1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 /* 29 * Management of KMDB's IDT, which is installed upon KMDB activation. 30 * 31 * Debugger activation has two flavors, which cover the cases where KMDB is 32 * loaded at boot, and when it is loaded after boot. In brief, in both cases, 33 * the KDI needs to interpose upon several handlers in the IDT. When 34 * mod-loaded KMDB is deactivated, we undo the IDT interposition, restoring the 35 * handlers to what they were before we started. 36 * 37 * We also take over the entirety of IDT (except the double-fault handler) on 38 * the active CPU when we're in kmdb so we can handle things like page faults 39 * sensibly. 40 * 41 * Boot-loaded KMDB 42 * 43 * When we're first activated, we're running on boot's IDT. We need to be able 44 * to function in this world, so we'll install our handlers into boot's IDT. 45 * This is a little complicated: we're using the fake cpu_t set up by 46 * boot_kdi_tmpinit(), so we can't access cpu_idt directly. Instead, 47 * kdi_idt_write() notices that cpu_idt is NULL, and works around this problem. 48 * 49 * Later, when we're about to switch to the kernel's IDT, it'll call us via 50 * kdi_idt_sync(), allowing us to add our handlers to the new IDT. While 51 * boot-loaded KMDB can't be unloaded, we still need to save the descriptors we 52 * replace so we can pass traps back to the kernel as necessary. 53 * 54 * The last phase of boot-loaded KMDB activation occurs at non-boot CPU 55 * startup. We will be called on each non-boot CPU, thus allowing us to set up 56 * any watchpoints that may have been configured on the boot CPU and interpose 57 * on the given CPU's IDT. We don't save the interposed descriptors in this 58 * case -- see kdi_cpu_init() for details. 59 * 60 * Mod-loaded KMDB 61 * 62 * This style of activation is much simpler, as the CPUs are already running, 63 * and are using their own copy of the kernel's IDT. We simply interpose upon 64 * each CPU's IDT. We save the handlers we replace, both for deactivation and 65 * for passing traps back to the kernel. Note that for Xen's benefit, we need 66 * to xcall to the other CPUs to do this, since we need to actively set the 67 * trap entries in its virtual IDT from that vcpu's context rather than just 68 * modify the IDT table from the CPU running kdi_activate(). 69 */ 70 71 #include <sys/types.h> 72 #include <sys/segments.h> 73 #include <sys/trap.h> 74 #include <sys/cpuvar.h> 75 #include <sys/reboot.h> 76 #include <sys/sunddi.h> 77 #include <sys/archsystm.h> 78 #include <sys/kdi_impl.h> 79 #include <sys/x_call.h> 80 #include <ia32/sys/psw.h> 81 82 #define KDI_GATE_NVECS 3 83 84 #define KDI_IDT_NOSAVE 0 85 #define KDI_IDT_SAVE 1 86 87 #define KDI_IDT_DTYPE_KERNEL 0 88 #define KDI_IDT_DTYPE_BOOT 1 89 90 kdi_cpusave_t *kdi_cpusave; 91 int kdi_ncpusave; 92 93 static kdi_main_t kdi_kmdb_main; 94 95 kdi_drreg_t kdi_drreg; 96 97 #ifndef __amd64 98 /* Used to track the current set of valid kernel selectors. */ 99 uint32_t kdi_cs; 100 uint32_t kdi_ds; 101 uint32_t kdi_fs; 102 uint32_t kdi_gs; 103 #endif 104 105 uint_t kdi_msr_wrexit_msr; 106 uint64_t *kdi_msr_wrexit_valp; 107 108 uintptr_t