1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2017-2018 John H. Baldwin <jhb@FreeBSD.org> 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include <sys/cdefs.h> 29 __FBSDID("$FreeBSD$"); 30 31 #include <sys/param.h> 32 #ifndef WITHOUT_CAPSICUM 33 #include <sys/capsicum.h> 34 #endif 35 #ifdef __FreeBSD__ 36 #include <sys/endian.h> 37 #else 38 #include <endian.h> 39 #endif 40 #include <sys/ioctl.h> 41 #include <sys/mman.h> 42 #include <sys/queue.h> 43 #include <sys/socket.h> 44 #include <machine/atomic.h> 45 #include <machine/specialreg.h> 46 #include <machine/vmm.h> 47 #include <netinet/in.h> 48 #include <assert.h> 49 #ifndef WITHOUT_CAPSICUM 50 #include <capsicum_helpers.h> 51 #endif 52 #include <err.h> 53 #include <errno.h> 54 #include <fcntl.h> 55 #include <pthread.h> 56 #include <pthread_np.h> 57 #include <stdbool.h> 58 #include <stdio.h> 59 #include <stdlib.h> 60 #include <string.h> 61 #include <sysexits.h> 62 #include <unistd.h> 63 #include <vmmapi.h> 64 65 #include "bhyverun.h" 66 #include "gdb.h" 67 #include "mem.h" 68 #include "mevent.h" 69 70 /* 71 * GDB_SIGNAL_* numbers are part of the GDB remote protocol. Most stops 72 * use SIGTRAP. 73 */ 74 #define GDB_SIGNAL_TRAP 5 75 76 static void gdb_resume_vcpus(void); 77 static void check_command(int fd); 78 79 static struct mevent *read_event, *write_event; 80 81 static cpuset_t vcpus_active, vcpus_suspended, vcpus_waiting; 82 static pthread_mutex_t gdb_lock; 83 static pthread_cond_t idle_vcpus; 84 static bool first_stop, report_next_stop, swbreak_enabled; 85 86 /* 87 * An I/O buffer contains 'capacity' bytes of room at 'data'. For a 88 * read buffer, 'start' is unused and 'len' contains the number of 89 * valid bytes in the buffer. For a write buffer, 'start' is set to 90 * the index of the next byte in 'data' to send, and 'len' contains 91 * the remaining number of valid bytes to send. 92 */ 93 struct io_buffer { 94 uint8_t *data; 95 size_t capacity; 96 size_t start; 97 size_t len; 98 }; 99 100 struct breakpoint { 101 uint64_t gpa; 102 uint8_t shadow_inst; 103 TAILQ_ENTRY(breakpoint) link; 104 }; 105 106 /* 107 * When a vCPU stops to due to an event that should be reported to the 108 * debugger, information about the event is stored in this structure. 109 * The vCPU thread then sets 'stopped_vcpu' if it is not already set 110 * and stops other vCPUs so the event can be reported. The 111 * report_stop() function reports the event for the 'stopped_vcpu' 112 * vCPU. When the debugger resumes execution via continue or step, 113 * the event for 'stopped_vcpu' is cleared. vCPUs will loop in their 114 * event handlers until the associated event is reported or disabled. 115 * 116 * An idle vCPU will have all of the boolean fields set to false. 117 * 118 * When a vCPU is stepped, 'stepping' is set to true when the vCPU is 119 * released to execute the stepped instruction. When the vCPU reports 120 * the stepping trap, 'stepped' is set. 121 * 122 * When a vCPU hits a breakpoint set by the debug server, 123 * 'hit_swbreak' is set to true. 124 */ 125 struct vcpu_state { 126 bool stepping; 127 bool stepped; 128 bool hit_swbreak; 129 }; 130 131 static struct io_buffer cur_comm, cur_resp; 132 static uint8_t cur_csum; 133 static struct vmctx *ctx; 134 static int cur_fd = -1; 135 static TAILQ_HEAD(, breakpoint) breakpoints; 136 static struct vcpu_state *vcpu_state; 137 static int cur_vcpu, stopped_vcpu; 138 139 const int gdb_regset[] = { 140 VM_REG_GUEST_RAX, 141 VM_REG_GUEST_RBX, 142 VM_REG_GUEST_RCX, 143 VM_REG_GUEST_RDX, 144 VM_REG_GUEST_RSI, 145 VM_REG_GUEST_RDI, 146 VM_REG_GUEST_RBP, 147 VM_REG_GUEST_RSP, 148 VM_REG_GUEST_R8, 149 VM_REG_GUEST_R9, 150 VM_REG_GUEST_R10, 151 VM_REG_GUEST_R11, 152 VM_REG_GUEST_R12, 153 VM_REG_GUEST_R13, 154 VM_REG_GUEST_R14, 155 VM_REG_GUEST_R15, 156 VM_REG_GUEST_RIP, 157 VM_REG_GUEST_RFLAGS, 158 VM_REG_GUEST_CS, 159 VM_REG_GUEST_SS, 160 VM_REG_GUEST_DS, 161 VM_REG_GUEST_ES, 162 VM_REG_GUEST_FS, 163 VM_REG_GUEST_GS 164 }; 165 166 const int gdb_regsize[] = { 167 8, 168 8, 169 8, 170 8, 171 8, 172 8, 173 8, 174 8, 175 8, 176 8, 177 8, 178 8, 179 8, 180 8, 181 8, 182 8, 183 8, 184 4, 185 4, 186 4, 187 4, 188 4, 189 4, 190 4 191 }; 192 193 #ifdef GDB_LOG 194 #include <stdarg.h> 195 #include <stdio.h> 196 197 static void __printflike(1, 2) 198 debug(const char *fmt, ...) 199 { 200 static FILE *logfile; 201 va_list ap; 202 203 if (logfile == NULL) { 204 logfile = fopen("/tmp/bhyve_gdb.log", "w"); 205 if (logfile == NULL) 206 return; 207 #ifndef WITHOUT_CAPSICUM 208 if (caph_limit_stream(fileno(logfile), CAPH_WRITE) == -1) { 209 fclose(logfile); 210 logfile = NULL; 211 return; 212 } 213 #endif 214 setlinebuf(logfile); 215 } 216 va_start(ap, fmt); 217 vfprintf(logfile, fmt, ap); 218 va_end(ap); 219 } 220 #else 221 #ifndef __FreeBSD__ 222 /* 223 * A totally empty debug() makes the compiler grumpy due to how its used with 224 * some control flow here. 225 */ 226 #define debug(...) do { } while (0) 227 #else 228 #define debug(...) 229 #endif 230 #endif 231 232 static void remove_all_sw_breakpoints(void); 233 234 static int 235 guest_paging_info(int vcpu, struct vm_guest_paging *paging) 236 { 237 uint64_t regs[4]; 238 const int regset[4] = { 239 VM_REG_GUEST_CR0, 240 VM_REG_GUEST_CR3, 241 VM_REG_GUEST_CR4, 242 VM_REG_GUEST_EFER 243 }; 244 245 if (vm_get_register_set(ctx, vcpu, nitems(regset), regset, regs) == -1) 246 return (-1); 247 248 /* 249 * For the debugger, always pretend to be the kernel (CPL 0), 250 * and if long-mode is enabled, always parse addresses as if 251 * in 64-bit mode. 252 */ 253 paging->cr3 = regs[1]; 254 paging->cpl = 0; 255 if (regs[3] & EFER_LMA) 256 paging->cpu_mode = CPU_MODE_64BIT; 257 else if (regs[0] & CR0_PE) 258 paging->cpu_mode = CPU_MODE_PROTECTED; 259 else 260 paging->cpu_mode = CPU_MODE_REAL; 261 if (!