1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2017-2018 John H. Baldwin <jhb@FreeBSD.org> 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include <sys/cdefs.h> 29 __FBSDID("$FreeBSD$"); 30 31 #include <sys/param.h> 32 #ifndef WITHOUT_CAPSICUM 33 #include <sys/capsicum.h> 34 #endif 35 #ifdef __FreeBSD__ 36 #include <sys/endian.h> 37 #else 38 #include <endian.h> 39 #endif 40 #include <sys/ioctl.h> 41 #include <sys/mman.h> 42 #include <sys/queue.h> 43 #include <sys/socket.h> 44 #include <machine/atomic.h> 45 #include <machine/specialreg.h> 46 #include <machine/vmm.h> 47 #include <netinet/in.h> 48 #include <assert.h> 49 #ifndef WITHOUT_CAPSICUM 50 #include <capsicum_helpers.h> 51 #endif 52 #include <err.h> 53 #include <errno.h> 54 #include <fcntl.h> 55 #include <netdb.h> 56 #include <pthread.h> 57 #include <pthread_np.h> 58 #include <stdbool.h> 59 #include <stdio.h> 60 #include <stdlib.h> 61 #include <string.h> 62 #include <sysexits.h> 63 #include <unistd.h> 64 #include <vmmapi.h> 65 66 #include "bhyverun.h" 67 #include "config.h" 68 #include "gdb.h" 69 #include "mem.h" 70 #include "mevent.h" 71 72 /* 73 * GDB_SIGNAL_* numbers are part of the GDB remote protocol. Most stops 74 * use SIGTRAP. 75 */ 76 #define GDB_SIGNAL_TRAP 5 77 78 static void gdb_resume_vcpus(void); 79 static void check_command(int fd); 80 81 static struct mevent *read_event, *write_event; 82 83 static cpuset_t vcpus_active, vcpus_suspended, vcpus_waiting; 84 static pthread_mutex_t gdb_lock; 85 static pthread_cond_t idle_vcpus; 86 static bool first_stop, report_next_stop, swbreak_enabled; 87 88 /* 89 * An I/O buffer contains 'capacity' bytes of room at 'data'. For a 90 * read buffer, 'start' is unused and 'len' contains the number of 91 * valid bytes in the buffer. For a write buffer, 'start' is set to 92 * the index of the next byte in 'data' to send, and 'len' contains 93 * the remaining number of valid bytes to send. 94 */ 95 struct io_buffer { 96 uint8_t *data; 97 size_t capacity; 98 size_t start; 99 size_t len; 100 }; 101 102 struct breakpoint { 103 uint64_t gpa; 104 uint8_t shadow_inst; 105 TAILQ_ENTRY(breakpoint) link; 106 }; 107 108 /* 109 * When a vCPU stops to due to an event that should be reported to the 110 * debugger, information about the event is stored in this structure. 111 * The vCPU thread then sets 'stopped_vcpu' if it is not already set 112 * and stops other vCPUs so the event can be reported. The 113 * report_stop() function reports the event for the 'stopped_vcpu' 114 * vCPU. When the debugger resumes execution via continue or step, 115 * the event for 'stopped_vcpu' is cleared. vCPUs will loop in their 116 * event handlers until the associated event is reported or disabled. 117 * 118 * An idle vCPU will have all of the boolean fields set to false. 119 * 120 * When a vCPU is stepped, 'stepping' is set to true when the vCPU is 121 * released to execute the stepped instruction. When the vCPU reports 122 * the stepping trap, 'stepped' is set. 123 * 124 * When a vCPU hits a breakpoint set by the debug server, 125 * 'hit_swbreak' is set to true. 126 */ 127 struct vcpu_state { 128 bool stepping; 129 bool stepped; 130 bool hit_swbreak; 131 }; 132 133 static struct io_buffer cur_comm, cur_resp; 134 static uint8_t cur_csum; 135 static struct vmctx *ctx; 136 static int cur_fd = -1; 137 static TAILQ_HEAD(, breakpoint) breakpoints; 138 static struct vcpu_state *vcpu_state; 139 static int cur_vcpu, stopped_vcpu; 140 static bool gdb_active = false; 141 142 const int gdb_regset[] = { 143 VM_REG_GUEST_RAX, 144 VM_REG_GUEST_RBX, 145 VM_REG_GUEST_RCX, 146 VM_REG_GUEST_RDX, 147 VM_REG_GUEST_RSI, 148 VM_REG_GUEST_RDI, 149 VM_REG_GUEST_RBP, 150 VM_REG_GUEST_RSP, 151 VM_REG_GUEST_R8, 152 VM_REG_GUEST_R9, 153 VM_REG_GUEST_R10, 154 VM_REG_GUEST_R11, 155 VM_REG_GUEST_R12, 156 VM_REG_GUEST_R13, 157 VM_REG_GUEST_R14, 158 VM_REG_GUEST_R15, 159 VM_REG_GUEST_RIP, 160 VM_REG_GUEST_RFLAGS, 161 VM_REG_GUEST_CS, 162 VM_REG_GUEST_SS, 163 VM_REG_GUEST_DS, 164 VM_REG_GUEST_ES, 165 VM_REG_GUEST_FS, 166 VM_REG_GUEST_GS 167 }; 168 169 const int gdb_regsize[] = { 170 8, 171 8, 172 8, 173 8, 174 8, 175 8, 176 8, 177 8, 178 8, 179 8, 180 8, 181 8, 182 8, 183 8, 184 8, 185 8, 186 8, 187 4, 188 4, 189 4, 190 4, 191 4, 192 4, 193 4 194 }; 195 196 #ifdef GDB_LOG 197 #include <stdarg.h> 198 #include <stdio.h> 199 200 static void __printflike(1, 2) 201 debug(const char *fmt, ...) 202 { 203 static FILE *logfile; 204 va_list ap; 205 206 if (logfile == NULL) { 207 logfile = fopen("/tmp/bhyve_gdb.log", "w"); 208 if (logfile == NULL) 209 return; 210 #ifndef WITHOUT_CAPSICUM 211 if (caph_limit_stream(fileno(logfile), CAPH_WRITE) == -1) { 212 fclose(logfile); 213 logfile = NULL; 214 return; 215 } 216 #endif 217 setlinebuf(logfile); 218 } 219 va_start(ap, fmt); 220 vfprintf(logfile, fmt, ap); 221 va_end(ap); 222 } 223 #else 224 #ifndef __FreeBSD__ 225 /* 226 * A totally empty debug() makes the compiler grumpy due to how its used with 227 * some control flow here. 228 */ 229 #define debug(...) do { } while (0) 230 #else 231 #define debug(...) 232 #endif 233 #endif 234 235 static void remove_all_sw_breakpoints(void); 236 237 static int 238 guest_paging_info(int vcpu, struct vm_guest_paging *paging) 239 { 240 uint64_t regs[4]; 241 const int regset[4] = { 242 VM_REG_GUEST_CR0, 243 VM_REG_GUEST_CR3, 244 VM_REG_GUEST_CR4, 245 VM_REG_GUEST_EFER 246 }; 247 248 if (vm_get_register_set(ctx, vcpu, nitems(regset), regset, regs) == -1) 249 return (-1); 250 251 /* 252 * For the debugger, always pretend to be the kernel (CPL 0), 253 * and if long-mode is enabled, always parse addresses as if 254 * in 64-bit mode. 255 */ 256 paging->cr3 = regs[1]; 257 paging->cpl = 0; 258 if (regs[3] & EFER_LMA) 259 paging->cpu_mode = CPU_MODE_64BIT; 260 else if (regs[0] & CR0_PE) 261 paging->cpu_mode = CPU_MODE_PROTECTED; 262 else 263 paging->cpu_mode = CPU_MODE_REAL; 264 if (!