kdi_kernel_handler; 109 110 int kdi_trap_switch; 111 112 #define KDI_MEMRANGES_MAX 2 113 114 kdi_memrange_t kdi_memranges[KDI_MEMRANGES_MAX]; 115 int kdi_nmemranges; 116 117 typedef void idt_hdlr_f(void); 118 119 extern idt_hdlr_f kdi_trap0, kdi_trap1, kdi_int2, kdi_trap3, kdi_trap4; 120 extern idt_hdlr_f kdi_trap5, kdi_trap6, kdi_trap7, kdi_trap9; 121 extern idt_hdlr_f kdi_traperr10, kdi_traperr11, kdi_traperr12; 122 extern idt_hdlr_f kdi_traperr13, kdi_traperr14, kdi_trap16, kdi_trap17; 123 extern idt_hdlr_f kdi_trap18, kdi_trap19, kdi_trap20, kdi_ivct32; 124 extern idt_hdlr_f kdi_invaltrap; 125 extern size_t kdi_ivct_size; 126 extern char kdi_slave_entry_patch; 127 128 typedef struct kdi_gate_spec { 129 uint_t kgs_vec; 130 uint_t kgs_dpl; 131 } kdi_gate_spec_t; 132 133 static const kdi_gate_spec_t kdi_gate_specs[KDI_GATE_NVECS] = { 134 { T_SGLSTP, SEL_KPL }, 135 { T_BPTFLT, SEL_UPL }, 136 { T_DBGENTR, SEL_KPL } 137 }; 138 139 static gate_desc_t kdi_kgates[KDI_GATE_NVECS]; 140 141 gate_desc_t kdi_idt[NIDT]; 142 143 struct idt_description { 144 uint_t id_low; 145 uint_t id_high; 146 idt_hdlr_f *id_basehdlr; 147 size_t *id_incrp; 148 } idt_description[] = { 149 { T_ZERODIV, 0, kdi_trap0, NULL }, 150 { T_SGLSTP, 0, kdi_trap1, NULL }, 151 { T_NMIFLT, 0, kdi_int2, NULL }, 152 { T_BPTFLT, 0, kdi_trap3, NULL }, 153 { T_OVFLW, 0, kdi_trap4, NULL }, 154 { T_BOUNDFLT, 0, kdi_trap5, NULL }, 155 { T_ILLINST, 0, kdi_trap6, NULL }, 156 { T_NOEXTFLT, 0, kdi_trap7, NULL }, 157 { T_DBLFLT, 0, syserrtrap, NULL }, 158 { T_EXTOVRFLT, 0, kdi_trap9, NULL }, 159 { T_TSSFLT, 0, kdi_traperr10, NULL }, 160 { T_SEGFLT, 0, kdi_traperr11, NULL }, 161 { T_STKFLT, 0, kdi_traperr12, NULL }, 162 { T_GPFLT, 0, kdi_traperr13, NULL }, 163 { T_PGFLT, 0, kdi_traperr14, NULL }, 164 { 15, 0, kdi_invaltrap, NULL }, 165 { T_EXTERRFLT, 0, kdi_trap16, NULL }, 166 { T_ALIGNMENT, 0, kdi_trap17, NULL }, 167 { T_MCE, 0, kdi_trap18, NULL }, 168 { T_SIMDFPE, 0, kdi_trap19, NULL }, 169 { T_DBGENTR, 0, kdi_trap20, NULL }, 170 { 21, 31, kdi_invaltrap, NULL }, 171 { 32, 255, kdi_ivct32, &kdi_ivct_size }, 172 { 0, 0, NULL }, 173 }; 174 175 void 176 kdi_idt_init(selector_t sel) 177 { 178 struct idt_description *id; 179 int i; 180 181 for (id = idt_description; id->id_basehdlr != NULL; id++) { 182 uint_t high = id->id_high != 0 ? id->id_high : id->id_low; 183 size_t incr = id->id_incrp != NULL ? *id->id_incrp : 0; 184 185 for (i = id->id_low; i <= high; i++) { 186 caddr_t hdlr = (caddr_t)id->id_basehdlr + 187 incr * (i - id->id_low); 188 set_gatesegd(&kdi_idt[i], (void (*)())hdlr, sel, 189 SDT_SYSIGT, SEL_KPL); 190 } 191 } 192 } 193 194 /* 195 * Patch caller-provided code into the debugger's IDT handlers. This code is 196 * used to save MSRs that must be saved before the first branch. All handlers 197 * are essentially the same, and end with a branch to kdi_cmnint. To save the 198 * MSR, we need to patch in before the branch. The handlers have the following 199 * structure: KDI_MSR_PATCHOFF bytes of code, KDI_MSR_PATCHSZ bytes of 200 * patchable space, followed by more code. 201 */ 202 void 203 kdi_idt_patch(caddr_t code, size_t sz) 204 { 205 int i; 206 207 