1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22/* 23 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27#pragma ident "%Z%%M% %I% %E% SMI" 28 29/* 30 * Debugger entry for both master and slave CPUs 31 */ 32 33#if defined(__lint) 34#include <sys/types.h> 35#endif 36 37#include <sys/segments.h> 38#include <sys/asm_linkage.h> 39#include <sys/controlregs.h> 40#include <sys/x86_archext.h> 41#include <sys/privregs.h> 42#include <sys/machprivregs.h> 43#include <sys/kdi_regs.h> 44#include <sys/uadmin.h> 45#include <sys/psw.h> 46 47#ifdef _ASM 48 49#include <kdi_assym.h> 50#include <assym.h> 51 52/* clobbers %edx, %ecx, returns addr in %eax, cpu id in %ebx */ 53#define GET_CPUSAVE_ADDR \ 54 movl %gs:CPU_ID, %ebx; \ 55 movl %ebx, %eax; \ 56 movl $KRS_SIZE, %ecx; \ 57 mull %ecx; \ 58 movl $kdi_cpusave, %edx; \ 59 /*CSTYLED*/ \ 60 addl (%edx), %eax 61 62/* 63 * Save copies of the IDT and GDT descriptors. Note that we only save the IDT 64 * and GDT if the IDT isn't ours, as we may be legitimately re-entering the 65 * debugger through the trap handler. We don't want to clobber the saved IDT 66 * in the process, as we'd end up resuming the world on our IDT. 67 */ 68#define SAVE_IDTGDT \ 69 movl %gs:CPU_IDT, %edx; \ 70 cmpl $kdi_idt, %edx; \ 71 je 1f; \ 72 movl %edx, KRS_IDT(%eax); \ 73 movl %gs:CPU_GDT, %edx; \ 74 movl %edx, KRS_GDT(%eax); \ 751: 76 77/* 78 * Each cpusave buffer has an area set aside for a ring buffer of breadcrumbs. 79 * The following macros manage the buffer. 80 */ 81 82/* Advance the ring buffer */ 83#define ADVANCE_CRUMB_POINTER(cpusave, tmp1, tmp2) \ 84 movl KRS_CURCRUMBIDX(cpusave), tmp1; \ 85 cmpl $[KDI_NCRUMBS - 1], tmp1; \ 86 jge 1f; \ 87 /* Advance the pointer and index */ \ 88 addl $1, tmp1; \ 89 movl tmp1, KRS_CURCRUMBIDX(cpusave); \ 90 movl KRS_CURCRUMB(cpusave), tmp1; \ 91 addl $KRM_SIZE, tmp1; \ 92 jmp 2f; \ 931: /* Reset the pointer and index */ \ 94 movw $0, KRS_CURCRUMBIDX(cpusave); \ 95 leal KRS_CRUMBS(cpusave), tmp1; \ 962: movl tmp1, KRS_CURCRUMB(cpusave); \ 97 /* Clear the new crumb */ \ 98 movl $KDI_NCRUMBS, tmp2; \ 993: movl $0, -4(tmp1, tmp2, 4); \ 100 decl tmp2; \ 101 jnz 3b 102 103/* Set a value in the current breadcrumb buffer */ 104#define ADD_CRUMB(cpusave, offset, value, tmp) \ 105 movl KRS_CURCRUMB(cpusave), tmp; \ 106 movl value, offset(tmp) 107 108#endif /* _ASM */ 109 110/* 111 * The main entry point for master CPUs. It also serves as the trap handler 112 * for all traps and interrupts taken during single-step. 113 */ 114#if defined(__lint) 115void 116kdi_cmnint(void) 117{ 118} 119#else /* __lint */ 120 121 /* XXX implement me */ 122 ENTRY_NP(kdi_nmiint) 123 clr %ecx 124 movl (%ecx), %ecx 125 SET_SIZE(kdi_nmiint) 126 127 ENTRY_NP(kdi_cmnint) 128 ALTENTRY(kdi_master_entry) 129 130 /* Save all registers and selectors */ 131 132 pushal 133 pushl %ds 134 pushl %es 135 pushl %fs 136 pushl %gs 137 pushl %ss 138 139 subl $8, %esp 140 movl %ebp, REG_OFF(KDIREG_SAVFP)(%esp) 141 movl REG_OFF(KDIREG_EIP)(%esp), %eax 142 movl %eax, REG_OFF(KDIREG_SAVPC)(%esp) 143 144 /* 145 * If the kernel has started using its own selectors, we should too. 146 * Update our saved selectors if they haven't been updated already. 