1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2017-2018 John H. Baldwin <jhb@FreeBSD.org> 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include <sys/cdefs.h> 29 30 #include <sys/param.h> 31 #ifndef WITHOUT_CAPSICUM 32 #include <sys/capsicum.h> 33 #endif 34 #ifdef __FreeBSD__ 35 #include <sys/endian.h> 36 #else 37 #include <endian.h> 38 #endif 39 #include <sys/ioctl.h> 40 #include <sys/mman.h> 41 #include <sys/queue.h> 42 #include <sys/socket.h> 43 #include <machine/atomic.h> 44 #include <machine/specialreg.h> 45 #include <machine/vmm.h> 46 #include <netinet/in.h> 47 #include <assert.h> 48 #ifndef WITHOUT_CAPSICUM 49 #include <capsicum_helpers.h> 50 #endif 51 #include <err.h> 52 #include <errno.h> 53 #include <fcntl.h> 54 #include <netdb.h> 55 #include <pthread.h> 56 #include <pthread_np.h> 57 #include <stdbool.h> 58 #include <stdio.h> 59 #include <stdlib.h> 60 #include <string.h> 61 #include <sysexits.h> 62 #include <unistd.h> 63 #include <vmmapi.h> 64 65 #include "bhyverun.h" 66 #include "config.h" 67 #include "gdb.h" 68 #include "mem.h" 69 #include "mevent.h" 70 71 /* 72 * GDB_SIGNAL_* numbers are part of the GDB remote protocol. Most stops 73 * use SIGTRAP. 74 */ 75 #define GDB_SIGNAL_TRAP 5 76 77 static void gdb_resume_vcpus(void); 78 static void check_command(int fd); 79 80 static struct mevent *read_event, *write_event; 81 82 static cpuset_t vcpus_active, vcpus_suspended, vcpus_waiting; 83 static pthread_mutex_t gdb_lock; 84 static pthread_cond_t idle_vcpus; 85 static bool first_stop, report_next_stop, swbreak_enabled; 86 87 /* 88 * An I/O buffer contains 'capacity' bytes of room at 'data'. For a 89 * read buffer, 'start' is unused and 'len' contains the number of 90 * valid bytes in the buffer. For a write buffer, 'start' is set to 91 * the index of the next byte in 'data' to send, and 'len' contains 92 * the remaining number of valid bytes to send. 93 */ 94 struct io_buffer { 95 uint8_t *data; 96 size_t capacity; 97 size_t start; 98 size_t len; 99 }; 100 101 struct breakpoint { 102 uint64_t gpa; 103 uint8_t shadow_inst; 104 TAILQ_ENTRY(breakpoint) link; 105 }; 106 107 /* 108 * When a vCPU stops to due to an event that should be reported to the 109 * debugger, information about the event is stored in this structure. 110 * The vCPU thread then sets 'stopped_vcpu' if it is not already set 111 * and stops other vCPUs so the event can be reported. The 112 * report_stop() function reports the event for the 'stopped_vcpu' 113 * vCPU. When the debugger resumes execution via continue or step, 114 * the event for 'stopped_vcpu' is cleared. vCPUs will loop in their 115 * event handlers until the associated event is reported or disabled. 116 * 117 * An idle vCPU will have all of the boolean fields set to false. 118 * 119 * When a vCPU is stepped, 'stepping' is set to true when the vCPU is 120 * released to execute the stepped instruction. When the vCPU reports 121 * the stepping trap, 'stepped' is set. 122 * 123 * When a vCPU hits a breakpoint set by the debug server, 124 * 'hit_swbreak' is set to true. 125 */ 126 struct vcpu_state { 127 bool stepping; 128 bool stepped; 129 bool hit_swbreak; 130 }; 131 132 static struct io_buffer cur_comm, cur_resp; 133 static uint8_t cur_csum; 134 static struct vmctx *ctx; 135 static int cur_fd = -1; 136 static TAILQ_HEAD(, breakpoint) breakpoints; 137 static struct vcpu_state *vcpu_state; 138 static struct vcpu **vcpus; 139 static int cur_vcpu, stopped_vcpu; 140 static bool gdb_active = false; 141 142 static const int gdb_regset[] = { 143 VM_REG_GUEST_RAX, 144 VM_REG_GUEST_RBX, 145 VM_REG_GUEST_RCX, 146 VM_REG_GUEST_RDX, 147 VM_REG_GUEST_RSI, 148 VM_REG_GUEST_RDI, 149 VM_REG_GUEST_RBP, 150 VM_REG_GUEST_RSP, 151 VM_REG_GUEST_R8, 152 VM_REG_GUEST_R9, 153 VM_REG_GUEST_R10, 154 VM_REG_GUEST_R11, 155 VM_REG_GUEST_R12, 156 VM_REG_GUEST_R13, 157 VM_REG_GUEST_R14, 158 VM_REG_GUEST_R15, 159 VM_REG_GUEST_RIP, 160 VM_REG_GUEST_RFLAGS, 161 VM_REG_GUEST_CS, 162 VM_REG_GUEST_SS, 163 VM_REG_GUEST_DS, 164 VM_REG_GUEST_ES, 165 VM_REG_GUEST_FS, 166 VM_REG_GUEST_GS 167 }; 168 169 static const int gdb_regsize[] = { 170 8, 171 8, 172 8, 173 8, 174 8, 175 8, 176 8, 177 8, 178 8, 179 8, 180 8, 181 8, 182 8, 183 8, 184 8, 185 8, 186 8, 187 4, 188 4, 189 4, 190 4, 191 4, 192 4, 193 4 194 }; 195 196 #ifdef GDB_LOG 197 #include <stdarg.h> 198 #include <stdio.h> 199 200 static void __printflike(1, 2) 201 debug(const char *fmt, ...) 202 { 203 static FILE *logfile; 204 va_list ap; 205 206 if (logfile == NULL) { 207 logfile = fopen("/tmp/bhyve_gdb.log", "w"); 208 if (logfile == NULL) 209 return; 210 #ifndef WITHOUT_CAPSICUM 211 if (caph_limit_stream(fileno(logfile), CAPH_WRITE) == -1) { 212 fclose(logfile); 213 logfile = NULL; 214 return; 215 } 216 #endif 217 setlinebuf(logfile); 218 } 219 va_start(ap, fmt); 220 vfprintf(logfile, fmt, ap); 221 va_end(ap); 222 } 223 #else 224 #ifndef __FreeBSD__ 225 /* 226 * A totally empty debug() makes the compiler grumpy due to how its used with 227 * some control flow here. 228 */ 229 #define debug(...) do { } while (0) 230 #else 231 #define debug(...) 232 #endif 233 #endif 234 235 static void remove_all_sw_breakpoints(void); 236 237 static int 238 guest_paging_info(struct vcpu *vcpu, struct vm_guest_paging *paging) 239 { 240 uint64_t regs[4]; 241 const int regset[4] = { 242 VM_REG_GUEST_CR0, 243 VM_REG_GUEST_CR3, 244 VM_REG_GUEST_CR4, 245 VM_REG_GUEST_EFER 246 }; 247 248 if (vm_get_register_set(vcpu, nitems(regset), regset, regs) == -1) 249 return (-1); 250 251 /* 252 * For the debugger, always pretend to be the kernel (CPL 0), 253 * and if long-mode is enabled, always parse addresses as if 254 * in 64-bit mode. 255 */ 256 paging->cr3 = regs[1]; 257 paging->cpl = 0; 258 if (regs[3] & EFER_LMA) 259 paging->cpu_mode = CPU_MODE_64BIT; 260 else if (regs[0] & CR0_PE) 261 paging->cpu_mode = CPU_MODE_PROTECTED; 262 else 263 paging->cpu_mode = CPU_MODE_REAL; 264 if (!