4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #include "qemu/error-report.h"
22 #include "qemu/cutils.h"
24 #ifdef CONFIG_USER_ONLY
27 #include "monitor/monitor.h"
28 #include "chardev/char.h"
29 #include "chardev/char-fe.h"
30 #include "sysemu/sysemu.h"
31 #include "exec/gdbstub.h"
34 #define MAX_PACKET_LENGTH 4096
36 #include "qemu/sockets.h"
37 #include "sysemu/hw_accel.h"
38 #include "sysemu/kvm.h"
39 #include "exec/semihost.h"
40 #include "exec/exec-all.h"
42 #ifdef CONFIG_USER_ONLY
43 #define GDB_ATTACHED "0"
45 #define GDB_ATTACHED "1"
48 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
49 uint8_t *buf, int len, bool is_write)
51 CPUClass *cc = CPU_GET_CLASS(cpu);
53 if (cc->memory_rw_debug) {
54 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
56 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
59 /* Return the GDB index for a given vCPU state.
61 * For user mode this is simply the thread id. In system mode GDB
62 * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
64 static inline int cpu_gdb_index(CPUState *cpu)
66 #if defined(CONFIG_USER_ONLY)
67 TaskState *ts = (TaskState *) cpu->opaque;
70 return cpu->cpu_index + 1;
83 GDB_SIGNAL_UNKNOWN = 143
86 #ifdef CONFIG_USER_ONLY
88 /* Map target signal numbers to GDB protocol signal numbers and vice
89 * versa. For user emulation's currently supported systems, we can
90 * assume most signals are defined.
93 static int gdb_signal_table[] = {
253 /* In system mode we only need SIGINT and SIGTRAP; other signals
254 are not yet supported. */
261 static int gdb_signal_table[] = {
271 #ifdef CONFIG_USER_ONLY
272 static int target_signal_to_gdb (int sig)
275 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
276 if (gdb_signal_table[i] == sig)
278 return GDB_SIGNAL_UNKNOWN;
282 static int gdb_signal_to_target (int sig)
284 if (sig < ARRAY_SIZE (gdb_signal_table))
285 return gdb_signal_table[sig];
290 /* #define DEBUG_GDB */
293 # define DEBUG_GDB_GATE 1
295 # define DEBUG_GDB_GATE 0
298 #define gdb_debug(fmt, ...) do { \
299 if (DEBUG_GDB_GATE) { \
300 fprintf(stderr, "%s: " fmt, __func__, ## __VA_ARGS__); \
305 typedef struct GDBRegisterState {
311 struct GDBRegisterState *next;
323 typedef struct GDBState {
324 CPUState *c_cpu; /* current CPU for step/continue ops */
325 CPUState *g_cpu; /* current CPU for other ops */
326 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
327 enum RSState state; /* parsing state */
328 char line_buf[MAX_PACKET_LENGTH];
330 int line_sum; /* running checksum */
331 int line_csum; /* checksum at the end of the packet */
332 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
335 #ifdef CONFIG_USER_ONLY
342 char syscall_buf[256];
343 gdb_syscall_complete_cb current_syscall_cb;
346 /* By default use no IRQs and no timers while single stepping so as to
347 * make single stepping like an ICE HW step.
349 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
351 static GDBState *gdbserver_state;
355 #ifdef CONFIG_USER_ONLY
356 /* XXX: This is not thread safe. Do we care? */
357 static int gdbserver_fd = -1;
359 static int get_char(GDBState *s)
365 ret = qemu_recv(s->fd, &ch, 1, 0);
367 if (errno == ECONNRESET)
371 } else if (ret == 0) {
389 /* Decide if either remote gdb syscalls or native file IO should be used. */
390 int use_gdb_syscalls(void)
392 SemihostingTarget target = semihosting_get_target();
393 if (target == SEMIHOSTING_TARGET_NATIVE) {
394 /* -semihosting-config target=native */
396 } else if (target == SEMIHOSTING_TARGET_GDB) {
397 /* -semihosting-config target=gdb */
401 /* -semihosting-config target=auto */
402 /* On the first call check if gdb is connected and remember. */
403 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
404 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
407 return gdb_syscall_mode == GDB_SYS_ENABLED;
410 /* Resume execution. */
411 static inline void gdb_continue(GDBState *s)
413 #ifdef CONFIG_USER_ONLY
414 s->running_state = 1;
416 if (!runstate_needs_reset()) {
423 * Resume execution, per CPU actions. For user-mode emulation it's
424 * equivalent to gdb_continue.
