[Xen-devel] [PATCH v2 0/2] xen: make more debugger support code conditional

[Xen-devel] [PATCH v2 0/2] xen: make more debugger support code conditional

[Juergen Gross]

Support for debugging the hypervisor of guests via gdb/gdbsx should be
configurable.

Changes in V2:
- split support for gdbstub and gdbsx (Andrew Cooper)

Juergen Gross (2):
  xen: put more code under CONFIG_CRASH_DEBUG
  xen: make gdbsx support configurable

 xen/Kconfig.debug              |  7 ++++++
 xen/arch/x86/Kconfig           |  1 -
 xen/arch/x86/Makefile          |  2 +-
 xen/arch/x86/debug.c           | 52 +-----------------------------------------
 xen/arch/x86/domctl.c          |  4 ++++
 xen/common/Kconfig             |  3 ---
 xen/common/domain.c            |  2 +-
 xen/include/asm-x86/debugger.h | 32 ++++++++++++++++----------
 xen/include/xen/sched.h        |  4 ++++
 9 files changed, 38 insertions(+), 69 deletions(-)

-- 
2.16.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Xen-devel] [PATCH v2 1/2] xen: put more code under CONFIG_CRASH_DEBUG

[Juergen Gross]

Some code is not needed with CONFIG_CRASH_DEBUG, so only include it if
CONFIG_CRASH_DEBUG is defined.

While at it remove CONFIG_HAS_GDBSX as it can easily be replaced by
CONFIG_CRASH_DEBUG.

Signed-off-by: Juergen Gross <jgross@suse.com>
---
 xen/arch/x86/Kconfig           |  1 -
 xen/common/Kconfig             |  3 ---
 xen/common/domain.c            |  2 +-
 xen/include/asm-x86/debugger.h | 30 ++++++++++++++++++------------
 xen/include/xen/sched.h        |  4 ++++
 5 files changed, 23 insertions(+), 17 deletions(-)

diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
index 28b3b4692a..c72da8964a 100644
--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -13,7 +13,6 @@ config X86
 	select HAS_EHCI
 	select HAS_EX_TABLE
 	select HAS_FAST_MULTIPLY
-	select HAS_GDBSX
 	select HAS_IOPORTS
 	select HAS_KEXEC
 	select MEM_ACCESS_ALWAYS_ON
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index f754741972..7bde6aff02 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -57,9 +57,6 @@ config HAS_UBSAN
 config HAS_KEXEC
 	bool
 
-config HAS_GDBSX
-	bool
-
 config HAS_IOPORTS
 	bool
 
diff --git a/xen/common/domain.c b/xen/common/domain.c
index 611116c7fc..c06efedc8e 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -915,7 +915,7 @@ void vcpu_end_shutdown_deferral(struct vcpu *v)
         vcpu_check_shutdown(v);
 }
 
-#ifdef CONFIG_HAS_GDBSX
+#ifdef CONFIG_CRASH_DEBUG
 void domain_pause_for_debugger(void)
 {
     struct vcpu *curr = current;
diff --git a/xen/include/asm-x86/debugger.h b/xen/include/asm-x86/debugger.h
index b1b627f1fa..e23f2fa4a3 100644
--- a/xen/include/asm-x86/debugger.h
+++ b/xen/include/asm-x86/debugger.h
@@ -47,18 +47,6 @@ static inline bool debugger_trap_fatal(
 /* Int3 is a trivial way to gather cpu_user_regs context. */
 #define debugger_trap_immediate() __asm__ __volatile__ ( "int3" );
 
-#else
-
-static inline bool debugger_trap_fatal(
-    unsigned int vector, struct cpu_user_regs *regs)
-{
-    return false;
-}
-
-#define debugger_trap_immediate() ((void)0)
-
-#endif
-
 static inline bool debugger_trap_entry(
     unsigned int vector, struct cpu_user_regs *regs)
 {
@@ -84,6 +72,24 @@ static inline bool debugger_trap_entry(
     return false;
 }
 
