xref: /titanic_41/usr/src/uts/intel/kdi/kdi_idt.c (revision 200c5a5a428f15c16e2a526ed69d462af62e8e1a)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 /*
29  * Management of KMDB's IDT, which is installed upon KMDB activation.
30  *
31  * Debugger activation has two flavors, which cover the cases where KMDB is
32  * loaded at boot, and when it is loaded after boot.  In brief, in both cases,
33  * the KDI needs to interpose upon several handlers in the IDT.  When
34  * mod-loaded KMDB is deactivated, we undo the IDT interposition, restoring the
35  * handlers to what they were before we started.
36  *
37  * We also take over the entirety of IDT (except the double-fault handler) on
38  * the active CPU when we're in kmdb so we can handle things like page faults
39  * sensibly.
40  *
41  * Boot-loaded KMDB
42  *
43  * When we're first activated, we're running on boot's IDT.  We need to be able
44  * to function in this world, so we'll install our handlers into boot's IDT.
45  * This is a little complicated: we're using the fake cpu_t set up by
46  * boot_kdi_tmpinit(), so we can't access cpu_idt directly.  Instead,
47  * kdi_idt_write() notices that cpu_idt is NULL, and works around this problem.
48  *
49  * Later, when we're about to switch to the kernel's IDT, it'll call us via
50  * kdi_idt_sync(), allowing us to add our handlers to the new IDT.  While
51  * boot-loaded KMDB can't be unloaded, we still need to save the descriptors we
52  * replace so we can pass traps back to the kernel as necessary.
53  *
54  * The last phase of boot-loaded KMDB activation occurs at non-boot CPU
55  * startup.  We will be called on each non-boot CPU, thus allowing us to set up
56  * any watchpoints that may have been configured on the boot CPU and interpose
57  * on the given CPU's IDT.  We don't save the interposed descriptors in this
58  * case -- see kdi_cpu_init() for details.
59  *
60  * Mod-loaded KMDB
61  *
62  * This style of activation is much simpler, as the CPUs are already running,
63  * and are using their own copy of the kernel's IDT.  We simply interpose upon
64  * each CPU's IDT.  We save the handlers we replace, both for deactivation and
65  * for passing traps back to the kernel.  Note that for Xen's benefit, we need
66  * to xcall to the other CPUs to do this, since we need to actively set the
67  * trap entries in its virtual IDT from that vcpu's context rather than just
68  * modify the IDT table from the CPU running kdi_activate().
69  */
70 
71 #include <sys/types.h>
72 #include <sys/segments.h>
73 #include <sys/trap.h>
74 #include <sys/cpuvar.h>
75 #include <sys/reboot.h>
76 #include <sys/sunddi.h>
77 #include <sys/archsystm.h>
78 #include <sys/kdi_impl.h>
79 #include <sys/x_call.h>
80 #include <ia32/sys/psw.h>
81 
82 #define	KDI_GATE_NVECS	3
83 
84 #define	KDI_IDT_NOSAVE	0
85 #define	KDI_IDT_SAVE	1
86 
87 #define	KDI_IDT_DTYPE_KERNEL	0
88 #define	KDI_IDT_DTYPE_BOOT	1
89 
90 kdi_cpusave_t *kdi_cpusave;
91 int kdi_ncpusave;
92 
93 static kdi_main_t kdi_kmdb_main;
94 
95 kdi_drreg_t kdi_drreg;
96 
97 #ifndef __amd64
98 /* Used to track the current set of valid kernel selectors. */
99 uint32_t	kdi_cs;
100 uint32_t	kdi_ds;
101 uint32_t	kdi_fs;
102 uint32_t	kdi_gs;
103 #endif
104 
