4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #include "qemu/error-report.h"
22 #include "qemu/cutils.h"
24 #include "trace-root.h"
25 #ifdef CONFIG_USER_ONLY
28 #include "monitor/monitor.h"
29 #include "chardev/char.h"
30 #include "chardev/char-fe.h"
31 #include "sysemu/sysemu.h"
32 #include "exec/gdbstub.h"
35 #define MAX_PACKET_LENGTH 4096
37 #include "qemu/sockets.h"
38 #include "sysemu/hw_accel.h"
39 #include "sysemu/kvm.h"
40 #include "exec/semihost.h"
41 #include "exec/exec-all.h"
43 #ifdef CONFIG_USER_ONLY
44 #define GDB_ATTACHED "0"
46 #define GDB_ATTACHED "1"
49 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
50 uint8_t *buf, int len, bool is_write)
52 CPUClass *cc = CPU_GET_CLASS(cpu);
54 if (cc->memory_rw_debug) {
55 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
57 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
60 /* Return the GDB index for a given vCPU state.
62 * For user mode this is simply the thread id. In system mode GDB
63 * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
65 static inline int cpu_gdb_index(CPUState *cpu)
67 #if defined(CONFIG_USER_ONLY)
68 TaskState *ts = (TaskState *) cpu->opaque;
71 return cpu->cpu_index + 1;
84 GDB_SIGNAL_UNKNOWN = 143
87 #ifdef CONFIG_USER_ONLY
89 /* Map target signal numbers to GDB protocol signal numbers and vice
90 * versa. For user emulation's currently supported systems, we can
91 * assume most signals are defined.
94 static int gdb_signal_table[] = {
254 /* In system mode we only need SIGINT and SIGTRAP; other signals
255 are not yet supported. */
262 static int gdb_signal_table[] = {
272 #ifdef CONFIG_USER_ONLY
273 static int target_signal_to_gdb (int sig)
276 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
277 if (gdb_signal_table[i] == sig)
279 return GDB_SIGNAL_UNKNOWN;
283 static int gdb_signal_to_target (int sig)
285 if (sig < ARRAY_SIZE (gdb_signal_table))
286 return gdb_signal_table[sig];
291 typedef struct GDBRegisterState {
297 struct GDBRegisterState *next;
309 typedef struct GDBState {
310 CPUState *c_cpu; /* current CPU for step/continue ops */
311 CPUState *g_cpu; /* current CPU for other ops */
312 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
313 enum RSState state; /* parsing state */
314 char line_buf[MAX_PACKET_LENGTH];
316 int line_sum; /* running checksum */
317 int line_csum; /* checksum at the end of the packet */
318 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
321 #ifdef CONFIG_USER_ONLY
328 char syscall_buf[256];
329 gdb_syscall_complete_cb current_syscall_cb;
332 /* By default use no IRQs and no timers while single stepping so as to
333 * make single stepping like an ICE HW step.
335 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
337 static GDBState *gdbserver_state;
341 #ifdef CONFIG_USER_ONLY
342 /* XXX: This is not thread safe. Do we care? */
343 static int gdbserver_fd = -1;
345 static int get_char(GDBState *s)
351 ret = qemu_recv(s->fd, &ch, 1, 0);
353 if (errno == ECONNRESET)
357 } else if (ret == 0) {
375 /* Decide if either remote gdb syscalls or native file IO should be used. */
376 int use_gdb_syscalls(void)
378 SemihostingTarget target = semihosting_get_target();
379 if (target == SEMIHOSTING_TARGET_NATIVE) {
380 /* -semihosting-config target=native */
382 } else if (target == SEMIHOSTING_TARGET_GDB) {
383 /* -semihosting-config target=gdb */
387 /* -semihosting-config target=auto */
388 /* On the first call check if gdb is connected and remember. */
389 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
390 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
393 return gdb_syscall_mode == GDB_SYS_ENABLED;
396 /* Resume execution. */
397 static inline void gdb_continue(GDBState *s)
400 #ifdef CONFIG_USER_ONLY
401 s->running_state = 1;
402 trace_gdbstub_op_continue();
404 if (!runstate_needs_reset()) {
405 trace_gdbstub_op_continue();
412 * Resume execution, per CPU actions. For user-mode emulation it's
413 * equivalent to gdb_continue.
415 static int gdb_continue_partial(GDBState *s, char *newstates)
419 #ifdef CONFIG_USER_ONLY
421 * This is not exactly accurate, but it's an improvement compared to the
422 * previous situation, where only one CPU would be single-stepped.