(regs[0] & CR0_PG)) 265 paging->paging_mode = PAGING_MODE_FLAT; 266 else if (!(regs[2] & CR4_PAE)) 267 paging->paging_mode = PAGING_MODE_32; 268 else if (regs[3] & EFER_LME) 269 paging->paging_mode = PAGING_MODE_64; 270 else 271 paging->paging_mode = PAGING_MODE_PAE; 272 return (0); 273 } 274 275 /* 276 * Map a guest virtual address to a physical address (for a given vcpu). 277 * If a guest virtual address is valid, return 1. If the address is 278 * not valid, return 0. If an error occurs obtaining the mapping, 279 * return -1. 280 */ 281 static int 282 guest_vaddr2paddr(int vcpu, uint64_t vaddr, uint64_t *paddr) 283 { 284 struct vm_guest_paging paging; 285 int fault; 286 287 if (guest_paging_info(vcpu, &paging) == -1) 288 return (-1); 289 290 /* 291 * Always use PROT_READ. We really care if the VA is 292 * accessible, not if the current vCPU can write. 293 */ 294 if (vm_gla2gpa_nofault(ctx, vcpu, &paging, vaddr, PROT_READ, paddr, 295 &fault) == -1) 296 return (-1); 297 if (fault) 298 return (0); 299 return (1); 300 } 301 302 static void 303 io_buffer_reset(struct io_buffer *io) 304 { 305 306 io->start = 0; 307 io->len = 0; 308 } 309 310 /* Available room for adding data. */ 311 static size_t 312 io_buffer_avail(struct io_buffer *io) 313 { 314 315 return (io->capacity - (io->start + io->len)); 316 } 317 318 static uint8_t * 319 io_buffer_head(struct io_buffer *io) 320 { 321 322 return (io->data + io->start); 323 } 324 325 static uint8_t * 326 io_buffer_tail(struct io_buffer *io) 327 { 328 329 return (io->data + io->start + io->len); 330 } 331 332 static void 333 io_buffer_advance(struct io_buffer *io, size_t amount) 334 { 335 336 assert(amount <= io->len); 337 io->start += amount; 338 io->len -= amount; 339 } 340 341 static void 342 io_buffer_consume(struct io_buffer *io, size_t amount) 343 { 344 345 io_buffer_advance(io, amount); 346 if (io->len == 0) { 347 io->start = 0; 348 return; 349 } 350 351 /* 352 * XXX: Consider making this move optional and compacting on a 353 * future read() before realloc(). 354 */ 355 memmove(io->data, io_buffer_head(io), io->len); 356 io->start = 0; 357 } 358 359 static void 360 io_buffer_grow(struct io_buffer *io, size_t newsize) 361 { 362 uint8_t *new_data; 363 size_t avail, new_cap; 364 365 avail = io_buffer_avail(io); 366 if (newsize <= avail) 367 return; 368 369 new_cap = io->capacity + (newsize - avail); 370 new_data = realloc(io->data, new_cap); 371 if (new_data == NULL) 372 err(1, "Failed to grow GDB I/O buffer"); 373 io->data = new_data; 374 io->capacity = new_cap; 375 } 376 377 static bool 378 response_pending(void) 379 { 380 381 if (cur_resp.start == 0 && cur_resp.len == 0) 382 return (false); 383 if (cur_resp.start + cur_resp.len == 1 && cur_resp.data[0] == '+') 384 return (false); 385 return (true); 386 } 387 388 static void 389 close_connection(void) 390 { 391 392 /* 393 * XXX: This triggers a warning because mevent does the close 394 * before the EV_DELETE. 395 */ 396 pthread_mutex_lock(&gdb_lock); 397 mevent_delete(write_event); 398 mevent_delete_close(read_event); 399 write_event = NULL; 400 read_event = NULL; 401 io_buffer_reset(&cur_comm); 402 io_buffer_reset(&cur_resp); 403 cur_fd = -1; 404 405 remove_all_sw_breakpoints(); 406 407 /* Clear any pending events. */ 408 memset(vcpu_state, 0, guest_ncpus * sizeof(*vcpu_state)); 409 410 /* Resume any stopped vCPUs. */ 411 gdb_resume_vcpus(); 412 pthread_mutex_unlock(&gdb_lock); 413 } 414 415 static uint8_t 416 hex_digit(uint8_t nibble) 417 { 418 419 if (nibble <= 9) 420 return (nibble + '0'); 421 else 422 return (nibble + 'a' - 10); 423 } 424 425 static uint8_t 426 parse_digit(uint8_t v) 427 { 428 429 if (v >= '0' && v <= '9') 430 return (v - '0'); 431 if (v >= 'a' && v <= 'f') 432 return (v - 'a' + 10); 433 if (v >= 'A' && v <= 'F') 434 return (v - 'A' + 10); 435 return (0xF); 436 } 437 438 /* Parses big-endian hexadecimal. */ 439 static uintmax_t 440 parse_integer(const uint8_t *p, size_t len) 441 { 442 uintmax_t v; 443 444 v = 0; 445 while (len > 0) { 446 v <<= 4; 447 v |= parse_digit(*p); 448 p++; 449 len--; 450 } 451 return (v); 452 } 453 454 static uint8_t 455 parse_byte(const uint8_t *p) 456 { 457 458 return (parse_digit(p[0]) << 4 | parse_digit(p[1])); 459 } 460 461 static void 462 send_pending_data(int fd) 463 { 464 ssize_t nwritten; 465 466 if (cur_resp.len == 0) { 467 mevent_disable(write_event); 468 return; 469 } 470 nwritten = write(fd, io_buffer_head(&cur_resp), cur_resp.len); 471 if (nwritten == -1) { 472 warn("Write to GDB socket failed"); 473 close_connection(); 474 } else { 475 io_buffer_advance(&cur_resp, nwritten); 476 if (cur_resp.len == 0) 477 mevent_disable(write_event); 478 else 479 mevent_enable(write_event); 480 } 481 } 482 483 /* Append a single character to the output buffer. */ 484 static void 485 send_char(uint8_t data) 486 { 487 io_buffer_grow(&cur_resp, 1); 488 *io_buffer_tail(&cur_resp) = data; 489 cur_resp.len++; 490 } 491 492 /* Append an array of bytes to the output buffer. */ 493 static void 494 send_data(const uint8_t *data, size_t len) 495 { 496 497 io_buffer_grow(&cur_resp, len); 498 memcpy(io_buffer_tail(&cur_resp), data, len); 499 cur_resp.len += len; 500 } 501 502 static void 503 format_byte(uint8_t v, uint8_t *buf) 504 { 505 506 buf[0] = hex_digit(v >> 4); 507 buf[1] = hex_digit(v & 0xf); 508 } 509 510 /* 511 * Append a single byte (formatted as two hex characters) to the 512 * output buffer. 