get_config_value("gdb.address"); 1948 if (saddr == NULL) { 1949 saddr = "localhost"; 1950 } 1951 1952 debug("==> starting on %s:%s, %swaiting\n", 1953 saddr, sport, wait ? "" : "not "); 1954 1955 error = pthread_mutex_init(&gdb_lock, NULL); 1956 if (error != 0) 1957 errc(1, error, "gdb mutex init"); 1958 error = pthread_cond_init(&idle_vcpus, NULL); 1959 if (error != 0) 1960 errc(1, error, "gdb cv init"); 1961 1962 memset(&hints, 0, sizeof(hints)); 1963 hints.ai_family = AF_UNSPEC; 1964 hints.ai_socktype = SOCK_STREAM; 1965 hints.ai_flags = AI_NUMERICSERV | AI_PASSIVE; 1966 1967 error = getaddrinfo(saddr, sport, &hints, &gdbaddr); 1968 if (error != 0) 1969 errx(1, "gdb address resolution: %s", gai_strerror(error)); 1970 1971 ctx = _ctx; 1972 s = socket(gdbaddr->ai_family, gdbaddr->ai_socktype, 0); 1973 if (s < 0) 1974 err(1, "gdb socket create"); 1975 1976 optval = 1; 1977 (void)setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval)); 1978 1979 if (bind(s, gdbaddr->ai_addr, gdbaddr->ai_addrlen) < 0) 1980 err(1, "gdb socket bind"); 1981 1982 if (listen(s, 1) < 0) 1983 err(1, "gdb socket listen"); 1984 1985 stopped_vcpu = -1; 1986 TAILQ_INIT(&breakpoints); 1987 vcpus = calloc(guest_ncpus, sizeof(*vcpus)); 1988 vcpu_state = calloc(guest_ncpus, sizeof(*vcpu_state)); 1989 if (wait) { 1990 /* 1991 * Set vcpu 0 in vcpus_suspended. This will trigger the 1992 * logic in gdb_cpu_add() to suspend the first vcpu before 1993 * it starts execution. The vcpu will remain suspended 1994 * until a debugger connects. 1995 */ 1996 CPU_SET(0, &vcpus_suspended); 1997 stopped_vcpu = 0; 1998 } 1999 2000 flags = fcntl(s, F_GETFL); 2001 if (fcntl(s, F_SETFL, flags | O_NONBLOCK) == -1) 2002 err(1, "Failed to mark gdb socket non-blocking"); 2003 2004 #ifndef WITHOUT_CAPSICUM 2005 limit_gdb_socket(s); 2006 #endif 2007 mevent_add(s, EVF_READ, new_connection, NULL); 2008 gdb_active = true; 2009 freeaddrinfo(gdbaddr); 2010 free(sport); 2011 } 2012