4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #include "qemu/error-report.h"
22 #include "qemu/cutils.h"
24 #ifdef CONFIG_USER_ONLY
27 #include "monitor/monitor.h"
28 #include "sysemu/char.h"
29 #include "sysemu/sysemu.h"
30 #include "exec/gdbstub.h"
33 #define MAX_PACKET_LENGTH 4096
35 #include "qemu/sockets.h"
36 #include "sysemu/hw_accel.h"
37 #include "sysemu/kvm.h"
38 #include "exec/semihost.h"
39 #include "exec/exec-all.h"
41 #ifdef CONFIG_USER_ONLY
42 #define GDB_ATTACHED "0"
44 #define GDB_ATTACHED "1"
47 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
48 uint8_t *buf, int len, bool is_write)
50 CPUClass *cc = CPU_GET_CLASS(cpu);
52 if (cc->memory_rw_debug) {
53 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
55 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
67 GDB_SIGNAL_UNKNOWN = 143
70 #ifdef CONFIG_USER_ONLY
72 /* Map target signal numbers to GDB protocol signal numbers and vice
73 * versa. For user emulation's currently supported systems, we can
74 * assume most signals are defined.
77 static int gdb_signal_table[] = {
237 /* In system mode we only need SIGINT and SIGTRAP; other signals
238 are not yet supported. */
245 static int gdb_signal_table[] = {
255 #ifdef CONFIG_USER_ONLY
256 static int target_signal_to_gdb (int sig)
259 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
260 if (gdb_signal_table[i] == sig)
262 return GDB_SIGNAL_UNKNOWN;
266 static int gdb_signal_to_target (int sig)
268 if (sig < ARRAY_SIZE (gdb_signal_table))
269 return gdb_signal_table[sig];
276 typedef struct GDBRegisterState {
282 struct GDBRegisterState *next;
294 typedef struct GDBState {
295 CPUState *c_cpu; /* current CPU for step/continue ops */
296 CPUState *g_cpu; /* current CPU for other ops */
297 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
298 enum RSState state; /* parsing state */
299 char line_buf[MAX_PACKET_LENGTH];
301 int line_sum; /* running checksum */
302 int line_csum; /* checksum at the end of the packet */
303 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
306 #ifdef CONFIG_USER_ONLY
313 char syscall_buf[256];
314 gdb_syscall_complete_cb current_syscall_cb;
317 /* By default use no IRQs and no timers while single stepping so as to
318 * make single stepping like an ICE HW step.
320 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
322 static GDBState *gdbserver_state;
326 #ifdef CONFIG_USER_ONLY
327 /* XXX: This is not thread safe. Do we care? */
328 static int gdbserver_fd = -1;
330 static int get_char(GDBState *s)
336 ret = qemu_recv(s->fd, &ch, 1, 0);
338 if (errno == ECONNRESET)
342 } else if (ret == 0) {
360 /* Decide if either remote gdb syscalls or native file IO should be used. */
361 int use_gdb_syscalls(void)
363 SemihostingTarget target = semihosting_get_target();
364 if (target == SEMIHOSTING_TARGET_NATIVE) {
365 /* -semihosting-config target=native */
367 } else if (target == SEMIHOSTING_TARGET_GDB) {
368 /* -semihosting-config target=gdb */
372 /* -semihosting-config target=auto */
373 /* On the first call check if gdb is connected and remember. */
374 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
375 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
378 return gdb_syscall_mode == GDB_SYS_ENABLED;
381 /* Resume execution. */
382 static inline void gdb_continue(GDBState *s)
384 #ifdef CONFIG_USER_ONLY
385 s->running_state = 1;
387 if (!runstate_needs_reset()) {
394 * Resume execution, per CPU actions. For user-mode emulation it's
395 * equivalent to gdb_continue.
397 static int gdb_continue_partial(GDBState *s, char *newstates)
401 #ifdef CONFIG_USER_ONLY
403 * This is not exactly accurate, but it's an improvement compared to the
404 * previous situation, where only one CPU would be single-stepped.