513 */ 514 static void 515 send_byte(uint8_t v) 516 { 517 uint8_t buf[2]; 518 519 format_byte(v, buf); 520 send_data(buf, sizeof(buf)); 521 } 522 523 static void 524 start_packet(void) 525 { 526 527 send_char('$'); 528 cur_csum = 0; 529 } 530 531 static void 532 finish_packet(void) 533 { 534 535 send_char('#'); 536 send_byte(cur_csum); 537 debug("-> %.*s\n", (int)cur_resp.len, io_buffer_head(&cur_resp)); 538 } 539 540 /* 541 * Append a single character (for the packet payload) and update the 542 * checksum. 543 */ 544 static void 545 append_char(uint8_t v) 546 { 547 548 send_char(v); 549 cur_csum += v; 550 } 551 552 /* 553 * Append an array of bytes (for the packet payload) and update the 554 * checksum. 555 */ 556 static void 557 append_packet_data(const uint8_t *data, size_t len) 558 { 559 560 send_data(data, len); 561 while (len > 0) { 562 cur_csum += *data; 563 data++; 564 len--; 565 } 566 } 567 568 static void 569 append_string(const char *str) 570 { 571 572 #ifdef __FreeBSD__ 573 append_packet_data(str, strlen(str)); 574 #else 575 append_packet_data((const uint8_t *)str, strlen(str)); 576 #endif 577 } 578 579 static void 580 append_byte(uint8_t v) 581 { 582 uint8_t buf[2]; 583 584 format_byte(v, buf); 585 append_packet_data(buf, sizeof(buf)); 586 } 587 588 static void 589 append_unsigned_native(uintmax_t value, size_t len) 590 { 591 size_t i; 592 593 for (i = 0; i < len; i++) { 594 append_byte(value); 595 value >>= 8; 596 } 597 } 598 599 static void 600 append_unsigned_be(uintmax_t value, size_t len) 601 { 602 char buf[len * 2]; 603 size_t i; 604 605 for (i = 0; i < len; i++) { 606 #ifdef __FreeBSD__ 607 format_byte(value, buf + (len - i - 1) * 2); 608 #else 609 format_byte(value, (uint8_t *)(buf + (len - i - 1) * 2)); 610 #endif 611 value >>= 8; 612 } 613 #ifdef __FreeBSD__ 614 append_packet_data(buf, sizeof(buf)); 615 #else 616 append_packet_data((const uint8_t *)buf, sizeof(buf)); 617 #endif 618 } 619 620 static void 621 append_integer(unsigned int value) 622 { 623 624 if (value == 0) 625 append_char('0'); 626 else 627 append_unsigned_be(value, (fls(value) + 7) / 8); 628 } 629 630 static void 631 append_asciihex(const char *str) 632 { 633 634 while (*str != '\0') { 635 append_byte(*str); 636 str++; 637 } 638 } 639 640 static void 641 send_empty_response(void) 642 { 643 644 start_packet(); 645 finish_packet(); 646 } 647 648 static void 649 send_error(int error) 650 { 651 652 start_packet(); 653 append_char('E'); 654 append_byte(error); 655 finish_packet(); 656 } 657 658 static void 659 send_ok(void) 660 { 661 662 start_packet(); 663 append_string("OK"); 664 finish_packet(); 665 } 666 667 static int 668 parse_threadid(const uint8_t *data, size_t len) 669 { 670 671 if (len == 1 && *data == '0') 672 return (0); 673 if (len == 2 && memcmp(data, "-1", 2) == 0) 674 return (-1); 675 if (len == 0) 676 return (-2); 677 return (parse_integer(data, len)); 678 } 679 680 /* 681 * Report the current stop event to the debugger. If the stop is due 682 * to an event triggered on a specific vCPU such as a breakpoint or 683 * stepping trap, stopped_vcpu will be set to the vCPU triggering the 684 * stop. If 'set_cur_vcpu' is true, then cur_vcpu will be updated to 685 * the reporting vCPU for vCPU events. 686 */ 687 static void 688 report_stop(bool set_cur_vcpu) 689 { 690 struct vcpu_state *vs; 691 692 start_packet(); 693 if (stopped_vcpu == -1) { 694 append_char('S'); 695 append_byte(GDB_SIGNAL_TRAP); 696 } else { 697 vs = &vcpu_state[stopped_vcpu]; 698 if (set_cur_vcpu) 699 cur_vcpu = stopped_vcpu; 700 append_char('T'); 701 append_byte(GDB_SIGNAL_TRAP); 702 append_string("thread:"); 703 append_integer(stopped_vcpu + 1); 704 append_char(';'); 705 if (vs->hit_swbreak) { 706 debug("$vCPU %d reporting swbreak\n", stopped_vcpu); 707 if (swbreak_enabled) 708 append_string("swbreak:;"); 709 } else if (vs->stepped) 710 debug("$vCPU %d reporting step\n", stopped_vcpu); 711 else 712 debug("$vCPU %d reporting ???\n", stopped_vcpu); 713 } 714 finish_packet(); 715 report_next_stop = false; 716 } 717 718 /* 719 * If this stop is due to a vCPU event, clear that event to mark it as 720 * acknowledged. 721 */ 722 static void 723 discard_stop(void) 724 { 725 struct vcpu_state *vs; 726 727 if (stopped_vcpu != -1) { 728 vs = &vcpu_state[stopped_vcpu]; 729 vs->hit_swbreak = false; 730 vs->stepped = false; 731 stopped_vcpu = -1; 732 } 733 report_next_stop = true; 734 } 735 736 static void 737 gdb_finish_suspend_vcpus(void) 738 { 739 740 if (first_stop) { 741 first_stop = false; 742 stopped_vcpu = -1; 743 } else if (report_next_stop) { 744 assert(!response_pending()); 745 report_stop(true); 746 send_pending_data(cur_fd); 747 } 748 } 749 750 /* 751 * vCPU threads invoke this function whenever the vCPU enters the 752 * debug server to pause or report an event. vCPU threads wait here 753 * as long as the debug server keeps them suspended. 754 */ 755 static void 756 _gdb_cpu_suspend(int vcpu, bool report_stop) 757 { 758 759 debug("$vCPU %d suspending\n", vcpu); 760 CPU_SET(vcpu, &vcpus_waiting); 761 if (report_stop && CPU_CMP(&vcpus_waiting, &vcpus_suspended) == 0) 762 gdb_finish_suspend_vcpus(); 763 while (CPU_ISSET(vcpu, &vcpus_suspended)) 764 pthread_cond_wait(&idle_vcpus, &gdb_lock); 765 CPU_CLR(vcpu, &vcpus_waiting); 766 debug("$vCPU %d resuming\n", vcpu); 767 } 768 769 /* 770 * Invoked at the start of a vCPU thread's execution to inform the 771 * debug server about the new thread. 