1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2017-2018 John H. Baldwin <jhb@FreeBSD.org>
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
26 */
27
28 #include <sys/param.h>
29 #ifndef WITHOUT_CAPSICUM
30 #include <sys/capsicum.h>
31 #endif
32 #include <sys/endian.h>
33 #include <sys/ioctl.h>
34 #include <sys/mman.h>
35 #include <sys/queue.h>
36 #include <sys/socket.h>
37 #include <sys/stat.h>
38
39 #ifdef __aarch64__
40 #include <machine/armreg.h>
41 #endif
42 #include <machine/atomic.h>
43 #ifdef __amd64__
44 #include <machine/specialreg.h>
45 #endif
46 #include <machine/vmm.h>
47
48 #include <netinet/in.h>
49
50 #include <assert.h>
51 #ifndef WITHOUT_CAPSICUM
52 #include <capsicum_helpers.h>
53 #endif
54 #include <err.h>
55 #include <errno.h>
56 #include <fcntl.h>
57 #include <netdb.h>
58 #include <pthread.h>
59 #include <pthread_np.h>
60 #include <stdbool.h>
61 #include <stdio.h>
62 #include <stdlib.h>
63 #include <string.h>
64 #include <sysexits.h>
65 #include <unistd.h>
66 #include <vmmapi.h>
67
68 #include "bhyverun.h"
69 #include "config.h"
70 #include "debug.h"
71 #include "gdb.h"
72 #include "mem.h"
73 #include "mevent.h"
74
75 #define _PATH_GDB_XML "/usr/share/bhyve/gdb"
76
77 /*
78 * GDB_SIGNAL_* numbers are part of the GDB remote protocol. Most stops
79 * use SIGTRAP.
80 */
81 #define GDB_SIGNAL_TRAP 5
82
83 #if defined(__amd64__)
84 #define GDB_BP_SIZE 1
85 #define GDB_BP_INSTR (uint8_t []){0xcc}
86 #define GDB_PC_REGNAME VM_REG_GUEST_RIP
87 #define GDB_BREAKPOINT_CAP VM_CAP_BPT_EXIT
88 #elif defined(__aarch64__)
89 #define GDB_BP_SIZE 4
90 #define GDB_BP_INSTR (uint8_t []){0x00, 0x00, 0x20, 0xd4}
91 #define GDB_PC_REGNAME VM_REG_GUEST_PC
92 #define GDB_BREAKPOINT_CAP VM_CAP_BRK_EXIT
93 #else
94 #error "Unsupported architecture"
95 #endif
96
97 _Static_assert(sizeof(GDB_BP_INSTR) == GDB_BP_SIZE,
98 "GDB_BP_INSTR has wrong size");
99
100 static void gdb_resume_vcpus(void);
101 static void check_command(int fd);
102
103 static struct mevent *read_event, *write_event;
104
105 static cpuset_t vcpus_active, vcpus_suspended, vcpus_waiting;
106 static pthread_mutex_t gdb_lock;
107 static pthread_cond_t idle_vcpus;
108 static bool first_stop, report_next_stop, swbreak_enabled;
109 static int xml_dfd = -1;
110
111 /*
112 * An I/O buffer contains 'capacity' bytes of room at 'data'. For a
113 * read buffer, 'start' is unused and 'len' contains the number of
114 * valid bytes in the buffer. For a write buffer, 'start' is set to
115 * the index of the next byte in 'data' to send, and 'len' contains
116 * the remaining number of valid bytes to send.
117 */
118 struct io_buffer {
119 uint8_t *data;
120 size_t capacity;
121 size_t start;
122 size_t len;
123 };
124
125 struct breakpoint {
126 uint64_t gpa;
127 uint8_t shadow_inst[GDB_BP_SIZE];
128 TAILQ_ENTRY(breakpoint) link;
129 };
130
131 /*
132 * When a vCPU stops to due to an event that should be reported to the
133 * debugger, information about the event is stored in this structure.
134 * The vCPU thread then sets 'stopped_vcpu' if it is not already set
135 * and stops other vCPUs so the event can be reported. The
136 * report_stop() function reports the event for the 'stopped_vcpu'
137 * vCPU. When the debugger resumes execution via continue or step,
138 * the event for 'stopped_vcpu' is cleared. vCPUs will loop in their
139 * event handlers until the associated event is reported or disabled.
140 *
141 * An idle vCPU will have all of the boolean fields set to false.
142 *
143 * When a vCPU is stepped, 'stepping' is set to true when the vCPU is
144 * released to execute the stepped instruction. When the vCPU reports
145 * the stepping trap, 'stepped' is set.
146 *
147 * When a vCPU hits a breakpoint set by the debug server,
148 * 'hit_swbreak' is set to true.
149 */
150 struct vcpu_state {
151 bool stepping;
152 bool stepped;
153 bool hit_swbreak;
154 };
155
156 static struct io_buffer cur_comm, cur_resp;
157 static uint8_t cur_csum;
158 static struct vmctx *ctx;
159 static int cur_fd = -1;
160 static TAILQ_HEAD(, breakpoint) breakpoints;
161 static struct vcpu_state *vcpu_state;
162 static struct vcpu **vcpus;
163 static int cur_vcpu, stopped_vcpu;
164 static bool gdb_active = false;
165
166 struct gdb_reg {
167 enum vm_reg_name id;
168 int size;
169 };
170
171 #ifdef __amd64__
172 static const struct gdb_reg gdb_regset[] = {
173 { .id = VM_REG_GUEST_RAX, .size = 8 },
174 { .id = VM_REG_GUEST_RBX, .size = 8 },
175 { .id = VM_REG_GUEST_RCX, .size = 8 },
176 { .id = VM_REG_GUEST_RDX, .size = 8 },
177 { .id = VM_REG_GUEST_RSI, .size = 8 },
178 { .id = VM_REG_GUEST_RDI, .size = 8 },
179 { .id = VM_REG_GUEST_RBP, .size = 8 },
180 { .id = VM_REG_GUEST_RSP, .size = 8 },
181 { .id = VM_REG_GUEST_R8, .size = 8 },
182 { .id = VM_REG_GUEST_R9, .size = 8 },
183 { .id = VM_REG_GUEST_R10, .size = 8 },
184 { .id = VM_REG_GUEST_R11, .size = 8 },
185 { .id = VM_REG_GUEST_R12, .size = 8 },
186 { .id = VM_REG_GUEST_R13, .size = 8 },
187 { .id = VM_REG_GUEST_R14, .size = 8 },
188 { .id = VM_REG_GUEST_R15, .size = 8 },
189 { .id = VM_REG_GUEST_RIP, .size = 8 },
190 { .id = VM_REG_GUEST_RFLAGS, .size = 4 },
191 { .id = VM_REG_GUEST_CS, .size = 4 },
192 { .id = VM_REG_GUEST_SS, .size = 4 },
193 { .id = VM_REG_GUEST_DS, .size = 4 },
194 { .id = VM_REG_GUEST_ES, .size = 4 },
195 { .id = VM_REG_GUEST_FS, .size = 4 },
196 { .id = VM_REG_GUEST_GS, .size = 4 },
197 /*
198 * Registers past this point are not included in a reply to a 'g' query,
199 * to provide compatibility with debuggers that do not fetch a target
200 * description. The debugger can query them individually with 'p' if it
201 * knows about them.
202 */
203 #define GDB_REG_FIRST_EXT VM_REG_GUEST_FS_BASE
204 { .id = VM_REG_GUEST_FS_BASE, .size = 8 },
205 { .id = VM_REG_GUEST_GS_BASE, .size = 8 },
206 { .id = VM_REG_GUEST_KGS_BASE, .size = 8 },
207 { .id = VM_REG_GUEST_CR0, .size = 8 },
208 { .id = VM_REG_GUEST_CR2, .size = 8 },
209 { .id = VM_REG_GUEST_CR3, .size = 8 },
210 { .id = VM_REG_GUEST_CR4, .size = 8 },
211 { .id = VM_REG_GUEST_TPR, .size = 8 },
212 { .id = VM_REG_GUEST_EFER, .size = 8 },
213 };
214 #else /* __aarch64__ */
215 static const struct gdb_reg gdb_regset[] = {
216 { .id = VM_REG_GUEST_X0, .size = 8 },
217 { .id = VM_REG_GUEST_X1, .size = 8 },
218 { .id = VM_REG_GUEST_X2, .size = 8 },
219 { .id = VM_REG_GUEST_X3, .size = 8 },
220 { .id = VM_REG_GUEST_X4, .size = 8 },
221 { .id = VM_REG_GUEST_X5, .size = 8 },
222 { .id = VM_REG_GUEST_X6, .size = 8 },
223 { .id = VM_REG_GUEST_X7, .size = 8 },
224 { .id = VM_REG_GUEST_X8, .size = 8 },
225 { .id = VM_REG_GUEST_X9, .size = 8 },
226 { .id = VM_REG_GUEST_X10, .size = 8 },
227 { .id = VM_REG_GUEST_X11, .size = 8 },
228 { .id = VM_REG_GUEST_X12, .size = 8 },
229 { .id = VM_REG_GUEST_X13, .size = 8 },
230 { .id = VM_REG_GUEST_X14, .size = 8 },
231 { .id = VM_REG_GUEST_X15, .size = 8 },
232 { .id = VM_REG_GUEST_X16, .size = 8 },
233 { .id = VM_REG_GUEST_X17, .size = 8 },
234 { .id = VM_REG_GUEST_X18, .size = 8 },
235 { .id = VM_REG_GUEST_X19, .size = 8 },
236 { .id = VM_REG_GUEST_X20, .size = 8 },
237 { .id = VM_REG_GUEST_X21, .size = 8 },
238 { .id = VM_REG_GUEST_X22, .size = 8 },
239 { .id = VM_REG_GUEST_X23, .size = 8 },
240 { .id = VM_REG_GUEST_X24, .size = 8 },
241 { .id = VM_REG_GUEST_X25, .size = 8 },
242 { .id = VM_REG_GUEST_X26, .size = 8 },
243 { .id = VM_REG_GUEST_X27, .size = 8 },
244 { .id = VM_REG_GUEST_X28, .size = 8 },
245 { .id = VM_REG_GUEST_X29, .size = 8 },
246 { .id = VM_REG_GUEST_LR, .size = 8 },
247 { .id = VM_REG_GUEST_SP, .size = 8 },
248 { .id = VM_REG_GUEST_PC, .size = 8 },
249 { .id = VM_REG_GUEST_CPSR, .size = 8 },
250 };
251 #endif
252
253 #ifdef GDB_LOG
254 #include <stdarg.h>
255 #include <stdio.h>
256
257 static void __printflike(1, 2)
debug(const char * fmt,...)258 debug(const char *fmt, ...)