+#else
+
+static inline bool debugger_trap_fatal(
+    unsigned int vector, struct cpu_user_regs *regs)
+{
+    return false;
+}
+
+#define debugger_trap_immediate() ((void)0)
+
+static inline bool debugger_trap_entry(
+    unsigned int vector, struct cpu_user_regs *regs)
+{
+    return false;
+}
+
+#endif
+
 unsigned int dbg_rw_mem(void * __user addr, void * __user buf,
                         unsigned int len, domid_t domid, bool toaddr,
                         uint64_t pgd3);
diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
index 9f7bc69293..d2d30ece7d 100644
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -652,7 +652,11 @@ void domain_destroy(struct domain *d);
 int domain_kill(struct domain *d);
 int domain_shutdown(struct domain *d, u8 reason);
 void domain_resume(struct domain *d);
+#ifdef CONFIG_CRASH_DEBUG
 void domain_pause_for_debugger(void);
+#else
+static inline void domain_pause_for_debugger(void) { }
+#endif
 
 int domain_soft_reset(struct domain *d);
 
-- 
2.16.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Xen-devel] [PATCH v2 2/2] xen: make gdbsx support configurable

[Juergen Gross]

Gdbsx support in the hypervisor is rarely used and it is opening a
way for dom0 to modify the running hypervisor by very easy means.

Add a Kconfig option to control support of gdbsx. Default is off.

While at it correct a wrong comment in related code and remove dead
code.

Signed-off-by: Juergen Gross <jgross@suse.com>
---
 xen/Kconfig.debug              |  7 ++++++
 xen/arch/x86/Makefile          |  2 +-
 xen/arch/x86/debug.c           | 52 +-----------------------------------------
 xen/arch/x86/domctl.c          |  4 ++++
 xen/include/asm-x86/debugger.h |  2 ++
 5 files changed, 15 insertions(+), 52 deletions(-)

diff --git a/xen/Kconfig.debug b/xen/Kconfig.debug
index 22573e74db..253910036e 100644
--- a/xen/Kconfig.debug
+++ b/xen/Kconfig.debug
@@ -20,6 +20,13 @@ config CRASH_DEBUG
 	  If you want to attach gdb to Xen to debug Xen if it crashes
 	  then say Y.
 
+config GDBSX
+	bool "Guest debugging with gdbsx"
+	depends on X86
+	---help---
+	  If you want to enable support for debugging guests from dom0 via
+	  gdbsx then say Y.
+
 config DEBUG_INFO
 	bool "Compile Xen with debug info"
 	default y
diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile
index 5e6b9d7028..46a6c9d72b 100644
--- a/xen/arch/x86/Makefile
+++ b/xen/arch/x86/Makefile
@@ -19,7 +19,7 @@ obj-bin-y += copy_page.o
 obj-y += cpuid.o
 obj-$(CONFIG_PV) += compat.o x86_64/compat.o
 obj-$(CONFIG_KEXEC) += crash.o
-obj-y += debug.o
+obj-$(CONFIG_GDBSX) += debug.o
 obj-y += delay.o
 obj-y += desc.o
 obj-bin-y += dmi_scan.init.o
diff --git a/xen/arch/x86/debug.c b/xen/arch/x86/debug.c
index a500df01ac..7b82f77df4 100644
--- a/xen/arch/x86/debug.c
+++ b/xen/arch/x86/debug.c
@@ -22,22 +22,6 @@
 #include <asm/debugger.h>
 #include <asm/p2m.h>
 
-/* 
- * This file for general routines common to more than one debugger, like kdb,
- * gdbsx, etc..
- */
-
-#ifdef XEN_KDB_CONFIG
-#include "../kdb/include/kdbdefs.h"
-#include "../kdb/include/kdbproto.h"
-#define DBGP(...) {(kdbdbg) ? kdbp(__VA_ARGS__):0;}
-#define DBGP1(...) {(kdbdbg>1) ? kdbp(__VA_ARGS__):0;}
-#define DBGP2(...) {(kdbdbg>2) ? kdbp(__VA_ARGS__):0;}
-#else
-#define DBGP1(...) ((void)0)
-#define DBGP2(...) ((void)0)
-#endif
-
 typedef unsigned long dbgva_t;
 typedef unsigned char dbgbyte_t;
 
@@ -49,24 +33,13 @@ dbg_hvm_va2mfn(dbgva_t vaddr, struct domain *dp, int toaddr, gfn_t *gfn)
     uint32_t pfec = PFEC_page_present;
     p2m_type_t gfntype;
 
