1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2017-2018 John H. Baldwin <jhb@FreeBSD.org> 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include <sys/cdefs.h> 29 __FBSDID("$FreeBSD$"); 30 31 #include <sys/param.h> 32 #ifndef WITHOUT_CAPSICUM 33 #include <sys/capsicum.h> 34 #endif 35 #ifdef __FreeBSD__ 36 #include <sys/endian.h> 37 #else 38 #include <endian.h> 39 #endif 40 #include <sys/ioctl.h> 41 #include <sys/mman.h> 42 #include <sys/queue.h> 43 #include <sys/socket.h> 44 #include <machine/atomic.h> 45 #include <machine/specialreg.h> 46 #include <machine/vmm.h> 47 #include <netinet/in.h> 48 #include <assert.h> 49 #ifndef WITHOUT_CAPSICUM 50 #include <capsicum_helpers.h> 51 #endif 52 #include <err.h> 53 #include <errno.h> 54 #include <fcntl.h> 55 #include <pthread.h> 56 #include <pthread_np.h> 57 #include <stdbool.h> 58 #include <stdio.h> 59 #include <stdlib.h> 60 #include <string.h> 61 #include <sysexits.h> 62 #include <unistd.h> 63 #include <vmmapi.h> 64 65 #include "bhyverun.h" 66 #include "gdb.h" 67 #include "mem.h" 68 #include "mevent.h" 69 70 /* 71 * GDB_SIGNAL_* numbers are part of the GDB remote protocol. Most stops 72 * use SIGTRAP. 73 */ 74 #define GDB_SIGNAL_TRAP 5 75 76 static void gdb_resume_vcpus(void); 77 static void check_command(int fd); 78 79 static struct mevent *read_event, *write_event; 80 81 static cpuset_t vcpus_active, vcpus_suspended, vcpus_waiting; 82 static pthread_mutex_t gdb_lock; 83 static pthread_cond_t idle_vcpus; 84 static bool first_stop, report_next_stop, swbreak_enabled; 85 86 /* 87 * An I/O buffer contains 'capacity' bytes of room at 'data'. For a 88 * read buffer, 'start' is unused and 'len' contains the number of 89 * valid bytes in the buffer. For a write buffer, 'start' is set to 90 * the index of the next byte in 'data' to send, and 'len' contains 91 * the remaining number of valid bytes to send. 92 */ 93 struct io_buffer { 94 uint8_t *data; 95 size_t capacity; 96 size_t start; 97 size_t len; 98 }; 99 100 struct breakpoint { 101 uint64_t gpa; 102 uint8_t shadow_inst; 103 TAILQ_ENTRY(breakpoint) link; 104 }; 105 106 /* 107 * When a vCPU stops to due to an event that should be reported to the 108 * debugger, information about the event is stored in this structure. 109 * The vCPU thread then sets 'stopped_vcpu' if it is not already set 110 * and stops other vCPUs so the event can be reported. The 111 * report_stop() function reports the event for the 'stopped_vcpu' 112 * vCPU. When the debugger resumes execution via continue or step, 113 * the event for 'stopped_vcpu' is cleared. vCPUs will loop in their 114 * event handlers until the associated event is reported or disabled. 115 * 116 * An idle vCPU will have all of the boolean fields set to false. 117 * 118 * When a vCPU is stepped, 'stepping' is set to true when the vCPU is 119 * released to execute the stepped instruction. When the vCPU reports 120 * the stepping trap, 'stepped' is set. 121 * 122 * When a vCPU hits a breakpoint set by the debug server, 123 * 'hit_swbreak' is set to true. 124 */ 125 struct vcpu_state { 126 bool stepping; 127 bool stepped; 128 bool hit_swbreak; 129 }; 130 131 static struct io_buffer cur_comm, cur_resp; 132 static uint8_t cur_csum; 133 static struct vmctx *ctx; 134 static int cur_fd = -1; 135 static TAILQ_HEAD(, breakpoint) breakpoints; 136 static struct vcpu_state *vcpu_state; 137 static int cur_vcpu, stopped_vcpu; 138 static bool gdb_active = false; 139 140 const int gdb_regset[] = { 141 VM_REG_GUEST_RAX, 142 VM_REG_GUEST_RBX, 143 VM_REG_GUEST_RCX, 144 VM_REG_GUEST_RDX, 145 VM_REG_GUEST_RSI, 146 VM_REG_GUEST_RDI, 147 VM_REG_GUEST_RBP, 148 VM_REG_GUEST_RSP, 149 VM_REG_GUEST_R8, 150 VM_REG_GUEST_R9, 151 VM_REG_GUEST_R10, 152 VM_REG_GUEST_R11, 153 VM_REG_GUEST_R12, 154 VM_REG_GUEST_R13, 155 VM_REG_GUEST_R14, 156 VM_REG_GUEST_R15, 157 VM_REG_GUEST_RIP, 158 VM_REG_GUEST_RFLAGS, 159 VM_REG_GUEST_CS, 160 VM_REG_GUEST_SS, 161 VM_REG_GUEST_DS, 162 VM_REG_GUEST_ES, 163 VM_REG_GUEST_FS, 164 VM_REG_GUEST_GS 165 }; 166 167 const int gdb_regsize[] = { 168 8, 169 8, 170 8, 171 8, 172 8, 173 8, 174 8, 175 8, 176 8, 177 8, 178 8, 179 8, 180 8, 181 8, 182 8, 183 8, 184 8, 185 4, 186 4, 187 4, 188 4, 189 4, 190 4, 191 4 192 }; 193 194 #ifdef GDB_LOG 195 #include <stdarg.h> 196 #include <stdio.h> 197 198 static void __printflike(1, 2) 199 debug(const char *fmt, ...) 200 { 201 static FILE *logfile; 202 va_list ap; 203 204 if (logfile == NULL) { 205 logfile = fopen("/tmp/bhyve_gdb.log", "w"); 206 if (logfile == NULL) 207 return; 208 #ifndef WITHOUT_CAPSICUM 209 if (caph_limit_stream(fileno(logfile), CAPH_WRITE) == -1) { 210 fclose(logfile); 211 logfile = NULL; 212 return; 213 } 214 #endif 215 setlinebuf(logfile); 216 } 217 va_start(ap, fmt); 218 vfprintf(logfile, fmt, ap); 219 va_end(ap); 220 } 221 #else 222 #ifndef __FreeBSD__ 223 /* 224 * A totally empty debug() makes the compiler grumpy due to how its used with 225 * some control flow here. 226 */ 227 #define debug(...) do { } while (0) 228 #else 229 #define debug(...) 230 #endif 231 #endif 232 233 static void remove_all_sw_breakpoints(void); 234 235 static int 236 guest_paging_info(int vcpu, struct vm_guest_paging *paging) 237 { 238 uint64_t regs[4]; 239 const int regset[4] = { 240 VM_REG_GUEST_CR0, 241 VM_REG_GUEST_CR3, 242 VM_REG_GUEST_CR4, 243 VM_REG_GUEST_EFER 244 }; 245 246 if (vm_get_register_set(ctx, vcpu, nitems(regset), regset, regs) == -1) 247 return (-1); 248 249 /* 250 * For the debugger, always pretend to be the kernel (CPL 0), 251 * and if long-mode is enabled, always parse addresses as if 252 * in 64-bit mode. 253 */ 254 paging->cr3 = regs[1]; 255 paging->cpl = 0; 256 if (regs[3] & EFER_LMA) 257 paging->cpu_mode = CPU_MODE_64BIT; 258 else if (regs[0] & CR0_PE) 259 paging->cpu_mode = CPU_MODE_PROTECTED; 260 else 261 paging->cpu_mode = CPU_MODE_REAL; 262 if (!