1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Kernel Debug Core 4 * 5 * Maintainer: Jason Wessel <jason.wessel@windriver.com> 6 * 7 * Copyright (C) 2000-2001 VERITAS Software Corporation. 8 * Copyright (C) 2002-2004 Timesys Corporation 9 * Copyright (C) 2003-2004 Amit S. Kale <amitkale@linsyssoft.com> 10 * Copyright (C) 2004 Pavel Machek <pavel@ucw.cz> 11 * Copyright (C) 2004-2006 Tom Rini <trini@kernel.crashing.org> 12 * Copyright (C) 2004-2006 LinSysSoft Technologies Pvt. Ltd. 13 * Copyright (C) 2005-2009 Wind River Systems, Inc. 14 * Copyright (C) 2007 MontaVista Software, Inc. 15 * Copyright (C) 2008 Red Hat, Inc., Ingo Molnar <mingo@redhat.com> 16 * 17 * Contributors at various stages not listed above: 18 * Jason Wessel ( jason.wessel@windriver.com ) 19 * George Anzinger <george@mvista.com> 20 * Anurekh Saxena (anurekh.saxena@timesys.com) 21 * Lake Stevens Instrument Division (Glenn Engel) 22 * Jim Kingdon, Cygnus Support. 23 * 24 * Original KGDB stub: David Grothe <dave@gcom.com>, 25 * Tigran Aivazian <tigran@sco.com> 26 */ 27 28 #define pr_fmt(fmt) "KGDB: " fmt 29 30 #include <linux/pid_namespace.h> 31 #include <linux/clocksource.h> 32 #include <linux/serial_core.h> 33 #include <linux/interrupt.h> 34 #include <linux/spinlock.h> 35 #include <linux/console.h> 36 #include <linux/threads.h> 37 #include <linux/uaccess.h> 38 #include <linux/kernel.h> 39 #include <linux/module.h> 40 #include <linux/ptrace.h> 41 #include <linux/string.h> 42 #include <linux/delay.h> 43 #include <linux/sched.h> 44 #include <linux/sysrq.h> 45 #include <linux/reboot.h> 46 #include <linux/init.h> 47 #include <linux/kgdb.h> 48 #include <linux/kdb.h> 49 #include <linux/nmi.h> 50 #include <linux/pid.h> 51 #include <linux/smp.h> 52 #include <linux/mm.h> 53 #include <linux/rcupdate.h> 54 #include <linux/irq.h> 55 #include <linux/security.h> 56 57 #include <asm/cacheflush.h> 58 #include <asm/byteorder.h> 59 #include <linux/atomic.h> 60 61 #include "debug_core.h" 62 63 static int kgdb_break_asap; 64 65 struct debuggerinfo_struct kgdb_info[NR_CPUS]; 66 67 /* kgdb_connected - Is a host GDB connected to us? */ 68 int kgdb_connected; 69 EXPORT_SYMBOL_GPL(kgdb_connected); 70 71 /* All the KGDB handlers are installed */ 72 int kgdb_io_module_registered; 73 74 /* Guard for recursive entry */ 75 static int exception_level; 76 77 struct kgdb_io *dbg_io_ops; 78 static DEFINE_SPINLOCK(kgdb_registration_lock); 79 80 /* Action for the reboot notifier, a global allow kdb to change it */ 81 static int kgdbreboot; 82 /* kgdb console driver is loaded */ 83 static int kgdb_con_registered; 84 /* determine if kgdb console output should be used */ 85 static int kgdb_use_con; 86 /* Flag for alternate operations for early debugging */ 87 bool dbg_is_early = true; 88 /* Next cpu to become the master debug core */ 89 int dbg_switch_cpu; 90 91 /* Use kdb or gdbserver mode */ 92 int dbg_kdb_mode = 1; 93 94 module_param(kgdb_use_con, int, 0644); 95 module_param(kgdbreboot, int, 0644); 96 97 /* 98 * Holds information about breakpoints in a kernel. These breakpoints are 99 * added and removed by gdb. 100 */ 101 static struct kgdb_bkpt kgdb_break[KGDB_MAX_BREAKPOINTS] = { 102 [0 ... KGDB_MAX_BREAKPOINTS-1] = { .state = BP_UNDEFINED } 103 }; 104 105 /* 106 * The CPU# of the active CPU, or -1 if none: 107 */ 108 atomic_t kgdb_active = ATOMIC_INIT(-1); 109 EXPORT_SYMBOL_GPL(kgdb_active); 110 static DEFINE_RAW_SPINLOCK(dbg_master_lock); 111 static DEFINE_RAW_SPINLOCK(dbg_slave_lock); 112 113 /* 114 * We use NR_CPUs not PERCPU, in case kgdb is used to debug early 115 * bootup code (which might not have percpu set up yet): 116 */ 117 static atomic_t masters_in_kgdb; 118 static atomic_t slaves_in_kgdb; 119 atomic_t kgdb_setting_breakpoint; 120 121 struct task_struct *kgdb_usethread; 122 struct task_struct *kgdb_contthread; 123 124 int kgdb_single_step; 125 static pid_t kgdb_sstep_pid; 126 127 /* to keep track of the CPU which is doing the single stepping*/ 128 atomic_t kgdb_cpu_doing_single_step = ATOMIC_INIT(-1); 129 130 /* 131 * If you are debugging a problem where roundup (the collection of 132 * all other CPUs) is a problem [this should be extremely rare], 133 * then use the nokgdbroundup option to avoid roundup. In that case 134 * the other CPUs might interfere with your debugging context, so 135 * use this with care: 136 */ 137 static int