(regs[0] & CR0_PG)) 265 paging->paging_mode = PAGING_MODE_FLAT; 266 else if (!(regs[2] & CR4_PAE)) 267 paging->paging_mode = PAGING_MODE_32; 268 else if (regs[3] & EFER_LME) 269 paging->paging_mode = PAGING_MODE_64; 270 else 271 paging->paging_mode = PAGING_MODE_PAE; 272 return (0); 273 } 274 275 /* 276 * Map a guest virtual address to a physical address (for a given vcpu). 277 * If a guest virtual address is valid, return 1. If the address is 278 * not valid, return 0. If an error occurs obtaining the mapping, 279 * return -1. 280 */ 281 static int 282 guest_vaddr2paddr(struct vcpu *vcpu, uint64_t vaddr, uint64_t *paddr) 283 { 284 struct vm_guest_paging paging; 285 int fault; 286 287 if (guest_paging_info(vcpu, &paging) == -1) 288 return (-1); 289 290 /* 291 * Always use PROT_READ. We really care if the VA is 292 * accessible, not if the current vCPU can write. 293 */ 294 if (vm_gla2gpa_nofault(vcpu, &paging, vaddr, PROT_READ, paddr, 295 &fault) == -1) 296 return (-1); 297 if (fault) 298 return (0); 299 return (1); 300 } 301 302 static void 303 io_buffer_reset(struct io_buffer *io) 304 { 305 306 io->start = 0; 307 io->len = 0; 308 } 309 310 /* Available room for adding data. */ 311 static size_t 312 io_buffer_avail(struct io_buffer *io) 313 { 314 315 return (io->capacity - (io->start + io->len)); 316 } 317 318 static uint8_t * 319 io_buffer_head(struct io_buffer *io) 320 { 321 322 return (io->data + io->start); 323 } 324 325 static uint8_t * 326 io_buffer_tail(struct io_buffer *io) 327 { 328 329 return (io->data + io->start + io->len); 330 } 331 332 static void 333 io_buffer_advance(struct io_buffer *io, size_t amount) 334 { 335 336 assert(amount <= io->len); 337 io->start += amount; 338 io->len -= amount; 339 } 340 341 static void 342 io_buffer_consume(struct io_buffer *io, size_t amount) 343 { 344 345 io_buffer_advance(io, amount); 346 if (io->len == 0) { 347 io->start = 0; 348 return; 349 } 350 351 /* 352 * XXX: Consider making this move optional and compacting on a 353 * future read() before realloc(). 354 */ 355 memmove(io->data, io_buffer_head(io), io->len); 356 io->start = 0; 357 } 358 359 static void 360 io_buffer_grow(struct io_buffer *io, size_t newsize) 361 { 362 uint8_t *new_data; 363 size_t avail, new_cap; 364 365 avail = io_buffer_avail(io); 366 if (newsize <= avail) 367 return; 368 369 new_cap = io->capacity + (newsize - avail); 370 new_data = realloc(io->data, new_cap); 371 if (new_data == NULL) 372 err(1, "Failed to grow GDB I/O buffer"); 373 io->data = new_data; 374 io->capacity = new_cap; 375 } 376 377 static bool 378 response_pending(void) 379 { 380 381 if (cur_resp.start == 0 && cur_resp.len == 0) 382 return (false); 383 if (cur_resp.start + cur_resp.len == 1 && cur_resp.data[0] == '+') 384 return (false); 385 return (true); 386 } 387 388 static void 389 close_connection(void) 390 { 391 392 /* 393 * XXX: This triggers a warning because mevent does the close 394 * before the EV_DELETE. 395 */ 396 pthread_mutex_lock(&gdb_lock); 397 mevent_delete(write_event); 398 mevent_delete_close(read_event); 399 write_event = NULL; 400 read_event = NULL; 401 io_buffer_reset(&cur_comm); 402 io_buffer_reset(&cur_resp); 403 cur_fd = -1; 404 405 remove_all_sw_breakpoints(); 406 407 /* Clear any pending events. */ 408 memset(vcpu_state, 0, guest_ncpus * sizeof(*vcpu_state)); 409 410 /* Resume any stopped vCPUs. */ 411 gdb_resume_vcpus(); 412 pthread_mutex_unlock(&gdb_lock); 413 } 414 415 static uint8_t 416 hex_digit(uint8_t nibble) 417 { 418 419 if (nibble <= 9) 420 return (nibble + '0'); 421 else 422 return (nibble + 'a' - 10); 423 } 424 425 static uint8_t 426 parse_digit(uint8_t v) 427 { 428 429 if (v >= '0' && v <= '9') 430 return (v - '0'); 431 if (v >= 'a' && v <= 'f') 432 return (v - 'a' + 10); 433 if (v >= 'A' && v <= 'F') 434 return (v - 'A' + 10); 435 return (0xF); 436 } 437 438 /* Parses big-endian hexadecimal. */ 439 static uintmax_t 440 parse_integer(const uint8_t *p, size_t len) 441 { 442 uintmax_t v; 443 444 v = 0; 445 while (len > 0) { 446 v <<= 4; 447 v |= parse_digit(*p); 448 p++; 449 len--; 450 } 451 return (v); 452 } 453 454 static uint8_t 455 parse_byte(const uint8_t *p) 456 { 457 458 return (parse_digit(p[0]) << 4 | parse_digit(p[1])); 459 } 460 461 static void 462 send_pending_data(int fd) 463 { 464 ssize_t nwritten; 465 466 if (cur_resp.len == 0) { 467 mevent_disable(write_event); 468 return; 469 } 470 nwritten = write(fd, io_buffer_head(&cur_resp), cur_resp.len); 471 if (nwritten == -1) { 472 warn("Write to GDB socket failed"); 473 close_connection(); 474 } else { 475 io_buffer_advance(&cur_resp, nwritten); 476 if (cur_resp.len == 0) 477 mevent_disable(write_event); 478 else 479 mevent_enable(write_event); 480 } 481 } 482 483 /* Append a single character to the output buffer. */ 484 static void 485 send_char(uint8_t data) 486 { 487 io_buffer_grow(&cur_resp, 1); 488 *io_buffer_tail(&cur_resp) = data; 489 cur_resp.len++; 490 } 491 492 /* Append an array of bytes to the output buffer. */ 493 static void 494 send_data(const uint8_t *data, size_t len) 495 { 496 497 io_buffer_grow(&cur_resp, len); 498 memcpy(io_buffer_tail(&cur_resp), data, len); 499 cur_resp.len += len; 500 } 501 502 static void 503 format_byte(uint8_t v, uint8_t *buf) 504 { 505 506 buf[0] = hex_digit(v >> 4); 507 buf[1] = hex_digit(v & 0xf); 508 } 509 510 /* 511 * Append a single byte (formatted as two hex characters) to the 512 * output buffer. 