147 */ 148 movw %cs, %ax 149 cmpw $KCS_SEL, %ax 150 jne 1f /* The kernel hasn't switched yet */ 151 152 movw $KDS_SEL, %ax 153 movw %ax, %ds 154 movw kdi_cs, %ax 155 cmpw $KCS_SEL, %ax 156 je 1f /* We already switched */ 157 158 /* 159 * The kernel switched, but we haven't. Update our saved selectors 160 * to match the kernel's copies for use below. 161 */ 162 movl $KCS_SEL, kdi_cs 163 movl $KDS_SEL, kdi_ds 164 movl $KFS_SEL, kdi_fs 165 movl $KGS_SEL, kdi_gs 166 1671: 168 /* 169 * Set the selectors to a known state. If we come in from kmdb's IDT, 170 * we'll be on boot's %cs. This will cause GET_CPUSAVE_ADDR to return 171 * CPU 0's cpusave, regardless of which CPU we're on, and chaos will 172 * ensue. So, if we've got $KCSSEL in kdi_cs, switch to it. The other 173 * selectors are restored normally. 174 */ 175 movw %cs:kdi_cs, %ax 176 cmpw $KCS_SEL, %ax 177 jne 1f 178 ljmp $KCS_SEL, $1f 1791: 180 movw %cs:kdi_ds, %ds 181 movw kdi_ds, %es 182 movw kdi_fs, %fs 183 movw kdi_gs, %gs 184 movw kdi_ds, %ss 185 186 /* 187 * This has to come after we set %gs to the kernel descriptor. Since 188 * we've hijacked some IDT entries used in user-space such as the 189 * breakpoint handler, we can enter kdi_cmnint() with GDT_LWPGS used 190 * in %gs. On the hypervisor, CLI() needs GDT_GS to access the machcpu. 191 */ 192 CLI(%eax) 193 194 GET_CPUSAVE_ADDR /* %eax = cpusave, %ebx = CPU ID */ 195 196 ADVANCE_CRUMB_POINTER(%eax, %ecx, %edx) 197 198 ADD_CRUMB(%eax, KRM_CPU_STATE, $KDI_CPU_STATE_MASTER, %edx) 199 200 movl REG_OFF(KDIREG_EIP)(%esp), %ecx 201 ADD_CRUMB(%eax, KRM_PC, %ecx, %edx) 202 ADD_CRUMB(%eax, KRM_SP, %esp, %edx) 203 movl REG_OFF(KDIREG_TRAPNO)(%esp), %ecx 204 ADD_CRUMB(%eax, KRM_TRAPNO, %ecx, %edx) 205 206 movl %esp, %ebp 207 pushl %eax 208 209 /* 210 * Were we in the debugger when we took the trap (i.e. was %esp in one 211 * of the debugger's memory ranges)? 212 */ 213 leal kdi_memranges, %ecx 214 movl kdi_nmemranges, %edx 2151: cmpl MR_BASE(%ecx), %esp 216 jl 2f /* below this range -- try the next one */ 217 cmpl MR_LIM(%ecx), %esp 218 jg 2f /* above this range -- try the next one */ 219 jmp 3f /* matched within this range */ 220 2212: decl %edx 222 jz kdi_save_common_state /* %esp not within debugger memory */ 223 addl $MR_SIZE, %ecx 224 jmp 1b 225 2263: /* 227 * %esp was within one of the debugger's memory ranges. This should 228 * only happen when we take a trap while running in the debugger. 