-    DBGP2("vaddr:%lx domid:%d\n", vaddr, dp->domain_id);
-
     *gfn = _gfn(paging_gva_to_gfn(dp->vcpu[0], vaddr, &pfec));
     if ( gfn_eq(*gfn, INVALID_GFN) )
-    {
-        DBGP2("kdb:bad gfn from gva_to_gfn\n");
         return INVALID_MFN;
-    }
 
     mfn = get_gfn(dp, gfn_x(*gfn), &gfntype);
     if ( p2m_is_readonly(gfntype) && toaddr )
-    {
-        DBGP2("kdb:p2m_is_readonly: gfntype:%x\n", gfntype);
         mfn = INVALID_MFN;
-    }
-    else
-        DBGP2("X: vaddr:%lx domid:%d mfn:%#"PRI_mfn"\n",
-              vaddr, dp->domain_id, mfn_x(mfn));
 
     if ( mfn_eq(mfn, INVALID_MFN) )
     {
@@ -100,55 +73,36 @@ dbg_pv_va2mfn(dbgva_t vaddr, struct domain *dp, uint64_t pgd3val)
     unsigned long cr3 = (pgd3val ? pgd3val : dp->vcpu[0]->arch.cr3);
     mfn_t mfn = maddr_to_mfn(cr3_pa(cr3));
 
-    DBGP2("vaddr:%lx domid:%d cr3:%lx pgd3:%lx\n", vaddr, dp->domain_id, 
-          cr3, pgd3val);
-
     if ( pgd3val == 0 )
     {
         l4t = map_domain_page(mfn);
         l4e = l4t[l4_table_offset(vaddr)];
         unmap_domain_page(l4t);
         mfn = l4e_get_mfn(l4e);
-        DBGP2("l4t:%p l4to:%lx l4e:%lx mfn:%#"PRI_mfn"\n", l4t,
-              l4_table_offset(vaddr), l4e, mfn_x(mfn));
         if ( !(l4e_get_flags(l4e) & _PAGE_PRESENT) )
-        {
-            DBGP1("l4 PAGE not present. vaddr:%lx cr3:%lx\n", vaddr, cr3);
             return INVALID_MFN;
-        }
 
         l3t = map_domain_page(mfn);
         l3e = l3t[l3_table_offset(vaddr)];
         unmap_domain_page(l3t);
         mfn = l3e_get_mfn(l3e);
-        DBGP2("l3t:%p l3to:%lx l3e:%lx mfn:%#"PRI_mfn"\n", l3t,
-              l3_table_offset(vaddr), l3e, mfn_x(mfn));
         if ( !(l3e_get_flags(l3e) & _PAGE_PRESENT) ||
              (l3e_get_flags(l3e) & _PAGE_PSE) )
-        {
-            DBGP1("l3 PAGE not present. vaddr:%lx cr3:%lx\n", vaddr, cr3);
             return INVALID_MFN;
-        }
     }
 
     l2t = map_domain_page(mfn);
     l2e = l2t[l2_table_offset(vaddr)];
     unmap_domain_page(l2t);
     mfn = l2e_get_mfn(l2e);
-    DBGP2("l2t:%p l2to:%lx l2e:%lx mfn:%#"PRI_mfn"\n",
-          l2t, l2_table_offset(vaddr), l2e, mfn_x(mfn));
     if ( !(l2e_get_flags(l2e) & _PAGE_PRESENT) ||
          (l2e_get_flags(l2e) & _PAGE_PSE) )
-    {
-        DBGP1("l2 PAGE not present. vaddr:%lx cr3:%lx\n", vaddr, cr3);
         return INVALID_MFN;
-    }
+
     l1t = map_domain_page(mfn);
     l1e = l1t[l1_table_offset(vaddr)];
     unmap_domain_page(l1t);
     mfn = l1e_get_mfn(l1e);
-    DBGP2("l1t:%p l1to:%lx l1e:%lx mfn:%#"PRI_mfn"\n", l1t, l1_table_offset(vaddr),
-          l1e, mfn_x(mfn));
 
     return mfn_valid(mfn) ? mfn : INVALID_MFN;
 }
@@ -210,9 +164,6 @@ unsigned int dbg_rw_mem(void * __user addr, void * __user buf,
                         unsigned int len, domid_t domid, bool toaddr,
                         uint64_t pgd3)
 {
-    DBGP2("gmem:addr:%lx buf:%p len:$%u domid:%d toaddr:%x\n",
-          addr, buf, len, domid, toaddr);
-
     if ( domid == DOMID_IDLE )
     {
         if ( toaddr )
@@ -232,7 +183,6 @@ unsigned int dbg_rw_mem(void * __user addr, void * __user buf,
         }
     }
 