(regs[0] & CR0_PG)) 262 paging->paging_mode = PAGING_MODE_FLAT; 263 else if (!(regs[2] & CR4_PAE)) 264 paging->paging_mode = PAGING_MODE_32; 265 else if (regs[3] & EFER_LME) 266 paging->paging_mode = PAGING_MODE_64; 267 else 268 paging->paging_mode = PAGING_MODE_PAE; 269 return (0); 270 } 271 272 /* 273 * Map a guest virtual address to a physical address (for a given vcpu). 274 * If a guest virtual address is valid, return 1. If the address is 275 * not valid, return 0. If an error occurs obtaining the mapping, 276 * return -1. 277 */ 278 static int 279 guest_vaddr2paddr(int vcpu, uint64_t vaddr, uint64_t *paddr) 280 { 281 struct vm_guest_paging paging; 282 int fault; 283 284 if (guest_paging_info(vcpu, &paging) == -1) 285 return (-1); 286 287 /* 288 * Always use PROT_READ. We really care if the VA is 289 * accessible, not if the current vCPU can write. 290 */ 291 if (vm_gla2gpa_nofault(ctx, vcpu, &paging, vaddr, PROT_READ, paddr, 292 &fault) == -1) 293 return (-1); 294 if (fault) 295 return (0); 296 return (1); 297 } 298 299 static void 300 io_buffer_reset(struct io_buffer *io) 301 { 302 303 io->start = 0; 304 io->len = 0; 305 } 306 307 /* Available room for adding data. */ 308 static size_t 309 io_buffer_avail(struct io_buffer *io) 310 { 311 312 return (io->capacity - (io->start + io->len)); 313 } 314 315 static uint8_t * 316 io_buffer_head(struct io_buffer *io) 317 { 318 319 return (io->data + io->start); 320 } 321 322 static uint8_t * 323 io_buffer_tail(struct io_buffer *io) 324 { 325 326 return (io->data + io->start + io->len); 327 } 328 329 static void 330 io_buffer_advance(struct io_buffer *io, size_t amount) 331 { 332 333 assert(amount <= io->len); 334 io->start += amount; 335 io->len -= amount; 336 } 337 338 static void 339 io_buffer_consume(struct io_buffer *io, size_t amount) 340 { 341 342 io_buffer_advance(io, amount); 343 if (io->len == 0) { 344 io->start = 0; 345 return; 346 } 347 348 /* 349 * XXX: Consider making this move optional and compacting on a 350 * future read() before realloc(). 351 */ 352 memmove(io->data, io_buffer_head(io), io->len); 353 io->start = 0; 354 } 355 356 static void 357 io_buffer_grow(struct io_buffer *io, size_t newsize) 358 { 359 uint8_t *new_data; 360 size_t avail, new_cap; 361 362 avail = io_buffer_avail(io); 363 if (newsize <= avail) 364 return; 365 366 new_cap = io->capacity + (newsize - avail); 367 new_data = realloc(io->data, new_cap); 368 if (new_data == NULL) 369 err(1, "Failed to grow GDB I/O buffer"); 370 io->data = new_data; 371 io->capacity = new_cap; 372 } 373 374 static bool 375 response_pending(void) 376 { 377 378 if (cur_resp.start == 0 && cur_resp.len == 0) 379 return (false); 380 if (cur_resp.start + cur_resp.len == 1 && cur_resp.data[0] == '+') 381 return (false); 382 return (true); 383 } 384 385 static void 386 close_connection(void) 387 { 388 389 /* 390 * XXX: This triggers a warning because mevent does the close 391 * before the EV_DELETE. 392 */ 393 pthread_mutex_lock(&gdb_lock); 394 mevent_delete(write_event); 395 mevent_delete_close(read_event); 396 write_event = NULL; 397 read_event = NULL; 398 io_buffer_reset(&cur_comm); 399 io_buffer_reset(&cur_resp); 400 cur_fd = -1; 401 402 remove_all_sw_breakpoints(); 403 404 /* Clear any pending events. */ 405 memset(vcpu_state, 0, guest_ncpus * sizeof(*vcpu_state)); 406 407 /* Resume any stopped vCPUs. */ 408 gdb_resume_vcpus(); 409 pthread_mutex_unlock(&gdb_lock); 410 } 411 412 static uint8_t 413 hex_digit(uint8_t nibble) 414 { 415 416 if (nibble <= 9) 417 return (nibble + '0'); 418 else 419 return (nibble + 'a' - 10); 420 } 421 422 static uint8_t 423 parse_digit(uint8_t v) 424 { 425 426 if (v >= '0' && v <= '9') 427 return (v - '0'); 428 if (v >= 'a' && v <= 'f') 429 return (v - 'a' + 10); 430 if (v >= 'A' && v <= 'F') 431 return (v - 'A' + 10); 432 return (0xF); 433 } 434 435 /* Parses big-endian hexadecimal. */ 436 static uintmax_t 437 parse_integer(const uint8_t *p, size_t len) 438 { 439 uintmax_t v; 440 441 v = 0; 442 while (len > 0) { 443 v <<= 4; 444 v |= parse_digit(*p); 445 p++; 446 len--; 447 } 448 return (v); 449 } 450 451 static uint8_t 452 parse_byte(const uint8_t *p) 453 { 454 455 return (parse_digit(p[0]) << 4 | parse_digit(p[1])); 456 } 457 458 static void 459 send_pending_data(int fd) 460 { 461 ssize_t nwritten; 462 463 if (cur_resp.len == 0) { 464 mevent_disable(write_event); 465 return; 466 } 467 nwritten = write(fd, io_buffer_head(&cur_resp), cur_resp.len); 468 if (nwritten == -1) { 469 warn("Write to GDB socket failed"); 470 close_connection(); 471 } else { 472 io_buffer_advance(&cur_resp, nwritten); 473 if (cur_resp.len == 0) 474 mevent_disable(write_event); 475 else 476 mevent_enable(write_event); 477 } 478 } 479 480 /* Append a single character to the output buffer. */ 481 static void 482 send_char(uint8_t data) 483 { 484 io_buffer_grow(&cur_resp, 1); 485 *io_buffer_tail(&cur_resp) = data; 486 cur_resp.len++; 487 } 488 489 /* Append an array of bytes to the output buffer. */ 490 static void 491 send_data(const uint8_t *data, size_t len) 492 { 493 494 io_buffer_grow(&cur_resp, len); 495 memcpy(io_buffer_tail(&cur_resp), data, len); 496 cur_resp.len += len; 497 } 498 499 static void 500 format_byte(uint8_t v, uint8_t *buf) 501 { 502 503 buf[0] = hex_digit(v >> 4); 504 buf[1] = hex_digit(v & 0xf); 505 } 506 507 /* 508 * Append a single byte (formatted as two hex characters) to the 509 * output buffer. 