229 * kmdb_dpi_handle_fault will determine whether or not it was an 230 * expected trap, and will take the appropriate action. 231 */ 232 233 pushl %ebx /* cpuid */ 234 235 movl REG_OFF(KDIREG_ESP)(%ebp), %ecx 236 addl $REG_OFF(KDIREG_EFLAGS - KDIREG_EAX), %ecx 237 pushl %ecx 238 239 pushl REG_OFF(KDIREG_EIP)(%ebp) 240 pushl REG_OFF(KDIREG_TRAPNO)(%ebp) 241 242 call kdi_dvec_handle_fault 243 addl $16, %esp 244 245 /* 246 * If we're here, we ran into a debugger problem, and the user 247 * elected to solve it by having the debugger debug itself. The 248 * state we're about to save is that of the debugger when it took 249 * the fault. 250 */ 251 252 jmp kdi_save_common_state 253 254 SET_SIZE(kdi_master_entry) 255 SET_SIZE(kdi_cmnint) 256 257#endif /* __lint */ 258 259/* 260 * The cross-call handler for slave CPUs. 261 * 262 * The debugger is single-threaded, so only one CPU, called the master, may be 263 * running it at any given time. The other CPUs, known as slaves, spin in a 264 * busy loop until there's something for them to do. This is the entry point 265 * for the slaves - they'll be sent here in response to a cross-call sent by the 266 * master. 267 */ 268 269#if defined(__lint) 270char kdi_slave_entry_patch; 271 272void 273kdi_slave_entry(void) 274{ 275} 276#else /* __lint */ 277 .globl kdi_slave_entry_patch; 278 279 ENTRY_NP(kdi_slave_entry) 280 281 /* kdi_msr_add_clrentry knows where this is */ 282kdi_slave_entry_patch: 283 KDI_MSR_PATCH; 284 285 /* 286 * Cross calls are implemented as function calls, so our stack 287 * currently looks like one you'd get from a zero-argument function 288 * call. There's an %eip at %esp, and that's about it. We want to 289 * make it look like the master CPU's stack. By doing this, we can 290 * use the same resume code for both master and slave. We need to 291 * make our stack look like a `struct regs' before we jump into the 292 * common save routine. 293 */ 294 295 pushl %cs 296 pushfl 297 pushl $-1 /* A phony trap error code */ 298 pushl $-1 /* A phony trap number */ 299 pushal 300 pushl %ds 301 pushl %es 302 pushl %fs 303 pushl %gs 304 pushl %ss 305 306 subl $8, %esp 307 movl %ebp, REG_OFF(KDIREG_SAVFP)(%esp) 308 movl REG_OFF(KDIREG_EIP)(%esp), %eax 309 movl %eax, REG_OFF(KDIREG_SAVPC)(%esp) 310 311 /* 312 * Swap our saved EFLAGS and %eip. Each is where the other 313 * should be. 314 */ 315 movl REG_OFF(KDIREG_EFLAGS)(%esp), %eax 316 xchgl REG_OFF(KDIREG_EIP)(%esp), %eax 317 movl %eax, REG_OFF(KDIREG_EFLAGS)(%esp) 318 319 /* 320 * Our stack now matches struct regs, and is irettable. We don't need 321 * to do anything special for the hypervisor w.r.t. PS_IE since we 322 * iret twice anyway; the second iret back to the hypervisor 323 * will re-enable interrupts. 