426 static int gdb_continue_partial(GDBState *s, char *newstates)
430 #ifdef CONFIG_USER_ONLY
432 * This is not exactly accurate, but it's an improvement compared to the
433 * previous situation, where only one CPU would be single-stepped.
436 if (newstates[cpu->cpu_index] == 's') {
437 cpu_single_step(cpu, sstep_flags);
440 s->running_state = 1;
444 if (!runstate_needs_reset()) {
445 if (vm_prepare_start()) {
450 switch (newstates[cpu->cpu_index]) {
453 break; /* nothing to do here */
455 cpu_single_step(cpu, sstep_flags);
470 qemu_clock_enable(QEMU_CLOCK_VIRTUAL, true);
476 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
478 #ifdef CONFIG_USER_ONLY
482 ret = send(s->fd, buf, len, 0);
492 /* XXX this blocks entire thread. Rewrite to use
493 * qemu_chr_fe_write and background I/O callbacks */
494 qemu_chr_fe_write_all(&s->chr, buf, len);
498 static inline int fromhex(int v)
500 if (v >= '0' && v <= '9')
502 else if (v >= 'A' && v <= 'F')
504 else if (v >= 'a' && v <= 'f')
510 static inline int tohex(int v)
518 static void memtohex(char *buf, const uint8_t *mem, int len)
523 for(i = 0; i < len; i++) {
525 *q++ = tohex(c >> 4);
526 *q++ = tohex(c & 0xf);
531 static void hextomem(uint8_t *mem, const char *buf, int len)
535 for(i = 0; i < len; i++) {
536 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
541 /* return -1 if error, 0 if OK */
542 static int put_packet_binary(GDBState *s, const char *buf, int len)
553 for(i = 0; i < len; i++) {
557 *(p++) = tohex((csum >> 4) & 0xf);
558 *(p++) = tohex((csum) & 0xf);
560 s->last_packet_len = p - s->last_packet;
561 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
563 #ifdef CONFIG_USER_ONLY
576 /* return -1 if error, 0 if OK */
577 static int put_packet(GDBState *s, const char *buf)
579 gdb_debug("reply='%s'\n", buf);
581 return put_packet_binary(s, buf, strlen(buf));
584 /* Encode data using the encoding for 'x' packets. */
585 static int memtox(char *buf, const char *mem, int len)
593 case '#': case '$': case '*': case '}':
605 static const char *get_feature_xml(const char *p, const char **newp,
611 static char target_xml[1024];
614 while (p[len] && p[len] != ':')
619 if (strncmp(p, "target.xml", len) == 0) {
620 /* Generate the XML description for this CPU. */
621 if (!target_xml[0]) {
623 CPUState *cpu = first_cpu;
625 pstrcat(target_xml, sizeof(target_xml),
626 "<?xml version=\"1.0\"?>"
627 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
629 if (cc->gdb_arch_name) {
630 gchar *arch = cc->gdb_arch_name(cpu);
631 pstrcat(target_xml, sizeof(target_xml), "<architecture>");
632 pstrcat(target_xml, sizeof(target_xml), arch);
633 pstrcat(target_xml, sizeof(target_xml), "</architecture>");
636 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
637 pstrcat(target_xml, sizeof(target_xml), cc->gdb_core_xml_file);
638 pstrcat(target_xml, sizeof(target_xml), "\"/>");
639 for (r = cpu->gdb_regs; r; r = r->next) {
640 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
641 pstrcat(target_xml, sizeof(target_xml), r->xml);
642 pstrcat(target_xml, sizeof(target_xml), "\"/>");
644 pstrcat(target_xml, sizeof(target_xml), "</target>");
649 name = xml_builtin[i][0];
650 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
653 return name ? xml_builtin[i][1] : NULL;
656 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
658 CPUClass *cc = CPU_GET_CLASS(cpu);
659 CPUArchState *env = cpu->env_ptr;
662 if (reg < cc->gdb_num_core_regs) {
663 return cc->gdb_read_register(cpu, mem_buf, reg);
666 for (r = cpu->gdb_regs; r; r = r->next) {
667 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
668 return r->get_reg(env, mem_buf, reg - r->base_reg);
674 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
676 CPUClass *cc = CPU_GET_CLASS(cpu);
677 CPUArchState *env = cpu->env_ptr;
680 if (reg < cc->gdb_num_core_regs) {
681 return cc->gdb_write_register(cpu, mem_buf, reg);
684 for (r = cpu->gdb_regs; r; r = r->next) {
685 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
686 return r->set_reg(env, mem_buf, reg - r->base_reg);
692 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
693 specifies the first register number and these registers are included in
694 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
695 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
698 void gdb_register_coprocessor(CPUState *cpu,
699 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
700 int num_regs, const char *xml, int g_pos)
703 GDBRegisterState **p;
707 /* Check for duplicates. */
708 if (strcmp((*p)->xml, xml) == 0)
713 s = g_new0(GDBRegisterState, 1);
714 s->base_reg = cpu->gdb_num_regs;
715 s->num_regs = num_regs;
