4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #pragma ident "%Z%%M% %I% %E% SMI"
27
28 /*
29 * The debugger/"PROM" interface layer
30 *
31 * It makes more sense on SPARC. In reality, these interfaces deal with three
32 * things: setting break/watchpoints, stepping, and interfacing with the KDI to
33 * set up kmdb's IDT handlers.
34 */
35
36 #include <kmdb/kmdb_dpi_impl.h>
37 #include <kmdb/kmdb_kdi.h>
38 #include <kmdb/kmdb_umemglue.h>
39 #include <kmdb/kaif.h>
40 #include <kmdb/kmdb_io.h>
41 #include <kmdb/kaif_start.h>
42 #include <mdb/mdb_err.h>
43 #include <mdb/mdb_debug.h>
44 #include <mdb/mdb_isautil.h>
45 #include <mdb/mdb_io_impl.h>
46 #include <mdb/mdb_kreg_impl.h>
47 #include <mdb/mdb.h>
48
49 #include <sys/types.h>
50 #include <sys/bitmap.h>
51 #include <sys/termios.h>
52 #include <sys/kdi_impl.h>
53
54 /*
55 * This is the area containing the saved state when we enter
56 * via kmdb's IDT entries.
57 */
58 kdi_cpusave_t *kaif_cpusave;
59 int kaif_ncpusave;
60 kdi_drreg_t kaif_drreg;
61
62 uint32_t kaif_waptmap;
63
64 int kaif_trap_switch;
65
66 void (*kaif_modchg_cb)(struct modctl *, int);
67
68 enum {
69 M_SYSRET = 0x07, /* after M_ESC */
70 M_ESC = 0x0f,
71 M_SYSEXIT = 0x35, /* after M_ESC */
72 M_REX_LO = 0x40, /* first REX prefix */
239 return (-1);
240
241 *valp = *regp;
242
243 return (0);
244 }
245
246 static int
247 kaif_set_register(const char *regname, kreg_t val)
248 {
249 kreg_t *regp;
250
251 if ((regp = kaif_find_regp(regname)) == NULL)
252 return (-1);
253
254 *regp = val;
255
256 return (0);
257 }
258
259 static int
260 kaif_brkpt_arm(uintptr_t addr, mdb_instr_t *instrp)
261 {
262 mdb_instr_t bkpt = KAIF_BREAKPOINT_INSTR;
263
264 if (mdb_tgt_vread(mdb.m_target, instrp, sizeof (mdb_instr_t), addr) !=
265 sizeof (mdb_instr_t))
266 return (-1); /* errno is set for us */
267
268 if (mdb_tgt_vwrite(mdb.m_target, &bkpt, sizeof (mdb_instr_t), addr) !=
269 sizeof (mdb_instr_t))
270 return (-1); /* errno is set for us */
271
272 return (0);
273 }
274
275 static int
276 kaif_brkpt_disarm(uintptr_t addr, mdb_instr_t instrp)
277 {
278 if (mdb_tgt_vwrite(mdb.m_target, &instrp, sizeof (mdb_instr_t), addr) !=
279 sizeof (mdb_instr_t))
280 return (-1); /* errno is set for us */
281
282 return (0);
283 }
428
429 ASSERT(BT_TEST(&kaif_waptmap, hwid));
430
431 for (i = 0; i < kaif_ncpusave; i++)
432 n += (kaif_cpusave[i].krs_dr.dr_stat & mask) != 0;
433
434 return (n);
435 }
436
437 static int
438 kaif_step(void)
439 {
440 kreg_t pc, fl, oldfl, newfl, sp;
441 mdb_tgt_addr_t npc;
442 mdb_instr_t instr;
443 int emulated = 0, rchk = 0;
444 size_t pcoff = 0;
445
446 (void) kmdb_dpi_get_register("pc", &pc);
447
448 if ((npc = mdb_dis_nextins(mdb.m_disasm, mdb.m_target,
449 MDB_TGT_AS_VIRT, pc)) == pc) {
450 warn("failed to decode instruction at %a for step\n", pc);
451 return (set_errno(EINVAL));
452 }
453
454 /*
455 * Stepping behavior depends on the type of instruction. It does not
456 * depend on the presence of a REX prefix, as the action we take for a
457 * given instruction doesn't currently vary for 32-bit instructions
458 * versus their 64-bit counterparts.