kgdb_do_roundup = 1; 138 opt_nokgdbroundup(char * str)139 static int __init opt_nokgdbroundup(char *str) 140 { 141 kgdb_do_roundup = 0; 142 143 return 0; 144 } 145 146 early_param("nokgdbroundup", opt_nokgdbroundup); 147 148 /* 149 * Finally, some KGDB code :-) 150 */ 151 152 /* 153 * Weak aliases for breakpoint management, 154 * can be overridden by architectures when needed: 155 */ kgdb_arch_set_breakpoint(struct kgdb_bkpt * bpt)156 int __weak kgdb_arch_set_breakpoint(struct kgdb_bkpt *bpt) 157 { 158 int err; 159 160 err = copy_from_kernel_nofault(bpt->saved_instr, (char *)bpt->bpt_addr, 161 BREAK_INSTR_SIZE); 162 if (err) 163 return err; 164 err = copy_to_kernel_nofault((char *)bpt->bpt_addr, 165 arch_kgdb_ops.gdb_bpt_instr, BREAK_INSTR_SIZE); 166 return err; 167 } 168 NOKPROBE_SYMBOL(kgdb_arch_set_breakpoint); 169 kgdb_arch_remove_breakpoint(struct kgdb_bkpt * bpt)170 int __weak kgdb_arch_remove_breakpoint(struct kgdb_bkpt *bpt) 171 { 172 return copy_to_kernel_nofault((char *)bpt->bpt_addr, 173 (char *)bpt->saved_instr, BREAK_INSTR_SIZE); 174 } 175 NOKPROBE_SYMBOL(kgdb_arch_remove_breakpoint); 176 kgdb_validate_break_address(unsigned long addr)177 int __weak kgdb_validate_break_address(unsigned long addr) 178 { 179 struct kgdb_bkpt tmp; 180 int err; 181 182 if (kgdb_within_blocklist(addr)) 183 return -EINVAL; 184 185 /* Validate setting the breakpoint and then removing it. If the 186 * remove fails, the kernel needs to emit a bad message because we 187 * are deep trouble not being able to put things back the way we 188 * found them. 189 */ 190 tmp.bpt_addr = addr; 191 err = kgdb_arch_set_breakpoint(&tmp); 192 if (err) 193 return err; 194 err = kgdb_arch_remove_breakpoint(&tmp); 195 if (err) 196 pr_err("Critical breakpoint error, kernel memory destroyed at: %lx\n", 197 addr); 198 return err; 199 } 200 kgdb_arch_pc(int exception,struct pt_regs * regs)201 unsigned long __weak kgdb_arch_pc(int exception, struct pt_regs *regs) 202 { 203 return instruction_pointer(regs); 204 } 205 NOKPROBE_SYMBOL(kgdb_arch_pc); 206 kgdb_arch_init(void)207 int __weak kgdb_arch_init(void) 208 { 209 return 0; 210 } 211 kgdb_skipexception(int exception,struct pt_regs * regs)212 int __weak kgdb_skipexception(int exception, struct pt_regs *regs) 213 { 214 return 0; 215 } 216 NOKPROBE_SYMBOL(kgdb_skipexception); 217 218 #ifdef CONFIG_SMP 219 220 /* 221 * Default (weak) implementation for kgdb_roundup_cpus 222 */ 223 kgdb_call_nmi_hook(void * ignored)224 void __weak kgdb_call_nmi_hook(void *ignored) 225 { 226 /* 227 * NOTE: get_irq_regs() is supposed to get the registers from 228 * before the IPI interrupt happened and so is supposed to 229 * show where the processor was. In some situations it's 230 * possible we might be called without an IPI, so it might be 231 * safer to figure out how to make kgdb_breakpoint() work 232 * properly here. 233 */ 234 kgdb_nmicallback(raw_smp_processor_id(), get_irq_regs()); 235 } 236 NOKPROBE_SYMBOL(kgdb_call_nmi_hook); 237 238 static DEFINE_PER_CPU(call_single_data_t, kgdb_roundup_csd) = 239 CSD_INIT(kgdb_call_nmi_hook, NULL); 240 kgdb_roundup_cpus(void)241 void __weak kgdb_roundup_cpus(void) 242 { 243 call_single_data_t *csd; 244 int this_cpu = raw_smp_processor_id(); 245 int cpu; 246 int ret; 247 248 for_each_online_cpu(cpu) { 249 /* No need to roundup ourselves */ 250 if (cpu == this_cpu) 251 continue; 252 253 csd = &per_cpu(kgdb_roundup_csd, cpu); 254 255 /* 256 * If it didn't round up last time, don't try again 257 * since smp_call_function_single_async() will block. 258 * 259 * If rounding_up is false then we know that the 260 * previous call must have at least started and that 261 * means smp_call_function_single_async() won't block. 262 */ 263 if (kgdb_info[cpu].rounding_up) 264 continue; 265 kgdb_info[cpu].rounding_up = true; 266 267 ret = smp_call_function_single_async(cpu, csd); 268 if (ret) 269 kgdb_info[cpu].rounding_up = false; 270 } 271 } 272 NOKPROBE_SYMBOL(kgdb_roundup_cpus); 273 274 #endif 275 276 /* 277 * Some architectures need cache flushes when we set/clear a 278 * breakpoint: 279 */ kgdb_flush_swbreak_addr(unsigned long addr)280 static void kgdb_flush_swbreak_addr(unsigned long addr) 281 { 282 if (!CACHE_FLUSH_IS_SAFE) 283 return; 284 285 /* Force flush instruction cache if it was outside the mm */ 286 flush_icache_range(addr, addr + BREAK_INSTR_SIZE); 287 } 288 