772 */ 773 void 774 gdb_cpu_add(int vcpu) 775 { 776 777 if (!gdb_active) 778 return; 779 debug("$vCPU %d starting\n", vcpu); 780 pthread_mutex_lock(&gdb_lock); 781 assert(vcpu < guest_ncpus); 782 CPU_SET(vcpu, &vcpus_active); 783 if (!TAILQ_EMPTY(&breakpoints)) { 784 vm_set_capability(ctx, vcpu, VM_CAP_BPT_EXIT, 1); 785 debug("$vCPU %d enabled breakpoint exits\n", vcpu); 786 } 787 788 /* 789 * If a vcpu is added while vcpus are stopped, suspend the new 790 * vcpu so that it will pop back out with a debug exit before 791 * executing the first instruction. 792 */ 793 if (!CPU_EMPTY(&vcpus_suspended)) { 794 CPU_SET(vcpu, &vcpus_suspended); 795 _gdb_cpu_suspend(vcpu, false); 796 } 797 pthread_mutex_unlock(&gdb_lock); 798 } 799 800 /* 801 * Invoked by vCPU before resuming execution. This enables stepping 802 * if the vCPU is marked as stepping. 803 */ 804 static void 805 gdb_cpu_resume(int vcpu) 806 { 807 struct vcpu_state *vs; 808 int error; 809 810 vs = &vcpu_state[vcpu]; 811 812 /* 813 * Any pending event should already be reported before 814 * resuming. 815 */ 816 assert(vs->hit_swbreak == false); 817 assert(vs->stepped == false); 818 if (vs->stepping) { 819 error = vm_set_capability(ctx, vcpu, VM_CAP_MTRAP_EXIT, 1); 820 assert(error == 0); 821 } 822 } 823 824 /* 825 * Handler for VM_EXITCODE_DEBUG used to suspend a vCPU when the guest 826 * has been suspended due to an event on different vCPU or in response 827 * to a guest-wide suspend such as Ctrl-C or the stop on attach. 828 */ 829 void 830 gdb_cpu_suspend(int vcpu) 831 { 832 833 if (!gdb_active) 834 return; 835 pthread_mutex_lock(&gdb_lock); 836 _gdb_cpu_suspend(vcpu, true); 837 gdb_cpu_resume(vcpu); 838 pthread_mutex_unlock(&gdb_lock); 839 } 840 841 static void 842 gdb_suspend_vcpus(void) 843 { 844 845 assert(pthread_mutex_isowned_np(&gdb_lock)); 846 debug("suspending all CPUs\n"); 847 vcpus_suspended = vcpus_active; 848 vm_suspend_cpu(ctx, -1); 849 if (CPU_CMP(&vcpus_waiting, &vcpus_suspended) == 0) 850 gdb_finish_suspend_vcpus(); 851 } 852 853 /* 854 * Handler for VM_EXITCODE_MTRAP reported when a vCPU single-steps via 855 * the VT-x-specific MTRAP exit. 856 */ 857 void 858 gdb_cpu_mtrap(int vcpu) 859 { 860 struct vcpu_state *vs; 861 862 if (!gdb_active) 863 return; 864 debug("$vCPU %d MTRAP\n", vcpu); 865 pthread_mutex_lock(&gdb_lock); 866 vs = &vcpu_state[vcpu]; 867 if (vs->stepping) { 868 vs->stepping = false; 869 vs->stepped = true; 870 vm_set_capability(ctx, vcpu, VM_CAP_MTRAP_EXIT, 0); 871 while (vs->stepped) { 872 if (stopped_vcpu == -1) { 873 debug("$vCPU %d reporting step\n", vcpu); 874 stopped_vcpu = vcpu; 875 gdb_suspend_vcpus(); 876 } 877 _gdb_cpu_suspend(vcpu, true); 878 } 879 gdb_cpu_resume(vcpu); 880 } 881 pthread_mutex_unlock(&gdb_lock); 882 } 883 884 static struct breakpoint * 885 find_breakpoint(uint64_t gpa) 886 { 887 struct breakpoint *bp; 888 889 TAILQ_FOREACH(bp, &breakpoints, link) { 890 if (bp->gpa == gpa) 891 return (bp); 892 } 893 return (NULL); 894 } 895 896 void 897 gdb_cpu_breakpoint(int vcpu, struct vm_exit *vmexit) 898 { 899 struct breakpoint *bp; 900 struct vcpu_state *vs; 901 uint64_t gpa; 902 int error; 903 904 if (!gdb_active) { 905 fprintf(stderr, "vm_loop: unexpected VMEXIT_DEBUG\n"); 906 exit(4); 907 } 908 pthread_mutex_lock(&gdb_lock); 909 error = guest_vaddr2paddr(vcpu, vmexit->rip, &gpa); 910 assert(error == 1); 911 bp = find_breakpoint(gpa); 912 if (bp != NULL) { 913 vs = &vcpu_state[vcpu]; 914 assert(vs->stepping == false); 915 assert(vs->stepped == false); 916 assert(vs->hit_swbreak == false); 917 vs->hit_swbreak = true; 918 vm_set_register(ctx, vcpu, VM_REG_GUEST_RIP, vmexit->rip); 919 for (;;) { 920 if (stopped_vcpu == -1) { 921 debug("$vCPU %d reporting breakpoint at rip %#lx\n", vcpu, 922 vmexit->rip); 923 stopped_vcpu = vcpu; 924 gdb_suspend_vcpus(); 925 } 926 _gdb_cpu_suspend(vcpu, true); 927 if (!vs->hit_swbreak) { 928 /* Breakpoint reported. */ 929 break; 930 } 931 bp = find_breakpoint(gpa); 932 if (bp == NULL) { 933 /* Breakpoint was removed. */ 934 vs->hit_swbreak = false; 935 break; 936 } 937 } 938 gdb_cpu_resume(vcpu); 939 } else { 940 debug("$vCPU %d injecting breakpoint at rip %#lx\n", vcpu, 941 vmexit->rip); 942 error = vm_set_register(ctx, vcpu, 943 VM_REG_GUEST_ENTRY_INST_LENGTH, vmexit->u.bpt.inst_length); 944 assert(error == 0); 945 error = vm_inject_exception(ctx, vcpu, IDT_BP, 0, 0, 0); 946 assert(error == 0); 947 } 948 pthread_mutex_unlock(&gdb_lock); 949 } 950 951 static bool 952 gdb_step_vcpu(int vcpu) 953 { 954 int error, val; 955 956 debug("$vCPU %d step\n", vcpu); 957 error = vm_get_capability(ctx, vcpu, VM_CAP_MTRAP_EXIT, &val); 958 if (error < 0) 959 return (false); 960 961 discard_stop(); 962 vcpu_state[vcpu].stepping = true; 963 vm_resume_cpu(ctx, vcpu); 964 CPU_CLR(vcpu, &vcpus_suspended); 965 pthread_cond_broadcast(&idle_vcpus); 966 return (true); 967 } 968 969 static void 970 gdb_resume_vcpus(void) 971 { 972 973 assert(pthread_mutex_isowned_np(&gdb_lock)); 974 vm_resume_cpu(ctx, -1); 975 debug("resuming all CPUs\n"); 976 CPU_ZERO(&vcpus_suspended); 977 pthread_cond_broadcast(&idle_vcpus); 978 } 979 980 static void 981 gdb_read_regs(void) 982 { 983 uint64_t regvals[nitems(gdb_regset)]; 984 int i; 985 986 if (vm_get_register_set(ctx, cur_vcpu, nitems(gdb_regset), 987 gdb_regset, regvals) == -1) { 988 send_error(errno); 989 return; 990 } 991 start_packet(); 992 for (i = 0; i < nitems(regvals); i++) 993 append_unsigned_native(regvals[i], gdb_regsize[i]); 994 finish_packet(); 995 } 996 997 static void 998 gdb_read_mem(const uint8_t *data, size_t len) 999 { 1000 uint64_t gpa, gva, val; 1001 uint8_t *cp; 1002 size_t resid, todo, bytes; 1003 bool started; 1004 int error; 1005 1006 /* Skip 'm' */ 1007 data += 1; 1008 len -= 1; 1009 1010 /* Parse and consume address. */ 1011 cp = memchr(data, ',', len); 