1 /*
2 * Kernel Debug Core
3 *
4 * Maintainer: Jason Wessel <jason.wessel@windriver.com>
5 *
6 * Copyright (C) 2000-2001 VERITAS Software Corporation.
7 * Copyright (C) 2002-2004 Timesys Corporation
8 * Copyright (C) 2003-2004 Amit S. Kale <amitkale@linsyssoft.com>
9 * Copyright (C) 2004 Pavel Machek <pavel@ucw.cz>
10 * Copyright (C) 2004-2006 Tom Rini <trini@kernel.crashing.org>
11 * Copyright (C) 2004-2006 LinSysSoft Technologies Pvt. Ltd.
12 * Copyright (C) 2005-2009 Wind River Systems, Inc.
13 * Copyright (C) 2007 MontaVista Software, Inc.
14 * Copyright (C) 2008 Red Hat, Inc., Ingo Molnar <mingo@redhat.com>
15 *
16 * Contributors at various stages not listed above:
17 * Jason Wessel ( jason.wessel@windriver.com )
18 * George Anzinger <george@mvista.com>
19 * Anurekh Saxena (anurekh.saxena@timesys.com)
20 * Lake Stevens Instrument Division (Glenn Engel)
21 * Jim Kingdon, Cygnus Support.
22 *
23 * Original KGDB stub: David Grothe <dave@gcom.com>,
24 * Tigran Aivazian <tigran@sco.com>
25 *
26 * This file is licensed under the terms of the GNU General Public License
27 * version 2. This program is licensed "as is" without any warranty of any
28 * kind, whether express or implied.
29 */
30
31 #define pr_fmt(fmt) "KGDB: " fmt
32
33 #include <linux/pid_namespace.h>
34 #include <linux/clocksource.h>
35 #include <linux/serial_core.h>
36 #include <linux/interrupt.h>
37 #include <linux/spinlock.h>
38 #include <linux/console.h>
39 #include <linux/threads.h>
40 #include <linux/uaccess.h>
41 #include <linux/kernel.h>
42 #include <linux/module.h>
43 #include <linux/ptrace.h>
44 #include <linux/string.h>
45 #include <linux/delay.h>
46 #include <linux/sched.h>
47 #include <linux/sysrq.h>
48 #include <linux/reboot.h>
49 #include <linux/init.h>
50 #include <linux/kgdb.h>
51 #include <linux/kdb.h>
52 #include <linux/nmi.h>
53 #include <linux/pid.h>
54 #include <linux/smp.h>
55 #include <linux/mm.h>
56 #include <linux/vmacache.h>
57 #include <linux/rcupdate.h>
58 #include <linux/irq.h>
59 #include <linux/security.h>
60
61 #include <asm/cacheflush.h>
62 #include <asm/byteorder.h>
63 #include <linux/atomic.h>
64
65 #include "debug_core.h"
66
67 static int kgdb_break_asap;
68
69 struct debuggerinfo_struct kgdb_info[NR_CPUS];
70
71 /**
72 * kgdb_connected - Is a host GDB connected to us?
73 */
74 int kgdb_connected;
75 EXPORT_SYMBOL_GPL(kgdb_connected);
76
77 /* All the KGDB handlers are installed */
78 int kgdb_io_module_registered;
79
80 /* Guard for recursive entry */
81 static int exception_level;
82
83 struct kgdb_io *dbg_io_ops;
84 static DEFINE_SPINLOCK(kgdb_registration_lock);
85
86 /* Action for the reboot notifiter, a global allow kdb to change it */
87 static int kgdbreboot;
88 /* kgdb console driver is loaded */
89 static int kgdb_con_registered;
90 /* determine if kgdb console output should be used */
91 static int kgdb_use_con;
92 /* Flag for alternate operations for early debugging */
93 bool dbg_is_early = true;
94 /* Next cpu to become the master debug core */
95 int dbg_switch_cpu;
96
97 /* Use kdb or gdbserver mode */
98 int dbg_kdb_mode = 1;
99
100 module_param(kgdb_use_con, int, 0644);
101 module_param(kgdbreboot, int, 0644);
102
103 /*
104 * Holds information about breakpoints in a kernel. These breakpoints are
105 * added and removed by gdb.