ASSERT(sz <= KDI_MSR_PATCHSZ); 208 209 for (i = 0; i < sizeof (kdi_idt) / sizeof (struct gate_desc); i++) { 210 gate_desc_t *gd; 211 uchar_t *patch; 212 213 if (i == T_DBLFLT) 214 continue; /* uses kernel's handler */ 215 216 gd = &kdi_idt[i]; 217 patch = (uchar_t *)GATESEG_GETOFFSET(gd) + KDI_MSR_PATCHOFF; 218 219 /* 220 * We can't ASSERT that there's a nop here, because this may be 221 * a debugger restart. In that case, we're copying the new 222 * patch point over the old one. 223 */ 224 /* FIXME: dtrace fbt ... */ 225 bcopy(code, patch, sz); 226 227 /* Fill the rest with nops to be sure */ 228 while (sz < KDI_MSR_PATCHSZ) 229 patch[sz++] = 0x90; /* nop */ 230 } 231 } 232 233 static void 234 kdi_idt_gates_install(selector_t sel, int saveold) 235 { 236 gate_desc_t gates[KDI_GATE_NVECS]; 237 int i; 238 239 bzero(gates, sizeof (*gates)); 240 241 for (i = 0; i < KDI_GATE_NVECS; i++) { 242 const kdi_gate_spec_t *gs = &kdi_gate_specs[i]; 243 uintptr_t func = GATESEG_GETOFFSET(&kdi_idt[gs->kgs_vec]); 244 set_gatesegd(&gates[i], (void (*)())func, sel, SDT_SYSIGT, 245 gs->kgs_dpl); 246 } 247 248 for (i = 0; i < KDI_GATE_NVECS; i++) { 249 uint_t vec = kdi_gate_specs[i].kgs_vec; 250 251 if (saveold) 252 kdi_kgates[i] = CPU->cpu_m.mcpu_idt[vec]; 253 254 kdi_idt_write(&gates[i], vec); 255 } 256 } 257 258 static void 259 kdi_idt_gates_restore(void) 260 { 261 int i; 262 263 for (i = 0; i < KDI_GATE_NVECS; i++) 264 kdi_idt_write(&kdi_kgates[i], kdi_gate_specs[i].kgs_vec); 265 } 266 267 /* 268 * Used by the code which passes traps back to the kernel to retrieve the 269 * address of the kernel's handler for a given trap. We get this address 270 * from the descriptor save area, which we populated when we loaded the 271 * debugger (mod-loaded) or initialized the kernel's IDT (boot-loaded). 272 */ 273 uintptr_t 274 kdi_kernel_trap2hdlr(int vec) 275 { 276 int i; 277 278 for (i = 0; i < KDI_GATE_NVECS; i++) { 279 if (kdi_gate_specs[i].kgs_vec == vec) 280 return (GATESEG_GETOFFSET(&kdi_kgates[i])); 281 } 282 283 return (NULL); 284 } 285 286 /* 287 * Called when we switch to the kernel's IDT. We need to interpose on the 288 * kernel's IDT entries and stop using KMDBCODE_SEL. 289 */ 290 void 291 kdi_idt_sync(void) 292 { 293 kdi_idt_init(KCS_SEL); 294 kdi_idt_gates_install(KCS_SEL, KDI_IDT_SAVE); 295 } 296 297 /* 298 * On some processors, we'll need to clear a certain MSR before proceeding into 299 * the debugger. Complicating matters, this MSR must be cleared before we take 300 * any branches. We have patch points in every trap handler, which will cover 301 * all entry paths for master CPUs. We also have a patch point in the slave 302 * entry code. 303 */ 304 static void 305 kdi_msr_add_clrentry(uint_t msr) 306 { 307 #ifdef __amd64 308 uchar_t code[] = { 309 0x51, 0x50, 0x52, /* pushq %rcx, %rax, %rdx */ 310 0xb9, 0x00, 0x00, 0x00, 0x00, /* movl $MSRNUM, %ecx */ 311 0x31, 0xc0, /* clr %eax */ 312 0x31, 0xd2, /* clr %edx */ 313 0x0f, 0x30, /* wrmsr */ 314 0x5a, 0x58, 0x59 /* popq %rdx, %rax, %rcx */ 315 }; 316 uchar_t *patch = &code[4]; 317 #else 318 uchar_t code[] = { 319 0x60, /* pushal */ 320 0xb9, 0x00, 0x00, 0x00, 0x00, /* movl $MSRNUM, %ecx */ 321 0x31, 0xc0, /* clr %eax */ 322 0x31, 0xd2, /* clr %edx */ 323 0x0f, 0x30, /* wrmsr */ 324 0x61 /* popal */ 325 }; 326 uchar_t *patch = &code[2]; 327 #endif 328 329 bcopy(&msr, patch, sizeof (uint32_t)); 330 331 kdi_idt_patch((caddr_t)code, sizeof (code)); 332 333 bcopy(code, &kdi_slave_entry_patch, sizeof (code)); 334 } 335 336 static void 337 kdi_msr_add_wrexit(uint_t msr, uint64_t *valp) 338 { 339 kdi_msr_wrexit_msr = msr; 340 kdi_msr_wrexit_valp = valp; 341 } 342 343 void 344 kdi_set_debug_msrs(kdi_msr_t *msrs) 345 { 346 int nmsrs, i; 347 348 ASSERT(kdi_cpusave[0].krs_msr == NULL); 349 350 /* Look in CPU0's MSRs for any special MSRs. */ 351 for (nmsrs = 0; msrs[nmsrs].msr_num != 0; nmsrs++) { 352 switch (msrs[nmsrs].msr_type) { 353 case KDI_MSR_CLEARENTRY: 354 kdi_msr_add_clrentry(msrs[nmsrs].msr_num); 355 break; 356 357 case KDI_MSR_WRITEDELAY: 358 kdi_msr_add_wrexit(msrs[nmsrs].msr_num, 359 msrs[nmsrs].kdi_msr_valp); 360 break; 361 } 362 } 363 364 nmsrs++; 365 366 for (i = 0; i < kdi_ncpusave; i++) 367 kdi_cpusave[i].krs_msr = &msrs[nmsrs * i]; 368 } 369 370 void 371 kdi_update_drreg(kdi_drreg_t *drreg) 372 { 373 kdi_drreg = *drreg; 374 } 375 376 void 377 kdi_memrange_add(caddr_t base, size_t len) 378 { 379 kdi_memrange_t *mr = &kdi_memranges[kdi_nmemranges]; 380 381 ASSERT(kdi_nmemranges != KDI_MEMRANGES_MAX); 382 383 mr->mr_base = base; 384 mr->mr_lim = base + len - 1; 385 kdi_nmemranges++; 386 } 387 388 void 389 kdi_idt_switch(kdi_cpusave_t *cpusave) 390 { 391 if (cpusave == NULL) 392 kdi_idtr_set(kdi_idt, sizeof (kdi_idt) - 1); 393 else 394 kdi_idtr_set(cpusave->krs_idt, sizeof (idt0) - 1); 395 } 396 397 /* 398 * Activation for CPUs other than the boot CPU, called from that CPU's 399 * mp_startup(). We saved the kernel's descriptors when we initialized the 400 * boot CPU, so we don't want to do it again. Saving the handlers from this 401 * CPU's IDT would actually be dangerous with the CPU initialization method in 402 * use at the time of this writing. With that method, the startup code creates 403 * the IDTs for slave CPUs by copying the one used by the boot CPU, which has 404 * already been interposed upon by KMDB. Were we to interpose again, we'd 405 * replace the kernel's descriptors with our own in the save area. By not 406 * saving, but still overwriting, we'll work in the current world, and in any 407 * future world where the IDT is generated from scratch. 408 */ 409 void 410 kdi_cpu_init(void) 411 { 412 kdi_idt_gates_install(KCS_SEL, KDI_IDT_NOSAVE); 413 /* Load the debug registers and MSRs */ 414 kdi_cpu_debug_init(&kdi_cpusave[CPU->cpu_id]); 415 } 416 417 /* 418 * Activation for all CPUs for mod-loaded kmdb, i.e. a kmdb that wasn't 419 * loaded at boot. 420 */ 421 static int 422 kdi_cpu_activate(void) 423 { 424 kdi_idt_gates_install(KCS_SEL, KDI_IDT_SAVE); 425 return (0); 426 } 427 428 void 429 kdi_activate(kdi_main_t main, kdi_cpusave_t *cpusave, uint_t ncpusave) 430 { 431 int i; 432 cpuset_t cpuset; 433 434 CPUSET_ALL(cpuset); 435 436 kdi_cpusave = cpusave; 437 kdi_ncpusave = ncpusave; 438 439 kdi_kmdb_main = main; 440 441 for (i = 0; i < kdi_ncpusave; i++) { 442 