513 */ 514 static void 515 send_byte(uint8_t v) 516 { 517 uint8_t buf[2]; 518 519 format_byte(v, buf); 520 send_data(buf, sizeof(buf)); 521 } 522 523 static void 524 start_packet(void) 525 { 526 527 send_char('$'); 528 cur_csum = 0; 529 } 530 531 static void 532 finish_packet(void) 533 { 534 535 send_char('#'); 536 send_byte(cur_csum); 537 debug("-> %.*s\n", (int)cur_resp.len, io_buffer_head(&cur_resp)); 538 } 539 540 /* 541 * Append a single character (for the packet payload) and update the 542 * checksum. 543 */ 544 static void 545 append_char(uint8_t v) 546 { 547 548 send_char(v); 549 cur_csum += v; 550 } 551 552 /* 553 * Append an array of bytes (for the packet payload) and update the 554 * checksum. 555 */ 556 static void 557 append_packet_data(const uint8_t *data, size_t len) 558 { 559 560 send_data(data, len); 561 while (len > 0) { 562 cur_csum += *data; 563 data++; 564 len--; 565 } 566 } 567 568 static void 569 append_string(const char *str) 570 { 571 572 #ifdef __FreeBSD__ 573 append_packet_data(str, strlen(str)); 574 #else 575 append_packet_data((const uint8_t *)str, strlen(str)); 576 #endif 577 } 578 579 static void 580 append_byte(uint8_t v) 581 { 582 uint8_t buf[2]; 583 584 format_byte(v, buf); 585 append_packet_data(buf, sizeof(buf)); 586 } 587 588 static void 589 append_unsigned_native(uintmax_t value, size_t len) 590 { 591 size_t i; 592 593 for (i = 0; i < len; i++) { 594 append_byte(value); 595 value >>= 8; 596 } 597 } 598 599 static void 600 append_unsigned_be(uintmax_t value, size_t len) 601 { 602 char buf[len * 2]; 603 size_t i; 604 605 for (i = 0; i < len; i++) { 606 #ifdef __FreeBSD__ 607 format_byte(value, buf + (len - i - 1) * 2); 608 #else 609 format_byte(value, (uint8_t *)(buf + (len - i - 1) * 2)); 610 #endif 611 value >>= 8; 612 } 613 #ifdef __FreeBSD__ 614 append_packet_data(buf, sizeof(buf)); 615 #else 616 append_packet_data((const uint8_t *)buf, sizeof(buf)); 617 #endif 618 } 619 620 static void 621 append_integer(unsigned int value) 622 { 623 624 if (value == 0) 625 append_char('0'); 626 else 627 append_unsigned_be(value, (fls(value) + 7) / 8); 628 } 629 630 static void 631 append_asciihex(const char *str) 632 { 633 634 while (*str != '\0') { 635 append_byte(*str); 636 str++; 637 } 638 } 639 640 static void 641 send_empty_response(void) 642 { 643 644 start_packet(); 645 finish_packet(); 646 } 647 648 static void 649 send_error(int error) 650 { 651 652 start_packet(); 653 append_char('E'); 654 append_byte(error); 655 finish_packet(); 656 } 657 658 static void 659 send_ok(void) 660 { 661 662 start_packet(); 663 append_string("OK"); 664 finish_packet(); 665 } 666 667 static int 668 parse_threadid(const uint8_t *data, size_t len) 669 { 670 671 if (len == 1 && *data == '0') 672 return (0); 673 if (len == 2 && memcmp(data, "-1", 2) == 0) 674 return (-1); 675 if (len == 0) 676 return (-2); 677 return (parse_integer(data, len)); 678 } 679 680 /* 681 * Report the current stop event to the debugger. If the stop is due 682 * to an event triggered on a specific vCPU such as a breakpoint or 683 * stepping trap, stopped_vcpu will be set to the vCPU triggering the 684 * stop. If 'set_cur_vcpu' is true, then cur_vcpu will be updated to 685 * the reporting vCPU for vCPU events. 686 */ 687 static void 688 report_stop(bool set_cur_vcpu) 689 { 690 struct vcpu_state *vs; 691 692 start_packet(); 693 if (stopped_vcpu == -1) { 694 append_char('S'); 695 append_byte(GDB_SIGNAL_TRAP); 696 } else { 697 vs = &vcpu_state[stopped_vcpu]; 698 if (set_cur_vcpu) 699 cur_vcpu = stopped_vcpu; 700 append_char('T'); 701 append_byte(GDB_SIGNAL_TRAP); 702 append_string("thread:"); 703 append_integer(stopped_vcpu + 1); 704 append_char(';'); 705 if (vs->hit_swbreak) { 706 debug("$vCPU %d reporting swbreak\n", stopped_vcpu); 707 if (swbreak_enabled) 708 append_string("swbreak:;"); 709 } else if (vs->stepped) 710 debug("$vCPU %d reporting step\n", stopped_vcpu); 711 else 712 debug("$vCPU %d reporting ???\n", stopped_vcpu); 713 } 714 finish_packet(); 715 report_next_stop = false; 716 } 717 718 /* 719 * If this stop is due to a vCPU event, clear that event to mark it as 720 * acknowledged. 721 */ 722 static void 723 discard_stop(void) 724 { 725 struct vcpu_state *vs; 726 727 if (stopped_vcpu != -1) { 728 vs = &vcpu_state[stopped_vcpu]; 729 vs->hit_swbreak = false; 730 vs->stepped = false; 731 stopped_vcpu = -1; 732 } 733 report_next_stop = true; 734 } 735 736 static void 737 gdb_finish_suspend_vcpus(void) 738 { 739 740 if (first_stop) { 741 first_stop = false; 742 stopped_vcpu = -1; 743 } else if (report_next_stop) { 744 assert(!response_pending()); 745 report_stop(true); 746 send_pending_data(cur_fd); 747 } 748 } 749 750 /* 751 * vCPU threads invoke this function whenever the vCPU enters the 752 * debug server to pause or report an event. vCPU threads wait here 753 * as long as the debug server keeps them suspended. 754 */ 755 static void 756 _gdb_cpu_suspend(struct vcpu *vcpu, bool report_stop) 757 { 758 int vcpuid = vcpu_id(vcpu); 759 760 debug("$vCPU %d suspending\n", vcpuid); 761 CPU_SET(vcpuid, &vcpus_waiting); 762 if (report_stop && CPU_CMP(&vcpus_waiting, &vcpus_suspended) == 0) 763 gdb_finish_suspend_vcpus(); 764 while (CPU_ISSET(vcpuid, &vcpus_suspended)) 765 pthread_cond_wait(&idle_vcpus, &gdb_lock); 766 CPU_CLR(vcpuid, &vcpus_waiting); 767 debug("$vCPU %d resuming\n", vcpuid); 768 } 769 770 /* 771 * Invoked at the start of a vCPU thread's execution to inform the 772 * debug server about the new thread. 