4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #include "qemu/error-report.h"
22 #include "qemu/cutils.h"
23 #include "trace-root.h"
24 #ifdef CONFIG_USER_ONLY
27 #include "monitor/monitor.h"
28 #include "chardev/char.h"
29 #include "chardev/char-fe.h"
30 #include "sysemu/sysemu.h"
31 #include "exec/gdbstub.h"
32 #include "hw/cpu/cluster.h"
35 #define MAX_PACKET_LENGTH 4096
37 #include "qemu/sockets.h"
38 #include "sysemu/hw_accel.h"
39 #include "sysemu/kvm.h"
40 #include "exec/semihost.h"
41 #include "exec/exec-all.h"
43 #ifdef CONFIG_USER_ONLY
44 #define GDB_ATTACHED "0"
46 #define GDB_ATTACHED "1"
49 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
50 uint8_t *buf, int len, bool is_write)
52 CPUClass *cc = CPU_GET_CLASS(cpu);
54 if (cc->memory_rw_debug) {
55 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
57 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
60 /* Return the GDB index for a given vCPU state.
62 * For user mode this is simply the thread id. In system mode GDB
63 * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
65 static inline int cpu_gdb_index(CPUState *cpu)
67 #if defined(CONFIG_USER_ONLY)
68 TaskState *ts = (TaskState *) cpu->opaque;
71 return cpu->cpu_index + 1;
84 GDB_SIGNAL_UNKNOWN = 143
87 #ifdef CONFIG_USER_ONLY
89 /* Map target signal numbers to GDB protocol signal numbers and vice
90 * versa. For user emulation's currently supported systems, we can
91 * assume most signals are defined.
94 static int gdb_signal_table[] = {
254 /* In system mode we only need SIGINT and SIGTRAP; other signals
255 are not yet supported. */
262 static int gdb_signal_table[] = {
272 #ifdef CONFIG_USER_ONLY
273 static int target_signal_to_gdb (int sig)
276 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
277 if (gdb_signal_table[i] == sig)
279 return GDB_SIGNAL_UNKNOWN;
283 static int gdb_signal_to_target (int sig)
285 if (sig < ARRAY_SIZE (gdb_signal_table))
286 return gdb_signal_table[sig];
291 typedef struct GDBRegisterState {
297 struct GDBRegisterState *next;
300 typedef struct GDBProcess {
304 char target_xml[1024];
316 typedef struct GDBState {
317 CPUState *c_cpu; /* current CPU for step/continue ops */
318 CPUState *g_cpu; /* current CPU for other ops */
319 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
320 enum RSState state; /* parsing state */
321 char line_buf[MAX_PACKET_LENGTH];
323 int line_sum; /* running checksum */
324 int line_csum; /* checksum at the end of the packet */
325 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
328 #ifdef CONFIG_USER_ONLY
336 GDBProcess *processes;
338 char syscall_buf[256];
339 gdb_syscall_complete_cb current_syscall_cb;
342 /* By default use no IRQs and no timers while single stepping so as to
343 * make single stepping like an ICE HW step.
345 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
347 static GDBState *gdbserver_state;
351 #ifdef CONFIG_USER_ONLY
352 /* XXX: This is not thread safe. Do we care? */
353 static int gdbserver_fd = -1;
355 static int get_char(GDBState *s)
361 ret = qemu_recv(s->fd, &ch, 1, 0);
363 if (errno == ECONNRESET)
367 } else if (ret == 0) {
385 /* Decide if either remote gdb syscalls or native file IO should be used. */
386 int use_gdb_syscalls(void)
388 SemihostingTarget target = semihosting_get_target();
389 if (target == SEMIHOSTING_TARGET_NATIVE) {
390 /* -semihosting-config target=native */
392 } else if (target == SEMIHOSTING_TARGET_GDB) {
393 /* -semihosting-config target=gdb */
397 /* -semihosting-config target=auto */
398 /* On the first call check if gdb is connected and remember. */
399 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
400 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
403 return gdb_syscall_mode == GDB_SYS_ENABLED;
406 /* Resume execution. */
407 static inline void gdb_continue(GDBState *s)
410 #ifdef CONFIG_USER_ONLY
411 s->running_state = 1;
412 trace_gdbstub_op_continue();
414 if (!runstate_needs_reset()) {
415 trace_gdbstub_op_continue();
422 * Resume execution, per CPU actions. For user-mode emulation it's
423 * equivalent to gdb_continue.
425 static int gdb_continue_partial(GDBState *s, char *newstates)
429 #ifdef CONFIG_USER_ONLY
431 * This is not exactly accurate, but it's an improvement compared to the
432 * previous situation, where only one CPU would be single-stepped.
