1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23 * Use is subject to license terms.
24 * Copyright 2012, Josef 'Jeff' Sipek <jeffpc@31bits.net>. All rights reserved.
25 */
26
27/*
28 * Copyright 2019 Joyent, Inc.
29 */
30
31#include <sys/types.h>
32#include <sys/mman.h>
33#include <sys/priocntl.h>
34#include <sys/rtpriocntl.h>
35#include <sys/resource.h>
36#include <sys/termios.h>
37#include <sys/param.h>
38#include <sys/regset.h>
39#include <sys/frame.h>
40#include <sys/stack.h>
41#include <sys/reg.h>
42
43#include <libproc.h>
44#include <libscf.h>
45#include <alloca.h>
46#include <unistd.h>
47#include <string.h>
48#include <stdlib.h>
49#include <fcntl.h>
50#include <dlfcn.h>
51#include <libctf.h>
52#include <errno.h>
53#include <kvm.h>
54
55#include <mdb/mdb_lex.h>
56#include <mdb/mdb_debug.h>
57#include <mdb/mdb_signal.h>
58#include <mdb/mdb_string.h>
59#include <mdb/mdb_modapi.h>
60#include <mdb/mdb_target.h>
61#include <mdb/mdb_gelf.h>
62#include <mdb/mdb_conf.h>
63#include <mdb/mdb_err.h>
64#include <mdb/mdb_io_impl.h>
65#include <mdb/mdb_frame.h>
66#include <mdb/mdb_set.h>
67#include <kmdb/kmdb_kctl.h>
68#include <mdb/mdb.h>
69
70#ifndef STACK_BIAS
71#define	STACK_BIAS	0
72#endif
73
74#if defined(__sparc)
75#define	STACK_REGISTER	SP
76#else
77#define	STACK_REGISTER	REG_FP
78#endif
79
80#ifdef _LP64
81#define	MDB_DEF_IPATH	\
82	"%r/usr/platform/%p/lib/adb/%i:" \
83	"%r/usr/platform/%m/lib/adb/%i:" \
84	"%r/usr/lib/adb/%i"
85#define	MDB_DEF_LPATH	\
86	"%r/usr/platform/%p/lib/mdb/%t/%i:" \
87	"%r/usr/platform/%m/lib/mdb/%t/%i:" \
88	"%r/usr/lib/mdb/%t/%i"
89#else
90#define	MDB_DEF_IPATH	\
91	"%r/usr/platform/%p/lib/adb:" \
92	"%r/usr/platform/%m/lib/adb:" \
93	"%r/usr/lib/adb"
94#define	MDB_DEF_LPATH	\
95	"%r/usr/platform/%p/lib/mdb/%t:" \
96	"%r/usr/platform/%m/lib/mdb/%t:" \
97	"%r/usr/lib/mdb/%t"
98#endif
99
100#define	MDB_DEF_PROMPT "> "
101
102/*
103 * Similar to the panic_* variables in the kernel, we keep some relevant
104 * information stored in a set of global _mdb_abort_* variables; in the
105 * event that the debugger dumps core, these will aid core dump analysis.
106 */
107const char *volatile _mdb_abort_str;	/* reason for failure */
108siginfo_t _mdb_abort_info;		/* signal info for fatal signal */
109ucontext_t _mdb_abort_ctx;		/* context fatal signal interrupted */
110int _mdb_abort_rcount;			/* number of times resume requested */
111int _mdb_self_fd = -1;			/* fd for self as for valid_frame */
112
113__NORETURN static void
114terminate(int status)
115{
116	(void) mdb_signal_blockall();
117	mdb_destroy();
118	exit(status);
119}
120
121static void
122print_frame(uintptr_t pc, int fnum)
123{
124	Dl_info dli;
125
126	if (dladdr((void *)pc, &dli)) {
127		mdb_iob_printf(mdb.m_err, "    [%d] %s`%s+0x%lx()\n", fnum,
128		    strbasename(dli.dli_fname), dli.dli_sname,
129		    pc - (uintptr_t)dli.dli_saddr);
130	} else
131		mdb_iob_printf(mdb.m_err, "    [%d] %p()\n", fnum, pc);
132}
133
134static int
135valid_frame(struct frame *fr)
136{
137	static struct frame fake;
138	uintptr_t addr = (uintptr_t)fr;
139
140	if (pread(_mdb_self_fd, &fake, sizeof (fake), addr) != sizeof (fake)) {
141		mdb_iob_printf(mdb.m_err, "    invalid frame (%p)\n", fr);
142		return (0);
143	}
144
145	if (addr & (STACK_ALIGN - 1)) {
146		mdb_iob_printf(mdb.m_err, "    mis-aligned frame (%p)\n", fr);
147		return (0);
148	}
149
150	return (1);
151}
152
153/*ARGSUSED*/
154static void
155flt_handler(int sig, siginfo_t *sip, ucontext_t *ucp, void *data)
156{
157	static const struct rlimit rl = {
158		(rlim_t)RLIM_INFINITY, (rlim_t)RLIM_INFINITY
159	};
160
161	const mdb_idcmd_t *idcp = NULL;
162
163	if (mdb.m_frame != NULL && mdb.m_frame->f_cp != NULL)
164		idcp = mdb.m_frame->f_cp->c_dcmd;
165
166	if (sip != NULL)
167		bcopy(sip, &_mdb_abort_info, sizeof (_mdb_abort_info));
168	if (ucp != NULL)
169		bcopy(ucp, &_mdb_abort_ctx, sizeof (_mdb_abort_ctx));
170
171	_mdb_abort_info.si_signo = sig;
172	(void) mdb_signal_sethandler(sig, SIG_DFL, NULL);
173
174	/*
175	 * If there is no current dcmd, or the current dcmd comes from a
176	 * builtin module, we don't allow resume and always core dump.