106 */
107 static struct kgdb_bkpt kgdb_break[KGDB_MAX_BREAKPOINTS] = {
108 [0 ... KGDB_MAX_BREAKPOINTS-1] = { .state = BP_UNDEFINED }
109 };
110
111 /*
112 * The CPU# of the active CPU, or -1 if none:
113 */
114 atomic_t kgdb_active = ATOMIC_INIT(-1);
115 EXPORT_SYMBOL_GPL(kgdb_active);
116 static DEFINE_RAW_SPINLOCK(dbg_master_lock);
117 static DEFINE_RAW_SPINLOCK(dbg_slave_lock);
118
119 /*
120 * We use NR_CPUs not PERCPU, in case kgdb is used to debug early
121 * bootup code (which might not have percpu set up yet):
122 */
123 static atomic_t masters_in_kgdb;
124 static atomic_t slaves_in_kgdb;
125 static atomic_t kgdb_break_tasklet_var;
126 atomic_t kgdb_setting_breakpoint;
127
128 struct task_struct *kgdb_usethread;
129 struct task_struct *kgdb_contthread;
130
131 int kgdb_single_step;
132 static pid_t kgdb_sstep_pid;
133
134 /* to keep track of the CPU which is doing the single stepping*/
135 atomic_t kgdb_cpu_doing_single_step = ATOMIC_INIT(-1);
136
137 /*
138 * If you are debugging a problem where roundup (the collection of
139 * all other CPUs) is a problem [this should be extremely rare],
140 * then use the nokgdbroundup option to avoid roundup. In that case
141 * the other CPUs might interfere with your debugging context, so
142 * use this with care:
143 */
144 static int kgdb_do_roundup = 1;
145
opt_nokgdbroundup(char * str)146 static int __init opt_nokgdbroundup(char *str)
147 {
148 kgdb_do_roundup = 0;
149
150 return 0;
151 }
152
153 early_param("nokgdbroundup", opt_nokgdbroundup);
154
155 /*
156 * Finally, some KGDB code :-)
157 */
158
159 /*
160 * Weak aliases for breakpoint management,
161 * can be overriden by architectures when needed:
162 */
kgdb_arch_set_breakpoint(struct kgdb_bkpt * bpt)163 int __weak kgdb_arch_set_breakpoint(struct kgdb_bkpt *bpt)
164 {
165 int err;
166
167 err = probe_kernel_read(bpt->saved_instr, (char *)bpt->bpt_addr,
168 BREAK_INSTR_SIZE);
169 if (err)
170 return err;
171 err = probe_kernel_write((char *)bpt->bpt_addr,
172 arch_kgdb_ops.gdb_bpt_instr, BREAK_INSTR_SIZE);
173 return err;
174 }
175
kgdb_arch_remove_breakpoint(struct kgdb_bkpt * bpt)176 int __weak kgdb_arch_remove_breakpoint(struct kgdb_bkpt *bpt)
177 {
178 return probe_kernel_write((char *)bpt->bpt_addr,
179 (char *)bpt->saved_instr, BREAK_INSTR_SIZE);
180 }
181
kgdb_validate_break_address(unsigned long addr)182 int __weak kgdb_validate_break_address(unsigned long addr)
183 {
184 struct kgdb_bkpt tmp;
185 int err;
186 /* Validate setting the breakpoint and then removing it. If the
187 * remove fails, the kernel needs to emit a bad message because we
188 * are deep trouble not being able to put things back the way we
189 * found them.
190 */
191 tmp.bpt_addr = addr;
192 err = kgdb_arch_set_breakpoint(&tmp);
193 if (err)
194 return err;
195 err = kgdb_arch_remove_breakpoint(&tmp);
196 if (err)
197 pr_err("Critical breakpoint error, kernel memory destroyed at: %lx\n",
198 addr);
199 return err;
200 }
201
kgdb_arch_pc(int exception,struct pt_regs * regs)202 unsigned long __weak kgdb_arch_pc(int exception, struct pt_regs *regs)
203 {
204 return instruction_pointer(regs);
205 }
206
kgdb_arch_init(void)207 int __weak kgdb_arch_init(void)
208 {
209 return 0;
210 }
211
kgdb_skipexception(int exception,struct pt_regs * regs)212 int __weak kgdb_skipexception(int exception, struct pt_regs *regs)
213 {
214 return 0;
215 }
216
217 #ifdef CONFIG_SMP
218
219 /*
220 * Default (weak) implementation for kgdb_roundup_cpus
221 */
222
223 static DEFINE_PER_CPU(call_single_data_t, kgdb_roundup_csd);
224
kgdb_call_nmi_hook(void * ignored)225 void __weak kgdb_call_nmi_hook(void *ignored)
226 {
227 /*
228 * NOTE: get_irq_regs() is supposed to get the registers from
229 * before the IPI interrupt happened and so is supposed to
230 * show where the processor was. In some situations it's
231 * possible we might be called without an IPI, so it might be
232 * safer to figure out how to make kgdb_breakpoint() work
233 * properly here.
234 */
235 kgdb_nmicallback(raw_smp_processor_id(), get_irq_regs());
236 }
237
kgdb_roundup_cpus(void)238 void __weak kgdb_roundup_cpus(void)
239 {
240 call_single_data_t *csd;
241 int this_cpu = raw_smp_processor_id();
242 int cpu;
243 int ret;
244
245 for_each_online_cpu(cpu) {
246 /* No need to roundup ourselves */
247 if (cpu == this_cpu)
248 continue;
249
250 csd = &per_cpu(kgdb_roundup_csd, cpu);
251
252 /*
253 * If it didn't round up last time, don't try again
254 * since smp_call_function_single_async() will block.
255 *
256 * If rounding_up is false then we know that the
257 * previous call must have at least started and that
258 * means smp_call_function_single_async() won't block.