510 */ 511 static void 512 send_byte(uint8_t v) 513 { 514 uint8_t buf[2]; 515 516 format_byte(v, buf); 517 send_data(buf, sizeof(buf)); 518 } 519 520 static void 521 start_packet(void) 522 { 523 524 send_char('$'); 525 cur_csum = 0; 526 } 527 528 static void 529 finish_packet(void) 530 { 531 532 send_char('#'); 533 send_byte(cur_csum); 534 debug("-> %.*s\n", (int)cur_resp.len, io_buffer_head(&cur_resp)); 535 } 536 537 /* 538 * Append a single character (for the packet payload) and update the 539 * checksum. 540 */ 541 static void 542 append_char(uint8_t v) 543 { 544 545 send_char(v); 546 cur_csum += v; 547 } 548 549 /* 550 * Append an array of bytes (for the packet payload) and update the 551 * checksum. 552 */ 553 static void 554 append_packet_data(const uint8_t *data, size_t len) 555 { 556 557 send_data(data, len); 558 while (len > 0) { 559 cur_csum += *data; 560 data++; 561 len--; 562 } 563 } 564 565 static void 566 append_string(const char *str) 567 { 568 569 #ifdef __FreeBSD__ 570 append_packet_data(str, strlen(str)); 571 #else 572 append_packet_data((const uint8_t *)str, strlen(str)); 573 #endif 574 } 575 576 static void 577 append_byte(uint8_t v) 578 { 579 uint8_t buf[2]; 580 581 format_byte(v, buf); 582 append_packet_data(buf, sizeof(buf)); 583 } 584 585 static void 586 append_unsigned_native(uintmax_t value, size_t len) 587 { 588 size_t i; 589 590 for (i = 0; i < len; i++) { 591 append_byte(value); 592 value >>= 8; 593 } 594 } 595 596 static void 597 append_unsigned_be(uintmax_t value, size_t len) 598 { 599 char buf[len * 2]; 600 size_t i; 601 602 for (i = 0; i < len; i++) { 603 #ifdef __FreeBSD__ 604 format_byte(value, buf + (len - i - 1) * 2); 605 #else 606 format_byte(value, (uint8_t *)(buf + (len - i - 1) * 2)); 607 #endif 608 value >>= 8; 609 } 610 #ifdef __FreeBSD__ 611 append_packet_data(buf, sizeof(buf)); 612 #else 613 append_packet_data((const uint8_t *)buf, sizeof(buf)); 614 #endif 615 } 616 617 static void 618 append_integer(unsigned int value) 619 { 620 621 if (value == 0) 622 append_char('0'); 623 else 624 append_unsigned_be(value, (fls(value) + 7) / 8); 625 } 626 627 static void 628 append_asciihex(const char *str) 629 { 630 631 while (*str != '\0') { 632 append_byte(*str); 633 str++; 634 } 635 } 636 637 static void 638 send_empty_response(void) 639 { 640 641 start_packet(); 642 finish_packet(); 643 } 644 645 static void 646 send_error(int error) 647 { 648 649 start_packet(); 650 append_char('E'); 651 append_byte(error); 652 finish_packet(); 653 } 654 655 static void 656 send_ok(void) 657 { 658 659 start_packet(); 660 append_string("OK"); 661 finish_packet(); 662 } 663 664 static int 665 parse_threadid(const uint8_t *data, size_t len) 666 { 667 668 if (len == 1 && *data == '0') 669 return (0); 670 if (len == 2 && memcmp(data, "-1", 2) == 0) 671 return (-1); 672 if (len == 0) 673 return (-2); 674 return (parse_integer(data, len)); 675 } 676 677 /* 678 * Report the current stop event to the debugger. If the stop is due 679 * to an event triggered on a specific vCPU such as a breakpoint or 680 * stepping trap, stopped_vcpu will be set to the vCPU triggering the 681 * stop. If 'set_cur_vcpu' is true, then cur_vcpu will be updated to 682 * the reporting vCPU for vCPU events. 683 */ 684 static void 685 report_stop(bool set_cur_vcpu) 686 { 687 struct vcpu_state *vs; 688 689 start_packet(); 690 if (stopped_vcpu == -1) { 691 append_char('S'); 692 append_byte(GDB_SIGNAL_TRAP); 693 } else { 694 vs = &vcpu_state[stopped_vcpu]; 695 if (set_cur_vcpu) 696 cur_vcpu = stopped_vcpu; 697 append_char('T'); 698 append_byte(GDB_SIGNAL_TRAP); 699 append_string("thread:"); 700 append_integer(stopped_vcpu + 1); 701 append_char(';'); 702 if (vs->hit_swbreak) { 703 debug("$vCPU %d reporting swbreak\n", stopped_vcpu); 704 if (swbreak_enabled) 705 append_string("swbreak:;"); 706 } else if (vs->stepped) 707 debug("$vCPU %d reporting step\n", stopped_vcpu); 708 else 709 debug("$vCPU %d reporting ???\n", stopped_vcpu); 710 } 711 finish_packet(); 712 report_next_stop = false; 713 } 714 715 /* 716 * If this stop is due to a vCPU event, clear that event to mark it as 717 * acknowledged. 718 */ 719 static void 720 discard_stop(void) 721 { 722 struct vcpu_state *vs; 723 724 if (stopped_vcpu != -1) { 725 vs = &vcpu_state[stopped_vcpu]; 726 vs->hit_swbreak = false; 727 vs->stepped = false; 728 stopped_vcpu = -1; 729 } 730 report_next_stop = true; 731 } 732 733 static void 734 gdb_finish_suspend_vcpus(void) 735 { 736 737 if (first_stop) { 738 first_stop = false; 739 stopped_vcpu = -1; 740 } else if (report_next_stop) { 741 assert(!response_pending()); 742 report_stop(true); 743 send_pending_data(cur_fd); 744 } 745 } 746 747 /* 748 * vCPU threads invoke this function whenever the vCPU enters the 749 * debug server to pause or report an event. vCPU threads wait here 750 * as long as the debug server keeps them suspended. 751 */ 752 static void 753 _gdb_cpu_suspend(int vcpu, bool report_stop) 754 { 755 756 debug("$vCPU %d suspending\n", vcpu); 757 CPU_SET(vcpu, &vcpus_waiting); 758 if (report_stop && CPU_CMP(&vcpus_waiting, &vcpus_suspended) == 0) 759 gdb_finish_suspend_vcpus(); 760 while (CPU_ISSET(vcpu, &vcpus_suspended)) 761 pthread_cond_wait(&idle_vcpus, &gdb_lock); 762 CPU_CLR(vcpu, &vcpus_waiting); 763 debug("$vCPU %d resuming\n", vcpu); 764 } 765 766 /* 767 * Invoked at the start of a vCPU thread's execution to inform the 768 * debug server about the new thread. 