105 uint_t		kdi_msr_wrexit_msr;
106 uint64_t	*kdi_msr_wrexit_valp;
107 
108 uintptr_t	kdi_kernel_handler;
109 
110 int		kdi_trap_switch;
111 
112 #define	KDI_MEMRANGES_MAX	2
113 
114 kdi_memrange_t	kdi_memranges[KDI_MEMRANGES_MAX];
115 int		kdi_nmemranges;
116 
117 typedef void idt_hdlr_f(void);
118 
119 extern idt_hdlr_f kdi_trap0, kdi_trap1, kdi_int2, kdi_trap3, kdi_trap4;
120 extern idt_hdlr_f kdi_trap5, kdi_trap6, kdi_trap7, kdi_trap9;
121 extern idt_hdlr_f kdi_traperr10, kdi_traperr11, kdi_traperr12;
122 extern idt_hdlr_f kdi_traperr13, kdi_traperr14, kdi_trap16, kdi_trap17;
123 extern idt_hdlr_f kdi_trap18, kdi_trap19, kdi_trap20, kdi_ivct32;
124 extern idt_hdlr_f kdi_invaltrap;
125 extern size_t kdi_ivct_size;
126 extern char kdi_slave_entry_patch;
127 
128 typedef struct kdi_gate_spec {
129 	uint_t kgs_vec;
130 	uint_t kgs_dpl;
131 } kdi_gate_spec_t;
132 
133 static const kdi_gate_spec_t kdi_gate_specs[KDI_GATE_NVECS] = {
134 	{ T_SGLSTP, SEL_KPL },
135 	{ T_BPTFLT, SEL_UPL },
136 	{ T_DBGENTR, SEL_KPL }
137 };
138 
139 static gate_desc_t kdi_kgates[KDI_GATE_NVECS];
140 
141 gate_desc_t kdi_idt[NIDT];
142 
143 struct idt_description {
144 	uint_t id_low;
145 	uint_t id_high;
146 	idt_hdlr_f *id_basehdlr;
147 	size_t *id_incrp;
148 } idt_description[] = {
149 	{ T_ZERODIV, 0,		kdi_trap0, NULL },
150 	{ T_SGLSTP, 0,		kdi_trap1, NULL },
151 	{ T_NMIFLT, 0,		kdi_int2, NULL },
152 	{ T_BPTFLT, 0,		kdi_trap3, NULL },
153 	{ T_OVFLW, 0,		kdi_trap4, NULL },
154 	{ T_BOUNDFLT, 0,	kdi_trap5, NULL },
155 	{ T_ILLINST, 0,		kdi_trap6, NULL },
156 	{ T_NOEXTFLT, 0,	kdi_trap7, NULL },
157 	{ T_DBLFLT, 0,		syserrtrap, NULL },
158 	{ T_EXTOVRFLT, 0,	kdi_trap9, NULL },
159 	{ T_TSSFLT, 0,		kdi_traperr10, NULL },
160 	{ T_SEGFLT, 0,		kdi_traperr11, NULL },
161 	{ T_STKFLT, 0,		kdi_traperr12, NULL },
162 	{ T_GPFLT, 0,		kdi_traperr13, NULL },
163 	{ T_PGFLT, 0,		kdi_traperr14, NULL },
164 	{ 15, 0,		kdi_invaltrap, NULL },
165 	{ T_EXTERRFLT, 0, 	kdi_trap16, NULL },
166 	{ T_ALIGNMENT, 0, 	kdi_trap17, NULL },
167 	{ T_MCE, 0,		kdi_trap18, NULL },
168 	{ T_SIMDFPE, 0,		kdi_trap19, NULL },
169 	{ T_DBGENTR, 0,		kdi_trap20, NULL },
170 	{ 21, 31,		kdi_invaltrap, NULL },
171 	{ 32, 255,		kdi_ivct32, &kdi_ivct_size },
172 	{ 0, 0, NULL },
173 };
174 
175 void
176 kdi_idt_init(selector_t sel)
177 {
178 	struct idt_description *id;
179 	int i;
180 
181 	for (id = idt_description; id->id_basehdlr != NULL; id++) {
182 		uint_t high = id->id_high != 0 ? id->id_high : id->id_low;
183 		size_t incr = id->id_incrp != NULL ? *id->id_incrp : 0;
184 
185 		for (i = id->id_low; i <= high; i++) {
186 			caddr_t hdlr = (caddr_t)id->id_basehdlr +
187 			    incr * (i - id->id_low);
188 			set_gatesegd(&kdi_idt[i], (void (*)())hdlr, sel,
189 			    SDT_SYSIGT, SEL_KPL);
190 		}
191 	}
192 }
193 
194 /*
195  * Patch caller-provided code into the debugger's IDT handlers.  This code is
196  * used to save MSRs that must be saved before the first branch.  All handlers
197  * are essentially the same, and end with a branch to kdi_cmnint.  To save the
198  * MSR, we need to patch in before the branch.  The handlers have the following
199  * structure: KDI_MSR_PATCHOFF bytes of code, KDI_MSR_PATCHSZ bytes of
200  * patchable space, followed by more code.
