CoCalc -- gdb.c

GitHub Repository: freebsd/freebsd-src
Path: blob/main/usr.sbin/bhyve/gdb.c
¹⁰⁵⁶⁴⁴ views
1
/*-
2
 * SPDX-License-Identifier: BSD-2-Clause
3
 *
4
 * Copyright (c) 2017-2018 John H. Baldwin <[email protected]>
5
 *
6
 * Redistribution and use in source and binary forms, with or without
7
 * modification, are permitted provided that the following conditions
8
 * are met:
9
 * 1. Redistributions of source code must retain the above copyright
10
 *    notice, this list of conditions and the following disclaimer.
11
 * 2. Redistributions in binary form must reproduce the above copyright
12
 *    notice, this list of conditions and the following disclaimer in the
13
 *    documentation and/or other materials provided with the distribution.
14
 *
15
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25
 * SUCH DAMAGE.
26
 */
27

28
#include <sys/param.h>
29
#ifndef WITHOUT_CAPSICUM
30
#include <sys/capsicum.h>
31
#endif
32
#include <sys/endian.h>
33
#include <sys/ioctl.h>
34
#include <sys/mman.h>
35
#include <sys/queue.h>
36
#include <sys/socket.h>
37
#include <sys/stat.h>
38

39
#ifdef __aarch64__
40
#include <machine/armreg.h>
41
#endif
42
#include <machine/atomic.h>
43
#ifdef __amd64__
44
#include <machine/specialreg.h>
45
#endif
46
#include <machine/vmm.h>
47

48
#include <netinet/in.h>
49

50
#include <assert.h>
51
#ifndef WITHOUT_CAPSICUM
52
#include <capsicum_helpers.h>
53
#endif
54
#include <err.h>
55
#include <errno.h>
56
#include <fcntl.h>
57
#include <netdb.h>
58
#include <pthread.h>
59
#include <pthread_np.h>
60
#include <stdbool.h>
61
#include <stdio.h>
62
#include <stdlib.h>
63
#include <string.h>
64
#include <sysexits.h>
65
#include <unistd.h>
66
#include <vmmapi.h>
67

68
#include "bhyverun.h"
69
#include "config.h"
70
#include "debug.h"
71
#include "gdb.h"
72
#include "mem.h"
73
#include "mevent.h"
74

75
#define	_PATH_GDB_XML		"/usr/share/bhyve/gdb"
76

77
/*
78
 * GDB_SIGNAL_* numbers are part of the GDB remote protocol.  Most stops
79
 * use SIGTRAP.
80
 */
81
#define	GDB_SIGNAL_TRAP		5
82

83
#if defined(__amd64__)
84
#define	GDB_BP_SIZE		1
85
#define	GDB_BP_INSTR		(uint8_t []){0xcc}
86
#define	GDB_PC_REGNAME		VM_REG_GUEST_RIP
87
#define	GDB_BREAKPOINT_CAP	VM_CAP_BPT_EXIT
88
#elif defined(__aarch64__)
89
#define	GDB_BP_SIZE		4
90
#define	GDB_BP_INSTR		(uint8_t []){0x00, 0x00, 0x20, 0xd4}
91
#define	GDB_PC_REGNAME		VM_REG_GUEST_PC
92
#define	GDB_BREAKPOINT_CAP	VM_CAP_BRK_EXIT
93
#else
94
#error "Unsupported architecture"
95
#endif
96

97
_Static_assert(sizeof(GDB_BP_INSTR) == GDB_BP_SIZE,
98
    "GDB_BP_INSTR has wrong size");
99

100
static void gdb_resume_vcpus(void);
101
static void check_command(int fd);
102

103
static struct mevent *read_event, *write_event;
104

105
static cpuset_t vcpus_active, vcpus_suspended, vcpus_waiting;
106
static pthread_mutex_t gdb_lock;
107
static pthread_cond_t idle_vcpus;
108
static bool first_stop, report_next_stop, swbreak_enabled;
109
static int xml_dfd = -1;
110

111
/*
112
 * An I/O buffer contains 'capacity' bytes of room at 'data'.  For a
113
 * read buffer, 'start' is unused and 'len' contains the number of
114
 * valid bytes in the buffer.  For a write buffer, 'start' is set to
115
 * the index of the next byte in 'data' to send, and 'len' contains
116
 * the remaining number of valid bytes to send.
117
 */
118
struct io_buffer {
119
	uint8_t *data;
120
	size_t capacity;
121
	size_t start;
122
	size_t len;
123
};
124

125
struct breakpoint {
126
	uint64_t gpa;
127
	uint8_t shadow_inst[GDB_BP_SIZE];
128
	TAILQ_ENTRY(breakpoint) link;
129
};
130

131
/*
132
 * When a vCPU stops to due to an event that should be reported to the
133
 * debugger, information about the event is stored in this structure.
134
 * The vCPU thread then sets 'stopped_vcpu' if it is not already set
135
 * and stops other vCPUs so the event can be reported.  The
136
 * report_stop() function reports the event for the 'stopped_vcpu'
137
 * vCPU.  When the debugger resumes execution via continue or step,
138
 * the event for 'stopped_vcpu' is cleared.  vCPUs will loop in their
139
 * event handlers until the associated event is reported or disabled.
140
 *
141
 * An idle vCPU will have all of the boolean fields set to false.
142
 *
143
 * When a vCPU is stepped, 'stepping' is set to true when the vCPU is
144
 * released to execute the stepped instruction.  When the vCPU reports
145
 * the stepping trap, 'stepped' is set.
146
 *
147
 * When a vCPU hits a breakpoint set by the debug server,
148
 * 'hit_swbreak' is set to true.
149
 */
150
struct vcpu_state {
151
	bool stepping;
152
	bool stepped;
153
	bool hit_swbreak;
154
};
155

156
static struct io_buffer cur_comm, cur_resp;
157
static uint8_t cur_csum;
158
static struct vmctx *ctx;
159
static int cur_fd = -1;
160
static TAILQ_HEAD(, breakpoint) breakpoints;
161
static struct vcpu_state *vcpu_state;
162
static struct vcpu **vcpus;
163
static int cur_vcpu, stopped_vcpu;
164
static bool gdb_active = false;
165

166
struct gdb_reg {
167
	enum vm_reg_name id;
168
	int size;
169
};
170

171
#ifdef __amd64__
172
static const struct gdb_reg gdb_regset[] = {
173
	{ .id = VM_REG_GUEST_RAX, .size = 8 },
174
	{ .id = VM_REG_GUEST_RBX, .size = 8 },
175
	{ .id = VM_REG_GUEST_RCX, .size = 8 },
176
	{ .id = VM_REG_GUEST_RDX, .size = 8 },
177
	{ .id = VM_REG_GUEST_RSI, .size = 8 },
178
	{ .id = VM_REG_GUEST_RDI, .size = 8 },
179
	{ .id = VM_REG_GUEST_RBP, .size = 8 },
180
	{ .id = VM_REG_GUEST_RSP, .size = 8 },
181
	{ .id = VM_REG_GUEST_R8, .size = 8 },
182
	{ .id = VM_REG_GUEST_R9, .size = 8 },
183
	{ .id = VM_REG_GUEST_R10, .size = 8 },
184
	{ .id = VM_REG_GUEST_R11, .size = 8 },
185
	{ .id = VM_REG_GUEST_R12, .size = 8 },
186
	{ .id = VM_REG_GUEST_R13, .size = 8 },
187
	{ .id = VM_REG_GUEST_R14, .size = 8 },
188
	{ .id = VM_REG_GUEST_R15, .size = 8 },
189
	{ .id = VM_REG_GUEST_RIP, .size = 8 },
190
	{ .id = VM_REG_GUEST_RFLAGS, .size = 4 },
191
	{ .id = VM_REG_GUEST_CS, .size = 4 },
192
	{ .id = VM_REG_GUEST_SS, .size = 4 },
193
	{ .id = VM_REG_GUEST_DS, .size = 4 },
194
	{ .id = VM_REG_GUEST_ES, .size = 4 },
195
	{ .id = VM_REG_GUEST_FS, .size = 4 },
196
	{ .id = VM_REG_GUEST_GS, .size = 4 },
197
	/*
198
	 * Registers past this point are not included in a reply to a 'g' query,
199
	 * to provide compatibility with debuggers that do not fetch a target
200
	 * description.  The debugger can query them individually with 'p' if it
201
	 * knows about them.
202
	 */
203
#define	GDB_REG_FIRST_EXT	VM_REG_GUEST_FS_BASE
204
	{ .id = VM_REG_GUEST_FS_BASE, .size = 8 },
205
	{ .id = VM_REG_GUEST_GS_BASE, .size = 8 },
206
	{ .id = VM_REG_GUEST_KGS_BASE, .size = 8 },
207
	{ .id = VM_REG_GUEST_CR0, .size = 8 },
208
	{ .id = VM_REG_GUEST_CR2, .size = 8 },
209
	{ .id = VM_REG_GUEST_CR3, .size = 8 },
210
	{ .id = VM_REG_GUEST_CR4, .size = 8 },
211
	{ .id = VM_REG_GUEST_TPR, .size = 8 },
212
	{ .id = VM_REG_GUEST_EFER, .size = 8 },
213
};
214
#else /* __aarch64__ */
215
static const struct gdb_reg gdb_regset[] = {
216
	{ .id = VM_REG_GUEST_X0, .size = 8 },
217
	{ .id = VM_REG_GUEST_X1, .size = 8 },
218
	{ .id = VM_REG_GUEST_X2, .size = 8 },
219
	{ .id = VM_REG_GUEST_X3, .size = 8 },
220
	{ .id = VM_REG_GUEST_X4, .size = 8 },
221
	{ .id = VM_REG_GUEST_X5, .size = 8 },
222
	{ .id = VM_REG_GUEST_X6, .size = 8 },
223
	{ .id = VM_REG_GUEST_X7, .size = 8 },
224
	{ .id = VM_REG_GUEST_X8, .size = 8 },
225
	{ .id = VM_REG_GUEST_X9, .size = 8 },
226
	{ .id = VM_REG_GUEST_X10, .size = 8 },
227
	{ .id = VM_REG_GUEST_X11, .size = 8 },
228
	{ .id = VM_REG_GUEST_X12, .size = 8 },
229
	{ .id = VM_REG_GUEST_X13, .size = 8 },
230
	{ .id = VM_REG_GUEST_X14, .size = 8 },
231
	{ .id = VM_REG_GUEST_X15, .size = 8 },
232
	{ .id = VM_REG_GUEST_X16, .size = 8 },
233
	{ .id = VM_REG_GUEST_X17, .size = 8 },
234
	{ .id = VM_REG_GUEST_X18, .size = 8 },
235
	{ .id = VM_REG_GUEST_X19, .size = 8 },
236
	{ .id = VM_REG_GUEST_X20, .size = 8 },
237
	{ .id = VM_REG_GUEST_X21, .size = 8 },
238
	{ .id = VM_REG_GUEST_X22, .size = 8 },
239
	{ .id = VM_REG_GUEST_X23, .size = 8 },
240
	{ .id = VM_REG_GUEST_X24, .size = 8 },
241
	{ .id = VM_REG_GUEST_X25, .size = 8 },
242
	{ .id = VM_REG_GUEST_X26, .size = 8 },
243
	{ .id = VM_REG_GUEST_X27, .size = 8 },
244
	{ .id = VM_REG_GUEST_X28, .size = 8 },
245
	{ .id = VM_REG_GUEST_X29, .size = 8 },
246
	{ .id = VM_REG_GUEST_LR, .size = 8 },
247
	{ .id = VM_REG_GUEST_SP, .size = 8 },
248
	{ .id = VM_REG_GUEST_PC, .size = 8 },
249
	{ .id = VM_REG_GUEST_CPSR, .size = 8 },
250
};
251
#endif
252