425 if (newstates[cpu->cpu_index] == 's') {
426 trace_gdbstub_op_stepping(cpu->cpu_index);
427 cpu_single_step(cpu, sstep_flags);
430 s->running_state = 1;
434 if (!runstate_needs_reset()) {
435 if (vm_prepare_start()) {
440 switch (newstates[cpu->cpu_index]) {
443 break; /* nothing to do here */
445 trace_gdbstub_op_stepping(cpu->cpu_index);
446 cpu_single_step(cpu, sstep_flags);
451 trace_gdbstub_op_continue_cpu(cpu->cpu_index);
462 qemu_clock_enable(QEMU_CLOCK_VIRTUAL, true);
468 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
470 #ifdef CONFIG_USER_ONLY
474 ret = send(s->fd, buf, len, 0);
484 /* XXX this blocks entire thread. Rewrite to use
485 * qemu_chr_fe_write and background I/O callbacks */
486 qemu_chr_fe_write_all(&s->chr, buf, len);
490 static inline int fromhex(int v)
492 if (v >= '0' && v <= '9')
494 else if (v >= 'A' && v <= 'F')
496 else if (v >= 'a' && v <= 'f')
502 static inline int tohex(int v)
510 /* writes 2*len+1 bytes in buf */
511 static void memtohex(char *buf, const uint8_t *mem, int len)
516 for(i = 0; i < len; i++) {
518 *q++ = tohex(c >> 4);
519 *q++ = tohex(c & 0xf);
524 static void hextomem(uint8_t *mem, const char *buf, int len)
528 for(i = 0; i < len; i++) {
529 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
534 static void hexdump(const char *buf, int len,
535 void (*trace_fn)(size_t ofs, char const *text))
537 char line_buffer[3 * 16 + 4 + 16 + 1];
540 for (i = 0; i < len || (i & 0xF); ++i) {
541 size_t byte_ofs = i & 15;
544 memset(line_buffer, ' ', 3 * 16 + 4 + 16);
545 line_buffer[3 * 16 + 4 + 16] = 0;
548 size_t col_group = (i >> 2) & 3;
549 size_t hex_col = byte_ofs * 3 + col_group;
550 size_t txt_col = 3 * 16 + 4 + byte_ofs;
555 line_buffer[hex_col + 0] = tohex((value >> 4) & 0xF);
556 line_buffer[hex_col + 1] = tohex((value >> 0) & 0xF);
557 line_buffer[txt_col + 0] = (value >= ' ' && value < 127)
563 trace_fn(i & -16, line_buffer);
567 /* return -1 if error, 0 if OK */
568 static int put_packet_binary(GDBState *s, const char *buf, int len, bool dump)
573 if (dump && trace_event_get_state_backends(TRACE_GDBSTUB_IO_BINARYREPLY)) {
574 hexdump(buf, len, trace_gdbstub_io_binaryreply);
583 for(i = 0; i < len; i++) {
587 *(p++) = tohex((csum >> 4) & 0xf);
588 *(p++) = tohex((csum) & 0xf);
590 s->last_packet_len = p - s->last_packet;
591 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
593 #ifdef CONFIG_USER_ONLY
606 /* return -1 if error, 0 if OK */
607 static int put_packet(GDBState *s, const char *buf)
609 trace_gdbstub_io_reply(buf);
611 return put_packet_binary(s, buf, strlen(buf), false);
614 /* Encode data using the encoding for 'x' packets. */
615 static int memtox(char *buf, const char *mem, int len)
623 case '#': case '$': case '*': case '}':
635 static const char *get_feature_xml(const char *p, const char **newp,
641 static char target_xml[1024];
644 while (p[len] && p[len] != ':')
649 if (strncmp(p, "target.xml", len) == 0) {
650 /* Generate the XML description for this CPU. */
651 if (!target_xml[0]) {
653 CPUState *cpu = first_cpu;
655 pstrcat(target_xml, sizeof(target_xml),
656 "<?xml version=\"1.0\"?>"
657 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
659 if (cc->gdb_arch_name) {
660 gchar *arch = cc->gdb_arch_name(cpu);
661 pstrcat(target_xml, sizeof(target_xml), "<architecture>");
662 pstrcat(target_xml, sizeof(target_xml), arch);
663 pstrcat(target_xml, sizeof(target_xml), "</architecture>");
666 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
667 pstrcat(target_xml, sizeof(target_xml), cc->gdb_core_xml_file);
668 pstrcat(target_xml, sizeof(target_xml), "\"/>");
669 for (r = cpu->gdb_regs; r; r = r->next) {
670 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
671 pstrcat(target_xml, sizeof(target_xml), r->xml);
672 pstrcat(target_xml, sizeof(target_xml), "\"/>");
674 pstrcat(target_xml, sizeof(target_xml), "</target>");
679 name = xml_builtin[i][0];
680 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
683 return name ? xml_builtin[i][1] : NULL;
686 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
688 CPUClass *cc = CPU_GET_CLASS(cpu);
689 CPUArchState *env = cpu->env_ptr;
692 if (reg < cc->gdb_num_core_regs) {
693 return cc->gdb_read_register(cpu, mem_buf, reg);
696 for (r = cpu->gdb_regs; r; r = r->next) {