716 s->get_reg = get_reg;
717 s->set_reg = set_reg;
720 /* Add to end of list. */
721 cpu->gdb_num_regs += num_regs;
724 if (g_pos != s->base_reg) {
725 error_report("Error: Bad gdb register numbering for '%s', "
726 "expected %d got %d", xml, g_pos, s->base_reg);
728 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
733 #ifndef CONFIG_USER_ONLY
734 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
735 static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
737 static const int xlat[] = {
738 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
739 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
740 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
743 CPUClass *cc = CPU_GET_CLASS(cpu);
744 int cputype = xlat[gdbtype];
746 if (cc->gdb_stop_before_watchpoint) {
747 cputype |= BP_STOP_BEFORE_ACCESS;
753 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
759 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
763 case GDB_BREAKPOINT_SW:
764 case GDB_BREAKPOINT_HW:
766 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
772 #ifndef CONFIG_USER_ONLY
773 case GDB_WATCHPOINT_WRITE:
774 case GDB_WATCHPOINT_READ:
775 case GDB_WATCHPOINT_ACCESS:
777 err = cpu_watchpoint_insert(cpu, addr, len,
778 xlat_gdb_type(cpu, type), NULL);
790 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
796 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
800 case GDB_BREAKPOINT_SW:
801 case GDB_BREAKPOINT_HW:
803 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
809 #ifndef CONFIG_USER_ONLY
810 case GDB_WATCHPOINT_WRITE:
811 case GDB_WATCHPOINT_READ:
812 case GDB_WATCHPOINT_ACCESS:
814 err = cpu_watchpoint_remove(cpu, addr, len,
815 xlat_gdb_type(cpu, type));
826 static void gdb_breakpoint_remove_all(void)
831 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
836 cpu_breakpoint_remove_all(cpu, BP_GDB);
837 #ifndef CONFIG_USER_ONLY
838 cpu_watchpoint_remove_all(cpu, BP_GDB);
843 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
845 CPUState *cpu = s->c_cpu;
847 cpu_synchronize_state(cpu);
851 static CPUState *find_cpu(uint32_t thread_id)
856 if (cpu_gdb_index(cpu) == thread_id) {
864 static int is_query_packet(const char *p, const char *query, char separator)
866 unsigned int query_len = strlen(query);
868 return strncmp(p, query, query_len) == 0 &&
869 (p[query_len] == '\0' || p[query_len] == separator);
873 * gdb_handle_vcont - Parses and handles a vCont packet.
874 * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
875 * a format error, 0 on success.
877 static int gdb_handle_vcont(GDBState *s, const char *p)
879 int res, idx, signal = 0;
884 #ifdef CONFIG_USER_ONLY
885 int max_cpus = 1; /* global variable max_cpus exists only in system mode */
888 max_cpus = max_cpus <= cpu->cpu_index ? cpu->cpu_index + 1 : max_cpus;
891 /* uninitialised CPUs stay 0 */
892 newstates = g_new0(char, max_cpus);
894 /* mark valid CPUs with 1 */
896 newstates[cpu->cpu_index] = 1;
900 * res keeps track of what error we are returning, with -ENOTSUP meaning
901 * that the command is unknown or unsupported, thus returning an empty
902 * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
903 * or incorrect parameters passed.
913 if (cur_action == 'C' || cur_action == 'S') {
914 cur_action = tolower(cur_action);
915 res = qemu_strtoul(p + 1, &p, 16, &tmp);
919 signal = gdb_signal_to_target(tmp);
920 } else if (cur_action != 'c' && cur_action != 's') {
921 /* unknown/invalid/unsupported command */
925 /* thread specification. special values: (none), -1 = all; 0 = any */
926 if ((p[0] == ':' && p[1] == '-' && p[2] == '1') || (p[0] != ':')) {
930 for (idx = 0; idx < max_cpus; idx++) {
931 if (newstates[idx] == 1) {
932 newstates[idx] = cur_action;
935 } else if (*p == ':') {
937 res = qemu_strtoul(p, &p, 16, &tmp);
942 /* 0 means any thread, so we pick the first valid CPU */
943 cpu = tmp ? find_cpu(tmp) : first_cpu;
945 /* invalid CPU/thread specified */
951 /* only use if no previous match occourred */
952 if (newstates[cpu->cpu_index] == 1) {
953 newstates[cpu->cpu_index] = cur_action;
958 gdb_continue_partial(s, newstates);
966 static int gdb_handle_packet(GDBState *s, const char *line_buf)
972 int ch, reg_size, type, res;
973 char buf[MAX_PACKET_LENGTH];
974 uint8_t mem_buf[MAX_PACKET_LENGTH];
976 target_ulong addr, len;
979 gdb_debug("command='%s'\n", line_buf);
985 /* TODO: Make this return the correct value for user-mode. */
986 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
987 cpu_gdb_index(s->c_cpu));
989 /* Remove all the breakpoints when this query is issued,
990 * because gdb is doing and initial connect and the state
991 * should be cleaned up.
993 gdb_breakpoint_remove_all();
997 addr = strtoull(p, (char **)&p, 16);
998 gdb_set_cpu_pc(s, addr);
1004 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
1005 if (s->signal == -1)
1010 if (strncmp(p, "Cont", 4) == 0) {
1013 put_packet(s, "vCont;c;C;s;S");
1017 res = gdb_handle_vcont(s, p);
1020 if ((res == -EINVAL) || (res == -ERANGE)) {
1021 put_packet(s, "E22");
1024 goto unknown_command;
1028 goto unknown_command;
1031 /* Kill the target */
1032 error_report("QEMU: Terminated via GDBstub");
1036 gdb_breakpoint_remove_all();
1037 gdb_syscall_mode = GDB_SYS_DISABLED;
1039 put_packet(s, "OK");
1043 addr = strtoull(p, (char **)&p, 16);
1044 gdb_set_cpu_pc(s, addr);
1046 cpu_single_step(s->c_cpu, sstep_flags);
1054 ret = strtoull(p, (char **)&p, 16);
1057 err = strtoull(p, (char **)&p, 16);
1064 if (s->current_syscall_cb) {
1065 s->current_syscall_cb(s->c_cpu, ret, err);
1066 s->current_syscall_cb = NULL;
1069 put_packet(s, "T02");
1076 cpu_synchronize_state(s->g_cpu);
1078 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs; addr++) {
1079 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
1082 memtohex(buf, mem_buf, len);
1086 cpu_synchronize_state(s->g_cpu);
1087 registers = mem_buf;
1088 len = strlen(p) / 2;
1089 hextomem((uint8_t *)registers, p, len);
1090 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs && len > 0; addr++) {
1091 reg_size = gdb_write_register(s->g_cpu, registers, addr);
1093 registers += reg_size;
1095 put_packet(s, "OK");
1098 addr = strtoull(p, (char **)&p, 16);
1101 len = strtoull(p, NULL, 16);
1103 /* memtohex() doubles the required space */
1104 if (len > MAX_PACKET_LENGTH / 2) {
1105 put_packet (s, "E22");
1109 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
1110 put_packet (s, "E14");
1112 memtohex(buf, mem_buf, len);
1117 addr = strtoull(p, (char **)&p, 16);
1120 len = strtoull(p, (char **)&p, 16);
1124 /* hextomem() reads 2*len bytes */
1125 if (len > strlen(p) / 2) {
1126 put_packet (s, "E22");
1129 hextomem(mem_buf, p, len);
1130 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
1132 put_packet(s, "E14");
1134 put_packet(s, "OK");
1138 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1139 This works, but can be very slow. Anything new enough to
1140 understand XML also knows how to use this properly. */
1142 goto unknown_command;
1143 addr = strtoull(p, (char **)&p, 16);
1144 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1146 memtohex(buf, mem_buf, reg_size);
1149 put_packet(s, "E14");
1154 goto unknown_command;
1155 addr = strtoull(p, (char **)&p, 16);
1158 reg_size = strlen(p) / 2;
1159 hextomem(mem_buf, p, reg_size);
1160 gdb_write_register(s->g_cpu, mem_buf, addr);
1161 put_packet(s, "OK");
1165 type = strtoul(p, (char **)&p, 16);
1168 addr = strtoull(p, (char **)&p, 16);
1171 len = strtoull(p, (char **)&p, 16);
1173 res = gdb_breakpoint_insert(addr, len, type);
1175 res = gdb_breakpoint_remove(addr, len, type);
1177 put_packet(s, "OK");
1178 else if (res == -ENOSYS)
1181 put_packet(s, "E22");
1185 thread = strtoull(p, (char **)&p, 16);
1186 if (thread == -1 || thread == 0) {
1187 put_packet(s, "OK");
1190 cpu = find_cpu(thread);
1192 put_packet(s, "E22");
1198 put_packet(s, "OK");
1202 put_packet(s, "OK");
1205 put_packet(s, "E22");
1210 thread = strtoull(p, (char **)&p, 16);
1211 cpu = find_cpu(thread);
1214 put_packet(s, "OK");
1216 put_packet(s, "E22");
1221 /* parse any 'q' packets here */
1222 if (!strcmp(p,"qemu.sstepbits")) {
1223 /* Query Breakpoint bit definitions */
1224 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1230 } else if (is_query_packet(p, "qemu.sstep", '=')) {
1231 /* Display or change the sstep_flags */
1234 /* Display current setting */
1235 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1240 type = strtoul(p, (char **)&p, 16);