253
#ifdef GDB_LOG
254
#include <stdarg.h>
255
#include <stdio.h>
256

257
static void __printflike(1, 2)
258
debug(const char *fmt, ...)
259
{
260
	static FILE *logfile;
261
	va_list ap;
262

263
	if (logfile == NULL) {
264
		logfile = fopen("/tmp/bhyve_gdb.log", "w");
265
		if (logfile == NULL)
266
			return;
267
#ifndef WITHOUT_CAPSICUM
268
		if (caph_limit_stream(fileno(logfile), CAPH_WRITE) == -1) {
269
			fclose(logfile);
270
			logfile = NULL;
271
			return;
272
		}
273
#endif
274
		setlinebuf(logfile);
275
	}
276
	va_start(ap, fmt);
277
	vfprintf(logfile, fmt, ap);
278
	va_end(ap);
279
}
280
#else
281
#define debug(...)
282
#endif
283

284
static void	remove_all_sw_breakpoints(void);
285

286
static int
287
guest_paging_info(struct vcpu *vcpu, struct vm_guest_paging *paging)
288
{
289
#ifdef __amd64__
290
	uint64_t regs[4];
291
	const int regset[4] = {
292
		VM_REG_GUEST_CR0,
293
		VM_REG_GUEST_CR3,
294
		VM_REG_GUEST_CR4,
295
		VM_REG_GUEST_EFER
296
	};
297

298
	if (vm_get_register_set(vcpu, nitems(regset), regset, regs) == -1)
299
		return (-1);
300

301
	/*
302
	 * For the debugger, always pretend to be the kernel (CPL 0),
303
	 * and if long-mode is enabled, always parse addresses as if
304
	 * in 64-bit mode.
305
	 */
306
	paging->cr3 = regs[1];
307
	paging->cpl = 0;
308
	if (regs[3] & EFER_LMA)
309
		paging->cpu_mode = CPU_MODE_64BIT;
310
	else if (regs[0] & CR0_PE)
311
		paging->cpu_mode = CPU_MODE_PROTECTED;
312
	else
313
		paging->cpu_mode = CPU_MODE_REAL;
314
	if (!(regs[0] & CR0_PG))
315
		paging->paging_mode = PAGING_MODE_FLAT;
316
	else if (!(regs[2] & CR4_PAE))
317
		paging->paging_mode = PAGING_MODE_32;
318
	else if (regs[3] & EFER_LME)
319
		paging->paging_mode = (regs[2] & CR4_LA57) ?
320
		    PAGING_MODE_64_LA57 :  PAGING_MODE_64;
321
	else
322
		paging->paging_mode = PAGING_MODE_PAE;
323
	return (0);
324
#else /* __aarch64__ */
325
	uint64_t regs[6];
326
	const int regset[6] = {
327
		VM_REG_GUEST_TTBR0_EL1,
328
		VM_REG_GUEST_TTBR1_EL1,
329
		VM_REG_GUEST_TCR_EL1,
330
		VM_REG_GUEST_TCR2_EL1,
331
		VM_REG_GUEST_SCTLR_EL1,
332
		VM_REG_GUEST_CPSR,
333
	};
334

335
	if (vm_get_register_set(vcpu, nitems(regset), regset, regs) == -1)
336
		return (-1);
337

338
	memset(paging, 0, sizeof(*paging));
339
	paging->ttbr0_addr = regs[0] & ~(TTBR_ASID_MASK | TTBR_CnP);
340
	paging->ttbr1_addr = regs[1] & ~(TTBR_ASID_MASK | TTBR_CnP);
341
	paging->tcr_el1 = regs[2];
342
	paging->tcr2_el1 = regs[3];
343
	paging->flags = regs[5] & (PSR_M_MASK | PSR_M_32);
344
	if ((regs[4] & SCTLR_M) != 0)
345
		paging->flags |= VM_GP_MMU_ENABLED;
346

347
	return (0);
348
#endif /* __aarch64__ */
349
}
350

351
/*
352
 * Map a guest virtual address to a physical address (for a given vcpu).
353
 * If a guest virtual address is valid, return 1.  If the address is
354
 * not valid, return 0.  If an error occurs obtaining the mapping,
355
 * return -1.
356
 */
357
static int
358
guest_vaddr2paddr(struct vcpu *vcpu, uint64_t vaddr, uint64_t *paddr)
359
{
360
	struct vm_guest_paging paging;
361
	int fault;
362

363
	if (guest_paging_info(vcpu, &paging) == -1)
364
		return (-1);
365

366
	/*
367
	 * Always use PROT_READ.  We really care if the VA is
368
	 * accessible, not if the current vCPU can write.
369
	 */
370
	if (vm_gla2gpa_nofault(vcpu, &paging, vaddr, PROT_READ, paddr,
371
	    &fault) == -1)
372
		return (-1);
373
	if (fault)
374
		return (0);
375
	return (1);
376
}
377

378
static uint64_t
379
guest_pc(struct vm_exit *vme)
380
{
381
#ifdef __amd64__
382
	return (vme->rip);
383
#else /* __aarch64__ */
384
	return (vme->pc);
385
#endif
386
}
387

388
static void
389
io_buffer_reset(struct io_buffer *io)
390
{
391

392
	io->start = 0;
393
	io->len = 0;
394
}
395

396
/* Available room for adding data. */
397
static size_t
398
io_buffer_avail(struct io_buffer *io)
399
{
400

401
	return (io->capacity - (io->start + io->len));
402
}
403

404
static uint8_t *
405
io_buffer_head(struct io_buffer *io)
406
{
407

408
	return (io->data + io->start);
409
}
410

411
static uint8_t *
412
io_buffer_tail(struct io_buffer *io)
413
{
414

415
	return (io->data + io->start + io->len);
416
}
417

418
static void
419
io_buffer_advance(struct io_buffer *io, size_t amount)
420
{
421

422
	assert(amount <= io->len);
423
	io->start += amount;
424
	io->len -= amount;
425
}
426

427
static void
428
io_buffer_consume(struct io_buffer *io, size_t amount)
429
{
430

431
	io_buffer_advance(io, amount);
432
	if (io->len == 0) {
433
		io->start = 0;
434
		return;
435
	}
436

437
	/*
438
	 * XXX: Consider making this move optional and compacting on a
439
	 * future read() before realloc().
440
	 */
441
	memmove(io->data, io_buffer_head(io), io->len);
442
	io->start = 0;
443
}
444

445
static void
446
io_buffer_grow(struct io_buffer *io, size_t newsize)
447
{
448
	uint8_t *new_data;
449
	size_t avail, new_cap;
450

451
	avail = io_buffer_avail(io);
452
	if (newsize <= avail)
453
		return;
454

455
	new_cap = io->capacity + (newsize - avail);
456
	new_data = realloc(io->data, new_cap);
457
	if (new_data == NULL)
458
		err(1, "Failed to grow GDB I/O buffer");
459
	io->data = new_data;
460
	io->capacity = new_cap;
461
}
462

463
static bool
464
response_pending(void)
465
{
466

467
	if (cur_resp.start == 0 && cur_resp.len == 0)
468
		return (false);
469
	if (cur_resp.start + cur_resp.len == 1 && cur_resp.data[0] == '+')
470
		return (false);
471
	return (true);
472
}
473

474
static void
475
close_connection(void)
476
{
477

478
	/*
479
	 * XXX: This triggers a warning because mevent does the close
480
	 * before the EV_DELETE.
481
	 */
482
	pthread_mutex_lock(&gdb_lock);
483
	mevent_delete(write_event);
484
	mevent_delete_close(read_event);
485
	write_event = NULL;
486
	read_event = NULL;
487
	io_buffer_reset(&cur_comm);
488
	io_buffer_reset(&cur_resp);
489
	cur_fd = -1;
490

