Print this page
5554 kmdb can't trace stacks that begin within itself
Reviewed by: Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/mdb/intel/mdb/mdb_ia32util.c
+++ new/usr/src/cmd/mdb/intel/mdb/mdb_ia32util.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 24 */
25 25 /*
26 26 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
27 27 * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
28 28 */
29 29
30 30 #include <sys/types.h>
31 31 #include <sys/reg.h>
32 32 #include <sys/privregs.h>
33 33 #include <sys/stack.h>
34 34 #include <sys/frame.h>
35 35
36 36 #include <mdb/mdb_ia32util.h>
37 37 #include <mdb/mdb_target_impl.h>
38 38 #include <mdb/mdb_kreg_impl.h>
39 39 #include <mdb/mdb_debug.h>
40 40 #include <mdb/mdb_modapi.h>
41 41 #include <mdb/mdb_err.h>
42 42 #include <mdb/mdb.h>
43 43
44 44 /*
45 45 * We also define an array of register names and their corresponding
46 46 * array indices. This is used by the getareg and putareg entry points,
47 47 * and also by our register variable discipline.
48 48 */
49 49 const mdb_tgt_regdesc_t mdb_ia32_kregs[] = {
50 50 { "savfp", KREG_SAVFP, MDB_TGT_R_EXPORT },
51 51 { "savpc", KREG_SAVPC, MDB_TGT_R_EXPORT },
52 52 { "eax", KREG_EAX, MDB_TGT_R_EXPORT },
53 53 { "ax", KREG_EAX, MDB_TGT_R_EXPORT | MDB_TGT_R_16 },
54 54 { "ah", KREG_EAX, MDB_TGT_R_EXPORT | MDB_TGT_R_8H },
55 55 { "al", KREG_EAX, MDB_TGT_R_EXPORT | MDB_TGT_R_8L },
56 56 { "ebx", KREG_EBX, MDB_TGT_R_EXPORT },
57 57 { "bx", KREG_EBX, MDB_TGT_R_EXPORT | MDB_TGT_R_16 },
58 58 { "bh", KREG_EBX, MDB_TGT_R_EXPORT | MDB_TGT_R_8H },
59 59 { "bl", KREG_EBX, MDB_TGT_R_EXPORT | MDB_TGT_R_8L },
60 60 { "ecx", KREG_ECX, MDB_TGT_R_EXPORT },
61 61 { "cx", KREG_ECX, MDB_TGT_R_EXPORT | MDB_TGT_R_16 },
62 62 { "ch", KREG_ECX, MDB_TGT_R_EXPORT | MDB_TGT_R_8H },
63 63 { "cl", KREG_ECX, MDB_TGT_R_EXPORT | MDB_TGT_R_8L },
64 64 { "edx", KREG_EDX, MDB_TGT_R_EXPORT },
65 65 { "dx", KREG_EDX, MDB_TGT_R_EXPORT | MDB_TGT_R_16 },
66 66 { "dh", KREG_EDX, MDB_TGT_R_EXPORT | MDB_TGT_R_8H },
67 67 { "dl", KREG_EDX, MDB_TGT_R_EXPORT | MDB_TGT_R_8L },
68 68 { "esi", KREG_ESI, MDB_TGT_R_EXPORT },
69 69 { "si", KREG_ESI, MDB_TGT_R_EXPORT | MDB_TGT_R_16 },
70 70 { "edi", KREG_EDI, MDB_TGT_R_EXPORT },
71 71 { "di", EDI, MDB_TGT_R_EXPORT | MDB_TGT_R_16 },
72 72 { "ebp", KREG_EBP, MDB_TGT_R_EXPORT },
73 73 { "bp", KREG_EBP, MDB_TGT_R_EXPORT | MDB_TGT_R_16 },
74 74 { "esp", KREG_ESP, MDB_TGT_R_EXPORT },
75 75 { "sp", KREG_ESP, MDB_TGT_R_EXPORT | MDB_TGT_R_16 },
76 76 { "cs", KREG_CS, MDB_TGT_R_EXPORT },
77 77 { "ds", KREG_DS, MDB_TGT_R_EXPORT },
78 78 { "ss", KREG_SS, MDB_TGT_R_EXPORT },
79 79 { "es", KREG_ES, MDB_TGT_R_EXPORT },
80 80 { "fs", KREG_FS, MDB_TGT_R_EXPORT },
81 81 { "gs", KREG_GS, MDB_TGT_R_EXPORT },
