xref: /freebsd-14-stable/usr.sbin/bhyve/gdb.c (revision f4d580a547341362cacc79383a24e51c6875ff9a)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
3  *
4  * Copyright (c) 2017-2018 John H. Baldwin <jhb@FreeBSD.org>
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25  * SUCH DAMAGE.
26  */
27 
28 #include <sys/cdefs.h>
29 #include <sys/param.h>
30 #ifndef WITHOUT_CAPSICUM
31 #include <sys/capsicum.h>
32 #endif
33 #include <sys/endian.h>
34 #include <sys/ioctl.h>
35 #include <sys/mman.h>
36 #include <sys/queue.h>
37 #include <sys/socket.h>
38 #include <sys/stat.h>
39 
40 #include <machine/atomic.h>
41 #include <machine/specialreg.h>
42 #include <machine/vmm.h>
43 #include <netinet/in.h>
44 #include <assert.h>
45 #ifndef WITHOUT_CAPSICUM
46 #include <capsicum_helpers.h>
47 #endif
48 #include <err.h>
49 #include <errno.h>
50 #include <fcntl.h>
51 #include <netdb.h>
52 #include <pthread.h>
53 #include <pthread_np.h>
54 #include <stdbool.h>
55 #include <stdio.h>
56 #include <stdlib.h>
57 #include <string.h>
58 #include <sysexits.h>
59 #include <unistd.h>
60 #include <vmmapi.h>
61 
62 #include "bhyverun.h"
63 #include "config.h"
64 #include "debug.h"
65 #include "gdb.h"
66 #include "mem.h"
67 #include "mevent.h"
68 
69 #define	_PATH_GDB_XML		"/usr/share/bhyve/gdb"
70 
71 /*
72  * GDB_SIGNAL_* numbers are part of the GDB remote protocol.  Most stops
73  * use SIGTRAP.
74  */
75 #define	GDB_SIGNAL_TRAP		5
76 
77 #define	GDB_BP_SIZE		1
78 #define	GDB_BP_INSTR		(uint8_t []){0xcc}
79 #define	GDB_PC_REGNAME		VM_REG_GUEST_RIP
80 
81 _Static_assert(sizeof(GDB_BP_INSTR) == GDB_BP_SIZE,
82     "GDB_BP_INSTR has wrong size");
83 
84 static void gdb_resume_vcpus(void);
85 static void check_command(int fd);
86 
87 static struct mevent *read_event, *write_event;
88 
89 static cpuset_t vcpus_active, vcpus_suspended, vcpus_waiting;
90 static pthread_mutex_t gdb_lock;
91 static pthread_cond_t idle_vcpus;
92 static bool first_stop, report_next_stop, swbreak_enabled;
93 static int xml_dfd = -1;
94 
95 /*
96  * An I/O buffer contains 'capacity' bytes of room at 'data'.  For a
97  * read buffer, 'start' is unused and 'len' contains the number of
98  * valid bytes in the buffer.  For a write buffer, 'start' is set to
99  * the index of the next byte in 'data' to send, and 'len' contains
100  * the remaining number of valid bytes to send.
101  */
102 struct io_buffer {
103 	uint8_t *data;
104 	size_t capacity;
105 	size_t start;
106 	size_t len;
107 };
108 
109 struct breakpoint {
110 	uint64_t gpa;
111 	uint8_t shadow_inst[GDB_BP_SIZE];
112 	TAILQ_ENTRY(breakpoint) link;
113 };
114 
115 /*
116  * When a vCPU stops to due to an event that should be reported to the
117  * debugger, information about the event is stored in this structure.
118  * The vCPU thread then sets 'stopped_vcpu' if it is not already set
119  * and stops other vCPUs so the event can be reported.  The
120  * report_stop() function reports the event for the 'stopped_vcpu'
121  * vCPU.  When the debugger resumes execution via continue or step,
122  * the event for 'stopped_vcpu' is cleared.  vCPUs will loop in their
123  * event handlers until the associated event is reported or disabled.
124  *
125  * An idle vCPU will have all of the boolean fields set to false.
126  *
127  * When a vCPU is stepped, 'stepping' is set to true when the vCPU is
128  * released to execute the stepped instruction.  When the vCPU reports
129  * the stepping trap, 'stepped' is set.
130  *
131  * When a vCPU hits a breakpoint set by the debug server,
132  * 'hit_swbreak' is set to true.
133  */
134 struct vcpu_state {
135 	bool stepping;
136 	bool stepped;
137 	bool hit_swbreak;
138 };
139 
140 static struct io_buffer cur_comm, cur_resp;
141 static uint8_t cur_csum;
142 static struct vmctx *ctx;
143 static int cur_fd = -1;
144 static TAILQ_HEAD(, breakpoint) breakpoints;
145 static struct vcpu_state *vcpu_state;
146 static struct vcpu **vcpus;
147 static int cur_vcpu, stopped_vcpu;
148 static bool gdb_active = false;
149 
150 static const struct gdb_reg {
151 	enum vm_reg_name id;
152 	int size;
153 } gdb_regset[] = {
154 	{ .id = VM_REG_GUEST_RAX, .size = 8 },
155 	{ .id = VM_REG_GUEST_RBX, .size = 8 },
156 	{ .id = VM_REG_GUEST_RCX, .size = 8 },
157 	{ .id = VM_REG_GUEST_RDX, .size = 8 },
158 	{ .id = VM_REG_GUEST_RSI, .size = 8 },
159 	{ .id = VM_REG_GUEST_RDI, .size = 8 },
160 	{ .id = VM_REG_GUEST_RBP, .size = 8 },
161 	{ .id = VM_REG_GUEST_RSP, .size = 8 },
162 	{ .id = VM_REG_GUEST_R8, .size = 8 },
163 	{ .id = VM_REG_GUEST_R9, .size = 8 },
164 	{ .id = VM_REG_GUEST_R10, .size = 8 },
165 	{ .id = VM_REG_GUEST_R11, .size = 8 },
166 	{ .id = VM_REG_GUEST_R12, .size = 8 },
167 	{ .id = VM_REG_GUEST_R13, .size = 8 },
168 	{ .id = VM_REG_GUEST_R14, .size = 8 },
169 	{ .id = VM_REG_GUEST_R15, .size = 8 },
170 	{ .id = VM_REG_GUEST_RIP, .size = 8 },
171 	{ .id = VM_REG_GUEST_RFLAGS, .size = 4 },
172 	{ .id = VM_REG_GUEST_CS, .size = 4 },
173 	{ .id = VM_REG_GUEST_SS, .size = 4 },
174 	{ .id = VM_REG_GUEST_DS, .size = 4 },
175 	{ .id = VM_REG_GUEST_ES, .size = 4 },
176 	{ .id = VM_REG_GUEST_FS, .size = 4 },
177 	{ .id = VM_REG_GUEST_GS, .size = 4 },
178 	/*
179 	 * Registers past this point are not included in a reply to a 'g' query,
180 	 * to provide compatibility with debuggers that do not fetch a target
181 	 * description.  The debugger can query them individually with 'p' if it
182 	 * knows about them.
183 	 */
184 #define	GDB_REG_FIRST_EXT	VM_REG_GUEST_FS_BASE
185 	{ .id = VM_REG_GUEST_FS_BASE, .size = 8 },
186 	{ .id = VM_REG_GUEST_GS_BASE, .size = 8 },
187 	{ .id = VM_REG_GUEST_KGS_BASE, .size = 8 },
188 	{ .id = VM_REG_GUEST_CR0, .size = 8 },
189 	{ .id = VM_REG_GUEST_CR2, .size = 8 },
190 	{ .id = VM_REG_GUEST_CR3, .size = 8 },
191 	{ .id = VM_REG_GUEST_CR4, .size = 8 },
192 	{ .id = VM_REG_GUEST_TPR, .size = 8 },
193 	{ .id = VM_REG_GUEST_EFER, .size = 8 },
194 };
195 
196 #ifdef GDB_LOG
197 #include <stdarg.h>
198 #include <stdio.h>
199 
200 static void __printflike(1, 2)
debug(const char * fmt,...)201 debug(const char *fmt, ...)
202 {
203 	static FILE *logfile;
204 	va_list ap;
205 
206 	if (logfile == NULL) {
207 		logfile = fopen("/tmp/bhyve_gdb.log", "w");
208 		if (logfile == NULL)
209 			return;
210 #ifndef WITHOUT_CAPSICUM
211 		if (caph_limit_stream(fileno(logfile), CAPH_WRITE) == -1) {
212 			fclose(logfile);
213 			logfile = NULL;
214 			return;
215 		}
216 #endif
217 		setlinebuf(logfile);
218 	}
219 	va_start(ap, fmt);
220 	vfprintf(logfile, fmt, ap);
221 	va_end(ap);
222 }
223 #else
224 #define debug(...)
225 #endif
226 
227 static void	remove_all_sw_breakpoints(void);
228 
229 static int
guest_paging_info(struct vcpu * vcpu,struct vm_guest_paging * paging)230 guest_paging_info(struct vcpu *vcpu, struct vm_guest_paging *paging)
231 {
232 	uint64_t regs[4];
233 	const int regset[4] = {
234 		VM_REG_GUEST_CR0,
235 		VM_REG_GUEST_CR3,
236 		VM_REG_GUEST_CR4,
237 		VM_REG_GUEST_EFER
238 	};
239 
240 	if (vm_get_register_set(vcpu, nitems(regset), regset, regs) == -1)
241 		return (-1);
242 
243 	/*
244 	 * For the debugger, always pretend to be the kernel (CPL 0),
245 	 * and if long-mode is enabled, always parse addresses as if
246 	 * in 64-bit mode.