697 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
698 return r->get_reg(env, mem_buf, reg - r->base_reg);
704 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
706 CPUClass *cc = CPU_GET_CLASS(cpu);
707 CPUArchState *env = cpu->env_ptr;
710 if (reg < cc->gdb_num_core_regs) {
711 return cc->gdb_write_register(cpu, mem_buf, reg);
714 for (r = cpu->gdb_regs; r; r = r->next) {
715 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
716 return r->set_reg(env, mem_buf, reg - r->base_reg);
722 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
723 specifies the first register number and these registers are included in
724 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
725 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
728 void gdb_register_coprocessor(CPUState *cpu,
729 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
730 int num_regs, const char *xml, int g_pos)
733 GDBRegisterState **p;
737 /* Check for duplicates. */
738 if (strcmp((*p)->xml, xml) == 0)
743 s = g_new0(GDBRegisterState, 1);
744 s->base_reg = cpu->gdb_num_regs;
745 s->num_regs = num_regs;
746 s->get_reg = get_reg;
747 s->set_reg = set_reg;
750 /* Add to end of list. */
751 cpu->gdb_num_regs += num_regs;
754 if (g_pos != s->base_reg) {
755 error_report("Error: Bad gdb register numbering for '%s', "
756 "expected %d got %d", xml, g_pos, s->base_reg);
758 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
763 #ifndef CONFIG_USER_ONLY
764 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
765 static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
767 static const int xlat[] = {
768 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
769 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
770 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
773 CPUClass *cc = CPU_GET_CLASS(cpu);
774 int cputype = xlat[gdbtype];
776 if (cc->gdb_stop_before_watchpoint) {
777 cputype |= BP_STOP_BEFORE_ACCESS;
783 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
789 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
793 case GDB_BREAKPOINT_SW:
794 case GDB_BREAKPOINT_HW:
796 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
802 #ifndef CONFIG_USER_ONLY
803 case GDB_WATCHPOINT_WRITE:
804 case GDB_WATCHPOINT_READ:
805 case GDB_WATCHPOINT_ACCESS:
807 err = cpu_watchpoint_insert(cpu, addr, len,
808 xlat_gdb_type(cpu, type), NULL);
820 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
826 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
830 case GDB_BREAKPOINT_SW:
831 case GDB_BREAKPOINT_HW:
833 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
839 #ifndef CONFIG_USER_ONLY
840 case GDB_WATCHPOINT_WRITE:
841 case GDB_WATCHPOINT_READ:
842 case GDB_WATCHPOINT_ACCESS:
844 err = cpu_watchpoint_remove(cpu, addr, len,
845 xlat_gdb_type(cpu, type));
856 static void gdb_breakpoint_remove_all(void)
861 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
866 cpu_breakpoint_remove_all(cpu, BP_GDB);
867 #ifndef CONFIG_USER_ONLY
868 cpu_watchpoint_remove_all(cpu, BP_GDB);
873 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
875 CPUState *cpu = s->c_cpu;
877 cpu_synchronize_state(cpu);
881 static CPUState *find_cpu(uint32_t thread_id)
886 if (cpu_gdb_index(cpu) == thread_id) {
894 static int is_query_packet(const char *p, const char *query, char separator)
896 unsigned int query_len = strlen(query);
898 return strncmp(p, query, query_len) == 0 &&
899 (p[query_len] == '\0' || p[query_len] == separator);
903 * gdb_handle_vcont - Parses and handles a vCont packet.
904 * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
905 * a format error, 0 on success.
907 static int gdb_handle_vcont(GDBState *s, const char *p)
909 int res, idx, signal = 0;
914 #ifdef CONFIG_USER_ONLY
915 int max_cpus = 1; /* global variable max_cpus exists only in system mode */
918 max_cpus = max_cpus <= cpu->cpu_index ? cpu->cpu_index + 1 : max_cpus;
921 /* uninitialised CPUs stay 0 */
922 newstates = g_new0(char, max_cpus);
924 /* mark valid CPUs with 1 */
926 newstates[cpu->cpu_index] = 1;
930 * res keeps track of what error we are returning, with -ENOTSUP meaning
931 * that the command is unknown or unsupported, thus returning an empty
932 * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
933 * or incorrect parameters passed.