407 if (newstates[cpu->cpu_index] == 's') {
408 cpu_single_step(cpu, sstep_flags);
411 s->running_state = 1;
415 if (!runstate_needs_reset()) {
416 if (vm_prepare_start()) {
421 switch (newstates[cpu->cpu_index]) {
424 break; /* nothing to do here */
426 cpu_single_step(cpu, sstep_flags);
441 qemu_clock_enable(QEMU_CLOCK_VIRTUAL, true);
447 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
449 #ifdef CONFIG_USER_ONLY
453 ret = send(s->fd, buf, len, 0);
463 /* XXX this blocks entire thread. Rewrite to use
464 * qemu_chr_fe_write and background I/O callbacks */
465 qemu_chr_fe_write_all(&s->chr, buf, len);
469 static inline int fromhex(int v)
471 if (v >= '0' && v <= '9')
473 else if (v >= 'A' && v <= 'F')
475 else if (v >= 'a' && v <= 'f')
481 static inline int tohex(int v)
489 static void memtohex(char *buf, const uint8_t *mem, int len)
494 for(i = 0; i < len; i++) {
496 *q++ = tohex(c >> 4);
497 *q++ = tohex(c & 0xf);
502 static void hextomem(uint8_t *mem, const char *buf, int len)
506 for(i = 0; i < len; i++) {
507 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
512 /* return -1 if error, 0 if OK */
513 static int put_packet_binary(GDBState *s, const char *buf, int len)
524 for(i = 0; i < len; i++) {
528 *(p++) = tohex((csum >> 4) & 0xf);
529 *(p++) = tohex((csum) & 0xf);
531 s->last_packet_len = p - s->last_packet;
532 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
534 #ifdef CONFIG_USER_ONLY
547 /* return -1 if error, 0 if OK */
548 static int put_packet(GDBState *s, const char *buf)
551 printf("reply='%s'\n", buf);
554 return put_packet_binary(s, buf, strlen(buf));
557 /* Encode data using the encoding for 'x' packets. */
558 static int memtox(char *buf, const char *mem, int len)
566 case '#': case '$': case '*': case '}':
578 static const char *get_feature_xml(const char *p, const char **newp,
584 static char target_xml[1024];
587 while (p[len] && p[len] != ':')
592 if (strncmp(p, "target.xml", len) == 0) {
593 /* Generate the XML description for this CPU. */
594 if (!target_xml[0]) {
596 CPUState *cpu = first_cpu;
598 pstrcat(target_xml, sizeof(target_xml),
599 "<?xml version=\"1.0\"?>"
600 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
602 if (cc->gdb_arch_name) {
603 gchar *arch = cc->gdb_arch_name(cpu);
604 pstrcat(target_xml, sizeof(target_xml), "<architecture>");
605 pstrcat(target_xml, sizeof(target_xml), arch);
606 pstrcat(target_xml, sizeof(target_xml), "</architecture>");
609 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
610 pstrcat(target_xml, sizeof(target_xml), cc->gdb_core_xml_file);
611 pstrcat(target_xml, sizeof(target_xml), "\"/>");
612 for (r = cpu->gdb_regs; r; r = r->next) {
613 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
614 pstrcat(target_xml, sizeof(target_xml), r->xml);
615 pstrcat(target_xml, sizeof(target_xml), "\"/>");
617 pstrcat(target_xml, sizeof(target_xml), "</target>");
622 name = xml_builtin[i][0];
623 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
626 return name ? xml_builtin[i][1] : NULL;
629 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
631 CPUClass *cc = CPU_GET_CLASS(cpu);
632 CPUArchState *env = cpu->env_ptr;
635 if (reg < cc->gdb_num_core_regs) {
636 return cc->gdb_read_register(cpu, mem_buf, reg);
639 for (r = cpu->gdb_regs; r; r = r->next) {
640 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
641 return r->get_reg(env, mem_buf, reg - r->base_reg);
647 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
649 CPUClass *cc = CPU_GET_CLASS(cpu);
650 CPUArchState *env = cpu->env_ptr;
653 if (reg < cc->gdb_num_core_regs) {
654 return cc->gdb_write_register(cpu, mem_buf, reg);
657 for (r = cpu->gdb_regs; r; r = r->next) {
658 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
659 return r->set_reg(env, mem_buf, reg - r->base_reg);
665 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
666 specifies the first register number and these registers are included in
667 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
668 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
671 void gdb_register_coprocessor(CPUState *cpu,
672 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
673 int num_regs, const char *xml, int g_pos)
676 GDBRegisterState **p;
680 /* Check for duplicates. */
681 if (strcmp((*p)->xml, xml) == 0)
686 s = g_new0(GDBRegisterState, 1);
687 s->base_reg = cpu->gdb_num_regs;
688 s->num_regs = num_regs;
689 s->get_reg = get_reg;
690 s->set_reg = set_reg;
693 /* Add to end of list. */
694 cpu->gdb_num_regs += num_regs;
697 if (g_pos != s->base_reg) {
698 error_report("Error: Bad gdb register numbering for '%s', "