1012 if (cp == NULL || cp == data) { 1013 send_error(EINVAL); 1014 return; 1015 } 1016 gva = parse_integer(data, cp - data); 1017 len -= (cp - data) + 1; 1018 data += (cp - data) + 1; 1019 1020 /* Parse length. */ 1021 resid = parse_integer(data, len); 1022 1023 started = false; 1024 while (resid > 0) { 1025 error = guest_vaddr2paddr(cur_vcpu, gva, &gpa); 1026 if (error == -1) { 1027 if (started) 1028 finish_packet(); 1029 else 1030 send_error(errno); 1031 return; 1032 } 1033 if (error == 0) { 1034 if (started) 1035 finish_packet(); 1036 else 1037 send_error(EFAULT); 1038 return; 1039 } 1040 1041 /* Read bytes from current page. */ 1042 todo = getpagesize() - gpa % getpagesize(); 1043 if (todo > resid) 1044 todo = resid; 1045 1046 cp = paddr_guest2host(ctx, gpa, todo); 1047 if (cp != NULL) { 1048 /* 1049 * If this page is guest RAM, read it a byte 1050 * at a time. 1051 */ 1052 if (!started) { 1053 start_packet(); 1054 started = true; 1055 } 1056 while (todo > 0) { 1057 append_byte(*cp); 1058 cp++; 1059 gpa++; 1060 gva++; 1061 resid--; 1062 todo--; 1063 } 1064 } else { 1065 /* 1066 * If this page isn't guest RAM, try to handle 1067 * it via MMIO. For MMIO requests, use 1068 * aligned reads of words when possible. 1069 */ 1070 while (todo > 0) { 1071 if (gpa & 1 || todo == 1) 1072 bytes = 1; 1073 else if (gpa & 2 || todo == 2) 1074 bytes = 2; 1075 else 1076 bytes = 4; 1077 error = read_mem(ctx, cur_vcpu, gpa, &val, 1078 bytes); 1079 if (error == 0) { 1080 if (!started) { 1081 start_packet(); 1082 started = true; 1083 } 1084 gpa += bytes; 1085 gva += bytes; 1086 resid -= bytes; 1087 todo -= bytes; 1088 while (bytes > 0) { 1089 append_byte(val); 1090 val >>= 8; 1091 bytes--; 1092 } 1093 } else { 1094 if (started) 1095 finish_packet(); 1096 else 1097 send_error(EFAULT); 1098 return; 1099 } 1100 } 1101 } 1102 assert(resid == 0 || gpa % getpagesize() == 0); 1103 } 1104 if (!started) 1105 start_packet(); 1106 finish_packet(); 1107 } 1108 1109 static void 1110 gdb_write_mem(const uint8_t *data, size_t len) 1111 { 1112 uint64_t gpa, gva, val; 1113 uint8_t *cp; 1114 size_t resid, todo, bytes; 1115 int error; 1116 1117 /* Skip 'M' */ 1118 data += 1; 1119 len -= 1; 1120 1121 /* Parse and consume address. */ 1122 cp = memchr(data, ',', len); 1123 if (cp == NULL || cp == data) { 1124 send_error(EINVAL); 1125 return; 1126 } 1127 gva = parse_integer(data, cp - data); 1128 len -= (cp - data) + 1; 1129 data += (cp - data) + 1; 1130 1131 /* Parse and consume length. */ 1132 cp = memchr(data, ':', len); 1133 if (cp == NULL || cp == data) { 1134 send_error(EINVAL); 1135 return; 1136 } 1137 resid = parse_integer(data, cp - data); 1138 len -= (cp - data) + 1; 1139 data += (cp - data) + 1; 1140 1141 /* Verify the available bytes match the length. */ 1142 if (len != resid * 2) { 1143 send_error(EINVAL); 1144 return; 1145 } 1146 1147 while (resid > 0) { 1148 error = guest_vaddr2paddr(cur_vcpu, gva, &gpa); 1149 if (error == -1) { 1150 send_error(errno); 1151 return; 1152 } 1153 if (error == 0) { 1154 send_error(EFAULT); 1155 return; 1156 } 1157 1158 /* Write bytes to current page. */ 1159 todo = getpagesize() - gpa % getpagesize(); 1160 if (todo > resid) 1161 todo = resid; 1162 1163 cp = paddr_guest2host(ctx, gpa, todo); 1164 if (cp != NULL) { 1165 /* 1166 * If this page is guest RAM, write it a byte 1167 * at a time. 1168 */ 1169 while (todo > 0) { 1170 assert(len >= 2); 1171 *cp = parse_byte(data); 1172 data += 2; 1173 len -= 2; 1174 cp++; 1175 gpa++; 1176 gva++; 1177 resid--; 1178 todo--; 1179 } 1180 } else { 1181 /* 1182 * If this page isn't guest RAM, try to handle 1183 * it via MMIO. For MMIO requests, use 1184 * aligned writes of words when possible. 1185 */ 1186 while (todo > 0) { 1187 if (gpa & 1 || todo == 1) { 1188 bytes = 1; 1189 val = parse_byte(data); 1190 } else if (gpa & 2 || todo == 2) { 1191 bytes = 2; 1192 val = be16toh(parse_integer(data, 4)); 1193 } else { 1194 bytes = 4; 1195 val = be32toh(parse_integer(data, 8)); 1196 } 1197 error = write_mem(ctx, cur_vcpu, gpa, val, 1198 bytes); 1199 if (error == 0) { 1200 gpa += bytes; 1201 gva += bytes; 1202 resid -= bytes; 1203 todo -= bytes; 1204 data += 2 * bytes; 1205 len -= 2 * bytes; 1206 } else { 1207 send_error(EFAULT); 1208 return; 1209 } 1210 } 1211 } 1212 assert(resid == 0 || gpa % getpagesize() == 0); 1213 } 1214 assert(len == 0); 1215 send_ok(); 1216 } 1217 1218 static bool 1219 set_breakpoint_caps(bool enable) 1220 { 1221 cpuset_t mask; 1222 int vcpu; 1223 1224 mask = vcpus_active; 1225 while (!CPU_EMPTY(&mask)) { 1226 vcpu = CPU_FFS(&mask) - 1; 1227 CPU_CLR(vcpu, &mask); 1228 if (vm_set_capability(ctx, vcpu, VM_CAP_BPT_EXIT, 1229 enable ? 1 : 0) < 0) 1230 return (false); 1231 debug("$vCPU %d %sabled breakpoint exits\n", vcpu, 1232 enable ? "en" : "dis"); 1233 } 1234 return (true); 1235 } 1236 1237 static void 1238 remove_all_sw_breakpoints(void) 1239 { 1240 struct breakpoint *bp, *nbp; 1241 uint8_t *cp; 1242 1243 if (TAILQ_EMPTY(&breakpoints)) 1244 return; 1245 1246 TAILQ_FOREACH_SAFE(bp, &breakpoints, link, nbp) { 1247 debug("remove breakpoint at %#lx\n", bp->gpa); 1248 cp = paddr_guest2host(ctx, bp->gpa, 1); 1249 *cp = bp->shadow_inst; 1250 TAILQ_REMOVE(&breakpoints, bp, link); 1251 free(bp); 1252 } 1253 TAILQ_INIT(&breakpoints); 1254 set_breakpoint_caps(false); 1255 } 1256 1257 static void 1258 update_sw_breakpoint(uint64_t gva, int kind, bool insert) 1259 { 1260 struct breakpoint *bp; 1261 uint64_t gpa; 1262 uint8_t *cp; 1263 int error; 1264 1265 if (kind != 1) { 1266 send_error(EINVAL); 1267 return; 1268 } 1269 1270 error = guest_vaddr2paddr(cur_vcpu, gva, &gpa); 1271 if (error == -1) { 1272 send_error(errno); 1273 return; 1274 } 1275 if (error == 0) { 1276 send_error(EFAULT); 1277 return; 1278 } 1279 1280 cp = paddr_guest2host(ctx, gpa, 1); 1281 1282 /* Only permit breakpoints in guest RAM. */ 1283 if (cp == NULL) { 1284 send_error(EFAULT); 1285 return; 1286 } 1287 1288 /* Find any existing breakpoint. */ 1289 bp = find_breakpoint(gpa); 1290 1291 /* 1292 * Silently ignore duplicate commands since the protocol 1293 * requires these packets to be idempotent. 