82 82 { "eflags", KREG_EFLAGS, MDB_TGT_R_EXPORT },
83 83 { "eip", KREG_EIP, MDB_TGT_R_EXPORT },
84 84 { "uesp", KREG_UESP, MDB_TGT_R_EXPORT | MDB_TGT_R_PRIV },
85 85 { "usp", KREG_UESP, MDB_TGT_R_EXPORT | MDB_TGT_R_16 },
86 86 { "trapno", KREG_TRAPNO, MDB_TGT_R_EXPORT | MDB_TGT_R_PRIV },
87 87 { "err", KREG_ERR, MDB_TGT_R_EXPORT | MDB_TGT_R_PRIV },
88 88 { NULL, 0, 0 }
89 89 };
90 90
91 91 void
92 92 mdb_ia32_printregs(const mdb_tgt_gregset_t *gregs)
93 93 {
94 94 const kreg_t *kregs = &gregs->kregs[0];
95 95 kreg_t eflags = kregs[KREG_EFLAGS];
96 96
97 97 mdb_printf("%%cs = 0x%04x\t\t%%eax = 0x%0?p %A\n",
98 98 kregs[KREG_CS], kregs[KREG_EAX], kregs[KREG_EAX]);
99 99
100 100 mdb_printf("%%ds = 0x%04x\t\t%%ebx = 0x%0?p %A\n",
101 101 kregs[KREG_DS], kregs[KREG_EBX], kregs[KREG_EBX]);
102 102
103 103 mdb_printf("%%ss = 0x%04x\t\t%%ecx = 0x%0?p %A\n",
104 104 kregs[KREG_SS], kregs[KREG_ECX], kregs[KREG_ECX]);
105 105
106 106 mdb_printf("%%es = 0x%04x\t\t%%edx = 0x%0?p %A\n",
107 107 kregs[KREG_ES], kregs[KREG_EDX], kregs[KREG_EDX]);
108 108
109 109 mdb_printf("%%fs = 0x%04x\t\t%%esi = 0x%0?p %A\n",
110 110 kregs[KREG_FS], kregs[KREG_ESI], kregs[KREG_ESI]);
111 111
112 112 mdb_printf("%%gs = 0x%04x\t\t%%edi = 0x%0?p %A\n\n",
113 113 kregs[KREG_GS], kregs[KREG_EDI], kregs[KREG_EDI]);
114 114
115 115 mdb_printf("%%eip = 0x%0?p %A\n", kregs[KREG_EIP], kregs[KREG_EIP]);
116 116 mdb_printf("%%ebp = 0x%0?p\n", kregs[KREG_EBP]);
117 117 mdb_printf("%%esp = 0x%0?p\n\n", kregs[KREG_ESP]);
118 118 mdb_printf("%%eflags = 0x%08x\n", eflags);
119 119
120 120 mdb_printf(" id=%u vip=%u vif=%u ac=%u vm=%u rf=%u nt=%u iopl=0x%x\n",
121 121 (eflags & KREG_EFLAGS_ID_MASK) >> KREG_EFLAGS_ID_SHIFT,
122 122 (eflags & KREG_EFLAGS_VIP_MASK) >> KREG_EFLAGS_VIP_SHIFT,
123 123 (eflags & KREG_EFLAGS_VIF_MASK) >> KREG_EFLAGS_VIF_SHIFT,
124 124 (eflags & KREG_EFLAGS_AC_MASK) >> KREG_EFLAGS_AC_SHIFT,
125 125 (eflags & KREG_EFLAGS_VM_MASK) >> KREG_EFLAGS_VM_SHIFT,
126 126 (eflags & KREG_EFLAGS_RF_MASK) >> KREG_EFLAGS_RF_SHIFT,
127 127 (eflags & KREG_EFLAGS_NT_MASK) >> KREG_EFLAGS_NT_SHIFT,
128 128 (eflags & KREG_EFLAGS_IOPL_MASK) >> KREG_EFLAGS_IOPL_SHIFT);
129 129
130 130 mdb_printf(" status=<%s,%s,%s,%s,%s,%s,%s,%s,%s>\n\n",
131 131 (eflags & KREG_EFLAGS_OF_MASK) ? "OF" : "of",
132 132 (eflags & KREG_EFLAGS_DF_MASK) ? "DF" : "df",
133 133 (eflags & KREG_EFLAGS_IF_MASK) ? "IF" : "if",
134 134 (eflags & KREG_EFLAGS_TF_MASK) ? "TF" : "tf",
135 135 (eflags & KREG_EFLAGS_SF_MASK) ? "SF" : "sf",
136 136 (eflags & KREG_EFLAGS_ZF_MASK) ? "ZF" : "zf",
137 137 (eflags & KREG_EFLAGS_AF_MASK) ? "AF" : "af",
138 138 (eflags & KREG_EFLAGS_PF_MASK) ? "PF" : "pf",
139 139 (eflags & KREG_EFLAGS_CF_MASK) ? "CF" : "cf");
140 140
141 141 #ifndef _KMDB