NOKPROBE_SYMBOL(kgdb_flush_swbreak_addr); 289 290 /* 291 * SW breakpoint management: 292 */ dbg_activate_sw_breakpoints(void)293 int dbg_activate_sw_breakpoints(void) 294 { 295 int error; 296 int ret = 0; 297 int i; 298 299 for (i = 0; i < KGDB_MAX_BREAKPOINTS; i++) { 300 if (kgdb_break[i].state != BP_SET) 301 continue; 302 303 error = kgdb_arch_set_breakpoint(&kgdb_break[i]); 304 if (error) { 305 ret = error; 306 pr_info("BP install failed: %lx\n", 307 kgdb_break[i].bpt_addr); 308 continue; 309 } 310 311 kgdb_flush_swbreak_addr(kgdb_break[i].bpt_addr); 312 kgdb_break[i].state = BP_ACTIVE; 313 } 314 return ret; 315 } 316 NOKPROBE_SYMBOL(dbg_activate_sw_breakpoints); 317 dbg_set_sw_break(unsigned long addr)318 int dbg_set_sw_break(unsigned long addr) 319 { 320 int err = kgdb_validate_break_address(addr); 321 int breakno = -1; 322 int i; 323 324 if (err) 325 return err; 326 327 for (i = 0; i < KGDB_MAX_BREAKPOINTS; i++) { 328 if ((kgdb_break[i].state == BP_SET) && 329 (kgdb_break[i].bpt_addr == addr)) 330 return -EEXIST; 331 } 332 for (i = 0; i < KGDB_MAX_BREAKPOINTS; i++) { 333 if (kgdb_break[i].state == BP_REMOVED && 334 kgdb_break[i].bpt_addr == addr) { 335 breakno = i; 336 break; 337 } 338 } 339 340 if (breakno == -1) { 341 for (i = 0; i < KGDB_MAX_BREAKPOINTS; i++) { 342 if (kgdb_break[i].state == BP_UNDEFINED) { 343 breakno = i; 344 break; 345 } 346 } 347 } 348 349 if (breakno == -1) 350 return -E2BIG; 351 352 kgdb_break[breakno].state = BP_SET; 353 kgdb_break[breakno].type = BP_BREAKPOINT; 354 kgdb_break[breakno].bpt_addr = addr; 355 356 return 0; 357 } 358 dbg_deactivate_sw_breakpoints(void)359 int dbg_deactivate_sw_breakpoints(void) 360 { 361 int error; 362 int ret = 0; 363 int i; 364 365 for (i = 0; i < KGDB_MAX_BREAKPOINTS; i++) { 366 if (kgdb_break[i].state != BP_ACTIVE) 367 continue; 368 error = kgdb_arch_remove_breakpoint(&kgdb_break[i]); 369 if (error) { 370 pr_info("BP remove failed: %lx\n", 371 kgdb_break[i].bpt_addr); 372 ret = error; 373 } 374 375 kgdb_flush_swbreak_addr(kgdb_break[i].bpt_addr); 376 kgdb_break[i].state = BP_SET; 377 } 378 return ret; 379 } 380 NOKPROBE_SYMBOL(dbg_deactivate_sw_breakpoints); 381 dbg_remove_sw_break(unsigned long addr)382 int dbg_remove_sw_break(unsigned long addr) 383 { 384 int i; 385 386 for (i = 0; i < KGDB_MAX_BREAKPOINTS; i++) { 387 if ((kgdb_break[i].state == BP_SET) && 388 (kgdb_break[i].bpt_addr == addr)) { 389 kgdb_break[i].state = BP_REMOVED; 390 return 0; 391 } 392 } 393 return -ENOENT; 394 } 395 kgdb_isremovedbreak(unsigned long addr)396 int kgdb_isremovedbreak(unsigned long addr) 397 { 398 int i; 399 400 for (i = 0; i < KGDB_MAX_BREAKPOINTS; i++) { 401 if ((kgdb_break[i].state == BP_REMOVED) && 402 (kgdb_break[i].bpt_addr == addr)) 403 return 1; 404 } 405 return 0; 406 } 407 kgdb_has_hit_break(unsigned long addr)408 int kgdb_has_hit_break(unsigned long addr) 409 { 410 int i; 411 412 for (i = 0; i < KGDB_MAX_BREAKPOINTS; i++) { 413 if (kgdb_break[i].state == BP_ACTIVE && 414 kgdb_break[i].bpt_addr == addr) 415 return 1; 416 } 417 return 0; 418 } 419 dbg_remove_all_break(void)420 int dbg_remove_all_break(void) 421 { 422 int error; 423 int i; 424 425 /* Clear memory breakpoints. */ 426 for (i = 0; i < KGDB_MAX_BREAKPOINTS; i++) { 427 if (kgdb_break[i].state != BP_ACTIVE) 428 goto setundefined; 429 error = kgdb_arch_remove_breakpoint(&kgdb_break[i]); 430 if (error) 431 pr_err("breakpoint remove failed: %lx\n", 432 kgdb_break[i].bpt_addr); 433 setundefined: 434 kgdb_break[i].state = BP_UNDEFINED; 435 } 436 437 /* Clear hardware breakpoints. */ 438 if (arch_kgdb_ops.remove_all_hw_break) 439 arch_kgdb_ops.remove_all_hw_break(); 440 441 return 0; 442 } 443 kgdb_free_init_mem(void)444 void kgdb_free_init_mem(void) 445 { 446 int i; 447 448 /* Clear init memory breakpoints. */ 449 for (i = 0; i < KGDB_MAX_BREAKPOINTS; i++) { 450 if (init_section_contains((void *)kgdb_break[i].bpt_addr, 0)) 451 kgdb_break[i].state = BP_UNDEFINED; 452 } 453 } 454 455 #ifdef CONFIG_KGDB_KDB kdb_dump_stack_on_cpu(int cpu)456 void kdb_dump_stack_on_cpu(int cpu) 457 { 458 if (cpu == raw_smp_processor_id() || !IS_ENABLED(CONFIG_SMP)) { 459 dump_stack(); 460 return; 461 } 462 463 if (!