177	 */
178	if (idcp == NULL || idcp->idc_modp == NULL ||
179	    idcp->idc_modp == &mdb.m_rmod || idcp->idc_modp->mod_hdl == NULL)
180		goto dump;
181
182	if (mdb.m_term != NULL) {
183		struct frame *fr = (struct frame *)
184		    (ucp->uc_mcontext.gregs[STACK_REGISTER] + STACK_BIAS);
185
186		char signame[SIG2STR_MAX];
187		int i = 1;
188		char c;
189
190		if (sig2str(sig, signame) == -1) {
191			mdb_iob_printf(mdb.m_err,
192			    "\n*** %s: received signal %d at:\n",
193			    mdb.m_pname, sig);
194		} else {
195			mdb_iob_printf(mdb.m_err,
196			    "\n*** %s: received signal %s at:\n",
197			    mdb.m_pname, signame);
198		}
199
200		if (ucp->uc_mcontext.gregs[REG_PC] != 0)
201			print_frame(ucp->uc_mcontext.gregs[REG_PC], i++);
202
203		while (fr != NULL && valid_frame(fr) && fr->fr_savpc != 0) {
204			print_frame(fr->fr_savpc, i++);
205			fr = (struct frame *)
206			    ((uintptr_t)fr->fr_savfp + STACK_BIAS);
207		}
208
209query:
210		mdb_iob_printf(mdb.m_err, "\n%s: (c)ore dump, (q)uit, "
211		    "(r)ecover, or (s)top for debugger [cqrs]? ", mdb.m_pname);
212
213		mdb_iob_flush(mdb.m_err);
214
215		for (;;) {
216			if (IOP_READ(mdb.m_term, &c, sizeof (c)) != sizeof (c))
217				goto dump;
218
219			switch (c) {
220			case 'c':
221			case 'C':
222				(void) setrlimit(RLIMIT_CORE, &rl);
223				mdb_iob_printf(mdb.m_err, "\n%s: attempting "
224				    "to dump core ...\n", mdb.m_pname);
225				goto dump;
226
227			case 'q':
228			case 'Q':
229				mdb_iob_discard(mdb.m_out);
230				mdb_iob_nl(mdb.m_err);
231				(void) mdb_signal_unblockall();
232				terminate(1);
233				/*NOTREACHED*/
234
235			case 'r':
236			case 'R':
237				mdb_iob_printf(mdb.m_err, "\n%s: unloading "
238				    "module '%s' ...\n", mdb.m_pname,
239				    idcp->idc_modp->mod_name);
240
241				(void) mdb_module_unload(
242				    idcp->idc_modp->mod_name, 0);
243
244				(void) mdb_signal_sethandler(sig,
245				    flt_handler, NULL);
246
247				_mdb_abort_rcount++;
248				mdb.m_intr = 0;
249				mdb.m_pend = 0;
250
251				(void) mdb_signal_unblockall();
252				longjmp(mdb.m_frame->f_pcb, MDB_ERR_ABORT);
253				/*NOTREACHED*/
254
255			case 's':
256			case 'S':
257				mdb_iob_printf(mdb.m_err, "\n%s: "
258				    "attempting to stop pid %d ...\n",
259				    mdb.m_pname, (int)getpid());
260
261				/*
262				 * Stop ourself; if this fails or we are
263				 * subsequently continued, ask again.
264				 */
265				(void) mdb_signal_raise(SIGSTOP);
266				(void) mdb_signal_unblockall();
267				goto query;
268			}
269		}
270	}
271
272dump:
273	if (SI_FROMUSER(sip)) {
274		(void) mdb_signal_block(sig);
275		(void) mdb_signal_raise(sig);
276	}
277
278	(void) sigfillset(&ucp->uc_sigmask);
279	(void) sigdelset(&ucp->uc_sigmask, sig);
280
281	if (_mdb_abort_str == NULL)
282		_mdb_abort_str = "fatal signal received";
283
284	ucp->uc_flags |= UC_SIGMASK;
285	(void) setcontext(ucp);
286}
287
288/*ARGSUSED*/
289static void
290int_handler(int sig, siginfo_t *sip, ucontext_t *ucp, void *data)
291{
292	if (mdb.m_intr == 0)
293		longjmp(mdb.m_frame->f_pcb, MDB_ERR_SIGINT);
294	else
295		mdb.m_pend++;
296}
297
298static void
299control_kmdb(int start)
300{
301	int fd;
302
303	if ((fd = open("/dev/kmdb", O_RDONLY)) < 0)
304		die("failed to open /dev/kmdb");
305
306	if (start) {
307		char *state = mdb_get_config();
308
309		if (ioctl(fd, KMDB_IOC_START, state) < 0)
310			die("failed to start kmdb");
311
312		strfree(state);
313	} else {
314		if (ioctl(fd, KMDB_IOC_STOP) < 0)
315			die("failed to stop kmdb");
316	}
317
318	(void) close(fd);
319}
320
321static void
322usage(int status)
323{
324	mdb_iob_printf(mdb.m_err, "Usage: %s [-fkmuwyAFKMSUW] [+/-o option] "
325	    "[-b VM] [-p pid] [-s dist] [-I path] [-L path]\n\t[-P prompt] "
326	    "[-R root] [-V dis-version] [-e expr] "
327	    "[object [core] | core | suffix]\n\n",
328	    mdb.m_pname);
329
330	mdb_iob_puts(mdb.m_err,
331	    "\t-b attach to specified bhyve VM\n"
332	    "\t-e evaluate expr and return status\n"
333	    "\t-f force raw file debugging mode\n"
334	    "\t-k force kernel debugging mode\n"
335	    "\t-m disable demand-loading of module symbols\n"
336	    "\t-o set specified debugger option (+o to unset)\n"
337	    "\t-p attach to specified process-id\n"
338	    "\t-s set symbol matching distance\n"
339	    "\t-u force user program debugging mode\n"
340	    "\t-w enable write mode\n"