247 	 */
248 	paging->cr3 = regs[1];
249 	paging->cpl = 0;
250 	if (regs[3] & EFER_LMA)
251 		paging->cpu_mode = CPU_MODE_64BIT;
252 	else if (regs[0] & CR0_PE)
253 		paging->cpu_mode = CPU_MODE_PROTECTED;
254 	else
255 		paging->cpu_mode = CPU_MODE_REAL;
256 	if (!(regs[0] & CR0_PG))
257 		paging->paging_mode = PAGING_MODE_FLAT;
258 	else if (!(regs[2] & CR4_PAE))
259 		paging->paging_mode = PAGING_MODE_32;
260 	else if (regs[3] & EFER_LME)
261 		paging->paging_mode = (regs[2] & CR4_LA57) ?
262 		    PAGING_MODE_64_LA57 :  PAGING_MODE_64;
263 	else
264 		paging->paging_mode = PAGING_MODE_PAE;
265 	return (0);
266 }
267 
268 /*
269  * Map a guest virtual address to a physical address (for a given vcpu).
270  * If a guest virtual address is valid, return 1.  If the address is
271  * not valid, return 0.  If an error occurs obtaining the mapping,
272  * return -1.
273  */
274 static int
guest_vaddr2paddr(struct vcpu * vcpu,uint64_t vaddr,uint64_t * paddr)275 guest_vaddr2paddr(struct vcpu *vcpu, uint64_t vaddr, uint64_t *paddr)
276 {
277 	struct vm_guest_paging paging;
278 	int fault;
279 
280 	if (guest_paging_info(vcpu, &paging) == -1)
281 		return (-1);
282 
283 	/*
284 	 * Always use PROT_READ.  We really care if the VA is
285 	 * accessible, not if the current vCPU can write.
286 	 */
287 	if (vm_gla2gpa_nofault(vcpu, &paging, vaddr, PROT_READ, paddr,
288 	    &fault) == -1)
289 		return (-1);
290 	if (fault)
291 		return (0);
292 	return (1);
293 }
294 
295 static uint64_t
guest_pc(struct vm_exit * vme)296 guest_pc(struct vm_exit *vme)
297 {
298 	return (vme->rip);
299 }
300 
301 static void
io_buffer_reset(struct io_buffer * io)302 io_buffer_reset(struct io_buffer *io)
303 {
304 
305 	io->start = 0;
306 	io->len = 0;
307 }
308 
309 /* Available room for adding data. */
310 static size_t
io_buffer_avail(struct io_buffer * io)311 io_buffer_avail(struct io_buffer *io)
312 {
313 
314 	return (io->capacity - (io->start + io->len));
315 }
316 
317 static uint8_t *
io_buffer_head(struct io_buffer * io)318 io_buffer_head(struct io_buffer *io)
319 {
320 
321 	return (io->data + io->start);
322 }
323 
324 static uint8_t *
io_buffer_tail(struct io_buffer * io)325 io_buffer_tail(struct io_buffer *io)
326 {
327 
328 	return (io->data + io->start + io->len);
329 }
330 
331 static void
io_buffer_advance(struct io_buffer * io,size_t amount)332 io_buffer_advance(struct io_buffer *io, size_t amount)
333 {
334 
335 	assert(amount <= io->len);
336 	io->start += amount;
337 	io->len -= amount;
338 }
339 
340 static void
io_buffer_consume(struct io_buffer * io,size_t amount)341 io_buffer_consume(struct io_buffer *io, size_t amount)
342 {
343 
344 	io_buffer_advance(io, amount);
345 	if (io->len == 0) {
346 		io->start = 0;
347 		return;
348 	}
349 
350 	/*
351 	 * XXX: Consider making this move optional and compacting on a
352 	 * future read() before realloc().
353 	 */
354 	memmove(io->data, io_buffer_head(io), io->len);
355 	io->start = 0;
356 }
357 
358 static void
io_buffer_grow(struct io_buffer * io,size_t newsize)359 io_buffer_grow(struct io_buffer *io, size_t newsize)
360 {
361 	uint8_t *new_data;
362 	size_t avail, new_cap;
363 
364 	avail = io_buffer_avail(io);
365 	if (newsize <= avail)
366 		return;
367 
368 	new_cap = io->capacity + (newsize - avail);
369 	new_data = realloc(io->data, new_cap);
370 	if (new_data == NULL)
371 		err(1, "Failed to grow GDB I/O buffer");
372 	io->data = new_data;
373 	io->capacity = new_cap;
374 }
375 
376 static bool
response_pending(void)377 response_pending(void)
378 {
379 
380 	if (cur_resp.start == 0 && cur_resp.len == 0)
381 		return (false);
382 	if (cur_resp.start + cur_resp.len == 1 && cur_resp.data[0] == '+')
383 		return (false);
384 	return (true);
385 }
386 
387 static void
close_connection(void)388 close_connection(void)
389 {
390 
391 	/*
392 	 * XXX: This triggers a warning because mevent does the close
393 	 * before the EV_DELETE.
394 	 */
395 	pthread_mutex_lock(&gdb_lock);
396 	mevent_delete(write_event);
397 	mevent_delete_close(read_event);
398 	write_event = NULL;
399 	read_event = NULL;
400 	io_buffer_reset(&cur_comm);
401 	io_buffer_reset(&cur_resp);
402 	cur_fd = -1;
403 
404 	remove_all_sw_breakpoints();
405 
406 	/* Clear any pending events. */
407 	memset(vcpu_state, 0, guest_ncpus * sizeof(*vcpu_state));
408 
409 	/* Resume any stopped vCPUs. */
410 	gdb_resume_vcpus();
411 	pthread_mutex_unlock(&gdb_lock);
412 }
413 
414 static uint8_t
hex_digit(uint8_t nibble)415 hex_digit(uint8_t nibble)
416 {
417 
418 	if (nibble <= 9)
419 		return (nibble + '0');
420 	else
421 		return (nibble + 'a' - 10);
422 }
423 
424 static uint8_t
parse_digit(uint8_t v)425 parse_digit(uint8_t v)
426 {
427 
428 	if (v >= '0' && v <= '9')
429 		return (v - '0');
430 	if (v >= 'a' && v <= 'f')
431 		return (v - 'a' + 10);
432 	if (v >= 'A' && v <= 'F')
433 		return (v - 'A' + 10);
434 	return (0xF);
435 }
436 
437 /* Parses big-endian hexadecimal. */
438 static uintmax_t
parse_integer(const uint8_t * p,size_t len)439 parse_integer(const uint8_t *p, size_t len)
440 {
441 	uintmax_t v;
442 
443 	v = 0;
444 	while (len > 0) {
445 		v <<= 4;
446 		v |= parse_digit(*p);
447 		p++;
448 		len--;
449 	}
450 	return (v);
451 }
452 
453 static uint8_t
parse_byte(const uint8_t * p)454 parse_byte(const uint8_t *p)
455 {
456 
457 	return (parse_digit(p[0]) << 4 | parse_digit(p[1]));
458 }
459 
460 static void
send_pending_data(int fd)461 send_pending_data(int fd)
462 {
463 	ssize_t nwritten;
464 
465 	if (cur_resp.len == 0) {
466 		mevent_disable(write_event);
467 		return;
468 	}
469 	nwritten = write(fd, io_buffer_head(&cur_resp), cur_resp.len);
470 	if (nwritten == -1) {
471 		warn("Write to GDB socket failed");
472 		close_connection();
473 	} else {
474 		io_buffer_advance(&cur_resp, nwritten);
475 		if (cur_resp.len == 0)
476 			mevent_disable(write_event);
477 		else
478 			mevent_enable(write_event);
479 	}
480 }
481 
482 /* Append a single character to the output buffer. */
483 static void
send_char(uint8_t data)484 send_char(uint8_t data)
485 {
486 	io_buffer_grow(&cur_resp, 1);
487 	*io_buffer_tail(&cur_resp) = data;
488 	cur_resp.len++;
489 }
490 
491 /* Append an array of bytes to the output buffer. */
492 static void
send_data(const uint8_t * data,size_t len)493 send_data(const uint8_t *data, size_t len)
494 {
495 
496 	io_buffer_grow(&cur_resp, len);
497 	memcpy(io_buffer_tail(&cur_resp), data, len);
498 	cur_resp.len += len;
499 }
500 
501 static void
format_byte(uint8_t v,uint8_t * buf)502 format_byte(uint8_t v, uint8_t *buf)
503 {
504 
505 	buf[0] = hex_digit(v >> 4);
506 	buf[1] = hex_digit(v & 0xf);
507 }
508 
509 /*
510  * Append a single byte (formatted as two hex characters) to the
511  * output buffer.