(kgdb_info[cpu].exception_state & DCPU_IS_SLAVE)) { 464 kdb_printf("ERROR: Task on cpu %d didn't stop in the debugger\n", 465 cpu); 466 return; 467 } 468 469 /* 470 * In general, architectures don't support dumping the stack of a 471 * "running" process that's not the current one. From the point of 472 * view of the Linux, kernel processes that are looping in the kgdb 473 * slave loop are still "running". There's also no API (that actually 474 * works across all architectures) that can do a stack crawl based 475 * on registers passed as a parameter. 476 * 477 * Solve this conundrum by asking slave CPUs to do the backtrace 478 * themselves. 479 */ 480 kgdb_info[cpu].exception_state |= DCPU_WANT_BT; 481 while (kgdb_info[cpu].exception_state & DCPU_WANT_BT) 482 cpu_relax(); 483 } 484 #endif 485 486 /* 487 * Return true if there is a valid kgdb I/O module. Also if no 488 * debugger is attached a message can be printed to the console about 489 * waiting for the debugger to attach. 490 * 491 * The print_wait argument is only to be true when called from inside 492 * the core kgdb_handle_exception, because it will wait for the 493 * debugger to attach. 494 */ kgdb_io_ready(int print_wait)495 static int kgdb_io_ready(int print_wait) 496 { 497 if (!dbg_io_ops) 498 return 0; 499 if (kgdb_connected) 500 return 1; 501 if (atomic_read(&kgdb_setting_breakpoint)) 502 return 1; 503 if (print_wait) { 504 #ifdef CONFIG_KGDB_KDB 505 if (!dbg_kdb_mode) 506 pr_crit("waiting... or $3#33 for KDB\n"); 507 #else 508 pr_crit("Waiting for remote debugger\n"); 509 #endif 510 } 511 return 1; 512 } 513 NOKPROBE_SYMBOL(kgdb_io_ready); 514 kgdb_reenter_check(struct kgdb_state * ks)515 static int kgdb_reenter_check(struct kgdb_state *ks) 516 { 517 unsigned long addr; 518 519 if (atomic_read(&kgdb_active) != raw_smp_processor_id()) 520 return 0; 521 522 /* Panic on recursive debugger calls: */ 523 exception_level++; 524 addr = kgdb_arch_pc(ks->ex_vector, ks->linux_regs); 525 dbg_deactivate_sw_breakpoints(); 526 527 /* 528 * If the break point removed ok at the place exception 529 * occurred, try to recover and print a warning to the end 530 * user because the user planted a breakpoint in a place that 531 * KGDB needs in order to function. 532 */ 533 if (dbg_remove_sw_break(addr) == 0) { 534 exception_level = 0; 535 kgdb_skipexception(ks->ex_vector, ks->linux_regs); 536 dbg_activate_sw_breakpoints(); 537 pr_crit("re-enter error: breakpoint removed %lx\n", addr); 538 WARN_ON_ONCE(1); 539 540 return 1; 541 } 542 dbg_remove_all_break(); 543 kgdb_skipexception(ks->ex_vector, ks->linux_regs); 544 545 if (exception_level > 1) { 546 dump_stack(); 547 kgdb_io_module_registered = false; 548 panic("Recursive entry to debugger"); 549 } 550 551 pr_crit("re-enter exception: ALL breakpoints killed\n"); 552 #ifdef CONFIG_KGDB_KDB 553 /* Allow kdb to debug itself one level */ 554 return 0; 555 #endif 556 dump_stack(); 557 panic("Recursive entry to debugger"); 558 559 return 1; 560 } 561 NOKPROBE_SYMBOL(kgdb_reenter_check); 562 dbg_touch_watchdogs(void)563 static void dbg_touch_watchdogs(void) 564 { 565 touch_softlockup_watchdog_sync(); 566 clocksource_touch_watchdog(); 567 rcu_cpu_stall_reset(); 568 } 569 NOKPROBE_SYMBOL(dbg_touch_watchdogs); 570 kgdb_cpu_enter(struct kgdb_state * ks,struct pt_regs * regs,int exception_state)571 static int kgdb_cpu_enter(struct kgdb_state *ks, struct pt_regs *regs, 572 int exception_state) 573 { 574 unsigned long flags; 575 int sstep_tries = 100; 576 int error; 577 int cpu; 578 int trace_on = 0; 579 int online_cpus = num_online_cpus(); 580 u64 time_left; 581 582 kgdb_info[ks->cpu].enter_kgdb++; 583 kgdb_info[ks->cpu].exception_state |= exception_state; 584 585 if (exception_state == DCPU_WANT_MASTER) 586 atomic_inc(&masters_in_kgdb); 587 else 588 atomic_inc(&slaves_in_kgdb); 589 590 if (arch_kgdb_ops.disable_hw_break) 591 arch_kgdb_ops.disable_hw_break(regs); 592 593 acquirelock: 594 rcu_read_lock(); 595 /* 596 * Interrupts will be restored by the 'trap return' code, except when 597 * single stepping. 