324 */ 325 CLI(%eax) 326 327 /* Load sanitized segment selectors */ 328 movw kdi_ds, %ds 329 movw kdi_ds, %es 330 movw kdi_fs, %fs 331 movw kdi_gs, %gs 332 movw kdi_ds, %ss 333 334 GET_CPUSAVE_ADDR /* %eax = cpusave, %ebx = CPU ID */ 335 336 ADVANCE_CRUMB_POINTER(%eax, %ecx, %edx) 337 338 ADD_CRUMB(%eax, KRM_CPU_STATE, $KDI_CPU_STATE_SLAVE, %edx) 339 340 movl REG_OFF(KDIREG_EIP)(%esp), %ecx 341 ADD_CRUMB(%eax, KRM_PC, %ecx, %edx) 342 343 pushl %eax 344 jmp kdi_save_common_state 345 346 SET_SIZE(kdi_slave_entry) 347 348#endif /* __lint */ 349 350#if !defined(__lint) 351 352 ENTRY_NP(kdi_save_common_state) 353 354 /* 355 * The state of the world: 356 * 357 * The stack has a complete set of saved registers and segment 358 * selectors, arranged in `struct regs' order (or vice-versa), up to 359 * and including EFLAGS. It also has a pointer to our cpusave area. 360 * 361 * We need to save a pointer to these saved registers. We also want 362 * to adjust the saved %esp - it should point just beyond the saved 363 * registers to the last frame of the thread we interrupted. Finally, 364 * we want to clear out bits 16-31 of the saved selectors, as the 365 * selector pushls don't automatically clear them. 366 */ 367 popl %eax /* the cpusave area */ 368 369 movl %esp, KRS_GREGS(%eax) /* save ptr to current saved regs */ 370 371 SAVE_IDTGDT 372 373 addl $REG_OFF(KDIREG_EFLAGS - KDIREG_EAX), KDIREG_OFF(KDIREG_ESP)(%esp) 374 375 andl $0xffff, KDIREG_OFF(KDIREG_SS)(%esp) 376 andl $0xffff, KDIREG_OFF(KDIREG_GS)(%esp) 377 andl $0xffff, KDIREG_OFF(KDIREG_FS)(%esp) 378 andl $0xffff, KDIREG_OFF(KDIREG_ES)(%esp) 379 andl $0xffff, KDIREG_OFF(KDIREG_DS)(%esp) 380 381 /* Save off %cr0, and clear write protect */ 382 movl %cr0, %ecx 383 movl %ecx, KRS_CR0(%eax) 384 andl $_BITNOT(CR0_WP), %ecx 385 movl %ecx, %cr0 386 pushl %edi 387 movl %eax, %edi 388 389 /* Save the debug registers and disable any active watchpoints */ 390 pushl $7 391 call kdi_dreg_get 392 addl $4, %esp 393 394 movl %eax, KRS_DRCTL(%edi) 395 andl $_BITNOT(KDIREG_DRCTL_WPALLEN_MASK), %eax 396 397 pushl %eax 398 pushl $7 399 call kdi_dreg_set 400 addl $8, %esp 401 402 pushl $6 403 call kdi_dreg_get 404 addl $4, %esp 405 movl %eax, KRS_DRSTAT(%edi) 406 407 pushl $0 408 call kdi_dreg_get 409 addl $4, %esp 410 movl %eax, KRS_DROFF(0)(%edi) 411 412 pushl $1 413 call kdi_dreg_get 414 addl $4, %esp 415 movl %eax, KRS_DROFF(1)(%edi) 416 417 pushl $2 418 call kdi_dreg_get 419 addl $4, %esp 420 movl %eax, KRS_DROFF(2)(%edi) 421 422 pushl $3 423 call kdi_dreg_get 424 addl $4, %esp 425 movl %eax, KRS_DROFF(3)(%edi) 426 427 movl %edi, %eax 428 popl %edi 429 430 /* 431 * Save any requested MSRs. 432 */ 433 movl KRS_MSR(%eax), %ecx 434 cmpl $0, %ecx 435 je no_msr 436 437 pushl %eax /* rdmsr clobbers %eax */ 438 movl %ecx, %ebx 4391: 440 movl MSR_NUM(%ebx), %ecx 