259 */
260 if (kgdb_info[cpu].rounding_up)
261 continue;
262 kgdb_info[cpu].rounding_up = true;
263
264 csd->func = kgdb_call_nmi_hook;
265 ret = smp_call_function_single_async(cpu, csd);
266 if (ret)
267 kgdb_info[cpu].rounding_up = false;
268 }
269 }
270
271 #endif
272
273 /*
274 * Some architectures need cache flushes when we set/clear a
275 * breakpoint:
276 */
kgdb_flush_swbreak_addr(unsigned long addr)277 static void kgdb_flush_swbreak_addr(unsigned long addr)
278 {
279 if (!CACHE_FLUSH_IS_SAFE)
280 return;
281
282 if (current->mm) {
283 int i;
284
285 for (i = 0; i < VMACACHE_SIZE; i++) {
286 if (!current->vmacache.vmas[i])
287 continue;
288 flush_cache_range(current->vmacache.vmas[i],
289 addr, addr + BREAK_INSTR_SIZE);
290 }
291 }
292
293 /* Force flush instruction cache if it was outside the mm */
294 flush_icache_range(addr, addr + BREAK_INSTR_SIZE);
295 }
296
297 /*
298 * SW breakpoint management:
299 */
dbg_activate_sw_breakpoints(void)300 int dbg_activate_sw_breakpoints(void)
301 {
302 int error;
303 int ret = 0;
304 int i;
305
306 for (i = 0; i < KGDB_MAX_BREAKPOINTS; i++) {
307 if (kgdb_break[i].state != BP_SET)
308 continue;
309
310 error = kgdb_arch_set_breakpoint(&kgdb_break[i]);
311 if (error) {
312 ret = error;
313 pr_info("BP install failed: %lx\n",
314 kgdb_break[i].bpt_addr);
315 continue;
316 }
317
318 kgdb_flush_swbreak_addr(kgdb_break[i].bpt_addr);
319 kgdb_break[i].state = BP_ACTIVE;
320 }
321 return ret;
322 }
323
dbg_set_sw_break(unsigned long addr)324 int dbg_set_sw_break(unsigned long addr)
325 {
326 int err = kgdb_validate_break_address(addr);
327 int breakno = -1;
328 int i;
329
330 if (err)
331 return err;
332
333 for (i = 0; i < KGDB_MAX_BREAKPOINTS; i++) {
334 if ((kgdb_break[i].state == BP_SET) &&
335 (kgdb_break[i].bpt_addr == addr))
336 return -EEXIST;
337 }
338 for (i = 0; i < KGDB_MAX_BREAKPOINTS; i++) {
339 if (kgdb_break[i].state == BP_REMOVED &&
340 kgdb_break[i].bpt_addr == addr) {
341 breakno = i;
342 break;
343 }
344 }
345
346 if (breakno == -1) {
347 for (i = 0; i < KGDB_MAX_BREAKPOINTS; i++) {
348 if (kgdb_break[i].state == BP_UNDEFINED) {
349 breakno = i;
350 break;
351 }
352 }
353 }
354
355 if (breakno == -1)
356 return -E2BIG;
357
358 kgdb_break[breakno].state = BP_SET;
359 kgdb_break[breakno].type = BP_BREAKPOINT;
360 kgdb_break[breakno].bpt_addr = addr;
361
362 return 0;
363 }
364
dbg_deactivate_sw_breakpoints(void)365 int dbg_deactivate_sw_breakpoints(void)
366 {
367 int error;
368 int ret = 0;
369 int i;
370
371 for (i = 0; i < KGDB_MAX_BREAKPOINTS; i++) {
372 if (kgdb_break[i].state != BP_ACTIVE)
373 continue;
374 error = kgdb_arch_remove_breakpoint(&kgdb_break[i]);
375 if (error) {
376 pr_info("BP remove failed: %lx\n",
377 kgdb_break[i].bpt_addr);
378 ret = error;
379 }
380
381 kgdb_flush_swbreak_addr(kgdb_break[i].bpt_addr);
382 kgdb_break[i].state = BP_SET;
383 }
384 return ret;
385 }
386
dbg_remove_sw_break(unsigned long addr)387 int dbg_remove_sw_break(unsigned long addr)
388 {
389 int i;
390
391 for (i = 0; i < KGDB_MAX_BREAKPOINTS; i++) {
392 if ((kgdb_break[i].state == BP_SET) &&
393 (kgdb_break[i].bpt_addr == addr)) {
394 kgdb_break[i].state = BP_REMOVED;
395 return 0;
396 }
397 }
398 return -ENOENT;
399 }
400
kgdb_isremovedbreak(unsigned long addr)401 int kgdb_isremovedbreak(unsigned long addr)
402 {
403 int i;
404
405 for (i = 0; i < KGDB_MAX_BREAKPOINTS; i++) {
406 if ((kgdb_break[i].state == BP_REMOVED) &&
407 (kgdb_break[i].bpt_addr == addr))
408 return 1;
409 }
410 return 0;
411 }
412
dbg_remove_all_break(void)413 int dbg_remove_all_break(void)
414 {
415 int error;
416 int i;
417
418 /* Clear memory breakpoints. */
419 for (i = 0; i < KGDB_MAX_BREAKPOINTS; i++) {
420 if (kgdb_break[i].state != BP_ACTIVE)
421 goto setundefined;
422 error = kgdb_arch_remove_breakpoint(&kgdb_break[i]);
423 if (error)
424 pr_err("breakpoint remove failed: %lx\n",
425 kgdb_break[i].bpt_addr);
426 setundefined:
427 kgdb_break[i].state = BP_UNDEFINED;
428 }
429
430 /* Clear hardware breakpoints. */
431 if (arch_kgdb_ops.remove_all_hw_break)
432 arch_kgdb_ops.remove_all_hw_break();
433
434 return 0;
435 }
436
437 /*
438 * Return true if there is a valid kgdb I/O module. Also if no
439 * debugger is attached a message can be printed to the console about
440 * waiting for the debugger to attach.
441 *
442 * The print_wait argument is only to be true when called from inside
443 * the core kgdb_handle_exception, because it will wait for the
444 * debugger to attach.