435 if (newstates[cpu->cpu_index] == 's') {
436 trace_gdbstub_op_stepping(cpu->cpu_index);
437 cpu_single_step(cpu, sstep_flags);
440 s->running_state = 1;
444 if (!runstate_needs_reset()) {
445 if (vm_prepare_start()) {
450 switch (newstates[cpu->cpu_index]) {
453 break; /* nothing to do here */
455 trace_gdbstub_op_stepping(cpu->cpu_index);
456 cpu_single_step(cpu, sstep_flags);
461 trace_gdbstub_op_continue_cpu(cpu->cpu_index);
472 qemu_clock_enable(QEMU_CLOCK_VIRTUAL, true);
478 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
480 #ifdef CONFIG_USER_ONLY
484 ret = send(s->fd, buf, len, 0);
494 /* XXX this blocks entire thread. Rewrite to use
495 * qemu_chr_fe_write and background I/O callbacks */
496 qemu_chr_fe_write_all(&s->chr, buf, len);
500 static inline int fromhex(int v)
502 if (v >= '0' && v <= '9')
504 else if (v >= 'A' && v <= 'F')
506 else if (v >= 'a' && v <= 'f')
512 static inline int tohex(int v)
520 /* writes 2*len+1 bytes in buf */
521 static void memtohex(char *buf, const uint8_t *mem, int len)
526 for(i = 0; i < len; i++) {
528 *q++ = tohex(c >> 4);
529 *q++ = tohex(c & 0xf);
534 static void hextomem(uint8_t *mem, const char *buf, int len)
538 for(i = 0; i < len; i++) {
539 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
544 static void hexdump(const char *buf, int len,
545 void (*trace_fn)(size_t ofs, char const *text))
547 char line_buffer[3 * 16 + 4 + 16 + 1];
550 for (i = 0; i < len || (i & 0xF); ++i) {
551 size_t byte_ofs = i & 15;
554 memset(line_buffer, ' ', 3 * 16 + 4 + 16);
555 line_buffer[3 * 16 + 4 + 16] = 0;
558 size_t col_group = (i >> 2) & 3;
559 size_t hex_col = byte_ofs * 3 + col_group;
560 size_t txt_col = 3 * 16 + 4 + byte_ofs;
565 line_buffer[hex_col + 0] = tohex((value >> 4) & 0xF);
566 line_buffer[hex_col + 1] = tohex((value >> 0) & 0xF);
567 line_buffer[txt_col + 0] = (value >= ' ' && value < 127)
573 trace_fn(i & -16, line_buffer);
577 /* return -1 if error, 0 if OK */
578 static int put_packet_binary(GDBState *s, const char *buf, int len, bool dump)
583 if (dump && trace_event_get_state_backends(TRACE_GDBSTUB_IO_BINARYREPLY)) {
584 hexdump(buf, len, trace_gdbstub_io_binaryreply);
593 for(i = 0; i < len; i++) {
597 *(p++) = tohex((csum >> 4) & 0xf);
598 *(p++) = tohex((csum) & 0xf);
600 s->last_packet_len = p - s->last_packet;
601 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
603 #ifdef CONFIG_USER_ONLY
616 /* return -1 if error, 0 if OK */
617 static int put_packet(GDBState *s, const char *buf)
619 trace_gdbstub_io_reply(buf);
621 return put_packet_binary(s, buf, strlen(buf), false);
624 /* Encode data using the encoding for 'x' packets. */
625 static int memtox(char *buf, const char *mem, int len)
633 case '#': case '$': case '*': case '}':
645 static uint32_t gdb_get_cpu_pid(const GDBState *s, CPUState *cpu)
647 /* TODO: In user mode, we should use the task state PID */
648 if (cpu->cluster_index == UNASSIGNED_CLUSTER_INDEX) {
649 /* Return the default process' PID */
650 return s->processes[s->process_num - 1].pid;
652 return cpu->cluster_index + 1;
655 static GDBProcess *gdb_get_process(const GDBState *s, uint32_t pid)
660 /* 0 means any process, we take the first one */
661 return &s->processes[0];
664 for (i = 0; i < s->process_num; i++) {
665 if (s->processes[i].pid == pid) {
666 return &s->processes[i];
673 static GDBProcess *gdb_get_cpu_process(const GDBState *s, CPUState *cpu)
675 return gdb_get_process(s, gdb_get_cpu_pid(s, cpu));
678 static CPUState *find_cpu(uint32_t thread_id)
683 if (cpu_gdb_index(cpu) == thread_id) {
691 static CPUState *get_first_cpu_in_process(const GDBState *s,
697 if (gdb_get_cpu_pid(s, cpu) == process->pid) {
705 static CPUState *gdb_next_cpu_in_process(const GDBState *s, CPUState *cpu)
707 uint32_t pid = gdb_get_cpu_pid(s, cpu);
711 if (gdb_get_cpu_pid(s, cpu) == pid) {
721 /* Return the cpu following @cpu, while ignoring unattached processes. */
722 static CPUState *gdb_next_attached_cpu(const GDBState *s, CPUState *cpu)
727 if (gdb_get_cpu_process(s, cpu)->attached) {
737 /* Return the first attached cpu */
738 static CPUState *gdb_first_attached_cpu(const GDBState *s)
740 CPUState *cpu = first_cpu;
741 GDBProcess *process = gdb_get_cpu_process(s, cpu);
743 if (!process->attached) {
744 return gdb_next_attached_cpu(s, cpu);
750 static CPUState *gdb_get_cpu(const GDBState *s, uint32_t pid, uint32_t tid)
756 /* 0 means any process/thread, we take the first attached one */
757 return gdb_first_attached_cpu(s);
758 } else if (pid && !tid) {
759 /* any thread in a specific process */
760 process = gdb_get_process(s, pid);
762 if (process == NULL) {
766 if (!process->attached) {
770 return get_first_cpu_in_process(s, process);
772 /* a specific thread */
779 process = gdb_get_cpu_process(s, cpu);
781 if (pid && process->pid != pid) {
785 if (!process->attached) {
793 static const char *get_feature_xml(const GDBState *s, const char *p,
794 const char **newp, GDBProcess *process)
799 CPUState *cpu = get_first_cpu_in_process(s, process);
800 CPUClass *cc = CPU_GET_CLASS(cpu);
803 while (p[len] && p[len] != ':')
808 if (strncmp(p, "target.xml", len) == 0) {
809 char *buf = process->target_xml;
810 const size_t buf_sz = sizeof(process->target_xml);
812 /* Generate the XML description for this CPU. */
817 "<?xml version=\"1.0\"?>"
818 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
820 if (cc->gdb_arch_name) {
821 gchar *arch = cc->gdb_arch_name(cpu);
822 pstrcat(buf, buf_sz, "<architecture>");
823 pstrcat(buf, buf_sz, arch);
824 pstrcat(buf, buf_sz, "</architecture>");
827 pstrcat(buf, buf_sz, "<xi:include href=\"");
828 pstrcat(buf, buf_sz, cc->gdb_core_xml_file);
829 pstrcat(buf, buf_sz, "\"/>");
830 for (r = cpu->gdb_regs; r; r = r->next) {
831 pstrcat(buf, buf_sz, "<xi:include href=\"");
832 pstrcat(buf, buf_sz, r->xml);
833 pstrcat(buf, buf_sz, "\"/>");
835 pstrcat(buf, buf_sz, "</target>");
839 if (cc->gdb_get_dynamic_xml) {
840 char *xmlname = g_strndup(p, len);
841 const char *xml = cc->gdb_get_dynamic_xml(cpu, xmlname);
849 name = xml_builtin[i][0];
850 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
853 return name ? xml_builtin[i][1] : NULL;