512  */
513 static void
send_byte(uint8_t v)514 send_byte(uint8_t v)
515 {
516 	uint8_t buf[2];
517 
518 	format_byte(v, buf);
519 	send_data(buf, sizeof(buf));
520 }
521 
522 static void
start_packet(void)523 start_packet(void)
524 {
525 
526 	send_char('$');
527 	cur_csum = 0;
528 }
529 
530 static void
finish_packet(void)531 finish_packet(void)
532 {
533 
534 	send_char('#');
535 	send_byte(cur_csum);
536 	debug("-> %.*s\n", (int)cur_resp.len, io_buffer_head(&cur_resp));
537 }
538 
539 /*
540  * Append a single character (for the packet payload) and update the
541  * checksum.
542  */
543 static void
append_char(uint8_t v)544 append_char(uint8_t v)
545 {
546 
547 	send_char(v);
548 	cur_csum += v;
549 }
550 
551 /*
552  * Append an array of bytes (for the packet payload) and update the
553  * checksum.
554  */
555 static void
append_packet_data(const uint8_t * data,size_t len)556 append_packet_data(const uint8_t *data, size_t len)
557 {
558 
559 	send_data(data, len);
560 	while (len > 0) {
561 		cur_csum += *data;
562 		data++;
563 		len--;
564 	}
565 }
566 
567 static void
append_binary_data(const uint8_t * data,size_t len)568 append_binary_data(const uint8_t *data, size_t len)
569 {
570 	uint8_t buf[2];
571 
572 	for (; len > 0; data++, len--) {
573 		switch (*data) {
574 		case '}':
575 		case '#':
576 		case '$':
577 		case '*':
578 			buf[0] = 0x7d;
579 			buf[1] = *data ^ 0x20;
580 			append_packet_data(buf, 2);
581 			break;
582 		default:
583 			append_packet_data(data, 1);
584 			break;
585 		}
586 	}
587 }
588 
589 static void
append_string(const char * str)590 append_string(const char *str)
591 {
592 
593 	append_packet_data(str, strlen(str));
594 }
595 
596 static void
append_byte(uint8_t v)597 append_byte(uint8_t v)
598 {
599 	uint8_t buf[2];
600 
601 	format_byte(v, buf);
602 	append_packet_data(buf, sizeof(buf));
603 }
604 
605 static void
append_unsigned_native(uintmax_t value,size_t len)606 append_unsigned_native(uintmax_t value, size_t len)
607 {
608 	size_t i;
609 
610 	for (i = 0; i < len; i++) {
611 		append_byte(value);
612 		value >>= 8;
613 	}
614 }
615 
616 static void
append_unsigned_be(uintmax_t value,size_t len)617 append_unsigned_be(uintmax_t value, size_t len)
618 {
619 	char buf[len * 2];
620 	size_t i;
621 
622 	for (i = 0; i < len; i++) {
623 		format_byte(value, buf + (len - i - 1) * 2);
624 		value >>= 8;
625 	}
626 	append_packet_data(buf, sizeof(buf));
627 }
628 
629 static void
append_integer(unsigned int value)630 append_integer(unsigned int value)
631 {
632 
633 	if (value == 0)
634 		append_char('0');
635 	else
636 		append_unsigned_be(value, (fls(value) + 7) / 8);
637 }
638 
639 static void
append_asciihex(const char * str)640 append_asciihex(const char *str)
641 {
642 
643 	while (*str != '\0') {
644 		append_byte(*str);
645 		str++;
646 	}
647 }
648 
649 static void
send_empty_response(void)650 send_empty_response(void)
651 {
652 
653 	start_packet();
654 	finish_packet();
655 }
656 
657 static void
send_error(int error)658 send_error(int error)
659 {
660 
661 	start_packet();
662 	append_char('E');
663 	append_byte(error);
664 	finish_packet();
665 }
666 
667 static void
send_ok(void)668 send_ok(void)
669 {
670 
671 	start_packet();
672 	append_string("OK");
673 	finish_packet();
674 }
675 
676 static int
parse_threadid(const uint8_t * data,size_t len)677 parse_threadid(const uint8_t *data, size_t len)
678 {
679 
680 	if (len == 1 && *data == '0')
681 		return (0);
682 	if (len == 2 && memcmp(data, "-1", 2) == 0)
683 		return (-1);
684 	if (len == 0)
685 		return (-2);
686 	return (parse_integer(data, len));
687 }
688 
689 /*
690  * Report the current stop event to the debugger.  If the stop is due
691  * to an event triggered on a specific vCPU such as a breakpoint or
692  * stepping trap, stopped_vcpu will be set to the vCPU triggering the
693  * stop.  If 'set_cur_vcpu' is true, then cur_vcpu will be updated to
694  * the reporting vCPU for vCPU events.
695  */
696 static void
report_stop(bool set_cur_vcpu)697 report_stop(bool set_cur_vcpu)
698 {
699 	struct vcpu_state *vs;
700 
701 	start_packet();
702 	if (stopped_vcpu == -1) {
703 		append_char('S');
704 		append_byte(GDB_SIGNAL_TRAP);
705 	} else {
706 		vs = &vcpu_state[stopped_vcpu];
707 		if (set_cur_vcpu)
708 			cur_vcpu = stopped_vcpu;
709 		append_char('T');
710 		append_byte(GDB_SIGNAL_TRAP);
711 		append_string("thread:");
712 		append_integer(stopped_vcpu + 1);
713 		append_char(';');
714 		if (vs->hit_swbreak) {
715 			debug("$vCPU %d reporting swbreak\n", stopped_vcpu);
716 			if (swbreak_enabled)
717 				append_string("swbreak:;");
718 		} else if (vs->stepped)
719 			debug("$vCPU %d reporting step\n", stopped_vcpu);
720 		else
721 			debug("$vCPU %d reporting ???\n", stopped_vcpu);
722 	}
723 	finish_packet();
724 	report_next_stop = false;
725 }
726 
727 /*
728  * If this stop is due to a vCPU event, clear that event to mark it as
729  * acknowledged.
730  */
731 static void
discard_stop(void)732 discard_stop(void)
733 {
734 	struct vcpu_state *vs;
735 
736 	if (stopped_vcpu != -1) {
737 		vs = &vcpu_state[stopped_vcpu];
738 		vs->hit_swbreak = false;
739 		vs->stepped = false;
740 		stopped_vcpu = -1;
741 	}
742 	report_next_stop = true;
743 }
744 
745 static void
gdb_finish_suspend_vcpus(void)746 gdb_finish_suspend_vcpus(void)
747 {
748 
749 	if (first_stop) {
750 		first_stop = false;
751 		stopped_vcpu = -1;
752 	} else if (report_next_stop) {
753 		assert(!response_pending());
754 		report_stop(true);
755 		send_pending_data(cur_fd);
756 	}
757 }
758 
759 /*
760  * vCPU threads invoke this function whenever the vCPU enters the
761  * debug server to pause or report an event.  vCPU threads wait here
762  * as long as the debug server keeps them suspended.
763  */
764 static void
_gdb_cpu_suspend(struct vcpu * vcpu,bool report_stop)765 _gdb_cpu_suspend(struct vcpu *vcpu, bool report_stop)
766 {
767 	int vcpuid = vcpu_id(vcpu);
768 
769 	debug("$vCPU %d suspending\n", vcpuid);
770 	CPU_SET(vcpuid, &vcpus_waiting);
771 	if (report_stop && CPU_CMP(&vcpus_waiting, &vcpus_suspended) == 0)
772 		gdb_finish_suspend_vcpus();
773 	while (CPU_ISSET(vcpuid, &vcpus_suspended))
774 		pthread_cond_wait(&idle_vcpus, &gdb_lock);
775 	CPU_CLR(vcpuid, &vcpus_waiting);
776 	debug("$vCPU %d resuming\n", vcpuid);
777 }
778 
779 /*
780  * Requests vCPU single-stepping using a
781  * VMEXIT suitable for the host platform.
782  */
783 static int
_gdb_set_step(struct vcpu * vcpu,int val)784 _gdb_set_step(struct vcpu *vcpu, int val)
785 {
786 	int error;
787 
788 	/*
789 	 * If the MTRAP cap fails, we are running on an AMD host.
790 	 * In that case, we request DB exits caused by RFLAGS.TF.
791 	 */
792 	error = vm_set_capability(vcpu, VM_CAP_MTRAP_EXIT, val);
793 	if (error != 0)
794 		error = vm_set_capability(vcpu, VM_CAP_RFLAGS_TF, val);
795 	if (error == 0)
796 		(void)vm_set_capability(vcpu, VM_CAP_MASK_HWINTR, val);
797 
798 	return (error);
799 }
800 
801 /*
802  * Checks whether single-stepping is enabled for a given vCPU.
803  */
804 static int
_gdb_check_step(struct vcpu * vcpu)805 _gdb_check_step(struct vcpu *vcpu)
806 {
807 	int val;
808 
809 	if (vm_get_capability(vcpu, VM_CAP_MTRAP_EXIT, &val) != 0) {
810 		if (vm_get_capability(vcpu, VM_CAP_RFLAGS_TF, &val) != 0)
811 			return -1;
812 	}
813 	return 0;
814 }
815 
816 /*
817  * Invoked at the start of a vCPU thread's execution to inform the
818  * debug server about the new thread.