491
	remove_all_sw_breakpoints();
492

493
	/* Clear any pending events. */
494
	memset(vcpu_state, 0, guest_ncpus * sizeof(*vcpu_state));
495

496
	/* Resume any stopped vCPUs. */
497
	gdb_resume_vcpus();
498
	pthread_mutex_unlock(&gdb_lock);
499
}
500

501
static uint8_t
502
hex_digit(uint8_t nibble)
503
{
504

505
	if (nibble <= 9)
506
		return (nibble + '0');
507
	else
508
		return (nibble + 'a' - 10);
509
}
510

511
static uint8_t
512
parse_digit(uint8_t v)
513
{
514

515
	if (v >= '0' && v <= '9')
516
		return (v - '0');
517
	if (v >= 'a' && v <= 'f')
518
		return (v - 'a' + 10);
519
	if (v >= 'A' && v <= 'F')
520
		return (v - 'A' + 10);
521
	return (0xF);
522
}
523

524
/* Parses big-endian hexadecimal. */
525
static uintmax_t
526
parse_integer(const uint8_t *p, size_t len)
527
{
528
	uintmax_t v;
529

530
	v = 0;
531
	while (len > 0) {
532
		v <<= 4;
533
		v |= parse_digit(*p);
534
		p++;
535
		len--;
536
	}
537
	return (v);
538
}
539

540
static uint8_t
541
parse_byte(const uint8_t *p)
542
{
543

544
	return (parse_digit(p[0]) << 4 | parse_digit(p[1]));
545
}
546

547
static void
548
send_pending_data(int fd)
549
{
550
	ssize_t nwritten;
551

552
	if (cur_resp.len == 0) {
553
		mevent_disable(write_event);
554
		return;
555
	}
556
	nwritten = write(fd, io_buffer_head(&cur_resp), cur_resp.len);
557
	if (nwritten == -1) {
558
		warn("Write to GDB socket failed");
559
		close_connection();
560
	} else {
561
		io_buffer_advance(&cur_resp, nwritten);
562
		if (cur_resp.len == 0)
563
			mevent_disable(write_event);
564
		else
565
			mevent_enable(write_event);
566
	}
567
}
568

569
/* Append a single character to the output buffer. */
570
static void
571
send_char(uint8_t data)
572
{
573
	io_buffer_grow(&cur_resp, 1);
574
	*io_buffer_tail(&cur_resp) = data;
575
	cur_resp.len++;
576
}
577

578
/* Append an array of bytes to the output buffer. */
579
static void
580
send_data(const uint8_t *data, size_t len)
581
{
582

583
	io_buffer_grow(&cur_resp, len);
584
	memcpy(io_buffer_tail(&cur_resp), data, len);
585
	cur_resp.len += len;
586
}
587

588
static void
589
format_byte(uint8_t v, uint8_t *buf)
590
{
591

592
	buf[0] = hex_digit(v >> 4);
593
	buf[1] = hex_digit(v & 0xf);
594
}
595

596
/*
597
 * Append a single byte (formatted as two hex characters) to the
598
 * output buffer.
599
 */
600
static void
601
send_byte(uint8_t v)
602
{
603
	uint8_t buf[2];
604

605
	format_byte(v, buf);
606
	send_data(buf, sizeof(buf));
607
}
608

609
static void
610
start_packet(void)
611
{
612

613
	send_char('$');
614
	cur_csum = 0;
615
}
616

617
static void
618
finish_packet(void)
619
{
620

621
	send_char('#');
622
	send_byte(cur_csum);
623
	debug("-> %.*s\n", (int)cur_resp.len, io_buffer_head(&cur_resp));
624
}
625

626
/*
627
 * Append a single character (for the packet payload) and update the
628
 * checksum.
629
 */
630
static void
631
append_char(uint8_t v)
632
{
633

634
	send_char(v);
635
	cur_csum += v;
636
}
637

638
/*
639
 * Append an array of bytes (for the packet payload) and update the
640
 * checksum.
641
 */
642
static void
643
append_packet_data(const uint8_t *data, size_t len)
644
{
645

646
	send_data(data, len);
647
	while (len > 0) {
648
		cur_csum += *data;
649
		data++;
650
		len--;
651
	}
652
}
653

654
static void
655
append_binary_data(const uint8_t *data, size_t len)
656
{
657
	uint8_t buf[2];
658

659
	for (; len > 0; data++, len--) {
660
		switch (*data) {
661
		case '}':
662
		case '#':
663
		case '$':
664
		case '*':
665
			buf[0] = 0x7d;
666
			buf[1] = *data ^ 0x20;
667
			append_packet_data(buf, 2);
668
			break;
669
		default:
670
			append_packet_data(data, 1);
671
			break;
672
		}
673
	}
674
}
675

676
static void
677
append_string(const char *str)
678
{
679

680
	append_packet_data(str, strlen(str));
681
}
682

683
static void
684
append_byte(uint8_t v)
685
{
686
	uint8_t buf[2];
687

688
	format_byte(v, buf);
689
	append_packet_data(buf, sizeof(buf));
690
}
691

692
static void
693
append_unsigned_native(uintmax_t value, size_t len)
694
{
695
	size_t i;
696

697
	for (i = 0; i < len; i++) {
698
		append_byte(value);
699
		value >>= 8;
700
	}
701
}
702

703
static void
704
append_unsigned_be(uintmax_t value, size_t len)
705
{
706
	char buf[len * 2];
707
	size_t i;
708

709
	for (i = 0; i < len; i++) {
710
		format_byte(value, buf + (len - i - 1) * 2);
711
		value >>= 8;
712
	}
713
	append_packet_data(buf, sizeof(buf));
714
}
715

716
static void
717
append_integer(unsigned int value)
718
{
719

720
	if (value == 0)
721
		append_char('0');
722
	else
723
		append_unsigned_be(value, (fls(value) + 7) / 8);
724
}
725

726
static void
727
append_asciihex(const char *str)
728
{
729

730
	while (*str != '\0') {
731
		append_byte(*str);
732
		str++;
733
	}
734
}
735

736
static void
737
send_empty_response(void)
738
{
739

740
	start_packet();
741
	finish_packet();
742
}
743

744
static void
745
send_error(int error)
746
{
747

748
	start_packet();
749
	append_char('E');
750
	append_byte(error);
751
	finish_packet();
752
}
753

754
static void
755
send_ok(void)
756
{
757

758
	start_packet();
759
	append_string("OK");
760
	finish_packet();
761
}
762

763
static int
764
parse_threadid(const uint8_t *data, size_t len)
765
{
766

767
	if (len == 1 && *data == '0')
768
		return (0);
769
	if (len == 2 && memcmp(data, "-1", 2) == 0)
770
		return (-1);
771
	if (len == 0)
772
		return (-2);
773
	return (parse_integer(data, len));
774
}
775

776
/*
777
 * Report the current stop event to the debugger.  If the stop is due
778
 * to an event triggered on a specific vCPU such as a breakpoint or
779
 * stepping trap, stopped_vcpu will be set to the vCPU triggering the
780
 * stop.  If 'set_cur_vcpu' is true, then cur_vcpu will be updated to
781
 * the reporting vCPU for vCPU events.
782
 */
783
static void
784
report_stop(bool set_cur_vcpu)
785
{
786
	struct vcpu_state *vs;
787

788
	start_packet();
789
	if (stopped_vcpu == -1) {
790
		append_char('S');
791
		append_byte(GDB_SIGNAL_TRAP);
792
	} else {
793
		vs = &vcpu_state[stopped_vcpu];
794
		if (set_cur_vcpu)
795
			cur_vcpu = stopped_vcpu;
796
		append_char('T');
797
		append_byte(GDB_SIGNAL_TRAP);
798
		append_string("thread:");
799
		append_integer(stopped_vcpu + 1);
800
		append_char(';');
801
		if (vs->hit_swbreak) {
802
			debug("$vCPU %d reporting swbreak\n", stopped_vcpu);
803
			if (swbreak_enabled)
804
				append_string("swbreak:;");
805
		} else if (vs->stepped)
806
			debug("$vCPU %d reporting step\n", stopped_vcpu);
807
		else
808
			debug("$vCPU %d reporting ???\n", stopped_vcpu);
809
	}
810
	finish_packet();
811
	report_next_stop = false;
812
}
813

814
/*
815
 * If this stop is due to a vCPU event, clear that event to mark it as
816
 * acknowledged.
817
 */
818
static void
819
discard_stop(void)
820
{
821
	struct vcpu_state *vs;
822

823
	if (stopped_vcpu != -1) {
824
		vs = &vcpu_state[stopped_vcpu];
825
		vs->hit_swbreak = false;
826
		vs->stepped = false;
827
		stopped_vcpu = -1;
828
	}
829
	report_next_stop = true;
830
}
831

832
static void
833
gdb_finish_suspend_vcpus(void)
834
{
835

836
	if (first_stop) {
837
		first_stop = false;
838
		stopped_vcpu = -1;
839
	} else if (report_next_stop) {
840
		assert(!response_pending());
841
		report_stop(true);
842
		send_pending_data(cur_fd);
843
	}
844
}
845

846
/*
847
 * vCPU threads invoke this function whenever the vCPU enters the
848
 * debug server to pause or report an event.  vCPU threads wait here
849
 * as long as the debug server keeps them suspended.
850
 */
851
static void
852
_gdb_cpu_suspend(struct vcpu *vcpu, bool report_stop)
853
{
854
	int vcpuid = vcpu_id(vcpu);
855

856
	debug("$vCPU %d suspending\n", vcpuid);
857
	CPU_SET(vcpuid, &vcpus_waiting);
858
	if (report_stop && CPU_CMP(&vcpus_waiting, &vcpus_suspended) == 0)
859
		gdb_finish_suspend_vcpus();
860
	while (CPU_ISSET(vcpuid, &vcpus_suspended))
861
		pthread_cond_wait(&idle_vcpus, &gdb_lock);
862
	CPU_CLR(vcpuid, &vcpus_waiting);
863
	debug("$vCPU %d resuming\n", vcpuid);
864
}
865