441 cmpl $0, %ecx 442 je msr_done 443 444 movl MSR_TYPE(%ebx), %edx 445 cmpl $KDI_MSR_READ, %edx 446 jne msr_next 447 448 rdmsr /* addr in %ecx, value into %edx:%eax */ 449 movl %eax, MSR_VAL(%ebx) 450 movl %edx, _CONST(MSR_VAL + 4)(%ebx) 451 452msr_next: 453 addl $MSR_SIZE, %ebx 454 jmp 1b 455 456msr_done: 457 popl %eax 458 459no_msr: 460 clr %ebp /* stack traces should end here */ 461 462 pushl %eax 463 call kdi_debugger_entry 464 pushl %eax /* leave cpusave on the stack */ 465 466 jmp kdi_resume 467 468 SET_SIZE(kdi_save_common_state) 469 470#endif /* !__lint */ 471 472/* 473 * Given the address of the current CPU's cpusave area in %edi, the following 474 * macro restores the debugging state to said CPU. Restored state includes 475 * the debug registers from the global %dr variables, and debugging MSRs from 476 * the CPU save area. This code would be in a separate routine, but for the 477 * fact that some of the MSRs are jump-sensitive. As such, we need to minimize 478 * the number of jumps taken subsequent to the update of said MSRs. We can 479 * remove one jump (the ret) by using a macro instead of a function for the 480 * debugging state restoration code. 481 * 482 * Takes the cpusave area in %edi as a parameter, clobbers %eax-%edx 483 */ 484#define KDI_RESTORE_DEBUGGING_STATE \ 485 leal kdi_drreg, %ebx; \ 486 \ 487 pushl DR_CTL(%ebx); \ 488 pushl $7; \ 489 call kdi_dreg_set; \ 490 addl $8, %esp; \ 491 \ 492 pushl $KDIREG_DRSTAT_RESERVED; \ 493 pushl $6; \ 494 call kdi_dreg_set; \ 495 addl $8, %esp; \ 496 \ 497 pushl DRADDR_OFF(0)(%ebx); \ 498 pushl $0; \ 499 call kdi_dreg_set; \ 500 addl $8, %esp; \ 501 \ 502 pushl DRADDR_OFF(1)(%ebx); \ 503 pushl $1; \ 504 call kdi_dreg_set; \ 505 addl $8, %esp; \ 506 \ 507 pushl DRADDR_OFF(2)(%ebx); \ 508 pushl $2; \ 509 call kdi_dreg_set; \ 510 addl $8, %esp; \ 511 \ 512 pushl DRADDR_OFF(3)(%ebx); \ 513 pushl $3; \ 514 call kdi_dreg_set; \ 515 addl $8, %esp; \ 516 \ 517 /* \ 518 * Write any requested MSRs. \ 519 */ \ 520 movl KRS_MSR(%edi), %ebx; \ 521 cmpl $0, %ebx; \ 522 je 3f; \ 5231: \ 524 movl MSR_NUM(%ebx), %ecx; \ 525 cmpl $0, %ecx; \ 526 je 3f; \ 527 \ 528 movl MSR_TYPE(%ebx), %edx; \ 529 cmpl $KDI_MSR_WRITE, %edx; \ 530 jne 2f; \ 531 \ 532 movl MSR_VALP(%ebx), %edx; \ 533 movl 0(%edx), %eax; \ 534 movl 4(%edx), %edx; \ 535 wrmsr; \ 5362: \ 537 addl $MSR_SIZE, %ebx; \ 538 jmp 1b; \ 5393: \ 540 /* \ 541 * We must not branch after re-enabling LBR. If \ 542 * kdi_wsr_wrexit_msr is set, it contains the number \ 543 * of the MSR that controls LBR. kdi_wsr_wrexit_valp \ 544 * contains the value that is to be written to enable \ 545 * LBR. \ 546 */ \ 547 movl kdi_msr_wrexit_msr, %ecx; \ 548 cmpl $0, %ecx; \ 549 je 1f; \ 550 \ 551 movl kdi_msr_wrexit_valp, %edx; \ 552 movl 0(%edx), %eax; \ 553 movl 4(%edx), %edx; \ 554 \ 555 wrmsr; \ 5561: 557 558#if defined(__lint) 559/*ARGSUSED*/ 560void 561kdi_cpu_debug_init(kdi_cpusave_t *save) 562{ 563} 564#else /* __lint */ 565 566 ENTRY_NP(kdi_cpu_debug_init) 567 pushl %ebp 568 movl %esp, %ebp 569 570 pushl %edi 571 pushl %ebx 572 573 movl 8(%ebp), %edi 574 575 KDI_RESTORE_DEBUGGING_STATE 576 577 popl %ebx 578 popl %edi 579 leave 580 ret 581 582 SET_SIZE(kdi_cpu_debug_init) 583#endif /* !