943 if (cur_action == 'C' || cur_action == 'S') {
944 cur_action = qemu_tolower(cur_action);
945 res = qemu_strtoul(p + 1, &p, 16, &tmp);
949 signal = gdb_signal_to_target(tmp);
950 } else if (cur_action != 'c' && cur_action != 's') {
951 /* unknown/invalid/unsupported command */
955 /* thread specification. special values: (none), -1 = all; 0 = any */
956 if ((p[0] == ':' && p[1] == '-' && p[2] == '1') || (p[0] != ':')) {
960 for (idx = 0; idx < max_cpus; idx++) {
961 if (newstates[idx] == 1) {
962 newstates[idx] = cur_action;
965 } else if (*p == ':') {
967 res = qemu_strtoul(p, &p, 16, &tmp);
972 /* 0 means any thread, so we pick the first valid CPU */
973 cpu = tmp ? find_cpu(tmp) : first_cpu;
975 /* invalid CPU/thread specified */
981 /* only use if no previous match occourred */
982 if (newstates[cpu->cpu_index] == 1) {
983 newstates[cpu->cpu_index] = cur_action;
988 gdb_continue_partial(s, newstates);
996 static int gdb_handle_packet(GDBState *s, const char *line_buf)
1002 int ch, reg_size, type, res;
1003 uint8_t mem_buf[MAX_PACKET_LENGTH];
1004 char buf[sizeof(mem_buf) + 1 /* trailing NUL */];
1006 target_ulong addr, len;
1008 trace_gdbstub_io_command(line_buf);
1014 /* TODO: Make this return the correct value for user-mode. */
1015 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
1016 cpu_gdb_index(s->c_cpu));
1018 /* Remove all the breakpoints when this query is issued,
1019 * because gdb is doing and initial connect and the state
1020 * should be cleaned up.
1022 gdb_breakpoint_remove_all();
1026 addr = strtoull(p, (char **)&p, 16);
1027 gdb_set_cpu_pc(s, addr);
1033 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
1034 if (s->signal == -1)
1039 if (strncmp(p, "Cont", 4) == 0) {
1042 put_packet(s, "vCont;c;C;s;S");
1046 res = gdb_handle_vcont(s, p);
1049 if ((res == -EINVAL) || (res == -ERANGE)) {
1050 put_packet(s, "E22");
1053 goto unknown_command;
1057 goto unknown_command;
1060 /* Kill the target */
1061 error_report("QEMU: Terminated via GDBstub");
1065 gdb_breakpoint_remove_all();
1066 gdb_syscall_mode = GDB_SYS_DISABLED;
1068 put_packet(s, "OK");
1072 addr = strtoull(p, (char **)&p, 16);
1073 gdb_set_cpu_pc(s, addr);
1075 cpu_single_step(s->c_cpu, sstep_flags);
1083 ret = strtoull(p, (char **)&p, 16);
1086 err = strtoull(p, (char **)&p, 16);
1093 if (s->current_syscall_cb) {
1094 s->current_syscall_cb(s->c_cpu, ret, err);
1095 s->current_syscall_cb = NULL;
1098 put_packet(s, "T02");
1105 cpu_synchronize_state(s->g_cpu);
1107 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs; addr++) {
1108 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
1111 memtohex(buf, mem_buf, len);
1115 cpu_synchronize_state(s->g_cpu);
1116 registers = mem_buf;
1117 len = strlen(p) / 2;
1118 hextomem((uint8_t *)registers, p, len);
1119 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs && len > 0; addr++) {
1120 reg_size = gdb_write_register(s->g_cpu, registers, addr);
1122 registers += reg_size;
1124 put_packet(s, "OK");
1127 addr = strtoull(p, (char **)&p, 16);
1130 len = strtoull(p, NULL, 16);
1132 /* memtohex() doubles the required space */
1133 if (len > MAX_PACKET_LENGTH / 2) {
1134 put_packet (s, "E22");
1138 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
1139 put_packet (s, "E14");
1141 memtohex(buf, mem_buf, len);
1146 addr = strtoull(p, (char **)&p, 16);
1149 len = strtoull(p, (char **)&p, 16);
1153 /* hextomem() reads 2*len bytes */
1154 if (len > strlen(p) / 2) {
1155 put_packet (s, "E22");
1158 hextomem(mem_buf, p, len);
1159 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
1161 put_packet(s, "E14");
1163 put_packet(s, "OK");
1167 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1168 This works, but can be very slow. Anything new enough to
1169 understand XML also knows how to use this properly. */
1171 goto unknown_command;
1172 addr = strtoull(p, (char **)&p, 16);
1173 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1175 memtohex(buf, mem_buf, reg_size);
1178 put_packet(s, "E14");
1183 goto unknown_command;
1184 addr = strtoull(p, (char **)&p, 16);
1187 reg_size = strlen(p) / 2;
1188 hextomem(mem_buf, p, reg_size);
1189 gdb_write_register(s->g_cpu, mem_buf, addr);
1190 put_packet(s, "OK");
1194 type = strtoul(p, (char **)&p, 16);
1197 addr = strtoull(p, (char **)&p, 16);
1200 len = strtoull(p, (char **)&p, 16);
1202 res = gdb_breakpoint_insert(addr, len, type);
1204 res = gdb_breakpoint_remove(addr, len, type);
1206 put_packet(s, "OK");
1207 else if (res == -ENOSYS)
1210 put_packet(s, "E22");
1214 thread = strtoull(p, (char **)&p, 16);
1215 if (thread == -1 || thread == 0) {
1216 put_packet(s, "OK");
1219 cpu = find_cpu(thread);
1221 put_packet(s, "E22");
1227 put_packet(s, "OK");
1231 put_packet(s, "OK");
1234 put_packet(s, "E22");
1239 thread = strtoull(p, (char **)&p, 16);
1240 cpu = find_cpu(thread);
1243 put_packet(s, "OK");
1245 put_packet(s, "E22");
1250 /* parse any 'q' packets here */
1251 if (!strcmp(p,"qemu.sstepbits")) {
1252 /* Query Breakpoint bit definitions */
1253 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1259 } else if (is_query_packet(p, "qemu.sstep", '=')) {
1260 /* Display or change the sstep_flags */
1263 /* Display current setting */
1264 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1269 type = strtoul(p, (char **)&p, 16);
1271 put_packet(s, "OK");
1273 } else if (strcmp(p,"C") == 0) {
1274 /* "Current thread" remains vague in the spec, so always return
1275 * the first CPU (gdb returns the first thread). */
1276 put_packet(s, "QC1");
1278 } else if (strcmp(p,"fThreadInfo") == 0) {
1279 s->query_cpu = first_cpu;
1280 goto report_cpuinfo;
1281 } else if (strcmp(p,"sThreadInfo") == 0) {
1284 snprintf(buf, sizeof(buf), "m%x", cpu_gdb_index(s->query_cpu));
1286 s->query_cpu = CPU_NEXT(s->query_cpu);
1290 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1291 thread = strtoull(p+16, (char **)&p, 16);
1292 cpu = find_cpu(thread);
1294 cpu_synchronize_state(cpu);
1295 /* memtohex() doubles the required space */
1296 len = snprintf((char *)mem_buf, sizeof(buf) / 2,
1297 "CPU#%d [%s]", cpu->cpu_index,
1298 cpu->halted ? "halted " : "running");
1299 trace_gdbstub_op_extra_info((char *)mem_buf);
1300 memtohex(buf, mem_buf, len);
1305 #ifdef CONFIG_USER_ONLY
1306 else if (strcmp(p, "Offsets") == 0) {
1307 TaskState *ts = s->c_cpu->opaque;
1309 snprintf(buf, sizeof(buf),
1310 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1311 ";Bss=" TARGET_ABI_FMT_lx,
1312 ts->info->code_offset,
1313 ts->info->data_offset,
1314 ts->info->data_offset);
1318 #else /* !CONFIG_USER_ONLY */
1319 else if (strncmp(p, "Rcmd,", 5) == 0) {
1320 int len = strlen(p + 5);
1322 if ((len % 2) != 0) {
1323 put_packet(s, "E01");
1327 hextomem(mem_buf, p + 5, len);
1329 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1330 put_packet(s, "OK");
1333 #endif /* !CONFIG_USER_ONLY */
1334 if (is_query_packet(p, "Supported", ':')) {
1335 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1336 cc = CPU_GET_CLASS(first_cpu);
1337 if (cc->gdb_core_xml_file != NULL) {
1338 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1343 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1345 target_ulong total_len;
1347 cc = CPU_GET_CLASS(first_cpu);
1348 if (cc->gdb_core_xml_file == NULL) {
1349 goto unknown_command;
1354 xml = get_feature_xml(p, &p, cc);
1356 snprintf(buf, sizeof(buf), "E00");
1363 addr = strtoul(p, (char **)&p, 16);
1366 len = strtoul(p, (char **)&p, 16);
1368 total_len = strlen(xml);
1369 if (addr > total_len) {
1370 snprintf(buf, sizeof(buf), "E00");
1374 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1375 len = (MAX_PACKET_LENGTH - 5) / 2;
1376 if (len < total_len - addr) {
1378 len = memtox(buf + 1, xml + addr, len);
1381 len = memtox(buf + 1, xml + addr, total_len - addr);
1383 put_packet_binary(s, buf, len + 1, true);
1386 if (is_query_packet(p, "Attached", ':')) {
1387 put_packet(s, GDB_ATTACHED);
1390 /* Unrecognised 'q' command. */
1391 goto unknown_command;
1395 /* put empty packet */
1403 void gdb_set_stop_cpu(CPUState *cpu)
1405 gdbserver_state->c_cpu = cpu;
1406 gdbserver_state->g_cpu = cpu;
1409 #ifndef CONFIG_USER_ONLY
1410 static void gdb_vm_state_change(void *opaque, int running, RunState state)
1412 GDBState *s = gdbserver_state;
1413 CPUState *cpu = s->c_cpu;
1418 if (running || s->state == RS_INACTIVE) {
1421 /* Is there a GDB syscall waiting to be sent? */
1422 if (s->current_syscall_cb) {
1423 put_packet(s, s->syscall_buf);
1427 case RUN_STATE_DEBUG:
1428 if (cpu->watchpoint_hit) {
1429 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
1440 trace_gdbstub_hit_watchpoint(type, cpu_gdb_index(cpu),
1441 (target_ulong)cpu->watchpoint_hit->vaddr);
1442 snprintf(buf, sizeof(buf),
1443 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
1444 GDB_SIGNAL_TRAP, cpu_gdb_index(cpu), type,
1445 (target_ulong)cpu->watchpoint_hit->vaddr);
1446 cpu->watchpoint_hit = NULL;
1449 trace_gdbstub_hit_break();
1452 ret = GDB_SIGNAL_TRAP;
1454 case RUN_STATE_PAUSED:
1455 trace_gdbstub_hit_paused();
1456 ret = GDB_SIGNAL_INT;
1458 case RUN_STATE_SHUTDOWN:
1459 trace_gdbstub_hit_shutdown();
1460 ret = GDB_SIGNAL_QUIT;
1462 case RUN_STATE_IO_ERROR:
1463 trace_gdbstub_hit_io_error();
1464 ret = GDB_SIGNAL_IO;
1466 case RUN_STATE_WATCHDOG:
1467 trace_gdbstub_hit_watchdog();
1468 ret = GDB_SIGNAL_ALRM;
1470 case RUN_STATE_INTERNAL_ERROR:
1471 trace_gdbstub_hit_internal_error();
1472 ret = GDB_SIGNAL_ABRT;
1474 case RUN_STATE_SAVE_VM:
1475 case RUN_STATE_RESTORE_VM:
1477 case RUN_STATE_FINISH_MIGRATE:
1478 ret = GDB_SIGNAL_XCPU;
1481 trace_gdbstub_hit_unknown(state);
1482 ret = GDB_SIGNAL_UNKNOWN;
1485 gdb_set_stop_cpu(cpu);
1486 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_gdb_index(cpu));
1491 /* disable single step if it was enabled */
1492 cpu_single_step(cpu, 0);
1496 /* Send a gdb syscall request.
1497 This accepts limited printf-style format specifiers, specifically:
1498 %x - target_ulong argument printed in hex.
1499 %lx - 64-bit argument printed in hex.
1500 %s - string pointer (target_ulong) and length (int) pair. */
1501 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
1509 s = gdbserver_state;
1512 s->current_syscall_cb = cb;
1513 #ifndef CONFIG_USER_ONLY
1514 vm_stop(RUN_STATE_DEBUG);
1517 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
1524 addr = va_arg(va, target_ulong);
1525 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
1528 if (*(fmt++) != 'x')
1530 i64 = va_arg(va, uint64_t);
1531 p += snprintf(p, p_end - p, "%" PRIx64, i64);
1534 addr = va_arg(va, target_ulong);
1535 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
1536 addr, va_arg(va, int));
1540 error_report("gdbstub: Bad syscall format string '%s'",
1549 #ifdef CONFIG_USER_ONLY
1550 put_packet(s, s->syscall_buf);
1551 gdb_handlesig(s->c_cpu, 0);
1553 /* In this case wait to send the syscall packet until notification that
1554 the CPU has stopped. This must be done because if the packet is sent
1555 now the reply from the syscall request could be received while the CPU
1556 is still in the running state, which can cause packets to be dropped
1557 and state transition 'T' packets to be sent while the syscall is still
1559 qemu_cpu_kick(s->c_cpu);
1563 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1568 gdb_do_syscallv(cb, fmt, va);
1572 static void gdb_read_byte(GDBState *s, int ch)
1576 #ifndef CONFIG_USER_ONLY
1577 if (s->last_packet_len) {
1578 /* Waiting for a response to the last packet. If we see the start
1579 of a new command then abandon the previous response. */
1581 trace_gdbstub_err_got_nack();
1582 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
1583 } else if (ch == '+') {
1584 trace_gdbstub_io_got_ack();
1586 trace_gdbstub_io_got_unexpected((uint8_t)ch);
1589 if (ch == '+' || ch == '$')
1590 s->last_packet_len = 0;
1594 if (runstate_is_running()) {
1595 /* when the CPU is running, we cannot do anything except stop
1596 it when receiving a char */
1597 vm_stop(RUN_STATE_PAUSED);
1604 /* start of command packet */
1605 s->line_buf_index = 0;
1607 s->state = RS_GETLINE;
1609 trace_gdbstub_err_garbage((uint8_t)ch);
1614 /* start escape sequence */
1615 s->state = RS_GETLINE_ESC;
1617 } else if (ch == '*') {
1618 /* start run length encoding sequence */
1619 s->state = RS_GETLINE_RLE;
1621 } else if (ch == '#') {
1622 /* end of command, start of checksum*/
1623 s->state = RS_CHKSUM1;
1624 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1625 trace_gdbstub_err_overrun();
1628 /* unescaped command character */
1629 s->line_buf[s->line_buf_index++] = ch;
1633 case RS_GETLINE_ESC:
1635 /* unexpected end of command in escape sequence */
1636 s->state = RS_CHKSUM1;
1637 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1638 /* command buffer overrun */
1639 trace_gdbstub_err_overrun();
1642 /* parse escaped character and leave escape state */
1643 s->line_buf[s->line_buf_index++] = ch ^ 0x20;
1645 s->state = RS_GETLINE;
1648 case RS_GETLINE_RLE:
1650 /* invalid RLE count encoding */
1651 trace_gdbstub_err_invalid_repeat((uint8_t)ch);
1652 s->state = RS_GETLINE;
1654 /* decode repeat length */
1655 int repeat = (unsigned char)ch - ' ' + 3;
1656 if (s->line_buf_index + repeat >= sizeof(s->line_buf) - 1) {
1657 /* that many repeats would overrun the command buffer */
1658 trace_gdbstub_err_overrun();
1660 } else if (s->line_buf_index < 1) {
1661 /* got a repeat but we have nothing to repeat */
1662 trace_gdbstub_err_invalid_rle();
1663 s->state = RS_GETLINE;
1665 /* repeat the last character */
1666 memset(s->line_buf + s->line_buf_index,
1667 s->line_buf[s->line_buf_index - 1], repeat);
1668 s->line_buf_index += repeat;
1670 s->state = RS_GETLINE;
1675 /* get high hex digit of checksum */
1676 if (!isxdigit(ch)) {
1677 trace_gdbstub_err_checksum_invalid((uint8_t)ch);
1678 s->state = RS_GETLINE;
1681 s->line_buf[s->line_buf_index] = '\0';
1682 s->line_csum = fromhex(ch) << 4;
1683 s->state = RS_CHKSUM2;
1686 /* get low hex digit of checksum */
1687 if (!isxdigit(ch)) {
1688 trace_gdbstub_err_checksum_invalid((uint8_t)ch);
1689 s->state = RS_GETLINE;
1692 s->line_csum |= fromhex(ch);
1694 if (s->line_csum != (s->line_sum & 0xff)) {
1695 trace_gdbstub_err_checksum_incorrect(s->line_sum, s->line_csum);
1696 /* send NAK reply */
1698 put_buffer(s, &reply, 1);
1701 /* send ACK reply */
1703 put_buffer(s, &reply, 1);
1704 s->state = gdb_handle_packet(s, s->line_buf);
1713 /* Tell the remote gdb that the process has exited. */
1714 void gdb_exit(CPUArchState *env, int code)
1719 s = gdbserver_state;
1723 #ifdef CONFIG_USER_ONLY
1724 if (gdbserver_fd < 0 || s->fd < 0) {
1729 trace_gdbstub_op_exiting((uint8_t)code);
1731 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
1734 #ifndef CONFIG_USER_ONLY
1735 qemu_chr_fe_deinit(&s->chr, true);
1739 #ifdef CONFIG_USER_ONLY
1741 gdb_handlesig(CPUState *cpu, int sig)
1747 s = gdbserver_state;
1748 if (gdbserver_fd < 0 || s->fd < 0) {
1752 /* disable single step if it was enabled */
1753 cpu_single_step(cpu, 0);
1757 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
1760 /* put_packet() might have detected that the peer terminated the
1768 s->running_state = 0;
1769 while (s->running_state == 0) {
1770 n = read(s->fd, buf, 256);
1774 for (i = 0; i < n; i++) {
1775 gdb_read_byte(s, buf[i]);
1778 /* XXX: Connection closed. Should probably wait for another
1779 connection before continuing. */
1792 /* Tell the remote gdb that the process has exited due to SIG. */
1793 void gdb_signalled(CPUArchState *env, int sig)
1798 s = gdbserver_state;
1799 if (gdbserver_fd < 0 || s->fd < 0) {
1803 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
1807 static void gdb_accept(void)
1810 struct sockaddr_in sockaddr;
1815 len = sizeof(sockaddr);
1816 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
1817 if (fd < 0 && errno != EINTR) {
1820 } else if (fd >= 0) {
1822 fcntl(fd, F_SETFD, FD_CLOEXEC);
1828 /* set short latency */
1829 socket_set_nodelay(fd);
1831 s = g_malloc0(sizeof(GDBState));
1832 s->c_cpu = first_cpu;
1833 s->g_cpu = first_cpu;
1835 gdb_has_xml = false;
1837 gdbserver_state = s;
1840 static int gdbserver_open(int port)
1842 struct sockaddr_in sockaddr;
1845 fd = socket(PF_INET, SOCK_STREAM, 0);
1851 fcntl(fd, F_SETFD, FD_CLOEXEC);
1854 socket_set_fast_reuse(fd);
1856 sockaddr.sin_family = AF_INET;
1857 sockaddr.sin_port = htons(port);
1858 sockaddr.sin_addr.s_addr = 0;
1859 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
1865 ret = listen(fd, 1);
1874 int gdbserver_start(int port)
1876 gdbserver_fd = gdbserver_open(port);
1877 if (gdbserver_fd < 0)
1879 /* accept connections */
1884 /* Disable gdb stub for child processes. */
1885 void gdbserver_fork(CPUState *cpu)
1887 GDBState *s = gdbserver_state;
1889 if (gdbserver_fd < 0 || s->fd < 0) {
1894 cpu_breakpoint_remove_all(cpu, BP_GDB);
1895 cpu_watchpoint_remove_all(cpu, BP_GDB);
1898 static int gdb_chr_can_receive(void *opaque)
1900 /* We can handle an arbitrarily large amount of data.
1901 Pick the maximum packet size, which is as good as anything. */
1902 return MAX_PACKET_LENGTH;
1905 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
1909 for (i = 0; i < size; i++) {
1910 gdb_read_byte(gdbserver_state, buf[i]);
1914 static void gdb_chr_event(void *opaque, int event)
1917 case CHR_EVENT_OPENED:
1918 vm_stop(RUN_STATE_PAUSED);
1919 gdb_has_xml = false;
1926 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
1928 char buf[MAX_PACKET_LENGTH];
1931 if (len > (MAX_PACKET_LENGTH/2) - 1)
1932 len = (MAX_PACKET_LENGTH/2) - 1;
1933 memtohex(buf + 1, (uint8_t *)msg, len);
1937 static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len)
1939 const char *p = (const char *)buf;
1942 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
1944 if (len <= max_sz) {
1945 gdb_monitor_output(gdbserver_state, p, len);
1948 gdb_monitor_output(gdbserver_state, p, max_sz);
1956 static void gdb_sigterm_handler(int signal)
1958 if (runstate_is_running()) {
1959 vm_stop(RUN_STATE_PAUSED);
1964 static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend,
1965 bool *be_opened, Error **errp)
1970 static void char_gdb_class_init(ObjectClass *oc, void *data)
1972 ChardevClass *cc = CHARDEV_CLASS(oc);
1974 cc->internal = true;
1975 cc->open = gdb_monitor_open;
1976 cc->chr_write = gdb_monitor_write;
1979 #define TYPE_CHARDEV_GDB "chardev-gdb"
1981 static const TypeInfo char_gdb_type_info = {
1982 .name = TYPE_CHARDEV_GDB,
1983 .parent = TYPE_CHARDEV,
1984 .class_init = char_gdb_class_init,
1987 int gdbserver_start(const char *device)
1989 trace_gdbstub_op_start(device);
1992 char gdbstub_device_name[128];
1993 Chardev *chr = NULL;
1997 error_report("gdbstub: meaningless to attach gdb to a "
1998 "machine without any CPU.");
2004 if (strcmp(device, "none") != 0) {
2005 if (strstart(device, "tcp:", NULL)) {
2006 /* enforce required TCP attributes */
2007 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
2008 "%s,nowait,nodelay,server", device);
2009 device = gdbstub_device_name;
2012 else if (strcmp(device, "stdio") == 0) {
2013 struct sigaction act;
2015 memset(&act, 0, sizeof(act));
2016 act.sa_handler = gdb_sigterm_handler;
2017 sigaction(SIGINT, &act, NULL);
2020 chr = qemu_chr_new_noreplay("gdb", device);
2025 s = gdbserver_state;
2027 s = g_malloc0(sizeof(GDBState));
2028 gdbserver_state = s;
2030 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
2032 /* Initialize a monitor terminal for gdb */
2033 mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB,
2034 NULL, &error_abort);
2035 monitor_init(mon_chr, 0);
2037 qemu_chr_fe_deinit(&s->chr, true);
2038 mon_chr = s->mon_chr;
2039 memset(s, 0, sizeof(GDBState));
2040 s->mon_chr = mon_chr;
2042 s->c_cpu = first_cpu;
2043 s->g_cpu = first_cpu;
2045 qemu_chr_fe_init(&s->chr, chr, &error_abort);
2046 qemu_chr_fe_set_handlers(&s->chr, gdb_chr_can_receive, gdb_chr_receive,
2047 gdb_chr_event, NULL, NULL, NULL, true);
2049 s->state = chr ? RS_IDLE : RS_INACTIVE;
2050 s->mon_chr = mon_chr;
2051 s->current_syscall_cb = NULL;
2056 void gdbserver_cleanup(void)
2058 if (gdbserver_state) {
2059 put_packet(gdbserver_state, "W00");
2063 static void register_types(void)
2065 type_register_static(&char_gdb_type_info);
2068 type_init(register_types);
projects / qemu.git / blob