699 "expected %d got %d", xml, g_pos, s->base_reg);
701 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
706 #ifndef CONFIG_USER_ONLY
707 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
708 static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
710 static const int xlat[] = {
711 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
712 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
713 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
716 CPUClass *cc = CPU_GET_CLASS(cpu);
717 int cputype = xlat[gdbtype];
719 if (cc->gdb_stop_before_watchpoint) {
720 cputype |= BP_STOP_BEFORE_ACCESS;
726 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
732 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
736 case GDB_BREAKPOINT_SW:
737 case GDB_BREAKPOINT_HW:
739 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
745 #ifndef CONFIG_USER_ONLY
746 case GDB_WATCHPOINT_WRITE:
747 case GDB_WATCHPOINT_READ:
748 case GDB_WATCHPOINT_ACCESS:
750 err = cpu_watchpoint_insert(cpu, addr, len,
751 xlat_gdb_type(cpu, type), NULL);
763 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
769 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
773 case GDB_BREAKPOINT_SW:
774 case GDB_BREAKPOINT_HW:
776 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
782 #ifndef CONFIG_USER_ONLY
783 case GDB_WATCHPOINT_WRITE:
784 case GDB_WATCHPOINT_READ:
785 case GDB_WATCHPOINT_ACCESS:
787 err = cpu_watchpoint_remove(cpu, addr, len,
788 xlat_gdb_type(cpu, type));
799 static void gdb_breakpoint_remove_all(void)
804 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
809 cpu_breakpoint_remove_all(cpu, BP_GDB);
810 #ifndef CONFIG_USER_ONLY
811 cpu_watchpoint_remove_all(cpu, BP_GDB);
816 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
818 CPUState *cpu = s->c_cpu;
820 cpu_synchronize_state(cpu);
824 static CPUState *find_cpu(uint32_t thread_id)
829 if (cpu_index(cpu) == thread_id) {
837 static int is_query_packet(const char *p, const char *query, char separator)
839 unsigned int query_len = strlen(query);
841 return strncmp(p, query, query_len) == 0 &&
842 (p[query_len] == '\0' || p[query_len] == separator);
846 * gdb_handle_vcont - Parses and handles a vCont packet.
847 * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
848 * a format error, 0 on success.
850 static int gdb_handle_vcont(GDBState *s, const char *p)
852 int res, idx, signal = 0;
857 #ifdef CONFIG_USER_ONLY
858 int max_cpus = 1; /* global variable max_cpus exists only in system mode */
861 max_cpus = max_cpus <= cpu->cpu_index ? cpu->cpu_index + 1 : max_cpus;
864 /* uninitialised CPUs stay 0 */
865 newstates = g_new0(char, max_cpus);
867 /* mark valid CPUs with 1 */
869 newstates[cpu->cpu_index] = 1;
873 * res keeps track of what error we are returning, with -ENOTSUP meaning
874 * that the command is unknown or unsupported, thus returning an empty
875 * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
876 * or incorrect parameters passed.
886 if (cur_action == 'C' || cur_action == 'S') {
887 cur_action = tolower(cur_action);
888 res = qemu_strtoul(p + 1, &p, 16, &tmp);
892 signal = gdb_signal_to_target(tmp);
893 } else if (cur_action != 'c' && cur_action != 's') {
894 /* unknown/invalid/unsupported command */
898 /* thread specification. special values: (none), -1 = all; 0 = any */
899 if ((p[0] == ':' && p[1] == '-' && p[2] == '1') || (p[0] != ':')) {
903 for (idx = 0; idx < max_cpus; idx++) {
904 if (newstates[idx] == 1) {
905 newstates[idx] = cur_action;
908 } else if (*p == ':') {
910 res = qemu_strtoul(p, &p, 16, &tmp);
915 /* 0 means any thread, so we pick the first valid CPU */
917 idx = cpu_index(first_cpu);
921 * If we are in user mode, the thread specified is actually a
922 * thread id, and not an index. We need to find the actual
923 * CPU first, and only then we can use its index.
926 /* invalid CPU/thread specified */
931 /* only use if no previous match occourred */
932 if (newstates[cpu->cpu_index] == 1) {
933 newstates[cpu->cpu_index] = cur_action;
938 gdb_continue_partial(s, newstates);
946 static int gdb_handle_packet(GDBState *s, const char *line_buf)
952 int ch, reg_size, type, res;
953 char buf[MAX_PACKET_LENGTH];
954 uint8_t mem_buf[MAX_PACKET_LENGTH];
956 target_ulong addr, len;
959 printf("command='%s'\n", line_buf);
965 /* TODO: Make this return the correct value for user-mode. */
966 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
967 cpu_index(s->c_cpu));
969 /* Remove all the breakpoints when this query is issued,
970 * because gdb is doing and initial connect and the state
971 * should be cleaned up.