866
/*
867
 * Requests vCPU single-stepping using a
868
 * VMEXIT suitable for the host platform.
869
 */
870
static int
871
_gdb_set_step(struct vcpu *vcpu, int val)
872
{
873
	int error;
874

875
#ifdef __amd64__
876
	/*
877
	 * If the MTRAP cap fails, we are running on an AMD host.
878
	 * In that case, we request DB exits caused by RFLAGS.TF.
879
	 */
880
	error = vm_set_capability(vcpu, VM_CAP_MTRAP_EXIT, val);
881
	if (error != 0)
882
		error = vm_set_capability(vcpu, VM_CAP_RFLAGS_TF, val);
883
	if (error == 0)
884
		(void)vm_set_capability(vcpu, VM_CAP_MASK_HWINTR, val);
885
#else /* __aarch64__ */
886
	error = vm_set_capability(vcpu, VM_CAP_SS_EXIT, val);
887
	if (error == 0)
888
		error = vm_set_capability(vcpu, VM_CAP_MASK_HWINTR, val);
889
#endif
890
	return (error);
891
}
892

893
/*
894
 * Checks whether single-stepping is supported for a given vCPU.
895
 */
896
static int
897
_gdb_check_step(struct vcpu *vcpu)
898
{
899
#ifdef __amd64__
900
	int val;
901

902
	if (vm_get_capability(vcpu, VM_CAP_MTRAP_EXIT, &val) != 0) {
903
		if (vm_get_capability(vcpu, VM_CAP_RFLAGS_TF, &val) != 0)
904
			return (-1);
905
	}
906
#else /* __aarch64__ */
907
	(void)vcpu;
908
#endif
909
	return (0);
910
}
911

912
/*
913
 * Invoked at the start of a vCPU thread's execution to inform the
914
 * debug server about the new thread.
915
 */
916
void
917
gdb_cpu_add(struct vcpu *vcpu)
918
{
919
	int vcpuid;
920

921
	if (!gdb_active)
922
		return;
923
	vcpuid = vcpu_id(vcpu);
924
	debug("$vCPU %d starting\n", vcpuid);
925
	pthread_mutex_lock(&gdb_lock);
926
	assert(vcpuid < guest_ncpus);
927
	assert(vcpus[vcpuid] == NULL);
928
	vcpus[vcpuid] = vcpu;
929
	CPU_SET(vcpuid, &vcpus_active);
930
	if (!TAILQ_EMPTY(&breakpoints)) {
931
		vm_set_capability(vcpu, GDB_BREAKPOINT_CAP, 1);
932
		debug("$vCPU %d enabled breakpoint exits\n", vcpuid);
933
	}
934

935
	/*
936
	 * If a vcpu is added while vcpus are stopped, suspend the new
937
	 * vcpu so that it will pop back out with a debug exit before
938
	 * executing the first instruction.
939
	 */
940
	if (!CPU_EMPTY(&vcpus_suspended)) {
941
		cpuset_t suspended;
942
		int error;
943

944
		error = vm_debug_cpus(ctx, &suspended);
945
		assert(error == 0);
946

947
		CPU_SET(vcpuid, &vcpus_suspended);
948
		_gdb_cpu_suspend(vcpu, false);
949

950
		/*
951
		 * In general, APs are started in a suspended mode such that
952
		 * they exit with VM_EXITCODE_DEBUG until the BSP starts them.
953
		 * In particular, this refers to the kernel's view of the vCPU
954
		 * state rather than our own.  If the debugger resumes guest
955
		 * execution, vCPUs will be unsuspended from the kernel's point
956
		 * of view, so we should restore the previous state before
957
		 * continuing.
958
		 */
959
		if (CPU_ISSET(vcpuid, &suspended)) {
960
			error = vm_suspend_cpu(vcpu);
961
			assert(error == 0);
962
		}
963
	}
964
	pthread_mutex_unlock(&gdb_lock);
965
}
966

967
/*
968
 * Invoked by vCPU before resuming execution.  This enables stepping
969
 * if the vCPU is marked as stepping.
970
 */
971
static void
972
gdb_cpu_resume(struct vcpu *vcpu)
973
{
974
	struct vcpu_state *vs;
975
	int error;
976

977
	vs = &vcpu_state[vcpu_id(vcpu)];
978

979
	/*
980
	 * Any pending event should already be reported before
981
	 * resuming.
982
	 */
983
	assert(vs->hit_swbreak == false);
984
	assert(vs->stepped == false);
985
	if (vs->stepping) {
986
		error = _gdb_set_step(vcpu, 1);
987
		assert(error == 0);
988
	}
989
}
990

991
/*
992
 * Handler for VM_EXITCODE_DEBUG used to suspend a vCPU when the guest
993
 * has been suspended due to an event on different vCPU or in response
994
 * to a guest-wide suspend such as Ctrl-C or the stop on attach.
995
 */
996
void
997
gdb_cpu_suspend(struct vcpu *vcpu)
998
{
999

1000
	if (!gdb_active)
1001
		return;
1002
	pthread_mutex_lock(&gdb_lock);
1003
	_gdb_cpu_suspend(vcpu, true);
1004
	gdb_cpu_resume(vcpu);
1005
	pthread_mutex_unlock(&gdb_lock);
1006
}
1007

1008
static void
1009
gdb_suspend_vcpus(void)
1010
{
1011

1012
	assert(pthread_mutex_isowned_np(&gdb_lock));
1013
	debug("suspending all CPUs\n");
1014
	vcpus_suspended = vcpus_active;
1015
	vm_suspend_all_cpus(ctx);
1016
	if (CPU_CMP(&vcpus_waiting, &vcpus_suspended) == 0)
1017
		gdb_finish_suspend_vcpus();
1018
}
1019

1020
/*
1021
 * Invoked each time a vmexit handler needs to step a vCPU.
1022
 * Handles MTRAP and RFLAGS.TF vmexits.
1023
 */
1024
static void
1025
gdb_cpu_step(struct vcpu *vcpu)
1026
{
1027
	struct vcpu_state *vs;
1028
	int vcpuid = vcpu_id(vcpu);
1029
	int error;
1030

1031
	debug("$vCPU %d stepped\n", vcpuid);
1032
	pthread_mutex_lock(&gdb_lock);
1033
	vs = &vcpu_state[vcpuid];
1034
	if (vs->stepping) {
1035
		vs->stepping = false;
1036
		vs->stepped = true;
1037
		error = _gdb_set_step(vcpu, 0);
1038
		assert(error == 0);
1039

1040
		while (vs->stepped) {
1041
			if (stopped_vcpu == -1) {
1042
				debug("$vCPU %d reporting step\n", vcpuid);
1043
				stopped_vcpu = vcpuid;
1044
				gdb_suspend_vcpus();
1045
			}
1046
			_gdb_cpu_suspend(vcpu, true);
1047
		}
1048
		gdb_cpu_resume(vcpu);
1049
	}
1050
	pthread_mutex_unlock(&gdb_lock);
1051
}
1052

1053
/*
1054
 * A general handler for single-step exceptions.
1055
 * Handles RFLAGS.TF exits on AMD SVM.
1056
 */
1057
void
1058
gdb_cpu_debug(struct vcpu *vcpu, struct vm_exit *vmexit)
1059
{
1060
	if (!gdb_active)
1061
		return;
1062

1063
#ifdef __amd64__
1064
	/* RFLAGS.TF exit? */
1065
	if (vmexit->u.dbg.trace_trap) {
1066
		gdb_cpu_step(vcpu);
1067
	}
1068
#else /* __aarch64__ */
1069
	(void)vmexit;
1070
	gdb_cpu_step(vcpu);
1071
#endif
1072
}
1073

1074
/*
1075
 * Handler for VM_EXITCODE_MTRAP reported when a vCPU single-steps via
1076
 * the VT-x-specific MTRAP exit.
1077
 */
1078
void
1079
gdb_cpu_mtrap(struct vcpu *vcpu)
1080
{
1081
	if (!gdb_active)
1082
		return;
1083
	gdb_cpu_step(vcpu);
1084
}
1085

1086
static struct breakpoint *
1087
find_breakpoint(uint64_t gpa)
1088
{
1089
	struct breakpoint *bp;
1090

1091
	TAILQ_FOREACH(bp, &breakpoints, link) {
1092
		if (bp->gpa == gpa)
1093
			return (bp);
1094
	}
1095
	return (NULL);
1096
}
1097

1098
void
1099
gdb_cpu_breakpoint(struct vcpu *vcpu, struct vm_exit *vmexit)
1100
{
1101
	struct breakpoint *bp;
1102
	struct vcpu_state *vs;
1103
	uint64_t gpa;
1104
	int error, vcpuid;
1105