341	    "\t-y send terminal initialization sequences for tty mode\n"
342	    "\t-A disable automatic loading of mdb modules\n"
343	    "\t-F enable forcible takeover mode\n"
344	    "\t-K stop operating system and enter live kernel debugger\n"
345	    "\t-M preload all module symbols\n"
346	    "\t-I set initial path for macro files\n"
347	    "\t-L set initial path for module libs\n"
348	    "\t-P set command-line prompt\n"
349	    "\t-R set root directory for pathname expansion\n"
350	    "\t-S suppress processing of ~/.mdbrc file\n"
351	    "\t-U unload live kernel debugger\n"
352	    "\t-W enable I/O-mapped memory access (kernel only)\n"
353	    "\t-V set disassembler version\n");
354
355	terminate(status);
356}
357
358static char *
359mdb_scf_console_term(void)
360{
361	scf_simple_prop_t *prop;
362	char *term = NULL;
363
364	if ((prop = scf_simple_prop_get(NULL,
365	    "svc:/system/console-login:default", "ttymon",
366	    "terminal_type")) == NULL)
367		return (NULL);
368
369	if (scf_simple_prop_type(prop) == SCF_TYPE_ASTRING &&
370	    (term = scf_simple_prop_next_astring(prop)) != NULL)
371		term = strdup(term);
372
373	scf_simple_prop_free(prop);
374	return (term);
375}
376
377/*
378 * Unpleasant hack: we might be debugging a hypervisor domain dump.
379 * Earlier versions use a non-ELF file.  Later versions are ELF, but are
380 * /always/ ELF64, so our standard ehdr check isn't good enough.  Since
381 * we don't want to know too much about the file format, we'll ask
382 * mdb_kb.
383 */
384#ifdef __x86
385static int
386identify_xvm_file(const char *file, int *longmode)
387{
388	int (*identify)(const char *, int *);
389
390	if (mdb_module_load("mdb_kb", MDB_MOD_GLOBAL | MDB_MOD_SILENT) != 0)
391		return (0);
392
393	identify = (int (*)())dlsym(RTLD_NEXT, "xkb_identify");
394
395	if (identify == NULL)
396		return (0);
397
398	return (identify(file, longmode));
399}
400#else
401/*ARGSUSED*/
402static int
403identify_xvm_file(const char *file, int *longmode)
404{
405	return (0);
406}
407#endif /* __x86 */
408
409#ifndef __amd64
410/*
411 * There is no bhyve target in a 32bit x86 or any SPARC mdb. This dummy helps
412 * keep the code simpler.
413 */
414/*ARGSUSED*/
415static int
416mdb_bhyve_tgt_create(mdb_tgt_t *t, int argc, const char *argv[])
417{
418	return (set_errno(EINVAL));
419}
420#endif
421
422int
423main(int argc, char *argv[], char *envp[])
424{
425	extern int mdb_kvm_is_compressed_dump(mdb_io_t *);
426	extern int mdb_kvm_is_dump(mdb_io_t *);
427	mdb_tgt_ctor_f *tgt_ctor = NULL;
428	const char **tgt_argv = alloca((argc + 2) * sizeof (char *));
429	int tgt_argc = 0;
430	mdb_tgt_t *tgt;
431
432	char object[MAXPATHLEN], execname[MAXPATHLEN];
433	mdb_io_t *in_io, *out_io, *err_io, *null_io;
434	struct termios tios;
435	int status, c;
436	char *p;
437
438	const char *Iflag = NULL, *Lflag = NULL, *Vflag = NULL, *pidarg = NULL;
439	const char *eflag = NULL;
440	int fflag = 0, Kflag = 0, Rflag = 0, Sflag = 0, Oflag = 0, Uflag = 0;
441	int bflag = 0;
442
443	int ttylike;
444	int longmode = 0;
445
446	stack_t sigstack;
447
448	if (realpath(getexecname(), execname) == NULL) {
449		(void) strncpy(execname, argv[0], MAXPATHLEN);
450		execname[MAXPATHLEN - 1] = '\0';
451	}
452
453	mdb_create(execname, argv[0]);
454	bzero(tgt_argv, argc * sizeof (char *));
455	argv[0] = (char *)mdb.m_pname;
456	_mdb_self_fd = open("/proc/self/as", O_RDONLY);
457
458	mdb.m_env = envp;
459
460	out_io = mdb_fdio_create(STDOUT_FILENO);
461	mdb.m_out = mdb_iob_create(out_io, MDB_IOB_WRONLY);
462
463	err_io = mdb_fdio_create(STDERR_FILENO);
464	mdb.m_err = mdb_iob_create(err_io, MDB_IOB_WRONLY);
465	mdb_iob_clrflags(mdb.m_err, MDB_IOB_AUTOWRAP);
466
467	null_io = mdb_nullio_create();
468	mdb.m_null = mdb_iob_create(null_io, MDB_IOB_WRONLY);
469
470	in_io = mdb_fdio_create(STDIN_FILENO);
471	if ((mdb.m_termtype = getenv("TERM")) != NULL) {
472		mdb.m_termtype = strdup(mdb.m_termtype);
473		mdb.m_flags |= MDB_FL_TERMGUESS;
474	}
475	mdb.m_term = NULL;
476
477	mdb_dmode(mdb_dstr2mode(getenv("MDB_DEBUG")));
478	mdb.m_pgid = getpgrp();
479
480	if (getenv("_MDB_EXEC") != NULL)
481		mdb.m_flags |= MDB_FL_EXEC;
482
483	/*
484	 * Setup an alternate signal stack.  When tearing down pipelines in
485	 * terminate(), we may have to destroy the stack of the context in
486	 * which we are currently executing the signal handler.
487	 */
488	sigstack.ss_sp = mmap(NULL, SIGSTKSZ, PROT_READ | PROT_WRITE,
489	    MAP_PRIVATE | MAP_ANON, -1, 0);
490	if (sigstack.ss_sp == MAP_FAILED)
491		die("could not allocate signal stack");
492	sigstack.ss_size = SIGSTKSZ;
493	sigstack.ss_flags = 0;
494	if (sigaltstack(&sigstack, NULL) != 0)
495		die("could not set signal stack");
496
497	(void) mdb_signal_sethandler(SIGPIPE, SIG_IGN, NULL);
498	(void) mdb_signal_sethandler(SIGQUIT, SIG_IGN, NULL);
499
500	(void) mdb_signal_sethandler(SIGILL, flt_handler, NULL);
501	(void) mdb_signal_sethandler(SIGTRAP, flt_handler, NULL);
502	(void) mdb_signal_sethandler(SIGIOT, flt_handler, NULL);
503	(void) mdb_signal_sethandler(SIGEMT, flt_handler, NULL);
504	(void) mdb_signal_sethandler(SIGFPE, flt_handler, NULL);
505	(void) mdb_signal_sethandler(SIGBUS, flt_handler, NULL);
506	(void) mdb_signal_sethandler(SIGSEGV, flt_handler, NULL);
507
508	(void) mdb_signal_sethandler(SIGHUP,
509	    (mdb_signal_f *)(uintptr_t)terminate, NULL);
510	(void) mdb_signal_sethandler(SIGTERM,
511	    (mdb_signal_f *)(uintptr_t)terminate, NULL);
512
513	for (mdb.m_rdvers = RD_VERSION; mdb.m_rdvers > 0; mdb.m_rdvers--) {
514		if (rd_init(mdb.m_rdvers) == RD_OK)
515			break;
516	}
517
518	for (mdb.m_ctfvers = CTF_VERSION; mdb.m_ctfvers > 0; mdb.m_ctfvers--) {
519		if (ctf_version(mdb.m_ctfvers) != -1)
520			break;
521	}
522
523	if ((p = getenv("HISTSIZE")) != NULL && strisnum(p)) {
524		mdb.m_histlen = strtoi(p);
525		if (mdb.m_histlen < 1)
526			mdb.m_histlen = 1;
527	}
528
529	while (optind < argc) {
530		while ((c = getopt(argc, argv,
531		    "be:fkmo:p:s:uwyACD:FI:KL:MOP:R:SUV:W")) != (int)EOF) {
532			switch (c) {
533			case 'b':
534				bflag++;
535				tgt_ctor = mdb_bhyve_tgt_create;
536				break;
537			case 'e':
538				if (eflag != NULL) {
539					warn("-e already specified\n");
540					terminate(2);
541				}
542				eflag = optarg;
543				break;
544			case 'f':
545				fflag++;
546				tgt_ctor = mdb_rawfile_tgt_create;
547				break;
548			case 'k':
549				tgt_ctor = mdb_kvm_tgt_create;
550				break;
551			case 'm':
552				mdb.m_tgtflags |= MDB_TGT_F_NOLOAD;
553				mdb.m_tgtflags &= ~MDB_TGT_F_PRELOAD;
554				break;
555			case 'o':
556				if (!mdb_set_options(optarg, TRUE))
557					terminate(2);
558				break;
559			case 'p':
560				tgt_ctor = mdb_proc_tgt_create;
561				pidarg = optarg;
562				break;
563			case 's':
564				if (!strisnum(optarg)) {
565					warn("expected integer following -s\n");
566					terminate(2);
567				}
568				mdb.m_symdist = (size_t)(uint_t)strtoi(optarg);
569				break;
570			case 'u':
571				tgt_ctor = mdb_proc_tgt_create;
572				break;
573			case 'w':
574				mdb.m_tgtflags |= MDB_TGT_F_RDWR;
575				break;
576			case 'y':
577				mdb.m_flags |= MDB_FL_USECUP;
578				break;
579			case 'A':
580				(void) mdb_set_options("nomods", TRUE);
581				break;
582			case 'C':
583				(void) mdb_set_options("noctf", TRUE);
584				break;
585			case 'D':
586				mdb_dmode(mdb_dstr2mode(optarg));
587				break;
588			case 'F':
589				mdb.m_tgtflags |= MDB_TGT_F_FORCE;
590				break;
591			case 'I':
592				Iflag = optarg;
593				break;
594			case 'L':
595				Lflag = optarg;
596				break;
597			case 'K':
598				Kflag++;
599				break;
600			case 'M':
601				mdb.m_tgtflags |= MDB_TGT_F_PRELOAD;
602				mdb.m_tgtflags &= ~MDB_TGT_F_NOLOAD;
603				break;
604			case 'O':
605				Oflag++;
606				break;
607			case 'P':
608				if (!mdb_set_prompt(optarg))
609					terminate(2);
610				break;
611			case 'R':
612				(void) strncpy(mdb.m_root, optarg, MAXPATHLEN);
613				mdb.m_root[MAXPATHLEN - 1] = '\0';
614				Rflag++;
615				break;
616			case 'S':
617				Sflag++;
618				break;
619			case 'U':
620				Uflag++;
621				break;
622			case 'V':
623				Vflag = optarg;
624				break;
625			case 'W':
626				mdb.m_tgtflags |= MDB_TGT_F_ALLOWIO;
627				break;
628			case '?':
629				if (optopt == '?')