973 gdb_breakpoint_remove_all();
977 addr = strtoull(p, (char **)&p, 16);
978 gdb_set_cpu_pc(s, addr);
984 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
990 if (strncmp(p, "Cont", 4) == 0) {
993 put_packet(s, "vCont;c;C;s;S");
997 res = gdb_handle_vcont(s, p);
1000 if ((res == -EINVAL) || (res == -ERANGE)) {
1001 put_packet(s, "E22");
1004 goto unknown_command;
1008 goto unknown_command;
1011 /* Kill the target */
1012 error_report("QEMU: Terminated via GDBstub");
1016 gdb_breakpoint_remove_all();
1017 gdb_syscall_mode = GDB_SYS_DISABLED;
1019 put_packet(s, "OK");
1023 addr = strtoull(p, (char **)&p, 16);
1024 gdb_set_cpu_pc(s, addr);
1026 cpu_single_step(s->c_cpu, sstep_flags);
1034 ret = strtoull(p, (char **)&p, 16);
1037 err = strtoull(p, (char **)&p, 16);
1044 if (s->current_syscall_cb) {
1045 s->current_syscall_cb(s->c_cpu, ret, err);
1046 s->current_syscall_cb = NULL;
1049 put_packet(s, "T02");
1056 cpu_synchronize_state(s->g_cpu);
1058 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs; addr++) {
1059 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
1062 memtohex(buf, mem_buf, len);
1066 cpu_synchronize_state(s->g_cpu);
1067 registers = mem_buf;
1068 len = strlen(p) / 2;
1069 hextomem((uint8_t *)registers, p, len);
1070 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs && len > 0; addr++) {
1071 reg_size = gdb_write_register(s->g_cpu, registers, addr);
1073 registers += reg_size;
1075 put_packet(s, "OK");
1078 addr = strtoull(p, (char **)&p, 16);
1081 len = strtoull(p, NULL, 16);
1083 /* memtohex() doubles the required space */
1084 if (len > MAX_PACKET_LENGTH / 2) {
1085 put_packet (s, "E22");
1089 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
1090 put_packet (s, "E14");
1092 memtohex(buf, mem_buf, len);
1097 addr = strtoull(p, (char **)&p, 16);
1100 len = strtoull(p, (char **)&p, 16);
1104 /* hextomem() reads 2*len bytes */
1105 if (len > strlen(p) / 2) {
1106 put_packet (s, "E22");
1109 hextomem(mem_buf, p, len);
1110 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
1112 put_packet(s, "E14");
1114 put_packet(s, "OK");
1118 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1119 This works, but can be very slow. Anything new enough to
1120 understand XML also knows how to use this properly. */
1122 goto unknown_command;
1123 addr = strtoull(p, (char **)&p, 16);
1124 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1126 memtohex(buf, mem_buf, reg_size);
1129 put_packet(s, "E14");
1134 goto unknown_command;
1135 addr = strtoull(p, (char **)&p, 16);
1138 reg_size = strlen(p) / 2;
1139 hextomem(mem_buf, p, reg_size);
1140 gdb_write_register(s->g_cpu, mem_buf, addr);
1141 put_packet(s, "OK");
1145 type = strtoul(p, (char **)&p, 16);
1148 addr = strtoull(p, (char **)&p, 16);
1151 len = strtoull(p, (char **)&p, 16);
1153 res = gdb_breakpoint_insert(addr, len, type);
1155 res = gdb_breakpoint_remove(addr, len, type);
1157 put_packet(s, "OK");
1158 else if (res == -ENOSYS)
1161 put_packet(s, "E22");
1165 thread = strtoull(p, (char **)&p, 16);
1166 if (thread == -1 || thread == 0) {
1167 put_packet(s, "OK");
1170 cpu = find_cpu(thread);
1172 put_packet(s, "E22");
1178 put_packet(s, "OK");
1182 put_packet(s, "OK");
1185 put_packet(s, "E22");
1190 thread = strtoull(p, (char **)&p, 16);
1191 cpu = find_cpu(thread);
1194 put_packet(s, "OK");
1196 put_packet(s, "E22");
1201 /* parse any 'q' packets here */
1202 if (!strcmp(p,"qemu.sstepbits")) {
1203 /* Query Breakpoint bit definitions */
1204 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1210 } else if (is_query_packet(p, "qemu.sstep", '=')) {
1211 /* Display or change the sstep_flags */
1214 /* Display current setting */
1215 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1220 type = strtoul(p, (char **)&p, 16);
1222 put_packet(s, "OK");
1224 } else if (strcmp(p,"C") == 0) {
1225 /* "Current thread" remains vague in the spec, so always return
1226 * the first CPU (gdb returns the first thread). */