142 142 mdb_printf(" %%uesp = 0x%0?x\n", kregs[KREG_UESP]);
143 143 #endif
144 144 mdb_printf("%%trapno = 0x%x\n", kregs[KREG_TRAPNO]);
145 145 mdb_printf(" %%err = 0x%x\n", kregs[KREG_ERR]);
146 146 }
147 147
148 148 /*
149 149 * Given a return address (%eip), determine the likely number of arguments
150 150 * that were pushed on the stack prior to its execution. We do this by
151 151 * expecting that a typical call sequence consists of pushing arguments on
152 152 * the stack, executing a call instruction, and then performing an add
153 153 * on %esp to restore it to the value prior to pushing the arguments for
154 154 * the call. We attempt to detect such an add, and divide the addend
155 155 * by the size of a word to determine the number of pushed arguments.
156 156 */
157 157 static uint_t
158 158 kvm_argcount(mdb_tgt_t *t, uintptr_t eip, ssize_t size)
159 159 {
160 160 uint8_t ins[6];
161 161 ulong_t n;
162 162
163 163 enum {
164 164 M_MODRM_ESP = 0xc4, /* Mod/RM byte indicates %esp */
165 165 M_ADD_IMM32 = 0x81, /* ADD imm32 to r/m32 */
166 166 M_ADD_IMM8 = 0x83 /* ADD imm8 to r/m32 */
167 167 };
168 168
169 169 if (mdb_tgt_vread(t, ins, sizeof (ins), eip) != sizeof (ins))
170 170 return (0);
171 171
172 172 if (ins[1] != M_MODRM_ESP)
173 173 return (0);
174 174
175 175 switch (ins[0]) {
176 176 case M_ADD_IMM32:
177 177 n = ins[2] + (ins[3] << 8) + (ins[4] << 16) + (ins[5] << 24);
178 178 break;
179 179
180 180 case M_ADD_IMM8:
181 181 n = ins[2];
182 182 break;
183 183
184 184 default:
185 185 n = 0;
186 186 }
187 187
188 188 return (MIN((ssize_t)n, size) / sizeof (long));
189 189 }
|
↓ open down ↓ |
189 lines elided |
↑ open up ↑ |
190 190
191 191 int
192 192 mdb_ia32_kvm_stack_iter(mdb_tgt_t *t, const mdb_tgt_gregset_t *gsp,
193 193 mdb_tgt_stack_f *func, void *arg)
194 194 {
195 195 mdb_tgt_gregset_t gregs;
196 196 kreg_t *kregs = &gregs.kregs[0];
197 197 int got_pc = (gsp->kregs[KREG_EIP] != 0);
198 198 int err;
199 199
200 - struct {
200 + struct fr {
201 201 uintptr_t fr_savfp;
202 202 uintptr_t fr_savpc;
203 203 long fr_argv[32];
204 204 } fr;
205 205
206 206 uintptr_t fp = gsp->kregs[KREG_EBP];
207 207 uintptr_t pc = gsp->kregs[KREG_EIP];
208 208 uintptr_t lastfp = 0;
209 209
210 210 ssize_t size;
211 211 uint_t argc;
212 212 int detect_exception_frames = 0;
213 + int advance_tortoise = 1;
214 + uintptr_t tortoise_fp = 0;
213 215 #ifndef _KMDB
214 216 int xp;
215 217
216 218 if ((mdb_readsym(&xp, sizeof (xp), "xpv_panicking") != -1) && (xp > 0))
217 219 detect_exception_frames = 1;
218 220 #endif
219 221
220 222 bcopy(gsp, &gregs, sizeof (gregs));
221 223
222 224 while (fp != 0) {
223 -
224 - /*
225 - * Ensure progress (increasing fp), and prevent
226 - * endless loop with the same FP.