856 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
858 CPUClass *cc = CPU_GET_CLASS(cpu);
859 CPUArchState *env = cpu->env_ptr;
862 if (reg < cc->gdb_num_core_regs) {
863 return cc->gdb_read_register(cpu, mem_buf, reg);
866 for (r = cpu->gdb_regs; r; r = r->next) {
867 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
868 return r->get_reg(env, mem_buf, reg - r->base_reg);
874 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
876 CPUClass *cc = CPU_GET_CLASS(cpu);
877 CPUArchState *env = cpu->env_ptr;
880 if (reg < cc->gdb_num_core_regs) {
881 return cc->gdb_write_register(cpu, mem_buf, reg);
884 for (r = cpu->gdb_regs; r; r = r->next) {
885 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
886 return r->set_reg(env, mem_buf, reg - r->base_reg);
892 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
893 specifies the first register number and these registers are included in
894 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
895 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
898 void gdb_register_coprocessor(CPUState *cpu,
899 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
900 int num_regs, const char *xml, int g_pos)
903 GDBRegisterState **p;
907 /* Check for duplicates. */
908 if (strcmp((*p)->xml, xml) == 0)
913 s = g_new0(GDBRegisterState, 1);
914 s->base_reg = cpu->gdb_num_regs;
915 s->num_regs = num_regs;
916 s->get_reg = get_reg;
917 s->set_reg = set_reg;
920 /* Add to end of list. */
921 cpu->gdb_num_regs += num_regs;
924 if (g_pos != s->base_reg) {
925 error_report("Error: Bad gdb register numbering for '%s', "
926 "expected %d got %d", xml, g_pos, s->base_reg);
928 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
933 #ifndef CONFIG_USER_ONLY
934 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
935 static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
937 static const int xlat[] = {
938 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
939 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
940 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
943 CPUClass *cc = CPU_GET_CLASS(cpu);
944 int cputype = xlat[gdbtype];
946 if (cc->gdb_stop_before_watchpoint) {
947 cputype |= BP_STOP_BEFORE_ACCESS;
953 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
959 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
963 case GDB_BREAKPOINT_SW:
964 case GDB_BREAKPOINT_HW:
966 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
972 #ifndef CONFIG_USER_ONLY
973 case GDB_WATCHPOINT_WRITE:
974 case GDB_WATCHPOINT_READ:
975 case GDB_WATCHPOINT_ACCESS:
977 err = cpu_watchpoint_insert(cpu, addr, len,
978 xlat_gdb_type(cpu, type), NULL);
990 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
996 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
1000 case GDB_BREAKPOINT_SW:
1001 case GDB_BREAKPOINT_HW:
1003 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
1009 #ifndef CONFIG_USER_ONLY
1010 case GDB_WATCHPOINT_WRITE:
1011 case GDB_WATCHPOINT_READ:
1012 case GDB_WATCHPOINT_ACCESS:
1014 err = cpu_watchpoint_remove(cpu, addr, len,
1015 xlat_gdb_type(cpu, type));
1026 static inline void gdb_cpu_breakpoint_remove_all(CPUState *cpu)
1028 cpu_breakpoint_remove_all(cpu, BP_GDB);
1029 #ifndef CONFIG_USER_ONLY
1030 cpu_watchpoint_remove_all(cpu, BP_GDB);
1034 static void gdb_process_breakpoint_remove_all(const GDBState *s, GDBProcess *p)
1036 CPUState *cpu = get_first_cpu_in_process(s, p);
1039 gdb_cpu_breakpoint_remove_all(cpu);
1040 cpu = gdb_next_cpu_in_process(s, cpu);
1044 static void gdb_breakpoint_remove_all(void)
1048 if (kvm_enabled()) {
1049 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
1054 gdb_cpu_breakpoint_remove_all(cpu);
1058 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
1060 CPUState *cpu = s->c_cpu;
1062 cpu_synchronize_state(cpu);
1063 cpu_set_pc(cpu, pc);
1066 static char *gdb_fmt_thread_id(const GDBState *s, CPUState *cpu,
1067 char *buf, size_t buf_size)
1069 if (s->multiprocess) {
1070 snprintf(buf, buf_size, "p%02x.%02x",
1071 gdb_get_cpu_pid(s, cpu), cpu_gdb_index(cpu));
1073 snprintf(buf, buf_size, "%02x", cpu_gdb_index(cpu));
1079 typedef enum GDBThreadIdKind {
1081 GDB_ALL_THREADS, /* One process, all threads */
1086 static GDBThreadIdKind read_thread_id(const char *buf, const char **end_buf,
1087 uint32_t *pid, uint32_t *tid)
1094 ret = qemu_strtoul(buf, &buf, 16, &p);
1097 return GDB_READ_THREAD_ERR;
1106 ret = qemu_strtoul(buf, &buf, 16, &t);
1109 return GDB_READ_THREAD_ERR;
1115 return GDB_ALL_PROCESSES;
1123 return GDB_ALL_THREADS;
1130 return GDB_ONE_THREAD;
1133 static int is_query_packet(const char *p, const char *query, char separator)
1135 unsigned int query_len = strlen(query);
1137 return strncmp(p, query, query_len) == 0 &&
1138 (p[query_len] == '\0' || p[query_len] == separator);
1142 * gdb_handle_vcont - Parses and handles a vCont packet.
1143 * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
1144 * a format error, 0 on success.
1146 static int gdb_handle_vcont(GDBState *s, const char *p)
1148 int res, signal = 0;
1153 GDBProcess *process;
1155 GDBThreadIdKind kind;
1156 #ifdef CONFIG_USER_ONLY
1157 int max_cpus = 1; /* global variable max_cpus exists only in system mode */
1160 max_cpus = max_cpus <= cpu->cpu_index ? cpu->cpu_index + 1 : max_cpus;
1163 /* uninitialised CPUs stay 0 */
1164 newstates = g_new0(char, max_cpus);
1166 /* mark valid CPUs with 1 */
1168 newstates[cpu->cpu_index] = 1;
1172 * res keeps track of what error we are returning, with -ENOTSUP meaning
1173 * that the command is unknown or unsupported, thus returning an empty
1174 * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
1175 * or incorrect parameters passed.
1185 if (cur_action == 'C' || cur_action == 'S') {
1186 cur_action = qemu_tolower(cur_action);
1187 res = qemu_strtoul(p + 1, &p, 16, &tmp);
1191 signal = gdb_signal_to_target(tmp);
1192 } else if (cur_action != 'c' && cur_action != 's') {
1193 /* unknown/invalid/unsupported command */
1198 if (*p == '\0' || *p == ';') {
1200 * No thread specifier, action is on "all threads". The
1201 * specification is unclear regarding the process to act on. We
1202 * choose all processes.