769 */ 770 void 771 gdb_cpu_add(int vcpu) 772 { 773 774 debug("$vCPU %d starting\n", vcpu); 775 pthread_mutex_lock(&gdb_lock); 776 assert(vcpu < guest_ncpus); 777 CPU_SET(vcpu, &vcpus_active); 778 if (!TAILQ_EMPTY(&breakpoints)) { 779 vm_set_capability(ctx, vcpu, VM_CAP_BPT_EXIT, 1); 780 debug("$vCPU %d enabled breakpoint exits\n", vcpu); 781 } 782 783 /* 784 * If a vcpu is added while vcpus are stopped, suspend the new 785 * vcpu so that it will pop back out with a debug exit before 786 * executing the first instruction. 787 */ 788 if (!CPU_EMPTY(&vcpus_suspended)) { 789 CPU_SET(vcpu, &vcpus_suspended); 790 _gdb_cpu_suspend(vcpu, false); 791 } 792 pthread_mutex_unlock(&gdb_lock); 793 } 794 795 /* 796 * Invoked by vCPU before resuming execution. This enables stepping 797 * if the vCPU is marked as stepping. 798 */ 799 static void 800 gdb_cpu_resume(int vcpu) 801 { 802 struct vcpu_state *vs; 803 int error; 804 805 vs = &vcpu_state[vcpu]; 806 807 /* 808 * Any pending event should already be reported before 809 * resuming. 810 */ 811 assert(vs->hit_swbreak == false); 812 assert(vs->stepped == false); 813 if (vs->stepping) { 814 error = vm_set_capability(ctx, vcpu, VM_CAP_MTRAP_EXIT, 1); 815 assert(error == 0); 816 } 817 } 818 819 /* 820 * Handler for VM_EXITCODE_DEBUG used to suspend a vCPU when the guest 821 * has been suspended due to an event on different vCPU or in response 822 * to a guest-wide suspend such as Ctrl-C or the stop on attach. 823 */ 824 void 825 gdb_cpu_suspend(int vcpu) 826 { 827 828 pthread_mutex_lock(&gdb_lock); 829 _gdb_cpu_suspend(vcpu, true); 830 gdb_cpu_resume(vcpu); 831 pthread_mutex_unlock(&gdb_lock); 832 } 833 834 static void 835 gdb_suspend_vcpus(void) 836 { 837 838 assert(pthread_mutex_isowned_np(&gdb_lock)); 839 debug("suspending all CPUs\n"); 840 vcpus_suspended = vcpus_active; 841 vm_suspend_cpu(ctx, -1); 842 if (CPU_CMP(&vcpus_waiting, &vcpus_suspended) == 0) 843 gdb_finish_suspend_vcpus(); 844 } 845 846 /* 847 * Handler for VM_EXITCODE_MTRAP reported when a vCPU single-steps via 848 * the VT-x-specific MTRAP exit. 849 */ 850 void 851 gdb_cpu_mtrap(int vcpu) 852 { 853 struct vcpu_state *vs; 854 855 debug("$vCPU %d MTRAP\n", vcpu); 856 pthread_mutex_lock(&gdb_lock); 857 vs = &vcpu_state[vcpu]; 858 if (vs->stepping) { 859 vs->stepping = false; 860 vs->stepped = true; 861 vm_set_capability(ctx, vcpu, VM_CAP_MTRAP_EXIT, 0); 862 while (vs->stepped) { 863 if (stopped_vcpu == -1) { 864 debug("$vCPU %d reporting step\n", vcpu); 865 stopped_vcpu = vcpu; 866 gdb_suspend_vcpus(); 867 } 868 _gdb_cpu_suspend(vcpu, true); 869 } 870 gdb_cpu_resume(vcpu); 871 } 872 pthread_mutex_unlock(&gdb_lock); 873 } 874 875 static struct breakpoint * 876 find_breakpoint(uint64_t gpa) 877 { 878 struct breakpoint *bp; 879 880 TAILQ_FOREACH(bp, &breakpoints, link) { 881 if (bp->gpa == gpa) 882 return (bp); 883 } 884 return (NULL); 885 } 886 887 void 888 gdb_cpu_breakpoint(int vcpu, struct vm_exit *vmexit) 889 { 890 struct breakpoint *bp; 891 struct vcpu_state *vs; 892 uint64_t gpa; 893 int error; 894 895 pthread_mutex_lock(&gdb_lock); 896 error = guest_vaddr2paddr(vcpu, vmexit->rip, &gpa); 897 assert(error == 1); 898 bp = find_breakpoint(gpa); 899 if (bp != NULL) { 900 vs = &vcpu_state[vcpu]; 901 assert(vs->stepping == false); 902 assert(vs->stepped == false); 903 assert(vs->hit_swbreak == false); 904 vs->hit_swbreak = true; 905 vm_set_register(ctx, vcpu, VM_REG_GUEST_RIP, vmexit->rip); 906 for (;;) { 907 if (stopped_vcpu == -1) { 908 debug("$vCPU %d reporting breakpoint at rip %#lx\n", vcpu, 909 vmexit->rip); 910 stopped_vcpu = vcpu; 911 gdb_suspend_vcpus(); 912 } 913 _gdb_cpu_suspend(vcpu, true); 914 if (!vs->hit_swbreak) { 915 /* Breakpoint reported. */ 916 break; 917 } 918 bp = find_breakpoint(gpa); 919 if (bp == NULL) { 920 /* Breakpoint was removed. */ 921 vs->hit_swbreak = false; 922 break; 923 } 924 } 925 gdb_cpu_resume(vcpu); 926 } else { 927 debug("$vCPU %d injecting breakpoint at rip %#lx\n", vcpu, 928 vmexit->rip); 929 error = vm_set_register(ctx, vcpu, 930 VM_REG_GUEST_ENTRY_INST_LENGTH, vmexit->u.bpt.inst_length); 931 assert(error == 0); 932 error = vm_inject_exception(ctx, vcpu, IDT_BP, 0, 0, 0); 933 assert(error == 0); 934 } 935 pthread_mutex_unlock(&gdb_lock); 936 } 937 938 static bool 939 gdb_step_vcpu(int vcpu) 940 { 941 int error, val; 942 943 debug("$vCPU %d step\n", vcpu); 944 error = vm_get_capability(ctx, vcpu, VM_CAP_MTRAP_EXIT, &val); 945 if (error < 0) 946 return (false); 947 948 discard_stop(); 949 vcpu_state[vcpu].stepping = true; 950 vm_resume_cpu(ctx, vcpu); 951 CPU_CLR(vcpu, &vcpus_suspended); 952 pthread_cond_broadcast(&idle_vcpus); 953 return (true); 954 } 955 956 static void 957 gdb_resume_vcpus(void) 958 { 959 960 assert(pthread_mutex_isowned_np(&gdb_lock)); 961 vm_resume_cpu(ctx, -1); 962 debug("resuming all CPUs\n"); 963 CPU_ZERO(&vcpus_suspended); 964 pthread_cond_broadcast(&idle_vcpus); 965 } 966 967 static void 968 gdb_read_regs(void) 969 { 970 uint64_t regvals[nitems(gdb_regset)]; 971 int i; 972 973 if (vm_get_register_set(ctx, cur_vcpu, nitems(gdb_regset), 974 gdb_regset, regvals) == -1) { 975 send_error(errno); 976 return; 977 } 978 start_packet(); 979 for (i = 0; i < nitems(regvals); i++) 980 append_unsigned_native(regvals[i], gdb_regsize[i]); 981 finish_packet(); 982 } 983 984 static void 985 gdb_read_mem(const