(regs[0] & CR0_PG)) 263 paging->paging_mode = PAGING_MODE_FLAT; 264 else if (!(regs[2] & CR4_PAE)) 265 paging->paging_mode = PAGING_MODE_32; 266 else if (regs[3] & EFER_LME) 267 paging->paging_mode = PAGING_MODE_64; 268 else 269 paging->paging_mode = PAGING_MODE_PAE; 270 return (0); 271 } 272 273 /* 274 * Map a guest virtual address to a physical address (for a given vcpu). 275 * If a guest virtual address is valid, return 1. If the address is 276 * not valid, return 0. If an error occurs obtaining the mapping, 277 * return -1. 278 */ 279 static int 280 guest_vaddr2paddr(int vcpu, uint64_t vaddr, uint64_t *paddr) 281 { 282 struct vm_guest_paging paging; 283 int fault; 284 285 if (guest_paging_info(vcpu, &paging) == -1) 286 return (-1); 287 288 /* 289 * Always use PROT_READ. We really care if the VA is 290 * accessible, not if the current vCPU can write. 291 */ 292 if (vm_gla2gpa_nofault(ctx, vcpu, &paging, vaddr, PROT_READ, paddr, 293 &fault) == -1) 294 return (-1); 295 if (fault) 296 return (0); 297 return (1); 298 } 299 300 static void 301 io_buffer_reset(struct io_buffer *io) 302 { 303 304 io->start = 0; 305 io->len = 0; 306 } 307 308 /* Available room for adding data. */ 309 static size_t 310 io_buffer_avail(struct io_buffer *io) 311 { 312 313 return (io->capacity - (io->start + io->len)); 314 } 315 316 static uint8_t * 317 io_buffer_head(struct io_buffer *io) 318 { 319 320 return (io->data + io->start); 321 } 322 323 static uint8_t * 324 io_buffer_tail(struct io_buffer *io) 325 { 326 327 return (io->data + io->start + io->len); 328 } 329 330 static void 331 io_buffer_advance(struct io_buffer *io, size_t amount) 332 { 333 334 assert(amount <= io->len); 335 io->start += amount; 336 io->len -= amount; 337 } 338 339 static void 340 io_buffer_consume(struct io_buffer *io, size_t amount) 341 { 342 343 io_buffer_advance(io, amount); 344 if (io->len == 0) { 345 io->start = 0; 346 return; 347 } 348 349 /* 350 * XXX: Consider making this move optional and compacting on a 351 * future read() before realloc(). 352 */ 353 memmove(io->data, io_buffer_head(io), io->len); 354 io->start = 0; 355 } 356 357 static void 358 io_buffer_grow(struct io_buffer *io, size_t newsize) 359 { 360 uint8_t *new_data; 361 size_t avail, new_cap; 362 363 avail = io_buffer_avail(io); 364 if (newsize <= avail) 365 return; 366 367 new_cap = io->capacity + (newsize - avail); 368 new_data = realloc(io->data, new_cap); 369 if (new_data == NULL) 370 err(1, "Failed to grow GDB I/O buffer"); 371 io->data = new_data; 372 io->capacity = new_cap; 373 } 374 375 static bool 376 response_pending(void) 377 { 378 379 if (cur_resp.start == 0 && cur_resp.len == 0) 380 return (false); 381 if (cur_resp.start + cur_resp.len == 1 && cur_resp.data[0] == '+') 382 return (false); 383 return (true); 384 } 385 386 static void 387 close_connection(void) 388 { 389 390 /* 391 * XXX: This triggers a warning because mevent does the close 392 * before the EV_DELETE. 393 */ 394 pthread_mutex_lock(&gdb_lock); 395 mevent_delete(write_event); 396 mevent_delete_close(read_event); 397 write_event = NULL; 398 read_event = NULL; 399 io_buffer_reset(&cur_comm); 400 io_buffer_reset(&cur_resp); 401 cur_fd = -1; 402 403 remove_all_sw_breakpoints(); 404 405 /* Clear any pending events. */ 406 memset(vcpu_state, 0, guest_ncpus * sizeof(*vcpu_state)); 407 408 /* Resume any stopped vCPUs. */ 409 gdb_resume_vcpus(); 410 pthread_mutex_unlock(&gdb_lock); 411 } 412 413 static uint8_t 414 hex_digit(uint8_t nibble) 415 { 416 417 if (nibble <= 9) 418 return (nibble + '0'); 419 else 420 return (nibble + 'a' - 10); 421 } 422 423 static uint8_t 424 parse_digit(uint8_t v) 425 { 426 427 if (v >= '0' && v <= '9') 428 return (v - '0'); 429 if (v >= 'a' && v <= 'f') 430 return (v - 'a' + 10); 431 if (v >= 'A' && v <= 'F') 432 return (v - 'A' + 10); 433 return (0xF); 434 } 435 436 /* Parses big-endian hexadecimal. */ 437 static uintmax_t 438 parse_integer(const uint8_t *p, size_t len) 439 { 440 uintmax_t v; 441 442 v = 0; 443 while (len > 0) { 444 v <<= 4; 445 v |= parse_digit(*p); 446 p++; 447 len--; 448 } 449 return (v); 450 } 451 452 static uint8_t 453 parse_byte(const uint8_t *p) 454 { 455 456 return (parse_digit(p[0]) << 4 | parse_digit(p[1])); 457 } 458 459 static void 460 send_pending_data(int fd) 461 { 462 ssize_t nwritten; 463 464 if (cur_resp.len == 0) { 465 mevent_disable(write_event); 466 return; 467 } 468 nwritten = write(fd, io_buffer_head(&cur_resp), cur_resp.len); 469 if (nwritten == -1) { 470 warn("Write to GDB socket failed"); 471 close_connection(); 472 } else { 473 io_buffer_advance(&cur_resp, nwritten); 474 if (cur_resp.len == 0) 475 mevent_disable(write_event); 476 else 477 mevent_enable(write_event); 478 } 479 } 480 481 /* Append a single character to the output buffer. */ 482 static void 483 send_char(uint8_t data) 484 { 485 io_buffer_grow(&cur_resp, 1); 486 *io_buffer_tail(&cur_resp) = data; 487 cur_resp.len++; 488 } 489 490 /* Append an array of bytes to the output buffer. */ 491 static void 492 send_data(const uint8_t *data, size_t len) 493 { 494 495 io_buffer_grow(&cur_resp, len); 496 memcpy(io_buffer_tail(&cur_resp), data, len); 497 cur_resp.len += len; 498 } 499 500 static void 501 format_byte(uint8_t v, uint8_t *buf) 502 { 503 504 buf[0] = hex_digit(v >> 4); 505 buf[1] = hex_digit(v & 0xf); 506 } 507 508 /* 509 * Append a single byte (formatted as two hex characters) to the 510 * output buffer. 