1204 kind = GDB_ALL_PROCESSES;
1205 } else if (*p++ == ':') {
1206 kind = read_thread_id(p, &p, &pid, &tid);
1213 case GDB_READ_THREAD_ERR:
1217 case GDB_ALL_PROCESSES:
1218 cpu = gdb_first_attached_cpu(s);
1220 if (newstates[cpu->cpu_index] == 1) {
1221 newstates[cpu->cpu_index] = cur_action;
1224 cpu = gdb_next_attached_cpu(s, cpu);
1228 case GDB_ALL_THREADS:
1229 process = gdb_get_process(s, pid);
1231 if (!process->attached) {
1236 cpu = get_first_cpu_in_process(s, process);
1238 if (newstates[cpu->cpu_index] == 1) {
1239 newstates[cpu->cpu_index] = cur_action;
1242 cpu = gdb_next_cpu_in_process(s, cpu);
1246 case GDB_ONE_THREAD:
1247 cpu = gdb_get_cpu(s, pid, tid);
1249 /* invalid CPU/thread specified */
1255 /* only use if no previous match occourred */
1256 if (newstates[cpu->cpu_index] == 1) {
1257 newstates[cpu->cpu_index] = cur_action;
1263 gdb_continue_partial(s, newstates);
1271 static int gdb_handle_packet(GDBState *s, const char *line_buf)
1274 GDBProcess *process;
1278 int ch, reg_size, type, res;
1279 uint8_t mem_buf[MAX_PACKET_LENGTH];
1280 char buf[sizeof(mem_buf) + 1 /* trailing NUL */];
1283 target_ulong addr, len;
1284 GDBThreadIdKind thread_kind;
1286 trace_gdbstub_io_command(line_buf);
1292 put_packet(s, "OK");
1295 /* TODO: Make this return the correct value for user-mode. */
1296 snprintf(buf, sizeof(buf), "T%02xthread:%s;", GDB_SIGNAL_TRAP,
1297 gdb_fmt_thread_id(s, s->c_cpu, thread_id, sizeof(thread_id)));
1299 /* Remove all the breakpoints when this query is issued,
1300 * because gdb is doing and initial connect and the state
1301 * should be cleaned up.
1303 gdb_breakpoint_remove_all();
1307 addr = strtoull(p, (char **)&p, 16);
1308 gdb_set_cpu_pc(s, addr);
1314 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
1315 if (s->signal == -1)
1320 if (strncmp(p, "Cont", 4) == 0) {
1323 put_packet(s, "vCont;c;C;s;S");
1327 res = gdb_handle_vcont(s, p);
1330 if ((res == -EINVAL) || (res == -ERANGE)) {
1331 put_packet(s, "E22");
1334 goto unknown_command;
1337 } else if (strncmp(p, "Attach;", 7) == 0) {
1342 if (qemu_strtoul(p, &p, 16, &pid)) {
1343 put_packet(s, "E22");
1347 process = gdb_get_process(s, pid);
1349 if (process == NULL) {
1350 put_packet(s, "E22");
1354 cpu = get_first_cpu_in_process(s, process);
1357 /* Refuse to attach an empty process */
1358 put_packet(s, "E22");
1362 process->attached = true;
1367 snprintf(buf, sizeof(buf), "T%02xthread:%s;", GDB_SIGNAL_TRAP,
1368 gdb_fmt_thread_id(s, cpu, thread_id, sizeof(thread_id)));
1372 } else if (strncmp(p, "Kill;", 5) == 0) {
1373 /* Kill the target */
1374 put_packet(s, "OK");
1375 error_report("QEMU: Terminated via GDBstub");
1378 goto unknown_command;
1381 /* Kill the target */
1382 error_report("QEMU: Terminated via GDBstub");
1388 if (s->multiprocess) {
1391 put_packet(s, "E22");
1395 if (qemu_strtoul(p + 1, &p, 16, &lpid)) {
1396 put_packet(s, "E22");
1403 process = gdb_get_process(s, pid);
1404 gdb_process_breakpoint_remove_all(s, process);
1405 process->attached = false;
1407 if (pid == gdb_get_cpu_pid(s, s->c_cpu)) {
1408 s->c_cpu = gdb_first_attached_cpu(s);
1411 if (pid == gdb_get_cpu_pid(s, s->g_cpu)) {
1412 s->g_cpu = gdb_first_attached_cpu(s);
1415 if (s->c_cpu == NULL) {
1416 /* No more process attached */
1417 gdb_syscall_mode = GDB_SYS_DISABLED;
1420 put_packet(s, "OK");
1424 addr = strtoull(p, (char **)&p, 16);
1425 gdb_set_cpu_pc(s, addr);
1427 cpu_single_step(s->c_cpu, sstep_flags);
1435 ret = strtoull(p, (char **)&p, 16);
1438 err = strtoull(p, (char **)&p, 16);
1445 if (s->current_syscall_cb) {
1446 s->current_syscall_cb(s->c_cpu, ret, err);
1447 s->current_syscall_cb = NULL;
1450 put_packet(s, "T02");
1457 cpu_synchronize_state(s->g_cpu);
1459 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs; addr++) {
1460 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
1463 memtohex(buf, mem_buf, len);
1467 cpu_synchronize_state(s->g_cpu);
1468 registers = mem_buf;
1469 len = strlen(p) / 2;
1470 hextomem((uint8_t *)registers, p, len);
1471 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs && len > 0; addr++) {
1472 reg_size = gdb_write_register(s->g_cpu, registers, addr);
1474 registers += reg_size;
1476 put_packet(s, "OK");
1479 addr = strtoull(p, (char **)&p, 16);
1482 len = strtoull(p, NULL, 16);
1484 /* memtohex() doubles the required space */
1485 if (len > MAX_PACKET_LENGTH / 2) {
1486 put_packet (s, "E22");
1490 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
1491 put_packet (s, "E14");
1493 memtohex(buf, mem_buf, len);
1498 addr = strtoull(p, (char **)&p, 16);
1501 len = strtoull(p, (char **)&p, 16);
1505 /* hextomem() reads 2*len bytes */
1506 if (len > strlen(p) / 2) {
1507 put_packet (s, "E22");
1510 hextomem(mem_buf, p, len);
1511 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
1513 put_packet(s, "E14");
1515 put_packet(s, "OK");
1519 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1520 This works, but can be very slow. Anything new enough to
1521 understand XML also knows how to use this properly. */
1523 goto unknown_command;
1524 addr = strtoull(p, (char **)&p, 16);
1525 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1527 memtohex(buf, mem_buf, reg_size);
1530 put_packet(s, "E14");
1535 goto unknown_command;
1536 addr = strtoull(p, (char **)&p, 16);
1539 reg_size = strlen(p) / 2;
1540 hextomem(mem_buf, p, reg_size);
1541 gdb_write_register(s->g_cpu, mem_buf, addr);
1542 put_packet(s, "OK");
1546 type = strtoul(p, (char **)&p, 16);
1549 addr = strtoull(p, (char **)&p, 16);
1552 len = strtoull(p, (char **)&p, 16);
1554 res = gdb_breakpoint_insert(addr, len, type);
1556 res = gdb_breakpoint_remove(addr, len, type);
1558 put_packet(s, "OK");
1559 else if (res == -ENOSYS)
1562 put_packet(s, "E22");
1567 thread_kind = read_thread_id(p, &p, &pid, &tid);
1568 if (thread_kind == GDB_READ_THREAD_ERR) {
1569 put_packet(s, "E22");
1573 if (thread_kind != GDB_ONE_THREAD) {
1574 put_packet(s, "OK");
1577 cpu = gdb_get_cpu(s, pid, tid);
1579 put_packet(s, "E22");
1585 put_packet(s, "OK");
1589 put_packet(s, "OK");
1592 put_packet(s, "E22");
1597 thread_kind = read_thread_id(p, &p, &pid, &tid);
1598 if (thread_kind == GDB_READ_THREAD_ERR) {
1599 put_packet(s, "E22");
1602 cpu = gdb_get_cpu(s, pid, tid);
1605 put_packet(s, "OK");
1607 put_packet(s, "E22");
1612 /* parse any 'q' packets here */
1613 if (!strcmp(p,"qemu.sstepbits")) {
1614 /* Query Breakpoint bit definitions */
1615 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1621 } else if (is_query_packet(p, "qemu.sstep", '=')) {
1622 /* Display or change the sstep_flags */
1625 /* Display current setting */
1626 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1631 type = strtoul(p, (char **)&p, 16);
1633 put_packet(s, "OK");
1635 } else if (strcmp(p,"C") == 0) {
1637 * "Current thread" remains vague in the spec, so always return
1638 * the first thread of the current process (gdb returns the
1641 cpu = get_first_cpu_in_process(s, gdb_get_cpu_process(s, s->g_cpu));
1642 snprintf(buf, sizeof(buf), "QC%s",
1643 gdb_fmt_thread_id(s, cpu, thread_id, sizeof(thread_id)));
1646 } else if (strcmp(p,"fThreadInfo") == 0) {
1647 s->query_cpu = gdb_first_attached_cpu(s);
1648 goto report_cpuinfo;
1649 } else if (strcmp(p,"sThreadInfo") == 0) {
1652 snprintf(buf, sizeof(buf), "m%s",
1653 gdb_fmt_thread_id(s, s->query_cpu,
1654 thread_id, sizeof(thread_id)));
1656 s->query_cpu = gdb_next_attached_cpu(s, s->query_cpu);
1660 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1661 if (read_thread_id(p + 16, &p, &pid, &tid) == GDB_READ_THREAD_ERR) {
1662 put_packet(s, "E22");
1665 cpu = gdb_get_cpu(s, pid, tid);
1667 cpu_synchronize_state(cpu);
1669 if (s->multiprocess && (s->process_num > 1)) {
1670 /* Print the CPU model and name in multiprocess mode */
1671 ObjectClass *oc = object_get_class(OBJECT(cpu));
1672 const char *cpu_model = object_class_get_name(oc);
1674 object_get_canonical_path_component(OBJECT(cpu));
1675 len = snprintf((char *)mem_buf, sizeof(buf) / 2,
1676 "%s %s [%s]", cpu_model, cpu_name,
1677 cpu->halted ? "halted " : "running");
1680 /* memtohex() doubles the required space */
1681 len = snprintf((char *)mem_buf, sizeof(buf) / 2,
1682 "CPU#%d [%s]", cpu->cpu_index,
1683 cpu->halted ? "halted " : "running");
1685 trace_gdbstub_op_extra_info((char *)mem_buf);
1686 memtohex(buf, mem_buf, len);
1691 #ifdef CONFIG_USER_ONLY
1692 else if (strcmp(p, "Offsets") == 0) {
1693 TaskState *ts = s->c_cpu->opaque;
1695 snprintf(buf, sizeof(buf),
1696 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1697 ";Bss=" TARGET_ABI_FMT_lx,
1698 ts->info->code_offset,
1699 ts->info->data_offset,
1700 ts->info->data_offset);
1704 #else /* !CONFIG_USER_ONLY */
1705 else if (strncmp(p, "Rcmd,", 5) == 0) {
1706 int len = strlen(p + 5);
1708 if ((len % 2) != 0) {
1709 put_packet(s, "E01");
1713 hextomem(mem_buf, p + 5, len);
1715 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1716 put_packet(s, "OK");
1719 #endif /* !CONFIG_USER_ONLY */
1720 if (is_query_packet(p, "Supported", ':')) {
1721 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1722 cc = CPU_GET_CLASS(first_cpu);
1723 if (cc->gdb_core_xml_file != NULL) {
1724 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1727 if (strstr(p, "multiprocess+")) {
1728 s->multiprocess = true;
1730 pstrcat(buf, sizeof(buf), ";multiprocess+");
1735 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1737 target_ulong total_len;
1739 process = gdb_get_cpu_process(s, s->g_cpu);
1740 cc = CPU_GET_CLASS(s->g_cpu);
1741 if (cc->gdb_core_xml_file == NULL) {
1742 goto unknown_command;
1747 xml = get_feature_xml(s, p, &p, process);
1749 snprintf(buf, sizeof(buf), "E00");
1756 addr = strtoul(p, (char **)&p, 16);
1759 len = strtoul(p, (char **)&p, 16);
1761 total_len = strlen(xml);
1762 if (addr > total_len) {
1763 snprintf(buf, sizeof(buf), "E00");
1767 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1768 len = (MAX_PACKET_LENGTH - 5) / 2;
1769 if (len < total_len - addr) {
1771 len = memtox(buf + 1, xml + addr, len);
1774 len = memtox(buf + 1, xml + addr, total_len - addr);
1776 put_packet_binary(s, buf, len + 1, true);
1779 if (is_query_packet(p, "Attached", ':')) {
1780 put_packet(s, GDB_ATTACHED);
1783 /* Unrecognised 'q' command. */
1784 goto unknown_command;
1788 /* put empty packet */
1796 void gdb_set_stop_cpu(CPUState *cpu)
1798 GDBProcess *p = gdb_get_cpu_process(gdbserver_state, cpu);
1802 * Having a stop CPU corresponding to a process that is not attached
1803 * confuses GDB. So we ignore the request.
1808 gdbserver_state->c_cpu = cpu;
1809 gdbserver_state->g_cpu = cpu;
1812 #ifndef CONFIG_USER_ONLY
1813 static void gdb_vm_state_change(void *opaque, int running, RunState state)
1815 GDBState *s = gdbserver_state;
1816 CPUState *cpu = s->c_cpu;
1822 if (running || s->state == RS_INACTIVE) {
1825 /* Is there a GDB syscall waiting to be sent? */
1826 if (s->current_syscall_cb) {
1827 put_packet(s, s->syscall_buf);
1832 /* No process attached */
1836 gdb_fmt_thread_id(s, cpu, thread_id, sizeof(thread_id));
1839 case RUN_STATE_DEBUG:
1840 if (cpu->watchpoint_hit) {
1841 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
1852 trace_gdbstub_hit_watchpoint(type, cpu_gdb_index(cpu),
1853 (target_ulong)cpu->watchpoint_hit->vaddr);
1854 snprintf(buf, sizeof(buf),
1855 "T%02xthread:%s;%swatch:" TARGET_FMT_lx ";",
1856 GDB_SIGNAL_TRAP, thread_id, type,
1857 (target_ulong)cpu->watchpoint_hit->vaddr);
1858 cpu->watchpoint_hit = NULL;
1861 trace_gdbstub_hit_break();
1864 ret = GDB_SIGNAL_TRAP;
1866 case RUN_STATE_PAUSED:
1867 trace_gdbstub_hit_paused();
1868 ret = GDB_SIGNAL_INT;
1870 case RUN_STATE_SHUTDOWN:
1871 trace_gdbstub_hit_shutdown();
1872 ret = GDB_SIGNAL_QUIT;
1874 case RUN_STATE_IO_ERROR:
1875 trace_gdbstub_hit_io_error();
1876 ret = GDB_SIGNAL_IO;
1878 case RUN_STATE_WATCHDOG:
1879 trace_gdbstub_hit_watchdog();
1880 ret = GDB_SIGNAL_ALRM;
1882 case RUN_STATE_INTERNAL_ERROR:
1883 trace_gdbstub_hit_internal_error();
1884 ret = GDB_SIGNAL_ABRT;
1886 case RUN_STATE_SAVE_VM:
1887 case RUN_STATE_RESTORE_VM:
1889 case RUN_STATE_FINISH_MIGRATE:
1890 ret = GDB_SIGNAL_XCPU;
1893 trace_gdbstub_hit_unknown(state);
1894 ret = GDB_SIGNAL_UNKNOWN;
1897 gdb_set_stop_cpu(cpu);
1898 snprintf(buf, sizeof(buf), "T%02xthread:%s;", ret, thread_id);
1903 /* disable single step if it was enabled */
1904 cpu_single_step(cpu, 0);
1908 /* Send a gdb syscall request.
1909 This accepts limited printf-style format specifiers, specifically:
1910 %x - target_ulong argument printed in hex.
1911 %lx - 64-bit argument printed in hex.
1912 %s - string pointer (target_ulong) and length (int) pair. */
1913 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
1921 s = gdbserver_state;
1924 s->current_syscall_cb = cb;
1925 #ifndef CONFIG_USER_ONLY
1926 vm_stop(RUN_STATE_DEBUG);
1929 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
1936 addr = va_arg(va, target_ulong);
1937 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
1940 if (*(fmt++) != 'x')
1942 i64 = va_arg(va, uint64_t);
1943 p += snprintf(p, p_end - p, "%" PRIx64, i64);
1946 addr = va_arg(va, target_ulong);
1947 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
1948 addr, va_arg(va, int));
1952 error_report("gdbstub: Bad syscall format string '%s'",
1961 #ifdef CONFIG_USER_ONLY
1962 put_packet(s, s->syscall_buf);
1963 /* Return control to gdb for it to process the syscall request.
1964 * Since the protocol requires that gdb hands control back to us
1965 * using a "here are the results" F packet, we don't need to check
1966 * gdb_handlesig's return value (which is the signal to deliver if
1967 * execution was resumed via a continue packet).