1106
	if (!gdb_active) {
1107
		EPRINTLN("vm_loop: unexpected VMEXIT_DEBUG");
1108
		exit(BHYVE_EXIT_ERROR);
1109
	}
1110
	vcpuid = vcpu_id(vcpu);
1111
	pthread_mutex_lock(&gdb_lock);
1112
	error = guest_vaddr2paddr(vcpu, guest_pc(vmexit), &gpa);
1113
	assert(error == 1);
1114
	bp = find_breakpoint(gpa);
1115
	if (bp != NULL) {
1116
		vs = &vcpu_state[vcpuid];
1117
		assert(vs->stepping == false);
1118
		assert(vs->stepped == false);
1119
		assert(vs->hit_swbreak == false);
1120
		vs->hit_swbreak = true;
1121
		vm_set_register(vcpu, GDB_PC_REGNAME, guest_pc(vmexit));
1122
		for (;;) {
1123
			if (stopped_vcpu == -1) {
1124
				debug("$vCPU %d reporting breakpoint at rip %#lx\n",
1125
				    vcpuid, guest_pc(vmexit));
1126
				stopped_vcpu = vcpuid;
1127
				gdb_suspend_vcpus();
1128
			}
1129
			_gdb_cpu_suspend(vcpu, true);
1130
			if (!vs->hit_swbreak) {
1131
				/* Breakpoint reported. */
1132
				break;
1133
			}
1134
			bp = find_breakpoint(gpa);
1135
			if (bp == NULL) {
1136
				/* Breakpoint was removed. */
1137
				vs->hit_swbreak = false;
1138
				break;
1139
			}
1140
		}
1141
		gdb_cpu_resume(vcpu);
1142
	} else {
1143
		debug("$vCPU %d injecting breakpoint at rip %#lx\n", vcpuid,
1144
		    guest_pc(vmexit));
1145
#ifdef __amd64__
1146
		error = vm_set_register(vcpu, VM_REG_GUEST_ENTRY_INST_LENGTH,
1147
		    vmexit->u.bpt.inst_length);
1148
		assert(error == 0);
1149
		error = vm_inject_exception(vcpu, IDT_BP, 0, 0, 0);
1150
		assert(error == 0);
1151
#else /* __aarch64__ */
1152
		uint64_t esr;
1153

1154
		esr = (EXCP_BRK << ESR_ELx_EC_SHIFT) | vmexit->u.hyp.esr_el2;
1155
		error = vm_inject_exception(vcpu, esr, 0);
1156
		assert(error == 0);
1157
#endif
1158
	}
1159
	pthread_mutex_unlock(&gdb_lock);
1160
}
1161

1162
static bool
1163
gdb_step_vcpu(struct vcpu *vcpu)
1164
{
1165
	int error, vcpuid;
1166

1167
	vcpuid = vcpu_id(vcpu);
1168
	debug("$vCPU %d step\n", vcpuid);
1169
	error = _gdb_check_step(vcpu);
1170
	if (error < 0)
1171
		return (false);
1172

1173
	discard_stop();
1174
	vcpu_state[vcpuid].stepping = true;
1175
	vm_resume_cpu(vcpu);
1176
	CPU_CLR(vcpuid, &vcpus_suspended);
1177
	pthread_cond_broadcast(&idle_vcpus);
1178
	return (true);
1179
}
1180

1181
static void
1182
gdb_resume_vcpus(void)
1183
{
1184

1185
	assert(pthread_mutex_isowned_np(&gdb_lock));
1186
	vm_resume_all_cpus(ctx);
1187
	debug("resuming all CPUs\n");
1188
	CPU_ZERO(&vcpus_suspended);
1189
	pthread_cond_broadcast(&idle_vcpus);
1190
}
1191

1192
static void
1193
gdb_read_regs(void)
1194
{
1195
	uint64_t regvals[nitems(gdb_regset)];
1196
	int regnums[nitems(gdb_regset)];
1197

1198
	for (size_t i = 0; i < nitems(gdb_regset); i++)
1199
		regnums[i] = gdb_regset[i].id;
1200
	if (vm_get_register_set(vcpus[cur_vcpu], nitems(gdb_regset),
1201
	    regnums, regvals) == -1) {
1202
		send_error(errno);
1203
		return;
1204
	}
1205

1206
	start_packet();
1207
	for (size_t i = 0; i < nitems(gdb_regset); i++) {
1208
#ifdef GDB_REG_FIRST_EXT
1209
		if (gdb_regset[i].id == GDB_REG_FIRST_EXT)
1210
			break;
1211
#endif
1212
		append_unsigned_native(regvals[i], gdb_regset[i].size);
1213
	}
1214
	finish_packet();
1215
}
1216

1217
static void
1218
gdb_read_one_reg(const uint8_t *data, size_t len)
1219
{
1220
	uint64_t regval;
1221
	uintmax_t reg;
1222

1223
	reg = parse_integer(data, len);
1224
	if (reg >= nitems(gdb_regset)) {
1225
		send_error(EINVAL);
1226
		return;
1227
	}
1228

1229
	if (vm_get_register(vcpus[cur_vcpu], gdb_regset[reg].id, &regval) ==
1230
	    -1) {
1231
		send_error(errno);
1232
		return;
1233
	}
1234

1235
	start_packet();
1236
	append_unsigned_native(regval, gdb_regset[reg].size);
1237
	finish_packet();
1238
}
1239

1240
static void
1241
gdb_read_mem(const uint8_t *data, size_t len)
1242
{
1243
	uint64_t gpa, gva, val;
1244
	uint8_t *cp;
1245
	size_t resid, todo, bytes;
1246
	bool started;
1247
	int error;
1248

1249
	assert(len >= 1);
1250

1251
	/* Skip 'm' */
1252
	data += 1;
1253
	len -= 1;
1254

1255
	/* Parse and consume address. */
1256
	cp = memchr(data, ',', len);
1257
	if (cp == NULL || cp == data) {
1258
		send_error(EINVAL);
1259
		return;
1260
	}
1261
	gva = parse_integer(data, cp - data);
1262
	len -= (cp - data) + 1;
1263
	data += (cp - data) + 1;
1264

1265
	/* Parse length. */
1266
	resid = parse_integer(data, len);
1267

1268
	started = false;
1269
	while (resid > 0) {
1270
		error = guest_vaddr2paddr(vcpus[cur_vcpu], gva, &gpa);
1271
		if (error == -1) {
1272
			if (started)
1273
				finish_packet();
1274
			else
1275
				send_error(errno);
1276
			return;
1277
		}
1278
		if (error == 0) {
1279
			if (started)
1280
				finish_packet();
1281
			else
1282
				send_error(EFAULT);
1283
			return;
1284
		}
1285

1286
		/* Read bytes from current page. */
1287
		todo = getpagesize() - gpa % getpagesize();
1288
		if (todo > resid)
1289
			todo = resid;
1290

1291
		cp = paddr_guest2host(ctx, gpa, todo);
1292
		if (cp != NULL) {
1293
			/*
1294
			 * If this page is guest RAM, read it a byte
1295
			 * at a time.
1296
			 */
1297
			if (!started) {
1298
				start_packet();
1299
				started = true;
1300
			}
1301
			while (todo > 0) {
1302
				append_byte(*cp);
1303
				cp++;
1304
				gpa++;
1305
				gva++;
1306
				resid--;
1307
				todo--;
1308
			}
1309
		} else {
1310
			/*
1311
			 * If this page isn't guest RAM, try to handle
1312
			 * it via MMIO.  For MMIO requests, use
1313
			 * aligned reads of words when possible.
1314
			 */
1315
			while (todo > 0) {
1316
				if (gpa & 1 || todo == 1)
1317
					bytes = 1;
1318
				else if (gpa & 2 || todo == 2)
1319
					bytes = 2;
1320
				else
1321
					bytes = 4;
1322
				error = read_mem(vcpus[cur_vcpu], gpa, &val,
1323
				    bytes);
1324
				if (error == 0) {
1325
					if (!started) {
1326
						start_packet();
1327
						started = true;
1328
					}
1329
					gpa += bytes;
1330
					gva += bytes;
1331
					resid -= bytes;
1332
					todo -= bytes;
1333
					while (bytes > 0) {
1334
						append_byte(val);
1335
						val >>= 8;
1336
						bytes--;
1337
					}
1338
				} else {
1339
					if (started)
1340
						finish_packet();
1341
					else
1342
						send_error(EFAULT);
1343
					return;
1344
				}
1345
			}
1346
		}
1347
		assert(resid == 0 || gpa % getpagesize() == 0);
1348
	}
1349
	if (!started)
1350
		start_packet();
1351
	finish_packet();
1352
}
1353

1354
static void
1355
gdb_write_mem(const uint8_t *data, size_t len)
1356
{
1357
	uint64_t gpa, gva, val;
1358
	uint8_t *cp;
1359
	size_t resid, todo, bytes;
1360
	int error;
1361

1362
	assert(len >= 1);
1363

1364
	/* Skip 'M' */
1365
	data += 1;
1366
	len -= 1;
1367

1368
	/* Parse and consume address. */
1369
	cp = memchr(data, ',', len);
1370
	if (cp == NULL || cp == data) {
1371
		send_error(EINVAL);
1372
		return;
1373
	}
1374
	gva = parse_integer(data, cp - data);
1375
	len -= (cp - data) + 1;
1376
	data += (cp - data) + 1;
1377

1378
	/* Parse and consume length. */
1379
	cp = memchr(data, ':', len);
1380
	if (cp == NULL || cp == data) {
1381
		send_error(EINVAL);
1382
		return;
1383
	}
1384
	resid = parse_integer(data, cp - data);
1385
	len -= (cp - data) + 1;
1386
	data += (cp - data) + 1;
1387

1388
	/* Verify the available bytes match the length. */
1389
	if (len != resid * 2) {
1390
		send_error(EINVAL);
1391
		return;
1392
	}
1393

1394
	while (resid > 0) {
1395
		error = guest_vaddr2paddr(vcpus[cur_vcpu], gva, &gpa);
1396
		if (error == -1) {
1397
			send_error(errno);
1398
			return;
1399
		}
1400
		if (error == 0) {
1401
			send_error(EFAULT);
1402
			return;
1403
		}
1404

1405
		/* Write bytes to current page. */
1406
		todo = getpagesize() - gpa % getpagesize();
1407
		if (todo > resid)
1408
			todo = resid;
1409