-    DBGP2("gmem:exit:len:$%d\n", len);
     return len;
 }
 
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 43e368d63b..90e36b9ad8 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -36,6 +36,7 @@
 #include <asm/psr.h>
 #include <asm/cpuid.h>
 
+#ifdef CONFIG_GDBSX
 static int gdbsx_guest_mem_io(domid_t domid, struct xen_domctl_gdbsx_memio *iop)
 {
     void * __user gva = (void *)iop->gva, * __user uva = (void *)iop->uva;
@@ -45,6 +46,7 @@ static int gdbsx_guest_mem_io(domid_t domid, struct xen_domctl_gdbsx_memio *iop)
 
     return iop->remain ? -EFAULT : 0;
 }
+#endif
 
 static void domain_cpu_policy_changed(struct domain *d)
 {
@@ -912,6 +914,7 @@ long arch_do_domctl(
     }
 #endif
 
+#ifdef CONFIG_GDBSX
     case XEN_DOMCTL_gdbsx_guestmemio:
         domctl->u.gdbsx_guest_memio.remain = domctl->u.gdbsx_guest_memio.len;
         ret = gdbsx_guest_mem_io(domctl->domain, &domctl->u.gdbsx_guest_memio);
@@ -976,6 +979,7 @@ long arch_do_domctl(
         copyback = true;
         break;
     }
+#endif
 
     case XEN_DOMCTL_setvcpuextstate:
     case XEN_DOMCTL_getvcpuextstate:
diff --git a/xen/include/asm-x86/debugger.h b/xen/include/asm-x86/debugger.h
index e23f2fa4a3..2dc05b32d6 100644
--- a/xen/include/asm-x86/debugger.h
+++ b/xen/include/asm-x86/debugger.h
@@ -90,8 +90,10 @@ static inline bool debugger_trap_entry(
 
 #endif
 
+#ifdef CONFIG_GDBSX
 unsigned int dbg_rw_mem(void * __user addr, void * __user buf,
                         unsigned int len, domid_t domid, bool toaddr,
                         uint64_t pgd3);
+#endif
 
 #endif /* __X86_DEBUGGER_H__ */
-- 
2.16.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [PATCH v2 1/2] xen: put more code under CONFIG_CRASH_DEBUG

[Andrew Cooper]

On 14/11/2019 08:27, Juergen Gross wrote:
> diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
> index 9f7bc69293..d2d30ece7d 100644
> --- a/xen/include/xen/sched.h
> +++ b/xen/include/xen/sched.h
> @@ -652,7 +652,11 @@ void domain_destroy(struct domain *d);
>  int domain_kill(struct domain *d);
>  int domain_shutdown(struct domain *d, u8 reason);
>  void domain_resume(struct domain *d);
> +#ifdef CONFIG_CRASH_DEBUG
>  void domain_pause_for_debugger(void);
> +#else
> +static inline void domain_pause_for_debugger(void) { }
> +#endif

This looked a tad weird.  It turns out we've got a trivial
domain_pause_for_debugger() in common code, guarded by
CONFIG_CRASH_DEBUG, which is actually an x86 check, seeing as
gdbsx_vcpu_event doesn't exist on ARM.

I'd suggest moving domain_pause_for_debugger() into arch/x86/domain.c
and moving this prototype into debugger.h

With an #include <asm/debugger.h> in vmx/realmode.c, it appears to build
fine.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [PATCH v2 2/2] xen: make gdbsx support configurable

[Andrew Cooper]

On 14/11/2019 08:27, Juergen Gross wrote:
> Gdbsx support in the hypervisor is rarely used and it is opening a
> way for dom0 to modify the running hypervisor by very easy means.
>
> Add a Kconfig option to control support of gdbsx. Default is off.

This would constitute a regression, and I (and others) do use gdbsx on
occasion.

The bit we really don't want is gdbsx's ability to use DOMID_IDLE.

gdbsx itself does a getdomaininfo check before attaching to the domain,
so doesn't actually accept an attempt to use DOMID_IDLE.  Therefore, I
think we can safely get rid of this functionality, including
XEN_DOMCTL_gdbsx_guestmemio's special case in the do_domctl() domid
checks, without regressing anything.

With that deleted, gdbsx becomes strictly "debugging another guest", and
I think reasonable to keep on by default.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel