kernel GDB: do not reboot the target
AcceptedPublic
Actions

Authored by vangyzen on Jun 13 2022, 4:03 PM.

Details

Reviewers

rlibby
rang_acm.org

Summary

When using remote kernel GDB in many environments, commands that reboot are usually an accident. This includes exiting GDB, so this includes accidental EOF, closing the terminal, and similar human errors. Furthermore, some systems/environments/applications do not respond kindly to resuming execution after stopping in the debugger for a long time, so resuming is effectively the same as rebooting. This loses essential debugger state, which might take a lot of time and work to reproduce.

Disable such commands by default. If you really want to use them:

Use the ddb equivalent.

Enable them with "set gdb_can_resume = 1" in gdb.

Enable them with debug.gdb.can_resume=1 in /boot/loader.conf or /etc/sysctl.conf.

MFC after: 1 week
Sponsored by: Dell EMC Isilon

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 45959
Build 42847: arc lint + arc unit

Event Timeline

vangyzen created this revision.Jun 13 2022, 4:03 PM

Herald added subscribers: dab, badger, emaste, imp. · View Herald TranscriptJun 13 2022, 4:03 PM

vangyzen requested review of this revision.Jun 13 2022, 4:03 PM

Harbormaster completed remote builds in B45959: Diff 106868.Jun 13 2022, 4:03 PM

vangyzen added reviewers: rlibby, rang_acm.org.Jun 13 2022, 4:04 PM

vangyzen retitled this revision from kernel GDB: do not reboot the node to kernel GDB: do not reboot the target.Jun 13 2022, 4:11 PM

vangyzen edited the summary of this revision. (Show Details)

LGTM. I don't get why we don't send PC and the watch stop reason in the '?' case but it probably doesn't matter and it looks like a faithful refactor.

This revision is now accepted and ready to land.Jun 14 2022, 5:43 PM

I don't get why we don't send PC and the watch stop reason in the '?' case

Nor do I. I should probably add a comment to that effect.

Thanks for the re-review.

rang_acm.org accepted this revision.Jun 14 2022, 11:02 PM

emaste added a subscriber: jhb.Jun 16 2022, 1:35 PM

Hmm, I would split out the helper for 'T' packets as a separate commit.

In terms of the description, I don't know that steps and continue trigger reboots. This is the case if you attach after a crash, but not the case if you attach at some other time (e.g. using boot -d from the loader, or attaching to a running system). If you really only wanted to prevent reboots you might make gdb_allow_resume() only return false if IS_PANICKED() (or however that is spelled) is true. Regardless, the description probably needs updating as the code is more accurate in that you are disabling resuming execution, not disabling rebooting, per se.