1294 */ 1295 if (insert) { 1296 if (bp == NULL) { 1297 if (TAILQ_EMPTY(&breakpoints) && 1298 !set_breakpoint_caps(true)) { 1299 send_empty_response(); 1300 return; 1301 } 1302 bp = malloc(sizeof(*bp)); 1303 bp->gpa = gpa; 1304 bp->shadow_inst = *cp; 1305 *cp = 0xcc; /* INT 3 */ 1306 TAILQ_INSERT_TAIL(&breakpoints, bp, link); 1307 debug("new breakpoint at %#lx\n", gpa); 1308 } 1309 } else { 1310 if (bp != NULL) { 1311 debug("remove breakpoint at %#lx\n", gpa); 1312 *cp = bp->shadow_inst; 1313 TAILQ_REMOVE(&breakpoints, bp, link); 1314 free(bp); 1315 if (TAILQ_EMPTY(&breakpoints)) 1316 set_breakpoint_caps(false); 1317 } 1318 } 1319 send_ok(); 1320 } 1321 1322 static void 1323 parse_breakpoint(const uint8_t *data, size_t len) 1324 { 1325 uint64_t gva; 1326 uint8_t *cp; 1327 bool insert; 1328 int kind, type; 1329 1330 insert = data[0] == 'Z'; 1331 1332 /* Skip 'Z/z' */ 1333 data += 1; 1334 len -= 1; 1335 1336 /* Parse and consume type. */ 1337 cp = memchr(data, ',', len); 1338 if (cp == NULL || cp == data) { 1339 send_error(EINVAL); 1340 return; 1341 } 1342 type = parse_integer(data, cp - data); 1343 len -= (cp - data) + 1; 1344 data += (cp - data) + 1; 1345 1346 /* Parse and consume address. */ 1347 cp = memchr(data, ',', len); 1348 if (cp == NULL || cp == data) { 1349 send_error(EINVAL); 1350 return; 1351 } 1352 gva = parse_integer(data, cp - data); 1353 len -= (cp - data) + 1; 1354 data += (cp - data) + 1; 1355 1356 /* Parse and consume kind. */ 1357 cp = memchr(data, ';', len); 1358 if (cp == data) { 1359 send_error(EINVAL); 1360 return; 1361 } 1362 if (cp != NULL) { 1363 /* 1364 * We do not advertise support for either the 1365 * ConditionalBreakpoints or BreakpointCommands 1366 * features, so we should not be getting conditions or 1367 * commands from the remote end. 1368 */ 1369 send_empty_response(); 1370 return; 1371 } 1372 kind = parse_integer(data, len); 1373 data += len; 1374 len = 0; 1375 1376 switch (type) { 1377 case 0: 1378 update_sw_breakpoint(gva, kind, insert); 1379 break; 1380 default: 1381 send_empty_response(); 1382 break; 1383 } 1384 } 1385 1386 static bool 1387 command_equals(const uint8_t *data, size_t len, const char *cmd) 1388 { 1389 1390 if (strlen(cmd) > len) 1391 return (false); 1392 return (memcmp(data, cmd, strlen(cmd)) == 0); 1393 } 1394 1395 static void 1396 check_features(const uint8_t *data, size_t len) 1397 { 1398 char *feature, *next_feature, *str, *value; 1399 bool supported; 1400 1401 str = malloc(len + 1); 1402 memcpy(str, data, len); 1403 str[len] = '\0'; 1404 next_feature = str; 1405 1406 while ((feature = strsep(&next_feature, ";")) != NULL) { 1407 /* 1408 * Null features shouldn't exist, but skip if they 1409 * do. 1410 */ 1411 if (strcmp(feature, "") == 0) 1412 continue; 1413 1414 /* 1415 * Look for the value or supported / not supported 1416 * flag. 1417 */ 1418 value = strchr(feature, '='); 1419 if (value != NULL) { 1420 *value = '\0'; 1421 value++; 1422 supported = true; 1423 } else { 1424 value = feature + strlen(feature) - 1; 1425 switch (*value) { 1426 case '+': 1427 supported = true; 1428 break; 1429 case '-': 1430 supported = false; 1431 break; 1432 default: 1433 /* 1434 * This is really a protocol error, 1435 * but we just ignore malformed 1436 * features for ease of 1437 * implementation. 1438 */ 1439 continue; 1440 } 1441 value = NULL; 1442 } 1443 1444 if (strcmp(feature, "swbreak") == 0) 1445 swbreak_enabled = supported; 1446 1447 #ifndef __FreeBSD__ 1448 /* 1449 * The compiler dislikes 'supported' being set but never used. 1450 * Make it happy here. 1451 */ 1452 if (supported) { 1453 debug("feature '%s' supported\n", feature); 1454 } 1455 #endif /* __FreeBSD__ */ 1456 } 1457 free(str); 1458 1459 start_packet(); 1460 1461 /* This is an arbitrary limit. */ 1462 append_string("PacketSize=4096"); 1463 append_string(";swbreak+"); 1464 finish_packet(); 1465 } 1466 1467 static void 1468 gdb_query(const uint8_t *data, size_t len) 1469 { 1470 1471 /* 1472 * TODO: 1473 * - qSearch 1474 */ 1475 if (command_equals(data, len, "qAttached")) { 1476 start_packet(); 1477 append_char('1'); 1478 finish_packet(); 1479 } else if (command_equals(data, len, "qC")) { 1480 start_packet(); 1481 append_string("QC"); 1482 append_integer(cur_vcpu + 1); 1483 finish_packet(); 1484 } else if (command_equals(data, len, "qfThreadInfo")) { 1485 cpuset_t mask; 1486 bool first; 1487 int vcpu; 1488 1489 if (CPU_EMPTY(&vcpus_active)) { 1490 send_error(EINVAL); 1491 return; 1492 } 1493 mask = vcpus_active; 1494 start_packet(); 1495 append_char('m'); 1496 first = true; 1497 while (!CPU_EMPTY(&mask)) { 1498 vcpu = CPU_FFS(&mask) - 1; 1499 CPU_CLR(vcpu, &mask); 1500 if (first) 1501 first = false; 1502 else 1503 append_char(','); 1504 append_integer(vcpu + 1); 1505 } 1506 finish_packet(); 1507 } else if (command_equals(data, len, "qsThreadInfo")) { 1508 start_packet(); 1509 append_char('l'); 1510 finish_packet(); 1511 } else if (command_equals(data, len, "qSupported")) { 1512 data += strlen("qSupported"); 1513 len -= strlen("qSupported"); 1514 check_features(data, len); 1515 } else if (command_equals(data, len, "qThreadExtraInfo")) { 1516 char buf[16]; 1517 int tid; 1518 1519 data += strlen("qThreadExtraInfo"); 1520 len -= strlen("qThreadExtraInfo"); 1521 if (*data != ',') { 1522 send_error(EINVAL); 1523 return; 1524 } 1525 tid = parse_threadid(data + 1, len - 1); 1526 if (tid <= 0 || !CPU_ISSET(tid - 1, &vcpus_active)) { 1527 send_error(EINVAL); 1528 return; 1529 } 1530 1531 snprintf(buf, sizeof(buf), "vCPU %d", tid - 1); 1532 start_packet(); 1533 append_asciihex(buf); 1534 finish_packet(); 1535 } else 1536 send_empty_response(); 1537 } 1538 1539 static void 1540 handle_command(const uint8_t *data, size_t len) 1541 { 1542 1543 /* Reject packets with a sequence-id. */ 1544 if (len >= 3 && data[0] >= '0' && data[0] <= '9' && 1545 data[0] >= '0' && data[0] <= '9' && data[2] == ':') { 1546 send_empty_response(); 1547 return; 1548 } 1549 1550 switch (*data) { 1551 case 'c': 1552 if (len != 1) { 1553 send_error(EINVAL); 1554 break; 1555 } 1556 1557 discard_stop(); 1558 gdb_resume_vcpus(); 1559 break; 1560 case 'D': 1561 send_ok(); 1562 1563 /* TODO: Resume any stopped CPUs. */ 1564 break; 1565 case 'g': { 1566 gdb_read_regs(); 1567 break; 1568 } 1569 case 'H': { 1570 int tid; 1571 1572 if (data[1] != 'g' && data[1] != 'c') { 1573 send_error(EINVAL); 1574 break; 1575 } 1576 tid = parse_threadid(data + 2, len - 2); 1577 if (tid == -2) { 1578 send_error(EINVAL); 1579 break; 1580 } 1581 1582 if (CPU_EMPTY(&vcpus_active)) { 1583 send_error(EINVAL); 1584 break; 1585 } 1586 if (tid == -1 || tid == 0) 1587 cur_vcpu = CPU_FFS(&vcpus_active) - 1; 1588 else if (CPU_ISSET(tid - 1, &vcpus_active)) 1589 cur_vcpu = tid - 1; 1590 else { 1591 send_error(EINVAL); 1592 break; 1593 } 1594 send_ok(); 1595 break; 1596 } 1597 case 'm': 1598 gdb_read_mem(data, len); 1599 break; 1600 case 'M': 1601 gdb_write_mem(data, len); 1602 break; 1603 case 'T': { 1604 int tid; 1605 1606 tid = parse_threadid(data + 1, len - 1); 1607 if (tid <= 0 || !CPU_ISSET(tid - 1, &vcpus_active)) { 1608 send_error(EINVAL); 1609 return; 1610 } 1611 send_ok(); 1612 break; 1613 } 1614 case 'q': 1615 gdb_query(data, len); 1616 break; 1617 case 's': 1618 if (len != 1) { 1619 send_error(EINVAL); 1620 break; 1621 } 1622 1623 /* Don't send a reply until a stop occurs. */ 1624 if (!gdb_step_vcpu(cur_vcpu)) { 1625 send_error(EOPNOTSUPP); 1626 break; 1627 } 1628 break; 1629 case 'z': 1630 case 'Z': 1631 parse_breakpoint(data, len); 1632 break; 1633 case '?': 1634 report_stop(false); 1635 break; 1636 case 'G': /* TODO */ 1637 case 'v': 1638 /* Handle 'vCont' */ 1639 /* 'vCtrlC' */ 1640 case 'p': /* TODO */ 1641 case 'P': /* TODO */ 1642 case 'Q': /* TODO */ 1643 case 't': /* TODO */ 1644 case 'X': /* TODO */ 1645 default: 1646 send_empty_response(); 1647 } 1648 } 1649 1650 /* Check for a valid packet in the command buffer. */ 1651 static void 1652 check_command(int fd) 1653 { 1654 uint8_t *head, *hash, *p, sum; 1655 size_t avail, plen; 1656 1657 for (;;) { 1658 avail = cur_comm.len; 1659 if (avail == 0) 1660 return; 1661 head = io_buffer_head(&cur_comm); 1662 switch (*head) { 1663 case 0x03: 1664 debug("<- Ctrl-C\n"); 1665 io_buffer_consume(&cur_comm, 1); 1666 1667 gdb_suspend_vcpus(); 1668 break; 1669 case '+': 1670 /* ACK of previous response. */ 1671 debug("<- +\n"); 1672 if (response_pending()) 1673 io_buffer_reset(&cur_resp); 1674 io_buffer_consume(&cur_comm, 1); 1675 if (stopped_vcpu != -1 && report_next_stop) { 1676 report_stop(true); 1677 send_pending_data(fd); 1678 } 1679 break; 1680 case '-': 1681 /* NACK of previous response. */ 1682 debug("<- -\n"); 1683 if (response_pending()) { 1684 cur_resp.len += cur_resp.start; 1685 cur_resp.start = 0; 1686 if (cur_resp.data[0] == '+') 1687 io_buffer_advance(&cur_resp, 1); 1688 debug("-> %.*s\n", (int)cur_resp.len, 1689 io_buffer_head(&cur_resp)); 1690 } 1691 io_buffer_consume(&cur_comm, 1); 1692 send_pending_data(fd); 1693 break; 1694 case '$': 1695 /* Packet. */ 1696 1697 if (response_pending()) { 1698 warnx("New GDB command while response in " 1699 "progress"); 1700 io_buffer_reset(&cur_resp); 1701 } 1702 1703 /* Is packet complete? */ 1704 hash = memchr(head, '#', avail); 1705 if (hash == NULL) 1706 return; 1707 plen = (hash - head + 1) + 2; 1708 if (avail < plen) 1709 return; 1710 debug("<- %.*s\n", (int)plen, head); 1711 1712 /* Verify checksum. */ 1713 for (sum = 0, p = head + 1; p < hash; p++) 1714 sum += *p; 1715 if (sum != parse_byte(hash + 1)) { 1716 io_buffer_consume(&cur_comm, plen); 1717 debug("-> -\n"); 1718 send_char('-'); 1719 send_pending_data(fd); 1720 break; 1721 } 1722 send_char('+'); 1723 1724 handle_command(head + 1, hash - (head + 1)); 1725 io_buffer_consume(&cur_comm, plen); 1726 if (!response_pending()) { 1727 debug("-> +\n"); 1728 } 1729 send_pending_data(fd); 1730 break; 1731 default: 1732 /* XXX: Possibly drop connection instead. */ 1733 debug("-> %02x\n", *head); 1734 io_buffer_consume(&cur_comm, 1); 1735 break; 1736 } 1737 } 1738 } 1739 1740 static void 1741 gdb_readable(int fd, enum ev_type event, void *arg) 1742 { 1743 ssize_t nread; 1744 int pending; 1745 1746 if (ioctl(fd, FIONREAD, &pending) == -1) { 1747 warn("FIONREAD on GDB socket"); 1748 return; 1749 } 1750 1751 /* 1752 * 'pending' might be zero due to EOF. We need to call read 1753 * with a non-zero length to detect EOF. 1754 */ 1755 if (pending == 0) 1756 pending = 1; 1757 1758 /* Ensure there is room in the command buffer. */ 1759 io_buffer_grow(&cur_comm, pending); 1760 assert(io_buffer_avail(&cur_comm) >= pending); 1761 1762 nread = read(fd, io_buffer_tail(&cur_comm), io_buffer_avail(&cur_comm)); 1763 if (nread == 0) { 1764 close_connection(); 1765 } else if (nread == -1) { 1766 if (errno == EAGAIN) 1767 return; 1768 1769 warn("Read from GDB socket"); 