630					usage(0);
631				/* FALLTHROUGH */
632			default:
633				usage(2);
634			}
635		}
636
637		if (optind < argc) {
638			const char *arg = argv[optind++];
639
640			if (arg[0] == '+' && strlen(arg) == 2) {
641				if (arg[1] != 'o') {
642					warn("illegal option -- %s\n", arg);
643					terminate(2);
644				}
645				if (optind >= argc) {
646					warn("option requires an argument -- "
647					    "%s\n", arg);
648					terminate(2);
649				}
650				if (!mdb_set_options(argv[optind++], FALSE))
651					terminate(2);
652			} else
653				tgt_argv[tgt_argc++] = arg;
654		}
655	}
656
657	if (rd_ctl(RD_CTL_SET_HELPPATH, (void *)mdb.m_root) != RD_OK) {
658		warn("cannot set librtld_db helper path to %s\n", mdb.m_root);
659		terminate(2);
660	}
661
662	if (mdb.m_debug & MDB_DBG_HELP)
663		terminate(0); /* Quit here if we've printed out the tokens */
664
665
666	if (Iflag != NULL && strchr(Iflag, ';') != NULL) {
667		warn("macro path cannot contain semicolons\n");
668		terminate(2);
669	}
670
671	if (Lflag != NULL && strchr(Lflag, ';') != NULL) {
672		warn("module path cannot contain semicolons\n");
673		terminate(2);
674	}
675
676	if (Kflag || Uflag) {
677		char *nm;
678
679		if (tgt_ctor != NULL || Iflag != NULL) {
680			warn("neither -f, -k, -p, -u, nor -I "
681			    "may be used with -K\n");
682			usage(2);
683		}
684
685		if (Lflag != NULL)
686			mdb_set_lpath(Lflag);
687
688		if ((nm = ttyname(STDIN_FILENO)) == NULL ||
689		    strcmp(nm, "/dev/console") != 0) {
690			/*
691			 * Due to the consequences of typing mdb -K instead of
692			 * mdb -k on a tty other than /dev/console, we require
693			 * -F when starting kmdb from a tty other than
694			 * /dev/console.
695			 */
696			if (!(mdb.m_tgtflags & MDB_TGT_F_FORCE)) {
697				die("-F must also be supplied to start kmdb "
698				    "from non-console tty\n");
699			}
700
701			if (mdb.m_termtype == NULL || (mdb.m_flags &
702			    MDB_FL_TERMGUESS)) {
703				if (mdb.m_termtype != NULL)
704					strfree(mdb.m_termtype);
705
706				if ((mdb.m_termtype = mdb_scf_console_term()) !=
707				    NULL)
708					mdb.m_flags |= MDB_FL_TERMGUESS;
709			}
710		} else {
711			/*
712			 * When on console, $TERM (if set) takes precedence over
713			 * the SMF setting.
714			 */
715			if (mdb.m_termtype == NULL && (mdb.m_termtype =
716			    mdb_scf_console_term()) != NULL)
717				mdb.m_flags |= MDB_FL_TERMGUESS;
718		}
719
720		control_kmdb(Kflag);
721		terminate(0);
722		/*NOTREACHED*/
723	}
724
725	if (eflag != NULL) {
726		IOP_CLOSE(in_io);
727		in_io = mdb_strio_create(eflag);
728		mdb.m_lastret = 0;
729	}
730
731	/*
732	 * If standard input appears to have tty attributes, attempt to
733	 * initialize a terminal i/o backend on top of stdin and stdout.
734	 */
735	ttylike = (IOP_CTL(in_io, TCGETS, &tios) == 0);
736	if (ttylike) {
737		if ((mdb.m_term = mdb_termio_create(mdb.m_termtype,
738		    in_io, out_io)) == NULL) {
739			if (!(mdb.m_flags & MDB_FL_EXEC)) {
740				warn("term init failed: command-line editing "
741				    "and prompt will not be available\n");
742			}
743		} else {
744			in_io = mdb.m_term;
745		}
746	}
747
748	mdb.m_in = mdb_iob_create(in_io, MDB_IOB_RDONLY);
749	if (mdb.m_term != NULL) {
750		mdb_iob_setpager(mdb.m_out, mdb.m_term);
751		if (mdb.m_flags & MDB_FL_PAGER)
752			mdb_iob_setflags(mdb.m_out, MDB_IOB_PGENABLE);
753		else
754			mdb_iob_clrflags(mdb.m_out, MDB_IOB_PGENABLE);
755	} else if (ttylike)
756		mdb_iob_setflags(mdb.m_in, MDB_IOB_TTYLIKE);
757	else
758		mdb_iob_setbuf(mdb.m_in, mdb_alloc(1, UM_SLEEP), 1);
759
760	mdb_pservice_init();
761	mdb_lex_reset();
762
763	if ((mdb.m_shell = getenv("SHELL")) == NULL)
764		mdb.m_shell = "/bin/sh";
765
766	/*
767	 * If the debugger state is to be inherited from a previous instance,
768	 * restore it now prior to path evaluation so that %R is updated.