819  */
820 void
gdb_cpu_add(struct vcpu * vcpu)821 gdb_cpu_add(struct vcpu *vcpu)
822 {
823 	int vcpuid;
824 
825 	if (!gdb_active)
826 		return;
827 	vcpuid = vcpu_id(vcpu);
828 	debug("$vCPU %d starting\n", vcpuid);
829 	pthread_mutex_lock(&gdb_lock);
830 	assert(vcpuid < guest_ncpus);
831 	assert(vcpus[vcpuid] == NULL);
832 	vcpus[vcpuid] = vcpu;
833 	CPU_SET(vcpuid, &vcpus_active);
834 	if (!TAILQ_EMPTY(&breakpoints)) {
835 		vm_set_capability(vcpu, VM_CAP_BPT_EXIT, 1);
836 		debug("$vCPU %d enabled breakpoint exits\n", vcpuid);
837 	}
838 
839 	/*
840 	 * If a vcpu is added while vcpus are stopped, suspend the new
841 	 * vcpu so that it will pop back out with a debug exit before
842 	 * executing the first instruction.
843 	 */
844 	if (!CPU_EMPTY(&vcpus_suspended)) {
845 		CPU_SET(vcpuid, &vcpus_suspended);
846 		_gdb_cpu_suspend(vcpu, false);
847 	}
848 	pthread_mutex_unlock(&gdb_lock);
849 }
850 
851 /*
852  * Invoked by vCPU before resuming execution.  This enables stepping
853  * if the vCPU is marked as stepping.
854  */
855 static void
gdb_cpu_resume(struct vcpu * vcpu)856 gdb_cpu_resume(struct vcpu *vcpu)
857 {
858 	struct vcpu_state *vs;
859 	int error;
860 
861 	vs = &vcpu_state[vcpu_id(vcpu)];
862 
863 	/*
864 	 * Any pending event should already be reported before
865 	 * resuming.
866 	 */
867 	assert(vs->hit_swbreak == false);
868 	assert(vs->stepped == false);
869 	if (vs->stepping) {
870 		error = _gdb_set_step(vcpu, 1);
871 		assert(error == 0);
872 	}
873 }
874 
875 /*
876  * Handler for VM_EXITCODE_DEBUG used to suspend a vCPU when the guest
877  * has been suspended due to an event on different vCPU or in response
878  * to a guest-wide suspend such as Ctrl-C or the stop on attach.
879  */
880 void
gdb_cpu_suspend(struct vcpu * vcpu)881 gdb_cpu_suspend(struct vcpu *vcpu)
882 {
883 
884 	if (!gdb_active)
885 		return;
886 	pthread_mutex_lock(&gdb_lock);
887 	_gdb_cpu_suspend(vcpu, true);
888 	gdb_cpu_resume(vcpu);
889 	pthread_mutex_unlock(&gdb_lock);
890 }
891 
892 static void
gdb_suspend_vcpus(void)893 gdb_suspend_vcpus(void)
894 {
895 
896 	assert(pthread_mutex_isowned_np(&gdb_lock));
897 	debug("suspending all CPUs\n");
898 	vcpus_suspended = vcpus_active;
899 	vm_suspend_all_cpus(ctx);
900 	if (CPU_CMP(&vcpus_waiting, &vcpus_suspended) == 0)
901 		gdb_finish_suspend_vcpus();
902 }
903 
904 /*
905  * Invoked each time a vmexit handler needs to step a vCPU.
906  * Handles MTRAP and RFLAGS.TF vmexits.
907  */
908 static void
gdb_cpu_step(struct vcpu * vcpu)909 gdb_cpu_step(struct vcpu *vcpu)
910 {
911 	struct vcpu_state *vs;
912 	int vcpuid = vcpu_id(vcpu);
913 	int error;
914 
915 	debug("$vCPU %d stepped\n", vcpuid);
916 	pthread_mutex_lock(&gdb_lock);
917 	vs = &vcpu_state[vcpuid];
918 	if (vs->stepping) {
919 		vs->stepping = false;
920 		vs->stepped = true;
921 		error = _gdb_set_step(vcpu, 0);
922 		assert(error == 0);
923 
924 		while (vs->stepped) {
925 			if (stopped_vcpu == -1) {
926 				debug("$vCPU %d reporting step\n", vcpuid);
927 				stopped_vcpu = vcpuid;
928 				gdb_suspend_vcpus();
929 			}
930 			_gdb_cpu_suspend(vcpu, true);
931 		}
932 		gdb_cpu_resume(vcpu);
933 	}
934 	pthread_mutex_unlock(&gdb_lock);
935 }
936 
937 /*
938  * A general handler for VM_EXITCODE_DB.
939  * Handles RFLAGS.TF exits on AMD SVM.
940  */
941 void
gdb_cpu_debug(struct vcpu * vcpu,struct vm_exit * vmexit)942 gdb_cpu_debug(struct vcpu *vcpu, struct vm_exit *vmexit)
943 {
944 	if (!gdb_active)
945 		return;
946 
947 	/* RFLAGS.TF exit? */
948 	if (vmexit->u.dbg.trace_trap) {
949 		gdb_cpu_step(vcpu);
950 	}
951 }
952 
953 /*
954  * Handler for VM_EXITCODE_MTRAP reported when a vCPU single-steps via
955  * the VT-x-specific MTRAP exit.
956  */
957 void
gdb_cpu_mtrap(struct vcpu * vcpu)958 gdb_cpu_mtrap(struct vcpu *vcpu)
959 {
960 	if (!gdb_active)
961 		return;
962 	gdb_cpu_step(vcpu);
963 }
964 
965 static struct breakpoint *
find_breakpoint(uint64_t gpa)966 find_breakpoint(uint64_t gpa)
967 {
968 	struct breakpoint *bp;
969 
970 	TAILQ_FOREACH(bp, &breakpoints, link) {
971 		if (bp->gpa == gpa)
972 			return (bp);
973 	}
974 	return (NULL);
975 }
976 
977 void
gdb_cpu_breakpoint(struct vcpu * vcpu,struct vm_exit * vmexit)978 gdb_cpu_breakpoint(struct vcpu *vcpu, struct vm_exit *vmexit)
979 {
980 	struct breakpoint *bp;
981 	struct vcpu_state *vs;
982 	uint64_t gpa;
983 	int error, vcpuid;
984 
985 	if (!gdb_active) {
986 		EPRINTLN("vm_loop: unexpected VMEXIT_DEBUG");
987 		exit(4);
988 	}
989 	vcpuid = vcpu_id(vcpu);
990 	pthread_mutex_lock(&gdb_lock);
991 	error = guest_vaddr2paddr(vcpu, guest_pc(vmexit), &gpa);
992 	assert(error == 1);
993 	bp = find_breakpoint(gpa);
994 	if (bp != NULL) {
995 		vs = &vcpu_state[vcpuid];
996 		assert(vs->stepping == false);
997 		assert(vs->stepped == false);
998 		assert(vs->hit_swbreak == false);
999 		vs->hit_swbreak = true;
1000 		vm_set_register(vcpu, GDB_PC_REGNAME, guest_pc(vmexit));
1001 		for (;;) {
1002 			if (stopped_vcpu == -1) {
1003 				debug("$vCPU %d reporting breakpoint at rip %#lx\n",
1004 				    vcpuid, guest_pc(vmexit));
1005 				stopped_vcpu = vcpuid;
1006 				gdb_suspend_vcpus();
1007 			}
1008 			_gdb_cpu_suspend(vcpu, true);
1009 			if (!vs->hit_swbreak) {
1010 				/* Breakpoint reported. */
1011 				break;
1012 			}
1013 			bp = find_breakpoint(gpa);
1014 			if (bp == NULL) {
1015 				/* Breakpoint was removed. */
1016 				vs->hit_swbreak = false;
1017 				break;
1018 			}
1019 		}
1020 		gdb_cpu_resume(vcpu);
1021 	} else {
1022 		debug("$vCPU %d injecting breakpoint at rip %#lx\n", vcpuid,
1023 		    guest_pc(vmexit));
1024 		error = vm_set_register(vcpu, VM_REG_GUEST_ENTRY_INST_LENGTH,
1025 		    vmexit->u.bpt.inst_length);
1026 		assert(error == 0);
1027 		error = vm_inject_exception(vcpu, IDT_BP, 0, 0, 0);
1028 		assert(error == 0);
1029 	}
1030 	pthread_mutex_unlock(&gdb_lock);
1031 }
1032 
1033 static bool
gdb_step_vcpu(struct vcpu * vcpu)1034 gdb_step_vcpu(struct vcpu *vcpu)
1035 {
1036 	int error, vcpuid;
1037 
1038 	vcpuid = vcpu_id(vcpu);
1039 	debug("$vCPU %d step\n", vcpuid);
1040 	error = _gdb_check_step(vcpu);
1041 	if (error < 0)
1042 		return (false);
1043 
1044 	discard_stop();
1045 	vcpu_state[vcpuid].stepping = true;
1046 	vm_resume_cpu(vcpu);
1047 	CPU_CLR(vcpuid, &vcpus_suspended);