1242 put_packet(s, "OK");
1244 } else if (strcmp(p,"C") == 0) {
1245 /* "Current thread" remains vague in the spec, so always return
1246 * the first CPU (gdb returns the first thread). */
1247 put_packet(s, "QC1");
1249 } else if (strcmp(p,"fThreadInfo") == 0) {
1250 s->query_cpu = first_cpu;
1251 goto report_cpuinfo;
1252 } else if (strcmp(p,"sThreadInfo") == 0) {
1255 snprintf(buf, sizeof(buf), "m%x", cpu_gdb_index(s->query_cpu));
1257 s->query_cpu = CPU_NEXT(s->query_cpu);
1261 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1262 thread = strtoull(p+16, (char **)&p, 16);
1263 cpu = find_cpu(thread);
1265 cpu_synchronize_state(cpu);
1266 /* memtohex() doubles the required space */
1267 len = snprintf((char *)mem_buf, sizeof(buf) / 2,
1268 "CPU#%d [%s]", cpu->cpu_index,
1269 cpu->halted ? "halted " : "running");
1270 memtohex(buf, mem_buf, len);
1275 #ifdef CONFIG_USER_ONLY
1276 else if (strcmp(p, "Offsets") == 0) {
1277 TaskState *ts = s->c_cpu->opaque;
1279 snprintf(buf, sizeof(buf),
1280 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1281 ";Bss=" TARGET_ABI_FMT_lx,
1282 ts->info->code_offset,
1283 ts->info->data_offset,
1284 ts->info->data_offset);
1288 #else /* !CONFIG_USER_ONLY */
1289 else if (strncmp(p, "Rcmd,", 5) == 0) {
1290 int len = strlen(p + 5);
1292 if ((len % 2) != 0) {
1293 put_packet(s, "E01");
1297 hextomem(mem_buf, p + 5, len);
1299 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1300 put_packet(s, "OK");
1303 #endif /* !CONFIG_USER_ONLY */
1304 if (is_query_packet(p, "Supported", ':')) {
1305 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1306 cc = CPU_GET_CLASS(first_cpu);
1307 if (cc->gdb_core_xml_file != NULL) {
1308 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1313 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1315 target_ulong total_len;
1317 cc = CPU_GET_CLASS(first_cpu);
1318 if (cc->gdb_core_xml_file == NULL) {
1319 goto unknown_command;
1324 xml = get_feature_xml(p, &p, cc);
1326 snprintf(buf, sizeof(buf), "E00");
1333 addr = strtoul(p, (char **)&p, 16);
1336 len = strtoul(p, (char **)&p, 16);
1338 total_len = strlen(xml);
1339 if (addr > total_len) {
1340 snprintf(buf, sizeof(buf), "E00");
1344 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1345 len = (MAX_PACKET_LENGTH - 5) / 2;
1346 if (len < total_len - addr) {
1348 len = memtox(buf + 1, xml + addr, len);
1351 len = memtox(buf + 1, xml + addr, total_len - addr);
1353 put_packet_binary(s, buf, len + 1);
1356 if (is_query_packet(p, "Attached", ':')) {
1357 put_packet(s, GDB_ATTACHED);
1360 /* Unrecognised 'q' command. */
1361 goto unknown_command;
1365 /* put empty packet */
1373 void gdb_set_stop_cpu(CPUState *cpu)
1375 gdbserver_state->c_cpu = cpu;
1376 gdbserver_state->g_cpu = cpu;
1379 #ifndef CONFIG_USER_ONLY
1380 static void gdb_vm_state_change(void *opaque, int running, RunState state)
1382 GDBState *s = gdbserver_state;
1383 CPUState *cpu = s->c_cpu;
1388 if (running || s->state == RS_INACTIVE) {
1391 /* Is there a GDB syscall waiting to be sent? */
1392 if (s->current_syscall_cb) {
1393 put_packet(s, s->syscall_buf);
1397 case RUN_STATE_DEBUG:
1398 if (cpu->watchpoint_hit) {
1399 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
1410 snprintf(buf, sizeof(buf),
1411 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
1412 GDB_SIGNAL_TRAP, cpu_gdb_index(cpu), type,
1413 (target_ulong)cpu->watchpoint_hit->vaddr);
1414 cpu->watchpoint_hit = NULL;
1418 ret = GDB_SIGNAL_TRAP;
1420 case RUN_STATE_PAUSED:
1421 ret = GDB_SIGNAL_INT;
1423 case RUN_STATE_SHUTDOWN:
1424 ret = GDB_SIGNAL_QUIT;
1426 case RUN_STATE_IO_ERROR:
1427 ret = GDB_SIGNAL_IO;
1429 case RUN_STATE_WATCHDOG:
1430 ret = GDB_SIGNAL_ALRM;
1432 case RUN_STATE_INTERNAL_ERROR:
1433 ret = GDB_SIGNAL_ABRT;