uint8_t *data, size_t len) 986 { 987 uint64_t gpa, gva, val; 988 uint8_t *cp; 989 size_t resid, todo, bytes; 990 bool started; 991 int error; 992 993 /* Skip 'm' */ 994 data += 1; 995 len -= 1; 996 997 /* Parse and consume address. */ 998 cp = memchr(data, ',', len); 999 if (cp == NULL || cp == data) { 1000 send_error(EINVAL); 1001 return; 1002 } 1003 gva = parse_integer(data, cp - data); 1004 len -= (cp - data) + 1; 1005 data += (cp - data) + 1; 1006 1007 /* Parse length. */ 1008 resid = parse_integer(data, len); 1009 1010 started = false; 1011 while (resid > 0) { 1012 error = guest_vaddr2paddr(cur_vcpu, gva, &gpa); 1013 if (error == -1) { 1014 if (started) 1015 finish_packet(); 1016 else 1017 send_error(errno); 1018 return; 1019 } 1020 if (error == 0) { 1021 if (started) 1022 finish_packet(); 1023 else 1024 send_error(EFAULT); 1025 return; 1026 } 1027 1028 /* Read bytes from current page. */ 1029 todo = getpagesize() - gpa % getpagesize(); 1030 if (todo > resid) 1031 todo = resid; 1032 1033 cp = paddr_guest2host(ctx, gpa, todo); 1034 if (cp != NULL) { 1035 /* 1036 * If this page is guest RAM, read it a byte 1037 * at a time. 1038 */ 1039 if (!started) { 1040 start_packet(); 1041 started = true; 1042 } 1043 while (todo > 0) { 1044 append_byte(*cp); 1045 cp++; 1046 gpa++; 1047 gva++; 1048 resid--; 1049 todo--; 1050 } 1051 } else { 1052 /* 1053 * If this page isn't guest RAM, try to handle 1054 * it via MMIO. For MMIO requests, use 1055 * aligned reads of words when possible. 1056 */ 1057 while (todo > 0) { 1058 if (gpa & 1 || todo == 1) 1059 bytes = 1; 1060 else if (gpa & 2 || todo == 2) 1061 bytes = 2; 1062 else 1063 bytes = 4; 1064 error = read_mem(ctx, cur_vcpu, gpa, &val, 1065 bytes); 1066 if (error == 0) { 1067 if (!started) { 1068 start_packet(); 1069 started = true; 1070 } 1071 gpa += bytes; 1072 gva += bytes; 1073 resid -= bytes; 1074 todo -= bytes; 1075 while (bytes > 0) { 1076 append_byte(val); 1077 val >>= 8; 1078 bytes--; 1079 } 1080 } else { 1081 if (started) 1082 finish_packet(); 1083 else 1084 send_error(EFAULT); 1085 return; 1086 } 1087 } 1088 } 1089 assert(resid == 0 || gpa % getpagesize() == 0); 1090 } 1091 if (!started) 1092 start_packet(); 1093 finish_packet(); 1094 } 1095 1096 static void 1097 gdb_write_mem(const uint8_t *data, size_t len) 1098 { 1099 uint64_t gpa, gva, val; 1100 uint8_t *cp; 1101 size_t resid, todo, bytes; 1102 int error; 1103 1104 /* Skip 'M' */ 1105 data += 1; 1106 len -= 1; 1107 1108 /* Parse and consume address. */ 1109 cp = memchr(data, ',', len); 1110 if (cp == NULL || cp == data) { 1111 send_error(EINVAL); 1112 return; 1113 } 1114 gva = parse_integer(data, cp - data); 1115 len -= (cp - data) + 1; 1116 data += (cp - data) + 1; 1117 1118 /* Parse and consume length. */ 1119 cp = memchr(data, ':', len); 1120 if (cp == NULL || cp == data) { 1121 send_error(EINVAL); 1122 return; 1123 } 1124 resid = parse_integer(data, cp - data); 1125 len -= (cp - data) + 1; 1126 data += (cp - data) + 1; 1127 1128 /* Verify the available bytes match the length. */ 1129 if (len != resid * 2) { 1130 send_error(EINVAL); 1131 return; 1132 } 1133 1134 while (resid > 0) { 1135 error = guest_vaddr2paddr(cur_vcpu, gva, &gpa); 1136 if (error == -1) { 1137 send_error(errno); 1138 return; 1139 } 1140 if (error == 0) { 1141 send_error(EFAULT); 1142 return; 1143 } 1144 1145 /* Write bytes to current page. */ 1146 todo = getpagesize() - gpa % getpagesize(); 1147 if (todo > resid) 1148 todo = resid; 1149 1150 cp = paddr_guest2host(ctx, gpa, todo); 1151 if (cp != NULL) { 1152 /* 1153 * If this page is guest RAM, write it a byte 1154 * at a time. 1155 */ 1156 while (todo > 0) { 1157 assert(len >= 2); 1158 *cp = parse_byte(data); 1159 data += 2; 1160 len -= 2; 1161 cp++; 1162 gpa++; 1163 gva++; 1164 resid--; 1165 todo--; 1166 } 1167 } else { 1168 /* 1169 * If this page isn't guest RAM, try to handle 1170 * it via MMIO. For MMIO requests, use 1171 * aligned writes of words when possible. 1172 */ 1173 while (todo > 0) { 1174 if (gpa & 1 || todo == 1) { 1175 bytes = 1; 1176 val = parse_byte(data); 1177 } else if (gpa & 2 || todo == 2) { 1178 bytes = 2; 1179 val = be16toh(parse_integer(data, 4)); 1180 } else { 1181 bytes = 4; 1182 val = be32toh(parse_integer(data, 8)); 1183 } 1184 error = write_mem(ctx, cur_vcpu, gpa, val, 1185 bytes); 1186 if (error == 0) { 1187 gpa += bytes; 1188 gva += bytes; 1189 resid -= bytes; 1190 todo -= bytes; 1191 data += 2 * bytes; 1192 len -= 2 * bytes; 1193 } else { 1194 send_error(EFAULT); 1195 return; 1196 } 1197 } 1198 } 1199 assert(resid == 0 || gpa % getpagesize() == 0); 1200 } 1201 assert(len == 0); 1202 send_ok(); 1203 } 1204 1205 static bool 1206 set_breakpoint_caps(bool enable) 1207 { 1208 cpuset_t mask; 1209 int vcpu; 1210 1211 mask = vcpus_active; 1212 while (!CPU_EMPTY(&mask)) { 1213 vcpu = CPU_FFS(&mask) - 1; 1214 CPU_CLR(vcpu, &mask); 1215 if (vm_set_capability(ctx, vcpu, VM_CAP_BPT_EXIT, 1216 enable ? 