598 */ 599 local_irq_save(flags); 600 601 cpu = ks->cpu; 602 kgdb_info[cpu].debuggerinfo = regs; 603 kgdb_info[cpu].task = current; 604 kgdb_info[cpu].ret_state = 0; 605 kgdb_info[cpu].irq_depth = hardirq_count() >> HARDIRQ_SHIFT; 606 607 /* Make sure the above info reaches the primary CPU */ 608 smp_mb(); 609 610 if (exception_level == 1) { 611 if (raw_spin_trylock(&dbg_master_lock)) 612 atomic_xchg(&kgdb_active, cpu); 613 goto cpu_master_loop; 614 } 615 616 /* 617 * CPU will loop if it is a slave or request to become a kgdb 618 * master cpu and acquire the kgdb_active lock: 619 */ 620 while (1) { 621 cpu_loop: 622 if (kgdb_info[cpu].exception_state & DCPU_NEXT_MASTER) { 623 kgdb_info[cpu].exception_state &= ~DCPU_NEXT_MASTER; 624 goto cpu_master_loop; 625 } else if (kgdb_info[cpu].exception_state & DCPU_WANT_MASTER) { 626 if (raw_spin_trylock(&dbg_master_lock)) { 627 atomic_xchg(&kgdb_active, cpu); 628 break; 629 } 630 } else if (kgdb_info[cpu].exception_state & DCPU_WANT_BT) { 631 dump_stack(); 632 kgdb_info[cpu].exception_state &= ~DCPU_WANT_BT; 633 } else if (kgdb_info[cpu].exception_state & DCPU_IS_SLAVE) { 634 if (!raw_spin_is_locked(&dbg_slave_lock)) 635 goto return_normal; 636 } else { 637 return_normal: 638 /* Return to normal operation by executing any 639 * hw breakpoint fixup. 640 */ 641 if (arch_kgdb_ops.correct_hw_break) 642 arch_kgdb_ops.correct_hw_break(); 643 if (trace_on) 644 tracing_on(); 645 kgdb_info[cpu].debuggerinfo = NULL; 646 kgdb_info[cpu].task = NULL; 647 kgdb_info[cpu].exception_state &= 648 ~(DCPU_WANT_MASTER | DCPU_IS_SLAVE); 649 kgdb_info[cpu].enter_kgdb--; 650 smp_mb__before_atomic(); 651 atomic_dec(&slaves_in_kgdb); 652 dbg_touch_watchdogs(); 653 local_irq_restore(flags); 654 rcu_read_unlock(); 655 return 0; 656 } 657 cpu_relax(); 658 } 659 660 /* 661 * For single stepping, try to only enter on the processor 662 * that was single stepping. To guard against a deadlock, the 663 * kernel will only try for the value of sstep_tries before 664 * giving up and continuing on. 665 */ 666 if (atomic_read(&kgdb_cpu_doing_single_step) != -1 && 667 (kgdb_info[cpu].task && 668 kgdb_info[cpu].task->pid != kgdb_sstep_pid) && --sstep_tries) { 669 atomic_set(&kgdb_active, -1); 670 raw_spin_unlock(&dbg_master_lock); 671 dbg_touch_watchdogs(); 672 local_irq_restore(flags); 673 rcu_read_unlock(); 674 675 goto acquirelock; 676 } 677 678 if (!kgdb_io_ready(1)) { 679 kgdb_info[cpu].ret_state = 1; 680 goto kgdb_restore; /* No I/O connection, resume the system */ 681 } 682 683 /* 684 * Don't enter if we have hit a removed breakpoint. 685 */ 686 if (kgdb_skipexception(ks->ex_vector, ks->linux_regs)) 687 goto kgdb_restore; 688 689 atomic_inc(&ignore_console_lock_warning); 690 691 /* Call the I/O driver's pre_exception routine */ 692 if (dbg_io_ops->pre_exception) 693 dbg_io_ops->pre_exception(); 694 695 /* 696 * Get the passive CPU lock which will hold all the non-primary 697 * CPU in a spin state while the debugger is active 698 */ 699 if (!kgdb_single_step) 700 raw_spin_lock(&dbg_slave_lock); 701 702 #ifdef CONFIG_SMP 703 /* If send_ready set, slaves are already waiting */ 704 if (ks->send_ready) 705 atomic_set(ks->send_ready, 1); 706 707 /* Signal the other CPUs to enter kgdb_wait() */ 708 else if ((!kgdb_single_step) && kgdb_do_roundup) 709 kgdb_roundup_cpus(); 710 #endif 711 712 /* 713 * Wait for the other CPUs to be notified and be waiting for us: 714 */ 715 time_left = MSEC_PER_SEC; 716 while (kgdb_do_roundup && --time_left && 717 (atomic_read(&masters_in_kgdb) + atomic_read(&slaves_in_kgdb)) != 718 online_cpus) 719 udelay(1000); 720 if (!time_left) 721 pr_crit("Timed out waiting for secondary CPUs.\n"); 722 723 /* 724 * At this point the primary processor is completely 725 * in the debugger and all secondary CPUs are quiescent 726 */ 727 dbg_deactivate_sw_breakpoints(); 728 kgdb_single_step = 0; 729 kgdb_contthread = current; 730 exception_level = 0; 731 trace_on = tracing_is_on(); 732 if (trace_on) 733 tracing_off(); 734 735 while (1) { 736 cpu_master_loop: 737 if (dbg_kdb_mode) { 738 kgdb_connected = 1; 739 error = kdb_stub(ks); 740 if (error == -1) 741 continue; 742 kgdb_connected = 0; 743 } else { 744 /* 745 * This is a brutal way to interfere with the debugger 746 * and prevent gdb being used to poke at kernel memory. 747 * This could cause trouble if lockdown is applied when 748 * there is already an active gdb session. For now the 749 * answer is simply "don't do that". Typically lockdown 750 * *will* be applied before the debug core gets started 751 * so only developers using kgdb for fairly advanced 752 * early kernel debug can be biten by this. Hopefully 753 * they are sophisticated enough to take care of 754 * themselves, especially with help from the lockdown 755 * message printed on the console! 