1048 	pthread_cond_broadcast(&idle_vcpus);
1049 	return (true);
1050 }
1051 
1052 static void
gdb_resume_vcpus(void)1053 gdb_resume_vcpus(void)
1054 {
1055 
1056 	assert(pthread_mutex_isowned_np(&gdb_lock));
1057 	vm_resume_all_cpus(ctx);
1058 	debug("resuming all CPUs\n");
1059 	CPU_ZERO(&vcpus_suspended);
1060 	pthread_cond_broadcast(&idle_vcpus);
1061 }
1062 
1063 static void
gdb_read_regs(void)1064 gdb_read_regs(void)
1065 {
1066 	uint64_t regvals[nitems(gdb_regset)];
1067 	int regnums[nitems(gdb_regset)];
1068 
1069 	for (size_t i = 0; i < nitems(gdb_regset); i++)
1070 		regnums[i] = gdb_regset[i].id;
1071 	if (vm_get_register_set(vcpus[cur_vcpu], nitems(gdb_regset),
1072 	    regnums, regvals) == -1) {
1073 		send_error(errno);
1074 		return;
1075 	}
1076 
1077 	start_packet();
1078 	for (size_t i = 0; i < nitems(gdb_regset); i++) {
1079 		if (gdb_regset[i].id == GDB_REG_FIRST_EXT)
1080 			break;
1081 		append_unsigned_native(regvals[i], gdb_regset[i].size);
1082 	}
1083 	finish_packet();
1084 }
1085 
1086 static void
gdb_read_one_reg(const uint8_t * data,size_t len)1087 gdb_read_one_reg(const uint8_t *data, size_t len)
1088 {
1089 	uint64_t regval;
1090 	uintmax_t reg;
1091 
1092 	reg = parse_integer(data, len);
1093 	if (reg >= nitems(gdb_regset)) {
1094 		send_error(EINVAL);
1095 		return;
1096 	}
1097 
1098 	if (vm_get_register(vcpus[cur_vcpu], gdb_regset[reg].id, &regval) ==
1099 	    -1) {
1100 		send_error(errno);
1101 		return;
1102 	}
1103 
1104 	start_packet();
1105 	append_unsigned_native(regval, gdb_regset[reg].size);
1106 	finish_packet();
1107 }
1108 
1109 static void
gdb_read_mem(const uint8_t * data,size_t len)1110 gdb_read_mem(const uint8_t *data, size_t len)
1111 {
1112 	uint64_t gpa, gva, val;
1113 	uint8_t *cp;
1114 	size_t resid, todo, bytes;
1115 	bool started;
1116 	int error;
1117 
1118 	assert(len >= 1);
1119 
1120 	/* Skip 'm' */
1121 	data += 1;
1122 	len -= 1;
1123 
1124 	/* Parse and consume address. */
1125 	cp = memchr(data, ',', len);
1126 	if (cp == NULL || cp == data) {
1127 		send_error(EINVAL);
1128 		return;
1129 	}
1130 	gva = parse_integer(data, cp - data);
1131 	len -= (cp - data) + 1;
1132 	data += (cp - data) + 1;
1133 
1134 	/* Parse length. */
1135 	resid = parse_integer(data, len);
1136 
1137 	started = false;
1138 	while (resid > 0) {
1139 		error = guest_vaddr2paddr(vcpus[cur_vcpu], gva, &gpa);
1140 		if (error == -1) {
1141 			if (started)
1142 				finish_packet();
1143 			else
1144 				send_error(errno);
1145 			return;
1146 		}
1147 		if (error == 0) {
1148 			if (started)
1149 				finish_packet();
1150 			else
1151 				send_error(EFAULT);
1152 			return;
1153 		}
1154 
1155 		/* Read bytes from current page. */
1156 		todo = getpagesize() - gpa % getpagesize();
1157 		if (todo > resid)
1158 			todo = resid;
1159 
1160 		cp = paddr_guest2host(ctx, gpa, todo);
1161 		if (cp != NULL) {
1162 			/*
1163 			 * If this page is guest RAM, read it a byte
1164 			 * at a time.
1165 			 */
1166 			if (!started) {
1167 				start_packet();
1168 				started = true;
1169 			}
1170 			while (todo > 0) {
1171 				append_byte(*cp);
1172 				cp++;
1173 				gpa++;
1174 				gva++;
1175 				resid--;
1176 				todo--;
1177 			}
1178 		} else {
1179 			/*
1180 			 * If this page isn't guest RAM, try to handle
1181 			 * it via MMIO.  For MMIO requests, use
1182 			 * aligned reads of words when possible.
1183 			 */
1184 			while (todo > 0) {
1185 				if (gpa & 1 || todo == 1)
1186 					bytes = 1;
1187 				else if (gpa & 2 || todo == 2)
1188 					bytes = 2;
1189 				else
1190 					bytes = 4;
1191 				error = read_mem(vcpus[cur_vcpu], gpa, &val,
1192 				    bytes);
1193 				if (error == 0) {
1194 					if (!started) {
1195 						start_packet();
1196 						started = true;
1197 					}
1198 					gpa += bytes;
1199 					gva += bytes;
1200 					resid -= bytes;
1201 					todo -= bytes;
1202 					while (bytes > 0) {
1203 						append_byte(val);
1204 						val >>= 8;
1205 						bytes--;
1206 					}
1207 				} else {
1208 					if (started)
1209 						finish_packet();
1210 					else
1211 						send_error(EFAULT);
1212 					return;
1213 				}
1214 			}
1215 		}
1216 		assert(resid == 0 || gpa % getpagesize() == 0);
1217 	}
1218 	if (!started)
1219 		start_packet();
1220 	finish_packet();
1221 }
1222 
1223 static void
gdb_write_mem(const uint8_t * data,size_t len)1224 gdb_write_mem(const uint8_t *data, size_t len)
1225 {
1226 	uint64_t gpa, gva, val;
1227 	uint8_t *cp;
1228 	size_t resid, todo, bytes;
1229 	int error;
1230 
1231 	assert(len >= 1);
1232 
1233 	/* Skip 'M' */
1234 	data += 1;
1235 	len -= 1;
1236 
1237 	/* Parse and consume address. */
1238 	cp = memchr(data, ',', len);
1239 	if (cp == NULL || cp == data) {
1240 		send_error(EINVAL);
1241 		return;
1242 	}
1243 	gva = parse_integer(data, cp - data);
1244 	len -= (cp - data) + 1;
1245 	data += (cp - data) + 1;
1246 
1247 	/* Parse and consume length. */
1248 	cp = memchr(data, ':', len);
1249 	if (cp == NULL || cp == data) {
1250 		send_error(EINVAL);
1251 		return;
1252 	}
1253 	resid = parse_integer(data, cp - data);
1254 	len -= (cp - data) + 1;
1255 	data += (cp - data) + 1;
1256 
1257 	/* Verify the available bytes match the length. */
1258 	if (len != resid * 2) {
1259 		send_error(EINVAL);
1260 		return;
1261 	}
1262 
1263 	while (resid > 0) {
1264 		error = guest_vaddr2paddr(vcpus[cur_vcpu], gva, &gpa);
1265 		if (error == -1) {
1266 			send_error(errno);
1267 			return;
1268 		}
1269 		if (error == 0) {
1270 			send_error(EFAULT);
1271 			return;
1272 		}
1273 
1274 		/* Write bytes to current page. */
1275 		todo = getpagesize() - gpa % getpagesize();
1276 		if (todo > resid)
1277 			todo = resid;
1278 
1279 		cp = paddr_guest2host(ctx, gpa, todo);
1280 		if (cp != NULL) {
1281 			/*
1282 			 * If this page is guest RAM, write it a byte
1283 			 * at a time.
1284 			 */
1285 			while (todo > 0) {
1286 				assert(len >= 2);
1287 				*cp = parse_byte(data);
1288 				data += 2;
1289 				len -= 2;
1290 				cp++;
1291 				gpa++;
1292 				gva++;
1293 				resid--;
1294 				todo--;
1295 			}
1296 		} else {
1297 			/*
1298 			 * If this page isn't guest RAM, try to handle
1299 			 * it via MMIO.  For MMIO requests, use
1300 			 * aligned writes of words when possible.
1301 			 */
1302 			while (todo > 0) {
1303 				if (gpa & 1 || todo == 1) {
1304 					bytes = 1;
1305 					val = parse_byte(data);
1306 				} else if (gpa & 2 || todo == 2) {
1307 					bytes = 2;
1308 					val = be16toh(parse_integer(data, 4));
1309 				} else {
1310 					bytes = 4;
1311 					val = be32toh(parse_integer(data, 8));
1312 				}
1313 				error = write_mem(vcpus[cur_vcpu], gpa, val,
1314 				    bytes);
1315 				if (error == 0) {
1316 					gpa += bytes;
1317 					gva += bytes;
1318 					resid -= bytes;
1319 					todo -= bytes;
1320 					data += 2 * bytes;
1321 					len -= 2 * bytes;
1322 				} else {
1323 					send_error(EFAULT);
1324 					return;
1325 				}
1326 			}
1327 		}
1328 		assert(resid == 0 || gpa % getpagesize() == 0);
1329 	}
1330 	assert(len == 0);
1331 	send_ok();
1332 }
1333 
1334 static bool
set_breakpoint_caps(bool enable)1335 set_breakpoint_caps(bool enable)
1336 {
1337 	cpuset_t mask;
1338 	int vcpu;
1339 
1340 	mask = vcpus_active;
1341 	while (!CPU_EMPTY(&mask)) {
1342 		vcpu = CPU_FFS(&mask) - 1;
1343 		CPU_CLR(vcpu, &mask);
1344 		if (vm_set_capability(vcpus[vcpu], VM_CAP_BPT_EXIT,
1345 		    enable ? 1 : 0) < 0)
1346 			return (false);
1347 		debug("$vCPU %d %sabled breakpoint exits\n", vcpu,
1348 		    enable ? "en" : "dis");
1349 	}
1350 	return (true);
1351 }
1352 
1353 static void
remove_all_sw_breakpoints(void)1354 remove_all_sw_breakpoints(void)
1355 {
1356 	struct breakpoint *bp, *nbp;
1357 	uint8_t *cp;
1358 
1359 	if (TAILQ_EMPTY(&breakpoints))
1360 		return;
1361 
1362 	TAILQ_FOREACH_SAFE(bp, &breakpoints, link, nbp) {
1363 		debug("remove breakpoint at %#lx\n", bp->gpa);
1364 		cp = paddr_guest2host(ctx, bp->gpa, sizeof(bp->shadow_inst));
1365 		memcpy(cp, bp->shadow_inst, sizeof(bp->shadow_inst));
1366 		TAILQ_REMOVE(&breakpoints, bp, link);
1367 		free(bp);
1368 	}
1369 	TAILQ_INIT(&breakpoints);
1370 	set_breakpoint_caps(false);
1371 }
1372 
1373 static void
update_sw_breakpoint(uint64_t gva,int kind,bool insert)1374 update_sw_breakpoint(uint64_t gva, int kind, bool insert)
1375 {
1376 	struct breakpoint *bp;
1377 	uint64_t gpa;
1378 	uint8_t *cp;
1379 	int error;
1380 
1381 	if (kind != GDB_BP_SIZE) {
1382 		send_error(EINVAL);
1383 		return;
1384 	}
1385 
1386 	error = guest_vaddr2paddr(vcpus[cur_vcpu], gva, &gpa);
1387 	if (error == -1) {
1388 		send_error(errno);
1389 		return;
1390 	}
1391 	if (error == 0) {
1392 		send_error(EFAULT);
1393 		return;
1394 	}
1395 
1396 	cp = paddr_guest2host(ctx, gpa, sizeof(bp->shadow_inst));
1397 
1398 	/* Only permit breakpoints in guest RAM. */
1399 	if (cp == NULL) {
1400 		send_error(EFAULT);
1401 		return;
1402 	}
1403 
1404 	/* Find any existing breakpoint. */
1405 	bp = find_breakpoint(gpa);
1406 
1407 	/*
1408 	 * Silently ignore duplicate commands since the protocol
1409 	 * requires these packets to be idempotent.
1410 	 */
1411 	if (insert) {
1412 		if (bp == NULL) {
1413 			if (TAILQ_EMPTY(&breakpoints) &&
1414 			    !set_breakpoint_caps(true)) {
1415 				send_empty_response();
1416 				return;
1417 			}
1418 			bp = malloc(sizeof(*bp));
1419 			bp->gpa = gpa;
1420 			memcpy(bp->shadow_inst, cp, sizeof(bp->shadow_inst));
1421 			memcpy(cp, GDB_BP_INSTR, sizeof(bp->shadow_inst));
1422 			TAILQ_INSERT_TAIL(&breakpoints, bp, link);
1423 			debug("new breakpoint at %#lx\n", gpa);
1424 		}
1425 	} else {
1426 		if (bp != NULL) {
1427 			debug("remove breakpoint at %#lx\n", gpa);
1428 			memcpy(cp, bp->shadow_inst, sizeof(bp->shadow_inst));
1429 			TAILQ_REMOVE(&breakpoints, bp, link);
1430 			free(bp);
1431 			if (TAILQ_EMPTY(&breakpoints))
1432 				set_breakpoint_caps(false);
1433 		}
1434 	}
1435 	send_ok();
1436 }
1437 
1438 static void
parse_breakpoint(const uint8_t * data,size_t len)1439 parse_breakpoint(const uint8_t *data, size_t len)
1440 {
1441 	uint64_t gva;
1442 	uint8_t *cp;
1443 	bool insert;
1444 	int kind, type;
1445 
1446 	insert = data[0] == 'Z';
1447 
1448 	/* Skip 'Z/z' */
1449 	data += 1;
1450 	len -= 1;
1451 
1452 	/* Parse and consume type. */
1453 	cp = memchr(data, ',', len);
1454 	if (cp == NULL || cp == data) {
1455 		send_error(EINVAL);
1456 		return;
1457 	}
1458 	type = parse_integer(data, cp - data);
1459 	len -= (cp - data) + 1;
1460 	data += (cp - data) + 1;
1461 
1462 	/* Parse and consume address. */
1463 	cp = memchr(data, ',', len);
1464 	if (cp == NULL || cp == data) {
1465 		send_error(EINVAL);
1466 		return;
1467 	}
1468 	gva = parse_integer(data, cp - data);
1469 	len -= (cp - data) + 1;
1470 	data += (cp - data) + 1;
1471 
1472 	/* Parse and consume kind. */
1473 	cp = memchr(data, ';', len);
1474 	if (cp == data) {
1475 		send_error(EINVAL);
1476 		return;
1477 	}
1478 	if (cp != NULL) {
1479 		/*
1480 		 * We do not advertise support for either the
1481 		 * ConditionalBreakpoints or BreakpointCommands
1482 		 * features, so we should not be getting conditions or
1483 		 * commands from the remote end.
1484 		 */
1485 		send_empty_response();
1486 		return;
1487 	}
1488 	kind = parse_integer(data, len);
1489 	data += len;
1490 	len = 0;
1491 
1492 	switch (type) {
1493 	case 0:
1494 		update_sw_breakpoint(gva, kind, insert);
1495 		break;
1496 	default:
1497 		send_empty_response();
1498 		break;
1499 	}
1500 }
1501 
1502 static bool
command_equals(const uint8_t * data,size_t len,const char * cmd)1503 command_equals(const uint8_t *data, size_t len, const char *cmd)
1504 {
1505 
1506 	if (strlen(cmd) > len)
1507 		return (false);
1508 	return (memcmp(data, cmd, strlen(cmd)) == 0);
1509 }
1510 
1511 static void
check_features(const uint8_t * data,size_t len)1512 check_features(const uint8_t *data, size_t len)
1513 {
1514 	char *feature, *next_feature, *str, *value;
1515 	bool supported;
1516 
1517 	str = malloc(len + 1);
1518 	memcpy(str, data, len);
1519 	str[len] = '\0';
1520 	next_feature = str;
1521 
1522 	while ((feature = strsep(&next_feature, ";")) != NULL) {
1523 		/*
1524 		 * Null features shouldn't exist, but skip if they
1525 		 * do.
1526 		 */
1527 		if (strcmp(feature, "") == 0)
1528 			continue;
1529 
1530 		/*
1531 		 * Look for the value or supported / not supported
1532 		 * flag.
1533 		 */
1534 		value = strchr(feature, '=');
1535 		if (value != NULL) {
1536 			*value = '\0';
1537 			value++;
1538 			supported = true;
1539 		} else {
1540 			value = feature + strlen(feature) - 1;
1541 			switch (*value) {
1542 			case '+':
1543 				supported = true;
1544 				break;
1545 			case '-':
1546 				supported = false;
1547 				break;
1548 			default:
1549 				/*
1550 				 * This is really a protocol error,
1551 				 * but we just ignore malformed
1552 				 * features for ease of
1553 				 * implementation.