1410
		cp = paddr_guest2host(ctx, gpa, todo);
1411
		if (cp != NULL) {
1412
			/*
1413
			 * If this page is guest RAM, write it a byte
1414
			 * at a time.
1415
			 */
1416
			while (todo > 0) {
1417
				assert(len >= 2);
1418
				*cp = parse_byte(data);
1419
				data += 2;
1420
				len -= 2;
1421
				cp++;
1422
				gpa++;
1423
				gva++;
1424
				resid--;
1425
				todo--;
1426
			}
1427
		} else {
1428
			/*
1429
			 * If this page isn't guest RAM, try to handle
1430
			 * it via MMIO.  For MMIO requests, use
1431
			 * aligned writes of words when possible.
1432
			 */
1433
			while (todo > 0) {
1434
				if (gpa & 1 || todo == 1) {
1435
					bytes = 1;
1436
					val = parse_byte(data);
1437
				} else if (gpa & 2 || todo == 2) {
1438
					bytes = 2;
1439
					val = be16toh(parse_integer(data, 4));
1440
				} else {
1441
					bytes = 4;
1442
					val = be32toh(parse_integer(data, 8));
1443
				}
1444
				error = write_mem(vcpus[cur_vcpu], gpa, val,
1445
				    bytes);
1446
				if (error == 0) {
1447
					gpa += bytes;
1448
					gva += bytes;
1449
					resid -= bytes;
1450
					todo -= bytes;
1451
					data += 2 * bytes;
1452
					len -= 2 * bytes;
1453
				} else {
1454
					send_error(EFAULT);
1455
					return;
1456
				}
1457
			}
1458
		}
1459
		assert(resid == 0 || gpa % getpagesize() == 0);
1460
	}
1461
	assert(len == 0);
1462
	send_ok();
1463
}
1464

1465
static bool
1466
set_breakpoint_caps(bool enable)
1467
{
1468
	cpuset_t mask;
1469
	int vcpu;
1470

1471
	mask = vcpus_active;
1472
	while (!CPU_EMPTY(&mask)) {
1473
		vcpu = CPU_FFS(&mask) - 1;
1474
		CPU_CLR(vcpu, &mask);
1475
		if (vm_set_capability(vcpus[vcpu], GDB_BREAKPOINT_CAP,
1476
		    enable ? 1 : 0) < 0)
1477
			return (false);
1478
		debug("$vCPU %d %sabled breakpoint exits\n", vcpu,
1479
		    enable ? "en" : "dis");
1480
	}
1481
	return (true);
1482
}
1483

1484
static void
1485
write_instr(uint8_t *dest, uint8_t *instr, size_t len)
1486
{
1487
	memcpy(dest, instr, len);
1488
#ifdef __arm64__
1489
	__asm __volatile(
1490
	    "dc cvau, %0\n"
1491
	    "dsb ish\n"
1492
	    "ic ialluis\n"
1493
	    "dsb ish\n"
1494
	    : : "r" (dest) : "memory");
1495
#endif
1496
}
1497

1498
static void
1499
remove_all_sw_breakpoints(void)
1500
{
1501
	struct breakpoint *bp, *nbp;
1502
	uint8_t *cp;
1503

1504
	if (TAILQ_EMPTY(&breakpoints))
1505
		return;
1506

1507
	TAILQ_FOREACH_SAFE(bp, &breakpoints, link, nbp) {
1508
		debug("remove breakpoint at %#lx\n", bp->gpa);
1509
		cp = paddr_guest2host(ctx, bp->gpa, sizeof(bp->shadow_inst));
1510
		write_instr(cp, bp->shadow_inst, sizeof(bp->shadow_inst));
1511
		TAILQ_REMOVE(&breakpoints, bp, link);
1512
		free(bp);
1513
	}
1514
	TAILQ_INIT(&breakpoints);
1515
	set_breakpoint_caps(false);
1516
}
1517

1518
static void
1519
update_sw_breakpoint(uint64_t gva, int kind, bool insert)
1520
{
1521
	struct breakpoint *bp;
1522
	uint64_t gpa;
1523
	uint8_t *cp;
1524
	int error;
1525

1526
	if (kind != GDB_BP_SIZE) {
1527
		send_error(EINVAL);
1528
		return;
1529
	}
1530

1531
	error = guest_vaddr2paddr(vcpus[cur_vcpu], gva, &gpa);
1532
	if (error == -1) {
1533
		send_error(errno);
1534
		return;
1535
	}
1536
	if (error == 0) {
1537
		send_error(EFAULT);
1538
		return;
1539
	}
1540

1541
	cp = paddr_guest2host(ctx, gpa, sizeof(bp->shadow_inst));
1542

1543
	/* Only permit breakpoints in guest RAM. */
1544
	if (cp == NULL) {
1545
		send_error(EFAULT);
1546
		return;
1547
	}
1548

1549
	/* Find any existing breakpoint. */
1550
	bp = find_breakpoint(gpa);
1551

1552
	/*
1553
	 * Silently ignore duplicate commands since the protocol
1554
	 * requires these packets to be idempotent.
1555
	 */
1556
	if (insert) {
1557
		if (bp == NULL) {
1558
			if (TAILQ_EMPTY(&breakpoints) &&
1559
			    !set_breakpoint_caps(true)) {
1560
				send_empty_response();
1561
				return;
1562
			}
1563
			bp = malloc(sizeof(*bp));
1564
			bp->gpa = gpa;
1565
			memcpy(bp->shadow_inst, cp, sizeof(bp->shadow_inst));
1566
			write_instr(cp, GDB_BP_INSTR, sizeof(bp->shadow_inst));
1567
			TAILQ_INSERT_TAIL(&breakpoints, bp, link);
1568
			debug("new breakpoint at %#lx\n", gpa);
1569
		}
1570
	} else {
1571
		if (bp != NULL) {
1572
			debug("remove breakpoint at %#lx\n", gpa);
1573
			write_instr(cp, bp->shadow_inst,
1574
			    sizeof(bp->shadow_inst));
1575
			TAILQ_REMOVE(&breakpoints, bp, link);
1576
			free(bp);
1577
			if (TAILQ_EMPTY(&breakpoints))
1578
				set_breakpoint_caps(false);
1579
		}
1580
	}
1581
	send_ok();
1582
}
1583

1584
static void
1585
parse_breakpoint(const uint8_t *data, size_t len)
1586
{
1587
	uint64_t gva;
1588
	uint8_t *cp;
1589
	bool insert;
1590
	int kind, type;
1591

1592
	insert = data[0] == 'Z';
1593

1594
	/* Skip 'Z/z' */
1595
	data += 1;
1596
	len -= 1;
1597

1598
	/* Parse and consume type. */
1599
	cp = memchr(data, ',', len);
1600
	if (cp == NULL || cp == data) {
1601
		send_error(EINVAL);
1602
		return;
1603
	}
1604
	type = parse_integer(data, cp - data);
1605
	len -= (cp - data) + 1;
1606
	data += (cp - data) + 1;
1607

1608
	/* Parse and consume address. */
1609
	cp = memchr(data, ',', len);
1610
	if (cp == NULL || cp == data) {
1611
		send_error(EINVAL);
1612
		return;
1613
	}
1614
	gva = parse_integer(data, cp - data);
1615
	len -= (cp - data) + 1;
1616
	data += (cp - data) + 1;
1617

1618
	/* Parse and consume kind. */
1619
	cp = memchr(data, ';', len);
1620
	if (cp == data) {
1621
		send_error(EINVAL);
1622
		return;
1623
	}
1624
	if (cp != NULL) {
1625
		/*
1626
		 * We do not advertise support for either the
1627
		 * ConditionalBreakpoints or BreakpointCommands
1628
		 * features, so we should not be getting conditions or
1629
		 * commands from the remote end.
1630
		 */
1631
		send_empty_response();
1632
		return;
1633
	}
1634
	kind = parse_integer(data, len);
1635
	data += len;
1636
	len = 0;
1637

1638
	switch (type) {
1639
	case 0:
1640
		update_sw_breakpoint(gva, kind, insert);
1641
		break;
1642
	default:
1643
		send_empty_response();
1644
		break;
1645
	}
1646
}
1647

1648
static bool
1649
command_equals(const uint8_t *data, size_t len, const char *cmd)
1650
{
1651

1652
	if (strlen(cmd) > len)
1653
		return (false);
1654
	return (memcmp(data, cmd, strlen(cmd)) == 0);
1655
}
1656

1657
static void
1658
check_features(const uint8_t *data, size_t len)
1659
{
1660
	char *feature, *next_feature, *str, *value;
1661
	bool supported;
1662

1663
	str = malloc(len + 1);
1664
	memcpy(str, data, len);
1665
	str[len] = '\0';
1666
	next_feature = str;
1667

1668
	while ((feature = strsep(&next_feature, ";")) != NULL) {
1669
		/*
1670
		 * Null features shouldn't exist, but skip if they
1671
		 * do.
1672
		 */
1673
		if (strcmp(feature, "") == 0)
1674
			continue;
1675

1676
		/*
1677
		 * Look for the value or supported / not supported
1678
		 * flag.
1679
		 */
1680
		value = strchr(feature, '=');
1681
		if (value != NULL) {
1682
			*value = '\0';
1683
			value++;
1684
			supported = true;
1685
		} else {
1686
			value = feature + strlen(feature) - 1;
1687
			switch (*value) {
1688
			case '+':
1689
				supported = true;
1690
				break;
1691
			case '-':
1692
				supported = false;
1693
				break;
1694
			default:
1695
				/*
1696
				 * This is really a protocol error,
1697
				 * but we just ignore malformed
1698
				 * features for ease of
1699
				 * implementation.
1700
				 */
1701
				continue;
1702
			}
1703
			value = NULL;
1704
		}
1705

1706
		if (strcmp(feature, "swbreak") == 0)
1707
			swbreak_enabled = supported;
1708
	}
1709
	free(str);
1710

1711
	start_packet();
1712

1713
	/* This is an arbitrary limit. */
1714
	append_string("PacketSize=4096");
1715
	append_string(";swbreak+");
1716
	append_string(";qXfer:features:read+");
1717
	finish_packet();
1718
}
1719