769	 */
770	if ((p = getenv(MDB_CONFIG_ENV_VAR)) != NULL) {
771		mdb_set_config(p);
772		(void) unsetenv(MDB_CONFIG_ENV_VAR);
773	}
774
775	/*
776	 * Path evaluation part 1: Create the initial module path to allow
777	 * the target constructor to load a support module.  Then expand
778	 * any command-line arguments that modify the paths.
779	 */
780	if (Iflag != NULL)
781		mdb_set_ipath(Iflag);
782	else
783		mdb_set_ipath(MDB_DEF_IPATH);
784
785	if (Lflag != NULL)
786		mdb_set_lpath(Lflag);
787	else
788		mdb_set_lpath(MDB_DEF_LPATH);
789
790	if (mdb_get_prompt() == NULL && !(mdb.m_flags & MDB_FL_ADB))
791		(void) mdb_set_prompt(MDB_DEF_PROMPT);
792
793	if (tgt_ctor == mdb_kvm_tgt_create) {
794		if (pidarg != NULL) {
795			warn("-p and -k options are mutually exclusive\n");
796			terminate(2);
797		}
798
799		if (tgt_argc == 0)
800			tgt_argv[tgt_argc++] = "/dev/ksyms";
801		if (tgt_argc == 1 && strisnum(tgt_argv[0]) == 0) {
802			if (mdb.m_tgtflags & MDB_TGT_F_ALLOWIO)
803				tgt_argv[tgt_argc++] = "/dev/allkmem";
804			else
805				tgt_argv[tgt_argc++] = "/dev/kmem";
806		}
807	}
808
809	if (pidarg != NULL) {
810		if (tgt_argc != 0) {
811			warn("-p may not be used with other arguments\n");
812			terminate(2);
813		}
814		if (proc_arg_psinfo(pidarg, PR_ARG_PIDS, NULL, &status) == -1) {
815			die("cannot attach to %s: %s\n",
816			    pidarg, Pgrab_error(status));
817		}
818		if (strchr(pidarg, '/') != NULL)
819			(void) mdb_iob_snprintf(object, MAXPATHLEN,
820			    "%s/object/a.out", pidarg);
821		else
822			(void) mdb_iob_snprintf(object, MAXPATHLEN,
823			    "/proc/%s/object/a.out", pidarg);
824		tgt_argv[tgt_argc++] = object;
825		tgt_argv[tgt_argc++] = pidarg;
826	}
827
828	/*
829	 * Find the first argument that is not a special "-" token.  If one is
830	 * found, we will examine this file and make some inferences below.
831	 */
832	for (c = 0; c < tgt_argc && strcmp(tgt_argv[c], "-") == 0; c++)
833		continue;
834
835	if (c < tgt_argc) {
836		Elf32_Ehdr ehdr;
837		mdb_io_t *io;
838
839		/*
840		 * If special "-" tokens preceded an argument, shift the entire
841		 * argument list to the left to remove the leading "-" args.
842		 */
843		if (c > 0) {
844			bcopy(&tgt_argv[c], tgt_argv,
845			    sizeof (const char *) * (tgt_argc - c));
846			tgt_argc -= c;
847		}
848
849		if (fflag)
850			goto tcreate; /* skip re-exec and just create target */
851
852		/* bhyve: directly create target, or re-exec in case of 32bit */
853		if (bflag) {
854#ifndef __amd64
855			goto reexec;
856#else
857			goto tcreate;
858#endif
859		}
860
861		/*
862		 * If we just have an object file name, and that file doesn't
863		 * exist, and it's a string of digits, infer it to be a
864		 * sequence number referring to a pair of crash dump files.
865		 */
866		if (tgt_argc == 1 && access(tgt_argv[0], F_OK) == -1 &&
867		    strisnum(tgt_argv[0])) {
868
869			size_t len = strlen(tgt_argv[0]) + 8;
870			const char *object = tgt_argv[0];
871
872			tgt_argv[0] = alloca(len);
873			tgt_argv[1] = alloca(len);
874
875			(void) strcpy((char *)tgt_argv[0], "unix.");
876			(void) strcat((char *)tgt_argv[0], object);
877			(void) strcpy((char *)tgt_argv[1], "vmcore.");
878			(void) strcat((char *)tgt_argv[1], object);
879
880			if (access(tgt_argv[0], F_OK) == -1 &&
881			    access(tgt_argv[1], F_OK) != -1) {
882				/*
883				 * If we have a vmcore but not a unix file,
884				 * set the symbol table to be the vmcore to
885				 * force libkvm to extract it out of the dump.
886				 */
887				tgt_argv[0] = tgt_argv[1];
888			} else if (access(tgt_argv[0], F_OK) == -1 &&
889			    access(tgt_argv[1], F_OK) == -1) {
890				(void) strcpy((char *)tgt_argv[1], "vmdump.");
891				(void) strcat((char *)tgt_argv[1], object);
892				if (access(tgt_argv[1], F_OK) == 0) {
893					mdb_iob_printf(mdb.m_err,
894					    "cannot open compressed dump; "
895					    "decompress using savecore -f %s\n",
896					    tgt_argv[1]);
897					terminate(0);
898				}
899			}
900
901			tgt_argc = 2;
902		}
903
904		/*
905		 * We need to open the object file in order to determine its
906		 * ELF class and potentially re-exec ourself.
907		 */
908		if ((io = mdb_fdio_create_path(NULL, tgt_argv[0],
909		    O_RDONLY, 0)) == NULL)
910			die("failed to open %s", tgt_argv[0]);
911
912		if (tgt_argc == 1) {
913			if (mdb_kvm_is_compressed_dump(io)) {
914				/*
915				 * We have a single vmdump.N compressed dump
916				 * file; give a helpful message.
917				 */
918				mdb_iob_printf(mdb.m_err,
919				    "cannot open compressed dump; "
920				    "decompress using savecore -f %s\n",
921				    tgt_argv[0]);
922				terminate(0);
923			} else if (mdb_kvm_is_dump(io)) {
924				/*
925				 * We have an uncompressed dump as our only
926				 * argument; specify the dump as the symbol
927				 * table to force libkvm to dig it out of the
928				 * dump.
929				 */
930				tgt_argv[tgt_argc++] = tgt_argv[0];
931			}
932		}
933
934		/*
935		 * If the target is unknown or is not the rawfile target, do
936		 * a gelf_check to determine if the file is an ELF file.  If
937		 * it is not and the target is unknown, use the rawfile tgt.
938		 * Otherwise an ELF-based target is needed, so we must abort.
939		 */
940		if (mdb_gelf_check(io, &ehdr, ET_NONE) == -1) {
941			if (tgt_ctor != NULL) {
942				(void) mdb_gelf_check(io, &ehdr, ET_EXEC);
943				mdb_io_destroy(io);
944				terminate(1);
945			} else
946				tgt_ctor = mdb_rawfile_tgt_create;
947		}
948
949		mdb_io_destroy(io);
950
951		if (identify_xvm_file(tgt_argv[0], &longmode) == 1) {
952#ifdef _LP64
953			if (!longmode)
954				goto reexec;
955#else
956			if (longmode)
957				goto reexec;
958#endif
959			tgt_ctor = mdb_kvm_tgt_create;
960			goto tcreate;
961		}
962
963		/*
964		 * The object file turned out to be a user core file (ET_CORE),
965		 * and no other arguments were specified, swap 0 and 1.  The
966		 * proc target will infer the executable for us.
967		 */
968		if (ehdr.e_type == ET_CORE) {
969			tgt_argv[tgt_argc++] = tgt_argv[0];
970			tgt_argv[0] = NULL;
971			tgt_ctor = mdb_proc_tgt_create;
972		}
973
974		/*
975		 * If tgt_argv[1] is filled in, open it up and determine if it
976		 * is a vmcore file.  If it is, gelf_check will fail and we
977		 * set tgt_ctor to 'kvm'; otherwise we use the default.
978		 */
979		if (tgt_argc > 1 && strcmp(tgt_argv[1], "-") != 0 &&
980		    tgt_argv[0] != NULL && pidarg == NULL) {
981			Elf32_Ehdr chdr;
982
983			if (access(tgt_argv[1], F_OK) == -1)
984				die("failed to access %s", tgt_argv[1]);
985
986			/* *.N case: drop vmdump.N from the list */
987			if (tgt_argc == 3) {
988				if ((io = mdb_fdio_create_path(NULL,
989				    tgt_argv[2], O_RDONLY, 0)) == NULL)
990					die("failed to open %s", tgt_argv[2]);
991				if (mdb_kvm_is_compressed_dump(io))
992					tgt_argv[--tgt_argc] = NULL;
993				mdb_io_destroy(io);
994			}
995
996			if ((io = mdb_fdio_create_path(NULL, tgt_argv[1],
997			    O_RDONLY, 0)) == NULL)
998				die("failed to open %s", tgt_argv[1]);
999
1000			if (mdb_gelf_check(io, &chdr, ET_NONE) == -1)
1001				tgt_ctor = mdb_kvm_tgt_create;
1002
1003			mdb_io_destroy(io);
1004		}
1005
1006		/*
1007		 * At this point, we've read the ELF header for either an
1008		 * object file or core into ehdr.  If the class does not match
1009		 * ours, attempt to exec the mdb of the appropriate class.
1010		 */
1011#ifdef _LP64
1012		if (ehdr.e_ident[EI_CLASS] == ELFCLASS32)
1013			goto reexec;
1014#else
1015		if (ehdr.e_ident[EI_CLASS] == ELFCLASS64)
1016			goto reexec;
1017#endif
1018	}
1019
1020tcreate:
1021	if (tgt_ctor == NULL)
1022		tgt_ctor = mdb_proc_tgt_create;
1023
1024	tgt = mdb_tgt_create(tgt_ctor, mdb.m_tgtflags, tgt_argc, tgt_argv);
1025
1026	if (tgt == NULL) {
1027		if (errno == EINVAL)
1028			usage(2); /* target can return EINVAL to get usage */
1029		if (errno == EMDB_TGT)
1030			terminate(1); /* target already printed error msg */
1031		die("failed to initialize target");
1032	}
1033
1034	mdb_tgt_activate(tgt);
1035
1036	mdb_create_loadable_disasms();
1037
1038	if (Vflag != NULL && mdb_dis_select(Vflag) == -1)
1039		warn("invalid disassembler mode -- %s\n", Vflag);
1040
1041
1042	if (Rflag && mdb.m_term != NULL)
1043		warn("Using proto area %s\n", mdb.m_root);
1044
1045	/*
1046	 * If the target was successfully constructed and -O was specified,
1047	 * we now attempt to enter piggy-mode for debugging jurassic problems.
1048	 */
1049	if (Oflag) {
1050		pcinfo_t pci;
1051
1052		(void) strcpy(pci.pc_clname, "RT");
1053
1054		if (priocntl(P_LWPID, P_MYID, PC_GETCID, (caddr_t)&pci) != -1) {
1055			pcparms_t pcp;
1056			rtparms_t *rtp = (rtparms_t *)pcp.pc_clparms;
1057
1058			rtp->rt_pri = 35;
1059			rtp->rt_tqsecs = 0;
1060			rtp->rt_tqnsecs = RT_TQDEF;
1061
1062			pcp.pc_cid = pci.pc_cid;
1063
1064			if (priocntl(P_LWPID, P_MYID, PC_SETPARMS,
1065			    (caddr_t)&pcp) == -1) {
1066				warn("failed to set RT parameters");
1067				Oflag = 0;
1068			}
1069		} else {
1070			warn("failed to get RT class id");
1071			Oflag = 0;
1072		}
1073
1074		if (mlockall(MCL_CURRENT | MCL_FUTURE) == -1) {
1075			warn("failed to lock address space");
1076			Oflag = 0;
1077		}
1078
1079		if (Oflag)
1080			mdb_printf("%s: oink, oink!\n", mdb.m_pname);
1081	}
1082
1083	/*
1084	 * Path evaluation part 2: Re-evaluate the path now that the target
1085	 * is ready (and thus we have access to the real platform string).
1086	 * Do this before reading ~/.mdbrc to allow path modifications prior
1087	 * to performing module auto-loading.
1088	 */
1089	mdb_set_ipath(mdb.m_ipathstr);
1090	mdb_set_lpath(mdb.m_lpathstr);
1091
1092	if (!Sflag && (p = getenv("HOME")) != NULL) {
1093		char rcpath[MAXPATHLEN];
1094		mdb_io_t *rc_io;
1095		int fd;
1096
1097		(void) mdb_iob_snprintf(rcpath, MAXPATHLEN, "%s/.mdbrc", p);
1098		fd = open64(rcpath, O_RDONLY);
1099
1100		if (fd >= 0 && (rc_io = mdb_fdio_create_named(fd, rcpath))) {
1101			mdb_iob_t *iob = mdb_iob_create(rc_io, MDB_IOB_RDONLY);
1102			mdb_iob_t *old = mdb.m_in;
1103
1104			mdb.m_in = iob;
1105			(void) mdb_run();
1106			mdb.m_in = old;
1107		}
1108	}
1109
1110	if (!(mdb.m_flags & MDB_FL_NOMODS))
1111		mdb_module_load_all(0);
1112
1113	(void) mdb_signal_sethandler(SIGINT, int_handler, NULL);
1114	while ((status = mdb_run()) == MDB_ERR_ABORT ||
1115	    status == MDB_ERR_OUTPUT) {
1116		/*
1117		 * If a write failed on stdout, give up.  A more informative
1118		 * error message will already have been printed by mdb_run().
1119		 */
1120		if (status == MDB_ERR_OUTPUT &&
1121		    mdb_iob_getflags(mdb.m_out) & MDB_IOB_ERR) {
1122			mdb_warn("write to stdout failed, exiting\n");
1123			break;
1124		}
1125		continue;
1126	}
1127
1128	terminate((status == MDB_ERR_QUIT || status == 0) ?
1129	    (eflag != NULL && mdb.m_lastret != 0 ? 1 : 0) : 1);
1130	/*NOTREACHED*/
1131
1132reexec:
1133	if ((p = strrchr(execname, '/')) == NULL)
1134		die("cannot determine absolute pathname\n");
1135#ifdef _LP64
1136#ifdef __sparc
1137	(void) strcpy(p, "/../sparcv7/");
1138#else
1139	(void) strcpy(p, "/../i86/");
1140#endif
1141#else
1142#ifdef __sparc
1143	(void) strcpy(p, "/../sparcv9/");
1144#else
1145	(void) strcpy(p, "/../amd64/");
1146#endif
1147#endif
1148	(void) strcat(p, mdb.m_pname);
1149
1150	if (mdb.m_term != NULL)
1151		(void) IOP_CTL(in_io, TCSETSW, &tios);
1152
1153	(void) putenv("_MDB_EXEC=1");
1154	(void) execv(execname, argv);
1155
1156	/*
1157	 * If execv fails, suppress ENOEXEC.  Experience shows the most common
1158	 * reason is that the machine is booted under a 32-bit kernel, in which
1159	 * case it is clearer to only print the message below.
1160	 */
1161	if (errno != ENOEXEC)
1162		warn("failed to exec %s", execname);
1163#ifdef _LP64
1164	die("64-bit %s cannot debug 32-bit program %s\n",
1165	    mdb.m_pname, tgt_argv[0] ?
1166	    tgt_argv[0] : tgt_argv[1]);
1167#else
1168	die("32-bit %s cannot debug 64-bit program %s\n",
1169	    mdb.m_pname, tgt_argv[0] ?
1170	    tgt_argv[0] : tgt_argv[1]);
1171#endif
1172
1173	goto tcreate;
1174}
1175