1 : 0) < 0) 1217 return (false); 1218 debug("$vCPU %d %sabled breakpoint exits\n", vcpu, 1219 enable ? "en" : "dis"); 1220 } 1221 return (true); 1222 } 1223 1224 static void 1225 remove_all_sw_breakpoints(void) 1226 { 1227 struct breakpoint *bp, *nbp; 1228 uint8_t *cp; 1229 1230 if (TAILQ_EMPTY(&breakpoints)) 1231 return; 1232 1233 TAILQ_FOREACH_SAFE(bp, &breakpoints, link, nbp) { 1234 debug("remove breakpoint at %#lx\n", bp->gpa); 1235 cp = paddr_guest2host(ctx, bp->gpa, 1); 1236 *cp = bp->shadow_inst; 1237 TAILQ_REMOVE(&breakpoints, bp, link); 1238 free(bp); 1239 } 1240 TAILQ_INIT(&breakpoints); 1241 set_breakpoint_caps(false); 1242 } 1243 1244 static void 1245 update_sw_breakpoint(uint64_t gva, int kind, bool insert) 1246 { 1247 struct breakpoint *bp; 1248 uint64_t gpa; 1249 uint8_t *cp; 1250 int error; 1251 1252 if (kind != 1) { 1253 send_error(EINVAL); 1254 return; 1255 } 1256 1257 error = guest_vaddr2paddr(cur_vcpu, gva, &gpa); 1258 if (error == -1) { 1259 send_error(errno); 1260 return; 1261 } 1262 if (error == 0) { 1263 send_error(EFAULT); 1264 return; 1265 } 1266 1267 cp = paddr_guest2host(ctx, gpa, 1); 1268 1269 /* Only permit breakpoints in guest RAM. */ 1270 if (cp == NULL) { 1271 send_error(EFAULT); 1272 return; 1273 } 1274 1275 /* Find any existing breakpoint. */ 1276 bp = find_breakpoint(gpa); 1277 1278 /* 1279 * Silently ignore duplicate commands since the protocol 1280 * requires these packets to be idempotent. 1281 */ 1282 if (insert) { 1283 if (bp == NULL) { 1284 if (TAILQ_EMPTY(&breakpoints) && 1285 !set_breakpoint_caps(true)) { 1286 send_empty_response(); 1287 return; 1288 } 1289 bp = malloc(sizeof(*bp)); 1290 bp->gpa = gpa; 1291 bp->shadow_inst = *cp; 1292 *cp = 0xcc; /* INT 3 */ 1293 TAILQ_INSERT_TAIL(&breakpoints, bp, link); 1294 debug("new breakpoint at %#lx\n", gpa); 1295 } 1296 } else { 1297 if (bp != NULL) { 1298 debug("remove breakpoint at %#lx\n", gpa); 1299 *cp = bp->shadow_inst; 1300 TAILQ_REMOVE(&breakpoints, bp, link); 1301 free(bp); 1302 if (TAILQ_EMPTY(&breakpoints)) 1303 set_breakpoint_caps(false); 1304 } 1305 } 1306 send_ok(); 1307 } 1308 1309 static void 1310 parse_breakpoint(const uint8_t *data, size_t len) 1311 { 1312 uint64_t gva; 1313 uint8_t *cp; 1314 bool insert; 1315 int kind, type; 1316 1317 insert = data[0] == 'Z'; 1318 1319 /* Skip 'Z/z' */ 1320 data += 1; 1321 len -= 1; 1322 1323 /* Parse and consume type. */ 1324 cp = memchr(data, ',', len); 1325 if (cp == NULL || cp == data) { 1326 send_error(EINVAL); 1327 return; 1328 } 1329 type = parse_integer(data, cp - data); 1330 len -= (cp - data) + 1; 1331 data += (cp - data) + 1; 1332 1333 /* Parse and consume address. */ 1334 cp = memchr(data, ',', len); 1335 if (cp == NULL || cp == data) { 1336 send_error(EINVAL); 1337 return; 1338 } 1339 gva = parse_integer(data, cp - data); 1340 len -= (cp - data) + 1; 1341 data += (cp - data) + 1; 1342 1343 /* Parse and consume kind. */ 1344 cp = memchr(data, ';', len); 1345 if (cp == data) { 1346 send_error(EINVAL); 1347 return; 1348 } 1349 if (cp != NULL) { 1350 /* 1351 * We do not advertise support for either the 1352 * ConditionalBreakpoints or BreakpointCommands 1353 * features, so we should not be getting conditions or 1354 * commands from the remote end. 1355 */ 1356 send_empty_response(); 1357 return; 1358 } 1359 kind = parse_integer(data, len); 1360 data += len; 1361 len = 0; 1362 1363 switch (type) { 1364 case 0: 1365 update_sw_breakpoint(gva, kind, insert); 1366 break; 1367 default: 1368 send_empty_response(); 1369 break; 1370 } 1371 } 1372 1373 static bool 1374 command_equals(const uint8_t *data, size_t len, const char *cmd) 1375 { 1376 1377 if (strlen(cmd) > len) 1378 return (false); 1379 return (memcmp(data, cmd, strlen(cmd)) == 0); 1380 } 1381 1382 static void 1383 check_features(const uint8_t *data, size_t len) 1384 { 1385 char *feature, *next_feature, *str, *value; 1386 bool supported; 1387 1388 str = malloc(len + 1); 1389 memcpy(str, data, len); 1390 str[len] = '\0'; 1391 next_feature = str; 1392 1393 while ((feature = strsep(&next_feature, ";")) != NULL) { 1394 /* 1395 * Null features shouldn't exist, but skip if they 1396 * do. 1397 */ 1398 if (strcmp(feature, "") == 0) 1399 continue; 1400 1401 /* 1402 * Look for the value or supported / not supported 1403 * flag. 1404 */ 1405 value = strchr(feature, '='); 1406 if (value != NULL) { 1407 *value = '\0'; 1408 value++; 1409 supported = true; 1410 } else { 1411 value = feature + strlen(feature) - 1; 1412 switch (*value) { 1413 case '+': 1414 supported = true; 1415 break; 1416 case '-': 1417 supported = false; 1418 break; 1419 default: 1420 /* 1421 * This is really a protocol error, 1422 * but we just ignore malformed 1423 * features for ease of 1424 * implementation. 1425 */ 1426 continue; 1427 } 1428 value = NULL; 1429 } 1430 1431 if (strcmp(feature, "swbreak") == 0) 1432 swbreak_enabled = supported; 1433 1434 #ifndef __FreeBSD__ 1435 /* 1436 * The compiler dislikes 'supported' being set but never used. 1437 * Make it happy here. 1438 */ 1439 if (supported) { 1440 debug("feature '%s' supported\n", feature); 1441 } 1442 #endif /* __FreeBSD__ */ 1443 } 1444 free(str); 1445 1446 start_packet(); 1447 1448 /* This is an arbitrary limit. */ 1449 append_string("PacketSize=4096"); 1450 append_string(";swbreak+"); 1451 finish_packet(); 1452 } 1453 1454 static void 1455 gdb_query(const uint8_t *data, size_t len) 1456 { 1457 1458 /* 1459 * TODO: 1460 * - qSearch 1461 */ 1462 if (command_equals(data, len, "qAttached")) { 1463 start_packet(); 1464 append_char('1'); 1465 finish_packet(); 1466 } else if (command_equals(data, len, "qC")) { 1467 start_packet(); 1468 append_string("QC"); 1469 append_integer(cur_vcpu + 1); 1470 finish_packet(); 1471 } else if (command_equals(data, len, "qfThreadInfo")) { 1472 cpuset_t mask; 1473 bool first; 1474 int vcpu; 1475 1476 if (CPU_EMPTY(&vcpus_active)) { 1477 send_error(EINVAL); 1478 return; 1479 } 1480 mask = vcpus_active; 1481 start_packet(); 1482 append_char('m'); 1483 first = true; 1484 while (!CPU_EMPTY(&mask)) { 1485 vcpu = CPU_FFS(&mask) - 1; 1486 CPU_CLR(vcpu, &mask); 1487 if (first) 1488 first = false; 1489 else 1490 append_char(','); 1491 append_integer(vcpu + 1); 1492 } 1493 finish_packet(); 1494 } else if (command_equals(data, len, "qsThreadInfo")) { 1495 start_packet(); 1496 append_char('l'); 1497 finish_packet(); 1498 } else if (command_equals(data, len, "qSupported")) { 1499 data += strlen("qSupported"); 1500 len -= strlen("qSupported"); 1501 check_features(data, len); 1502 } else if (command_equals(data, len, "qThreadExtraInfo")) { 1503 char buf[16]; 1504 int tid; 1505 1506 data += strlen("qThreadExtraInfo"); 1507 len -= strlen("qThreadExtraInfo"); 1508 if (*data != ',') { 1509 send_error(EINVAL); 1510 return; 1511 } 1512 tid = parse_threadid(data + 1, len - 1); 1513 if (tid <= 0 || !CPU_ISSET(tid - 1, &vcpus_active)) { 1514 send_error(EINVAL); 1515 return; 1516 } 1517 1518 snprintf(buf, sizeof(buf), "vCPU %d", tid - 1); 1519 start_packet(); 1520 append_asciihex(buf); 1521 finish_packet(); 1522 } else 1523 send_empty_response(); 1524 } 1525 1526 static void 1527 handle_command(const uint8_t *data, size_t len) 1528 { 1529 1530 /* Reject packets with a sequence-id. */ 1531 if (len >= 3 && data[0] >= '0' && data[0] <= '9' && 1532 data[0] >= '0' && data[0] <= '9' && data[2] == ':') { 1533 send_empty_response(); 1534 return; 1535 } 1536 1537 switch (*data) { 1538 case 'c': 1539 if (len != 1) { 1540 send_error(EINVAL); 1541 break; 1542 } 1543 1544 discard_stop(); 1545 gdb_resume_vcpus(); 1546 break; 1547 case 'D': 1548 send_ok(); 1549 1550 /* TODO: Resume any stopped CPUs. */ 1551 break; 1552 case 'g': { 1553 gdb_read_regs(); 1554 break; 1555 } 1556 case 'H': { 1557 int tid; 1558 1559 if (data[1] != 'g' && data[1] != 'c') { 1560 send_error(EINVAL); 1561 break; 1562 } 1563 tid = parse_threadid(data + 2, len - 2); 1564 if (tid == -2) { 1565 send_error(EINVAL); 1566 break; 1567 } 1568 1569 if (CPU_EMPTY(&vcpus_active)) { 1570 send_error(EINVAL); 1571 break; 1572 } 1573 if (tid == -1 || tid == 0) 1574 cur_vcpu = CPU_FFS(&vcpus_active) - 1; 1575 else if (CPU_ISSET(tid - 1, &vcpus_active)) 1576 cur_vcpu = tid - 1; 1577 else { 1578 send_error(EINVAL); 1579 break; 1580 } 1581 send_ok(); 1582 break; 1583 } 1584 case 'm': 1585 gdb_read_mem(data, len); 1586 break; 1587 case 'M': 1588 gdb_write_mem(data, len); 1589 break; 1590 case 'T': { 1591 int tid; 1592 1593 tid = parse_threadid(data + 1, len - 1); 1594 if (tid <= 0 || !CPU_ISSET(tid - 1, &vcpus_active)) { 1595 send_error(EINVAL); 1596 return; 1597 } 1598 send_ok(); 1599 break; 1600 } 1601 case 'q': 1602 gdb_query(data, len); 1603 break; 1604 case 's': 1605 if (len != 1) { 1606 send_error(EINVAL); 1607 break; 1608 } 1609 1610 /* Don't send a reply until a stop occurs. */ 1611 if (!gdb_step_vcpu(cur_vcpu)) { 1612 send_error(EOPNOTSUPP); 1613 break; 1614 } 1615 break; 1616 case 'z': 1617 case 'Z': 1618 parse_breakpoint(data, len); 1619 break; 1620 case '?': 1621 report_stop(false); 1622 break; 1623 case 'G': /* TODO */ 1624 case 'v': 1625 /* Handle 'vCont' */ 1626 /* 'vCtrlC' */ 1627 case 'p': /* TODO */ 1628 case 'P': /* TODO */ 1629 case 'Q': /* TODO */ 1630 case 't': /* TODO */ 1631 case 'X': /* TODO */ 1632 default: 1633 send_empty_response(); 1634 } 1635 } 1636 1637 /* Check for a valid packet in the command buffer. */ 1638 static void 1639 check_command(int fd) 1640 { 1641 uint8_t *head, *hash, *p, sum; 1642 size_t avail, plen; 1643 1644 for (;;) { 1645 avail = cur_comm.len; 1646 if (avail == 0) 1647 return; 1648 head = io_buffer_head(&cur_comm); 1649 switch (*head) { 1650 case 0x03: 1651 debug("<- Ctrl-C\n"); 1652 io_buffer_consume(&cur_comm, 1); 1653 1654 gdb_suspend_vcpus(); 1655 break; 1656 case '+': 1657 /* ACK of previous response. */ 1658 debug("<- +\n"); 1659 if (response_pending()) 1660 io_buffer_reset(&cur_resp); 1661 io_buffer_consume(&cur_comm, 1); 1662 if (stopped_vcpu != -1 && report_next_stop) { 1663 report_stop(true); 1664 send_pending_data(fd); 1665 } 1666 break; 1667 case '-': 1668 /* NACK of previous response. */ 1669 debug("<- -\n"); 1670 if (response_pending()) { 1671 cur_resp.len += cur_resp.start; 1672 cur_resp.start = 0; 1673 if (cur_resp.data[0] == '+') 1674 io_buffer_advance(&cur_resp, 1); 1675 debug("-> %.*s\n", (int)cur_resp.len, 1676 io_buffer_head(&cur_resp)); 1677 } 1678 io_buffer_consume(&cur_comm, 1); 1679 send_pending_data(fd); 1680 break; 1681 case '$': 1682 /* Packet. */ 1683 1684 if (response_pending()) { 1685 warnx("New GDB command while response in " 1686 "progress"); 1687 io_buffer_reset(&cur_resp); 1688 } 1689 1690 /* Is packet complete? */ 1691 hash = memchr(head, '#', avail); 1692 if (hash == NULL) 1693 return; 1694 plen = (hash - head + 1) + 2; 1695 if (avail < plen) 1696 return; 1697 debug("<- %.