__lint */ 584 585/* 586 * Resume the world. The code that calls kdi_resume has already 587 * decided whether or not to restore the IDT. 588 */ 589#if defined(__lint) 590void 591kdi_resume(void) 592{ 593} 594#else /* __lint */ 595 596 ENTRY_NP(kdi_resume) 597 popl %ebx /* command */ 598 popl %eax /* cpusave */ 599 600 cmpl $KDI_RESUME_PASS_TO_KERNEL, %ebx 601 je kdi_pass_to_kernel 602 603 /* 604 * Send this CPU back into the world 605 */ 606 607 movl KRS_CR0(%eax), %edx 608 movl %edx, %cr0 609 610 pushl %edi 611 movl %eax, %edi 612 613 KDI_RESTORE_DEBUGGING_STATE 614 615 popl %edi 616 617 addl $8, %esp /* Discard savfp and savpc */ 618 619 popl %ss 620 popl %gs 621 popl %fs 622 popl %es 623 popl %ds 624 popal 625 626 addl $8, %esp /* Discard TRAPNO and ERROR */ 627 628 IRET 629 630 SET_SIZE(kdi_resume) 631#endif /* __lint */ 632 633#if !defined(__lint) 634 635 ENTRY_NP(kdi_pass_to_kernel) 636 637 /* cpusave is still in %eax */ 638 movl KRS_CR0(%eax), %edx 639 movl %edx, %cr0 640 641 /* 642 * When we replaced the kernel's handlers in the IDT, we made note of 643 * the handlers being replaced, thus allowing us to pass traps directly 644 * to said handlers here. We won't have any registers available for use 645 * after we start popping, and we know we're single-threaded here, so 646 * we have to use a global to store the handler address. 647 */ 648 pushl REG_OFF(KDIREG_TRAPNO)(%esp) 649 call kdi_kernel_trap2hdlr 650 addl $4, %esp 651 movl %eax, kdi_kernel_handler 652 653 /* 654 * The trap handler will expect the stack to be in trap order, with 655 * %eip being the last entry. Our stack is currently in KDIREG_* 656 * order, so we'll need to pop (and restore) our way back down. 657 */ 658 addl $8, %esp /* Discard savfp and savpc */ 659 popl %ss 660 popl %gs 661 popl %fs 662 popl %es 663 popl %ds 664 popal 665 addl $8, %esp /* Discard trapno and err */ 666 667 ljmp $KCS_SEL, $1f 6681: jmp *%cs:kdi_kernel_handler 669 /*NOTREACHED*/ 670 671 SET_SIZE(kdi_pass_to_kernel) 672 673 /* 674 * Reboot the system. This routine is to be called only by the master 675 * CPU. 676 */ 677 ENTRY_NP(kdi_reboot) 678 679 pushl $AD_BOOT 680 pushl $A_SHUTDOWN 681 call *psm_shutdownf 682 addl $8, %esp 683 684 /* 685 * psm_shutdown didn't work or it wasn't set, try pc_reset. 686 */ 687 call pc_reset 688 /*NOTREACHED*/ 689 690 SET_SIZE(kdi_reboot) 691 692#endif /* !__lint */ 693