773 */ 774 void 775 gdb_cpu_add(struct vcpu *vcpu) 776 { 777 int vcpuid; 778 779 if (!gdb_active) 780 return; 781 vcpuid = vcpu_id(vcpu); 782 debug("$vCPU %d starting\n", vcpuid); 783 pthread_mutex_lock(&gdb_lock); 784 assert(vcpuid < guest_ncpus); 785 assert(vcpus[vcpuid] == NULL); 786 vcpus[vcpuid] = vcpu; 787 CPU_SET(vcpuid, &vcpus_active); 788 if (!TAILQ_EMPTY(&breakpoints)) { 789 vm_set_capability(vcpu, VM_CAP_BPT_EXIT, 1); 790 debug("$vCPU %d enabled breakpoint exits\n", vcpu); 791 } 792 793 /* 794 * If a vcpu is added while vcpus are stopped, suspend the new 795 * vcpu so that it will pop back out with a debug exit before 796 * executing the first instruction. 797 */ 798 if (!CPU_EMPTY(&vcpus_suspended)) { 799 CPU_SET(vcpuid, &vcpus_suspended); 800 _gdb_cpu_suspend(vcpu, false); 801 } 802 pthread_mutex_unlock(&gdb_lock); 803 } 804 805 /* 806 * Invoked by vCPU before resuming execution. This enables stepping 807 * if the vCPU is marked as stepping. 808 */ 809 static void 810 gdb_cpu_resume(struct vcpu *vcpu) 811 { 812 struct vcpu_state *vs; 813 int error; 814 815 vs = &vcpu_state[vcpu_id(vcpu)]; 816 817 /* 818 * Any pending event should already be reported before 819 * resuming. 820 */ 821 assert(vs->hit_swbreak == false); 822 assert(vs->stepped == false); 823 if (vs->stepping) { 824 error = vm_set_capability(vcpu, VM_CAP_MTRAP_EXIT, 1); 825 assert(error == 0); 826 } 827 } 828 829 /* 830 * Handler for VM_EXITCODE_DEBUG used to suspend a vCPU when the guest 831 * has been suspended due to an event on different vCPU or in response 832 * to a guest-wide suspend such as Ctrl-C or the stop on attach. 833 */ 834 void 835 gdb_cpu_suspend(struct vcpu *vcpu) 836 { 837 838 if (!gdb_active) 839 return; 840 pthread_mutex_lock(&gdb_lock); 841 _gdb_cpu_suspend(vcpu, true); 842 gdb_cpu_resume(vcpu); 843 pthread_mutex_unlock(&gdb_lock); 844 } 845 846 static void 847 gdb_suspend_vcpus(void) 848 { 849 850 assert(pthread_mutex_isowned_np(&gdb_lock)); 851 debug("suspending all CPUs\n"); 852 vcpus_suspended = vcpus_active; 853 vm_suspend_all_cpus(ctx); 854 if (CPU_CMP(&vcpus_waiting, &vcpus_suspended) == 0) 855 gdb_finish_suspend_vcpus(); 856 } 857 858 /* 859 * Handler for VM_EXITCODE_MTRAP reported when a vCPU single-steps via 860 * the VT-x-specific MTRAP exit. 861 */ 862 void 863 gdb_cpu_mtrap(struct vcpu *vcpu) 864 { 865 struct vcpu_state *vs; 866 int vcpuid; 867 868 if (!gdb_active) 869 return; 870 vcpuid = vcpu_id(vcpu); 871 debug("$vCPU %d MTRAP\n", vcpuid); 872 pthread_mutex_lock(&gdb_lock); 873 vs = &vcpu_state[vcpuid]; 874 if (vs->stepping) { 875 vs->stepping = false; 876 vs->stepped = true; 877 vm_set_capability(vcpu, VM_CAP_MTRAP_EXIT, 0); 878 while (vs->stepped) { 879 if (stopped_vcpu == -1) { 880 debug("$vCPU %d reporting step\n", vcpuid); 881 stopped_vcpu = vcpuid; 882 gdb_suspend_vcpus(); 883 } 884 _gdb_cpu_suspend(vcpu, true); 885 } 886 gdb_cpu_resume(vcpu); 887 } 888 pthread_mutex_unlock(&gdb_lock); 889 } 890 891 static struct breakpoint * 892 find_breakpoint(uint64_t gpa) 893 { 894 struct breakpoint *bp; 895 896 TAILQ_FOREACH(bp, &breakpoints, link) { 897 if (bp->gpa == gpa) 898 return (bp); 899 } 900 return (NULL); 901 } 902 903 void 904 gdb_cpu_breakpoint(struct vcpu *vcpu, struct vm_exit *vmexit) 905 { 906 struct breakpoint *bp; 907 struct vcpu_state *vs; 908 uint64_t gpa; 909 int error, vcpuid; 910 911 if (!gdb_active) { 912 fprintf(stderr, "vm_loop: unexpected VMEXIT_DEBUG\n"); 913 exit(4); 914 } 915 vcpuid = vcpu_id(vcpu); 916 pthread_mutex_lock(&gdb_lock); 917 error = guest_vaddr2paddr(vcpu, vmexit->rip, &gpa); 918 assert(error == 1); 919 bp = find_breakpoint(gpa); 920 if (bp != NULL) { 921 vs = &vcpu_state[vcpuid]; 922 assert(vs->stepping == false); 923 assert(vs->stepped == false); 924 assert(vs->hit_swbreak == false); 925 vs->hit_swbreak = true; 926 vm_set_register(vcpu, VM_REG_GUEST_RIP, vmexit->rip); 927 for (;;) { 928 if (stopped_vcpu == -1) { 929 debug("$vCPU %d reporting breakpoint at rip %#lx\n", 930 vcpuid, vmexit->rip); 931 stopped_vcpu = vcpuid; 932 gdb_suspend_vcpus(); 933 } 934 _gdb_cpu_suspend(vcpu, true); 935 if (!vs->hit_swbreak) { 936 /* Breakpoint reported. */ 937 break; 938 } 939 bp = find_breakpoint(gpa); 940 if (bp == NULL) { 941 /* Breakpoint was removed. */ 942 vs->hit_swbreak = false; 943 break; 944 } 945 } 946 gdb_cpu_resume(vcpu); 947 } else { 948 debug("$vCPU %d injecting breakpoint at rip %#lx\n", vcpuid, 949 vmexit->rip); 950 error = vm_set_register(vcpu, VM_REG_GUEST_ENTRY_INST_LENGTH, 951 vmexit->u.bpt.inst_length); 952 assert(error == 0); 953 error = vm_inject_exception(vcpu, IDT_BP, 0, 0, 0); 954 assert(error == 0); 955 } 956 pthread_mutex_unlock(&gdb_lock); 957 } 958 959 static bool 960 gdb_step_vcpu(struct vcpu *vcpu) 961 { 962 int error, val, vcpuid; 963 964 vcpuid = vcpu_id(vcpu); 965 debug("$vCPU %d step\n", vcpuid); 966 error = vm_get_capability(vcpu, VM_CAP_MTRAP_EXIT, &val); 967 if (error < 0) 968 return (false); 969 970 discard_stop(); 971 vcpu_state[vcpuid].stepping = true; 972 vm_resume_cpu(vcpu); 973 CPU_CLR(vcpuid, &vcpus_suspended); 974 pthread_cond_broadcast(&idle_vcpus); 975 return (true); 976 } 977 978 static void 979 gdb_resume_vcpus(void) 980 { 981 982 assert(pthread_mutex_isowned_np(&gdb_lock)); 983 vm_resume_all_cpus(ctx); 984 debug("resuming all CPUs\n"); 985 CPU_ZERO(&vcpus_suspended); 986 pthread_cond_broadcast(&idle_vcpus); 987 } 988 989 static void 990 gdb_read_regs(void) 991 { 992 uint64_t regvals[nitems(gdb_regset)]; 993 994 if (vm_get_register_set(vcpus[cur_vcpu], nitems(gdb_regset), 995 gdb_regset, regvals) == -1) { 996 send_error(errno); 997 return; 998 } 999 start_packet(); 1000 for (size_t i = 0; i < nitems(regvals); i++) 1001 append_unsigned_native(regvals[i], gdb_regsize[i]); 1002 finish_packet(); 1003 } 1004 1005 static void 1006 gdb_read_mem(const uint8_t *data, size_t len) 1007 { 1008 uint64_t gpa, gva, val; 1009 uint8_t *cp; 1010 size_t resid, todo, bytes; 1011 bool started; 1012 int error; 1013 1014 /* Skip 'm' */ 1015 data += 1; 1016 