445 */
kgdb_io_ready(int print_wait)446 static int kgdb_io_ready(int print_wait)
447 {
448 if (!dbg_io_ops)
449 return 0;
450 if (kgdb_connected)
451 return 1;
452 if (atomic_read(&kgdb_setting_breakpoint))
453 return 1;
454 if (print_wait) {
455 #ifdef CONFIG_KGDB_KDB
456 if (!dbg_kdb_mode)
457 pr_crit("waiting... or $3#33 for KDB\n");
458 #else
459 pr_crit("Waiting for remote debugger\n");
460 #endif
461 }
462 return 1;
463 }
464
kgdb_reenter_check(struct kgdb_state * ks)465 static int kgdb_reenter_check(struct kgdb_state *ks)
466 {
467 unsigned long addr;
468
469 if (atomic_read(&kgdb_active) != raw_smp_processor_id())
470 return 0;
471
472 /* Panic on recursive debugger calls: */
473 exception_level++;
474 addr = kgdb_arch_pc(ks->ex_vector, ks->linux_regs);
475 dbg_deactivate_sw_breakpoints();
476
477 /*
478 * If the break point removed ok at the place exception
479 * occurred, try to recover and print a warning to the end
480 * user because the user planted a breakpoint in a place that
481 * KGDB needs in order to function.
482 */
483 if (dbg_remove_sw_break(addr) == 0) {
484 exception_level = 0;
485 kgdb_skipexception(ks->ex_vector, ks->linux_regs);
486 dbg_activate_sw_breakpoints();
487 pr_crit("re-enter error: breakpoint removed %lx\n", addr);
488 WARN_ON_ONCE(1);
489
490 return 1;
491 }
492 dbg_remove_all_break();
493 kgdb_skipexception(ks->ex_vector, ks->linux_regs);
494
495 if (exception_level > 1) {
496 dump_stack();
497 kgdb_io_module_registered = false;
498 panic("Recursive entry to debugger");
499 }
500
501 pr_crit("re-enter exception: ALL breakpoints killed\n");
502 #ifdef CONFIG_KGDB_KDB
503 /* Allow kdb to debug itself one level */
504 return 0;
505 #endif
506 dump_stack();
507 panic("Recursive entry to debugger");
508
509 return 1;
510 }
511
dbg_touch_watchdogs(void)512 static void dbg_touch_watchdogs(void)
513 {
514 touch_softlockup_watchdog_sync();
515 clocksource_touch_watchdog();
516 rcu_cpu_stall_reset();
517 }
518
kgdb_cpu_enter(struct kgdb_state * ks,struct pt_regs * regs,int exception_state)519 static int kgdb_cpu_enter(struct kgdb_state *ks, struct pt_regs *regs,
520 int exception_state)
521 {
522 unsigned long flags;
523 int sstep_tries = 100;
524 int error;
525 int cpu;
526 int trace_on = 0;
527 int online_cpus = num_online_cpus();
528 u64 time_left;
529
530 kgdb_info[ks->cpu].enter_kgdb++;
531 kgdb_info[ks->cpu].exception_state |= exception_state;
532
533 if (exception_state == DCPU_WANT_MASTER)
534 atomic_inc(&masters_in_kgdb);
535 else
536 atomic_inc(&slaves_in_kgdb);
537
538 if (arch_kgdb_ops.disable_hw_break)
539 arch_kgdb_ops.disable_hw_break(regs);
540
541 acquirelock:
542 rcu_read_lock();
543 /*
544 * Interrupts will be restored by the 'trap return' code, except when
545 * single stepping.
546 */
547 local_irq_save(flags);
548
549 cpu = ks->cpu;
550 kgdb_info[cpu].debuggerinfo = regs;
551 kgdb_info[cpu].task = current;
552 kgdb_info[cpu].ret_state = 0;
553 kgdb_info[cpu].irq_depth = hardirq_count() >> HARDIRQ_SHIFT;
554
555 /* Make sure the above info reaches the primary CPU */
556 smp_mb();
557
558 if (exception_level == 1) {
559 if (raw_spin_trylock(&dbg_master_lock))
560 atomic_xchg(&kgdb_active, cpu);
561 goto cpu_master_loop;
562 }
563
564 /*
565 * CPU will loop if it is a slave or request to become a kgdb
566 * master cpu and acquire the kgdb_active lock:
567 */
568 while (1) {
569 cpu_loop:
570 if (kgdb_info[cpu].exception_state & DCPU_NEXT_MASTER) {
571 kgdb_info[cpu].exception_state &= ~DCPU_NEXT_MASTER;
572 goto cpu_master_loop;
573 } else if (kgdb_info[cpu].exception_state & DCPU_WANT_MASTER) {
574 if (raw_spin_trylock(&dbg_master_lock)) {
575 atomic_xchg(&kgdb_active, cpu);
576 break;
577 }
578 } else if (kgdb_info[cpu].exception_state & DCPU_IS_SLAVE) {
579 if (!raw_spin_is_locked(&dbg_slave_lock))
580 goto return_normal;
581 } else {
582 return_normal:
583 /* Return to normal operation by executing any
584 * hw breakpoint fixup.