511 */ 512 static void 513 send_byte(uint8_t v) 514 { 515 uint8_t buf[2]; 516 517 format_byte(v, buf); 518 send_data(buf, sizeof(buf)); 519 } 520 521 static void 522 start_packet(void) 523 { 524 525 send_char('$'); 526 cur_csum = 0; 527 } 528 529 static void 530 finish_packet(void) 531 { 532 533 send_char('#'); 534 send_byte(cur_csum); 535 debug("-> %.*s\n", (int)cur_resp.len, io_buffer_head(&cur_resp)); 536 } 537 538 /* 539 * Append a single character (for the packet payload) and update the 540 * checksum. 541 */ 542 static void 543 append_char(uint8_t v) 544 { 545 546 send_char(v); 547 cur_csum += v; 548 } 549 550 /* 551 * Append an array of bytes (for the packet payload) and update the 552 * checksum. 553 */ 554 static void 555 append_packet_data(const uint8_t *data, size_t len) 556 { 557 558 send_data(data, len); 559 while (len > 0) { 560 cur_csum += *data; 561 data++; 562 len--; 563 } 564 } 565 566 static void 567 append_string(const char *str) 568 { 569 570 #ifdef __FreeBSD__ 571 append_packet_data(str, strlen(str)); 572 #else 573 append_packet_data((const uint8_t *)str, strlen(str)); 574 #endif 575 } 576 577 static void 578 append_byte(uint8_t v) 579 { 580 uint8_t buf[2]; 581 582 format_byte(v, buf); 583 append_packet_data(buf, sizeof(buf)); 584 } 585 586 static void 587 append_unsigned_native(uintmax_t value, size_t len) 588 { 589 size_t i; 590 591 for (i = 0; i < len; i++) { 592 append_byte(value); 593 value >>= 8; 594 } 595 } 596 597 static void 598 append_unsigned_be(uintmax_t value, size_t len) 599 { 600 char buf[len * 2]; 601 size_t i; 602 603 for (i = 0; i < len; i++) { 604 #ifdef __FreeBSD__ 605 format_byte(value, buf + (len - i - 1) * 2); 606 #else 607 format_byte(value, (uint8_t *)(buf + (len - i - 1) * 2)); 608 #endif 609 value >>= 8; 610 } 611 #ifdef __FreeBSD__ 612 append_packet_data(buf, sizeof(buf)); 613 #else 614 append_packet_data((const uint8_t *)buf, sizeof(buf)); 615 #endif 616 } 617 618 static void 619 append_integer(unsigned int value) 620 { 621 622 if (value == 0) 623 append_char('0'); 624 else 625 append_unsigned_be(value, (fls(value) + 7) / 8); 626 } 627 628 static void 629 append_asciihex(const char *str) 630 { 631 632 while (*str != '\0') { 633 append_byte(*str); 634 str++; 635 } 636 } 637 638 static void 639 send_empty_response(void) 640 { 641 642 start_packet(); 643 finish_packet(); 644 } 645 646 static void 647 send_error(int error) 648 { 649 650 start_packet(); 651 append_char('E'); 652 append_byte(error); 653 finish_packet(); 654 } 655 656 static void 657 send_ok(void) 658 { 659 660 start_packet(); 661 append_string("OK"); 662 finish_packet(); 663 } 664 665 static int 666 parse_threadid(const uint8_t *data, size_t len) 667 { 668 669 if (len == 1 && *data == '0') 670 return (0); 671 if (len == 2 && memcmp(data, "-1", 2) == 0) 672 return (-1); 673 if (len == 0) 674 return (-2); 675 return (parse_integer(data, len)); 676 } 677 678 /* 679 * Report the current stop event to the debugger. If the stop is due 680 * to an event triggered on a specific vCPU such as a breakpoint or 681 * stepping trap, stopped_vcpu will be set to the vCPU triggering the 682 * stop. If 'set_cur_vcpu' is true, then cur_vcpu will be updated to 683 * the reporting vCPU for vCPU events. 684 */ 685 static void 686 report_stop(bool set_cur_vcpu) 687 { 688 struct vcpu_state *vs; 689 690 start_packet(); 691 if (stopped_vcpu == -1) { 692 append_char('S'); 693 append_byte(GDB_SIGNAL_TRAP); 694 } else { 695 vs = &vcpu_state[stopped_vcpu]; 696 if (set_cur_vcpu) 697 cur_vcpu = stopped_vcpu; 698 append_char('T'); 699 append_byte(GDB_SIGNAL_TRAP); 700 append_string("thread:"); 701 append_integer(stopped_vcpu + 1); 702 append_char(';'); 703 if (vs->hit_swbreak) { 704 debug("$vCPU %d reporting swbreak\n", stopped_vcpu); 705 if (swbreak_enabled) 706 append_string("swbreak:;"); 707 } else if (vs->stepped) 708 debug("$vCPU %d reporting step\n", stopped_vcpu); 709 else 710 debug("$vCPU %d reporting ???\n", stopped_vcpu); 711 } 712 finish_packet(); 713 report_next_stop = false; 714 } 715 716 /* 717 * If this stop is due to a vCPU event, clear that event to mark it as 718 * acknowledged. 719 */ 720 static void 721 discard_stop(void) 722 { 723 struct vcpu_state *vs; 724 725 if (stopped_vcpu != -1) { 726 vs = &vcpu_state[stopped_vcpu]; 727 vs->hit_swbreak = false; 728 vs->stepped = false; 729 stopped_vcpu = -1; 730 } 731 report_next_stop = true; 732 } 733 734 static void 735 gdb_finish_suspend_vcpus(void) 736 { 737 738 if (first_stop) { 739 first_stop = false; 740 stopped_vcpu = -1; 741 } else if (report_next_stop) { 742 assert(!response_pending()); 743 report_stop(true); 744 send_pending_data(cur_fd); 745 } 746 } 747 748 /* 749 * vCPU threads invoke this function whenever the vCPU enters the 750 * debug server to pause or report an event. vCPU threads wait here 751 * as long as the debug server keeps them suspended. 752 */ 753 static void 754 _gdb_cpu_suspend(int vcpu, bool report_stop) 755 { 756 757 if (!gdb_active) 758 return; 759 debug("$vCPU %d suspending\n", vcpu); 760 CPU_SET(vcpu, &vcpus_waiting); 761 if (report_stop && CPU_CMP(&vcpus_waiting, &vcpus_suspended) == 0) 762 gdb_finish_suspend_vcpus(); 763 while (CPU_ISSET(vcpu, &vcpus_suspended)) 764 pthread_cond_wait(&idle_vcpus, &gdb_lock); 765 CPU_CLR(vcpu, &vcpus_waiting); 766 debug("$vCPU %d resuming\n", vcpu); 767 } 768 769 /* 770 * Invoked at the start of a vCPU thread's execution to inform the 771 * debug server about the new thread. 772 */ 773 void 774 gdb_cpu_add(int vcpu) 775 { 776 777 if (!gdb_active) 778 return; 779 debug("$vCPU %d starting\n", vcpu); 780 pthread_mutex_lock(&gdb_lock); 781 assert(vcpu < guest_ncpus); 782 CPU_SET(vcpu, &vcpus_active); 783 if (!TAILQ_EMPTY(&breakpoints)) { 784 vm_set_capability(ctx, vcpu, VM_CAP_BPT_EXIT, 1); 785 debug("$vCPU %d enabled breakpoint exits\n", vcpu); 786 } 787 788 /* 789 * If a vcpu is added while vcpus are stopped, suspend the new 790 * vcpu so that it will pop back out with a debug exit before 791 * executing the first instruction. 792 */ 793 if (!CPU_EMPTY(&vcpus_suspended)) { 794 CPU_SET(vcpu, &vcpus_suspended); 795 _gdb_cpu_suspend(vcpu, false); 796 } 797 pthread_mutex_unlock(&gdb_lock); 798 } 799 800 /* 801 * Invoked by vCPU before resuming execution. This enables stepping 802 * if the vCPU is marked as stepping. 803 */ 804 static void 805 gdb_cpu_resume(int vcpu) 806 { 807 struct vcpu_state *vs; 808 int error; 809 810 vs = &vcpu_state[vcpu]; 811 812 /* 813 * Any pending event should already be reported before 814 * resuming. 815 */ 816 assert(vs->hit_swbreak == false); 817 assert(vs->stepped == false); 818 if (vs->stepping) { 819 error = vm_set_capability(ctx, vcpu, VM_CAP_MTRAP_EXIT, 1); 820 assert(error == 0); 821 } 822 } 823 824 /* 825 * Handler for VM_EXITCODE_DEBUG used to suspend a vCPU when the guest 826 * has been suspended due to an event on different vCPU or in response 827 * to a guest-wide suspend such as Ctrl-C or the stop on attach. 828 */ 829 void 830 gdb_cpu_suspend(int vcpu) 831 { 832 833 pthread_mutex_lock(&gdb_lock); 834 _gdb_cpu_suspend(vcpu, true); 835 gdb_cpu_resume(vcpu); 836 pthread_mutex_unlock(&gdb_lock); 837 } 838 839 static void 840 gdb_suspend_vcpus(void) 841 { 842 843 assert(pthread_mutex_isowned_np(&gdb_lock)); 844 debug("suspending all CPUs\n"); 845 vcpus_suspended = vcpus_active; 846 vm_suspend_cpu(ctx, -1); 847 if (CPU_CMP(&vcpus_waiting, &vcpus_suspended) == 0) 848 gdb_finish_suspend_vcpus(); 849 } 850 851 /* 852 * Handler for VM_EXITCODE_MTRAP reported when a vCPU single-steps via 853 * the VT-x-specific MTRAP exit. 854 */ 855 void 856 gdb_cpu_mtrap(int vcpu) 857 { 858 struct vcpu_state *vs; 859 860 if (!gdb_active) 861 return; 862 debug("$vCPU %d MTRAP\n", vcpu); 863 pthread_mutex_lock(&gdb_lock); 864 vs = &vcpu_state[vcpu]; 865 if (vs->stepping) { 866 vs->stepping = false; 867 vs->stepped = true; 868 vm_set_capability(ctx, vcpu, VM_CAP_MTRAP_EXIT, 0); 869 while (vs->stepped) { 870 if (stopped_vcpu == -1) { 871 debug("$vCPU %d reporting step\n", vcpu); 872 stopped_vcpu = vcpu; 873 gdb_suspend_vcpus(); 874 } 875 _gdb_cpu_suspend(vcpu, true); 876 } 877 gdb_cpu_resume(vcpu); 878 } 879 pthread_mutex_unlock(&gdb_lock); 880 } 881 882 static struct breakpoint * 883 find_breakpoint(uint64_t gpa) 884 { 885 struct breakpoint *bp; 886 887 TAILQ_FOREACH(bp, &breakpoints, link) { 888 if (bp->gpa == gpa) 889 return (bp); 890 } 891 return (NULL); 892 } 893 894 void 895 gdb_cpu_breakpoint(int vcpu, struct vm_exit *vmexit) 896 { 897 struct breakpoint *bp; 898 struct vcpu_state *vs; 899 uint64_t gpa; 900 int error; 901 902 if (!gdb_active) { 903 fprintf(stderr, "vm_loop: unexpected VMEXIT_DEBUG\n"); 904 exit(4); 905 } 906 pthread_mutex_lock(&gdb_lock); 907 error = guest_vaddr2paddr(vcpu, vmexit->rip, &gpa); 908 assert(error == 1); 909 bp = find_breakpoint(gpa); 910 if (bp != NULL) { 911 vs = &vcpu_state[vcpu]; 912 assert(vs->stepping == false); 913 assert(vs->stepped == false); 914 assert(vs->hit_swbreak == false); 915 vs->hit_swbreak = true; 916 vm_set_register(ctx, vcpu, VM_REG_GUEST_RIP, vmexit->rip); 917 for (;;) { 918 if (stopped_vcpu == -1) { 919 debug("$vCPU %d reporting breakpoint at rip %#lx\n", vcpu, 920 vmexit->rip); 921 stopped_vcpu = vcpu; 922 gdb_suspend_vcpus(); 923 } 924 _gdb_cpu_suspend(vcpu, true); 925 if (!vs->hit_swbreak) { 926 /* Breakpoint reported. */ 927 break; 928 } 929 bp = find_breakpoint(gpa); 930 if (bp == NULL) { 931 /* Breakpoint was removed. */ 932 vs->hit_swbreak = false; 933 break; 934 } 935 } 936 gdb_cpu_resume(vcpu); 937 } else { 938 debug("$vCPU %d injecting breakpoint at rip %#lx\n", vcpu, 939 vmexit->rip); 940 error = vm_set_register(ctx, vcpu, 941 VM_REG_GUEST_ENTRY_INST_LENGTH, vmexit->u.bpt.inst_length); 942 assert(error == 0); 943 error = vm_inject_exception(ctx, vcpu, IDT_BP, 0, 0, 0); 944 assert(error == 0); 945 } 946 pthread_mutex_unlock(&gdb_lock); 947 } 948 949 static bool 950 gdb_step_vcpu(int vcpu) 951 { 952 int error, val; 953 954 debug("$vCPU %d step\n", vcpu); 955 error = vm_get_capability(ctx, vcpu, VM_CAP_MTRAP_EXIT, &val); 956 if (error < 0) 957 return (false); 958 959 discard_stop(); 960 vcpu_state[vcpu].stepping = true; 961 vm_resume_cpu(ctx, vcpu); 962 CPU_CLR(vcpu, &vcpus_suspended); 963 pthread_cond_broadcast(&idle_vcpus); 964 return (true); 965 } 966 967 static void 968 gdb_resume_vcpus(void) 969 { 970 971 assert(pthread_mutex_isowned_np(&gdb_lock)); 972 vm_resume_cpu(ctx, -1); 973 debug("resuming all CPUs\n"); 974 CPU_ZERO(&vcpus_suspended); 975 pthread_cond_broadcast(&idle_vcpus); 976 } 977 978 static void 979 gdb_read_regs(void) 980 { 981 uint64_t regvals[nitems(gdb_regset)]; 982 int i; 983 984 if (vm_get_register_set(ctx, cur_vcpu, nitems(gdb_regset), 985 gdb_regset, regvals) == -1) { 986 send_error(errno); 987 return; 988 } 989 start_packet(); 990 for (i = 0; i < nitems(regvals); i++) 991 append_unsigned_native(regvals[i], gdb_regsize[i]); 992 finish_packet(); 993 } 994 995 static void 996 gdb_read_mem(const uint8_t *data, size_t len) 997 { 998 uint64_t gpa, gva, val; 999 uint8_t *cp; 1000 size_t resid, todo, bytes; 1001 bool started; 1002 int error; 1003 1004 /* Skip 'm' */ 1005 data += 1; 1006 len -= 1; 1007 1008 /* Parse and consume address. */ 1009 cp = memchr(data, ',', len); 1010 if (cp == NULL || cp == data) { 1011 send_error(EINVAL); 1012 return; 1013 } 1014 gva = parse_integer(data, cp - data); 1015 len -= (cp - data) + 1; 1016 data += (cp - data) + 1; 1017 1018 /* Parse length. */ 1019 resid = parse_integer(data, len); 1020 1021 started = false; 1022 while (resid > 0) { 1023 error = guest_vaddr2paddr(cur_vcpu, gva, &gpa); 1024 if (error == -1) { 1025 if (started) 1026 finish_packet(); 1027 else 1028 send_error(errno); 1029 return; 1030 } 1031 if (error == 0) { 1032 if (started) 1033 finish_packet(); 1034 else 1035 send_error(EFAULT); 1036 return; 1037 } 1038 1039 /* Read bytes from current page. */ 1040 todo = getpagesize() - gpa % getpagesize(); 1041 if (todo > resid) 1042 todo = resid; 1043 1044 cp = paddr_guest2host(ctx, gpa, todo); 1045 if (cp != NULL) { 1046 /* 1047 * If this page is guest RAM, read it a byte 1048 * at a time. 1049 */ 1050 if (!started) { 1051 start_packet(); 1052 started = true; 1053 } 1054 while (todo > 0) { 1055 append_byte(*cp); 1056 cp++; 1057 gpa++; 1058 gva++; 1059 resid--; 1060 todo--; 1061 } 1062 } else { 1063 /* 1064 * If this page isn't guest RAM, try to handle 1065 * it via MMIO. For MMIO requests, use 1066 * aligned reads of words when possible. 1067 */ 1068 while (todo > 0) { 1069 if (gpa & 1 || todo == 1) 1070 bytes = 1; 1071 else if (gpa & 2 || todo == 2) 1072 bytes = 2; 1073 else 1074 bytes = 4; 1075 error = read_mem(ctx, cur_vcpu, gpa, &val, 1076 bytes); 1077 if (error == 0) { 1078 if (!started) { 1079 start_packet(); 1080 started = true; 1081 } 1082 gpa += bytes; 1083 gva += bytes; 1084 resid -= bytes; 1085 todo -= bytes; 1086 while (bytes > 0) { 1087 append_byte(val); 1088 val >>= 8; 1089 bytes--; 1090 } 1091 } else { 1092 if (started) 1093 finish_packet(); 1094 else 1095 send_error(EFAULT); 1096 return; 1097 } 1098 } 1099 } 1100 assert(resid == 0 || gpa % getpagesize() == 0); 1101 } 1102 if (!started) 1103 start_packet(); 1104 finish_packet(); 1105 } 1106 1107 static void 1108 gdb_write_mem(const uint8_t *data, size_t len) 1109 { 1110 uint64_t gpa, gva, val; 1111 uint8_t *cp; 1112 size_t resid, todo, bytes; 1113 int error; 1114 1115 /* Skip 'M' */ 1116 data += 1; 1117 len -= 1; 1118 1119 /* Parse and consume address. */ 1120 cp = memchr(data, ',', len); 1121 if (cp == NULL || cp == data) { 1122 send_error(EINVAL); 1123 return; 1124 } 1125 gva = parse_integer(data, cp - data); 1126 len -= (cp - data) + 1; 1127 data += (cp - data) + 1; 1128 1129 /* Parse and consume length. */ 1130 cp = memchr(data, ':', len); 1131 if (cp == NULL || cp == data) { 1132 send_error(EINVAL); 1133 return; 1134 } 1135 resid = parse_integer(data, cp - data); 1136 len -= (cp - data) + 1; 1137 data += (cp - data) + 1; 1138 1139 /* Verify the available bytes match the length. */ 1140 if (len != resid * 2) { 1141 send_error(EINVAL); 1142 return; 1143 } 1144 1145 while (resid > 0) { 1146 error = guest_vaddr2paddr(cur_vcpu, gva, &gpa); 1147 if (error == -1) { 1148 send_error(errno); 1149 return; 1150 } 1151 if (error == 0) { 1152 send_error(EFAULT); 1153 return; 1154 } 1155 1156 /* Write bytes to current page. */ 1157 todo = getpagesize() - gpa % getpagesize(); 1158 if (todo > resid) 1159 todo = resid; 1160 1161 cp = paddr_guest2host(ctx, gpa, todo); 1162 if (cp != NULL) { 1163 /* 1164 * If this page is guest RAM, write it a byte 1165 * at a time. 1166 */ 1167 while (todo > 0) { 1168 assert(len >= 2); 1169 *cp = parse_byte(data); 1170 data += 2; 1171 len -= 2; 1172 cp++; 1173 gpa++; 1174 gva++; 1175 resid--; 1176 todo--; 1177 } 1178 } else { 1179 /* 1180 * If this page isn't guest RAM, try to handle 1181 * it via MMIO. For MMIO requests, use 1182 * aligned writes of words when possible. 1183 */ 1184 while (todo > 0) { 1185 if (gpa & 1 || todo == 1) { 1186 bytes = 1; 1187 val = parse_byte(data); 1188 } else if (gpa & 2 || todo == 2) { 1189 bytes = 2; 1190 val = be16toh(parse_integer(data, 4)); 1191 } else { 1192 bytes = 4; 1193 val = be32toh(parse_integer(data, 8)); 1194 } 1195 error = write_mem(ctx, cur_vcpu, gpa, val, 1196 bytes); 1197 if (error == 0) { 1198 gpa += bytes; 1199 gva += bytes; 1200 resid -= bytes; 1201 todo -= bytes; 1202 data += 2 * bytes; 1203 len -= 2 * bytes; 1204 } else { 1205 send_error(EFAULT); 1206 return; 1207 } 1208 } 1209 } 1210 assert(resid == 0 || gpa % getpagesize() == 0); 1211 } 1212 assert(len == 0); 1213 send_ok(); 1214 } 1215 1216 static bool 1217 set_breakpoint_caps(bool enable) 1218 { 1219 cpuset_t mask; 1220 int vcpu; 1221 1222 mask = vcpus_active; 1223 while (!CPU_EMPTY(&mask)) { 1224 vcpu = CPU_FFS(&mask) - 1; 1225 CPU_CLR(vcpu, &mask); 1226 if (vm_set_capability(ctx, vcpu, VM_CAP_BPT_EXIT, 1227 enable ? 1 : 0) < 0) 1228 return (false); 1229 debug("$vCPU %d %sabled breakpoint exits\n", vcpu, 1230 enable ? "en" : "dis"); 1231 } 1232 return (true); 1233 } 1234 1235 static void 1236 remove_all_sw_breakpoints(void) 1237 { 1238 struct breakpoint *bp, *nbp; 1239 uint8_t *cp; 1240 1241 if (TAILQ_EMPTY(&breakpoints)) 1242 return; 1243 1244 TAILQ_FOREACH_SAFE(bp, &breakpoints, link, nbp) { 1245 debug("remove breakpoint at %#lx\n", bp->gpa); 1246 cp = paddr_guest2host(ctx, bp->gpa, 1); 1247 *cp = bp->shadow_inst; 1248 TAILQ_REMOVE(&breakpoints, bp, link); 1249 free(bp); 1250 } 1251 TAILQ_INIT(&breakpoints); 1252 set_breakpoint_caps(false); 1253 } 1254 1255 static void 1256 update_sw_breakpoint(uint64_t gva, int kind, bool insert) 1257 { 1258 struct breakpoint *bp; 1259 uint64_t gpa; 1260 uint8_t *cp; 1261 int error; 1262 1263 if (kind != 1) { 1264 send_error(EINVAL); 1265 return; 1266 } 1267 1268 error = guest_vaddr2paddr(cur_vcpu, gva, &gpa); 1269 if (error == -1) { 1270 send_error(errno); 1271 return; 1272 } 1273 if (error == 0) { 1274 send_error(EFAULT); 1275 return; 1276 } 1277 1278 cp = paddr_guest2host(ctx, gpa, 1); 1279 1280 /* Only permit breakpoints in guest RAM. */ 1281 if (cp == NULL) { 1282 send_error(EFAULT); 1283 return; 1284 } 1285 1286 /* Find any existing breakpoint. */ 1287 bp = find_breakpoint(gpa); 1288 1289 /* 1290 * Silently ignore duplicate commands since the protocol 1291 * requires these packets to be idempotent. 1292 */ 1293 if (insert) { 1294 if (bp == NULL) { 1295 if (TAILQ_EMPTY(&breakpoints) && 1296 !set_breakpoint_caps(true)) { 1297 send_empty_response(); 1298 return; 1299 } 1300 bp = malloc(sizeof(*bp)); 1301 bp->gpa = gpa; 1302 bp->shadow_inst = *cp; 1303 *cp = 0xcc; /* INT 3 */ 1304 TAILQ_INSERT_TAIL(&breakpoints, bp, link); 1305 debug("new breakpoint at %#lx\n", gpa); 1306 } 1307 } else { 1308 if (bp != NULL) { 1309 debug("remove breakpoint at %#lx\n", gpa); 1310 *cp = bp->shadow_inst; 1311 TAILQ_REMOVE(&breakpoints, bp, link); 1312 free(bp); 1313 if (TAILQ_EMPTY(&breakpoints)) 1314 set_breakpoint_caps(false); 1315 } 1316 } 1317 send_ok(); 1318 } 1319 1320 static void 1321 parse_breakpoint(const uint8_t *data, size_t len) 1322 { 1323 uint64_t gva; 1324 uint8_t *cp; 1325 bool insert; 1326 int kind, type; 1327 1328 insert = data[0] == 'Z'; 1329 1330 /* Skip 'Z/z' */ 1331 data += 1; 1332 len -= 1; 1333 1334 /* Parse and consume type. */ 1335 cp = memchr(data, ',', len); 1336 if (cp == NULL || cp == data) { 1337 send_error(EINVAL); 1338 return; 1339 } 1340 type = parse_integer(data, cp - data); 1341 len -= (cp - data) + 1; 1342 data += (cp - data) + 1; 1343 1344 /* Parse and consume address. */ 1345 cp = memchr(data, ',', len); 1346 if (cp == NULL || cp == data) { 1347 send_error(EINVAL); 1348 return; 1349 } 1350 gva = parse_integer(data, cp - data); 1351 len -= (cp - data) + 1; 1352 data += (cp - data) + 1; 1353 1354 /* Parse and consume kind. */ 1355 cp = memchr(data, ';', len); 1356 if (cp == data) { 1357 send_error(EINVAL); 1358 return; 1359 } 1360 if (cp != NULL) { 1361 /* 1362 * We do not advertise support for either the 1363 * ConditionalBreakpoints or BreakpointCommands 1364 * features, so we should not be getting conditions or 1365 * commands from the remote end. 1366 */ 1367 send_empty_response(); 1368 return; 1369 } 1370 kind = parse_integer(data, len); 1371 data += len; 1372 len = 0; 1373 1374 switch (type) { 1375 case 0: 1376 update_sw_breakpoint(gva, kind, insert); 1377 break; 1378 default: 1379 send_empty_response(); 1380 break; 1381 } 1382 } 1383 1384 static bool 1385 command_equals(const uint8_t *data, size_t len, const char *cmd) 1386 { 1387 1388 if (strlen(cmd) > len) 1389 return (false); 1390 return (memcmp(data, cmd, strlen(cmd)) == 0); 1391 } 1392 1393 static void 1394 check_features(const uint8_t *data, size_t len) 1395 { 1396 char *feature, *next_feature, *str, *value; 1397 bool supported; 1398 1399 str = malloc(len + 1); 1400 memcpy(str, data, len); 1401 str[len] = '\0'; 1402 next_feature = str; 1403 1404 while ((feature = strsep(&next_feature, ";")) != NULL) { 1405 /* 1406 * Null features shouldn't exist, but skip if they 1407 * do. 1408 */ 1409 if (strcmp(feature, "") == 0) 1410 continue; 1411 1412 /* 1413 * Look for the value or supported / not supported 1414 * flag. 1415 */ 1416 value = strchr(feature, '='); 1417 if (value != NULL) { 1418 *value = '\0'; 1419 value++; 1420 supported = true; 1421 } else { 1422 value = feature + strlen(feature) - 1; 1423 switch (*value) { 1424 case '+': 1425 supported = true; 1426 break; 1427 case '-': 1428 supported = false; 1429 break; 1430 default: 1431 /* 1432 * This is really a protocol error, 1433 * but we just ignore malformed 1434 * features for ease of 1435 * implementation. 1436 */ 1437 continue; 1438 } 1439 value = NULL; 1440 } 1441 1442 if (strcmp(feature, "swbreak") == 0) 1443 swbreak_enabled = supported; 1444 1445 #ifndef __FreeBSD__ 1446 /* 1447 * The compiler dislikes 'supported' being set but never used. 1448 * Make it happy here. 1449 */ 1450 if (supported) { 1451 debug("feature '%s' supported\n", feature); 1452 } 1453 #endif /* __FreeBSD__ */ 1454 } 1455 free(str); 1456 1457 start_packet(); 1458 1459 /* This is an arbitrary limit. */ 1460 append_string("PacketSize=4096"); 1461 append_string(";swbreak+"); 1462 finish_packet(); 1463 } 1464 1465 static void 1466 gdb_query(const uint8_t *data, size_t len) 1467 { 1468 1469 /* 1470 * TODO: 1471 * - qSearch 1472 */ 1473 if (command_equals(data, len, "qAttached")) { 1474 start_packet(); 1475 append_char('1'); 1476 finish_packet(); 1477 } else if (command_equals(data, len, "qC")) { 1478 start_packet(); 1479 append_string("QC"); 1480 append_integer(cur_vcpu + 1); 1481 finish_packet(); 1482 } else if (command_equals(data, len, "qfThreadInfo")) { 1483 cpuset_t mask; 1484 bool first; 1485 int vcpu; 1486 1487 if (CPU_EMPTY(&vcpus_active)) { 1488 send_error(EINVAL); 1489 return; 1490 } 1491 mask = vcpus_active; 1492 start_packet(); 1493 append_char('m'); 1494 first = true; 1495 while (!CPU_EMPTY(&mask)) { 1496 vcpu = CPU_FFS(&mask) - 1; 1497 CPU_CLR(vcpu, &mask); 1498 if (first) 1499 first = false; 1500 else 1501 append_char(','); 1502 append_integer(vcpu + 1); 1503 } 1504 finish_packet(); 1505 } else if (command_equals(data, len, "qsThreadInfo")) { 1506 start_packet(); 1507 append_char('l'); 1508 finish_packet(); 1509 } else if (command_equals(data, len, "qSupported")) { 1510 data += strlen("qSupported"); 1511 len -= strlen("qSupported"); 1512 check_features(data, len); 1513 } else if (command_equals(data, len, "qThreadExtraInfo")) { 1514 char buf[16]; 1515 int tid; 1516 1517 data += strlen("qThreadExtraInfo"); 1518 len -= strlen("qThreadExtraInfo"); 1519 if (*data != ',') { 1520 send_error(EINVAL); 1521 return; 1522 } 1523 tid = parse_threadid(data + 1, len - 1); 1524 if (tid <= 0 || !CPU_ISSET(tid - 1, &vcpus_active)) { 1525 send_error(EINVAL); 1526 return; 1527 } 1528 1529 snprintf(buf, sizeof(buf), "vCPU %d", tid - 1); 1530 start_packet(); 1531 append_asciihex(buf); 1532 finish_packet(); 1533 } else 1534 send_empty_response(); 1535 } 1536 1537 static void 1538 handle_command(const uint8_t *data, size_t len) 1539 { 1540 1541 /* Reject packets with a sequence-id. */ 1542 if (len >= 3 && data[0] >= '0' && data[0] <= '9' && 1543 data[0] >= '0' && data[0] <= '9' && data[2] == ':') { 1544 send_empty_response(); 1545 return; 1546 } 1547 1548 switch (*data) { 1549 case 'c': 1550 if (len != 1) { 1551 send_error(EINVAL); 1552 break; 1553 } 1554 1555 discard_stop(); 1556 gdb_resume_vcpus(); 1557 break; 1558 case 'D': 1559 send_ok(); 1560 1561 /* TODO: Resume any stopped CPUs. */ 1562 break; 1563 case 'g': { 1564 gdb_read_regs(); 1565 break; 1566 } 1567 case 'H': { 1568 int tid; 1569 1570 if (data[1] != 'g' && data[1] != 'c') { 1571 send_error(EINVAL); 1572 break; 1573 } 1574 tid = parse_threadid(data + 2, len - 2); 1575 if (tid == -2) { 1576 send_error(EINVAL); 1577 break; 1578 } 1579 1580 if (CPU_EMPTY(&vcpus_active)) { 1581 send_error(EINVAL); 1582 break; 1583 } 1584 if (tid == -1 || tid == 0) 1585 cur_vcpu = CPU_FFS(&vcpus_active) - 1; 1586 else if (CPU_ISSET(tid - 1, &vcpus_active)) 1587 cur_vcpu = tid - 1; 1588 else { 1589 send_error(EINVAL); 1590 break; 1591 } 1592 send_ok(); 1593 break; 1594 } 1595 case 'm': 1596 gdb_read_mem(data, len); 1597 break; 1598 case 'M': 1599 gdb_write_mem(data, len); 1600 break; 1601 case 'T': { 1602 int tid; 1603 1604 tid = parse_threadid(data + 1, len - 1); 1605 if (tid <= 0 || !CPU_ISSET(tid - 1, &vcpus_active)) { 1606 send_error(EINVAL); 1607 return; 1608 } 1609 send_ok(); 1610 break; 1611 } 1612 case 'q': 1613 gdb_query(data, len); 1614 break; 1615 case 's': 1616 if (len != 1) { 1617 send_error(EINVAL); 1618 break; 1619 } 1620 1621 /* Don't send a reply until a stop occurs. */ 1622 if (!gdb_step_vcpu(cur_vcpu)) { 1623 send_error(EOPNOTSUPP); 1624 break; 1625 } 1626 break; 1627 case 'z': 1628 case 'Z': 1629 parse_breakpoint(data, len); 1630 break; 1631 case '?': 1632 report_stop(false); 1633 break; 1634 case 'G': /* TODO */ 1635 case 'v': 1636 /* Handle 'vCont' */ 1637 /* 'vCtrlC' */ 1638 case 'p': /* TODO */ 1639 case 'P': /* TODO */ 1640 case 'Q': /* TODO */ 1641 case 't': /* TODO */ 1642 case 'X': /* TODO */ 1643 default: 1644 send_empty_response(); 1645 } 1646 } 1647 1648 /* Check for a valid packet in the command buffer. */ 1649 static void 1650 check_command(int fd) 1651 { 1652 uint8_t *head, *hash, *p, sum; 1653 size_t avail, plen; 1654 1655 for (;;) { 1656 avail = cur_comm.len; 1657 if (avail == 0) 1658 return; 1659 head = io_buffer_head(&cur_comm); 1660 switch (*head) { 1661 case 0x03: 1662 debug("<- Ctrl-C\n"); 1663 io_buffer_consume(&cur_comm, 1); 1664 1665 gdb_suspend_vcpus(); 1666 break; 1667 case '+': 1668 /* ACK of previous response. */ 1669 debug("<- +\n"); 1670 if (response_pending()) 1671 io_buffer_reset(&cur_resp); 1672 io_buffer_consume(&cur_comm, 1); 1673 if (stopped_vcpu != -1 && report_next_stop) { 1674 report_stop(true); 1675 send_pending_data(fd); 1676 } 1677 break; 1678 case '-': 1679 /* NACK of previous response. */ 1680 debug("<- -\n"); 1681 if (response_pending()) { 1682 cur_resp.len += cur_resp.start; 1683 cur_resp.start = 0; 1684 if (cur_resp.data[0] == '+') 1685 io_buffer_advance(&cur_resp, 1); 1686 debug("-> %.*s\n", (int)cur_resp.len, 1687 io_buffer_head(&cur_resp)); 1688 } 1689 io_buffer_consume(&cur_comm, 1); 1690 send_pending_data(fd); 1691 break; 1692 case '$': 1693 /* Packet. */ 1694 1695 if (response_pending()) { 1696 warnx("New GDB command while response in " 1697 "progress"); 1698 io_buffer_reset(&cur_resp); 1699 } 1700 1701 /* Is packet complete? */ 1702 hash = memchr(head, '#', avail); 1703 if (hash == NULL) 1704 return; 1705 plen = (hash - head + 1) + 2; 1706 if (avail < plen) 1707 return; 1708 debug("<- %.