259 {
260 static FILE *logfile;
261 va_list ap;
262
263 if (logfile == NULL) {
264 logfile = fopen("/tmp/bhyve_gdb.log", "w");
265 if (logfile == NULL)
266 return;
267 #ifndef WITHOUT_CAPSICUM
268 if (caph_limit_stream(fileno(logfile), CAPH_WRITE) == -1) {
269 fclose(logfile);
270 logfile = NULL;
271 return;
272 }
273 #endif
274 setlinebuf(logfile);
275 }
276 va_start(ap, fmt);
277 vfprintf(logfile, fmt, ap);
278 va_end(ap);
279 }
280 #else
281 #define debug(...)
282 #endif
283
284 static void remove_all_sw_breakpoints(void);
285
286 static int
guest_paging_info(struct vcpu * vcpu,struct vm_guest_paging * paging)287 guest_paging_info(struct vcpu *vcpu, struct vm_guest_paging *paging)
288 {
289 #ifdef __amd64__
290 uint64_t regs[4];
291 const int regset[4] = {
292 VM_REG_GUEST_CR0,
293 VM_REG_GUEST_CR3,
294 VM_REG_GUEST_CR4,
295 VM_REG_GUEST_EFER
296 };
297
298 if (vm_get_register_set(vcpu, nitems(regset), regset, regs) == -1)
299 return (-1);
300
301 /*
302 * For the debugger, always pretend to be the kernel (CPL 0),
303 * and if long-mode is enabled, always parse addresses as if
304 * in 64-bit mode.
305 */
306 paging->cr3 = regs[1];
307 paging->cpl = 0;
308 if (regs[3] & EFER_LMA)
309 paging->cpu_mode = CPU_MODE_64BIT;
310 else if (regs[0] & CR0_PE)
311 paging->cpu_mode = CPU_MODE_PROTECTED;
312 else
313 paging->cpu_mode = CPU_MODE_REAL;
314 if (!(regs[0] & CR0_PG))
315 paging->paging_mode = PAGING_MODE_FLAT;
316 else if (!(regs[2] & CR4_PAE))
317 paging->paging_mode = PAGING_MODE_32;
318 else if (regs[3] & EFER_LME)
319 paging->paging_mode = (regs[2] & CR4_LA57) ?
320 PAGING_MODE_64_LA57 : PAGING_MODE_64;
321 else
322 paging->paging_mode = PAGING_MODE_PAE;
323 return (0);
324 #else /* __aarch64__ */
325 uint64_t regs[6];
326 const int regset[6] = {
327 VM_REG_GUEST_TTBR0_EL1,
328 VM_REG_GUEST_TTBR1_EL1,
329 VM_REG_GUEST_TCR_EL1,
330 VM_REG_GUEST_TCR2_EL1,
331 VM_REG_GUEST_SCTLR_EL1,
332 VM_REG_GUEST_CPSR,
333 };
334
335 if (vm_get_register_set(vcpu, nitems(regset), regset, regs) == -1)
336 return (-1);
337
338 memset(paging, 0, sizeof(*paging));
339 paging->ttbr0_addr = regs[0] & ~(TTBR_ASID_MASK | TTBR_CnP);
340 paging->ttbr1_addr = regs[1] & ~(TTBR_ASID_MASK | TTBR_CnP);
341 paging->tcr_el1 = regs[2];
342 paging->tcr2_el1 = regs[3];
343 paging->flags = regs[5] & (PSR_M_MASK | PSR_M_32);
344 if ((regs[4] & SCTLR_M) != 0)
345 paging->flags |= VM_GP_MMU_ENABLED;
346
347 return (0);
348 #endif /* __aarch64__ */
349 }
350
351 /*
352 * Map a guest virtual address to a physical address (for a given vcpu).
353 * If a guest virtual address is valid, return 1. If the address is
354 * not valid, return 0. If an error occurs obtaining the mapping,
355 * return -1.
356 */
357 static int
guest_vaddr2paddr(struct vcpu * vcpu,uint64_t vaddr,uint64_t * paddr)358 guest_vaddr2paddr(struct vcpu *vcpu, uint64_t vaddr, uint64_t *paddr)
359 {
360 struct vm_guest_paging paging;
361 int fault;
362
363 if (guest_paging_info(vcpu, &paging) == -1)
364 return (-1);
365
366 /*
367 * Always use PROT_READ. We really care if the VA is
368 * accessible, not if the current vCPU can write.
369 */
370 if (vm_gla2gpa_nofault(vcpu, &paging, vaddr, PROT_READ, paddr,
371 &fault) == -1)
372 return (-1);
373 if (fault)
374 return (0);
375 return (1);
376 }
377
378 static uint64_t
guest_pc(struct vm_exit * vme)379 guest_pc(struct vm_exit *vme)
380 {
381 #ifdef __amd64__
382 return (vme->rip);
383 #else /* __aarch64__ */
384 return (vme->pc);
385 #endif
386 }
387
388 static void
io_buffer_reset(struct io_buffer * io)389 io_buffer_reset(struct io_buffer *io)
390 {
391
392 io->start = 0;
393 io->len = 0;
394 }
395
396 /* Available room for adding data. */
397 static size_t
io_buffer_avail(struct io_buffer * io)398 io_buffer_avail(struct io_buffer *io)
399 {
400
401 return (io->capacity - (io->start + io->len));
402 }
403
404 static uint8_t *
io_buffer_head(struct io_buffer * io)405 io_buffer_head(struct io_buffer *io)
406 {
407
408 return (io->data + io->start);
409 }
410
411 static uint8_t *
io_buffer_tail(struct io_buffer * io)412 io_buffer_tail(struct io_buffer *io)
413 {
414
415 return (io->data + io->start + io->len);
416 }
417
418 static void
io_buffer_advance(struct io_buffer * io,size_t amount)419 io_buffer_advance(struct io_buffer *io, size_t amount)
420 {
421
422 assert(amount <= io->len);
423 io->start += amount;
424 io->len -= amount;
425 }
426
427 static void
io_buffer_consume(struct io_buffer * io,size_t amount)428 io_buffer_consume(struct io_buffer *io, size_t amount)
429 {
430
431 io_buffer_advance(io, amount);
432 if (io->len == 0) {
433 io->start = 0;
434 return;
435 }
436
437 /*
438 * XXX: Consider making this move optional and compacting on a
439 * future read() before realloc().
440 */
441 memmove(io->data, io_buffer_head(io), io->len);
442 io->start = 0;
443 }
444
445 static void
io_buffer_grow(struct io_buffer * io,size_t newsize)446 io_buffer_grow(struct io_buffer *io, size_t newsize)
447 {
448 uint8_t *new_data;
449 size_t avail, new_cap;
450
451 avail = io_buffer_avail(io);
452 if (newsize <= avail)
453 return;
454
455 new_cap = io->capacity + (newsize - avail);
456 new_data = realloc(io->data, new_cap);
457 if (new_data == NULL)
458 err(1, "Failed to grow GDB I/O buffer");
459 io->data = new_data;
460 io->capacity = new_cap;
461 }
462
463 static bool
response_pending(void)464 response_pending(void)
465 {
466
467 if (cur_resp.start == 0 && cur_resp.len == 0)
468 return (false);
469 if (cur_resp.start + cur_resp.len == 1 && cur_resp.data[0] == '+')
470 return (false);
471 return (true);
472 }
473
474 static void
close_connection(void)475 close_connection(void)
476 {
477
478 /*
479 * XXX: This triggers a warning because mevent does the close
480 * before the EV_DELETE.