756 */ 757 if (security_locked_down(LOCKDOWN_DBG_WRITE_KERNEL)) { 758 if (IS_ENABLED(CONFIG_KGDB_KDB)) { 759 /* Switch back to kdb if possible... */ 760 dbg_kdb_mode = 1; 761 continue; 762 } else { 763 /* ... otherwise just bail */ 764 break; 765 } 766 } 767 error = gdb_serial_stub(ks); 768 } 769 770 if (error == DBG_PASS_EVENT) { 771 dbg_kdb_mode = !dbg_kdb_mode; 772 } else if (error == DBG_SWITCH_CPU_EVENT) { 773 kgdb_info[dbg_switch_cpu].exception_state |= 774 DCPU_NEXT_MASTER; 775 goto cpu_loop; 776 } else { 777 kgdb_info[cpu].ret_state = error; 778 break; 779 } 780 } 781 782 dbg_activate_sw_breakpoints(); 783 784 /* Call the I/O driver's post_exception routine */ 785 if (dbg_io_ops->post_exception) 786 dbg_io_ops->post_exception(); 787 788 atomic_dec(&ignore_console_lock_warning); 789 790 if (!kgdb_single_step) { 791 raw_spin_unlock(&dbg_slave_lock); 792 /* Wait till all the CPUs have quit from the debugger. */ 793 while (kgdb_do_roundup && atomic_read(&slaves_in_kgdb)) 794 cpu_relax(); 795 } 796 797 kgdb_restore: 798 if (atomic_read(&kgdb_cpu_doing_single_step) != -1) { 799 int sstep_cpu = atomic_read(&kgdb_cpu_doing_single_step); 800 if (kgdb_info[sstep_cpu].task) 801 kgdb_sstep_pid = kgdb_info[sstep_cpu].task->pid; 802 else 803 kgdb_sstep_pid = 0; 804 } 805 if (arch_kgdb_ops.correct_hw_break) 806 arch_kgdb_ops.correct_hw_break(); 807 if (trace_on) 808 tracing_on(); 809 810 kgdb_info[cpu].debuggerinfo = NULL; 811 kgdb_info[cpu].task = NULL; 812 kgdb_info[cpu].exception_state &= 813 ~(DCPU_WANT_MASTER | DCPU_IS_SLAVE); 814 kgdb_info[cpu].enter_kgdb--; 815 smp_mb__before_atomic(); 816 atomic_dec(&masters_in_kgdb); 817 /* Free kgdb_active */ 818 atomic_set(&kgdb_active, -1); 819 raw_spin_unlock(&dbg_master_lock); 820 dbg_touch_watchdogs(); 821 local_irq_restore(flags); 822 rcu_read_unlock(); 823 824 return kgdb_info[cpu].ret_state; 825 } 826 NOKPROBE_SYMBOL(kgdb_cpu_enter); 827 828 /* 829 * kgdb_handle_exception() - main entry point from a kernel exception 830 * 831 * Locking hierarchy: 832 * interface locks, if any (begin_session) 833 * kgdb lock (kgdb_active) 834 */ 835 int kgdb_handle_exception(int evector,int signo,int ecode,struct pt_regs * regs)836 kgdb_handle_exception(int evector, int signo, int ecode, struct pt_regs *regs) 837 { 838 struct kgdb_state kgdb_var; 839 struct kgdb_state *ks = &kgdb_var; 840 int ret = 0; 841 842 if (arch_kgdb_ops.enable_nmi) 843 arch_kgdb_ops.enable_nmi(0); 844 /* 845 * Avoid entering the debugger if we were triggered due to an oops 846 * but panic_timeout indicates the system should automatically 847 * reboot on panic. We don't want to get stuck waiting for input 848 * on such systems, especially if its "just" an oops. 849 */ 850 if (signo != SIGTRAP && panic_timeout) 851 return 1; 852 853 memset(ks, 0, sizeof(struct kgdb_state)); 854 ks->cpu = raw_smp_processor_id(); 855 ks->ex_vector = evector; 856 ks->signo = signo; 857 ks->err_code = ecode; 858 ks->linux_regs = regs; 859 860 if (kgdb_reenter_check(ks)) 861 goto out; /* Ouch, double exception ! */ 862 if (kgdb_info[ks->cpu].enter_kgdb != 0) 863 goto out; 864 865 ret = kgdb_cpu_enter(ks, regs, DCPU_WANT_MASTER); 866 out: 867 if (arch_kgdb_ops.enable_nmi) 868 arch_kgdb_ops.enable_nmi(1); 869 return ret; 870 } 871 NOKPROBE_SYMBOL(kgdb_handle_exception); 872 873 /* 874 * GDB places a breakpoint at this function to know dynamically loaded objects. 875 */ module_event(struct notifier_block * self,unsigned long val,void * data)876 static int module_event(struct notifier_block *self, unsigned long val, 877 void *data) 878 { 879 return 0; 880 } 881 882 static struct notifier_block dbg_module_load_nb = { 883 .notifier_call = module_event, 884 }; 885 kgdb_nmicallback(int cpu,void * regs)886 int kgdb_nmicallback(int cpu, void *regs) 887 { 888 #ifdef CONFIG_SMP 889 struct kgdb_state kgdb_var; 890 struct kgdb_state *ks = &kgdb_var; 891 892 kgdb_info[cpu].rounding_up = false; 893 894 memset(ks, 0, sizeof(struct kgdb_state)); 895 ks->cpu = cpu; 896 ks->linux_regs = regs; 897 898 if (kgdb_info[ks->cpu].enter_kgdb == 0 && 899 raw_spin_is_locked(&dbg_master_lock)) { 900 kgdb_cpu_enter(ks, regs, DCPU_IS_SLAVE); 901 return 0; 902 } 903 #endif 904 return 1; 905 } 906 NOKPROBE_SYMBOL(kgdb_nmicallback); 907 kgdb_nmicallin(int cpu,int trapnr,void * regs,int err_code,atomic_t * send_ready)908 int kgdb_nmicallin(int cpu, int trapnr, void *regs, int err_code, 909 atomic_t *send_ready) 910 { 911 #ifdef CONFIG_SMP 912 if (!kgdb_io_ready(0) || !send_ready) 913 return 1; 914 915 if (kgdb_info[cpu].enter_kgdb == 0) { 916 struct kgdb_state kgdb_var; 917 struct kgdb_state *ks = &kgdb_var; 918 919 memset(ks, 0, sizeof(struct kgdb_state)); 920 ks->cpu = cpu; 921 ks->ex_vector = trapnr; 922 ks->signo = SIGTRAP; 923 ks->err_code = err_code; 924 ks->linux_regs = regs; 925 ks->send_ready = send_ready; 926 kgdb_cpu_enter(ks, regs, DCPU_WANT_MASTER); 927 return 0; 928 } 929 #endif 930 return 1; 931 } 932 NOKPROBE_SYMBOL(kgdb_nmicallin); 933 kgdb_console_write(struct console * co,const char * s,unsigned count)934 static void kgdb_console_write(struct console *co, const char *s, 935 unsigned count) 936 { 937 unsigned long flags; 938 939 /* If we're debugging, or KGDB has not connected, don't try 940 * and print. */ 941 if (!kgdb_connected || atomic_read(&kgdb_active) != -1 || dbg_kdb_mode) 942 return; 943 944 local_irq_save(flags); 945 gdbstub_msg_write(s, count); 946 local_irq_restore(flags); 947 } 948 949 static struct console kgdbcons = { 950 .name = "kgdb", 951 .write = kgdb_console_write, 952 .flags = CON_PRINTBUFFER | CON_ENABLED, 953 .index = -1, 954 }; 955 opt_kgdb_con(char * str)956 static int __init opt_kgdb_con(char *str) 957 { 958 kgdb_use_con = 1; 959 960 if (kgdb_io_module_registered && !kgdb_con_registered) { 961 register_console(&kgdbcons); 962 kgdb_con_registered = 1; 963 } 964 965 return 0; 966 } 967 968 early_param("kgdbcon", opt_kgdb_con); 969 970 #ifdef CONFIG_MAGIC_SYSRQ sysrq_handle_dbg(u8 key)971 static void sysrq_handle_dbg(u8 key) 972 { 973 if (!dbg_io_ops) { 974 pr_crit("ERROR: No KGDB I/O module available\n"); 975 return; 976 } 977 if (!kgdb_connected) { 978 #ifdef CONFIG_KGDB_KDB 979 if (!dbg_kdb_mode) 980 pr_crit("KGDB or $3#33 for KDB\n"); 981 #else 982 pr_crit("Entering KGDB\n"); 983 #endif 984 } 985 986 kgdb_breakpoint(); 987 } 988 989 static const struct sysrq_key_op sysrq_dbg_op = { 990 .handler = sysrq_handle_dbg, 991 .help_msg = "debug(g)", 992 .action_msg = "DEBUG", 993 }; 994 #endif 995 kgdb_panic(const char * msg)996 void kgdb_panic(const char *msg) 997 { 998 if (!kgdb_io_module_registered) 999 return; 1000 1001 /* 1002 * We don't want to get stuck waiting for input from user if 1003 * "panic_timeout" indicates the system should automatically 1004 * reboot on panic. 1005 */ 1006 if (panic_timeout) 1007 return; 1008 1009 debug_locks_off(); 1010 console_flush_on_panic(CONSOLE_FLUSH_PENDING); 1011 1012 if (dbg_kdb_mode) 1013 kdb_printf("PANIC: %s\n", msg); 1014 1015 kgdb_breakpoint(); 1016 } 1017 kgdb_initial_breakpoint(void)1018 static void kgdb_initial_breakpoint(void) 1019 { 1020 kgdb_break_asap = 0; 1021 1022 pr_crit("Waiting for connection from remote gdb...\n"); 1023 kgdb_breakpoint(); 1024 } 1025 kgdb_arch_late(void)1026 void __weak kgdb_arch_late(void) 1027 { 1028 } 1029 dbg_late_init(void)1030 void __init dbg_late_init(void) 1031 { 1032 dbg_is_early = false; 1033 if (kgdb_io_module_registered) 1034 kgdb_arch_late(); 1035 kdb_init(KDB_INIT_FULL); 1036 1037 if (kgdb_io_module_registered && kgdb_break_asap) 1038 kgdb_initial_breakpoint(); 1039 } 1040 1041 static int dbg_notify_reboot(struct notifier_block * this,unsigned long code,void * x)1042 dbg_notify_reboot(struct notifier_block *this, unsigned long code, void *x) 1043 { 1044 /* 1045 * Take the following action on reboot notify depending on value: 1046 * 1 == Enter debugger 1047 * 0 == [the default] detach debug client 1048 * -1 == Do nothing... and use this until the board resets 1049 */ 1050 switch (kgdbreboot) { 1051 case 1: 1052 kgdb_breakpoint(); 1053 goto done; 1054 case -1: 1055 goto done; 1056 } 1057 if (!dbg_kdb_mode) 1058 gdbstub_exit(code); 1059 done: 1060 return NOTIFY_DONE; 1061 } 1062 1063 static struct notifier_block dbg_reboot_notifier = { 1064 .notifier_call = dbg_notify_reboot, 1065 .next = NULL, 1066 .priority = INT_MAX, 1067 }; 1068 kgdb_register_callbacks(void)1069 static void kgdb_register_callbacks(void) 1070 { 1071 if (!kgdb_io_module_registered) { 1072 kgdb_io_module_registered = 1; 1073 kgdb_arch_init(); 1074 if (!dbg_is_early) 1075 kgdb_arch_late(); 1076 register_module_notifier(&dbg_module_load_nb); 1077 register_reboot_notifier(&dbg_reboot_notifier); 1078 #ifdef CONFIG_MAGIC_SYSRQ 1079 register_sysrq_key('g', &sysrq_dbg_op); 1080 #endif 1081 if (kgdb_use_con && !kgdb_con_registered) { 