1969 gdb_handlesig(s->c_cpu, 0);
1971 /* In this case wait to send the syscall packet until notification that
1972 the CPU has stopped. This must be done because if the packet is sent
1973 now the reply from the syscall request could be received while the CPU
1974 is still in the running state, which can cause packets to be dropped
1975 and state transition 'T' packets to be sent while the syscall is still
1977 qemu_cpu_kick(s->c_cpu);
1981 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1986 gdb_do_syscallv(cb, fmt, va);
1990 static void gdb_read_byte(GDBState *s, int ch)
1994 #ifndef CONFIG_USER_ONLY
1995 if (s->last_packet_len) {
1996 /* Waiting for a response to the last packet. If we see the start
1997 of a new command then abandon the previous response. */
1999 trace_gdbstub_err_got_nack();
2000 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
2001 } else if (ch == '+') {
2002 trace_gdbstub_io_got_ack();
2004 trace_gdbstub_io_got_unexpected((uint8_t)ch);
2007 if (ch == '+' || ch == '$')
2008 s->last_packet_len = 0;
2012 if (runstate_is_running()) {
2013 /* when the CPU is running, we cannot do anything except stop
2014 it when receiving a char */
2015 vm_stop(RUN_STATE_PAUSED);
2022 /* start of command packet */
2023 s->line_buf_index = 0;
2025 s->state = RS_GETLINE;
2027 trace_gdbstub_err_garbage((uint8_t)ch);
2032 /* start escape sequence */
2033 s->state = RS_GETLINE_ESC;
2035 } else if (ch == '*') {
2036 /* start run length encoding sequence */
2037 s->state = RS_GETLINE_RLE;
2039 } else if (ch == '#') {
2040 /* end of command, start of checksum*/
2041 s->state = RS_CHKSUM1;
2042 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
2043 trace_gdbstub_err_overrun();
2046 /* unescaped command character */
2047 s->line_buf[s->line_buf_index++] = ch;
2051 case RS_GETLINE_ESC:
2053 /* unexpected end of command in escape sequence */
2054 s->state = RS_CHKSUM1;
2055 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
2056 /* command buffer overrun */
2057 trace_gdbstub_err_overrun();
2060 /* parse escaped character and leave escape state */
2061 s->line_buf[s->line_buf_index++] = ch ^ 0x20;
2063 s->state = RS_GETLINE;
2066 case RS_GETLINE_RLE:
2068 /* invalid RLE count encoding */
2069 trace_gdbstub_err_invalid_repeat((uint8_t)ch);
2070 s->state = RS_GETLINE;
2072 /* decode repeat length */
2073 int repeat = (unsigned char)ch - ' ' + 3;
2074 if (s->line_buf_index + repeat >= sizeof(s->line_buf) - 1) {
2075 /* that many repeats would overrun the command buffer */
2076 trace_gdbstub_err_overrun();
2078 } else if (s->line_buf_index < 1) {
2079 /* got a repeat but we have nothing to repeat */
2080 trace_gdbstub_err_invalid_rle();
2081 s->state = RS_GETLINE;
2083 /* repeat the last character */
2084 memset(s->line_buf + s->line_buf_index,
2085 s->line_buf[s->line_buf_index - 1], repeat);
2086 s->line_buf_index += repeat;
2088 s->state = RS_GETLINE;
2093 /* get high hex digit of checksum */
2094 if (!isxdigit(ch)) {
2095 trace_gdbstub_err_checksum_invalid((uint8_t)ch);
2096 s->state = RS_GETLINE;
2099 s->line_buf[s->line_buf_index] = '\0';
2100 s->line_csum = fromhex(ch) << 4;
2101 s->state = RS_CHKSUM2;
2104 /* get low hex digit of checksum */
2105 if (!isxdigit(ch)) {
2106 trace_gdbstub_err_checksum_invalid((uint8_t)ch);
2107 s->state = RS_GETLINE;
2110 s->line_csum |= fromhex(ch);
2112 if (s->line_csum != (s->line_sum & 0xff)) {
2113 trace_gdbstub_err_checksum_incorrect(s->line_sum, s->line_csum);
2114 /* send NAK reply */
2116 put_buffer(s, &reply, 1);
2119 /* send ACK reply */
2121 put_buffer(s, &reply, 1);
2122 s->state = gdb_handle_packet(s, s->line_buf);
2131 /* Tell the remote gdb that the process has exited. */
2132 void gdb_exit(CPUArchState *env, int code)
2137 s = gdbserver_state;
2141 #ifdef CONFIG_USER_ONLY
2142 if (gdbserver_fd < 0 || s->fd < 0) {
2147 trace_gdbstub_op_exiting((uint8_t)code);
2149 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
2152 #ifndef CONFIG_USER_ONLY
2153 qemu_chr_fe_deinit(&s->chr, true);
2158 * Create the process that will contain all the "orphan" CPUs (that are not
2159 * part of a CPU cluster). Note that if this process contains no CPUs, it won't
2160 * be attachable and thus will be invisible to the user.
2162 static void create_default_process(GDBState *s)
2164 GDBProcess *process;
2167 if (s->process_num) {
2168 max_pid = s->processes[s->process_num - 1].pid;
2171 s->processes = g_renew(GDBProcess, s->processes, ++s->process_num);
2172 process = &s->processes[s->process_num - 1];
2174 /* We need an available PID slot for this process */
2175 assert(max_pid < UINT32_MAX);
2177 process->pid = max_pid + 1;
2178 process->attached = false;
2179 process->target_xml[0] = '\0';
2182 #ifdef CONFIG_USER_ONLY
2184 gdb_handlesig(CPUState *cpu, int sig)
2190 s = gdbserver_state;
2191 if (gdbserver_fd < 0 || s->fd < 0) {
2195 /* disable single step if it was enabled */
2196 cpu_single_step(cpu, 0);
2200 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
2203 /* put_packet() might have detected that the peer terminated the
2211 s->running_state = 0;
2212 while (s->running_state == 0) {
2213 n = read(s->fd, buf, 256);
2217 for (i = 0; i < n; i++) {
2218 gdb_read_byte(s, buf[i]);
2221 /* XXX: Connection closed. Should probably wait for another
2222 connection before continuing. */
2235 /* Tell the remote gdb that the process has exited due to SIG. */
2236 void gdb_signalled(CPUArchState *env, int sig)
2241 s = gdbserver_state;
2242 if (gdbserver_fd < 0 || s->fd < 0) {
2246 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
2250 static bool gdb_accept(void)
2253 struct sockaddr_in sockaddr;
2258 len = sizeof(sockaddr);
2259 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
2260 if (fd < 0 && errno != EINTR) {
2263 } else if (fd >= 0) {
2264 qemu_set_cloexec(fd);
2269 /* set short latency */
2270 if (socket_set_nodelay(fd)) {
2271 perror("setsockopt");
2276 s = g_malloc0(sizeof(GDBState));
2277 create_default_process(s);
2278 s->processes[0].attached = true;
2279 s->c_cpu = gdb_first_attached_cpu(s);
2280 s->g_cpu = s->c_cpu;
2282 gdb_has_xml = false;
2284 gdbserver_state = s;
2288 static int gdbserver_open(int port)
2290 struct sockaddr_in sockaddr;
2293 fd = socket(PF_INET, SOCK_STREAM, 0);
2298 qemu_set_cloexec(fd);
2300 socket_set_fast_reuse(fd);
2302 sockaddr.sin_family = AF_INET;
2303 sockaddr.sin_port = htons(port);
2304 sockaddr.sin_addr.s_addr = 0;
2305 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
2311 ret = listen(fd, 1);
2320 int gdbserver_start(int port)
2322 gdbserver_fd = gdbserver_open(port);
2323 if (gdbserver_fd < 0)
2325 /* accept connections */
2326 if (!gdb_accept()) {
2327 close(gdbserver_fd);
2334 /* Disable gdb stub for child processes. */
2335 void gdbserver_fork(CPUState *cpu)
2337 GDBState *s = gdbserver_state;
2339 if (gdbserver_fd < 0 || s->fd < 0) {
2344 cpu_breakpoint_remove_all(cpu, BP_GDB);
2345 cpu_watchpoint_remove_all(cpu, BP_GDB);
2348 static int gdb_chr_can_receive(void *opaque)
2350 /* We can handle an arbitrarily large amount of data.