201  */
202 void
203 kdi_idt_patch(caddr_t code, size_t sz)
204 {
205 	int i;
206 
207 	ASSERT(sz <= KDI_MSR_PATCHSZ);
208 
209 	for (i = 0; i < sizeof (kdi_idt) / sizeof (struct gate_desc); i++) {
210 		gate_desc_t *gd;
211 		uchar_t *patch;
212 
213 		if (i == T_DBLFLT)
214 			continue;	/* uses kernel's handler */
215 
216 		gd = &kdi_idt[i];
217 		patch = (uchar_t *)GATESEG_GETOFFSET(gd) + KDI_MSR_PATCHOFF;
218 
219 		/*
220 		 * We can't ASSERT that there's a nop here, because this may be
221 		 * a debugger restart.  In that case, we're copying the new
222 		 * patch point over the old one.
223 		 */
224 		/* FIXME: dtrace fbt ... */
225 		bcopy(code, patch, sz);
226 
227 		/* Fill the rest with nops to be sure */
228 		while (sz < KDI_MSR_PATCHSZ)
229 			patch[sz++] = 0x90; /* nop */
230 	}
231 }
232 
233 static void
234 kdi_idt_gates_install(selector_t sel, int saveold)
235 {
236 	gate_desc_t gates[KDI_GATE_NVECS];
237 	int i;
238 
239 	bzero(gates, sizeof (*gates));
240 
241 	for (i = 0; i < KDI_GATE_NVECS; i++) {
242 		const kdi_gate_spec_t *gs = &kdi_gate_specs[i];
243 		uintptr_t func = GATESEG_GETOFFSET(&kdi_idt[gs->kgs_vec]);
244 		set_gatesegd(&gates[i], (void (*)())func, sel, SDT_SYSIGT,
245 		    gs->kgs_dpl);
246 	}
247 
248 	for (i = 0; i < KDI_GATE_NVECS; i++) {
249 		uint_t vec = kdi_gate_specs[i].kgs_vec;
250 
251 		if (saveold)
252 			kdi_kgates[i] = CPU->cpu_m.mcpu_idt[vec];
253 
254 		kdi_idt_write(&gates[i], vec);
255 	}
256 }
257 
258 static void
259 kdi_idt_gates_restore(void)
260 {
261 	int i;
262 
263 	for (i = 0; i < KDI_GATE_NVECS; i++)
264 		kdi_idt_write(&kdi_kgates[i], kdi_gate_specs[i].kgs_vec);
265 }
266 
267 /*
268  * Used by the code which passes traps back to the kernel to retrieve the
269  * address of the kernel's handler for a given trap.  We get this address
270  * from the descriptor save area, which we populated when we loaded the
271  * debugger (mod-loaded) or initialized the kernel's IDT (boot-loaded).
272  */
273 uintptr_t
274 kdi_kernel_trap2hdlr(int vec)
275 {
276 	int i;
277 
278 	for (i = 0; i < KDI_GATE_NVECS; i++) {
279 		if (kdi_gate_specs[i].kgs_vec == vec)
280 			return (GATESEG_GETOFFSET(&kdi_kgates[i]));
281 	}
282 
283 	return (NULL);
284 }
285 
286 /*
287  * Called when we switch to the kernel's IDT.  We need to interpose on the
288  * kernel's IDT entries and stop using KMDBCODE_SEL.
289  */
290 void
291 kdi_idt_sync(void)
292 {
293 	kdi_idt_init(KCS_SEL);
294 	kdi_idt_gates_install(KCS_SEL, KDI_IDT_SAVE);
295 }
296 
297 /*
298  * On some processors, we'll need to clear a certain MSR before proceeding into
299  * the debugger.  Complicating matters, this MSR must be cleared before we take
300  * any branches.  We have patch points in every trap handler, which will cover
301  * all entry paths for master CPUs.  We also have a patch point in the slave
302  * entry code.