1082 register_console(&kgdbcons); 1083 kgdb_con_registered = 1; 1084 } 1085 } 1086 } 1087 kgdb_unregister_callbacks(void)1088 static void kgdb_unregister_callbacks(void) 1089 { 1090 /* 1091 * When this routine is called KGDB should unregister from 1092 * handlers and clean up, making sure it is not handling any 1093 * break exceptions at the time. 1094 */ 1095 if (kgdb_io_module_registered) { 1096 kgdb_io_module_registered = 0; 1097 unregister_reboot_notifier(&dbg_reboot_notifier); 1098 unregister_module_notifier(&dbg_module_load_nb); 1099 kgdb_arch_exit(); 1100 #ifdef CONFIG_MAGIC_SYSRQ 1101 unregister_sysrq_key('g', &sysrq_dbg_op); 1102 #endif 1103 if (kgdb_con_registered) { 1104 unregister_console(&kgdbcons); 1105 kgdb_con_registered = 0; 1106 } 1107 } 1108 } 1109 1110 /** 1111 * kgdb_register_io_module - register KGDB IO module 1112 * @new_dbg_io_ops: the io ops vector 1113 * 1114 * Register it with the KGDB core. 1115 */ kgdb_register_io_module(struct kgdb_io * new_dbg_io_ops)1116 int kgdb_register_io_module(struct kgdb_io *new_dbg_io_ops) 1117 { 1118 struct kgdb_io *old_dbg_io_ops; 1119 int err; 1120 1121 spin_lock(&kgdb_registration_lock); 1122 1123 old_dbg_io_ops = dbg_io_ops; 1124 if (old_dbg_io_ops) { 1125 if (!old_dbg_io_ops->deinit) { 1126 spin_unlock(&kgdb_registration_lock); 1127 1128 pr_err("KGDB I/O driver %s can't replace %s.\n", 1129 new_dbg_io_ops->name, old_dbg_io_ops->name); 1130 return -EBUSY; 1131 } 1132 pr_info("Replacing I/O driver %s with %s\n", 1133 old_dbg_io_ops->name, new_dbg_io_ops->name); 1134 } 1135 1136 if (new_dbg_io_ops->init) { 1137 err = new_dbg_io_ops->init(); 1138 if (err) { 1139 spin_unlock(&kgdb_registration_lock); 1140 return err; 1141 } 1142 } 1143 1144 dbg_io_ops = new_dbg_io_ops; 1145 1146 spin_unlock(&kgdb_registration_lock); 1147 1148 if (old_dbg_io_ops) { 1149 old_dbg_io_ops->deinit(); 1150 return 0; 1151 } 1152 1153 pr_info("Registered I/O driver %s\n", new_dbg_io_ops->name); 1154 1155 /* Arm KGDB now. */ 1156 kgdb_register_callbacks(); 1157 1158 if (kgdb_break_asap && 1159 (!dbg_is_early || IS_ENABLED(CONFIG_ARCH_HAS_EARLY_DEBUG))) 1160 kgdb_initial_breakpoint(); 1161 1162 return 0; 1163 } 1164 EXPORT_SYMBOL_GPL(kgdb_register_io_module); 1165 1166 /** 1167 * kgdb_unregister_io_module - unregister KGDB IO module 1168 * @old_dbg_io_ops: the io ops vector 1169 * 1170 * Unregister it with the KGDB core. 1171 */ kgdb_unregister_io_module(struct kgdb_io * old_dbg_io_ops)1172 void kgdb_unregister_io_module(struct kgdb_io *old_dbg_io_ops) 1173 { 1174 BUG_ON(kgdb_connected); 1175 1176 /* 1177 * KGDB is no longer able to communicate out, so 1178 * unregister our callbacks and reset state. 1179 */ 1180 kgdb_unregister_callbacks(); 1181 1182 spin_lock(&kgdb_registration_lock); 1183 1184 WARN_ON_ONCE(dbg_io_ops != old_dbg_io_ops); 1185 dbg_io_ops = NULL; 1186 1187 spin_unlock(&kgdb_registration_lock); 1188 1189 if (old_dbg_io_ops->deinit) 1190 old_dbg_io_ops->deinit(); 1191 1192 pr_info("Unregistered I/O driver %s, debugger disabled\n", 1193 old_dbg_io_ops->name); 1194 } 1195 EXPORT_SYMBOL_GPL(kgdb_unregister_io_module); 1196 dbg_io_get_char(void)1197 int dbg_io_get_char(void) 1198 { 1199 int ret = dbg_io_ops->read_char(); 1200 if (ret == NO_POLL_CHAR) 1201 return -1; 1202 if (!dbg_kdb_mode) 1203 return ret; 1204 if (ret == 127) 1205 return 8; 1206 return ret; 1207 } 1208 1209 /** 1210 * kgdb_breakpoint - generate breakpoint exception 1211 * 1212 * This function will generate a breakpoint exception. It is used at the 1213 * beginning of a program to sync up with a debugger and can be used 1214 * otherwise as a quick means to stop program execution and "break" into 1215 * the debugger. 1216 */ kgdb_breakpoint(void)1217 noinline void kgdb_breakpoint(void) 1218 { 1219 atomic_inc(&kgdb_setting_breakpoint); 1220 wmb(); /* Sync point before breakpoint */ 1221 arch_kgdb_breakpoint(); 1222 wmb(); /* Sync point after breakpoint */ 1223 atomic_dec(&kgdb_setting_breakpoint); 1224 } 1225 EXPORT_SYMBOL_GPL(kgdb_breakpoint); 1226 opt_kgdb_wait(char * str)1227 static int __init opt_kgdb_wait(char *str) 1228 { 1229 kgdb_break_asap = 1; 1230 1231 kdb_init(KDB_INIT_EARLY); 1232 if (kgdb_io_module_registered && 1233 IS_ENABLED(CONFIG_ARCH_HAS_EARLY_DEBUG)) 1234 kgdb_initial_breakpoint(); 1235 1236 return 0; 1237 } 1238 1239 early_param("kgdbwait", opt_kgdb_wait); 1240