*s\n", (int)plen, head); 1698 1699 /* Verify checksum. */ 1700 for (sum = 0, p = head + 1; p < hash; p++) 1701 sum += *p; 1702 if (sum != parse_byte(hash + 1)) { 1703 io_buffer_consume(&cur_comm, plen); 1704 debug("-> -\n"); 1705 send_char('-'); 1706 send_pending_data(fd); 1707 break; 1708 } 1709 send_char('+'); 1710 1711 handle_command(head + 1, hash - (head + 1)); 1712 io_buffer_consume(&cur_comm, plen); 1713 if (!response_pending()) { 1714 debug("-> +\n"); 1715 } 1716 send_pending_data(fd); 1717 break; 1718 default: 1719 /* XXX: Possibly drop connection instead. */ 1720 debug("-> %02x\n", *head); 1721 io_buffer_consume(&cur_comm, 1); 1722 break; 1723 } 1724 } 1725 } 1726 1727 static void 1728 gdb_readable(int fd, enum ev_type event, void *arg) 1729 { 1730 ssize_t nread; 1731 int pending; 1732 1733 if (ioctl(fd, FIONREAD, &pending) == -1) { 1734 warn("FIONREAD on GDB socket"); 1735 return; 1736 } 1737 1738 /* 1739 * 'pending' might be zero due to EOF. We need to call read 1740 * with a non-zero length to detect EOF. 1741 */ 1742 if (pending == 0) 1743 pending = 1; 1744 1745 /* Ensure there is room in the command buffer. */ 1746 io_buffer_grow(&cur_comm, pending); 1747 assert(io_buffer_avail(&cur_comm) >= pending); 1748 1749 nread = read(fd, io_buffer_tail(&cur_comm), io_buffer_avail(&cur_comm)); 1750 if (nread == 0) { 1751 close_connection(); 1752 } else if (nread == -1) { 1753 if (errno == EAGAIN) 1754 return; 1755 1756 warn("Read from GDB socket"); 1757 close_connection(); 1758 } else { 1759 cur_comm.len += nread; 1760 pthread_mutex_lock(&gdb_lock); 1761 check_command(fd); 1762 pthread_mutex_unlock(&gdb_lock); 1763 } 1764 } 1765 1766 static void 1767 gdb_writable(int fd, enum ev_type event, void *arg) 1768 { 1769 1770 send_pending_data(fd); 1771 } 1772 1773 static void 1774 new_connection(int fd, enum ev_type event, void *arg) 1775 { 1776 int optval, s; 1777 1778 s = accept4(fd, NULL, NULL, SOCK_NONBLOCK); 1779 if (s == -1) { 1780 if (arg != NULL) 1781 err(1, "Failed accepting initial GDB connection"); 1782 1783 /* Silently ignore errors post-startup. */ 1784 return; 1785 } 1786 1787 optval = 1; 1788 if (setsockopt(s, SOL_SOCKET, SO_NOSIGPIPE, &optval, sizeof(optval)) == 1789 -1) { 1790 warn("Failed to disable SIGPIPE for GDB connection"); 1791 close(s); 1792 return; 1793 } 1794 1795 pthread_mutex_lock(&gdb_lock); 1796 if (cur_fd != -1) { 1797 close(s); 1798 warnx("Ignoring additional GDB connection."); 1799 } 1800 1801 read_event = mevent_add(s, EVF_READ, gdb_readable, NULL); 1802 if (read_event == NULL) { 1803 if (arg != NULL) 1804 err(1, "Failed to setup initial GDB connection"); 1805 pthread_mutex_unlock(&gdb_lock); 1806 return; 1807 } 1808 write_event = mevent_add(s, EVF_WRITE, gdb_writable, NULL); 1809 if (write_event == NULL) { 1810 if (arg != NULL) 1811 err(1, "Failed to setup initial GDB connection"); 1812 mevent_delete_close(read_event); 1813 read_event = NULL; 1814 } 1815 1816 cur_fd = s; 1817 cur_vcpu = 0; 1818 stopped_vcpu = -1; 1819 1820 /* Break on attach. */ 1821 first_stop = true; 1822 report_next_stop = false; 1823 gdb_suspend_vcpus(); 1824 pthread_mutex_unlock(&gdb_lock); 1825 } 1826 1827 #ifndef WITHOUT_CAPSICUM 1828 void 1829 limit_gdb_socket(int s) 1830 { 1831 cap_rights_t rights; 1832 unsigned long ioctls[] = { FIONREAD }; 1833 1834 cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE, 1835 CAP_SETSOCKOPT, CAP_IOCTL); 1836 if (caph_rights_limit(s, &rights) == -1) 1837 errx(EX_OSERR, "Unable to apply rights for sandbox"); 1838 if (caph_ioctls_limit(s, ioctls, nitems(ioctls)) == -1) 1839 errx(EX_OSERR, "Unable to apply rights for sandbox"); 1840 } 1841 #endif 1842 1843 1844 #ifndef __FreeBSD__ 1845 /* 1846 * Equivalent to init_gdb() below, but without configuring the listening socket. 1847 * This will allow the bhyve process to tolerate mdb attaching/detaching from 1848 * the instance while it is running. 1849 */ 1850 void 1851 init_mdb(struct vmctx *_ctx, bool wait) 1852 { 1853 int error; 1854 1855 error = pthread_mutex_init(&gdb_lock, NULL); 1856 if (error != 0) 1857 errc(1, error, "gdb mutex init"); 1858 error = pthread_cond_init(&idle_vcpus, NULL); 1859 if (error != 0) 1860 errc(1, error, "gdb cv init"); 1861 1862 ctx = _ctx; 1863 stopped_vcpu = -1; 1864 TAILQ_INIT(&breakpoints); 1865 vcpu_state = calloc(guest_ncpus, sizeof(*vcpu_state)); 1866 if (wait) { 1867 /* 1868 * Set vcpu 0 in vcpus_suspended. This will trigger the 1869 * logic in gdb_cpu_add() to suspend the first vcpu before 1870 * it starts execution. The vcpu will remain suspended 1871 * until a debugger connects. 1872 */ 1873 CPU_SET(0, &vcpus_suspended); 1874 stopped_vcpu = 0; 1875 } 1876 } 1877 #endif 1878 1879 void 1880 init_gdb(struct vmctx *_ctx, int sport, bool wait) 1881 { 1882 struct sockaddr_in sin; 1883 int error, flags, s; 1884 1885 debug("==> starting on %d, %swaiting\n", sport, wait ? "" : "not "); 1886 1887 error = pthread_mutex_init(&gdb_lock, NULL); 1888 if (error != 0) 1889 errc(1, error, "gdb mutex init"); 1890 error = pthread_cond_init(&idle_vcpus, NULL); 1891 if (error != 0) 1892 errc(1, error, "gdb cv init"); 1893 1894 ctx = _ctx; 1895 s = socket(PF_INET, SOCK_STREAM, 0); 1896 if (s < 0) 1897 err(1, "gdb socket create"); 1898 1899 #ifdef __FreeBSD__ 1900 sin.sin_len = sizeof(sin); 1901 #endif 1902 sin.sin_family = AF_INET; 1903 sin.sin_addr.s_addr = htonl(INADDR_ANY); 1904 sin.sin_port = htons(sport); 1905 1906 if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) < 0) 1907 err(1, "gdb socket bind"); 1908 1909 if (listen(s, 1) < 0) 1910 err(1, "gdb socket listen"); 1911 1912 stopped_vcpu = -1; 1913 TAILQ_INIT(&breakpoints); 1914 vcpu_state = calloc(guest_ncpus, sizeof(*vcpu_state)); 1915 if (wait) { 1916 /* 1917 * Set vcpu 0 in vcpus_suspended. This will trigger the 1918 * logic in gdb_cpu_add() to suspend the first vcpu before 1919 * it starts execution. The vcpu will remain suspended 1920 * until a debugger connects. 1921 */ 1922 CPU_SET(0, &vcpus_suspended); 1923 stopped_vcpu = 0; 1924 } 1925 1926 flags = fcntl(s, F_GETFL); 1927 if (fcntl(s, F_SETFL, flags | O_NONBLOCK) == -1) 1928 err(1, "Failed to mark gdb socket non-blocking"); 1929 1930 #ifndef WITHOUT_CAPSICUM 1931 limit_gdb_socket(s); 1932 #endif 1933 mevent_add(s, EVF_READ, new_connection, NULL); 1934 } 1935