1435 case RUN_STATE_SAVE_VM:
1436 case RUN_STATE_RESTORE_VM:
1438 case RUN_STATE_FINISH_MIGRATE:
1439 ret = GDB_SIGNAL_XCPU;
1442 ret = GDB_SIGNAL_UNKNOWN;
1445 gdb_set_stop_cpu(cpu);
1446 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_gdb_index(cpu));
1451 /* disable single step if it was enabled */
1452 cpu_single_step(cpu, 0);
1456 /* Send a gdb syscall request.
1457 This accepts limited printf-style format specifiers, specifically:
1458 %x - target_ulong argument printed in hex.
1459 %lx - 64-bit argument printed in hex.
1460 %s - string pointer (target_ulong) and length (int) pair. */
1461 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
1469 s = gdbserver_state;
1472 s->current_syscall_cb = cb;
1473 #ifndef CONFIG_USER_ONLY
1474 vm_stop(RUN_STATE_DEBUG);
1477 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
1484 addr = va_arg(va, target_ulong);
1485 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
1488 if (*(fmt++) != 'x')
1490 i64 = va_arg(va, uint64_t);
1491 p += snprintf(p, p_end - p, "%" PRIx64, i64);
1494 addr = va_arg(va, target_ulong);
1495 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
1496 addr, va_arg(va, int));
1500 error_report("gdbstub: Bad syscall format string '%s'",
1509 #ifdef CONFIG_USER_ONLY
1510 put_packet(s, s->syscall_buf);
1511 gdb_handlesig(s->c_cpu, 0);
1513 /* In this case wait to send the syscall packet until notification that
1514 the CPU has stopped. This must be done because if the packet is sent
1515 now the reply from the syscall request could be received while the CPU
1516 is still in the running state, which can cause packets to be dropped
1517 and state transition 'T' packets to be sent while the syscall is still
1519 qemu_cpu_kick(s->c_cpu);
1523 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1528 gdb_do_syscallv(cb, fmt, va);
1532 static void gdb_read_byte(GDBState *s, int ch)
1536 #ifndef CONFIG_USER_ONLY
1537 if (s->last_packet_len) {
1538 /* Waiting for a response to the last packet. If we see the start
1539 of a new command then abandon the previous response. */
1541 gdb_debug("Got NACK, retransmitting\n");
1542 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
1543 } else if (ch == '+') {
1544 gdb_debug("Got ACK\n");
1546 gdb_debug("Got '%c' when expecting ACK/NACK\n", ch);
1549 if (ch == '+' || ch == '$')
1550 s->last_packet_len = 0;
1554 if (runstate_is_running()) {
1555 /* when the CPU is running, we cannot do anything except stop
1556 it when receiving a char */
1557 vm_stop(RUN_STATE_PAUSED);
1564 /* start of command packet */
1565 s->line_buf_index = 0;
1567 s->state = RS_GETLINE;
1569 gdb_debug("received garbage between packets: 0x%x\n", ch);
1574 /* start escape sequence */
1575 s->state = RS_GETLINE_ESC;
1577 } else if (ch == '*') {
1578 /* start run length encoding sequence */
1579 s->state = RS_GETLINE_RLE;
1581 } else if (ch == '#') {
1582 /* end of command, start of checksum*/
1583 s->state = RS_CHKSUM1;
1584 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1585 gdb_debug("command buffer overrun, dropping command\n");
1588 /* unescaped command character */
1589 s->line_buf[s->line_buf_index++] = ch;
1593 case RS_GETLINE_ESC:
1595 /* unexpected end of command in escape sequence */
1596 s->state = RS_CHKSUM1;
1597 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1598 /* command buffer overrun */
1599 gdb_debug("command buffer overrun, dropping command\n");
1602 /* parse escaped character and leave escape state */
1603 s->line_buf[s->line_buf_index++] = ch ^ 0x20;
1605 s->state = RS_GETLINE;
1608 case RS_GETLINE_RLE:
1610 /* invalid RLE count encoding */
1611 gdb_debug("got invalid RLE count: 0x%x\n", ch);
1612 s->state = RS_GETLINE;
1614 /* decode repeat length */
1615 int repeat = (unsigned char)ch - ' ' + 3;
1616 if (s->line_buf_index + repeat >= sizeof(s->line_buf) - 1) {
1617 /* that many repeats would overrun the command buffer */
1618 gdb_debug("command buffer overrun, dropping command\n");
1620 } else if (s->line_buf_index < 1) {
1621 /* got a repeat but we have nothing to repeat */
1622 gdb_debug("got invalid RLE sequence\n");
1623 s->state = RS_GETLINE;
1625 /* repeat the last character */
1626 memset(s->line_buf + s->line_buf_index,
1627 s->line_buf[s->line_buf_index - 1], repeat);
1628 s->line_buf_index += repeat;
1630 s->state = RS_GETLINE;
1635 /* get high hex digit of checksum */
1636 if (!isxdigit(ch)) {
1637 gdb_debug("got invalid command checksum digit\n");
1638 s->state = RS_GETLINE;
1641 s->line_buf[s->line_buf_index] = '\0';
1642 s->line_csum = fromhex(ch) << 4;
1643 s->state = RS_CHKSUM2;
1646 /* get low hex digit of checksum */
1647 if (!isxdigit(ch)) {
1648 gdb_debug("got invalid command checksum digit\n");
1649 s->state = RS_GETLINE;
1652 s->line_csum |= fromhex(ch);
1654 if (s->line_csum != (s->line_sum & 0xff)) {
1655 gdb_debug("got command packet with incorrect checksum\n");
1656 /* send NAK reply */
1658 put_buffer(s, &reply, 1);
1661 /* send ACK reply */
1663 put_buffer(s, &reply, 1);
1664 s->state = gdb_handle_packet(s, s->line_buf);
1673 /* Tell the remote gdb that the process has exited. */
1674 void gdb_exit(CPUArchState *env, int code)
1679 s = gdbserver_state;
1683 #ifdef CONFIG_USER_ONLY
1684 if (gdbserver_fd < 0 || s->fd < 0) {
1689 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
1692 #ifndef CONFIG_USER_ONLY
1693 qemu_chr_fe_deinit(&s->chr, true);
1697 #ifdef CONFIG_USER_ONLY
1699 gdb_handlesig(CPUState *cpu, int sig)
1705 s = gdbserver_state;
1706 if (gdbserver_fd < 0 || s->fd < 0) {
1710 /* disable single step if it was enabled */
1711 cpu_single_step(cpu, 0);
1715 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
1718 /* put_packet() might have detected that the peer terminated the
1726 s->running_state = 0;
1727 while (s->running_state == 0) {
1728 n = read(s->fd, buf, 256);
1732 for (i = 0; i < n; i++) {
1733 gdb_read_byte(s, buf[i]);
1736 /* XXX: Connection closed. Should probably wait for another
1737 connection before continuing. */
1750 /* Tell the remote gdb that the process has exited due to SIG. */
1751 void gdb_signalled(CPUArchState *env, int sig)
1756 s = gdbserver_state;
1757 if (gdbserver_fd < 0 || s->fd < 0) {
1761 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
1765 static void gdb_accept(void)
1768 struct sockaddr_in sockaddr;
1773 len = sizeof(sockaddr);
1774 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
1775 if (fd < 0 && errno != EINTR) {
1778 } else if (fd >= 0) {
1780 fcntl(fd, F_SETFD, FD_CLOEXEC);
1786 /* set short latency */
1787 socket_set_nodelay(fd);
1789 s = g_malloc0(sizeof(GDBState));
1790 s->c_cpu = first_cpu;
1791 s->g_cpu = first_cpu;
1793 gdb_has_xml = false;
1795 gdbserver_state = s;
1798 static int gdbserver_open(int port)
1800 struct sockaddr_in sockaddr;
1803 fd = socket(PF_INET, SOCK_STREAM, 0);
1809 fcntl(fd, F_SETFD, FD_CLOEXEC);
1812 socket_set_fast_reuse(fd);
1814 sockaddr.sin_family = AF_INET;
1815 sockaddr.sin_port = htons(port);
1816 sockaddr.sin_addr.s_addr = 0;
1817 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
1823 ret = listen(fd, 1);
1832 int gdbserver_start(int port)
1834 gdbserver_fd = gdbserver_open(port);
1835 if (gdbserver_fd < 0)
1837 /* accept connections */
1842 /* Disable gdb stub for child processes. */
1843 void gdbserver_fork(CPUState *cpu)
1845 GDBState *s = gdbserver_state;
1847 if (gdbserver_fd < 0 || s->fd < 0) {
1852 cpu_breakpoint_remove_all(cpu, BP_GDB);
1853 cpu_watchpoint_remove_all(cpu, BP_GDB);
1856 static int gdb_chr_can_receive(void *opaque)
1858 /* We can handle an arbitrarily large amount of data.
1859 Pick the maximum packet size, which is as good as anything. */
1860 return MAX_PACKET_LENGTH;
1863 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
1867 for (i = 0; i < size; i++) {
1868 gdb_read_byte(gdbserver_state, buf[i]);
1872 static void gdb_chr_event(void *opaque, int event)
1875 case CHR_EVENT_OPENED:
1876 vm_stop(RUN_STATE_PAUSED);
1877 gdb_has_xml = false;
1884 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
1886 char buf[MAX_PACKET_LENGTH];
1889 if (len > (MAX_PACKET_LENGTH/2) - 1)
1890 len = (MAX_PACKET_LENGTH/2) - 1;
1891 memtohex(buf + 1, (uint8_t *)msg, len);
1895 static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len)
1897 const char *p = (const char *)buf;
1900 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
1902 if (len <= max_sz) {
1903 gdb_monitor_output(gdbserver_state, p, len);
1906 gdb_monitor_output(gdbserver_state, p, max_sz);
1914 static void gdb_sigterm_handler(int signal)
1916 if (runstate_is_running()) {
1917 vm_stop(RUN_STATE_PAUSED);
1922 static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend,
1923 bool *be_opened, Error **errp)
1928 static void char_gdb_class_init(ObjectClass *oc, void *data)
1930 ChardevClass *cc = CHARDEV_CLASS(oc);
1932 cc->internal = true;
1933 cc->open = gdb_monitor_open;
1934 cc->chr_write = gdb_monitor_write;
1937 #define TYPE_CHARDEV_GDB "chardev-gdb"
1939 static const TypeInfo char_gdb_type_info = {
1940 .name = TYPE_CHARDEV_GDB,
1941 .parent = TYPE_CHARDEV,
1942 .class_init = char_gdb_class_init,
1945 int gdbserver_start(const char *device)
1948 char gdbstub_device_name[128];
1949 Chardev *chr = NULL;
1953 error_report("gdbstub: meaningless to attach gdb to a "
1954 "machine without any CPU.");
1960 if (strcmp(device, "none") != 0) {
1961 if (strstart(device, "tcp:", NULL)) {
1962 /* enforce required TCP attributes */
1963 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
1964 "%s,nowait,nodelay,server", device);
1965 device = gdbstub_device_name;
1968 else if (strcmp(device, "stdio") == 0) {
1969 struct sigaction act;
1971 memset(&act, 0, sizeof(act));
1972 act.sa_handler = gdb_sigterm_handler;
1973 sigaction(SIGINT, &act, NULL);
1976 chr = qemu_chr_new_noreplay("gdb", device);
1981 s = gdbserver_state;
1983 s = g_malloc0(sizeof(GDBState));
1984 gdbserver_state = s;
1986 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
1988 /* Initialize a monitor terminal for gdb */
1989 mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB,
1990 NULL, &error_abort);
1991 monitor_init(mon_chr, 0);
1993 qemu_chr_fe_deinit(&s->chr, true);
1994 mon_chr = s->mon_chr;
1995 memset(s, 0, sizeof(GDBState));
1996 s->mon_chr = mon_chr;
1998 s->c_cpu = first_cpu;
1999 s->g_cpu = first_cpu;
2001 qemu_chr_fe_init(&s->chr, chr, &error_abort);
2002 qemu_chr_fe_set_handlers(&s->chr, gdb_chr_can_receive, gdb_chr_receive,
2003 gdb_chr_event, NULL, NULL, NULL, true);
2005 s->state = chr ? RS_IDLE : RS_INACTIVE;
2006 s->mon_chr = mon_chr;
2007 s->current_syscall_cb = NULL;
2012 static void register_types(void)
2014 type_register_static(&char_gdb_type_info);
2017 type_init(register_types);
projects / qemu.git / blob