227 - */
228 - if (fp <= lastfp) {
229 - err = EMDB_STKFRAME;
230 - goto badfp;
231 - }
232 225 if (fp & (STACK_ALIGN - 1)) {
233 226 err = EMDB_STKALIGN;
234 227 goto badfp;
235 228 }
236 229 if ((size = mdb_tgt_vread(t, &fr, sizeof (fr), fp)) >=
237 230 (ssize_t)(2 * sizeof (uintptr_t))) {
238 231 size -= (ssize_t)(2 * sizeof (uintptr_t));
239 232 argc = kvm_argcount(t, fr.fr_savpc, size);
240 233 } else {
241 234 err = EMDB_NOMAP;
242 235 goto badfp;
243 236 }
244 237
238 + if (tortoise_fp == 0) {
239 + tortoise_fp = fp;
240 + } else {
241 + if (advance_tortoise != 0) {
242 + struct fr tfr;
243 +
244 + if (mdb_tgt_vread(t, &tfr, sizeof (tfr),
245 + tortoise_fp) != sizeof (tfr)) {
246 + err = EMDB_NOMAP;
247 + goto badfp;
248 + }
249 +
250 + tortoise_fp = tfr.fr_savfp;
251 + }
252 +
253 + if (fp == tortoise_fp) {
254 + err = EMDB_STKFRAME;
255 + goto badfp;
256 + }
257 + }
258 +
259 + advance_tortoise = !advance_tortoise;
260 +
245 261 if (got_pc && func(arg, pc, argc, fr.fr_argv, &gregs) != 0)
246 262 break;
247 263
248 264 kregs[KREG_ESP] = kregs[KREG_EBP];
249 265
250 266 lastfp = fp;
251 267 fp = fr.fr_savfp;
252 268 /*
253 269 * The Xen hypervisor marks a stack frame as belonging to
254 270 * an exception by inverting the bits of the pointer to
255 271 * that frame. We attempt to identify these frames by
256 272 * inverting the pointer and seeing if it is within 0xfff
257 273 * bytes of the last frame.
258 274 */
259 275 if (detect_exception_frames)
260 276 if ((fp != 0) && (fp < lastfp) &&
261 277 ((lastfp ^ ~fp) < 0xfff))
262 278 fp = ~fp;
263 279
264 280 kregs[KREG_EBP] = fp;
265 281 kregs[KREG_EIP] = pc = fr.fr_savpc;
266 282
267 283 got_pc = (pc != 0);
268 284 }
269 285
270 286 return (0);
271 287
272 288 badfp:
273 289 mdb_printf("%p [%s]", fp, mdb_strerror(err));
274 290 return (set_errno(err));
275 291 }
276 292
277 293 /*
278 294 * Determine the return address for the current frame. Typically this is the
279 295 * fr_savpc value from the current frame, but we also perform some special
280 296 * handling to see if we are stopped on one of the first two instructions of a
281 297 * typical function prologue, in which case %ebp will not be set up yet.
282 298 */
283 299 int
284 300 mdb_ia32_step_out(mdb_tgt_t *t, uintptr_t *p, kreg_t pc, kreg_t fp, kreg_t sp,
285 301 mdb_instr_t curinstr)
286 302 {
287 303 struct frame fr;
288 304 GElf_Sym s;
289 305 char buf[1];
290 306
291 307 enum {
292 308 M_PUSHL_EBP = 0x55, /* pushl %ebp */
293 309 M_MOVL_EBP = 0x8b /* movl %esp, %ebp */
294 310 };
295 311
296 312 if (mdb_tgt_lookup_by_addr(t, pc, MDB_TGT_SYM_FUZZY,
297 313 buf, 0, &s, NULL) == 0) {
298 314 if (pc == s.st_value && curinstr == M_PUSHL_EBP)
299 315 fp = sp - 4;
300 316 else if (pc == s.st_value + 1 && curinstr == M_MOVL_EBP)
301 317 fp = sp;
302 318 }
303 319
304 320 if (mdb_tgt_vread(t, &fr, sizeof (fr), fp) == sizeof (fr)) {
305 321 *p = fr.fr_savpc;
306 322 return (0);
307 323 }
308 324
309 325 return (-1); /* errno is set for us */
310 326 }
311 327
312 328 /*
313 329 * Return the address of the next instruction following a call, or return -1
314 330 * and set errno to EAGAIN if the target should just single-step. We perform
315 331 * a bit of disassembly on the current instruction in order to determine if it
316 332 * is a call and how many bytes should be skipped, depending on the exact form
317 333 * of the call instruction that is being used.