len -= 1; 1017 1018 /* Parse and consume address. */ 1019 cp = memchr(data, ',', len); 1020 if (cp == NULL || cp == data) { 1021 send_error(EINVAL); 1022 return; 1023 } 1024 gva = parse_integer(data, cp - data); 1025 len -= (cp - data) + 1; 1026 data += (cp - data) + 1; 1027 1028 /* Parse length. */ 1029 resid = parse_integer(data, len); 1030 1031 started = false; 1032 while (resid > 0) { 1033 error = guest_vaddr2paddr(vcpus[cur_vcpu], gva, &gpa); 1034 if (error == -1) { 1035 if (started) 1036 finish_packet(); 1037 else 1038 send_error(errno); 1039 return; 1040 } 1041 if (error == 0) { 1042 if (started) 1043 finish_packet(); 1044 else 1045 send_error(EFAULT); 1046 return; 1047 } 1048 1049 /* Read bytes from current page. */ 1050 todo = getpagesize() - gpa % getpagesize(); 1051 if (todo > resid) 1052 todo = resid; 1053 1054 cp = paddr_guest2host(ctx, gpa, todo); 1055 if (cp != NULL) { 1056 /* 1057 * If this page is guest RAM, read it a byte 1058 * at a time. 1059 */ 1060 if (!started) { 1061 start_packet(); 1062 started = true; 1063 } 1064 while (todo > 0) { 1065 append_byte(*cp); 1066 cp++; 1067 gpa++; 1068 gva++; 1069 resid--; 1070 todo--; 1071 } 1072 } else { 1073 /* 1074 * If this page isn't guest RAM, try to handle 1075 * it via MMIO. For MMIO requests, use 1076 * aligned reads of words when possible. 1077 */ 1078 while (todo > 0) { 1079 if (gpa & 1 || todo == 1) 1080 bytes = 1; 1081 else if (gpa & 2 || todo == 2) 1082 bytes = 2; 1083 else 1084 bytes = 4; 1085 error = read_mem(vcpus[cur_vcpu], gpa, &val, 1086 bytes); 1087 if (error == 0) { 1088 if (!started) { 1089 start_packet(); 1090 started = true; 1091 } 1092 gpa += bytes; 1093 gva += bytes; 1094 resid -= bytes; 1095 todo -= bytes; 1096 while (bytes > 0) { 1097 append_byte(val); 1098 val >>= 8; 1099 bytes--; 1100 } 1101 } else { 1102 if (started) 1103 finish_packet(); 1104 else 1105 send_error(EFAULT); 1106 return; 1107 } 1108 } 1109 } 1110 assert(resid == 0 || gpa % getpagesize() == 0); 1111 } 1112 if (!started) 1113 start_packet(); 1114 finish_packet(); 1115 } 1116 1117 static void 1118 gdb_write_mem(const uint8_t *data, size_t len) 1119 { 1120 uint64_t gpa, gva, val; 1121 uint8_t *cp; 1122 size_t resid, todo, bytes; 1123 int error; 1124 1125 /* Skip 'M' */ 1126 data += 1; 1127 len -= 1; 1128 1129 /* Parse and consume address. */ 1130 cp = memchr(data, ',', len); 1131 if (cp == NULL || cp == data) { 1132 send_error(EINVAL); 1133 return; 1134 } 1135 gva = parse_integer(data, cp - data); 1136 len -= (cp - data) + 1; 1137 data += (cp - data) + 1; 1138 1139 /* Parse and consume length. */ 1140 cp = memchr(data, ':', len); 1141 if (cp == NULL || cp == data) { 1142 send_error(EINVAL); 1143 return; 1144 } 1145 resid = parse_integer(data, cp - data); 1146 len -= (cp - data) + 1; 1147 data += (cp - data) + 1; 1148 1149 /* Verify the available bytes match the length. */ 1150 if (len != resid * 2) { 1151 send_error(EINVAL); 1152 return; 1153 } 1154 1155 while (resid > 0) { 1156 error = guest_vaddr2paddr(vcpus[cur_vcpu], gva, &gpa); 1157 if (error == -1) { 1158 send_error(errno); 1159 return; 1160 } 1161 if (error == 0) { 1162 send_error(EFAULT); 1163 return; 1164 } 1165 1166 /* Write bytes to current page. */ 1167 todo = getpagesize() - gpa % getpagesize(); 1168 if (todo > resid) 1169 todo = resid; 1170 1171 cp = paddr_guest2host(ctx, gpa, todo); 1172 if (cp != NULL) { 1173 /* 1174 * If this page is guest RAM, write it a byte 1175 * at a time. 1176 */ 1177 while (todo > 0) { 1178 assert(len >= 2); 1179 *cp = parse_byte(data); 1180 data += 2; 1181 len -= 2; 1182 cp++; 1183 gpa++; 1184 gva++; 1185 resid--; 1186 todo--; 1187 } 1188 } else { 1189 /* 1190 * If this page isn't guest RAM, try to handle 1191 * it via MMIO. For MMIO requests, use 1192 * aligned writes of words when possible. 1193 */ 1194 while (todo > 0) { 1195 if (gpa & 1 || todo == 1) { 1196 bytes = 1; 1197 val = parse_byte(data); 1198 } else if (gpa & 2 || todo == 2) { 1199 bytes = 2; 1200 val = be16toh(parse_integer(data, 4)); 1201 } else { 1202 bytes = 4; 1203 val = be32toh(parse_integer(data, 8)); 1204 } 1205 error = write_mem(vcpus[cur_vcpu], gpa, val, 1206 bytes); 1207 if (error == 0) { 1208 gpa += bytes; 1209 gva += bytes; 1210 resid -= bytes; 1211 todo -= bytes; 1212 data += 2 * bytes; 1213 len -= 2 * bytes; 1214 } else { 1215 send_error(EFAULT); 1216 return; 1217 } 1218 } 1219 } 1220 assert(resid == 0 || gpa % getpagesize() == 0); 1221 } 1222 assert(len == 0); 1223 send_ok(); 1224 } 1225 1226 static bool 1227 set_breakpoint_caps(bool enable) 1228 { 1229 cpuset_t mask; 1230 int vcpu; 1231 1232 mask = vcpus_active; 1233 while (!CPU_EMPTY(&mask)) { 1234 vcpu = CPU_FFS(&mask) - 1; 1235 CPU_CLR(vcpu, &mask); 1236 if (vm_set_capability(vcpus[vcpu], VM_CAP_BPT_EXIT, 1237 enable ? 1 : 0) < 0) 1238 return (false); 1239 debug("$vCPU %d %sabled breakpoint exits\n", vcpu, 1240 enable ? "en" : "dis"); 1241 } 1242 return (true); 1243 } 1244 1245 static void 1246 remove_all_sw_breakpoints(void) 1247 { 1248 struct breakpoint *bp, *nbp; 1249 uint8_t *cp; 1250 1251 if (TAILQ_EMPTY(&breakpoints)) 1252 return; 1253 1254 TAILQ_FOREACH_SAFE(bp, &breakpoints, link, nbp) { 1255 debug("remove breakpoint at %#lx\n", bp->gpa); 1256 cp = paddr_guest2host(ctx, bp->gpa, 1); 1257 *cp = bp->shadow_inst; 1258 TAILQ_REMOVE(&breakpoints, bp, link); 1259 free(bp); 1260 } 1261 TAILQ_INIT(&breakpoints); 1262 set_breakpoint_caps(false); 1263 } 1264 1265 static void 1266 update_sw_breakpoint(uint64_t gva, int kind, bool insert) 1267 { 1268 struct breakpoint *bp; 1269 uint64_t gpa; 1270 uint8_t *cp; 1271 int error; 1272 1273 if (kind != 1) { 1274 send_error(EINVAL); 1275 return; 1276 } 1277 1278 error = guest_vaddr2paddr(vcpus[cur_vcpu], gva, &gpa); 1279 if (error == -1) { 1280 send_error(errno); 1281 return; 1282 } 1283 if (error == 0) { 1284 send_error(EFAULT); 1285 return; 1286 } 1287 1288 cp = paddr_guest2host(ctx, gpa, 1); 1289 1290 /* Only permit breakpoints in guest RAM. */ 1291 if (cp == NULL) { 1292 send_error(EFAULT); 1293 return; 1294 } 1295 1296 /* Find any existing breakpoint. */ 1297 bp = find_breakpoint(gpa); 1298 1299 /* 1300 * Silently ignore duplicate commands since the protocol 1301 * requires these packets to be idempotent. 1302 */ 1303 if (insert) { 1304 if (bp == NULL) { 1305 if (TAILQ_EMPTY(&breakpoints) && 1306 !set_breakpoint_caps(true)) { 1307 send_empty_response(); 1308 return; 1309 } 1310 bp = malloc(sizeof(*bp)); 1311 bp->gpa = gpa; 1312 bp->shadow_inst = *cp; 1313 *cp = 0xcc; /* INT 3 */ 1314 TAILQ_INSERT_TAIL(&breakpoints, bp, link); 1315 debug("new breakpoint at %#lx\n", gpa); 1316 } 1317 } else { 1318 if (bp != NULL) { 1319 debug("remove breakpoint at %#lx\n", gpa); 1320 *cp = bp->shadow_inst; 1321 TAILQ_REMOVE(&breakpoints, bp, link); 1322 free(bp); 1323 if (TAILQ_EMPTY(&breakpoints)) 1324 set_breakpoint_caps(false); 1325 } 1326 } 1327 send_ok(); 1328 } 1329 1330 static void 1331 parse_breakpoint(const uint8_t *data, size_t len) 1332 { 1333 uint64_t gva; 1334 uint8_t *cp; 1335 bool insert; 1336 int kind, type; 1337 1338 insert = data[0] == 'Z'; 1339 1340 /* Skip 'Z/z' */ 1341 data += 1; 1342 len -= 1; 1343 1344 /* Parse and consume type. */ 1345 cp = memchr(data, ',', len); 1346 if (cp == NULL || cp == data) { 1347 send_error(EINVAL); 1348 return; 1349 } 1350 type = parse_integer(data, cp - data); 1351 len -= (cp - data) + 1; 1352 data += (cp - data) + 1; 1353 1354 /* Parse and consume address. */ 1355 cp = memchr(data, ',', len); 1356 if (cp == NULL || cp == data) { 1357 send_error(EINVAL); 1358 return; 1359 } 1360 gva = parse_integer(data, cp - data); 1361 len -= (cp - data) + 1; 1362 data += (cp - data) + 1; 1363 1364 /* Parse and consume kind. */ 1365 cp = memchr(data, ';', len); 1366 if (cp == data) { 1367 send_error(EINVAL); 1368 return; 1369 } 1370 if (cp != NULL) { 1371 /* 1372 * We do not advertise support for either the 1373 * ConditionalBreakpoints or BreakpointCommands 1374 * features, so we should not be getting conditions or 1375 * commands from the remote end. 1376 */ 1377 send_empty_response(); 1378 return; 1379 } 1380 kind = parse_integer(data, len); 1381 data += len; 1382 len = 0; 1383 1384 switch (type) { 1385 case 0: 1386 update_sw_breakpoint(gva, kind, insert); 1387 break; 1388 default: 1389 send_empty_response(); 1390 break; 1391 } 1392 } 1393 1394 static bool 1395 command_equals(const uint8_t *data, size_t len, const char *cmd) 1396 { 1397 1398 if (strlen(cmd) > len) 1399 return (false); 1400 return (memcmp(data, cmd, strlen(cmd)) == 0); 1401 } 1402 1403 static void 1404 check_features(const uint8_t *data, size_t len) 1405 { 1406 char *feature, *next_feature, *str, *value; 1407 bool supported; 1408 1409 str = malloc(len + 1); 1410 memcpy(str, data, len); 1411 str[len] = '\0'; 1412 next_feature = str; 1413 1414 while ((feature = strsep(&next_feature, ";")) != NULL) { 1415 /* 1416 * Null features shouldn't exist, but skip if they 1417 * do. 1418 */ 1419 if (strcmp(feature, "") == 0) 1420 continue; 1421 1422 /* 1423 * Look for the value or supported / not supported 1424 * flag. 1425 */ 1426 value = strchr(feature, '='); 1427 if (value != NULL) { 1428 *value = '\0'; 1429 value++; 1430 supported = true; 1431 } else { 1432 value = feature + strlen(feature) - 1; 1433 switch (*value) { 1434 case '+': 1435 supported = true; 1436 break; 1437 case '-': 1438 supported = false; 1439 break; 1440 default: 1441 /* 1442 * This is really a protocol error, 1443 * but we just ignore malformed 1444 * features for ease of 1445 * implementation. 1446 */ 1447 continue; 1448 } 1449 value = NULL; 1450 } 1451 1452 if (strcmp(feature, "swbreak") == 0) 1453 swbreak_enabled = supported; 1454 1455 #ifndef __FreeBSD__ 1456 /* 1457 * The compiler dislikes 'supported' being set but never used. 1458 * Make it happy here. 1459 */ 1460 if (supported) { 1461 debug("feature '%s' supported\n", feature); 1462 } 1463 #endif /* __FreeBSD__ */ 1464 } 1465 free(str); 1466 1467 start_packet(); 1468 1469 /* This is an arbitrary limit. */ 1470 append_string("PacketSize=4096"); 1471 append_string(";swbreak+"); 1472 finish_packet(); 1473 } 1474 1475 static void 1476 gdb_query(const uint8_t *data, size_t len) 1477 { 1478 1479 /* 1480 * TODO: 1481 * - qSearch 1482 */ 1483 if (command_equals(data, len, "qAttached")) { 1484 start_packet(); 1485 append_char('1'); 1486 finish_packet(); 1487 } else if (command_equals(data, len, "qC")) { 1488 start_packet(); 1489 append_string("QC"); 1490 append_integer(cur_vcpu + 1); 1491 finish_packet(); 1492 } else if (command_equals(data, len, "qfThreadInfo")) { 1493 cpuset_t mask; 1494 bool first; 1495 int vcpu; 1496 1497 if (CPU_EMPTY(&vcpus_active)) { 1498 send_error(EINVAL); 1499 return; 1500 } 1501 mask = vcpus_active; 1502 start_packet(); 1503 append_char('m'); 1504 first = true; 1505 while (!CPU_EMPTY(&mask)) { 1506 vcpu = CPU_FFS(&mask) - 1; 1507 CPU_CLR(vcpu, &mask); 1508 if (first) 1509 first = false; 1510 else 1511 append_char(','); 1512 append_integer(vcpu + 1); 1513 } 1514 finish_packet(); 1515 } else if (command_equals(data, len, "qsThreadInfo")) { 1516 start_packet(); 1517 append_char('l'); 1518 finish_packet(); 1519 } else if (command_equals(data, len, "qSupported")) { 1520 data += strlen("qSupported"); 1521 len -= strlen("qSupported"); 1522 check_features(data, len); 1523 } else if (command_equals(data, len, "qThreadExtraInfo")) { 1524 char buf[16]; 1525 int tid; 1526 1527 data += strlen("qThreadExtraInfo"); 1528 len -= strlen("qThreadExtraInfo"); 1529 if (*data != ',') { 1530 send_error(EINVAL); 1531 return; 1532 } 1533 tid = parse_threadid(data + 1, len - 1); 1534 if (tid <= 0 || !CPU_ISSET(tid - 1, &vcpus_active)) { 1535 send_error(EINVAL); 1536 return; 1537 } 1538 1539 snprintf(buf, sizeof(buf), "vCPU %d", tid - 1); 1540 start_packet(); 1541 append_asciihex(buf); 1542 finish_packet(); 1543 } else 1544 send_empty_response(); 1545 } 1546 1547 static void 1548 handle_command(const uint8_t *data, size_t len) 1549 { 1550 1551 /* Reject packets with a sequence-id. */ 1552 if (len >= 3 && data[0] >= '0' && data[0] <= '9' && 1553 data[0] >= '0' && data[0] <= '9' && data[2] == ':') { 1554 send_empty_response(); 1555 return; 1556 } 1557 1558 switch (*data) { 1559 case 'c': 1560 if (len != 1) { 1561 send_error(EINVAL); 1562 break; 1563 } 1564 1565 discard_stop(); 1566 gdb_resume_vcpus(); 1567 break; 1568 case 'D': 1569 send_ok(); 1570 1571 /* TODO: Resume any stopped CPUs. */ 1572 break; 1573 case 'g': { 1574 gdb_read_regs(); 1575 break; 1576 } 1577 case 'H': { 1578 int tid; 1579 1580 if (data[1] != 'g' && data[1] != 'c') { 1581 send_error(EINVAL); 1582 break; 1583 } 1584 tid = parse_threadid(data + 2, len - 2); 1585 if (tid == -2) { 1586 send_error(EINVAL); 1587 break; 1588 } 1589 1590 if (CPU_EMPTY(&vcpus_active)) { 1591 send_error(EINVAL); 1592 break; 1593 } 1594 if (tid == -1 || tid == 0) 1595 cur_vcpu = CPU_FFS(&vcpus_active) - 1; 1596 else if (CPU_ISSET(tid - 1, &vcpus_active)) 1597 cur_vcpu = tid - 1; 1598 else { 1599 send_error(EINVAL); 1600 break; 1601 } 1602 send_ok(); 1603 break; 1604 } 1605 case 'm': 1606 gdb_read_mem(data, len); 1607 break; 1608 case 'M': 1609 gdb_write_mem(data, len); 1610 break; 1611 case 'T': { 1612 int tid; 1613 1614 tid = parse_threadid(data + 1, len - 1); 1615 if (tid <= 0 || !CPU_ISSET(tid - 1, &vcpus_active)) { 1616 send_error(EINVAL); 1617 return; 1618 } 1619 send_ok(); 1620 break; 1621 } 1622 case 'q': 1623 gdb_query(data, len); 1624 break; 1625 case 's': 1626 if (len != 1) { 1627 send_error(EINVAL); 1628 break; 1629 } 1630 1631 /* Don't send a reply until a stop occurs. */ 1632 if (!gdb_step_vcpu(vcpus[cur_vcpu])) { 1633 send_error(EOPNOTSUPP); 1634 break; 1635 } 1636 break; 1637 case 'z': 1638 case 'Z': 1639 parse_breakpoint(data, len); 1640 break; 1641 case '?': 1642 report_stop(false); 1643 break; 1644 case 'G': /* TODO */ 1645 case 'v': 1646 /* Handle 'vCont' */ 1647 /* 'vCtrlC' */ 1648 case 'p': /* TODO */ 1649 case 'P': /* TODO */ 1650 case 'Q': /* TODO */ 1651 case 't': /* TODO */ 1652 case 'X': /* TODO */ 1653 default: 1654 send_empty_response(); 1655 } 1656 } 1657 1658 /* Check for a valid packet in the command buffer. */ 1659 static void 1660 check_command(int fd) 1661 { 1662 uint8_t *head, *hash, *p, sum; 1663 size_t avail, plen; 1664 1665 for (;;) { 1666 avail = cur_comm.len; 1667 if (avail == 0) 1668 return; 1669 head = io_buffer_head(&cur_comm); 1670 switch (*head) { 1671 case 0x03: 1672 debug("<- Ctrl-C\n"); 1673 io_buffer_consume(&cur_comm, 1); 1674 1675 gdb_suspend_vcpus(); 1676 break; 1677 case '+': 1678 /* ACK of previous response. */ 1679 debug("<- +\n"); 1680 if (response_pending()) 1681 io_buffer_reset(&cur_resp); 1682 io_buffer_consume(&cur_comm, 1); 1683 if (stopped_vcpu != -1 && report_next_stop) { 1684 report_stop(true); 1685 send_pending_data(fd); 1686 } 1687 break; 1688 case '-': 1689 /* NACK of previous response. */ 1690 debug("<- -\n"); 1691 if (response_pending()) { 1692 cur_resp.len += cur_resp.start; 1693 cur_resp.start = 0; 1694 if (cur_resp.data[0] == '+') 1695 io_buffer_advance(&cur_resp, 1); 1696 debug("-> %.*s\n", (int)cur_resp.len, 1697 io_buffer_head(&cur_resp)); 1698 } 1699 io_buffer_consume(&cur_comm, 1); 1700 send_pending_data(fd); 1701 break; 1702 case '$': 1703 /* Packet. */ 1704 1705 if (response_pending()) { 1706 warnx("New GDB command while response in " 1707 "progress"); 1708 io_buffer_reset(&cur_resp); 1709 } 1710 1711 /* Is packet complete? */ 1712 hash = memchr(head, '#', avail); 1713 if (hash == NULL) 1714 return; 1715 plen = (hash - head + 1) + 2; 1716 if (avail < plen) 1717 return; 1718 debug("<- %.*s\n", (int)plen, head); 1719 1720 /* Verify checksum. */ 1721 for (sum = 0, p = head + 1; p < hash; p++) 1722 sum += *p; 1723 if (sum != parse_byte(hash + 1)) { 1724 io_buffer_consume(&cur_comm, plen); 1725 debug("-> -\n"); 1726 send_char('-'); 1727 send_pending_data(fd); 1728 break; 1729 } 1730 send_char('+'); 1731 1732 handle_command(head + 1, hash - (head + 1)); 1733 io_buffer_consume(&cur_comm, plen); 1734 if (!response_pending()) { 1735 debug("-> +\n"); 1736 } 1737 send_pending_data(fd); 1738 break; 1739 default: 1740 /* XXX: Possibly drop connection instead. */ 1741 debug("-> %02x\n", *head); 1742 io_buffer_consume(&cur_comm, 1); 1743 break; 1744 } 1745 } 1746 } 1747 1748 static void 1749 gdb_readable(int fd, enum ev_type event __unused, void *arg __unused) 1750 { 1751 size_t pending; 1752 ssize_t nread; 1753 int n; 1754 1755 if (ioctl(fd, FIONREAD, &n) == -1) { 1756 warn("FIONREAD on GDB socket"); 1757 return; 1758 } 1759 assert(n >= 0); 1760 pending = n; 1761 1762 /* 1763 * 'pending' might be zero due to EOF. We need to call read 1764 * with a non-zero length to detect EOF. 1765 */ 1766 if (pending == 0) 1767 pending = 1; 1768 1769 /* Ensure there is room in the command buffer. */ 1770 io_buffer_grow(&cur_comm, pending); 1771 assert(io_buffer_avail(&cur_comm) >= pending); 1772 1773 nread = read(fd, io_buffer_tail(&cur_comm), io_buffer_avail(&cur_comm)); 1774 if (nread == 0) { 1775 close_connection(); 1776 } else if (nread == -1) { 1777 if (errno == EAGAIN) 1778 return; 1779 1780 warn("Read from GDB socket"); 1781 