1227 put_packet(s, "QC1");
1229 } else if (strcmp(p,"fThreadInfo") == 0) {
1230 s->query_cpu = first_cpu;
1231 goto report_cpuinfo;
1232 } else if (strcmp(p,"sThreadInfo") == 0) {
1235 snprintf(buf, sizeof(buf), "m%x", cpu_index(s->query_cpu));
1237 s->query_cpu = CPU_NEXT(s->query_cpu);
1241 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1242 thread = strtoull(p+16, (char **)&p, 16);
1243 cpu = find_cpu(thread);
1245 cpu_synchronize_state(cpu);
1246 /* memtohex() doubles the required space */
1247 len = snprintf((char *)mem_buf, sizeof(buf) / 2,
1248 "CPU#%d [%s]", cpu->cpu_index,
1249 cpu->halted ? "halted " : "running");
1250 memtohex(buf, mem_buf, len);
1255 #ifdef CONFIG_USER_ONLY
1256 else if (strcmp(p, "Offsets") == 0) {
1257 TaskState *ts = s->c_cpu->opaque;
1259 snprintf(buf, sizeof(buf),
1260 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1261 ";Bss=" TARGET_ABI_FMT_lx,
1262 ts->info->code_offset,
1263 ts->info->data_offset,
1264 ts->info->data_offset);
1268 #else /* !CONFIG_USER_ONLY */
1269 else if (strncmp(p, "Rcmd,", 5) == 0) {
1270 int len = strlen(p + 5);
1272 if ((len % 2) != 0) {
1273 put_packet(s, "E01");
1277 hextomem(mem_buf, p + 5, len);
1279 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1280 put_packet(s, "OK");
1283 #endif /* !CONFIG_USER_ONLY */
1284 if (is_query_packet(p, "Supported", ':')) {
1285 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1286 cc = CPU_GET_CLASS(first_cpu);
1287 if (cc->gdb_core_xml_file != NULL) {
1288 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1293 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1295 target_ulong total_len;
1297 cc = CPU_GET_CLASS(first_cpu);
1298 if (cc->gdb_core_xml_file == NULL) {
1299 goto unknown_command;
1304 xml = get_feature_xml(p, &p, cc);
1306 snprintf(buf, sizeof(buf), "E00");
1313 addr = strtoul(p, (char **)&p, 16);
1316 len = strtoul(p, (char **)&p, 16);
1318 total_len = strlen(xml);
1319 if (addr > total_len) {
1320 snprintf(buf, sizeof(buf), "E00");
1324 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1325 len = (MAX_PACKET_LENGTH - 5) / 2;
1326 if (len < total_len - addr) {
1328 len = memtox(buf + 1, xml + addr, len);
1331 len = memtox(buf + 1, xml + addr, total_len - addr);
1333 put_packet_binary(s, buf, len + 1);
1336 if (is_query_packet(p, "Attached", ':')) {
1337 put_packet(s, GDB_ATTACHED);
1340 /* Unrecognised 'q' command. */
1341 goto unknown_command;
1345 /* put empty packet */
1353 void gdb_set_stop_cpu(CPUState *cpu)
1355 gdbserver_state->c_cpu = cpu;
1356 gdbserver_state->g_cpu = cpu;
1359 #ifndef CONFIG_USER_ONLY
1360 static void gdb_vm_state_change(void *opaque, int running, RunState state)
1362 GDBState *s = gdbserver_state;
1363 CPUState *cpu = s->c_cpu;
1368 if (running || s->state == RS_INACTIVE) {
1371 /* Is there a GDB syscall waiting to be sent? */
1372 if (s->current_syscall_cb) {
1373 put_packet(s, s->syscall_buf);
1377 case RUN_STATE_DEBUG:
1378 if (cpu->watchpoint_hit) {
1379 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
1390 snprintf(buf, sizeof(buf),
1391 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
1392 GDB_SIGNAL_TRAP, cpu_index(cpu), type,
1393 (target_ulong)cpu->watchpoint_hit->vaddr);
1394 cpu->watchpoint_hit = NULL;
1398 ret = GDB_SIGNAL_TRAP;
1400 case RUN_STATE_PAUSED:
1401 ret = GDB_SIGNAL_INT;
1403 case RUN_STATE_SHUTDOWN:
1404 ret = GDB_SIGNAL_QUIT;
1406 case RUN_STATE_IO_ERROR:
1407 ret = GDB_SIGNAL_IO;
1409 case RUN_STATE_WATCHDOG:
1410 ret = GDB_SIGNAL_ALRM;
1412 case RUN_STATE_INTERNAL_ERROR:
1413 ret = GDB_SIGNAL_ABRT;
1415 case RUN_STATE_SAVE_VM:
1416 case RUN_STATE_RESTORE_VM:
1418 case RUN_STATE_FINISH_MIGRATE:
1419 ret = GDB_SIGNAL_XCPU;
1422 ret = GDB_SIGNAL_UNKNOWN;
1425 gdb_set_stop_cpu(cpu);
1426 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_index(cpu));
1431 /* disable single step if it was enabled */
1432 cpu_single_step(cpu, 0);
1436 /* Send a gdb syscall request.