1720
static void
1721
gdb_query(const uint8_t *data, size_t len)
1722
{
1723

1724
	/*
1725
	 * TODO:
1726
	 * - qSearch
1727
	 */
1728
	if (command_equals(data, len, "qAttached")) {
1729
		start_packet();
1730
		append_char('1');
1731
		finish_packet();
1732
	} else if (command_equals(data, len, "qC")) {
1733
		start_packet();
1734
		append_string("QC");
1735
		append_integer(cur_vcpu + 1);
1736
		finish_packet();
1737
	} else if (command_equals(data, len, "qfThreadInfo")) {
1738
		cpuset_t mask;
1739
		bool first;
1740
		int vcpu;
1741

1742
		if (CPU_EMPTY(&vcpus_active)) {
1743
			send_error(EINVAL);
1744
			return;
1745
		}
1746
		mask = vcpus_active;
1747
		start_packet();
1748
		append_char('m');
1749
		first = true;
1750
		while (!CPU_EMPTY(&mask)) {
1751
			vcpu = CPU_FFS(&mask) - 1;
1752
			CPU_CLR(vcpu, &mask);
1753
			if (first)
1754
				first = false;
1755
			else
1756
				append_char(',');
1757
			append_integer(vcpu + 1);
1758
		}
1759
		finish_packet();
1760
	} else if (command_equals(data, len, "qsThreadInfo")) {
1761
		start_packet();
1762
		append_char('l');
1763
		finish_packet();
1764
	} else if (command_equals(data, len, "qSupported")) {
1765
		data += strlen("qSupported");
1766
		len -= strlen("qSupported");
1767
		check_features(data, len);
1768
	} else if (command_equals(data, len, "qThreadExtraInfo")) {
1769
		char buf[16];
1770
		int tid;
1771

1772
		data += strlen("qThreadExtraInfo");
1773
		len -= strlen("qThreadExtraInfo");
1774
		if (len == 0 || *data != ',') {
1775
			send_error(EINVAL);
1776
			return;
1777
		}
1778
		tid = parse_threadid(data + 1, len - 1);
1779
		if (tid <= 0 || !CPU_ISSET(tid - 1, &vcpus_active)) {
1780
			send_error(EINVAL);
1781
			return;
1782
		}
1783

1784
		snprintf(buf, sizeof(buf), "vCPU %d", tid - 1);
1785
		start_packet();
1786
		append_asciihex(buf);
1787
		finish_packet();
1788
	} else if (command_equals(data, len, "qXfer:features:read:")) {
1789
		struct stat sb;
1790
		const char *xml;
1791
		const uint8_t *pathend;
1792
		char buf[64], path[PATH_MAX];
1793
		size_t xmllen;
1794
		unsigned int doff, dlen;
1795
		int fd;
1796

1797
		data += strlen("qXfer:features:read:");
1798
		len -= strlen("qXfer:features:read:");
1799

1800
		pathend = memchr(data, ':', len);
1801
		if (pathend == NULL ||
1802
		    (size_t)(pathend - data) >= sizeof(path) - 1) {
1803
			send_error(EINVAL);
1804
			return;
1805
		}
1806
		memcpy(path, data, pathend - data);
1807
		path[pathend - data] = '\0';
1808
		data += (pathend - data) + 1;
1809
		len -= (pathend - data) + 1;
1810

1811
		if (len > sizeof(buf) - 1) {
1812
			send_error(EINVAL);
1813
			return;
1814
		}
1815
		memcpy(buf, data, len);
1816
		buf[len] = '\0';
1817
		if (sscanf(buf, "%x,%x", &doff, &dlen) != 2) {
1818
			send_error(EINVAL);
1819
			return;
1820
		}
1821

1822
		fd = openat(xml_dfd, path, O_RDONLY | O_RESOLVE_BENEATH);
1823
		if (fd < 0) {
1824
			send_error(errno);
1825
			return;
1826
		}
1827
		if (fstat(fd, &sb) < 0) {
1828
			send_error(errno);
1829
			close(fd);
1830
			return;
1831
		}
1832
		xml = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);
1833
		if (xml == MAP_FAILED) {
1834
			send_error(errno);
1835
			close(fd);
1836
			return;
1837
		}
1838
		close(fd);
1839
		xmllen = sb.st_size;
1840

1841
		start_packet();
1842
		if (doff >= xmllen) {
1843
			append_char('l');
1844
		} else if (doff + dlen >= xmllen) {
1845
			append_char('l');
1846
			append_binary_data(xml + doff, xmllen - doff);
1847
		} else {
1848
			append_char('m');
1849
			append_binary_data(xml + doff, dlen);
1850
		}
1851
		finish_packet();
1852
		(void)munmap(__DECONST(void *, xml), xmllen);
1853
	} else
1854
		send_empty_response();
1855
}
1856

1857
static void
1858
handle_command(const uint8_t *data, size_t len)
1859
{
1860

1861
	/* Reject packets with a sequence-id. */
1862
	if (len >= 3 && data[0] >= '0' && data[0] <= '9' &&
1863
	    data[0] >= '0' && data[0] <= '9' && data[2] == ':') {
1864
		send_empty_response();
1865
		return;
1866
	}
1867

1868
	switch (*data) {
1869
	case 'c':
1870
		if (len != 1) {
1871
			send_error(EINVAL);
1872
			break;
1873
		}
1874

1875
		discard_stop();
1876
		gdb_resume_vcpus();
1877
		break;
1878
	case 'D':
1879
		send_ok();
1880

1881
		/* TODO: Resume any stopped CPUs. */
1882
		break;
1883
	case 'g':
1884
		gdb_read_regs();
1885
		break;
1886
	case 'p':
1887
		gdb_read_one_reg(data + 1, len - 1);
1888
		break;
1889
	case 'H': {
1890
		int tid;
1891

1892
		if (len < 2 || (data[1] != 'g' && data[1] != 'c')) {
1893
			send_error(EINVAL);
1894
			break;
1895
		}
1896
		tid = parse_threadid(data + 2, len - 2);
1897
		if (tid == -2) {
1898
			send_error(EINVAL);
1899
			break;
1900
		}
1901

1902
		if (CPU_EMPTY(&vcpus_active)) {
1903
			send_error(EINVAL);
1904
			break;
1905
		}
1906
		if (tid == -1 || tid == 0)
1907
			cur_vcpu = CPU_FFS(&vcpus_active) - 1;
1908
		else if (CPU_ISSET(tid - 1, &vcpus_active))
1909
			cur_vcpu = tid - 1;
1910
		else {
1911
			send_error(EINVAL);
1912
			break;
1913
		}
1914
		send_ok();
1915
		break;
1916
	}
1917
	case 'm':
1918
		gdb_read_mem(data, len);
1919
		break;
1920
	case 'M':
1921
		gdb_write_mem(data, len);
1922
		break;
1923
	case 'T': {
1924
		int tid;
1925

1926
		tid = parse_threadid(data + 1, len - 1);
1927
		if (tid <= 0 || !CPU_ISSET(tid - 1, &vcpus_active)) {
1928
			send_error(EINVAL);
1929
			return;
1930
		}
1931
		send_ok();
1932
		break;
1933
	}
1934
	case 'q':
1935
		gdb_query(data, len);
1936
		break;
1937
	case 's':
1938
		if (len != 1) {
1939
			send_error(EINVAL);
1940
			break;
1941
		}
1942

1943
		/* Don't send a reply until a stop occurs. */
1944
		if (!gdb_step_vcpu(vcpus[cur_vcpu])) {
1945
			send_error(EOPNOTSUPP);
1946
			break;
1947
		}
1948
		break;
1949
	case 'z':
1950
	case 'Z':
1951
		parse_breakpoint(data, len);
1952
		break;
1953
	case '?':
1954
		report_stop(false);
1955
		break;
1956
	case 'G': /* TODO */
1957
	case 'v':
1958
		/* Handle 'vCont' */
1959
		/* 'vCtrlC' */
1960
	case 'P': /* TODO */
1961
	case 'Q': /* TODO */
1962
	case 't': /* TODO */
1963
	case 'X': /* TODO */
1964
	default:
1965
		send_empty_response();
1966
	}
1967
}
1968

1969
/* Check for a valid packet in the command buffer. */
1970
static void
1971
check_command(int fd)
1972
{
1973
	uint8_t *head, *hash, *p, sum;
1974
	size_t avail, plen;
1975

1976
	for (;;) {
1977
		avail = cur_comm.len;
1978
		if (avail == 0)
1979
			return;
1980
		head = io_buffer_head(&cur_comm);
1981
		switch (*head) {
1982
		case 0x03:
1983
			debug("<- Ctrl-C\n");
1984
			io_buffer_consume(&cur_comm, 1);
1985

1986
			gdb_suspend_vcpus();
1987
			break;
1988
		case '+':
1989
			/* ACK of previous response. */
1990
			debug("<- +\n");
1991
			if (response_pending())
1992
				io_buffer_reset(&cur_resp);
1993
			io_buffer_consume(&cur_comm, 1);
1994
			if (stopped_vcpu != -1 && report_next_stop) {
1995
				report_stop(true);
1996
				send_pending_data(fd);
1997
			}
1998
			break;
1999
		case '-':
2000
			/* NACK of previous response. */
2001
			debug("<- -\n");
2002
			if (response_pending()) {
2003
				cur_resp.len += cur_resp.start;
2004
				cur_resp.start = 0;
2005
				if (cur_resp.data[0] == '+')
2006
					io_buffer_advance(&cur_resp, 1);
2007
				debug("-> %.*s\n", (int)cur_resp.len,
2008
				    io_buffer_head(&cur_resp));
2009
			}
2010
			io_buffer_consume(&cur_comm, 1);
2011
			send_pending_data(fd);
2012
			break;
2013
		case '$':
2014
			/* Packet. */
2015