close_connection(); 1782 } else { 1783 cur_comm.len += nread; 1784 pthread_mutex_lock(&gdb_lock); 1785 check_command(fd); 1786 pthread_mutex_unlock(&gdb_lock); 1787 } 1788 } 1789 1790 static void 1791 gdb_writable(int fd, enum ev_type event __unused, void *arg __unused) 1792 { 1793 1794 send_pending_data(fd); 1795 } 1796 1797 static void 1798 new_connection(int fd, enum ev_type event __unused, void *arg) 1799 { 1800 int optval, s; 1801 1802 s = accept4(fd, NULL, NULL, SOCK_NONBLOCK); 1803 if (s == -1) { 1804 if (arg != NULL) 1805 err(1, "Failed accepting initial GDB connection"); 1806 1807 /* Silently ignore errors post-startup. */ 1808 return; 1809 } 1810 1811 optval = 1; 1812 if (setsockopt(s, SOL_SOCKET, SO_NOSIGPIPE, &optval, sizeof(optval)) == 1813 -1) { 1814 warn("Failed to disable SIGPIPE for GDB connection"); 1815 close(s); 1816 return; 1817 } 1818 1819 pthread_mutex_lock(&gdb_lock); 1820 if (cur_fd != -1) { 1821 close(s); 1822 warnx("Ignoring additional GDB connection."); 1823 } 1824 1825 read_event = mevent_add(s, EVF_READ, gdb_readable, NULL); 1826 if (read_event == NULL) { 1827 if (arg != NULL) 1828 err(1, "Failed to setup initial GDB connection"); 1829 pthread_mutex_unlock(&gdb_lock); 1830 return; 1831 } 1832 write_event = mevent_add(s, EVF_WRITE, gdb_writable, NULL); 1833 if (write_event == NULL) { 1834 if (arg != NULL) 1835 err(1, "Failed to setup initial GDB connection"); 1836 mevent_delete_close(read_event); 1837 read_event = NULL; 1838 } 1839 1840 cur_fd = s; 1841 cur_vcpu = 0; 1842 stopped_vcpu = -1; 1843 1844 /* Break on attach. */ 1845 first_stop = true; 1846 report_next_stop = false; 1847 gdb_suspend_vcpus(); 1848 pthread_mutex_unlock(&gdb_lock); 1849 } 1850 1851 #ifndef WITHOUT_CAPSICUM 1852 static void 1853 limit_gdb_socket(int s) 1854 { 1855 cap_rights_t rights; 1856 unsigned long ioctls[] = { FIONREAD }; 1857 1858 cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE, 1859 CAP_SETSOCKOPT, CAP_IOCTL); 1860 if (caph_rights_limit(s, &rights) == -1) 1861 errx(EX_OSERR, "Unable to apply rights for sandbox"); 1862 if (caph_ioctls_limit(s, ioctls, nitems(ioctls)) == -1) 1863 errx(EX_OSERR, "Unable to apply rights for sandbox"); 1864 } 1865 #endif 1866 1867 1868 #ifndef __FreeBSD__ 1869 /* 1870 * Equivalent to init_gdb() below, but without configuring the listening socket. 1871 * This will allow the bhyve process to tolerate mdb attaching/detaching from 1872 * the instance while it is running. 1873 */ 1874 void 1875 init_mdb(struct vmctx *_ctx) 1876 { 1877 int error; 1878 bool wait; 1879 1880 wait = get_config_bool_default("gdb.wait", false); 1881 1882 error = pthread_mutex_init(&gdb_lock, NULL); 1883 if (error != 0) 1884 errc(1, error, "gdb mutex init"); 1885 error = pthread_cond_init(&idle_vcpus, NULL); 1886 if (error != 0) 1887 errc(1, error, "gdb cv init"); 1888 1889 ctx = _ctx; 1890 stopped_vcpu = -1; 1891 TAILQ_INIT(&breakpoints); 1892 vcpu_state = calloc(guest_ncpus, sizeof(*vcpu_state)); 1893 if (wait) { 1894 /* 1895 * Set vcpu 0 in vcpus_suspended. This will trigger the 1896 * logic in gdb_cpu_add() to suspend the first vcpu before 1897 * it starts execution. The vcpu will remain suspended 1898 * until a debugger connects. 1899 */ 1900 CPU_SET(0, &vcpus_suspended); 1901 stopped_vcpu = 0; 1902 } 1903 } 1904 #endif 1905 1906 void 1907 init_gdb(struct vmctx *_ctx) 1908 { 1909 int error, flags, optval, s; 1910 struct addrinfo hints; 1911 struct addrinfo *gdbaddr; 1912 const char *saddr, *value; 1913 char *sport; 1914 bool wait; 1915 1916 value = get_config_value("gdb.port"); 1917 if (value == NULL) 1918 return; 1919 sport = strdup(value); 1920 if (sport == NULL) 1921 errx(4, "Failed to allocate memory"); 1922 1923 wait = get_config_bool_default("gdb.wait", false); 1924 1925 saddr = get_config_value("gdb.address"); 1926 if (saddr == NULL) { 1927 saddr = "localhost"; 1928 } 1929 1930 debug("==> starting on %s:%s, %swaiting\n", 1931 saddr, sport, wait ? "" : "not "); 1932 1933 error = pthread_mutex_init(&gdb_lock, NULL); 1934 if (error != 0) 1935 errc(1, error, "gdb mutex init"); 1936 error = pthread_cond_init(&idle_vcpus, NULL); 1937 if (error != 0) 1938 errc(1, error, "gdb cv init"); 1939 1940 memset(&hints, 0, sizeof(hints)); 1941 hints.ai_family = AF_UNSPEC; 1942 hints.ai_socktype = SOCK_STREAM; 1943 hints.ai_flags = AI_NUMERICSERV | AI_PASSIVE; 1944 1945 error = getaddrinfo(saddr, sport, &hints, &gdbaddr); 1946 if (error != 0) 1947 errx(1, "gdb address resolution: %s", gai_strerror(error)); 1948 1949 ctx = _ctx; 1950 s = socket(gdbaddr->ai_family, gdbaddr->ai_socktype, 0); 1951 if (s < 0) 1952 err(1, "gdb socket create"); 1953 1954 optval = 1; 1955 (void)setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval)); 1956 1957 if (bind(s, gdbaddr->ai_addr, gdbaddr->ai_addrlen) < 0) 1958 err(1, "gdb socket bind"); 1959 1960 if (listen(s, 1) < 0) 1961 err(1, "gdb socket listen"); 1962 1963 stopped_vcpu = -1; 1964 TAILQ_INIT(&breakpoints); 1965 vcpus = calloc(guest_ncpus, sizeof(*vcpus)); 1966 vcpu_state = calloc(guest_ncpus, sizeof(*vcpu_state)); 1967 if (wait) { 1968 /* 1969 * Set vcpu 0 in vcpus_suspended. This will trigger the 1970 * logic in gdb_cpu_add() to suspend the first vcpu before 1971 * it starts execution. The vcpu will remain suspended 1972 * until a debugger connects. 1973 */ 1974 CPU_SET(0, &vcpus_suspended); 1975 stopped_vcpu = 0; 1976 } 1977 1978 flags = fcntl(s, F_GETFL); 1979 if (fcntl(s, F_SETFL, flags | O_NONBLOCK) == -1) 1980 err(1, "Failed to mark gdb socket non-blocking"); 1981 1982 #ifndef WITHOUT_CAPSICUM 1983 limit_gdb_socket(s); 1984 #endif 1985 mevent_add(s, EVF_READ, new_connection, NULL); 1986 gdb_active = true; 1987 freeaddrinfo(gdbaddr); 1988 free(sport); 1989 } 1990