585 */
586 if (arch_kgdb_ops.correct_hw_break)
587 arch_kgdb_ops.correct_hw_break();
588 if (trace_on)
589 tracing_on();
590 kgdb_info[cpu].debuggerinfo = NULL;
591 kgdb_info[cpu].task = NULL;
592 kgdb_info[cpu].exception_state &=
593 ~(DCPU_WANT_MASTER | DCPU_IS_SLAVE);
594 kgdb_info[cpu].enter_kgdb--;
595 smp_mb__before_atomic();
596 atomic_dec(&slaves_in_kgdb);
597 dbg_touch_watchdogs();
598 local_irq_restore(flags);
599 rcu_read_unlock();
600 return 0;
601 }
602 cpu_relax();
603 }
604
605 /*
606 * For single stepping, try to only enter on the processor
607 * that was single stepping. To guard against a deadlock, the
608 * kernel will only try for the value of sstep_tries before
609 * giving up and continuing on.
610 */
611 if (atomic_read(&kgdb_cpu_doing_single_step) != -1 &&
612 (kgdb_info[cpu].task &&
613 kgdb_info[cpu].task->pid != kgdb_sstep_pid) && --sstep_tries) {
614 atomic_set(&kgdb_active, -1);
615 raw_spin_unlock(&dbg_master_lock);
616 dbg_touch_watchdogs();
617 local_irq_restore(flags);
618 rcu_read_unlock();
619
620 goto acquirelock;
621 }
622
623 if (!kgdb_io_ready(1)) {
624 kgdb_info[cpu].ret_state = 1;
625 goto kgdb_restore; /* No I/O connection, resume the system */
626 }
627
628 /*
629 * Don't enter if we have hit a removed breakpoint.
630 */
631 if (kgdb_skipexception(ks->ex_vector, ks->linux_regs))
632 goto kgdb_restore;
633
634 atomic_inc(&ignore_console_lock_warning);
635
636 /* Call the I/O driver's pre_exception routine */
637 if (dbg_io_ops->pre_exception)
638 dbg_io_ops->pre_exception();
639
640 /*
641 * Get the passive CPU lock which will hold all the non-primary
642 * CPU in a spin state while the debugger is active
643 */
644 if (!kgdb_single_step)
645 raw_spin_lock(&dbg_slave_lock);
646
647 #ifdef CONFIG_SMP
648 /* If send_ready set, slaves are already waiting */
649 if (ks->send_ready)
650 atomic_set(ks->send_ready, 1);
651
652 /* Signal the other CPUs to enter kgdb_wait() */
653 else if ((!kgdb_single_step) && kgdb_do_roundup)
654 kgdb_roundup_cpus();
655 #endif
656
657 /*
658 * Wait for the other CPUs to be notified and be waiting for us:
659 */
660 time_left = MSEC_PER_SEC;
661 while (kgdb_do_roundup && --time_left &&
662 (atomic_read(&masters_in_kgdb) + atomic_read(&slaves_in_kgdb)) !=
663 online_cpus)
664 udelay(1000);
665 if (!time_left)
666 pr_crit("Timed out waiting for secondary CPUs.\n");
667
668 /*
669 * At this point the primary processor is completely
670 * in the debugger and all secondary CPUs are quiescent
671 */
672 dbg_deactivate_sw_breakpoints();
673 kgdb_single_step = 0;
674 kgdb_contthread = current;
675 exception_level = 0;
676 trace_on = tracing_is_on();
677 if (trace_on)
678 tracing_off();
679
680 while (1) {
681 cpu_master_loop:
682 if (dbg_kdb_mode) {
683 kgdb_connected = 1;
684 error = kdb_stub(ks);
685 if (error == -1)
686 continue;
687 kgdb_connected = 0;
688 } else {
689 /*
690 * This is a brutal way to interfere with the debugger
691 * and prevent gdb being used to poke at kernel memory.
692 * This could cause trouble if lockdown is applied when
693 * there is already an active gdb session. For now the
694 * answer is simply "don't do that". Typically lockdown
695 * *will* be applied before the debug core gets started
696 * so only developers using kgdb for fairly advanced
697 * early kernel debug can be biten by this. Hopefully
698 * they are sophisticated enough to take care of
699 * themselves, especially with help from the lockdown
700 * message printed on the console!
701 */
702 if (security_locked_down(LOCKDOWN_DBG_WRITE_KERNEL)) {
703 if (IS_ENABLED(CONFIG_KGDB_KDB)) {
704 /* Switch back to kdb if possible... */
705 dbg_kdb_mode = 1;
706 continue;
707 } else {
708 /* ... otherwise just bail */
709 break;
710 }
711 }
712 error = gdb_serial_stub(ks);
713 }
714
715 if (error == DBG_PASS_EVENT) {
716 dbg_kdb_mode = !dbg_kdb_mode;
717 } else if (error == DBG_SWITCH_CPU_EVENT) {
718 kgdb_info[dbg_switch_cpu].exception_state |=
719 DCPU_NEXT_MASTER;
720 goto cpu_loop;
721 } else {
722 kgdb_info[cpu].ret_state = error;
723 break;
724 }
725 }
726
727 /* Call the I/O driver's post_exception routine */
728 if (dbg_io_ops->post_exception)
729 dbg_io_ops->post_exception();
730
731 atomic_dec(&ignore_console_lock_warning);
732
733 if (!kgdb_single_step) {
734 raw_spin_unlock(&dbg_slave_lock);
735 /* Wait till all the CPUs have quit from the debugger. */
736 while (kgdb_do_roundup && atomic_read(&slaves_in_kgdb))
737 cpu_relax();
738 }
739
740 kgdb_restore:
741 if (atomic_read(&kgdb_cpu_doing_single_step) != -1) {
742 int sstep_cpu = atomic_read(&kgdb_cpu_doing_single_step);
743 if (kgdb_info[sstep_cpu].task)
744 kgdb_sstep_pid = kgdb_info[sstep_cpu].task->pid;
745 else
746 kgdb_sstep_pid = 0;
747 }
748 if (arch_kgdb_ops.correct_hw_break)
749 arch_kgdb_ops.correct_hw_break();
750 if (trace_on)
751 tracing_on();
752
753 kgdb_info[cpu].debuggerinfo = NULL;
754 kgdb_info[cpu].task = NULL;
755 kgdb_info[cpu].exception_state &=
756 ~(DCPU_WANT_MASTER | DCPU_IS_SLAVE);
757 kgdb_info[cpu].enter_kgdb--;
758 smp_mb__before_atomic();
759 atomic_dec(&masters_in_kgdb);
760 /* Free kgdb_active */
761 atomic_set(&kgdb_active, -1);
762 raw_spin_unlock(&dbg_master_lock);
763 dbg_touch_watchdogs();
764 local_irq_restore(flags);
765 rcu_read_unlock();
766
767 return kgdb_info[cpu].ret_state;
768 }
769
770 /*
771 * kgdb_handle_exception() - main entry point from a kernel exception
772 *
773 * Locking hierarchy:
774 * interface locks, if any (begin_session)
775 * kgdb lock (kgdb_active)
776 */
777 int
kgdb_handle_exception(int evector,int signo,int ecode,struct pt_regs * regs)778 kgdb_handle_exception(int evector, int signo, int ecode, struct pt_regs *regs)
779 {
780 struct kgdb_state kgdb_var;
781 struct kgdb_state *ks = &kgdb_var;
782 int ret = 0;
783
784 if (arch_kgdb_ops.enable_nmi)
785 arch_kgdb_ops.enable_nmi(0);
786 /*
787 * Avoid entering the debugger if we were triggered due to an oops
788 * but panic_timeout indicates the system should automatically
789 * reboot on panic. We don't want to get stuck waiting for input
790 * on such systems, especially if its "just" an oops.
791 */
792 if (signo != SIGTRAP && panic_timeout)
793 return 1;
794
795 memset(ks, 0, sizeof(struct kgdb_state));
796 ks->cpu = raw_smp_processor_id();
797 ks->ex_vector = evector;
798 ks->signo = signo;
799 ks->err_code = ecode;
800 ks->linux_regs = regs;
801
802 if (kgdb_reenter_check(ks))
803 goto out; /* Ouch, double exception ! */
804 if (kgdb_info[ks->cpu].enter_kgdb != 0)
805 goto out;
806
807 ret = kgdb_cpu_enter(ks, regs, DCPU_WANT_MASTER);
808 out:
809 if (arch_kgdb_ops.enable_nmi)
810 arch_kgdb_ops.enable_nmi(1);
811 return ret;
812 }
813
814 /*
815 * GDB places a breakpoint at this function to know dynamically loaded objects.
816 */
module_event(struct notifier_block * self,unsigned long val,void * data)817 static int module_event(struct notifier_block *self, unsigned long val,
818 void *data)
819 {
820 return 0;
821 }
822
823 static struct notifier_block dbg_module_load_nb = {
824 .notifier_call = module_event,
825 };
826
kgdb_nmicallback(int cpu,void * regs)827 int kgdb_nmicallback(int cpu, void *regs)
828 {
829 #ifdef CONFIG_SMP
830 struct kgdb_state kgdb_var;
831 struct kgdb_state *ks = &kgdb_var;
832
833 kgdb_info[cpu].rounding_up = false;
834
835 memset(ks, 0, sizeof(struct kgdb_state));
836 ks->cpu = cpu;
837 ks->linux_regs = regs;
838
839 if (kgdb_info[ks->cpu].enter_kgdb == 0 &&
840 raw_spin_is_locked(&dbg_master_lock)) {
841 kgdb_cpu_enter(ks, regs, DCPU_IS_SLAVE);
842 return 0;
843 }
844 #endif
845 return 1;
846 }
847
kgdb_nmicallin(int cpu,int trapnr,void * regs,int err_code,atomic_t * send_ready)848 int kgdb_nmicallin(int cpu, int trapnr, void *regs, int err_code,
849 atomic_t *send_ready)
850 {
851 #ifdef CONFIG_SMP
852 if (!kgdb_io_ready(0) || !send_ready)
853 return 1;
854
855 if (kgdb_info[cpu].enter_kgdb == 0) {
856 struct kgdb_state kgdb_var;
857 struct kgdb_state *ks = &kgdb_var;
858
859 memset(ks, 0, sizeof(struct kgdb_state));
860 ks->cpu = cpu;
861 ks->ex_vector = trapnr;
862 ks->signo = SIGTRAP;
863 ks->err_code = err_code;
864 ks->linux_regs = regs;
865 ks->send_ready = send_ready;
866 kgdb_cpu_enter(ks, regs, DCPU_WANT_MASTER);
867 return 0;
868 }
869 #endif
870 return 1;
871 }
872
kgdb_console_write(struct console * co,const char * s,unsigned count)873 static void kgdb_console_write(struct console *co, const char *s,
874 unsigned count)
875 {
876 unsigned long flags;
877
878 /* If we're debugging, or KGDB has not connected, don't try
879 * and print. */
880 if (!kgdb_connected || atomic_read(&kgdb_active) != -1 || dbg_kdb_mode)
881 return;
882
883 local_irq_save(flags);
884 gdbstub_msg_write(s, count);
885 local_irq_restore(flags);
886 }
887
888 static struct console kgdbcons = {
889 .name = "kgdb",
890 .write = kgdb_console_write,
891 .flags = CON_PRINTBUFFER | CON_ENABLED,
892 .index = -1,
893 };
894
opt_kgdb_con(char * str)895 static int __init opt_kgdb_con(char *str)
896 {
897 kgdb_use_con = 1;
898
899 if (kgdb_io_module_registered && !kgdb_con_registered) {
900 register_console(&kgdbcons);
901 kgdb_con_registered = 1;
902 }
903
904 return 0;
905 }
906
907 early_param("kgdbcon", opt_kgdb_con);
908
909 #ifdef CONFIG_MAGIC_SYSRQ
sysrq_handle_dbg(int key)910 static void sysrq_handle_dbg(int key)
911 {
912 if (!dbg_io_ops) {
913 pr_crit("ERROR: No KGDB I/O module available\n");
914 return;
915 }
916 if (!kgdb_connected) {
917 #ifdef CONFIG_KGDB_KDB
918 if (!dbg_kdb_mode)
919 pr_crit("KGDB or $3#33 for KDB\n");
920 #else
921 pr_crit("Entering KGDB\n");
922 #endif
923 }
924
925 kgdb_breakpoint();
926 }
927
928 static struct sysrq_key_op sysrq_dbg_op = {
929 .handler = sysrq_handle_dbg,
930 .help_msg = "debug(g)",
931 .action_msg = "DEBUG",
932 };
933 #endif
934
kgdb_panic(const char * msg)935 void kgdb_panic(const char *msg)
936 {
937 if (!kgdb_io_module_registered)
938 return;
939
940 /*
941 * We don't want to get stuck waiting for input from user if
942 * "panic_timeout" indicates the system should automatically
943 * reboot on panic.
944 */
945 if (panic_timeout)
946 return;
947
948 debug_locks_off();
949 console_flush_on_panic(CONSOLE_FLUSH_PENDING);
950
951 if (dbg_kdb_mode)
952 kdb_printf("PANIC: %s\n", msg);
953
954 kgdb_breakpoint();
955 }
956
kgdb_arch_late(void)957 void __weak kgdb_arch_late(void)
958 {
959 }
960
dbg_late_init(void)961 void __init dbg_late_init(void)
962 {
963 dbg_is_early = false;
964 if (kgdb_io_module_registered)
965 kgdb_arch_late();
966 kdb_init(KDB_INIT_FULL);
967 }
968
969 static int
dbg_notify_reboot(struct notifier_block * this,unsigned long code,void * x)970 dbg_notify_reboot(struct notifier_block *this, unsigned long code, void *x)
971 {
972 /*
973 * Take the following action on reboot notify depending on value:
974 * 1 == Enter debugger
975 * 0 == [the default] detatch debug client
976 * -1 == Do nothing... and use this until the board resets
977 */
978 switch (kgdbreboot) {
979 case 1:
980 kgdb_breakpoint();
981 case -1:
982 goto done;
983 }
984 if (!dbg_kdb_mode)
985 gdbstub_exit(code);
986 done:
987 return NOTIFY_DONE;
988 }
989
990 static struct notifier_block dbg_reboot_notifier = {
991 .notifier_call = dbg_notify_reboot,
992 .next = NULL,
993 .priority = INT_MAX,
994 };
995
kgdb_register_callbacks(void)996 static void kgdb_register_callbacks(void)
997 {
998 if (!kgdb_io_module_registered) {
999 kgdb_io_module_registered = 1;
1000 kgdb_arch_init();
1001 if (!dbg_is_early)
1002 kgdb_arch_late();
1003 register_module_notifier(&dbg_module_load_nb);
1004 register_reboot_notifier(&dbg_reboot_notifier);
1005 #ifdef CONFIG_MAGIC_SYSRQ
1006 register_sysrq_key('g', &sysrq_dbg_op);
1007 #endif
1008 if (kgdb_use_con && !kgdb_con_registered) {
1009 register_console(&kgdbcons);
1010 kgdb_con_registered = 1;
1011 }
1012 }
1013 }
1014
kgdb_unregister_callbacks(void)1015 static void kgdb_unregister_callbacks(void)
1016 {
1017 /*
1018 * When this routine is called KGDB should unregister from
1019 * handlers and clean up, making sure it is not handling any
1020 * break exceptions at the time.
1021 */
1022 if (kgdb_io_module_registered) {
1023 kgdb_io_module_registered = 0;
1024 unregister_reboot_notifier(&dbg_reboot_notifier);
1025 unregister_module_notifier(&dbg_module_load_nb);
1026 kgdb_arch_exit();
1027 #ifdef CONFIG_MAGIC_SYSRQ
1028 unregister_sysrq_key('g', &sysrq_dbg_op);
1029 #endif
1030 if (kgdb_con_registered) {
1031 unregister_console(&kgdbcons);
1032 kgdb_con_registered = 0;
1033 }
1034 }
1035 }
1036
1037 /*
1038 * There are times a tasklet needs to be used vs a compiled in
1039 * break point so as to cause an exception outside a kgdb I/O module,
1040 * such as is the case with kgdboe, where calling a breakpoint in the
1041 * I/O driver itself would be fatal.
1042 */
kgdb_tasklet_bpt(unsigned long ing)1043 static void kgdb_tasklet_bpt(unsigned long ing)
1044 {
1045 kgdb_breakpoint();
1046 atomic_set(&kgdb_break_tasklet_var, 0);
1047 }
1048
1049 static DECLARE_TASKLET_OLD(kgdb_tasklet_breakpoint, kgdb_tasklet_bpt);
1050
kgdb_schedule_breakpoint(void)1051 void kgdb_schedule_breakpoint(void)
1052 {
1053 if (atomic_read(&kgdb_break_tasklet_var) ||
1054 atomic_read(&kgdb_active) != -1 ||
1055 atomic_read(&kgdb_setting_breakpoint))
1056 return;
1057 atomic_inc(&kgdb_break_tasklet_var);
1058 tasklet_schedule(&kgdb_tasklet_breakpoint);
1059 }
1060 EXPORT_SYMBOL_GPL(kgdb_schedule_breakpoint);
1061
kgdb_initial_breakpoint(void)1062 static void kgdb_initial_breakpoint(void)
1063 {
1064 kgdb_break_asap = 0;
1065
1066 pr_crit("Waiting for connection from remote gdb...\n");
1067 kgdb_breakpoint();
1068 }
1069
1070 /**
1071 * kgdb_register_io_module - register KGDB IO module
1072 * @new_dbg_io_ops: the io ops vector
1073 *
1074 * Register it with the KGDB core.
1075 */
kgdb_register_io_module(struct kgdb_io * new_dbg_io_ops)1076 int kgdb_register_io_module(struct kgdb_io *new_dbg_io_ops)
1077 {
1078 int err;
1079
1080 spin_lock(&kgdb_registration_lock);
1081
1082 if (dbg_io_ops) {
1083 spin_unlock(&kgdb_registration_lock);
1084
1085 pr_err("Another I/O driver is already registered with KGDB\n");
1086 return -EBUSY;
1087 }
1088
1089 if (new_dbg_io_ops->init) {
1090 err = new_dbg_io_ops->init();
1091 if (err) {
1092 spin_unlock(&kgdb_registration_lock);
1093 return err;
1094 }
1095 }
1096
1097 dbg_io_ops = new_dbg_io_ops;
1098
1099 spin_unlock(&kgdb_registration_lock);
1100
1101 pr_info("Registered I/O driver %s\n", new_dbg_io_ops->name);
1102
1103 /* Arm KGDB now. */
1104 kgdb_register_callbacks();
1105
1106 if (kgdb_break_asap)
1107 kgdb_initial_breakpoint();
1108
1109 return 0;
1110 }
1111 EXPORT_SYMBOL_GPL(kgdb_register_io_module);
1112
1113 /**
1114 * kkgdb_unregister_io_module - unregister KGDB IO module
1115 * @old_dbg_io_ops: the io ops vector
1116 *
1117 * Unregister it with the KGDB core.
1118 */
kgdb_unregister_io_module(struct kgdb_io * old_dbg_io_ops)1119 void kgdb_unregister_io_module(struct kgdb_io *old_dbg_io_ops)
1120 {
1121 BUG_ON(kgdb_connected);
1122
1123 /*
1124 * KGDB is no longer able to communicate out, so
1125 * unregister our callbacks and reset state.
1126 */
1127 kgdb_unregister_callbacks();
1128
1129 spin_lock(&kgdb_registration_lock);
1130
1131 WARN_ON_ONCE(dbg_io_ops != old_dbg_io_ops);
1132 dbg_io_ops = NULL;
1133
1134 spin_unlock(&kgdb_registration_lock);
1135
1136 pr_info("Unregistered I/O driver %s, debugger disabled\n",
1137 old_dbg_io_ops->name);
1138 }
1139 EXPORT_SYMBOL_GPL(kgdb_unregister_io_module);
1140
dbg_io_get_char(void)1141 int dbg_io_get_char(void)
1142 {
1143 int ret = dbg_io_ops->read_char();
1144 if (ret == NO_POLL_CHAR)
1145 return -1;
1146 if (!dbg_kdb_mode)
1147 return ret;
1148 if (ret == 127)
1149 return 8;
1150 return ret;
1151 }
1152
1153 /**
1154 * kgdb_breakpoint - generate breakpoint exception
1155 *
1156 * This function will generate a breakpoint exception. It is used at the
1157 * beginning of a program to sync up with a debugger and can be used
1158 * otherwise as a quick means to stop program execution and "break" into
1159 * the debugger.
1160 */
kgdb_breakpoint(void)1161 noinline void kgdb_breakpoint(void)
1162 {
1163 atomic_inc(&kgdb_setting_breakpoint);
1164 wmb(); /* Sync point before breakpoint */
1165 arch_kgdb_breakpoint();
1166 wmb(); /* Sync point after breakpoint */
1167 atomic_dec(&kgdb_setting_breakpoint);
1168 }
1169 EXPORT_SYMBOL_GPL(kgdb_breakpoint);
1170
opt_kgdb_wait(char * str)1171 static int __init opt_kgdb_wait(char *str)
1172 {
1173 kgdb_break_asap = 1;
1174
1175 kdb_init(KDB_INIT_EARLY);
1176 if (kgdb_io_module_registered)
1177 kgdb_initial_breakpoint();
1178
1179 return 0;
1180 }
1181
1182 early_param("kgdbwait", opt_kgdb_wait);
1183