1554 				 */
1555 				continue;
1556 			}
1557 			value = NULL;
1558 		}
1559 
1560 		if (strcmp(feature, "swbreak") == 0)
1561 			swbreak_enabled = supported;
1562 	}
1563 	free(str);
1564 
1565 	start_packet();
1566 
1567 	/* This is an arbitrary limit. */
1568 	append_string("PacketSize=4096");
1569 	append_string(";swbreak+");
1570 	append_string(";qXfer:features:read+");
1571 	finish_packet();
1572 }
1573 
1574 static void
gdb_query(const uint8_t * data,size_t len)1575 gdb_query(const uint8_t *data, size_t len)
1576 {
1577 
1578 	/*
1579 	 * TODO:
1580 	 * - qSearch
1581 	 */
1582 	if (command_equals(data, len, "qAttached")) {
1583 		start_packet();
1584 		append_char('1');
1585 		finish_packet();
1586 	} else if (command_equals(data, len, "qC")) {
1587 		start_packet();
1588 		append_string("QC");
1589 		append_integer(cur_vcpu + 1);
1590 		finish_packet();
1591 	} else if (command_equals(data, len, "qfThreadInfo")) {
1592 		cpuset_t mask;
1593 		bool first;
1594 		int vcpu;
1595 
1596 		if (CPU_EMPTY(&vcpus_active)) {
1597 			send_error(EINVAL);
1598 			return;
1599 		}
1600 		mask = vcpus_active;
1601 		start_packet();
1602 		append_char('m');
1603 		first = true;
1604 		while (!CPU_EMPTY(&mask)) {
1605 			vcpu = CPU_FFS(&mask) - 1;
1606 			CPU_CLR(vcpu, &mask);
1607 			if (first)
1608 				first = false;
1609 			else
1610 				append_char(',');
1611 			append_integer(vcpu + 1);
1612 		}
1613 		finish_packet();
1614 	} else if (command_equals(data, len, "qsThreadInfo")) {
1615 		start_packet();
1616 		append_char('l');
1617 		finish_packet();
1618 	} else if (command_equals(data, len, "qSupported")) {
1619 		data += strlen("qSupported");
1620 		len -= strlen("qSupported");
1621 		check_features(data, len);
1622 	} else if (command_equals(data, len, "qThreadExtraInfo")) {
1623 		char buf[16];
1624 		int tid;
1625 
1626 		data += strlen("qThreadExtraInfo");
1627 		len -= strlen("qThreadExtraInfo");
1628 		if (len == 0 || *data != ',') {
1629 			send_error(EINVAL);
1630 			return;
1631 		}
1632 		tid = parse_threadid(data + 1, len - 1);
1633 		if (tid <= 0 || !CPU_ISSET(tid - 1, &vcpus_active)) {
1634 			send_error(EINVAL);
1635 			return;
1636 		}
1637 
1638 		snprintf(buf, sizeof(buf), "vCPU %d", tid - 1);
1639 		start_packet();
1640 		append_asciihex(buf);
1641 		finish_packet();
1642 	} else if (command_equals(data, len, "qXfer:features:read:")) {
1643 		struct stat sb;
1644 		const char *xml;
1645 		const uint8_t *pathend;
1646 		char buf[64], path[PATH_MAX];
1647 		size_t xmllen;
1648 		unsigned int doff, dlen;
1649 		int fd;
1650 
1651 		data += strlen("qXfer:features:read:");
1652 		len -= strlen("qXfer:features:read:");
1653 
1654 		pathend = memchr(data, ':', len);
1655 		if (pathend == NULL ||
1656 		    (size_t)(pathend - data) >= sizeof(path) - 1) {
1657 			send_error(EINVAL);
1658 			return;
1659 		}
1660 		memcpy(path, data, pathend - data);
1661 		path[pathend - data] = '\0';
1662 		data += (pathend - data) + 1;
1663 		len -= (pathend - data) + 1;
1664 
1665 		if (len > sizeof(buf) - 1) {
1666 			send_error(EINVAL);
1667 			return;
1668 		}
1669 		memcpy(buf, data, len);
1670 		buf[len] = '\0';
1671 		if (sscanf(buf, "%x,%x", &doff, &dlen) != 2) {
1672 			send_error(EINVAL);
1673 			return;
1674 		}
1675 
1676 		fd = openat(xml_dfd, path, O_RDONLY | O_RESOLVE_BENEATH);
1677 		if (fd < 0) {
1678 			send_error(errno);
1679 			return;
1680 		}
1681 		if (fstat(fd, &sb) < 0) {
1682 			send_error(errno);
1683 			close(fd);
1684 			return;
1685 		}
1686 		xml = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);
1687 		if (xml == MAP_FAILED) {
1688 			send_error(errno);
1689 			close(fd);
1690 			return;
1691 		}
1692 		close(fd);
1693 		xmllen = sb.st_size;
1694 
1695 		start_packet();
1696 		if (doff >= xmllen) {
1697 			append_char('l');
1698 		} else if (doff + dlen >= xmllen) {
1699 			append_char('l');
1700 			append_binary_data(xml + doff, xmllen - doff);
1701 		} else {
1702 			append_char('m');
1703 			append_binary_data(xml + doff, dlen);
1704 		}
1705 		finish_packet();
1706 		(void)munmap(__DECONST(void *, xml), xmllen);
1707 	} else
1708 		send_empty_response();
1709 }
1710 
1711 static void
handle_command(const uint8_t * data,size_t len)1712 handle_command(const uint8_t *data, size_t len)
1713 {
1714 
1715 	/* Reject packets with a sequence-id. */
1716 	if (len >= 3 && data[0] >= '0' && data[0] <= '9' &&
1717 	    data[0] >= '0' && data[0] <= '9' && data[2] == ':') {
1718 		send_empty_response();
1719 		return;
1720 	}
1721 
1722 	switch (*data) {
1723 	case 'c':
1724 		if (len != 1) {
1725 			send_error(EINVAL);
1726 			break;
1727 		}
1728 
1729 		discard_stop();
1730 		gdb_resume_vcpus();
1731 		break;
1732 	case 'D':
1733 		send_ok();
1734 
1735 		/* TODO: Resume any stopped CPUs. */
1736 		break;
1737 	case 'g':
1738 		gdb_read_regs();
1739 		break;
1740 	case 'p':
1741 		gdb_read_one_reg(data + 1, len - 1);
1742 		break;
1743 	case 'H': {
1744 		int tid;
1745 
1746 		if (len < 2 || (data[1] != 'g' && data[1] != 'c')) {
1747 			send_error(EINVAL);
1748 			break;
1749 		}
1750 		tid = parse_threadid(data + 2, len - 2);
1751 		if (tid == -2) {
1752 			send_error(EINVAL);
1753 			break;
1754 		}
1755 
1756 		if (CPU_EMPTY(&vcpus_active)) {
1757 			send_error(EINVAL);
1758 			break;
1759 		}
1760 		if (tid == -1 || tid == 0)
1761 			cur_vcpu = CPU_FFS(&vcpus_active) - 1;
1762 		else if (CPU_ISSET(tid - 1, &vcpus_active))
1763 			cur_vcpu = tid - 1;
1764 		else {
1765 			send_error(EINVAL);
1766 			break;
1767 		}
1768 		send_ok();
1769 		break;
1770 	}
1771 	case 'm':
1772 		gdb_read_mem(data, len);
1773 		break;
1774 	case 'M':
1775 		gdb_write_mem(data, len);
1776 		break;
1777 	case 'T': {
1778 		int tid;
1779 
1780 		tid = parse_threadid(data + 1, len - 1);
1781 		if (tid <= 0 || !CPU_ISSET(tid - 1, &vcpus_active)) {
1782 			send_error(EINVAL);
1783 			return;
1784 		}
1785 		send_ok();
1786 		break;
1787 	}
1788 	case 'q':
1789 		gdb_query(data, len);
1790 		break;
1791 	case 's':
1792 		if (len != 1) {
1793 			send_error(EINVAL);
1794 			break;
1795 		}
1796 
1797 		/* Don't send a reply until a stop occurs. */
1798 		if (!gdb_step_vcpu(vcpus[cur_vcpu])) {
1799 			send_error(EOPNOTSUPP);
1800 			break;
1801 		}
1802 		break;
1803 	case 'z':
1804 	case 'Z':
1805 		parse_breakpoint(data, len);
1806 		break;
1807 	case '?':
1808 		report_stop(false);
1809 		break;
1810 	case 'G': /* TODO */
1811 	case 'v':
1812 		/* Handle 'vCont' */
1813 		/* 'vCtrlC' */
1814 	case 'P': /* TODO */
1815 	case 'Q': /* TODO */
1816 	case 't': /* TODO */
1817 	case 'X': /* TODO */
1818 	default:
1819 		send_empty_response();
1820 	}
1821 }
1822 
1823 /* Check for a valid packet in the command buffer. */
1824 static void
check_command(int fd)1825 check_command(int fd)
1826 {
1827 	uint8_t *head, *hash, *p, sum;
1828 	size_t avail, plen;
1829 
1830 	for (;;) {
1831 		avail = cur_comm.len;
1832 		if (avail == 0)
1833 			return;
1834 		head = io_buffer_head(&cur_comm);
1835 		switch (*head) {
1836 		case 0x03:
1837 			debug("<- Ctrl-C\n");
1838 			io_buffer_consume(&cur_comm, 1);
1839 
1840 			gdb_suspend_vcpus();
1841 			break;
1842 		case '+':
1843 			/* ACK of previous response. */
1844 			debug("<- +\n");
1845 			if (response_pending())
1846 				io_buffer_reset(&cur_resp);
1847 			io_buffer_consume(&cur_comm, 1);
1848 			if (stopped_vcpu != -1 && report_next_stop) {
1849 				report_stop(true);
1850 				send_pending_data(fd);
1851 			}
1852 			break;
1853 		case '-':
1854 			/* NACK of previous response. */
1855 			debug("<- -\n");
1856 			if (response_pending()) {
1857 				cur_resp.len += cur_resp.start;
1858 				cur_resp.start = 0;
1859 				if (cur_resp.data[0] == '+')
1860 					io_buffer_advance(&cur_resp, 1);
1861 				debug("-> %.*s\n", (int)cur_resp.len,
1862 				    io_buffer_head(&cur_resp));
1863 			}
1864 			io_buffer_consume(&cur_comm, 1);
1865 			send_pending_data(fd);
1866 			break;
1867 		case '$':
1868 			/* Packet. */
1869 
1870 			if (response_pending()) {
1871 				warnx("New GDB command while response in "
1872 				    "progress");
1873 				io_buffer_reset(&cur_resp);
1874 			}
1875 
1876 			/* Is packet complete? */
1877 			hash = memchr(head, '#', avail);
1878 			if (hash == NULL)
1879 				return;
1880 			plen = (hash - head + 1) + 2;
1881 			if (avail < plen)
1882 				return;
1883 			debug("<- %.*s\n", (int)plen, head);
1884 
1885 			/* Verify checksum. */
1886 			for (sum = 0, p = head + 1; p < hash; p++)
1887 				sum += *p;
1888 			if (sum != parse_byte(hash + 1)) {
1889 				io_buffer_consume(&cur_comm, plen);
1890 				debug("-> -\n");
1891 				send_char('-');
1892 				send_pending_data(fd);
1893 				break;
1894 			}
1895 			send_char('+');
1896 
1897 			handle_command(head + 1, hash - (head + 1));
1898 			io_buffer_consume(&cur_comm, plen);
1899 			if (!response_pending())
1900 				debug("-> +\n");
1901 			send_pending_data(fd);
1902 			break;
1903 		default:
1904 			/* XXX: Possibly drop connection instead. */
1905 			debug("-> %02x\n", *head);
1906 			io_buffer_consume(&cur_comm, 1);
1907 			break;
1908 		}
1909 	}
1910 }
1911 
1912 static void
gdb_readable(int fd,enum ev_type event __unused,void * arg __unused)1913 gdb_readable(int fd, enum ev_type event __unused, void *arg __unused)
1914 {
1915 	size_t pending;
1916 	ssize_t nread;
1917 	int n;
1918 
1919 	if (ioctl(fd, FIONREAD, &n) == -1) {
1920 		warn("FIONREAD on GDB socket");
1921 		return;
1922 	}
1923 	assert(n >= 0);
1924 	pending = n;
1925 
1926 	/*
1927 	 * 'pending' might be zero due to EOF.  We need to call read
1928 	 * with a non-zero length to detect EOF.