1437 This accepts limited printf-style format specifiers, specifically:
1438 %x - target_ulong argument printed in hex.
1439 %lx - 64-bit argument printed in hex.
1440 %s - string pointer (target_ulong) and length (int) pair. */
1441 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
1449 s = gdbserver_state;
1452 s->current_syscall_cb = cb;
1453 #ifndef CONFIG_USER_ONLY
1454 vm_stop(RUN_STATE_DEBUG);
1457 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
1464 addr = va_arg(va, target_ulong);
1465 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
1468 if (*(fmt++) != 'x')
1470 i64 = va_arg(va, uint64_t);
1471 p += snprintf(p, p_end - p, "%" PRIx64, i64);
1474 addr = va_arg(va, target_ulong);
1475 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
1476 addr, va_arg(va, int));
1480 error_report("gdbstub: Bad syscall format string '%s'",
1489 #ifdef CONFIG_USER_ONLY
1490 put_packet(s, s->syscall_buf);
1491 gdb_handlesig(s->c_cpu, 0);
1493 /* In this case wait to send the syscall packet until notification that
1494 the CPU has stopped. This must be done because if the packet is sent
1495 now the reply from the syscall request could be received while the CPU
1496 is still in the running state, which can cause packets to be dropped
1497 and state transition 'T' packets to be sent while the syscall is still
1499 qemu_cpu_kick(s->c_cpu);
1503 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1508 gdb_do_syscallv(cb, fmt, va);
1512 static void gdb_read_byte(GDBState *s, int ch)
1516 #ifndef CONFIG_USER_ONLY
1517 if (s->last_packet_len) {
1518 /* Waiting for a response to the last packet. If we see the start
1519 of a new command then abandon the previous response. */
1522 printf("Got NACK, retransmitting\n");
1524 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
1528 printf("Got ACK\n");
1530 printf("Got '%c' when expecting ACK/NACK\n", ch);
1532 if (ch == '+' || ch == '$')
1533 s->last_packet_len = 0;
1537 if (runstate_is_running()) {
1538 /* when the CPU is running, we cannot do anything except stop
1539 it when receiving a char */
1540 vm_stop(RUN_STATE_PAUSED);
1547 /* start of command packet */
1548 s->line_buf_index = 0;
1550 s->state = RS_GETLINE;
1553 printf("gdbstub received garbage between packets: 0x%x\n", ch);
1559 /* start escape sequence */
1560 s->state = RS_GETLINE_ESC;
1562 } else if (ch == '*') {
1563 /* start run length encoding sequence */
1564 s->state = RS_GETLINE_RLE;
1566 } else if (ch == '#') {
1567 /* end of command, start of checksum*/
1568 s->state = RS_CHKSUM1;
1569 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1571 printf("gdbstub command buffer overrun, dropping command\n");
1575 /* unescaped command character */
1576 s->line_buf[s->line_buf_index++] = ch;
1580 case RS_GETLINE_ESC:
1582 /* unexpected end of command in escape sequence */
1583 s->state = RS_CHKSUM1;
1584 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1585 /* command buffer overrun */
1587 printf("gdbstub command buffer overrun, dropping command\n");
1591 /* parse escaped character and leave escape state */
1592 s->line_buf[s->line_buf_index++] = ch ^ 0x20;
1594 s->state = RS_GETLINE;
1597 case RS_GETLINE_RLE:
1599 /* invalid RLE count encoding */
1601 printf("gdbstub got invalid RLE count: 0x%x\n", ch);
1603 s->state = RS_GETLINE;
1605 /* decode repeat length */
1606 int repeat = (unsigned char)ch - ' ' + 3;
1607 if (s->line_buf_index + repeat >= sizeof(s->line_buf) - 1) {
1608 /* that many repeats would overrun the command buffer */
1610 printf("gdbstub command buffer overrun,"
1611 " dropping command\n");
1614 } else if (s->line_buf_index < 1) {
1615 /* got a repeat but we have nothing to repeat */
1617 printf("gdbstub got invalid RLE sequence\n");
1619 s->state = RS_GETLINE;
1621 /* repeat the last character */
1622 memset(s->line_buf + s->line_buf_index,
1623 s->line_buf[s->line_buf_index - 1], repeat);
1624 s->line_buf_index += repeat;
1626 s->state = RS_GETLINE;
1631 /* get high hex digit of checksum */
1632 if (!isxdigit(ch)) {
1634 printf("gdbstub got invalid command checksum digit\n");
1636 s->state = RS_GETLINE;
1639 s->line_buf[s->line_buf_index] = '\0';
1640 s->line_csum = fromhex(ch) << 4;
1641 s->state = RS_CHKSUM2;
1644 /* get low hex digit of checksum */
1645 if (!isxdigit(ch)) {
1647 printf("gdbstub got invalid command checksum digit\n");
1649 s->state = RS_GETLINE;
1652 s->line_csum |= fromhex(ch);
1654 if (s->line_csum != (s->line_sum & 0xff)) {
1655 /* send NAK reply */
1657 put_buffer(s, &reply, 1);
1659 printf("gdbstub got command packet with incorrect checksum\n");
1663 /* send ACK reply */
1665 put_buffer(s, &reply, 1);
1666 s->state = gdb_handle_packet(s, s->line_buf);
1675 /* Tell the remote gdb that the process has exited. */
1676 void gdb_exit(CPUArchState *env, int code)
1680 #ifndef CONFIG_USER_ONLY
1684 s = gdbserver_state;
1688 #ifdef CONFIG_USER_ONLY
1689 if (gdbserver_fd < 0 || s->fd < 0) {
1693 chr = qemu_chr_fe_get_driver(&s->chr);
1699 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
1702 #ifndef CONFIG_USER_ONLY
1703 qemu_chr_fe_deinit(&s->chr);
1704 object_unparent(OBJECT(chr));
1708 #ifdef CONFIG_USER_ONLY
1710 gdb_handlesig(CPUState *cpu, int sig)
1716 s = gdbserver_state;
1717 if (gdbserver_fd < 0 || s->fd < 0) {
1721 /* disable single step if it was enabled */
1722 cpu_single_step(cpu, 0);
1726 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
1729 /* put_packet() might have detected that the peer terminated the
1737 s->running_state = 0;
1738 while (s->running_state == 0) {
1739 n = read(s->fd, buf, 256);
1743 for (i = 0; i < n; i++) {
1744 gdb_read_byte(s, buf[i]);
1747 /* XXX: Connection closed. Should probably wait for another
1748 connection before continuing. */
1761 /* Tell the remote gdb that the process has exited due to SIG. */
1762 void gdb_signalled(CPUArchState *env, int sig)
1767 s = gdbserver_state;
1768 if (gdbserver_fd < 0 || s->fd < 0) {
1772 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
1776 static void gdb_accept(void)
1779 struct sockaddr_in sockaddr;
1784 len = sizeof(sockaddr);
1785 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
1786 if (fd < 0 && errno != EINTR) {
1789 } else if (fd >= 0) {
1791 fcntl(fd, F_SETFD, FD_CLOEXEC);
1797 /* set short latency */
1798 socket_set_nodelay(fd);
1800 s = g_malloc0(sizeof(GDBState));
1801 s->c_cpu = first_cpu;
1802 s->g_cpu = first_cpu;
1804 gdb_has_xml = false;
1806 gdbserver_state = s;
1809 static int gdbserver_open(int port)
1811 struct sockaddr_in sockaddr;
1814 fd = socket(PF_INET, SOCK_STREAM, 0);
1820 fcntl(fd, F_SETFD, FD_CLOEXEC);
1823 socket_set_fast_reuse(fd);
1825 sockaddr.sin_family = AF_INET;
1826 sockaddr.sin_port = htons(port);
1827 sockaddr.sin_addr.s_addr = 0;
1828 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
1834 ret = listen(fd, 1);
1843 int gdbserver_start(int port)
1845 gdbserver_fd = gdbserver_open(port);
1846 if (gdbserver_fd < 0)
1848 /* accept connections */
1853 /* Disable gdb stub for child processes. */
1854 void gdbserver_fork(CPUState *cpu)
1856 GDBState *s = gdbserver_state;
1858 if (gdbserver_fd < 0 || s->fd < 0) {
1863 cpu_breakpoint_remove_all(cpu, BP_GDB);
1864 cpu_watchpoint_remove_all(cpu, BP_GDB);
1867 static int gdb_chr_can_receive(void *opaque)
1869 /* We can handle an arbitrarily large amount of data.
1870 Pick the maximum packet size, which is as good as anything. */
1871 return MAX_PACKET_LENGTH;
1874 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
1878 for (i = 0; i < size; i++) {
1879 gdb_read_byte(gdbserver_state, buf[i]);
1883 static void gdb_chr_event(void *opaque, int event)
1886 case CHR_EVENT_OPENED:
1887 vm_stop(RUN_STATE_PAUSED);
1888 gdb_has_xml = false;
1895 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
1897 char buf[MAX_PACKET_LENGTH];
1900 if (len > (MAX_PACKET_LENGTH/2) - 1)
1901 len = (MAX_PACKET_LENGTH/2) - 1;
1902 memtohex(buf + 1, (uint8_t *)msg, len);
1906 static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len)
1908 const char *p = (const char *)buf;
1911 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
1913 if (len <= max_sz) {
1914 gdb_monitor_output(gdbserver_state, p, len);
1917 gdb_monitor_output(gdbserver_state, p, max_sz);
1925 static void gdb_sigterm_handler(int signal)
1927 if (runstate_is_running()) {
1928 vm_stop(RUN_STATE_PAUSED);
1933 static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend,
1934 bool *be_opened, Error **errp)
1939 static void char_gdb_class_init(ObjectClass *oc, void *data)
1941 ChardevClass *cc = CHARDEV_CLASS(oc);
1943 cc->internal = true;
1944 cc->open = gdb_monitor_open;
1945 cc->chr_write = gdb_monitor_write;
1948 #define TYPE_CHARDEV_GDB "chardev-gdb"
1950 static const TypeInfo char_gdb_type_info = {
1951 .name = TYPE_CHARDEV_GDB,
1952 .parent = TYPE_CHARDEV,
1953 .class_init = char_gdb_class_init,
1956 int gdbserver_start(const char *device)
1959 char gdbstub_device_name[128];
1960 Chardev *chr = NULL;
1964 error_report("gdbstub: meaningless to attach gdb to a "
1965 "machine without any CPU.");
1971 if (strcmp(device, "none") != 0) {
1972 if (strstart(device, "tcp:", NULL)) {
1973 /* enforce required TCP attributes */
1974 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
1975 "%s,nowait,nodelay,server", device);
1976 device = gdbstub_device_name;
1979 else if (strcmp(device, "stdio") == 0) {
1980 struct sigaction act;
1982 memset(&act, 0, sizeof(act));
1983 act.sa_handler = gdb_sigterm_handler;
1984 sigaction(SIGINT, &act, NULL);
1987 chr = qemu_chr_new_noreplay("gdb", device);
1992 s = gdbserver_state;
1994 s = g_malloc0(sizeof(GDBState));
1995 gdbserver_state = s;
1997 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
1999 /* Initialize a monitor terminal for gdb */
2000 mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB,
2001 NULL, &error_abort);
2002 monitor_init(mon_chr, 0);
2004 if (qemu_chr_fe_get_driver(&s->chr)) {
2005 object_unparent(OBJECT(qemu_chr_fe_get_driver(&s->chr)));
2007 mon_chr = s->mon_chr;
2008 memset(s, 0, sizeof(GDBState));
2009 s->mon_chr = mon_chr;
2011 s->c_cpu = first_cpu;
2012 s->g_cpu = first_cpu;
2014 qemu_chr_fe_init(&s->chr, chr, &error_abort);
2015 qemu_chr_fe_set_handlers(&s->chr, gdb_chr_can_receive, gdb_chr_receive,
2016 gdb_chr_event, NULL, NULL, true);
2018 s->state = chr ? RS_IDLE : RS_INACTIVE;
2019 s->mon_chr = mon_chr;
2020 s->current_syscall_cb = NULL;
2025 static void register_types(void)
2027 type_register_static(&char_gdb_type_info);
2030 type_init(register_types);
projects / qemu.git / blob