2351 Pick the maximum packet size, which is as good as anything. */
2352 return MAX_PACKET_LENGTH;
2355 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
2359 for (i = 0; i < size; i++) {
2360 gdb_read_byte(gdbserver_state, buf[i]);
2364 static void gdb_chr_event(void *opaque, int event)
2367 GDBState *s = (GDBState *) opaque;
2370 case CHR_EVENT_OPENED:
2371 /* Start with first process attached, others detached */
2372 for (i = 0; i < s->process_num; i++) {
2373 s->processes[i].attached = !i;
2376 s->c_cpu = gdb_first_attached_cpu(s);
2377 s->g_cpu = s->c_cpu;
2379 vm_stop(RUN_STATE_PAUSED);
2380 gdb_has_xml = false;
2387 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
2389 char buf[MAX_PACKET_LENGTH];
2392 if (len > (MAX_PACKET_LENGTH/2) - 1)
2393 len = (MAX_PACKET_LENGTH/2) - 1;
2394 memtohex(buf + 1, (uint8_t *)msg, len);
2398 static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len)
2400 const char *p = (const char *)buf;
2403 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
2405 if (len <= max_sz) {
2406 gdb_monitor_output(gdbserver_state, p, len);
2409 gdb_monitor_output(gdbserver_state, p, max_sz);
2417 static void gdb_sigterm_handler(int signal)
2419 if (runstate_is_running()) {
2420 vm_stop(RUN_STATE_PAUSED);
2425 static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend,
2426 bool *be_opened, Error **errp)
2431 static void char_gdb_class_init(ObjectClass *oc, void *data)
2433 ChardevClass *cc = CHARDEV_CLASS(oc);
2435 cc->internal = true;
2436 cc->open = gdb_monitor_open;
2437 cc->chr_write = gdb_monitor_write;
2440 #define TYPE_CHARDEV_GDB "chardev-gdb"
2442 static const TypeInfo char_gdb_type_info = {
2443 .name = TYPE_CHARDEV_GDB,
2444 .parent = TYPE_CHARDEV,
2445 .class_init = char_gdb_class_init,
2448 static int find_cpu_clusters(Object *child, void *opaque)
2450 if (object_dynamic_cast(child, TYPE_CPU_CLUSTER)) {
2451 GDBState *s = (GDBState *) opaque;
2452 CPUClusterState *cluster = CPU_CLUSTER(child);
2453 GDBProcess *process;
2455 s->processes = g_renew(GDBProcess, s->processes, ++s->process_num);
2457 process = &s->processes[s->process_num - 1];
2460 * GDB process IDs -1 and 0 are reserved. To avoid subtle errors at
2461 * runtime, we enforce here that the machine does not use a cluster ID
2462 * that would lead to PID 0.
2464 assert(cluster->cluster_id != UINT32_MAX);
2465 process->pid = cluster->cluster_id + 1;
2466 process->attached = false;
2467 process->target_xml[0] = '\0';
2472 return object_child_foreach(child, find_cpu_clusters, opaque);
2475 static int pid_order(const void *a, const void *b)
2477 GDBProcess *pa = (GDBProcess *) a;
2478 GDBProcess *pb = (GDBProcess *) b;
2480 if (pa->pid < pb->pid) {
2482 } else if (pa->pid > pb->pid) {
2489 static void create_processes(GDBState *s)
2491 object_child_foreach(object_get_root(), find_cpu_clusters, s);
2495 qsort(s->processes, s->process_num, sizeof(s->processes[0]), pid_order);
2498 create_default_process(s);
2501 static void cleanup_processes(GDBState *s)
2503 g_free(s->processes);
2505 s->processes = NULL;
2508 int gdbserver_start(const char *device)
2510 trace_gdbstub_op_start(device);
2513 char gdbstub_device_name[128];
2514 Chardev *chr = NULL;
2518 error_report("gdbstub: meaningless to attach gdb to a "
2519 "machine without any CPU.");
2525 if (strcmp(device, "none") != 0) {
2526 if (strstart(device, "tcp:", NULL)) {
2527 /* enforce required TCP attributes */
2528 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
2529 "%s,nowait,nodelay,server", device);
2530 device = gdbstub_device_name;
2533 else if (strcmp(device, "stdio") == 0) {
2534 struct sigaction act;
2536 memset(&act, 0, sizeof(act));
2537 act.sa_handler = gdb_sigterm_handler;
2538 sigaction(SIGINT, &act, NULL);
2542 * FIXME: it's a bit weird to allow using a mux chardev here
2543 * and implicitly setup a monitor. We may want to break this.
2545 chr = qemu_chr_new_noreplay("gdb", device, true, NULL);
2550 s = gdbserver_state;
2552 s = g_malloc0(sizeof(GDBState));
2553 gdbserver_state = s;
2555 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
2557 /* Initialize a monitor terminal for gdb */
2558 mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB,
2559 NULL, NULL, &error_abort);
2560 monitor_init(mon_chr, 0);
2562 qemu_chr_fe_deinit(&s->chr, true);
2563 mon_chr = s->mon_chr;
2564 cleanup_processes(s);
2565 memset(s, 0, sizeof(GDBState));
2566 s->mon_chr = mon_chr;
2569 create_processes(s);
2572 qemu_chr_fe_init(&s->chr, chr, &error_abort);
2573 qemu_chr_fe_set_handlers(&s->chr, gdb_chr_can_receive, gdb_chr_receive,
2574 gdb_chr_event, NULL, s, NULL, true);
2576 s->state = chr ? RS_IDLE : RS_INACTIVE;
2577 s->mon_chr = mon_chr;
2578 s->current_syscall_cb = NULL;
2583 void gdbserver_cleanup(void)
2585 if (gdbserver_state) {
2586 put_packet(gdbserver_state, "W00");
2590 static void register_types(void)
2592 type_register_static(&char_gdb_type_info);
2595 type_init(register_types);
projects / qemu.git / blob