303  */
304 static void
305 kdi_msr_add_clrentry(uint_t msr)
306 {
307 #ifdef __amd64
308 	uchar_t code[] = {
309 		0x51, 0x50, 0x52,		/* pushq %rcx, %rax, %rdx */
310 		0xb9, 0x00, 0x00, 0x00, 0x00,	/* movl $MSRNUM, %ecx */
311 		0x31, 0xc0,			/* clr %eax */
312 		0x31, 0xd2,			/* clr %edx */
313 		0x0f, 0x30,			/* wrmsr */
314 		0x5a, 0x58, 0x59		/* popq %rdx, %rax, %rcx */
315 	};
316 	uchar_t *patch = &code[4];
317 #else
318 	uchar_t code[] = {
319 		0x60,				/* pushal */
320 		0xb9, 0x00, 0x00, 0x00, 0x00,	/* movl $MSRNUM, %ecx */
321 		0x31, 0xc0,			/* clr %eax */
322 		0x31, 0xd2,			/* clr %edx */
323 		0x0f, 0x30,			/* wrmsr */
324 		0x61				/* popal */
325 	};
326 	uchar_t *patch = &code[2];
327 #endif
328 
329 	bcopy(&msr, patch, sizeof (uint32_t));
330 
331 	kdi_idt_patch((caddr_t)code, sizeof (code));
332 
333 	bcopy(code, &kdi_slave_entry_patch, sizeof (code));
334 }
335 
336 static void
337 kdi_msr_add_wrexit(uint_t msr, uint64_t *valp)
338 {
339 	kdi_msr_wrexit_msr = msr;
340 	kdi_msr_wrexit_valp = valp;
341 }
342 
343 void
344 kdi_set_debug_msrs(kdi_msr_t *msrs)
345 {
346 	int nmsrs, i;
347 
348 	ASSERT(kdi_cpusave[0].krs_msr == NULL);
349 
350 	/* Look in CPU0's MSRs for any special MSRs. */
351 	for (nmsrs = 0; msrs[nmsrs].msr_num != 0; nmsrs++) {
352 		switch (msrs[nmsrs].msr_type) {
353 		case KDI_MSR_CLEARENTRY:
354 			kdi_msr_add_clrentry(msrs[nmsrs].msr_num);
355 			break;
356 
357 		case KDI_MSR_WRITEDELAY:
358 			kdi_msr_add_wrexit(msrs[nmsrs].msr_num,
359 			    msrs[nmsrs].kdi_msr_valp);
360 			break;
361 		}
362 	}
363 
364 	nmsrs++;
365 
366 	for (i = 0; i < kdi_ncpusave; i++)
367 		kdi_cpusave[i].krs_msr = &msrs[nmsrs * i];
368 }
369 
370 void
371 kdi_update_drreg(kdi_drreg_t *drreg)
372 {
373 	kdi_drreg = *drreg;
374 }
375 
376 void
377 kdi_memrange_add(caddr_t base, size_t len)
378 {
379 	kdi_memrange_t *mr = &kdi_memranges[kdi_nmemranges];
380 
381 	ASSERT(kdi_nmemranges != KDI_MEMRANGES_MAX);
382 
383 	mr->mr_base = base;
384 	mr->mr_lim = base + len - 1;
385 	kdi_nmemranges++;
386 }
387 
388 void
389 kdi_idt_switch(kdi_cpusave_t *cpusave)
390 {
391 	if (cpusave == NULL)
392 		kdi_idtr_set(kdi_idt, sizeof (kdi_idt) - 1);
393 	else
394 		kdi_idtr_set(cpusave->krs_idt, sizeof (idt0) - 1);
395 }
396 
397 /*
398  * Activation for CPUs other than the boot CPU, called from that CPU's
399  * mp_startup().  We saved the kernel's descriptors when we initialized the
400  * boot CPU, so we don't want to do it again.  Saving the handlers from this
401  * CPU's IDT would actually be dangerous with the CPU initialization method in
402  * use at the time of this writing.  With that method, the startup code creates
403  * the IDTs for slave CPUs by copying the one used by the boot CPU, which has
404  * already been interposed upon by KMDB.  Were we to interpose again, we'd
405  * replace the kernel's descriptors with our own in the save area.  By not
406  * saving, but still overwriting, we'll work in the current world, and in any
407  * future world where the IDT is generated from scratch.
408  */
409 void
410 kdi_cpu_init(void)
411 {
412 	kdi_idt_gates_install(KCS_SEL, KDI_IDT_NOSAVE);
413 	/* Load the debug registers and MSRs */
414 	kdi_cpu_debug_init(&kdi_cpusave[CPU->cpu_id]);
415 }
416 
417 /*
418  * Activation for all CPUs for mod-loaded kmdb, i.e. a kmdb that wasn't
419  * loaded at boot.
420  */
421 static int
422 kdi_cpu_activate(void)
423 {
424 	kdi_idt_gates_install(KCS_SEL, KDI_IDT_SAVE);
425 	return (0);
426 }
427 
428 void
429 kdi_activate(kdi_main_t main, kdi_cpusave_t *cpusave, uint_t ncpusave)
430 {
431 	int i;
432 	cpuset_t cpuset;
433 
434 	CPUSET_ALL(cpuset);
435 
436 	kdi_cpusave = cpusave;
437 	kdi_ncpusave = ncpusave;
438 
439 	kdi_kmdb_main = main;
440 
441 	for (i = 0; i < kdi_ncpusave; i++) {
442 		kdi_cpusave[i].krs_cpu_id = i;
443 
444 		kdi_cpusave[i].krs_curcrumb =
445 		    &kdi_cpusave[i].krs_crumbs[KDI_NCRUMBS - 1];
446 		kdi_cpusave[i].krs_curcrumbidx = KDI_NCRUMBS - 1;
447 	}
448 
449 	if (boothowto & RB_KMDB)
450 		kdi_idt_init(KMDBCODE_SEL);
451 	else
452 		kdi_idt_init(KCS_SEL);
453 
454 	/* The initial selector set.  Updated by the debugger-entry code */
455 #ifndef __amd64
456 	kdi_cs = B32CODE_SEL;
457 	kdi_ds = kdi_fs = kdi_gs = B32DATA_SEL;
458 #endif
459 
460 	kdi_memranges[0].mr_base = kdi_segdebugbase;
461 	kdi_memranges[0].mr_lim = kdi_segdebugbase + kdi_segdebugsize - 1;
462 	kdi_nmemranges = 1;
463 
464 	kdi_drreg.dr_ctl = KDIREG_DRCTL_RESERVED;
465 	kdi_drreg.dr_stat = KDIREG_DRSTAT_RESERVED;
466 
467 	kdi_msr_wrexit_msr = 0;
468 	kdi_msr_wrexit_valp = NULL;
469 
470 	if (boothowto & RB_KMDB) {
471 		kdi_idt_gates_install(KMDBCODE_SEL, KDI_IDT_NOSAVE);
472 	} else {
473 		xc_call(0, 0, 0, X_CALL_HIPRI, cpuset,
474 		    (xc_func_t)kdi_cpu_activate);
475 	}
476 }
477 
478 static int
479 kdi_cpu_deactivate(void)
480 {
481 	kdi_idt_gates_restore();
482 	return (0);
483 }
484 
485 void
486 kdi_deactivate(void)
487 {
488 	cpuset_t cpuset;
489 	CPUSET_ALL(cpuset);
490 
491 	xc_call(0, 0, 0, X_CALL_HIPRI, cpuset, (xc_func_t)kdi_cpu_deactivate);
492 	kdi_nmemranges = 0;
493 }
494 
495 /*
496  * We receive all breakpoints and single step traps.  Some of them,
497  * including those from userland and those induced by DTrace providers,
498  * are intended for the kernel, and must be processed there.  We adopt
499  * this ours-until-proven-otherwise position due to the painful
500  * consequences of sending the kernel an unexpected breakpoint or
501  * single step.  Unless someone can prove to us that the kernel is
502  * prepared to handle the trap, we'll assume there's a problem and will
503  * give the user a chance to debug it.
504  */
505 static int
506 kdi_trap_pass(kdi_cpusave_t *cpusave)
507 {
508 	greg_t tt = cpusave->krs_gregs[KDIREG_TRAPNO];
509 	greg_t pc = cpusave->krs_gregs[KDIREG_PC];
510 	greg_t cs = cpusave->krs_gregs[KDIREG_CS];
511 
512 	if (USERMODE(cs))
513 		return (1);
514 
515 	if (tt != T_BPTFLT && tt != T_SGLSTP)
516 		return (0);
517 
518 	if (tt == T_BPTFLT && kdi_dtrace_get_state() ==
519 	    KDI_DTSTATE_DTRACE_ACTIVE)
520 		return (1);
521 
522 	/*
523 	 * See the comments in the kernel's T_SGLSTP handler for why we need to
524 	 * do this.
525 	 */
526 	if (tt == T_SGLSTP &&
527 	    pc == (greg_t)sys_sysenter || pc == (greg_t)brand_sys_sysenter)
528 		return (1);
529 
530 	return (0);
531 }
532 
533 /*
534  * State has been saved, and all CPUs are on the CPU-specific stacks.  All
535  * CPUs enter here, and head off into the debugger proper.
536  */
537 int
538 kdi_debugger_entry(kdi_cpusave_t *cpusave)
539 {
540 	if (kdi_trap_pass(cpusave)) {
541 		cpusave->krs_cpu_state = KDI_CPU_STATE_NONE;
542 		return (KDI_RESUME_PASS_TO_KERNEL);
543 	}
544 
545 	/*
546 	 * BPTFLT gives us control with %eip set to the instruction *after*
547 	 * the int 3.  Back it off, so we're looking at the instruction that
548 	 * triggered the fault.
549 	 */
550 	if (cpusave->krs_gregs[KDIREG_TRAPNO] == T_BPTFLT)
551 		cpusave->krs_gregs[KDIREG_PC]--;
552 
553 	kdi_kmdb_main(cpusave);
554 	return (KDI_RESUME);
555 }
556