481 */
482 pthread_mutex_lock(&gdb_lock);
483 mevent_delete(write_event);
484 mevent_delete_close(read_event);
485 write_event = NULL;
486 read_event = NULL;
487 io_buffer_reset(&cur_comm);
488 io_buffer_reset(&cur_resp);
489 cur_fd = -1;
490
491 remove_all_sw_breakpoints();
492
493 /* Clear any pending events. */
494 memset(vcpu_state, 0, guest_ncpus * sizeof(*vcpu_state));
495
496 /* Resume any stopped vCPUs. */
497 gdb_resume_vcpus();
498 pthread_mutex_unlock(&gdb_lock);
499 }
500
501 static uint8_t
hex_digit(uint8_t nibble)502 hex_digit(uint8_t nibble)
503 {
504
505 if (nibble <= 9)
506 return (nibble + '0');
507 else
508 return (nibble + 'a' - 10);
509 }
510
511 static uint8_t
parse_digit(uint8_t v)512 parse_digit(uint8_t v)
513 {
514
515 if (v >= '0' && v <= '9')
516 return (v - '0');
517 if (v >= 'a' && v <= 'f')
518 return (v - 'a' + 10);
519 if (v >= 'A' && v <= 'F')
520 return (v - 'A' + 10);
521 return (0xF);
522 }
523
524 /* Parses big-endian hexadecimal. */
525 static uintmax_t
parse_integer(const uint8_t * p,size_t len)526 parse_integer(const uint8_t *p, size_t len)
527 {
528 uintmax_t v;
529
530 v = 0;
531 while (len > 0) {
532 v <<= 4;
533 v |= parse_digit(*p);
534 p++;
535 len--;
536 }
537 return (v);
538 }
539
540 static uint8_t
parse_byte(const uint8_t * p)541 parse_byte(const uint8_t *p)
542 {
543
544 return (parse_digit(p[0]) << 4 | parse_digit(p[1]));
545 }
546
547 static void
send_pending_data(int fd)548 send_pending_data(int fd)
549 {
550 ssize_t nwritten;
551
552 if (cur_resp.len == 0) {
553 mevent_disable(write_event);
554 return;
555 }
556 nwritten = write(fd, io_buffer_head(&cur_resp), cur_resp.len);
557 if (nwritten == -1) {
558 warn("Write to GDB socket failed");
559 close_connection();
560 } else {
561 io_buffer_advance(&cur_resp, nwritten);
562 if (cur_resp.len == 0)
563 mevent_disable(write_event);
564 else
565 mevent_enable(write_event);
566 }
567 }
568
569 /* Append a single character to the output buffer. */
570 static void
send_char(uint8_t data)571 send_char(uint8_t data)
572 {
573 io_buffer_grow(&cur_resp, 1);
574 *io_buffer_tail(&cur_resp) = data;
575 cur_resp.len++;
576 }
577
578 /* Append an array of bytes to the output buffer. */
579 static void
send_data(const uint8_t * data,size_t len)580 send_data(const uint8_t *data, size_t len)
581 {
582
583 io_buffer_grow(&cur_resp, len);
584 memcpy(io_buffer_tail(&cur_resp), data, len);
585 cur_resp.len += len;
586 }
587
588 static void
format_byte(uint8_t v,uint8_t * buf)589 format_byte(uint8_t v, uint8_t *buf)
590 {
591
592 buf[0] = hex_digit(v >> 4);
593 buf[1] = hex_digit(v & 0xf);
594 }
595
596 /*
597 * Append a single byte (formatted as two hex characters) to the
598 * output buffer.
599 */
600 static void
send_byte(uint8_t v)601 send_byte(uint8_t v)
602 {
603 uint8_t buf[2];
604
605 format_byte(v, buf);
606 send_data(buf, sizeof(buf));
607 }
608
609 static void
start_packet(void)610 start_packet(void)
611 {
612
613 send_char('$');
614 cur_csum = 0;
615 }
616
617 static void
finish_packet(void)618 finish_packet(void)
619 {
620
621 send_char('#');
622 send_byte(cur_csum);
623 debug("-> %.*s\n", (int)cur_resp.len, io_buffer_head(&cur_resp));
624 }
625
626 /*
627 * Append a single character (for the packet payload) and update the
628 * checksum.
629 */
630 static void
append_char(uint8_t v)631 append_char(uint8_t v)
632 {
633
634 send_char(v);
635 cur_csum += v;
636 }
637
638 /*
639 * Append an array of bytes (for the packet payload) and update the
640 * checksum.
641 */
642 static void
append_packet_data(const uint8_t * data,size_t len)643 append_packet_data(const uint8_t *data, size_t len)
644 {
645
646 send_data(data, len);
647 while (len > 0) {
648 cur_csum += *data;
649 data++;
650 len--;
651 }
652 }
653
654 static void
append_string(const char * str)655 append_string(const char *str)
656 {
657
658 append_packet_data(str, strlen(str));
659 }
660
661 static void
append_byte(uint8_t v)662 append_byte(uint8_t v)
663 {
664 uint8_t buf[2];
665
666 format_byte(v, buf);
667 append_packet_data(buf, sizeof(buf));
668 }
669
670 static void
append_unsigned_native(uintmax_t value,size_t len)671 append_unsigned_native(uintmax_t value, size_t len)
672 {
673 size_t i;
674
675 for (i = 0; i < len; i++) {
676 append_byte(value);
677 value >>= 8;
678 }
679 }
680
681 static void
append_unsigned_be(uintmax_t value,size_t len)682 append_unsigned_be(uintmax_t value, size_t len)
683 {
684 char buf[len * 2];
685 size_t i;
686
687 for (i = 0; i < len; i++) {
688 format_byte(value, buf + (len - i - 1) * 2);
689 value >>= 8;
690 }
691 append_packet_data(buf, sizeof(buf));
692 }
693
694 static void
append_integer(unsigned int value)695 append_integer(unsigned int value)
696 {
697
698 if (value == 0)
699 append_char('0');
700 else
701 append_unsigned_be(value, (fls(value) + 7) / 8);
702 }
703
704 static void
append_asciihex(const char * str)705 append_asciihex(const char *str)
706 {
707
708 while (*str != '\0') {
709 append_byte(*str);
710 str++;
711 }
712 }
713
714 static void
send_empty_response(void)715 send_empty_response(void)
716 {
717
718 start_packet();
719 finish_packet();
720 }
721
722 static void
send_error(int error)723 send_error(int error)
724 {
725
726 start_packet();
727 append_char('E');
728 append_byte(error);
729 finish_packet();
730 }
731
732 static void
send_ok(void)733 send_ok(void)
734 {
735
736 start_packet();
737 append_string("OK");
738 finish_packet();
739 }
740
741 static int
parse_threadid(const uint8_t * data,size_t len)742 parse_threadid(const uint8_t *data, size_t len)
743 {
744
745 if (len == 1 && *data == '0')
746 return (0);
747 if (len == 2 && memcmp(data, "-1", 2) == 0)
748 return (-1);
749 if (len == 0)
750 return (-2);
751 return (parse_integer(data, len));
752 }
753
754 /*
755 * Report the current stop event to the debugger. If the stop is due
756 * to an event triggered on a specific vCPU such as a breakpoint or
757 * stepping trap, stopped_vcpu will be set to the vCPU triggering the
758 * stop. If 'set_cur_vcpu' is true, then cur_vcpu will be updated to
759 * the reporting vCPU for vCPU events.
760 */
761 static void
report_stop(bool set_cur_vcpu)762 report_stop(bool set_cur_vcpu)
763 {
764 struct vcpu_state *vs;
765
766 start_packet();
767 if (stopped_vcpu == -1) {
768 append_char('S');
769 append_byte(GDB_SIGNAL_TRAP);
770 } else {
771 vs = &vcpu_state[stopped_vcpu];
772 if (set_cur_vcpu)
773 cur_vcpu = stopped_vcpu;
774 append_char('T');
775 append_byte(GDB_SIGNAL_TRAP);
776 append_string("thread:");
777 append_integer(stopped_vcpu + 1);
778 append_char(';');
779 if (vs->hit_swbreak) {
780 debug("$vCPU %d reporting swbreak\n", stopped_vcpu);
781 if (swbreak_enabled)
782 append_string("swbreak:;");
783 } else if (vs->stepped)
784 debug("$vCPU %d reporting step\n", stopped_vcpu);
785 else
786 debug("$vCPU %d reporting ???\n", stopped_vcpu);
787 }
788 finish_packet();
789 report_next_stop = false;
790 }
791
792 /*
793 * If this stop is due to a vCPU event, clear that event to mark it as
794 * acknowledged.
795 */
796 static void
discard_stop(void)797 discard_stop(void)
798 {
799 struct vcpu_state *vs;
800
801 if (stopped_vcpu != -1) {
802 vs = &vcpu_state[stopped_vcpu];
803 vs->hit_swbreak = false;
804 vs->stepped = false;
805 stopped_vcpu = -1;
806 }
807 report_next_stop = true;
808 }
809
810 static void
gdb_finish_suspend_vcpus(void)811 gdb_finish_suspend_vcpus(void)
812 {
813
814 if (first_stop) {
815 first_stop = false;
816 stopped_vcpu = -1;
817 } else if (report_next_stop) {
818 assert(!response_pending());
819 report_stop(true);
820 send_pending_data(cur_fd);
821 }
822 }
823
824 /*
825 * vCPU threads invoke this function whenever the vCPU enters the
826 * debug server to pause or report an event. vCPU threads wait here
827 * as long as the debug server keeps them suspended.
828 */
829 static void
_gdb_cpu_suspend(struct vcpu * vcpu,bool report_stop)830 _gdb_cpu_suspend(struct vcpu *vcpu, bool report_stop)
831 {
832 int vcpuid = vcpu_id(vcpu);
833
834 debug("$vCPU %d suspending\n", vcpuid);
835 CPU_SET(vcpuid, &vcpus_waiting);
836 if (report_stop && CPU_CMP(&vcpus_waiting, &vcpus_suspended) == 0)
837 gdb_finish_suspend_vcpus();
838 while (CPU_ISSET(vcpuid, &vcpus_suspended))
839 pthread_cond_wait(&idle_vcpus, &gdb_lock);
840 CPU_CLR(vcpuid, &vcpus_waiting);
841 debug("$vCPU %d resuming\n", vcpuid);
842 }
843
844 /*
845 * Requests vCPU single-stepping using a
846 * VMEXIT suitable for the host platform.
847 */
848 static int
_gdb_set_step(struct vcpu * vcpu,int val)849 _gdb_set_step(struct vcpu *vcpu, int val)
850 {
851 int error;
852
853 #ifdef __amd64__
854 /*
855 * If the MTRAP cap fails, we are running on an AMD host.
856 * In that case, we request DB exits caused by RFLAGS.TF.
857 */
858 error = vm_set_capability(vcpu, VM_CAP_MTRAP_EXIT, val);
859 if (error != 0)
860 error = vm_set_capability(vcpu, VM_CAP_RFLAGS_TF, val);
861 if (error == 0)
862 (void)vm_set_capability(vcpu, VM_CAP_MASK_HWINTR, val);
863 #else /* __aarch64__ */
864 error = vm_set_capability(vcpu, VM_CAP_SS_EXIT, val);
865 if (error == 0)
866 error = vm_set_capability(vcpu, VM_CAP_MASK_HWINTR, val);
867 #endif
868 return (error);
869 }
870
871 /*
872 * Checks whether single-stepping is supported for a given vCPU.
873 */
874 static int
_gdb_check_step(struct vcpu * vcpu)875 _gdb_check_step(struct vcpu *vcpu)
876 {
877 #ifdef __amd64__
878 int val;
879
880 if (vm_get_capability(vcpu, VM_CAP_MTRAP_EXIT, &val) != 0) {
881 if (vm_get_capability(vcpu, VM_CAP_RFLAGS_TF, &val) != 0)
882 return (-1);
883 }
884 #else /* __aarch64__ */
885 (void)vcpu;
886 #endif
887 return (0);
888 }
889
890 /*
891 * Invoked at the start of a vCPU thread's execution to inform the
892 * debug server about the new thread.
893 */
894 void
gdb_cpu_add(struct vcpu * vcpu)895 gdb_cpu_add(struct vcpu *vcpu)
896 {
897 int vcpuid;
898
899 if (!gdb_active)
900 return;
901 vcpuid = vcpu_id(vcpu);
902 debug("$vCPU %d starting\n", vcpuid);
903 pthread_mutex_lock(&gdb_lock);
904 assert(vcpuid < guest_ncpus);
905 assert(vcpus[vcpuid] == NULL);
906 vcpus[vcpuid] = vcpu;
907 CPU_SET(vcpuid, &vcpus_active);
908 if (!TAILQ_EMPTY(&breakpoints)) {
909 vm_set_capability(vcpu, GDB_BREAKPOINT_CAP, 1);
910 debug("$vCPU %d enabled breakpoint exits\n", vcpuid);
911 }
912
913 /*
914 * If a vcpu is added while vcpus are stopped, suspend the new
915 * vcpu so that it will pop back out with a debug exit before
916 * executing the first instruction.
917 */
918 if (!CPU_EMPTY(&vcpus_suspended)) {
919 CPU_SET(vcpuid, &vcpus_suspended);
920 _gdb_cpu_suspend(vcpu, false);
921 }
922 pthread_mutex_unlock(&gdb_lock);
923 }
924
925 /*
926 * Invoked by vCPU before resuming execution. This enables stepping
927 * if the vCPU is marked as stepping.
928 */
929 static void
gdb_cpu_resume(struct vcpu * vcpu)930 gdb_cpu_resume(struct vcpu *vcpu)
931 {
932 struct vcpu_state *vs;
933 int error;
934
935 vs = &vcpu_state[vcpu_id(vcpu)];
936
937 /*
938 * Any pending event should already be reported before
939 * resuming.
940 */
941 assert(vs->hit_swbreak == false);
942 assert(vs->stepped == false);
943 if (vs->stepping) {
944 error = _gdb_set_step(vcpu, 1);
945 assert(error == 0);
946 }
947 }
948
949 /*
950 * Handler for VM_EXITCODE_DEBUG used to suspend a vCPU when the guest
951 * has been suspended due to an event on different vCPU or in response
952 * to a guest-wide suspend such as Ctrl-C or the stop on attach.
953 */
954 void
gdb_cpu_suspend(struct vcpu * vcpu)955 gdb_cpu_suspend(struct vcpu *vcpu)
956 {
957
958 if (!gdb_active)
959 return;
960 pthread_mutex_lock(&gdb_lock);
961 _gdb_cpu_suspend(vcpu, true);
962 gdb_cpu_resume(vcpu);
963 pthread_mutex_unlock(&gdb_lock);
964 }
965
966 static void
gdb_suspend_vcpus(void)967 gdb_suspend_vcpus(void)
968 {
969
970 assert(pthread_mutex_isowned_np(&gdb_lock));
971 debug("suspending all CPUs\n");
972 vcpus_suspended = vcpus_active;
973 vm_suspend_all_cpus(ctx);
974 if (CPU_CMP(&vcpus_waiting, &vcpus_suspended) == 0)
975 gdb_finish_suspend_vcpus();
976 }
977
978 /*
979 * Invoked each time a vmexit handler needs to step a vCPU.
980 * Handles MTRAP and RFLAGS.TF vmexits.
981 */
982 static void
gdb_cpu_step(struct vcpu * vcpu)983 gdb_cpu_step(struct vcpu *vcpu)
984 {
985 struct vcpu_state *vs;
986 int vcpuid = vcpu_id(vcpu);
987 int error;
988
989 debug("$vCPU %d stepped\n", vcpuid);
990 pthread_mutex_lock(&gdb_lock);
991 vs = &vcpu_state[vcpuid];
992 if (vs->stepping) {
993 vs->stepping = false;
994 vs->stepped = true;
995 error = _gdb_set_step(vcpu, 0);
996 assert(error == 0);
997
998 while (vs->stepped) {
999 if (stopped_vcpu == -1) {
1000 debug("$vCPU %d reporting step\n", vcpuid);
1001 stopped_vcpu = vcpuid;
1002 gdb_suspend_vcpus();
1003 }
1004 _gdb_cpu_suspend(vcpu, true);
1005 }
1006 gdb_cpu_resume(vcpu);
1007 }
1008 pthread_mutex_unlock(&gdb_lock);
1009 }
1010
1011 /*
1012 * A general handler for single-step exceptions.
1013 * Handles RFLAGS.TF exits on AMD SVM.
1014 */
1015 void
gdb_cpu_debug(struct vcpu * vcpu,struct vm_exit * vmexit)1016 gdb_cpu_debug(struct vcpu *vcpu, struct vm_exit *vmexit)
1017 {
1018 if (!gdb_active)
1019 return;
1020
1021 #ifdef __amd64__
1022 /* RFLAGS.TF exit? */
1023 if (vmexit->u.dbg.trace_trap) {
1024 gdb_cpu_step(vcpu);
1025 }
1026 #else /* __aarch64__ */
1027 (void)vmexit;
1028 gdb_cpu_step(vcpu);
1029 #endif
1030 }
1031
1032 /*
1033 * Handler for VM_EXITCODE_MTRAP reported when a vCPU single-steps via
1034 * the VT-x-specific MTRAP exit.