*s\n", (int)plen, head); 1709 1710 /* Verify checksum. */ 1711 for (sum = 0, p = head + 1; p < hash; p++) 1712 sum += *p; 1713 if (sum != parse_byte(hash + 1)) { 1714 io_buffer_consume(&cur_comm, plen); 1715 debug("-> -\n"); 1716 send_char('-'); 1717 send_pending_data(fd); 1718 break; 1719 } 1720 send_char('+'); 1721 1722 handle_command(head + 1, hash - (head + 1)); 1723 io_buffer_consume(&cur_comm, plen); 1724 if (!response_pending()) { 1725 debug("-> +\n"); 1726 } 1727 send_pending_data(fd); 1728 break; 1729 default: 1730 /* XXX: Possibly drop connection instead. */ 1731 debug("-> %02x\n", *head); 1732 io_buffer_consume(&cur_comm, 1); 1733 break; 1734 } 1735 } 1736 } 1737 1738 static void 1739 gdb_readable(int fd, enum ev_type event, void *arg) 1740 { 1741 ssize_t nread; 1742 int pending; 1743 1744 if (ioctl(fd, FIONREAD, &pending) == -1) { 1745 warn("FIONREAD on GDB socket"); 1746 return; 1747 } 1748 1749 /* 1750 * 'pending' might be zero due to EOF. We need to call read 1751 * with a non-zero length to detect EOF. 1752 */ 1753 if (pending == 0) 1754 pending = 1; 1755 1756 /* Ensure there is room in the command buffer. */ 1757 io_buffer_grow(&cur_comm, pending); 1758 assert(io_buffer_avail(&cur_comm) >= pending); 1759 1760 nread = read(fd, io_buffer_tail(&cur_comm), io_buffer_avail(&cur_comm)); 1761 if (nread == 0) { 1762 close_connection(); 1763 } else if (nread == -1) { 1764 if (errno == EAGAIN) 1765 return; 1766 1767 warn("Read from GDB socket"); 1768 close_connection(); 1769 } else { 1770 cur_comm.len += nread; 1771 pthread_mutex_lock(&gdb_lock); 1772 check_command(fd); 1773 pthread_mutex_unlock(&gdb_lock); 1774 } 1775 } 1776 1777 static void 1778 gdb_writable(int fd, enum ev_type event, void *arg) 1779 { 1780 1781 send_pending_data(fd); 1782 } 1783 1784 static void 1785 new_connection(int fd, enum ev_type event, void *arg) 1786 { 1787 int optval, s; 1788 1789 s = accept4(fd, NULL, NULL, SOCK_NONBLOCK); 1790 if (s == -1) { 1791 if (arg != NULL) 1792 err(1, "Failed accepting initial GDB connection"); 1793 1794 /* Silently ignore errors post-startup. */ 1795 return; 1796 } 1797 1798 optval = 1; 1799 if (setsockopt(s, SOL_SOCKET, SO_NOSIGPIPE, &optval, sizeof(optval)) == 1800 -1) { 1801 warn("Failed to disable SIGPIPE for GDB connection"); 1802 close(s); 1803 return; 1804 } 1805 1806 pthread_mutex_lock(&gdb_lock); 1807 if (cur_fd != -1) { 1808 close(s); 1809 warnx("Ignoring additional GDB connection."); 1810 } 1811 1812 read_event = mevent_add(s, EVF_READ, gdb_readable, NULL); 1813 if (read_event == NULL) { 1814 if (arg != NULL) 1815 err(1, "Failed to setup initial GDB connection"); 1816 pthread_mutex_unlock(&gdb_lock); 1817 return; 1818 } 1819 write_event = mevent_add(s, EVF_WRITE, gdb_writable, NULL); 1820 if (write_event == NULL) { 1821 if (arg != NULL) 1822 err(1, "Failed to setup initial GDB connection"); 1823 mevent_delete_close(read_event); 1824 read_event = NULL; 1825 } 1826 1827 cur_fd = s; 1828 cur_vcpu = 0; 1829 stopped_vcpu = -1; 1830 1831 /* Break on attach. */ 1832 first_stop = true; 1833 report_next_stop = false; 1834 gdb_suspend_vcpus(); 1835 pthread_mutex_unlock(&gdb_lock); 1836 } 1837 1838 #ifndef WITHOUT_CAPSICUM 1839 void 1840 limit_gdb_socket(int s) 1841 { 1842 cap_rights_t rights; 1843 unsigned long ioctls[] = { FIONREAD }; 1844 1845 cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE, 1846 CAP_SETSOCKOPT, CAP_IOCTL); 1847 if (caph_rights_limit(s, &rights) == -1) 1848 errx(EX_OSERR, "Unable to apply rights for sandbox"); 1849 if (caph_ioctls_limit(s, ioctls, nitems(ioctls)) == -1) 1850 errx(EX_OSERR, "Unable to apply rights for sandbox"); 1851 } 1852 #endif 1853 1854 1855 #ifndef __FreeBSD__ 1856 /* 1857 * Equivalent to init_gdb() below, but without configuring the listening socket. 1858 * This will allow the bhyve process to tolerate mdb attaching/detaching from 1859 * the instance while it is running. 1860 */ 1861 void 1862 init_mdb(struct vmctx *_ctx, bool wait) 1863 { 1864 int error; 1865 1866 error = pthread_mutex_init(&gdb_lock, NULL); 1867 if (error != 0) 1868 errc(1, error, "gdb mutex init"); 1869 error = pthread_cond_init(&idle_vcpus, NULL); 1870 if (error != 0) 1871 errc(1, error, "gdb cv init"); 1872 1873 ctx = _ctx; 1874 stopped_vcpu = -1; 1875 TAILQ_INIT(&breakpoints); 1876 vcpu_state = calloc(guest_ncpus, sizeof(*vcpu_state)); 1877 if (wait) { 1878 /* 1879 * Set vcpu 0 in vcpus_suspended. This will trigger the 1880 * logic in gdb_cpu_add() to suspend the first vcpu before 1881 * it starts execution. The vcpu will remain suspended 1882 * until a debugger connects. 1883 */ 1884 CPU_SET(0, &vcpus_suspended); 1885 stopped_vcpu = 0; 1886 } 1887 } 1888 #endif 1889 1890 void 1891 init_gdb(struct vmctx *_ctx, int sport, bool wait) 1892 { 1893 struct sockaddr_in sin; 1894 int error, flags, s; 1895 1896 debug("==> starting on %d, %swaiting\n", sport, wait ? "" : "not "); 1897 1898 error = pthread_mutex_init(&gdb_lock, NULL); 1899 if (error != 0) 1900 errc(1, error, "gdb mutex init"); 1901 error = pthread_cond_init(&idle_vcpus, NULL); 1902 if (error != 0) 1903 errc(1, error, "gdb cv init"); 1904 1905 ctx = _ctx; 1906 s = socket(PF_INET, SOCK_STREAM, 0); 1907 if (s < 0) 1908 err(1, "gdb socket create"); 1909 1910 #ifdef __FreeBSD__ 1911 sin.sin_len = sizeof(sin); 1912 #endif 1913 sin.sin_family = AF_INET; 1914 sin.sin_addr.s_addr = htonl(INADDR_ANY); 1915 sin.sin_port = htons(sport); 1916 1917 if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) < 0) 1918 err(1, "gdb socket bind"); 1919 1920 if (listen(s, 1) < 0) 1921 err(1, "gdb socket listen"); 1922 1923 stopped_vcpu = -1; 1924 TAILQ_INIT(&breakpoints); 1925 vcpu_state = calloc(guest_ncpus, sizeof(*vcpu_state)); 1926 if (wait) { 1927 /* 1928 * Set vcpu 0 in vcpus_suspended. This will trigger the 1929 * logic in gdb_cpu_add() to suspend the first vcpu before 1930 * it starts execution. The vcpu will remain suspended 1931 * until a debugger connects. 1932 */ 1933 CPU_SET(0, &vcpus_suspended); 1934 stopped_vcpu = 0; 1935 } 1936 1937 flags = fcntl(s, F_GETFL); 1938 if (fcntl(s, F_SETFL, flags | O_NONBLOCK) == -1) 1939 err(1, "Failed to mark gdb socket non-blocking"); 1940 1941 #ifndef WITHOUT_CAPSICUM 1942 limit_gdb_socket(s); 1943 #endif 1944 mevent_add(s, EVF_READ, new_connection, NULL); 1945 gdb_active = true; 1946 } 1947