kdi_cpusave[i].krs_cpu_id = i; 443 444 kdi_cpusave[i].krs_curcrumb = 445 &kdi_cpusave[i].krs_crumbs[KDI_NCRUMBS - 1]; 446 kdi_cpusave[i].krs_curcrumbidx = KDI_NCRUMBS - 1; 447 } 448 449 if (boothowto & RB_KMDB) 450 kdi_idt_init(KMDBCODE_SEL); 451 else 452 kdi_idt_init(KCS_SEL); 453 454 /* The initial selector set. Updated by the debugger-entry code */ 455 #ifndef __amd64 456 kdi_cs = B32CODE_SEL; 457 kdi_ds = kdi_fs = kdi_gs = B32DATA_SEL; 458 #endif 459 460 kdi_memranges[0].mr_base = kdi_segdebugbase; 461 kdi_memranges[0].mr_lim = kdi_segdebugbase + kdi_segdebugsize - 1; 462 kdi_nmemranges = 1; 463 464 kdi_drreg.dr_ctl = KDIREG_DRCTL_RESERVED; 465 kdi_drreg.dr_stat = KDIREG_DRSTAT_RESERVED; 466 467 kdi_msr_wrexit_msr = 0; 468 kdi_msr_wrexit_valp = NULL; 469 470 if (boothowto & RB_KMDB) { 471 kdi_idt_gates_install(KMDBCODE_SEL, KDI_IDT_NOSAVE); 472 } else { 473 xc_call(0, 0, 0, X_CALL_HIPRI, cpuset, 474 (xc_func_t)kdi_cpu_activate); 475 } 476 } 477 478 static int 479 kdi_cpu_deactivate(void) 480 { 481 kdi_idt_gates_restore(); 482 return (0); 483 } 484 485 void 486 kdi_deactivate(void) 487 { 488 cpuset_t cpuset; 489 CPUSET_ALL(cpuset); 490 491 xc_call(0, 0, 0, X_CALL_HIPRI, cpuset, (xc_func_t)kdi_cpu_deactivate); 492 kdi_nmemranges = 0; 493 } 494 495 /* 496 * We receive all breakpoints and single step traps. Some of them, 497 * including those from userland and those induced by DTrace providers, 498 * are intended for the kernel, and must be processed there. We adopt 499 * this ours-until-proven-otherwise position due to the painful 500 * consequences of sending the kernel an unexpected breakpoint or 501 * single step. Unless someone can prove to us that the kernel is 502 * prepared to handle the trap, we'll assume there's a problem and will 503 * give the user a chance to debug it. 504 */ 505 static int 506 kdi_trap_pass(kdi_cpusave_t *cpusave) 507 { 508 greg_t tt = cpusave->krs_gregs[KDIREG_TRAPNO]; 509 greg_t pc = cpusave->krs_gregs[KDIREG_PC]; 510 greg_t cs = cpusave->krs_gregs[KDIREG_CS]; 511 512 if (USERMODE(cs)) 513 return (1); 514 515 if (tt != T_BPTFLT && tt != T_SGLSTP) 516 return (0); 517 518 if (tt == T_BPTFLT && kdi_dtrace_get_state() == 519 KDI_DTSTATE_DTRACE_ACTIVE) 520 return (1); 521 522 /* 523 * See the comments in the kernel's T_SGLSTP handler for why we need to 524 * do this. 525 */ 526 if (tt == T_SGLSTP && 527 pc == (greg_t)sys_sysenter || pc == (greg_t)brand_sys_sysenter) 528 return (1); 529 530 return (0); 531 } 532 533 /* 534 * State has been saved, and all CPUs are on the CPU-specific stacks. All 535 * CPUs enter here, and head off into the debugger proper. 536 */ 537 int 538 kdi_debugger_entry(kdi_cpusave_t *cpusave) 539 { 540 if (kdi_trap_pass(cpusave)) { 541 cpusave->krs_cpu_state = KDI_CPU_STATE_NONE; 542 return (KDI_RESUME_PASS_TO_KERNEL); 543 } 544 545 /* 546 * BPTFLT gives us control with %eip set to the instruction *after* 547 * the int 3. Back it off, so we're looking at the instruction that 548 * triggered the fault. 549 */ 550 if (cpusave->krs_gregs[KDIREG_TRAPNO] == T_BPTFLT) 551 cpusave->krs_gregs[KDIREG_PC]--; 552 553 kdi_kmdb_main(cpusave); 554 return (KDI_RESUME); 555 } 556