1035 */
1036 void
gdb_cpu_mtrap(struct vcpu * vcpu)1037 gdb_cpu_mtrap(struct vcpu *vcpu)
1038 {
1039 if (!gdb_active)
1040 return;
1041 gdb_cpu_step(vcpu);
1042 }
1043
1044 static struct breakpoint *
find_breakpoint(uint64_t gpa)1045 find_breakpoint(uint64_t gpa)
1046 {
1047 struct breakpoint *bp;
1048
1049 TAILQ_FOREACH(bp, &breakpoints, link) {
1050 if (bp->gpa == gpa)
1051 return (bp);
1052 }
1053 return (NULL);
1054 }
1055
1056 void
gdb_cpu_breakpoint(struct vcpu * vcpu,struct vm_exit * vmexit)1057 gdb_cpu_breakpoint(struct vcpu *vcpu, struct vm_exit *vmexit)
1058 {
1059 struct breakpoint *bp;
1060 struct vcpu_state *vs;
1061 uint64_t gpa;
1062 int error, vcpuid;
1063
1064 if (!gdb_active) {
1065 EPRINTLN("vm_loop: unexpected VMEXIT_DEBUG");
1066 exit(4);
1067 }
1068 vcpuid = vcpu_id(vcpu);
1069 pthread_mutex_lock(&gdb_lock);
1070 error = guest_vaddr2paddr(vcpu, guest_pc(vmexit), &gpa);
1071 assert(error == 1);
1072 bp = find_breakpoint(gpa);
1073 if (bp != NULL) {
1074 vs = &vcpu_state[vcpuid];
1075 assert(vs->stepping == false);
1076 assert(vs->stepped == false);
1077 assert(vs->hit_swbreak == false);
1078 vs->hit_swbreak = true;
1079 vm_set_register(vcpu, GDB_PC_REGNAME, guest_pc(vmexit));
1080 for (;;) {
1081 if (stopped_vcpu == -1) {
1082 debug("$vCPU %d reporting breakpoint at rip %#lx\n",
1083 vcpuid, guest_pc(vmexit));
1084 stopped_vcpu = vcpuid;
1085 gdb_suspend_vcpus();
1086 }
1087 _gdb_cpu_suspend(vcpu, true);
1088 if (!vs->hit_swbreak) {
1089 /* Breakpoint reported. */
1090 break;
1091 }
1092 bp = find_breakpoint(gpa);
1093 if (bp == NULL) {
1094 /* Breakpoint was removed. */
1095 vs->hit_swbreak = false;
1096 break;
1097 }
1098 }
1099 gdb_cpu_resume(vcpu);
1100 } else {
1101 debug("$vCPU %d injecting breakpoint at rip %#lx\n", vcpuid,
1102 guest_pc(vmexit));
1103 #ifdef __amd64__
1104 error = vm_set_register(vcpu, VM_REG_GUEST_ENTRY_INST_LENGTH,
1105 vmexit->u.bpt.inst_length);
1106 assert(error == 0);
1107 error = vm_inject_exception(vcpu, IDT_BP, 0, 0, 0);
1108 assert(error == 0);
1109 #else /* __aarch64__ */
1110 uint64_t esr;
1111
1112 esr = (EXCP_BRK << ESR_ELx_EC_SHIFT) | vmexit->u.hyp.esr_el2;
1113 error = vm_inject_exception(vcpu, esr, 0);
1114 assert(error == 0);
1115 #endif
1116 }
1117 pthread_mutex_unlock(&gdb_lock);
1118 }
1119
1120 static bool
gdb_step_vcpu(struct vcpu * vcpu)1121 gdb_step_vcpu(struct vcpu *vcpu)
1122 {
1123 int error, vcpuid;
1124
1125 vcpuid = vcpu_id(vcpu);
1126 debug("$vCPU %d step\n", vcpuid);
1127 error = _gdb_check_step(vcpu);
1128 if (error < 0)
1129 return (false);
1130
1131 discard_stop();
1132 vcpu_state[vcpuid].stepping = true;
1133 vm_resume_cpu(vcpu);
1134 CPU_CLR(vcpuid, &vcpus_suspended);
1135 pthread_cond_broadcast(&idle_vcpus);
1136 return (true);
1137 }
1138
1139 static void
gdb_resume_vcpus(void)1140 gdb_resume_vcpus(void)
1141 {
1142
1143 assert(pthread_mutex_isowned_np(&gdb_lock));
1144 vm_resume_all_cpus(ctx);
1145 debug("resuming all CPUs\n");
1146 CPU_ZERO(&vcpus_suspended);
1147 pthread_cond_broadcast(&idle_vcpus);
1148 }
1149
1150 static void
gdb_read_regs(void)1151 gdb_read_regs(void)
1152 {
1153 uint64_t regvals[nitems(gdb_regset)];
1154 int regnums[nitems(gdb_regset)];
1155
1156 for (size_t i = 0; i < nitems(gdb_regset); i++)
1157 regnums[i] = gdb_regset[i].id;
1158 if (vm_get_register_set(vcpus[cur_vcpu], nitems(gdb_regset),
1159 regnums, regvals) == -1) {
1160 send_error(errno);
1161 return;
1162 }
1163
1164 start_packet();
1165 for (size_t i = 0; i < nitems(gdb_regset); i++) {
1166 #ifdef GDB_REG_FIRST_EXT
1167 if (gdb_regset[i].id == GDB_REG_FIRST_EXT)
1168 break;
1169 #endif
1170 append_unsigned_native(regvals[i], gdb_regset[i].size);
1171 }
1172 finish_packet();
1173 }
1174
1175 static void
gdb_read_one_reg(const uint8_t * data,size_t len)1176 gdb_read_one_reg(const uint8_t *data, size_t len)
1177 {
1178 uint64_t regval;
1179 uintmax_t reg;
1180
1181 reg = parse_integer(data, len);
1182 if (reg >= nitems(gdb_regset)) {
1183 send_error(EINVAL);
1184 return;
1185 }
1186
1187 if (vm_get_register(vcpus[cur_vcpu], gdb_regset[reg].id, ®val) ==
1188 -1) {
1189 send_error(errno);
1190 return;
1191 }
1192
1193 start_packet();
1194 append_unsigned_native(regval, gdb_regset[reg].size);
1195 finish_packet();
1196 }
1197
1198 static void
gdb_read_mem(const uint8_t * data,size_t len)1199 gdb_read_mem(const uint8_t *data, size_t len)
1200 {
1201 uint64_t gpa, gva, val;
1202 uint8_t *cp;
1203 size_t resid, todo, bytes;
1204 bool started;
1205 int error;
1206
1207 assert(len >= 1);
1208
1209 /* Skip 'm' */
1210 data += 1;
1211 len -= 1;
1212
1213 /* Parse and consume address. */
1214 cp = memchr(data, ',', len);
1215 if (cp == NULL || cp == data) {
1216 send_error(EINVAL);
1217 return;
1218 }
1219 gva = parse_integer(data, cp - data);
1220 len -= (cp - data) + 1;
1221 data += (cp - data) + 1;
1222
1223 /* Parse length. */
1224 resid = parse_integer(data, len);
1225
1226 started = false;
1227 while (resid > 0) {
1228 error = guest_vaddr2paddr(vcpus[cur_vcpu], gva, &gpa);
1229 if (error == -1) {
1230 if (started)
1231 finish_packet();
1232 else
1233 send_error(errno);
1234 return;
1235 }
1236 if (error == 0) {
1237 if (started)
1238 finish_packet();
1239 else
1240 send_error(EFAULT);
1241 return;
1242 }
1243
1244 /* Read bytes from current page. */
1245 todo = getpagesize() - gpa % getpagesize();
1246 if (todo > resid)
1247 todo = resid;
1248
1249 cp = paddr_guest2host(ctx, gpa, todo);
1250 if (cp != NULL) {
1251 /*
1252 * If this page is guest RAM, read it a byte
1253 * at a time.
1254 */
1255 if (!started) {
1256 start_packet();
1257 started = true;
1258 }
1259 while (todo > 0) {
1260 append_byte(*cp);
1261 cp++;
1262 gpa++;
1263 gva++;
1264 resid--;
1265 todo--;
1266 }
1267 } else {
1268 /*
1269 * If this page isn't guest RAM, try to handle
1270 * it via MMIO. For MMIO requests, use
1271 * aligned reads of words when possible.
1272 */
1273 while (todo > 0) {
1274 if (gpa & 1 || todo == 1)
1275 bytes = 1;
1276 else if (gpa & 2 || todo == 2)
1277 bytes = 2;
1278 else
1279 bytes = 4;
1280 error = read_mem(vcpus[cur_vcpu], gpa, &val,
1281 bytes);
1282 if (error == 0) {
1283 if (!started) {
1284 start_packet();
1285 started = true;
1286 }
1287 gpa += bytes;
1288 gva += bytes;
1289 resid -= bytes;
1290 todo -= bytes;
1291 while (bytes > 0) {
1292 append_byte(val);
1293 val >>= 8;
1294 bytes--;
1295 }
1296 } else {
1297 if (started)
1298 finish_packet();
1299 else
1300 send_error(EFAULT);
1301 return;
1302 }
1303 }
1304 }
1305 assert(resid == 0 || gpa % getpagesize() == 0);
1306 }
1307 if (!started)
1308 start_packet();
1309 finish_packet();
1310 }
1311
1312 static void
gdb_write_mem(const uint8_t * data,size_t len)1313 gdb_write_mem(const uint8_t *data, size_t len)
1314 {
1315 uint64_t gpa, gva, val;
1316 uint8_t *cp;
1317 size_t resid, todo, bytes;
1318 int error;
1319
1320 assert(len >= 1);
1321
1322 /* Skip 'M' */
1323 data += 1;
1324 len -= 1;
1325
1326 /* Parse and consume address. */
1327 cp = memchr(data, ',', len);
1328 if (cp == NULL || cp == data) {
1329 send_error(EINVAL);
1330 return;
1331 }
1332 gva = parse_integer(data, cp - data);
1333 len -= (cp - data) + 1;
1334 data += (cp - data) + 1;
1335
1336 /* Parse and consume length. */
1337 cp = memchr(data, ':', len);
1338 if (cp == NULL || cp == data) {
1339 send_error(EINVAL);
1340 return;
1341 }
1342 resid = parse_integer(data, cp - data);
1343 len -= (cp - data) + 1;
1344 data += (cp - data) + 1;
1345
1346 /* Verify the available bytes match the length. */
1347 if (len != resid * 2) {
1348 send_error(EINVAL);
1349 return;
1350 }
1351
1352 while (resid > 0) {
1353 error = guest_vaddr2paddr(vcpus[cur_vcpu], gva, &gpa);
1354 if (error == -1) {
1355 send_error(errno);
1356 return;
1357 }
1358 if (error == 0) {
1359 send_error(EFAULT);
1360 return;
1361 }
1362
1363 /* Write bytes to current page. */
1364 todo = getpagesize() - gpa % getpagesize();
1365 if (todo > resid)
1366 todo = resid;
1367
1368 cp = paddr_guest2host(ctx, gpa, todo);
1369 if (cp != NULL) {
1370 /*
1371 * If this page is guest RAM, write it a byte
1372 * at a time.
1373 */
1374 while (todo > 0) {
1375 assert(len >= 2);
1376 *cp = parse_byte(data);
1377 data += 2;
1378 len -= 2;
1379 cp++;
1380 gpa++;
1381 gva++;
1382 resid--;
1383 todo--;
1384 }
1385 } else {
1386 /*
1387 * If this page isn't guest RAM, try to handle
1388 * it via MMIO. For MMIO requests, use
1389 * aligned writes of words when possible.
1390 */
1391 while (todo > 0) {
1392 if (gpa & 1 || todo == 1) {
1393 bytes = 1;
1394 val = parse_byte(data);
1395 } else if (gpa & 2 || todo == 2) {
1396 bytes = 2;
1397 val = be16toh(parse_integer(data, 4));
1398 } else {
1399 bytes = 4;
1400 val = be32toh(parse_integer(data, 8));
1401 }
1402 error = write_mem(vcpus[cur_vcpu], gpa, val,
1403 bytes);
1404 if (error == 0) {
1405 gpa += bytes;
1406 gva += bytes;
1407 resid -= bytes;
1408 todo -= bytes;
1409 data += 2 * bytes;
1410 len -= 2 * bytes;
1411 } else {
1412 send_error(EFAULT);
1413 return;
1414 }
1415 }
1416 }
1417 assert(resid == 0 || gpa % getpagesize() == 0);
1418 }
1419 assert(len == 0);
1420 send_ok();
1421 }
1422
1423 static bool
set_breakpoint_caps(bool enable)1424 set_breakpoint_caps(bool enable)
1425 {
1426 cpuset_t mask;
1427 int vcpu;
1428
1429 mask = vcpus_active;
1430 while (!CPU_EMPTY(&mask)) {
1431 vcpu = CPU_FFS(&mask) - 1;
1432 CPU_CLR(vcpu, &mask);
1433 if (vm_set_capability(vcpus[vcpu], GDB_BREAKPOINT_CAP,
1434 enable ? 1 : 0) < 0)
1435 return (false);
1436 debug("$vCPU %d %sabled breakpoint exits\n", vcpu,
1437 enable ? "en" : "dis");
1438 }
1439 return (true);
1440 }
1441
1442 static void
write_instr(uint8_t * dest,uint8_t * instr,size_t len)1443 write_instr(uint8_t *dest, uint8_t *instr, size_t len)
1444 {
1445 memcpy(dest, instr, len);
1446 #ifdef __arm64__
1447 __asm __volatile(
1448 "dc cvau, %0\n"
1449 "dsb ish\n"
1450 "ic ialluis\n"
1451 "dsb ish\n"
1452 : : "r" (dest) : "memory");
1453 #endif
1454 }
1455
1456 static void
remove_all_sw_breakpoints(void)1457 remove_all_sw_breakpoints(void)
1458 {
1459 struct breakpoint *bp, *nbp;
1460 uint8_t *cp;
1461
1462 if (TAILQ_EMPTY(&breakpoints))
1463 return;
1464
1465 TAILQ_FOREACH_SAFE(bp, &breakpoints, link, nbp) {
1466 debug("remove breakpoint at %#lx\n", bp->gpa);
1467 cp = paddr_guest2host(ctx, bp->gpa, sizeof(bp->shadow_inst));
1468 write_instr(cp, bp->shadow_inst, sizeof(bp->shadow_inst));
1469 TAILQ_REMOVE(&breakpoints, bp, link);
1470 free(bp);
1471 }
1472 TAILQ_INIT(&breakpoints);
1473 set_breakpoint_caps(false);
1474 }
1475
1476 static void
update_sw_breakpoint(uint64_t gva,int kind,bool insert)1477 update_sw_breakpoint(uint64_t gva, int kind, bool insert)
1478 {
1479 struct breakpoint *bp;
1480 uint64_t gpa;
1481 uint8_t *cp;
1482 int error;
1483
1484 if (kind != GDB_BP_SIZE) {
1485 send_error(EINVAL);
1486 return;
1487 }
1488
1489 error = guest_vaddr2paddr(vcpus[cur_vcpu], gva, &gpa);
1490 if (error == -1) {
1491 send_error(errno);
1492 return;
1493 }
1494 if (error == 0) {
1495 send_error(EFAULT);
1496 return;
1497 }
1498
1499 cp = paddr_guest2host(ctx, gpa, sizeof(bp->shadow_inst));
1500
1501 /* Only permit breakpoints in guest RAM. */
1502 if (cp == NULL) {
1503 send_error(EFAULT);
1504 return;
1505 }
1506
1507 /* Find any existing breakpoint. */
1508 bp = find_breakpoint(gpa);
1509
1510 /*
1511 * Silently ignore duplicate commands since the protocol
1512 * requires these packets to be idempotent.
1513 */
1514 if (insert) {
1515 if (bp == NULL) {
1516 if (TAILQ_EMPTY(&breakpoints) &&
1517 !set_breakpoint_caps(true)) {
1518 send_empty_response();
1519 return;
1520 }
1521 bp = malloc(sizeof(*bp));
1522 bp->gpa = gpa;
1523 memcpy(bp->shadow_inst, cp, sizeof(bp->shadow_inst));
1524 write_instr(cp, GDB_BP_INSTR, sizeof(bp->shadow_inst));
1525 TAILQ_INSERT_TAIL(&breakpoints, bp, link);
1526 debug("new breakpoint at %#lx\n", gpa);
1527 }
1528 } else {
1529 if (bp != NULL) {
1530 debug("remove breakpoint at %#lx\n", gpa);
1531 write_instr(cp, bp->shadow_inst,
1532 sizeof(bp->shadow_inst));
1533 TAILQ_REMOVE(&breakpoints, bp, link);
1534 free(bp);
1535 if (TAILQ_EMPTY(&breakpoints))
1536 set_breakpoint_caps(false);
1537 }
1538 }
1539 send_ok();
1540 }
1541
1542 static void
parse_breakpoint(const uint8_t * data,size_t len)1543 parse_breakpoint(const uint8_t *data, size_t len)
1544 {
1545 uint64_t gva;
1546 uint8_t *cp;
1547 bool insert;
1548 int kind, type;
1549
1550 insert = data[0] == 'Z';
1551
1552 /* Skip 'Z/z' */
1553 data += 1;
1554 len -= 1;
1555
1556 /* Parse and consume type. */
1557 cp = memchr(data, ',', len);
1558 if (cp == NULL || cp == data) {
1559 send_error(EINVAL);
1560 return;
1561 }
1562 type = parse_integer(data, cp - data);
1563 len -= (cp - data) + 1;
1564 data += (cp - data) + 1;
1565
1566 /* Parse and consume address. */
1567 cp = memchr(data, ',', len);
1568 if (cp == NULL || cp == data) {
1569 send_error(EINVAL);
1570 return;
1571 }
1572 gva = parse_integer(data, cp - data);
1573 len -= (cp - data) + 1;
1574 data += (cp - data) + 1;
1575
1576 /* Parse and consume kind. */
1577 cp = memchr(data, ';', len);
1578 if (cp == data) {
1579 send_error(EINVAL);
1580 return;
1581 }
1582 if (cp != NULL) {
1583 /*
1584 * We do not advertise support for either the
1585 * ConditionalBreakpoints or BreakpointCommands
1586 * features, so we should not be getting conditions or
1587 * commands from the remote end.
1588 */
1589 send_empty_response();
1590 return;
1591 }
1592 kind = parse_integer(data, len);
1593 data += len;
1594 len = 0;
1595
1596 switch (type) {
1597 case 0:
1598 update_sw_breakpoint(gva, kind, insert);
1599 break;
1600 default:
1601 send_empty_response();
1602 break;
1603 }
1604 }
1605
1606 static bool
command_equals(const uint8_t * data,size_t len,const char * cmd)1607 command_equals(const uint8_t *data, size_t len, const char *cmd)
1608 {
1609
1610 if (strlen(cmd) > len)
1611 return (false);
1612 return (memcmp(data, cmd, strlen(cmd)) == 0);
1613 }
1614
1615 static void
check_features(const uint8_t * data,size_t len)1616 check_features(const uint8_t *data, size_t len)
1617 {
1618 char *feature, *next_feature, *str, *value;
1619 bool supported;
1620
1621 str = malloc(len + 1);
1622 memcpy(str, data, len);
1623 str[len] = '\0';
1624 next_feature = str;
1625
1626 while ((feature = strsep(&next_feature, ";")) != NULL) {
1627 /*
1628 * Null features shouldn't exist, but skip if they
1629 * do.
1630 */
1631 if (strcmp(feature, "") == 0)
1632 continue;
1633
1634 /*
1635 * Look for the value or supported / not supported
1636 * flag.
1637 */
1638 value = strchr(feature, '=');
1639 if (value != NULL) {
1640 *value = '\0';
1641 value++;
1642 supported = true;
1643 } else {
1644 value = feature + strlen(feature) - 1;
1645 switch (*value) {
1646 case '+':
1647 supported = true;
1648 break;
1649 case '-':
1650 supported = false;
1651 break;
1652 default:
1653 /*
1654 * This is really a protocol error,
1655 * but we just ignore malformed
1656 * features for ease of
1657 * implementation.
1658 */
1659 continue;
1660 }
1661 value = NULL;
1662 }
1663
1664 if (strcmp(feature, "swbreak") == 0)
1665 swbreak_enabled = supported;
1666 }
1667 free(str);
1668
1669 start_packet();
1670
1671 /* This is an arbitrary limit. */
1672 append_string("PacketSize=4096");
1673 append_string(";swbreak+");
1674 append_string(";qXfer:features:read+");
1675 finish_packet();
1676 }
1677
1678 static void
gdb_query(const uint8_t * data,size_t len)1679 gdb_query(const uint8_t *data, size_t len)
1680 {
1681
1682 /*
1683 * TODO:
1684 * - qSearch
1685 */
1686 if (command_equals(data, len, "qAttached")) {
1687 start_packet();
1688 append_char('1');
1689 finish_packet();
1690 } else if (command_equals(data, len, "qC")) {
1691 start_packet();
1692 append_string("QC");
1693 append_integer(cur_vcpu + 1);
1694 finish_packet();
1695 } else if (command_equals(data, len, "qfThreadInfo")) {
1696 cpuset_t mask;
1697 bool first;
1698 int vcpu;
1699
1700 if (CPU_EMPTY(&vcpus_active)) {
1701 send_error(EINVAL);
1702 return;
1703 }
1704 mask = vcpus_active;
1705 start_packet();
1706 append_char('m');
1707 first = true;
1708 while (!CPU_EMPTY(&mask)) {
1709 vcpu = CPU_FFS(&mask) - 1;
1710 CPU_CLR(vcpu, &mask);
1711 if (first)
1712 first = false;
1713 else
1714 append_char(',');
1715 append_integer(vcpu + 1);
1716 }
1717 finish_packet();
1718 } else if (command_equals(data, len, "qsThreadInfo")) {
1719 start_packet();
1720 append_char('l');
1721 finish_packet();
1722 } else if (command_equals(data, len, "qSupported")) {
1723 data += strlen("qSupported");
1724 len -= strlen("qSupported");
1725 check_features(data, len);
1726 } else if (command_equals(data, len, "qThreadExtraInfo")) {
1727 char buf[16];
1728 int tid;
1729
1730 data += strlen("qThreadExtraInfo");
1731 len -= strlen("qThreadExtraInfo");
1732 if (len == 0 || *data != ',') {
1733 send_error(EINVAL);
1734 return;
1735 }
1736 tid = parse_threadid(data + 1, len - 1);
1737 if (tid <= 0 || !CPU_ISSET(tid - 1, &vcpus_active)) {
1738 send_error(EINVAL);
1739 return;
1740 }
1741
1742 snprintf(buf, sizeof(buf), "vCPU %d", tid - 1);
1743 start_packet();
1744 append_asciihex(buf);
1745 finish_packet();
1746 } else if (command_equals(data, len, "qXfer:features:read:")) {
1747 struct stat sb;
1748 const char *xml;
1749 const uint8_t *pathend;
1750 char buf[64], path[PATH_MAX];
1751 size_t xmllen;
1752 unsigned int doff, dlen;
1753 int fd;
1754
1755 data += strlen("qXfer:features:read:");
1756 len -= strlen("qXfer:features:read:");
1757
1758 pathend = memchr(data, ':', len);
1759 if (pathend == NULL ||
1760 (size_t)(pathend - data) >= sizeof(path) - 1) {
1761 send_error(EINVAL);
1762 return;
1763 }
1764 memcpy(path, data, pathend - data);
1765 path[pathend - data] = '\0';
1766 data += (pathend - data) + 1;
1767 len -= (pathend - data) + 1;
1768
1769 if (len > sizeof(buf) - 1) {
1770 send_error(EINVAL);
1771 return;
1772 }
1773 memcpy(buf, data, len);
1774 buf[len] = '\0';
1775 if (sscanf(buf, "%x,%x", &doff, &dlen) != 2) {
1776 send_error(EINVAL);
1777 return;
1778 }
1779
1780 fd = openat(xml_dfd, path, O_RDONLY | O_RESOLVE_BENEATH);
1781 if (fd < 0) {
1782 send_error(errno);
1783 return;
1784 }
1785 if (fstat(fd, &sb) < 0) {
1786 send_error(errno);
1787 close(fd);
1788 return;
1789 }
1790 xml = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);
1791 if (xml == MAP_FAILED) {
1792 send_error(errno);
1793 close(fd);
1794 return;
1795 }
1796 close(fd);
1797 xmllen = sb.st_size;
1798
1799 start_packet();
1800 if (doff >= xmllen) {
1801 append_char('l');
1802 } else if (doff + dlen >= xmllen) {
1803 append_char('l');
1804 append_packet_data(xml + doff, xmllen - doff);
1805 } else {
1806 append_char('m');
1807 append_packet_data(xml + doff, dlen);
1808 }
1809 finish_packet();
1810 (void)munmap(__DECONST(void *, xml), xmllen);
1811 } else
1812 send_empty_response();
1813 }
1814
1815 static void
handle_command(const uint8_t * data,size_t len)1816 handle_command(const uint8_t *data, size_t len)
1817 {
1818
1819 /* Reject packets with a sequence-id. */
1820 if (len >= 3 && data[0] >= '0' && data[0] <= '9' &&
1821 data[0] >= '0' && data[0] <= '9' && data[2] == ':') {
1822 send_empty_response();
1823 return;
1824 }
1825
1826 switch (*data) {
1827 case 'c':
1828 if (len != 1) {
1829 send_error(EINVAL);
1830 break;
1831 }
1832
1833 discard_stop();
1834 gdb_resume_vcpus();
1835 break;
1836 case 'D':
1837 send_ok();
1838
1839 /* TODO: Resume any stopped CPUs. */
1840 break;
1841 case 'g':
1842 gdb_read_regs();
1843 break;
1844 case 'p':
1845 gdb_read_one_reg(data + 1, len - 1);
1846 break;
1847 case 'H': {
1848 int tid;
1849
1850 if (len < 2 || (data[1] != 'g' && data[1] != 'c')) {
1851 send_error(EINVAL);
1852 break;
1853 }
1854 tid = parse_threadid(data + 2, len - 2);
1855 if (tid == -2) {
1856 send_error(EINVAL);
1857 break;
1858 }
1859
1860 if (CPU_EMPTY(&vcpus_active)) {
1861 send_error(EINVAL);
1862 break;
1863 }
1864 if (tid == -1 || tid == 0)
1865 cur_vcpu = CPU_FFS(&vcpus_active) - 1;
1866 else if (CPU_ISSET(tid - 1, &vcpus_active))
1867 cur_vcpu = tid - 1;
1868 else {
1869 send_error(EINVAL);
1870 break;
1871 }
1872 send_ok();
1873 break;
1874 }
1875 case 'm':
1876 gdb_read_mem(data, len);
1877 break;
1878 case 'M':
1879 gdb_write_mem(data, len);
1880 break;
1881 case 'T': {
1882 int tid;
1883
1884 tid = parse_threadid(data + 1, len - 1);
1885 if (tid <= 0 || !CPU_ISSET(tid - 1, &vcpus_active)) {
1886 send_error(EINVAL);
1887 return;
1888 }
1889 send_ok();
1890 break;
1891 }
1892 case 'q':
1893 gdb_query(data, len);
1894 break;
1895 case 's':
1896 if (len != 1) {
1897 send_error(EINVAL);
1898 break;
1899 }
1900
1901 /* Don't send a reply until a stop occurs. */
1902 if (!gdb_step_vcpu(vcpus[cur_vcpu])) {
1903 send_error(EOPNOTSUPP);
1904 break;
1905 }
1906 break;
1907 case 'z':
1908 case 'Z':
1909 parse_breakpoint(data, len);
1910 break;
1911 case '?':
1912 report_stop(false);
1913 break;
1914 case 'G': /* TODO */
1915 case 'v':
1916 /* Handle 'vCont' */
1917 /* 'vCtrlC' */
1918 case 'P': /* TODO */
1919 case 'Q': /* TODO */
1920 case 't': /* TODO */
1921 case 'X': /* TODO */
1922 default:
1923 send_empty_response();
1924 }
1925 }
1926
1927 /* Check for a valid packet in the command buffer. */
1928 static void
check_command(int fd)1929 check_command(int fd)
1930 {
1931 uint8_t *head, *hash, *p, sum;
1932 size_t avail, plen;
1933
1934 for (;;) {
1935 avail = cur_comm.len;
1936 if (avail == 0)
1937 return;
1938 head = io_buffer_head(&cur_comm);
1939 switch (*head) {
1940 case 0x03:
1941 debug("<- Ctrl-C\n");
1942 io_buffer_consume(&cur_comm, 1);
1943
1944 gdb_suspend_vcpus();
1945 break;
1946 case '+':
1947 /* ACK of previous response. */
1948 debug("<- +\n");
1949 if (response_pending())
1950 io_buffer_reset(&cur_resp);
1951 io_buffer_consume(&cur_comm, 1);
1952 if (stopped_vcpu != -1 && report_next_stop) {
1953 report_stop(true);
1954 send_pending_data(fd);
1955 }
1956 break;
1957 case '-':
1958 /* NACK of previous response. */
1959 debug("<- -\n");
1960 if (response_pending()) {
1961 cur_resp.len += cur_resp.start;
1962 cur_resp.start = 0;
1963 if (cur_resp.data[0] == '+')
1964 io_buffer_advance(&cur_resp, 1);
1965 debug("-> %.*s\n", (int)cur_resp.len,
1966 io_buffer_head(&cur_resp));
1967 }
1968 io_buffer_consume(&cur_comm, 1);
1969 send_pending_data(fd);
1970 break;
1971 case '$':
1972 /* Packet. */
1973
1974 if (response_pending()) {
1975 warnx("New GDB command while response in "
1976 "progress");
1977 io_buffer_reset(&cur_resp);
1978 }
1979
1980 /* Is packet complete? */
1981 hash = memchr(head, '#', avail);
1982 if (hash == NULL)
1983 return;
1984 plen = (hash - head + 1) + 2;
1985 if (avail < plen)
1986 return;
1987 debug("<- %.*s\n", (int)plen, head);
1988
1989 /* Verify checksum. */
1990 for (sum = 0, p = head + 1; p < hash; p++)
1991 sum += *p;
1992 if (sum != parse_byte(hash + 1)) {
1993 io_buffer_consume(&cur_comm, plen);
1994 debug("-> -\n");
1995 send_char('-');
1996 send_pending_data(fd);
1997 break;
1998 }
1999 send_char('+');
2000
2001 handle_command(head + 1, hash - (head + 1));
2002 io_buffer_consume(&cur_comm, plen);
2003 if (!response_pending())
2004 debug("-> +\n");
2005 send_pending_data(fd);
2006 break;
2007 default:
2008 /* XXX: Possibly drop connection instead. */
2009 debug("-> %02x\n", *head);
2010 io_buffer_consume(&cur_comm, 1);
2011 break;
2012 }
2013 }
2014 }
2015
2016 static void
gdb_readable(int fd,enum ev_type event __unused,void * arg __unused)2017 gdb_readable(int fd, enum ev_type event __unused, void *arg __unused)
2018 {
2019 size_t pending;
2020 ssize_t nread;
2021 int n;
2022
2023 if (ioctl(fd, FIONREAD, &n) == -1) {
2024 warn("FIONREAD on GDB socket");
2025 return;
2026 }
2027 assert(n >= 0);
2028 pending = n;
2029
2030 /*
2031 * 'pending' might be zero due to EOF. We need to call read
2032 * with a non-zero length to detect EOF.
2033 */
2034 if (pending == 0)
2035 pending = 1;
2036
2037 /* Ensure there is room in the command buffer. */
2038 io_buffer_grow(&cur_comm, pending);
2039 assert(io_buffer_avail(&cur_comm) >= pending);
2040
2041 nread = read(fd, io_buffer_tail(&cur_comm), io_buffer_avail(&cur_comm));
2042 if (nread == 0) {
2043 close_connection();
2044 } else if (nread == -1) {
2045 if (errno == EAGAIN)
2046 return;
2047
2048 warn("Read from GDB socket");
2049 close_connection();
2050 } else {
2051 cur_comm.len += nread;
2052 pthread_mutex_lock(&gdb_lock);
2053 check_command(fd);
2054 pthread_mutex_unlock(&gdb_lock);
2055 }
2056 }
2057
2058 static void
gdb_writable(int fd,enum ev_type event __unused,void * arg __unused)2059 gdb_writable(int fd, enum ev_type event __unused, void *arg __unused)
2060 {
2061
2062 send_pending_data(fd);
2063 }
2064
2065 static void
new_connection(int fd,enum ev_type event __unused,void * arg)2066 new_connection(int fd, enum ev_type event __unused, void *arg)
2067 {
2068 int optval, s;
2069
2070 s = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2071 if (s == -1) {
2072 if (arg != NULL)
2073 err(1, "Failed accepting initial GDB connection");
2074
2075 /* Silently ignore errors post-startup. */
2076 return;
2077 }
2078
2079 optval = 1;
2080 if (setsockopt(s, SOL_SOCKET, SO_NOSIGPIPE, &optval, sizeof(optval)) ==
2081 -1) {
2082 warn("Failed to disable SIGPIPE for GDB connection");
2083 close(s);
2084 return;
2085 }
2086
2087 pthread_mutex_lock(&gdb_lock);
2088 if (cur_fd != -1) {
2089 close(s);
2090 warnx("Ignoring additional GDB connection.");
2091 }
2092
2093 read_event = mevent_add(s, EVF_READ, gdb_readable, NULL);
2094 if (read_event == NULL) {
2095 if (arg != NULL)
2096 err(1, "Failed to setup initial GDB connection");
2097 pthread_mutex_unlock(&gdb_lock);
2098 return;
2099 }
2100 write_event = mevent_add(s, EVF_WRITE, gdb_writable, NULL);
2101 if (write_event == NULL) {
2102 if (arg != NULL)
2103 err(1, "Failed to setup initial GDB connection");
2104 mevent_delete_close(read_event);
2105 read_event = NULL;
2106 }
2107
2108 cur_fd = s;
2109 cur_vcpu = 0;
2110 stopped_vcpu = -1;
2111
2112 /* Break on attach. */
2113 first_stop = true;
2114 report_next_stop = false;
2115 gdb_suspend_vcpus();
2116 pthread_mutex_unlock(&gdb_lock);
2117 }
2118
2119 #ifndef WITHOUT_CAPSICUM
2120 static void
limit_gdb_socket(int s)2121 limit_gdb_socket(int s)
2122 {
2123 cap_rights_t rights;
2124 unsigned long ioctls[] = { FIONREAD };
2125
2126 cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE,
2127 CAP_SETSOCKOPT, CAP_IOCTL);
2128 if (caph_rights_limit(s, &rights) == -1)
2129 errx(EX_OSERR, "Unable to apply rights for sandbox");
2130 if (caph_ioctls_limit(s, ioctls, nitems(ioctls)) == -1)
2131 errx(EX_OSERR, "Unable to apply rights for sandbox");
2132 }
2133 #endif
2134
2135 void
init_gdb(struct vmctx * _ctx)2136 init_gdb(struct vmctx *_ctx)
2137 {
2138 #ifndef WITHOUT_CAPSICUM
2139 cap_rights_t rights;
2140 #endif
2141 int error, flags, optval, s;
2142 struct addrinfo hints;
2143 struct addrinfo *gdbaddr;
2144 const char *saddr, *value;
2145 char *sport;
2146 bool wait;
2147
2148 value = get_config_value("gdb.port");
2149 if (value == NULL)
2150 return;
2151 sport = strdup(value);
2152 if (sport == NULL)
2153 errx(4, "Failed to allocate memory");
2154
2155 wait = get_config_bool_default("gdb.wait", false);
2156
2157 saddr = get_config_value("gdb.address");
2158 if (saddr == NULL) {
2159 saddr = "localhost";
2160 }
2161
2162 debug("==> starting on %s:%s, %swaiting\n",
2163 saddr, sport, wait ? "" : "not ");
2164
2165 error = pthread_mutex_init(&gdb_lock, NULL);
2166 if (error != 0)
2167 errc(1, error, "gdb mutex init");
2168 error = pthread_cond_init(&idle_vcpus, NULL);
2169 if (error != 0)
2170 errc(1, error, "gdb cv init");
2171
2172 memset(&hints, 0, sizeof(hints));
2173 hints.ai_family = AF_UNSPEC;
2174 hints.ai_socktype = SOCK_STREAM;
2175 hints.ai_flags = AI_NUMERICSERV | AI_PASSIVE;
2176
2177 error = getaddrinfo(saddr, sport, &hints, &gdbaddr);
2178 if (error != 0)
2179 errx(1, "gdb address resolution: %s", gai_strerror(error));
2180
2181 ctx = _ctx;
2182 s = socket(gdbaddr->ai_family, gdbaddr->ai_socktype, 0);
2183 if (s < 0)
2184 err(1, "gdb socket create");
2185
2186 optval = 1;
2187 (void)setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval));
2188
2189 if (bind(s, gdbaddr->ai_addr, gdbaddr->ai_addrlen) < 0)
2190 err(1, "gdb socket bind");
2191
2192 if (listen(s, 1) < 0)
2193 err(1, "gdb socket listen");
2194
2195 stopped_vcpu = -1;
2196 TAILQ_INIT(&breakpoints);
2197 vcpus = calloc(guest_ncpus, sizeof(*vcpus));
2198 vcpu_state = calloc(guest_ncpus, sizeof(*vcpu_state));
2199 if (wait) {
2200 /*
2201 * Set vcpu 0 in vcpus_suspended. This will trigger the
2202 * logic in gdb_cpu_add() to suspend the first vcpu before
2203 * it starts execution. The vcpu will remain suspended
2204 * until a debugger connects.
2205 */
2206 CPU_SET(0, &vcpus_suspended);
2207 stopped_vcpu = 0;
2208 }
2209
2210 flags = fcntl(s, F_GETFL);
2211 if (fcntl(s, F_SETFL, flags | O_NONBLOCK) == -1)
2212 err(1, "Failed to mark gdb socket non-blocking");
2213
2214 #ifndef WITHOUT_CAPSICUM
2215 limit_gdb_socket(s);
2216 #endif
2217 mevent_add(s, EVF_READ, new_connection, NULL);
2218 gdb_active = true;
2219 freeaddrinfo(gdbaddr);
2220 free(sport);
2221
2222 xml_dfd = open(_PATH_GDB_XML, O_DIRECTORY);
2223 if (xml_dfd == -1)
2224 err(1, "Failed to open gdb xml directory");
2225 #ifndef WITHOUT_CAPSICUM
2226 cap_rights_init(&rights, CAP_FSTAT, CAP_LOOKUP, CAP_MMAP_R, CAP_PREAD);
2227 if (caph_rights_limit(xml_dfd, &rights) == -1)
2228 err(1, "cap_rights_init");
2229 #endif
2230 }
2231