459 */
460 do {
461 if (mdb_tgt_vread(mdb.m_target, &instr, sizeof (mdb_instr_t),
462 pc + pcoff) != sizeof (mdb_instr_t)) {
463 warn("failed to read at %p for step",
464 (void *)(pc + pcoff));
465 return (-1);
466 }
467 } while (pcoff++, (instr >= M_REX_LO && instr <= M_REX_HI && !rchk++));
586
587 /* Go back to using the EFLAGS we were using before the step */
588 (void) kmdb_dpi_set_register(FLAGS_REG_NAME, oldfl);
589 return (0);
590
591 default:
592 /*
593 * The stepped instruction may have altered EFLAGS. We only
594 * really care about the value of IF, and we know the stepped
595 * instruction didn't alter it, so we can simply copy the
596 * pre-step value. We'll also need to turn TF back off.
597 */
598 (void) kmdb_dpi_get_register(FLAGS_REG_NAME, &fl);
599 (void) kmdb_dpi_set_register(FLAGS_REG_NAME,
600 ((fl & ~(KREG_EFLAGS_TF_MASK|KREG_EFLAGS_IF_MASK)) |
601 (oldfl & KREG_EFLAGS_IF_MASK)));
602 return (0);
603 }
604 }
605
606 /*
607 * The target has already configured the chip for branch step, leaving us to
608 * actually make the machine go. Due to a number of issues involving
609 * the potential alteration of system state via instructions like sti, cli,
610 * pushfl, and popfl, we're going to treat this like a normal system resume.
611 * All CPUs will be released, on the kernel's IDT. Our primary concern is
612 * the alteration/storage of our TF'd EFLAGS via pushfl and popfl. There's no
613 * real workaround - we don't have opcode breakpoints - so the best we can do is
614 * to ensure that the world won't end if someone does bad things to EFLAGS.
615 *
616 * Two things can happen:
617 * 1. EFLAGS.TF may be cleared, either maliciously or via a popfl from saved
618 * state. The CPU will continue execution beyond the branch, and will not
619 * reenter the debugger unless brought/sent in by other means.
620 * 2. Someone may pushlf the TF'd EFLAGS, and may stash a copy of it somewhere.
621 * When the saved version is popfl'd back into place, the debugger will be
622 * re-entered on a single-step trap.
623 */
624 static void
625 kaif_step_branch(void)
626 {
627 kreg_t fl;
628
629 (void) kmdb_dpi_get_register(FLAGS_REG_NAME, &fl);
630 (void) kmdb_dpi_set_register(FLAGS_REG_NAME,
631 (fl | (1 << KREG_EFLAGS_TF_SHIFT)));
632
633 kmdb_dpi_resume_master();
634
635 (void) kmdb_dpi_set_register(FLAGS_REG_NAME, fl);
636 }
637
638 /*ARGSUSED*/
639 static uintptr_t
640 kaif_call(uintptr_t funcva, uint_t argc, const uintptr_t argv[])
641 {
642 return (kaif_invoke(funcva, argc, argv));
643 }
644
645 static void
646 dump_crumb(kdi_crumb_t *krmp)
647 {
648 kdi_crumb_t krm;
649
650 if (mdb_vread(&krm, sizeof (kdi_crumb_t), (uintptr_t)krmp) !=
651 sizeof (kdi_crumb_t)) {
652 warn("failed to read crumb at %p", krmp);
653 return;
654 }
655
656 mdb_printf("state: ");
657 switch (krm.krm_cpu_state) {
707
708 dump_crumbs(save);
709 }
710 }
711 }
712
713 static void
714 kaif_modchg_register(void (*func)(struct modctl *, int))
715 {
716 kaif_modchg_cb = func;
717 }
718
719 static void
720 kaif_modchg_cancel(void)
721 {
722 ASSERT(kaif_modchg_cb != NULL);
723
724 kaif_modchg_cb = NULL;
725 }
726
727 static void
728 kaif_msr_add(const kdi_msr_t *msrs)
729 {
730 kdi_msr_t *save;
731 size_t nr_msrs = 0;
732 size_t i;
733
734 while (msrs[nr_msrs].msr_num != 0)
735 nr_msrs++;
736 /* we want to copy the terminating kdi_msr_t too */
737 nr_msrs++;
738
739 save = mdb_zalloc(sizeof (kdi_msr_t) * nr_msrs * kaif_ncpusave,
740 UM_SLEEP);
741
742 for (i = 0; i < kaif_ncpusave; i++)
743 bcopy(msrs, &save[nr_msrs * i], sizeof (kdi_msr_t) * nr_msrs);
744
745 kmdb_kdi_set_debug_msrs(save);
746 }
747
748 static uint64_t
749 kaif_msr_get(int cpuid, uint_t num)
750 {
751 kdi_cpusave_t *save;
752 kdi_msr_t *msr;
753 int i;
754
755 if ((save = kaif_cpuid2save(cpuid)) == NULL)
756 return (-1); /* errno is set for us */
757
758 msr = save->krs_msr;
759
760 for (i = 0; msr[i].msr_num != 0; i++) {
761 if (msr[i].msr_num == num && (msr[i].msr_type & KDI_MSR_READ))
762 return (msr[i].kdi_msr_val);
763 }
764
765 return (0);
766 }
767
768 void
769 kaif_trap_set_debugger(void)
770 {
771 kmdb_kdi_idt_switch(NULL);
772 }
773
774 void
775 kaif_trap_set_saved(kaif_cpusave_t *cpusave)
776 {
777 kmdb_kdi_idt_switch(cpusave);
778 }
779
780 static void
781 kaif_vmready(void)
782 {
783 }
784
785 void
786 kaif_memavail(caddr_t base, size_t len)
787 {
867 kaif_init,
868 kaif_activate,
869 kmdb_kdi_deactivate,
870 kaif_enter_mon,
871 kaif_modchg_register,
872 kaif_modchg_cancel,
873 kaif_get_cpu_state,
874 kaif_get_master_cpuid,
875 kaif_get_gregs,
876 kaif_get_register,
877 kaif_set_register,
878 kaif_brkpt_arm,
879 kaif_brkpt_disarm,
880 kaif_wapt_validate,
881 kaif_wapt_reserve,
882 kaif_wapt_release,
883 kaif_wapt_arm,
884 kaif_wapt_disarm,
885 kaif_wapt_match,
886 kaif_step,
887 kaif_step_branch,
888 kaif_call,
889 kaif_dump_crumbs,
890 kaif_msr_add,
891 kaif_msr_get,
892 };
|
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 *
25 * Copyright 2018 Joyent, Inc.
26 */
27
28 /*
29 * The debugger/"PROM" interface layer
30 *
31 * It makes more sense on SPARC. In reality, these interfaces deal with three
32 * things: setting break/watchpoints, stepping, and interfacing with the KDI to
33 * set up kmdb's IDT handlers.
34 */
35
36 #include <kmdb/kmdb_dpi_impl.h>
37 #include <kmdb/kmdb_kdi.h>
38 #include <kmdb/kmdb_umemglue.h>
39 #include <kmdb/kaif.h>
40 #include <kmdb/kmdb_io.h>
41 #include <kmdb/kaif_start.h>
42 #include <mdb/mdb_err.h>
43 #include <mdb/mdb_debug.h>
44 #include <mdb/mdb_isautil.h>
45 #include <mdb/mdb_io_impl.h>
46 #include <mdb/mdb_kreg_impl.h>
47 #include <mdb/mdb.h>
48
49 #include <sys/types.h>
50 #include <sys/bitmap.h>
51 #include <sys/termios.h>
52 #include <sys/kdi_impl.h>
53 #include <sys/sysmacros.h>
54
55 /*
56 * This is the area containing the saved state when we enter
57 * via kmdb's IDT entries.
58 */
59 kdi_cpusave_t *kaif_cpusave;
60 int kaif_ncpusave;
61 kdi_drreg_t kaif_drreg;
62
63 uint32_t kaif_waptmap;
64
65 int kaif_trap_switch;
66
67 void (*kaif_modchg_cb)(struct modctl *, int);
68
69 enum {
70 M_SYSRET = 0x07, /* after M_ESC */
71 M_ESC = 0x0f,
72 M_SYSEXIT = 0x35, /* after M_ESC */
73 M_REX_LO = 0x40, /* first REX prefix */
240 return (-1);
241
242 *valp = *regp;
243
244 return (0);
245 }
246
247 static int
248 kaif_set_register(const char *regname, kreg_t val)
249 {
250 kreg_t *regp;
251
252 if ((regp = kaif_find_regp(regname)) == NULL)
253 return (-1);
254
255 *regp = val;
256
257 return (0);
258 }
259
260 /*
261 * Refuse to single-step or break within any stub that loads a user %cr3 value.
262 * As the KDI traps are not careful to restore such a %cr3, this can all go
263 * wrong, both spectacularly and subtly.
264 */
265 static boolean_t
266 kaif_toxic_text(uintptr_t addr)
267 {
268 static GElf_Sym toxic_syms[2] = { 0, };
269 size_t i;
270
271 if (toxic_syms[0].st_name == NULL) {
272 if (mdb_tgt_lookup_by_name(mdb.m_target, MDB_TGT_OBJ_EXEC,
273 "tr_iret_user", &toxic_syms[0], NULL) != 0)
274 warn("couldn't find tr_iret_user\n");
275 if (mdb_tgt_lookup_by_name(mdb.m_target, MDB_TGT_OBJ_EXEC,
276 "tr_mmu_flush_user_range", &toxic_syms[1], NULL) != 0)
277 warn("couldn't find tr_mmu_flush_user_range\n");
278 }
279
280 for (i = 0; i < ARRAY_SIZE(toxic_syms); i++) {
281 if (addr >= toxic_syms[i].st_value &&
282 addr - toxic_syms[i].st_value < toxic_syms[i].st_size)
283 return (B_TRUE);
284 }
285
286 return (B_FALSE);
287 }
288
289 static int
290 kaif_brkpt_arm(uintptr_t addr, mdb_instr_t *instrp)
291 {
292 mdb_instr_t bkpt = KAIF_BREAKPOINT_INSTR;
293
294 if (kaif_toxic_text(addr)) {
295 warn("%a cannot be a breakpoint target\n", addr);
296 return (set_errno(EMDB_TGTNOTSUP));
297 }
298
299 if (mdb_tgt_vread(mdb.m_target, instrp, sizeof (mdb_instr_t), addr) !=
300 sizeof (mdb_instr_t))
301 return (-1); /* errno is set for us */
302
303 if (mdb_tgt_vwrite(mdb.m_target, &bkpt, sizeof (mdb_instr_t), addr) !=
304 sizeof (mdb_instr_t))
305 return (-1); /* errno is set for us */
306
307 return (0);
308 }
309
310 static int
311 kaif_brkpt_disarm(uintptr_t addr, mdb_instr_t instrp)
312 {
313 if (mdb_tgt_vwrite(mdb.m_target, &instrp, sizeof (mdb_instr_t), addr) !=
314 sizeof (mdb_instr_t))
315 return (-1); /* errno is set for us */
316
317 return (0);
318 }
463
464 ASSERT(BT_TEST(&kaif_waptmap, hwid));
465
466 for (i = 0; i < kaif_ncpusave; i++)
467 n += (kaif_cpusave[i].krs_dr.dr_stat & mask) != 0;
468
469 return (n);
470 }
471
472 static int
473 kaif_step(void)
474 {
475 kreg_t pc, fl, oldfl, newfl, sp;
476 mdb_tgt_addr_t npc;
477 mdb_instr_t instr;
478 int emulated = 0, rchk = 0;
479 size_t pcoff = 0;
480
481 (void) kmdb_dpi_get_register("pc", &pc);
482
483 if (kaif_toxic_text(pc)) {
484 warn("%a cannot be stepped\n", pc);
485 return (set_errno(EMDB_TGTNOTSUP));
486 }
487
488 if ((npc = mdb_dis_nextins(mdb.m_disasm, mdb.m_target,
489 MDB_TGT_AS_VIRT, pc)) == pc) {
490 warn("failed to decode instruction at %a for step\n", pc);
491 return (set_errno(EINVAL));
492 }
493
494 /*
495 * Stepping behavior depends on the type of instruction. It does not
496 * depend on the presence of a REX prefix, as the action we take for a
497 * given instruction doesn't currently vary for 32-bit instructions
498 * versus their 64-bit counterparts.
499 */
500 do {
501 if (mdb_tgt_vread(mdb.m_target, &instr, sizeof (mdb_instr_t),
502 pc + pcoff) != sizeof (mdb_instr_t)) {
503 warn("failed to read at %p for step",
504 (void *)(pc + pcoff));
505 return (-1);
506 }
507 } while (pcoff++, (instr >= M_REX_LO && instr <= M_REX_HI && !rchk++));
626
627 /* Go back to using the EFLAGS we were using before the step */
628 (void) kmdb_dpi_set_register(FLAGS_REG_NAME, oldfl);
629 return (0);
630
631 default:
632 /*
633 * The stepped instruction may have altered EFLAGS. We only
634 * really care about the value of IF, and we know the stepped
635 * instruction didn't alter it, so we can simply copy the
636 * pre-step value. We'll also need to turn TF back off.
637 */
638 (void) kmdb_dpi_get_register(FLAGS_REG_NAME, &fl);
639 (void) kmdb_dpi_set_register(FLAGS_REG_NAME,
640 ((fl & ~(KREG_EFLAGS_TF_MASK|KREG_EFLAGS_IF_MASK)) |
641 (oldfl & KREG_EFLAGS_IF_MASK)));
642 return (0);
643 }
644 }
645
646 /*ARGSUSED*/
647 static uintptr_t
648 kaif_call(uintptr_t funcva, uint_t argc, const uintptr_t argv[])
649 {
650 return (kaif_invoke(funcva, argc, argv));
651 }
652
653 static void
654 dump_crumb(kdi_crumb_t *krmp)
655 {
656 kdi_crumb_t krm;
657
658 if (mdb_vread(&krm, sizeof (kdi_crumb_t), (uintptr_t)krmp) !=
659 sizeof (kdi_crumb_t)) {
660 warn("failed to read crumb at %p", krmp);
661 return;
662 }
663
664 mdb_printf("state: ");
665 switch (krm.krm_cpu_state) {
715
716 dump_crumbs(save);
717 }
718 }
719 }
720
721 static void
722 kaif_modchg_register(void (*func)(struct modctl *, int))
723 {
724 kaif_modchg_cb = func;
725 }
726
727 static void
728 kaif_modchg_cancel(void)
729 {
730 ASSERT(kaif_modchg_cb != NULL);
731
732 kaif_modchg_cb = NULL;
733 }
734
735 void
736 kaif_trap_set_debugger(void)
737 {
738 kmdb_kdi_idt_switch(NULL);
739 }
740
741 void
742 kaif_trap_set_saved(kaif_cpusave_t *cpusave)
743 {
744 kmdb_kdi_idt_switch(cpusave);
745 }
746
747 static void
748 kaif_vmready(void)
749 {
750 }
751
752 void
753 kaif_memavail(caddr_t base, size_t len)
754 {
834 kaif_init,
835 kaif_activate,
836 kmdb_kdi_deactivate,
837 kaif_enter_mon,
838 kaif_modchg_register,
839 kaif_modchg_cancel,
840 kaif_get_cpu_state,
841 kaif_get_master_cpuid,
842 kaif_get_gregs,
843 kaif_get_register,
844 kaif_set_register,
845 kaif_brkpt_arm,
846 kaif_brkpt_disarm,
847 kaif_wapt_validate,
848 kaif_wapt_reserve,
849 kaif_wapt_release,
850 kaif_wapt_arm,
851 kaif_wapt_disarm,
852 kaif_wapt_match,
853 kaif_step,
854 kaif_call,
855 kaif_dump_crumbs,
856 };
|