2016
			if (response_pending()) {
2017
				warnx("New GDB command while response in "
2018
				    "progress");
2019
				io_buffer_reset(&cur_resp);
2020
			}
2021

2022
			/* Is packet complete? */
2023
			hash = memchr(head, '#', avail);
2024
			if (hash == NULL)
2025
				return;
2026
			plen = (hash - head + 1) + 2;
2027
			if (avail < plen)
2028
				return;
2029
			debug("<- %.*s\n", (int)plen, head);
2030

2031
			/* Verify checksum. */
2032
			for (sum = 0, p = head + 1; p < hash; p++)
2033
				sum += *p;
2034
			if (sum != parse_byte(hash + 1)) {
2035
				io_buffer_consume(&cur_comm, plen);
2036
				debug("-> -\n");
2037
				send_char('-');
2038
				send_pending_data(fd);
2039
				break;
2040
			}
2041
			send_char('+');
2042

2043
			handle_command(head + 1, hash - (head + 1));
2044
			io_buffer_consume(&cur_comm, plen);
2045
			if (!response_pending())
2046
				debug("-> +\n");
2047
			send_pending_data(fd);
2048
			break;
2049
		default:
2050
			/* XXX: Possibly drop connection instead. */
2051
			debug("-> %02x\n", *head);
2052
			io_buffer_consume(&cur_comm, 1);
2053
			break;
2054
		}
2055
	}
2056
}
2057

2058
static void
2059
gdb_readable(int fd, enum ev_type event __unused, void *arg __unused)
2060
{
2061
	size_t pending;
2062
	ssize_t nread;
2063
	int n;
2064

2065
	if (ioctl(fd, FIONREAD, &n) == -1) {
2066
		warn("FIONREAD on GDB socket");
2067
		return;
2068
	}
2069
	assert(n >= 0);
2070
	pending = n;
2071

2072
	/*
2073
	 * 'pending' might be zero due to EOF.  We need to call read
2074
	 * with a non-zero length to detect EOF.
2075
	 */
2076
	if (pending == 0)
2077
		pending = 1;
2078

2079
	/* Ensure there is room in the command buffer. */
2080
	io_buffer_grow(&cur_comm, pending);
2081
	assert(io_buffer_avail(&cur_comm) >= pending);
2082

2083
	nread = read(fd, io_buffer_tail(&cur_comm), io_buffer_avail(&cur_comm));
2084
	if (nread == 0) {
2085
		close_connection();
2086
	} else if (nread == -1) {
2087
		if (errno == EAGAIN)
2088
			return;
2089

2090
		warn("Read from GDB socket");
2091
		close_connection();
2092
	} else {
2093
		cur_comm.len += nread;
2094
		pthread_mutex_lock(&gdb_lock);
2095
		check_command(fd);
2096
		pthread_mutex_unlock(&gdb_lock);
2097
	}
2098
}
2099

2100
static void
2101
gdb_writable(int fd, enum ev_type event __unused, void *arg __unused)
2102
{
2103

2104
	send_pending_data(fd);
2105
}
2106

2107
static void
2108
new_connection(int fd, enum ev_type event __unused, void *arg)
2109
{
2110
	int optval, s;
2111

2112
	s = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2113
	if (s == -1) {
2114
		if (arg != NULL)
2115
			err(1, "Failed accepting initial GDB connection");
2116

2117
		/* Silently ignore errors post-startup. */
2118
		return;
2119
	}
2120

2121
	optval = 1;
2122
	if (setsockopt(s, SOL_SOCKET, SO_NOSIGPIPE, &optval, sizeof(optval)) ==
2123
	    -1) {
2124
		warn("Failed to disable SIGPIPE for GDB connection");
2125
		close(s);
2126
		return;
2127
	}
2128

2129
	pthread_mutex_lock(&gdb_lock);
2130
	if (cur_fd != -1) {
2131
		close(s);
2132
		warnx("Ignoring additional GDB connection.");
2133
	}
2134

2135
	read_event = mevent_add(s, EVF_READ, gdb_readable, NULL);
2136
	if (read_event == NULL) {
2137
		if (arg != NULL)
2138
			err(1, "Failed to setup initial GDB connection");
2139
		pthread_mutex_unlock(&gdb_lock);
2140
		return;
2141
	}
2142
	write_event = mevent_add(s, EVF_WRITE, gdb_writable, NULL);
2143
	if (write_event == NULL) {
2144
		if (arg != NULL)
2145
			err(1, "Failed to setup initial GDB connection");
2146
		mevent_delete_close(read_event);
2147
		read_event = NULL;
2148
	}
2149

2150
	cur_fd = s;
2151
	cur_vcpu = 0;
2152
	stopped_vcpu = -1;
2153

2154
	/* Break on attach. */
2155
	first_stop = true;
2156
	report_next_stop = false;
2157
	gdb_suspend_vcpus();
2158
	pthread_mutex_unlock(&gdb_lock);
2159
}
2160

2161
#ifndef WITHOUT_CAPSICUM
2162
static void
2163
limit_gdb_socket(int s)
2164
{
2165
	cap_rights_t rights;
2166
	unsigned long ioctls[] = { FIONREAD };
2167

2168
	cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE,
2169
	    CAP_SETSOCKOPT, CAP_IOCTL);
2170
	if (caph_rights_limit(s, &rights) == -1)
2171
		errx(EX_OSERR, "Unable to apply rights for sandbox");
2172
	if (caph_ioctls_limit(s, ioctls, nitems(ioctls)) == -1)
2173
		errx(EX_OSERR, "Unable to apply rights for sandbox");
2174
}
2175
#endif
2176

2177
void
2178
init_gdb(struct vmctx *_ctx)
2179
{
2180
#ifndef WITHOUT_CAPSICUM
2181
	cap_rights_t rights;
2182
#endif
2183
	int error, flags, optval, s;
2184
	struct addrinfo hints;
2185
	struct addrinfo *gdbaddr;
2186
	const char *saddr, *value;
2187
	char *sport;
2188
	bool wait;
2189

2190
	value = get_config_value("gdb.port");
2191
	if (value == NULL)
2192
		return;
2193
	sport = strdup(value);
2194
	if (sport == NULL)
2195
		errx(4, "Failed to allocate memory");
2196

2197
	wait = get_config_bool_default("gdb.wait", false);
2198

2199
	saddr = get_config_value("gdb.address");
2200
	if (saddr == NULL) {
2201
		saddr = "localhost";
2202
	}
2203

2204
	debug("==> starting on %s:%s, %swaiting\n",
2205
	    saddr, sport, wait ? "" : "not ");
2206

2207
	error = pthread_mutex_init(&gdb_lock, NULL);
2208
	if (error != 0)
2209
		errc(1, error, "gdb mutex init");
2210
	error = pthread_cond_init(&idle_vcpus, NULL);
2211
	if (error != 0)
2212
		errc(1, error, "gdb cv init");
2213

2214
	memset(&hints, 0, sizeof(hints));
2215
	hints.ai_family = AF_UNSPEC;
2216
	hints.ai_socktype = SOCK_STREAM;
2217
	hints.ai_flags = AI_NUMERICSERV | AI_PASSIVE;
2218

2219
	error = getaddrinfo(saddr, sport, &hints, &gdbaddr);
2220
	if (error != 0)
2221
		errx(1, "gdb address resolution: %s", gai_strerror(error));
2222

2223
	ctx = _ctx;
2224
	s = socket(gdbaddr->ai_family, gdbaddr->ai_socktype, 0);
2225
	if (s < 0)
2226
		err(1, "gdb socket create");
2227

2228
	optval = 1;
2229
	(void)setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval));
2230

2231
	if (bind(s, gdbaddr->ai_addr, gdbaddr->ai_addrlen) < 0)
2232
		err(1, "gdb socket bind");
2233

2234
	if (listen(s, 1) < 0)
2235
		err(1, "gdb socket listen");
2236

2237
	stopped_vcpu = -1;
2238
	TAILQ_INIT(&breakpoints);
2239
	vcpus = calloc(guest_ncpus, sizeof(*vcpus));
2240
	vcpu_state = calloc(guest_ncpus, sizeof(*vcpu_state));
2241
	if (wait) {
2242
		/*
2243
		 * Set vcpu 0 in vcpus_suspended.  This will trigger the
2244
		 * logic in gdb_cpu_add() to suspend the first vcpu before
2245
		 * it starts execution.  The vcpu will remain suspended
2246
		 * until a debugger connects.
2247
		 */
2248
		CPU_SET(0, &vcpus_suspended);
2249
		stopped_vcpu = 0;
2250
	}
2251

2252
	flags = fcntl(s, F_GETFL);
2253
	if (fcntl(s, F_SETFL, flags | O_NONBLOCK) == -1)
2254
		err(1, "Failed to mark gdb socket non-blocking");
2255

2256
#ifndef WITHOUT_CAPSICUM
2257
	limit_gdb_socket(s);
2258
#endif
2259
	mevent_add(s, EVF_READ, new_connection, NULL);
2260
	gdb_active = true;
2261
	freeaddrinfo(gdbaddr);
2262
	free(sport);
2263

2264
	xml_dfd = open(_PATH_GDB_XML, O_DIRECTORY);
2265
	if (xml_dfd == -1)
2266
		err(1, "Failed to open gdb xml directory");
2267
#ifndef WITHOUT_CAPSICUM
2268
	cap_rights_init(&rights, CAP_FSTAT, CAP_LOOKUP, CAP_MMAP_R, CAP_PREAD);
2269
	if (caph_rights_limit(xml_dfd, &rights) == -1)
2270
		err(1, "cap_rights_init");
2271
#endif
2272
}
2273

2274
Product

Resources

Company