1770 close_connection(); 1771 } else { 1772 cur_comm.len += nread; 1773 pthread_mutex_lock(&gdb_lock); 1774 check_command(fd); 1775 pthread_mutex_unlock(&gdb_lock); 1776 } 1777 } 1778 1779 static void 1780 gdb_writable(int fd, enum ev_type event, void *arg) 1781 { 1782 1783 send_pending_data(fd); 1784 } 1785 1786 static void 1787 new_connection(int fd, enum ev_type event, void *arg) 1788 { 1789 int optval, s; 1790 1791 s = accept4(fd, NULL, NULL, SOCK_NONBLOCK); 1792 if (s == -1) { 1793 if (arg != NULL) 1794 err(1, "Failed accepting initial GDB connection"); 1795 1796 /* Silently ignore errors post-startup. */ 1797 return; 1798 } 1799 1800 optval = 1; 1801 if (setsockopt(s, SOL_SOCKET, SO_NOSIGPIPE, &optval, sizeof(optval)) == 1802 -1) { 1803 warn("Failed to disable SIGPIPE for GDB connection"); 1804 close(s); 1805 return; 1806 } 1807 1808 pthread_mutex_lock(&gdb_lock); 1809 if (cur_fd != -1) { 1810 close(s); 1811 warnx("Ignoring additional GDB connection."); 1812 } 1813 1814 read_event = mevent_add(s, EVF_READ, gdb_readable, NULL); 1815 if (read_event == NULL) { 1816 if (arg != NULL) 1817 err(1, "Failed to setup initial GDB connection"); 1818 pthread_mutex_unlock(&gdb_lock); 1819 return; 1820 } 1821 write_event = mevent_add(s, EVF_WRITE, gdb_writable, NULL); 1822 if (write_event == NULL) { 1823 if (arg != NULL) 1824 err(1, "Failed to setup initial GDB connection"); 1825 mevent_delete_close(read_event); 1826 read_event = NULL; 1827 } 1828 1829 cur_fd = s; 1830 cur_vcpu = 0; 1831 stopped_vcpu = -1; 1832 1833 /* Break on attach. */ 1834 first_stop = true; 1835 report_next_stop = false; 1836 gdb_suspend_vcpus(); 1837 pthread_mutex_unlock(&gdb_lock); 1838 } 1839 1840 #ifndef WITHOUT_CAPSICUM 1841 void 1842 limit_gdb_socket(int s) 1843 { 1844 cap_rights_t rights; 1845 unsigned long ioctls[] = { FIONREAD }; 1846 1847 cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE, 1848 CAP_SETSOCKOPT, CAP_IOCTL); 1849 if (caph_rights_limit(s, &rights) == -1) 1850 errx(EX_OSERR, "Unable to apply rights for sandbox"); 1851 if (caph_ioctls_limit(s, ioctls, nitems(ioctls)) == -1) 1852 errx(EX_OSERR, "Unable to apply rights for sandbox"); 1853 } 1854 #endif 1855 1856 1857 #ifndef __FreeBSD__ 1858 /* 1859 * Equivalent to init_gdb() below, but without configuring the listening socket. 1860 * This will allow the bhyve process to tolerate mdb attaching/detaching from 1861 * the instance while it is running. 1862 */ 1863 void 1864 init_mdb(struct vmctx *_ctx) 1865 { 1866 int error; 1867 bool wait; 1868 1869 wait = get_config_bool_default("gdb.wait", false); 1870 1871 error = pthread_mutex_init(&gdb_lock, NULL); 1872 if (error != 0) 1873 errc(1, error, "gdb mutex init"); 1874 error = pthread_cond_init(&idle_vcpus, NULL); 1875 if (error != 0) 1876 errc(1, error, "gdb cv init"); 1877 1878 ctx = _ctx; 1879 stopped_vcpu = -1; 1880 TAILQ_INIT(&breakpoints); 1881 vcpu_state = calloc(guest_ncpus, sizeof(*vcpu_state)); 1882 if (wait) { 1883 /* 1884 * Set vcpu 0 in vcpus_suspended. This will trigger the 1885 * logic in gdb_cpu_add() to suspend the first vcpu before 1886 * it starts execution. The vcpu will remain suspended 1887 * until a debugger connects. 1888 */ 1889 CPU_SET(0, &vcpus_suspended); 1890 stopped_vcpu = 0; 1891 } 1892 } 1893 #endif 1894 1895 void 1896 init_gdb(struct vmctx *_ctx) 1897 { 1898 int error, flags, optval, s; 1899 struct addrinfo hints; 1900 struct addrinfo *gdbaddr; 1901 const char *saddr, *value; 1902 char *sport; 1903 bool wait; 1904 1905 value = get_config_value("gdb.port"); 1906 if (value == NULL) 1907 return; 1908 sport = strdup(value); 1909 if (sport == NULL) 1910 errx(4, "Failed to allocate memory"); 1911 1912 wait = get_config_bool_default("gdb.wait", false); 1913 1914 saddr = get_config_value("gdb.address"); 1915 if (saddr == NULL) { 1916 saddr = "localhost"; 1917 } 1918 1919 debug("==> starting on %s:%s, %swaiting\n", 1920 saddr, sport, wait ? "" : "not "); 1921 1922 error = pthread_mutex_init(&gdb_lock, NULL); 1923 if (error != 0) 1924 errc(1, error, "gdb mutex init"); 1925 error = pthread_cond_init(&idle_vcpus, NULL); 1926 if (error != 0) 1927 errc(1, error, "gdb cv init"); 1928 1929 memset(&hints, 0, sizeof(hints)); 1930 hints.ai_family = AF_UNSPEC; 1931 hints.ai_socktype = SOCK_STREAM; 1932 hints.ai_flags = AI_NUMERICSERV | AI_PASSIVE; 1933 1934 error = getaddrinfo(saddr, sport, &hints, &gdbaddr); 1935 if (error != 0) 1936 errx(1, "gdb address resolution: %s", gai_strerror(error)); 1937 1938 ctx = _ctx; 1939 s = socket(gdbaddr->ai_family, gdbaddr->ai_socktype, 0); 1940 if (s < 0) 1941 err(1, "gdb socket create"); 1942 1943 optval = 1; 1944 (void)setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval)); 1945 1946 if (bind(s, gdbaddr->ai_addr, gdbaddr->ai_addrlen) < 0) 1947 err(1, "gdb socket bind"); 1948 1949 if (listen(s, 1) < 0) 1950 err(1, "gdb socket listen"); 1951 1952 stopped_vcpu = -1; 1953 TAILQ_INIT(&breakpoints); 1954 vcpu_state = calloc(guest_ncpus, sizeof(*vcpu_state)); 1955 if (wait) { 1956 /* 1957 * Set vcpu 0 in vcpus_suspended. This will trigger the 1958 * logic in gdb_cpu_add() to suspend the first vcpu before 1959 * it starts execution. The vcpu will remain suspended 1960 * until a debugger connects. 1961 */ 1962 CPU_SET(0, &vcpus_suspended); 1963 stopped_vcpu = 0; 1964 } 1965 1966 flags = fcntl(s, F_GETFL); 1967 if (fcntl(s, F_SETFL, flags | O_NONBLOCK) == -1) 1968 err(1, "Failed to mark gdb socket non-blocking"); 1969 1970 #ifndef WITHOUT_CAPSICUM 1971 limit_gdb_socket(s); 1972 #endif 1973 mevent_add(s, EVF_READ, new_connection, NULL); 1974 gdb_active = true; 1975 freeaddrinfo(gdbaddr); 1976 free(sport); 1977 } 1978