1929 	 */
1930 	if (pending == 0)
1931 		pending = 1;
1932 
1933 	/* Ensure there is room in the command buffer. */
1934 	io_buffer_grow(&cur_comm, pending);
1935 	assert(io_buffer_avail(&cur_comm) >= pending);
1936 
1937 	nread = read(fd, io_buffer_tail(&cur_comm), io_buffer_avail(&cur_comm));
1938 	if (nread == 0) {
1939 		close_connection();
1940 	} else if (nread == -1) {
1941 		if (errno == EAGAIN)
1942 			return;
1943 
1944 		warn("Read from GDB socket");
1945 		close_connection();
1946 	} else {
1947 		cur_comm.len += nread;
1948 		pthread_mutex_lock(&gdb_lock);
1949 		check_command(fd);
1950 		pthread_mutex_unlock(&gdb_lock);
1951 	}
1952 }
1953 
1954 static void
gdb_writable(int fd,enum ev_type event __unused,void * arg __unused)1955 gdb_writable(int fd, enum ev_type event __unused, void *arg __unused)
1956 {
1957 
1958 	send_pending_data(fd);
1959 }
1960 
1961 static void
new_connection(int fd,enum ev_type event __unused,void * arg)1962 new_connection(int fd, enum ev_type event __unused, void *arg)
1963 {
1964 	int optval, s;
1965 
1966 	s = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
1967 	if (s == -1) {
1968 		if (arg != NULL)
1969 			err(1, "Failed accepting initial GDB connection");
1970 
1971 		/* Silently ignore errors post-startup. */
1972 		return;
1973 	}
1974 
1975 	optval = 1;
1976 	if (setsockopt(s, SOL_SOCKET, SO_NOSIGPIPE, &optval, sizeof(optval)) ==
1977 	    -1) {
1978 		warn("Failed to disable SIGPIPE for GDB connection");
1979 		close(s);
1980 		return;
1981 	}
1982 
1983 	pthread_mutex_lock(&gdb_lock);
1984 	if (cur_fd != -1) {
1985 		close(s);
1986 		warnx("Ignoring additional GDB connection.");
1987 	}
1988 
1989 	read_event = mevent_add(s, EVF_READ, gdb_readable, NULL);
1990 	if (read_event == NULL) {
1991 		if (arg != NULL)
1992 			err(1, "Failed to setup initial GDB connection");
1993 		pthread_mutex_unlock(&gdb_lock);
1994 		return;
1995 	}
1996 	write_event = mevent_add(s, EVF_WRITE, gdb_writable, NULL);
1997 	if (write_event == NULL) {
1998 		if (arg != NULL)
1999 			err(1, "Failed to setup initial GDB connection");
2000 		mevent_delete_close(read_event);
2001 		read_event = NULL;
2002 	}
2003 
2004 	cur_fd = s;
2005 	cur_vcpu = 0;
2006 	stopped_vcpu = -1;
2007 
2008 	/* Break on attach. */
2009 	first_stop = true;
2010 	report_next_stop = false;
2011 	gdb_suspend_vcpus();
2012 	pthread_mutex_unlock(&gdb_lock);
2013 }
2014 
2015 #ifndef WITHOUT_CAPSICUM
2016 static void
limit_gdb_socket(int s)2017 limit_gdb_socket(int s)
2018 {
2019 	cap_rights_t rights;
2020 	unsigned long ioctls[] = { FIONREAD };
2021 
2022 	cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE,
2023 	    CAP_SETSOCKOPT, CAP_IOCTL);
2024 	if (caph_rights_limit(s, &rights) == -1)
2025 		errx(EX_OSERR, "Unable to apply rights for sandbox");
2026 	if (caph_ioctls_limit(s, ioctls, nitems(ioctls)) == -1)
2027 		errx(EX_OSERR, "Unable to apply rights for sandbox");
2028 }
2029 #endif
2030 
2031 void
init_gdb(struct vmctx * _ctx)2032 init_gdb(struct vmctx *_ctx)
2033 {
2034 #ifndef WITHOUT_CAPSICUM
2035 	cap_rights_t rights;
2036 #endif
2037 	int error, flags, optval, s;
2038 	struct addrinfo hints;
2039 	struct addrinfo *gdbaddr;
2040 	const char *saddr, *value;
2041 	char *sport;
2042 	bool wait;
2043 
2044 	value = get_config_value("gdb.port");
2045 	if (value == NULL)
2046 		return;
2047 	sport = strdup(value);
2048 	if (sport == NULL)
2049 		errx(4, "Failed to allocate memory");
2050 
2051 	wait = get_config_bool_default("gdb.wait", false);
2052 
2053 	saddr = get_config_value("gdb.address");
2054 	if (saddr == NULL) {
2055 		saddr = "localhost";
2056 	}
2057 
2058 	debug("==> starting on %s:%s, %swaiting\n",
2059 	    saddr, sport, wait ? "" : "not ");
2060 
2061 	error = pthread_mutex_init(&gdb_lock, NULL);
2062 	if (error != 0)
2063 		errc(1, error, "gdb mutex init");
2064 	error = pthread_cond_init(&idle_vcpus, NULL);
2065 	if (error != 0)
2066 		errc(1, error, "gdb cv init");
2067 
2068 	memset(&hints, 0, sizeof(hints));
2069 	hints.ai_family = AF_UNSPEC;
2070 	hints.ai_socktype = SOCK_STREAM;
2071 	hints.ai_flags = AI_NUMERICSERV | AI_PASSIVE;
2072 
2073 	error = getaddrinfo(saddr, sport, &hints, &gdbaddr);
2074 	if (error != 0)
2075 		errx(1, "gdb address resolution: %s", gai_strerror(error));
2076 
2077 	ctx = _ctx;
2078 	s = socket(gdbaddr->ai_family, gdbaddr->ai_socktype, 0);
2079 	if (s < 0)
2080 		err(1, "gdb socket create");
2081 
2082 	optval = 1;
2083 	(void)setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval));
2084 
2085 	if (bind(s, gdbaddr->ai_addr, gdbaddr->ai_addrlen) < 0)
2086 		err(1, "gdb socket bind");
2087 
2088 	if (listen(s, 1) < 0)
2089 		err(1, "gdb socket listen");
2090 
2091 	stopped_vcpu = -1;
2092 	TAILQ_INIT(&breakpoints);
2093 	vcpus = calloc(guest_ncpus, sizeof(*vcpus));
2094 	vcpu_state = calloc(guest_ncpus, sizeof(*vcpu_state));
2095 	if (wait) {
2096 		/*
2097 		 * Set vcpu 0 in vcpus_suspended.  This will trigger the
2098 		 * logic in gdb_cpu_add() to suspend the first vcpu before
2099 		 * it starts execution.  The vcpu will remain suspended
2100 		 * until a debugger connects.
2101 		 */
2102 		CPU_SET(0, &vcpus_suspended);
2103 		stopped_vcpu = 0;
2104 	}
2105 
2106 	flags = fcntl(s, F_GETFL);
2107 	if (fcntl(s, F_SETFL, flags | O_NONBLOCK) == -1)
2108 		err(1, "Failed to mark gdb socket non-blocking");
2109 
2110 #ifndef WITHOUT_CAPSICUM
2111 	limit_gdb_socket(s);
2112 #endif
2113 	mevent_add(s, EVF_READ, new_connection, NULL);
2114 	gdb_active = true;
2115 	freeaddrinfo(gdbaddr);
2116 	free(sport);
2117 
2118 	xml_dfd = open(_PATH_GDB_XML, O_DIRECTORY);
2119 	if (xml_dfd == -1)
2120 		err(1, "Failed to open gdb xml directory");
2121 #ifndef WITHOUT_CAPSICUM
2122 	cap_rights_init(&rights, CAP_FSTAT, CAP_LOOKUP, CAP_MMAP_R, CAP_PREAD);
2123 	if (caph_rights_limit(xml_dfd, &rights) == -1)
2124 		err(1, "cap_rights_init");
2125 #endif
2126 }
2127