318 334 */
319 335 int
320 336 mdb_ia32_next(mdb_tgt_t *t, uintptr_t *p, kreg_t pc, mdb_instr_t curinstr)
321 337 {
322 338 uint8_t m;
323 339
324 340 enum {
325 341 M_CALL_REL = 0xe8, /* call near with relative displacement */
326 342 M_CALL_REG = 0xff, /* call near indirect or call far register */
327 343
328 344 M_MODRM_MD = 0xc0, /* mask for Mod/RM byte Mod field */
329 345 M_MODRM_OP = 0x38, /* mask for Mod/RM byte opcode field */
330 346 M_MODRM_RM = 0x07, /* mask for Mod/RM byte R/M field */
331 347
332 348 M_MD_IND = 0x00, /* Mod code for [REG] */
333 349 M_MD_DSP8 = 0x40, /* Mod code for disp8[REG] */
334 350 M_MD_DSP32 = 0x80, /* Mod code for disp32[REG] */
335 351 M_MD_REG = 0xc0, /* Mod code for REG */
336 352
337 353 M_OP_IND = 0x10, /* Opcode for call near indirect */
338 354 M_RM_DSP32 = 0x05 /* R/M code for disp32 */
339 355 };
340 356
341 357 /*
342 358 * If the opcode is a near call with relative displacement, assume the
343 359 * displacement is a rel32 from the next instruction.
344 360 */
345 361 if (curinstr == M_CALL_REL) {
346 362 *p = pc + sizeof (mdb_instr_t) + sizeof (uint32_t);
347 363 return (0);
348 364 }
349 365
350 366 /*
351 367 * If the opcode is a call near indirect or call far register opcode,
352 368 * read the subsequent Mod/RM byte to perform additional decoding.
353 369 */
354 370 if (curinstr == M_CALL_REG) {
355 371 if (mdb_tgt_vread(t, &m, sizeof (m), pc + 1) != sizeof (m))
356 372 return (-1); /* errno is set for us */
357 373
358 374 /*
359 375 * If the Mod/RM opcode extension indicates a near indirect
360 376 * call, then skip the appropriate number of additional
361 377 * bytes depending on the addressing form that is used.
362 378 */
363 379 if ((m & M_MODRM_OP) == M_OP_IND) {
364 380 switch (m & M_MODRM_MD) {
365 381 case M_MD_DSP8:
366 382 *p = pc + 3; /* skip pr_instr, m, disp8 */
367 383 break;
368 384 case M_MD_DSP32:
369 385 *p = pc + 6; /* skip pr_instr, m, disp32 */
370 386 break;
371 387 case M_MD_IND:
372 388 if ((m & M_MODRM_RM) == M_RM_DSP32) {
373 389 *p = pc + 6;
374 390 break; /* skip pr_instr, m, disp32 */
375 391 }
376 392 /* FALLTHRU */
377 393 case M_MD_REG:
378 394 *p = pc + 2; /* skip pr_instr, m */
379 395 break;
380 396 }
381 397 return (0);
382 398 }
383 399 }
384 400
385 401 return (set_errno(EAGAIN));
386 402 }
387 403
388 404 /*ARGSUSED*/
389 405 int
390 406 mdb_ia32_kvm_frame(void *arglim, uintptr_t pc, uint_t argc, const long *argv,
391 407 const mdb_tgt_gregset_t *gregs)
392 408 {
393 409 argc = MIN(argc, (uint_t)arglim);
394 410 mdb_printf("%a(", pc);
395 411
396 412 if (argc != 0) {
397 413 mdb_printf("%lr", *argv++);
398 414 for (argc--; argc != 0; argc--)
399 415 mdb_printf(", %lr", *argv++);
400 416 }
401 417
402 418 mdb_printf(")\n");
403 419 return (0);
404 420 }
405 421
406 422 int
407 423 mdb_ia32_kvm_framev(void *arglim, uintptr_t pc, uint_t argc, const long *argv,
408 424 const mdb_tgt_gregset_t *gregs)
409 425 {
410 426 argc = MIN(argc, (uint_t)arglim);
411 427 mdb_printf("%0?lr %a(", gregs->kregs[KREG_EBP], pc);
412 428
413 429 if (argc != 0) {
414 430 mdb_printf("%lr", *argv++);
415 431 for (argc--; argc != 0; argc--)
416 432 mdb_printf(", %lr", *argv++);
417 433 }
418 434
419 435 mdb_printf(")\n");
420 436 return (0);
421 437 }
|
↓ open down ↓ |
167 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX