4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #include "qemu/error-report.h"
22 #include "qemu/cutils.h"
23 #include "trace-root.h"
24 #ifdef CONFIG_USER_ONLY
27 #include "monitor/monitor.h"
28 #include "chardev/char.h"
29 #include "chardev/char-fe.h"
30 #include "sysemu/sysemu.h"
31 #include "exec/gdbstub.h"
34 #define MAX_PACKET_LENGTH 4096
36 #include "qemu/sockets.h"
37 #include "sysemu/hw_accel.h"
38 #include "sysemu/kvm.h"
39 #include "exec/semihost.h"
40 #include "exec/exec-all.h"
42 #ifdef CONFIG_USER_ONLY
43 #define GDB_ATTACHED "0"
45 #define GDB_ATTACHED "1"
48 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
49 uint8_t *buf, int len, bool is_write)
51 CPUClass *cc = CPU_GET_CLASS(cpu);
53 if (cc->memory_rw_debug) {
54 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
56 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
59 /* Return the GDB index for a given vCPU state.
61 * For user mode this is simply the thread id. In system mode GDB
62 * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
64 static inline int cpu_gdb_index(CPUState *cpu)
66 #if defined(CONFIG_USER_ONLY)
67 TaskState *ts = (TaskState *) cpu->opaque;
70 return cpu->cpu_index + 1;
83 GDB_SIGNAL_UNKNOWN = 143
86 #ifdef CONFIG_USER_ONLY
88 /* Map target signal numbers to GDB protocol signal numbers and vice
89 * versa. For user emulation's currently supported systems, we can
90 * assume most signals are defined.
93 static int gdb_signal_table[] = {
253 /* In system mode we only need SIGINT and SIGTRAP; other signals
254 are not yet supported. */
261 static int gdb_signal_table[] = {
271 #ifdef CONFIG_USER_ONLY
272 static int target_signal_to_gdb (int sig)
275 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
276 if (gdb_signal_table[i] == sig)
278 return GDB_SIGNAL_UNKNOWN;
282 static int gdb_signal_to_target (int sig)
284 if (sig < ARRAY_SIZE (gdb_signal_table))
285 return gdb_signal_table[sig];
290 typedef struct GDBRegisterState {
296 struct GDBRegisterState *next;
308 typedef struct GDBState {
309 CPUState *c_cpu; /* current CPU for step/continue ops */
310 CPUState *g_cpu; /* current CPU for other ops */
311 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
312 enum RSState state; /* parsing state */
313 char line_buf[MAX_PACKET_LENGTH];
315 int line_sum; /* running checksum */
316 int line_csum; /* checksum at the end of the packet */
317 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
320 #ifdef CONFIG_USER_ONLY
327 char syscall_buf[256];
328 gdb_syscall_complete_cb current_syscall_cb;
331 /* By default use no IRQs and no timers while single stepping so as to
332 * make single stepping like an ICE HW step.
334 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
336 static GDBState *gdbserver_state;
340 #ifdef CONFIG_USER_ONLY
341 /* XXX: This is not thread safe. Do we care? */
342 static int gdbserver_fd = -1;
344 static int get_char(GDBState *s)
350 ret = qemu_recv(s->fd, &ch, 1, 0);
352 if (errno == ECONNRESET)
356 } else if (ret == 0) {
374 /* Decide if either remote gdb syscalls or native file IO should be used. */
375 int use_gdb_syscalls(void)
377 SemihostingTarget target = semihosting_get_target();
378 if (target == SEMIHOSTING_TARGET_NATIVE) {
379 /* -semihosting-config target=native */
381 } else if (target == SEMIHOSTING_TARGET_GDB) {
382 /* -semihosting-config target=gdb */
386 /* -semihosting-config target=auto */
387 /* On the first call check if gdb is connected and remember. */
388 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
389 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
392 return gdb_syscall_mode == GDB_SYS_ENABLED;
395 /* Resume execution. */
396 static inline void gdb_continue(GDBState *s)
399 #ifdef CONFIG_USER_ONLY
400 s->running_state = 1;
401 trace_gdbstub_op_continue();
403 if (!runstate_needs_reset()) {
404 trace_gdbstub_op_continue();
411 * Resume execution, per CPU actions. For user-mode emulation it's
412 * equivalent to gdb_continue.
414 static int gdb_continue_partial(GDBState *s, char *newstates)
418 #ifdef CONFIG_USER_ONLY
420 * This is not exactly accurate, but it's an improvement compared to the
421 * previous situation, where only one CPU would be single-stepped.
424 if (newstates[cpu->cpu_index] == 's') {
425 trace_gdbstub_op_stepping(cpu->cpu_index);
426 cpu_single_step(cpu, sstep_flags);
429 s->running_state = 1;
433 if (!runstate_needs_reset()) {
434 if (vm_prepare_start()) {
439 switch (newstates[cpu->cpu_index]) {
442 break; /* nothing to do here */
444 trace_gdbstub_op_stepping(cpu->cpu_index);
445 cpu_single_step(cpu, sstep_flags);
450 trace_gdbstub_op_continue_cpu(cpu->cpu_index);
461 qemu_clock_enable(QEMU_CLOCK_VIRTUAL, true);
467 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
469 #ifdef CONFIG_USER_ONLY
473 ret = send(s->fd, buf, len, 0);
483 /* XXX this blocks entire thread. Rewrite to use
484 * qemu_chr_fe_write and background I/O callbacks */
485 qemu_chr_fe_write_all(&s->chr, buf, len);
489 static inline int fromhex(int v)
491 if (v >= '0' && v <= '9')
493 else if (v >= 'A' && v <= 'F')
495 else if (v >= 'a' && v <= 'f')
501 static inline int tohex(int v)
509 /* writes 2*len+1 bytes in buf */
510 static void memtohex(char *buf, const uint8_t *mem, int len)
515 for(i = 0; i < len; i++) {
517 *q++ = tohex(c >> 4);
518 *q++ = tohex(c & 0xf);
523 static void hextomem(uint8_t *mem, const char *buf, int len)
527 for(i = 0; i < len; i++) {
528 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
533 static void hexdump(const char *buf, int len,
534 void (*trace_fn)(size_t ofs, char const *text))
536 char line_buffer[3 * 16 + 4 + 16 + 1];
539 for (i = 0; i < len || (i & 0xF); ++i) {
540 size_t byte_ofs = i & 15;
543 memset(line_buffer, ' ', 3 * 16 + 4 + 16);
544 line_buffer[3 * 16 + 4 + 16] = 0;
547 size_t col_group = (i >> 2) & 3;
548 size_t hex_col = byte_ofs * 3 + col_group;
549 size_t txt_col = 3 * 16 + 4 + byte_ofs;
554 line_buffer[hex_col + 0] = tohex((value >> 4) & 0xF);
555 line_buffer[hex_col + 1] = tohex((value >> 0) & 0xF);
556 line_buffer[txt_col + 0] = (value >= ' ' && value < 127)
562 trace_fn(i & -16, line_buffer);
566 /* return -1 if error, 0 if OK */
567 static int put_packet_binary(GDBState *s, const char *buf, int len, bool dump)
572 if (dump && trace_event_get_state_backends(TRACE_GDBSTUB_IO_BINARYREPLY)) {
573 hexdump(buf, len, trace_gdbstub_io_binaryreply);
582 for(i = 0; i < len; i++) {
586 *(p++) = tohex((csum >> 4) & 0xf);
587 *(p++) = tohex((csum) & 0xf);
589 s->last_packet_len = p - s->last_packet;
590 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
592 #ifdef CONFIG_USER_ONLY
605 /* return -1 if error, 0 if OK */
606 static int put_packet(GDBState *s, const char *buf)
608 trace_gdbstub_io_reply(buf);
610 return put_packet_binary(s, buf, strlen(buf), false);
613 /* Encode data using the encoding for 'x' packets. */
614 static int memtox(char *buf, const char *mem, int len)
622 case '#': case '$': case '*': case '}':
634 static const char *get_feature_xml(const char *p, const char **newp,
640 static char target_xml[1024];
643 while (p[len] && p[len] != ':')
648 if (strncmp(p, "target.xml", len) == 0) {
649 /* Generate the XML description for this CPU. */
650 if (!target_xml[0]) {
652 CPUState *cpu = first_cpu;
654 pstrcat(target_xml, sizeof(target_xml),
655 "<?xml version=\"1.0\"?>"
656 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
658 if (cc->gdb_arch_name) {
659 gchar *arch = cc->gdb_arch_name(cpu);
660 pstrcat(target_xml, sizeof(target_xml), "<architecture>");
661 pstrcat(target_xml, sizeof(target_xml), arch);
662 pstrcat(target_xml, sizeof(target_xml), "</architecture>");
665 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
666 pstrcat(target_xml, sizeof(target_xml), cc->gdb_core_xml_file);
667 pstrcat(target_xml, sizeof(target_xml), "\"/>");
668 for (r = cpu->gdb_regs; r; r = r->next) {
669 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
670 pstrcat(target_xml, sizeof(target_xml), r->xml);
671 pstrcat(target_xml, sizeof(target_xml), "\"/>");
673 pstrcat(target_xml, sizeof(target_xml), "</target>");
677 if (cc->gdb_get_dynamic_xml) {
678 CPUState *cpu = first_cpu;
679 char *xmlname = g_strndup(p, len);
680 const char *xml = cc->gdb_get_dynamic_xml(cpu, xmlname);
688 name = xml_builtin[i][0];
689 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
692 return name ? xml_builtin[i][1] : NULL;
695 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
697 CPUClass *cc = CPU_GET_CLASS(cpu);
698 CPUArchState *env = cpu->env_ptr;
701 if (reg < cc->gdb_num_core_regs) {
702 return cc->gdb_read_register(cpu, mem_buf, reg);
705 for (r = cpu->gdb_regs; r; r = r->next) {
706 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
707 return r->get_reg(env, mem_buf, reg - r->base_reg);
713 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
715 CPUClass *cc = CPU_GET_CLASS(cpu);
716 CPUArchState *env = cpu->env_ptr;
719 if (reg < cc->gdb_num_core_regs) {
720 return cc->gdb_write_register(cpu, mem_buf, reg);
723 for (r = cpu->gdb_regs; r; r = r->next) {
724 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
725 return r->set_reg(env, mem_buf, reg - r->base_reg);
731 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
732 specifies the first register number and these registers are included in
733 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
734 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
737 void gdb_register_coprocessor(CPUState *cpu,
738 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
739 int num_regs, const char *xml, int g_pos)
742 GDBRegisterState **p;
746 /* Check for duplicates. */
747 if (strcmp((*p)->xml, xml) == 0)
752 s = g_new0(GDBRegisterState, 1);
753 s->base_reg = cpu->gdb_num_regs;
754 s->num_regs = num_regs;
755 s->get_reg = get_reg;
756 s->set_reg = set_reg;
759 /* Add to end of list. */
760 cpu->gdb_num_regs += num_regs;
763 if (g_pos != s->base_reg) {
764 error_report("Error: Bad gdb register numbering for '%s', "
765 "expected %d got %d", xml, g_pos, s->base_reg);
767 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
772 #ifndef CONFIG_USER_ONLY
773 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
774 static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
776 static const int xlat[] = {
777 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
778 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
779 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
782 CPUClass *cc = CPU_GET_CLASS(cpu);
783 int cputype = xlat[gdbtype];
785 if (cc->gdb_stop_before_watchpoint) {
786 cputype |= BP_STOP_BEFORE_ACCESS;
792 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
798 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
802 case GDB_BREAKPOINT_SW:
803 case GDB_BREAKPOINT_HW:
805 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
811 #ifndef CONFIG_USER_ONLY
812 case GDB_WATCHPOINT_WRITE:
813 case GDB_WATCHPOINT_READ:
814 case GDB_WATCHPOINT_ACCESS:
816 err = cpu_watchpoint_insert(cpu, addr, len,
817 xlat_gdb_type(cpu, type), NULL);
829 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
835 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
839 case GDB_BREAKPOINT_SW:
840 case GDB_BREAKPOINT_HW:
842 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
848 #ifndef CONFIG_USER_ONLY
849 case GDB_WATCHPOINT_WRITE:
850 case GDB_WATCHPOINT_READ:
851 case GDB_WATCHPOINT_ACCESS:
853 err = cpu_watchpoint_remove(cpu, addr, len,
854 xlat_gdb_type(cpu, type));
865 static void gdb_breakpoint_remove_all(void)
870 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
875 cpu_breakpoint_remove_all(cpu, BP_GDB);
876 #ifndef CONFIG_USER_ONLY
877 cpu_watchpoint_remove_all(cpu, BP_GDB);
882 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
884 CPUState *cpu = s->c_cpu;
886 cpu_synchronize_state(cpu);
890 static CPUState *find_cpu(uint32_t thread_id)
895 if (cpu_gdb_index(cpu) == thread_id) {
903 static int is_query_packet(const char *p, const char *query, char separator)
905 unsigned int query_len = strlen(query);
907 return strncmp(p, query, query_len) == 0 &&
908 (p[query_len] == '\0' || p[query_len] == separator);
912 * gdb_handle_vcont - Parses and handles a vCont packet.
913 * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
914 * a format error, 0 on success.
916 static int gdb_handle_vcont(GDBState *s, const char *p)
918 int res, idx, signal = 0;
923 #ifdef CONFIG_USER_ONLY
924 int max_cpus = 1; /* global variable max_cpus exists only in system mode */
927 max_cpus = max_cpus <= cpu->cpu_index ? cpu->cpu_index + 1 : max_cpus;
930 /* uninitialised CPUs stay 0 */
931 newstates = g_new0(char, max_cpus);
933 /* mark valid CPUs with 1 */
935 newstates[cpu->cpu_index] = 1;
939 * res keeps track of what error we are returning, with -ENOTSUP meaning
940 * that the command is unknown or unsupported, thus returning an empty
941 * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
942 * or incorrect parameters passed.
952 if (cur_action == 'C' || cur_action == 'S') {
953 cur_action = qemu_tolower(cur_action);
954 res = qemu_strtoul(p + 1, &p, 16, &tmp);
958 signal = gdb_signal_to_target(tmp);
959 } else if (cur_action != 'c' && cur_action != 's') {
960 /* unknown/invalid/unsupported command */
964 /* thread specification. special values: (none), -1 = all; 0 = any */
965 if ((p[0] == ':' && p[1] == '-' && p[2] == '1') || (p[0] != ':')) {
969 for (idx = 0; idx < max_cpus; idx++) {
970 if (newstates[idx] == 1) {
971 newstates[idx] = cur_action;
974 } else if (*p == ':') {
976 res = qemu_strtoul(p, &p, 16, &tmp);
981 /* 0 means any thread, so we pick the first valid CPU */
982 cpu = tmp ? find_cpu(tmp) : first_cpu;
984 /* invalid CPU/thread specified */
990 /* only use if no previous match occourred */
991 if (newstates[cpu->cpu_index] == 1) {
992 newstates[cpu->cpu_index] = cur_action;
997 gdb_continue_partial(s, newstates);
1005 static int gdb_handle_packet(GDBState *s, const char *line_buf)
1011 int ch, reg_size, type, res;
1012 uint8_t mem_buf[MAX_PACKET_LENGTH];
1013 char buf[sizeof(mem_buf) + 1 /* trailing NUL */];
1015 target_ulong addr, len;
1017 trace_gdbstub_io_command(line_buf);
1023 /* TODO: Make this return the correct value for user-mode. */
1024 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
1025 cpu_gdb_index(s->c_cpu));
1027 /* Remove all the breakpoints when this query is issued,
1028 * because gdb is doing and initial connect and the state
1029 * should be cleaned up.
1031 gdb_breakpoint_remove_all();
1035 addr = strtoull(p, (char **)&p, 16);
1036 gdb_set_cpu_pc(s, addr);
1042 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
1043 if (s->signal == -1)
1048 if (strncmp(p, "Cont", 4) == 0) {
1051 put_packet(s, "vCont;c;C;s;S");
1055 res = gdb_handle_vcont(s, p);
1058 if ((res == -EINVAL) || (res == -ERANGE)) {
1059 put_packet(s, "E22");
1062 goto unknown_command;
1066 goto unknown_command;
1069 /* Kill the target */
1070 error_report("QEMU: Terminated via GDBstub");
1074 gdb_breakpoint_remove_all();
1075 gdb_syscall_mode = GDB_SYS_DISABLED;
1077 put_packet(s, "OK");
1081 addr = strtoull(p, (char **)&p, 16);
1082 gdb_set_cpu_pc(s, addr);
1084 cpu_single_step(s->c_cpu, sstep_flags);
1092 ret = strtoull(p, (char **)&p, 16);
1095 err = strtoull(p, (char **)&p, 16);
1102 if (s->current_syscall_cb) {
1103 s->current_syscall_cb(s->c_cpu, ret, err);
1104 s->current_syscall_cb = NULL;
1107 put_packet(s, "T02");
1114 cpu_synchronize_state(s->g_cpu);
1116 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs; addr++) {
1117 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
1120 memtohex(buf, mem_buf, len);
1124 cpu_synchronize_state(s->g_cpu);
1125 registers = mem_buf;
1126 len = strlen(p) / 2;
1127 hextomem((uint8_t *)registers, p, len);
1128 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs && len > 0; addr++) {
1129 reg_size = gdb_write_register(s->g_cpu, registers, addr);
1131 registers += reg_size;
1133 put_packet(s, "OK");
1136 addr = strtoull(p, (char **)&p, 16);
1139 len = strtoull(p, NULL, 16);
1141 /* memtohex() doubles the required space */
1142 if (len > MAX_PACKET_LENGTH / 2) {
1143 put_packet (s, "E22");
1147 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
1148 put_packet (s, "E14");
1150 memtohex(buf, mem_buf, len);
1155 addr = strtoull(p, (char **)&p, 16);
1158 len = strtoull(p, (char **)&p, 16);
1162 /* hextomem() reads 2*len bytes */
1163 if (len > strlen(p) / 2) {
1164 put_packet (s, "E22");
1167 hextomem(mem_buf, p, len);
1168 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
1170 put_packet(s, "E14");
1172 put_packet(s, "OK");
1176 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1177 This works, but can be very slow. Anything new enough to
1178 understand XML also knows how to use this properly. */
1180 goto unknown_command;
1181 addr = strtoull(p, (char **)&p, 16);
1182 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1184 memtohex(buf, mem_buf, reg_size);
1187 put_packet(s, "E14");
1192 goto unknown_command;
1193 addr = strtoull(p, (char **)&p, 16);
1196 reg_size = strlen(p) / 2;
1197 hextomem(mem_buf, p, reg_size);
1198 gdb_write_register(s->g_cpu, mem_buf, addr);
1199 put_packet(s, "OK");
1203 type = strtoul(p, (char **)&p, 16);
1206 addr = strtoull(p, (char **)&p, 16);
1209 len = strtoull(p, (char **)&p, 16);
1211 res = gdb_breakpoint_insert(addr, len, type);
1213 res = gdb_breakpoint_remove(addr, len, type);
1215 put_packet(s, "OK");
1216 else if (res == -ENOSYS)
1219 put_packet(s, "E22");
1223 thread = strtoull(p, (char **)&p, 16);
1224 if (thread == -1 || thread == 0) {
1225 put_packet(s, "OK");
1228 cpu = find_cpu(thread);
1230 put_packet(s, "E22");
1236 put_packet(s, "OK");
1240 put_packet(s, "OK");
1243 put_packet(s, "E22");
1248 thread = strtoull(p, (char **)&p, 16);
1249 cpu = find_cpu(thread);
1252 put_packet(s, "OK");
1254 put_packet(s, "E22");
1259 /* parse any 'q' packets here */
1260 if (!strcmp(p,"qemu.sstepbits")) {
1261 /* Query Breakpoint bit definitions */
1262 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1268 } else if (is_query_packet(p, "qemu.sstep", '=')) {
1269 /* Display or change the sstep_flags */
1272 /* Display current setting */
1273 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1278 type = strtoul(p, (char **)&p, 16);
1280 put_packet(s, "OK");
1282 } else if (strcmp(p,"C") == 0) {
1283 /* "Current thread" remains vague in the spec, so always return
1284 * the first CPU (gdb returns the first thread). */
1285 put_packet(s, "QC1");
1287 } else if (strcmp(p,"fThreadInfo") == 0) {
1288 s->query_cpu = first_cpu;
1289 goto report_cpuinfo;
1290 } else if (strcmp(p,"sThreadInfo") == 0) {
1293 snprintf(buf, sizeof(buf), "m%x", cpu_gdb_index(s->query_cpu));
1295 s->query_cpu = CPU_NEXT(s->query_cpu);
1299 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1300 thread = strtoull(p+16, (char **)&p, 16);
1301 cpu = find_cpu(thread);
1303 cpu_synchronize_state(cpu);
1304 /* memtohex() doubles the required space */
1305 len = snprintf((char *)mem_buf, sizeof(buf) / 2,
1306 "CPU#%d [%s]", cpu->cpu_index,
1307 cpu->halted ? "halted " : "running");
1308 trace_gdbstub_op_extra_info((char *)mem_buf);
1309 memtohex(buf, mem_buf, len);
1314 #ifdef CONFIG_USER_ONLY
1315 else if (strcmp(p, "Offsets") == 0) {
1316 TaskState *ts = s->c_cpu->opaque;
1318 snprintf(buf, sizeof(buf),
1319 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1320 ";Bss=" TARGET_ABI_FMT_lx,
1321 ts->info->code_offset,
1322 ts->info->data_offset,
1323 ts->info->data_offset);
1327 #else /* !CONFIG_USER_ONLY */
1328 else if (strncmp(p, "Rcmd,", 5) == 0) {
1329 int len = strlen(p + 5);
1331 if ((len % 2) != 0) {
1332 put_packet(s, "E01");
1336 hextomem(mem_buf, p + 5, len);
1338 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1339 put_packet(s, "OK");
1342 #endif /* !CONFIG_USER_ONLY */
1343 if (is_query_packet(p, "Supported", ':')) {
1344 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1345 cc = CPU_GET_CLASS(first_cpu);
1346 if (cc->gdb_core_xml_file != NULL) {
1347 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1352 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1354 target_ulong total_len;
1356 cc = CPU_GET_CLASS(first_cpu);
1357 if (cc->gdb_core_xml_file == NULL) {
1358 goto unknown_command;
1363 xml = get_feature_xml(p, &p, cc);
1365 snprintf(buf, sizeof(buf), "E00");
1372 addr = strtoul(p, (char **)&p, 16);
1375 len = strtoul(p, (char **)&p, 16);
1377 total_len = strlen(xml);
1378 if (addr > total_len) {
1379 snprintf(buf, sizeof(buf), "E00");
1383 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1384 len = (MAX_PACKET_LENGTH - 5) / 2;
1385 if (len < total_len - addr) {
1387 len = memtox(buf + 1, xml + addr, len);
1390 len = memtox(buf + 1, xml + addr, total_len - addr);
1392 put_packet_binary(s, buf, len + 1, true);
1395 if (is_query_packet(p, "Attached", ':')) {
1396 put_packet(s, GDB_ATTACHED);
1399 /* Unrecognised 'q' command. */
1400 goto unknown_command;
1404 /* put empty packet */
1412 void gdb_set_stop_cpu(CPUState *cpu)
1414 gdbserver_state->c_cpu = cpu;
1415 gdbserver_state->g_cpu = cpu;
1418 #ifndef CONFIG_USER_ONLY
1419 static void gdb_vm_state_change(void *opaque, int running, RunState state)
1421 GDBState *s = gdbserver_state;
1422 CPUState *cpu = s->c_cpu;
1427 if (running || s->state == RS_INACTIVE) {
1430 /* Is there a GDB syscall waiting to be sent? */
1431 if (s->current_syscall_cb) {
1432 put_packet(s, s->syscall_buf);
1436 case RUN_STATE_DEBUG:
1437 if (cpu->watchpoint_hit) {
1438 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
1449 trace_gdbstub_hit_watchpoint(type, cpu_gdb_index(cpu),
1450 (target_ulong)cpu->watchpoint_hit->vaddr);
1451 snprintf(buf, sizeof(buf),
1452 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
1453 GDB_SIGNAL_TRAP, cpu_gdb_index(cpu), type,
1454 (target_ulong)cpu->watchpoint_hit->vaddr);
1455 cpu->watchpoint_hit = NULL;
1458 trace_gdbstub_hit_break();
1461 ret = GDB_SIGNAL_TRAP;
1463 case RUN_STATE_PAUSED:
1464 trace_gdbstub_hit_paused();
1465 ret = GDB_SIGNAL_INT;
1467 case RUN_STATE_SHUTDOWN:
1468 trace_gdbstub_hit_shutdown();
1469 ret = GDB_SIGNAL_QUIT;
1471 case RUN_STATE_IO_ERROR:
1472 trace_gdbstub_hit_io_error();
1473 ret = GDB_SIGNAL_IO;
1475 case RUN_STATE_WATCHDOG:
1476 trace_gdbstub_hit_watchdog();
1477 ret = GDB_SIGNAL_ALRM;
1479 case RUN_STATE_INTERNAL_ERROR:
1480 trace_gdbstub_hit_internal_error();
1481 ret = GDB_SIGNAL_ABRT;
1483 case RUN_STATE_SAVE_VM:
1484 case RUN_STATE_RESTORE_VM:
1486 case RUN_STATE_FINISH_MIGRATE:
1487 ret = GDB_SIGNAL_XCPU;
1490 trace_gdbstub_hit_unknown(state);
1491 ret = GDB_SIGNAL_UNKNOWN;
1494 gdb_set_stop_cpu(cpu);
1495 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_gdb_index(cpu));
1500 /* disable single step if it was enabled */
1501 cpu_single_step(cpu, 0);
1505 /* Send a gdb syscall request.
1506 This accepts limited printf-style format specifiers, specifically:
1507 %x - target_ulong argument printed in hex.
1508 %lx - 64-bit argument printed in hex.
1509 %s - string pointer (target_ulong) and length (int) pair. */
1510 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
1518 s = gdbserver_state;
1521 s->current_syscall_cb = cb;
1522 #ifndef CONFIG_USER_ONLY
1523 vm_stop(RUN_STATE_DEBUG);
1526 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
1533 addr = va_arg(va, target_ulong);
1534 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
1537 if (*(fmt++) != 'x')
1539 i64 = va_arg(va, uint64_t);
1540 p += snprintf(p, p_end - p, "%" PRIx64, i64);
1543 addr = va_arg(va, target_ulong);
1544 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
1545 addr, va_arg(va, int));
1549 error_report("gdbstub: Bad syscall format string '%s'",
1558 #ifdef CONFIG_USER_ONLY
1559 put_packet(s, s->syscall_buf);
1560 /* Return control to gdb for it to process the syscall request.
1561 * Since the protocol requires that gdb hands control back to us
1562 * using a "here are the results" F packet, we don't need to check
1563 * gdb_handlesig's return value (which is the signal to deliver if
1564 * execution was resumed via a continue packet).
1566 gdb_handlesig(s->c_cpu, 0);
1568 /* In this case wait to send the syscall packet until notification that
1569 the CPU has stopped. This must be done because if the packet is sent
1570 now the reply from the syscall request could be received while the CPU
1571 is still in the running state, which can cause packets to be dropped
1572 and state transition 'T' packets to be sent while the syscall is still
1574 qemu_cpu_kick(s->c_cpu);
1578 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1583 gdb_do_syscallv(cb, fmt, va);
1587 static void gdb_read_byte(GDBState *s, int ch)
1591 #ifndef CONFIG_USER_ONLY
1592 if (s->last_packet_len) {
1593 /* Waiting for a response to the last packet. If we see the start
1594 of a new command then abandon the previous response. */
1596 trace_gdbstub_err_got_nack();
1597 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
1598 } else if (ch == '+') {
1599 trace_gdbstub_io_got_ack();
1601 trace_gdbstub_io_got_unexpected((uint8_t)ch);
1604 if (ch == '+' || ch == '$')
1605 s->last_packet_len = 0;
1609 if (runstate_is_running()) {
1610 /* when the CPU is running, we cannot do anything except stop
1611 it when receiving a char */
1612 vm_stop(RUN_STATE_PAUSED);
1619 /* start of command packet */
1620 s->line_buf_index = 0;
1622 s->state = RS_GETLINE;
1624 trace_gdbstub_err_garbage((uint8_t)ch);
1629 /* start escape sequence */
1630 s->state = RS_GETLINE_ESC;
1632 } else if (ch == '*') {
1633 /* start run length encoding sequence */
1634 s->state = RS_GETLINE_RLE;
1636 } else if (ch == '#') {
1637 /* end of command, start of checksum*/
1638 s->state = RS_CHKSUM1;
1639 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1640 trace_gdbstub_err_overrun();
1643 /* unescaped command character */
1644 s->line_buf[s->line_buf_index++] = ch;
1648 case RS_GETLINE_ESC:
1650 /* unexpected end of command in escape sequence */
1651 s->state = RS_CHKSUM1;
1652 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1653 /* command buffer overrun */
1654 trace_gdbstub_err_overrun();
1657 /* parse escaped character and leave escape state */
1658 s->line_buf[s->line_buf_index++] = ch ^ 0x20;
1660 s->state = RS_GETLINE;
1663 case RS_GETLINE_RLE:
1665 /* invalid RLE count encoding */
1666 trace_gdbstub_err_invalid_repeat((uint8_t)ch);
1667 s->state = RS_GETLINE;
1669 /* decode repeat length */
1670 int repeat = (unsigned char)ch - ' ' + 3;
1671 if (s->line_buf_index + repeat >= sizeof(s->line_buf) - 1) {
1672 /* that many repeats would overrun the command buffer */
1673 trace_gdbstub_err_overrun();
1675 } else if (s->line_buf_index < 1) {
1676 /* got a repeat but we have nothing to repeat */
1677 trace_gdbstub_err_invalid_rle();
1678 s->state = RS_GETLINE;
1680 /* repeat the last character */
1681 memset(s->line_buf + s->line_buf_index,
1682 s->line_buf[s->line_buf_index - 1], repeat);
1683 s->line_buf_index += repeat;
1685 s->state = RS_GETLINE;
1690 /* get high hex digit of checksum */
1691 if (!isxdigit(ch)) {
1692 trace_gdbstub_err_checksum_invalid((uint8_t)ch);
1693 s->state = RS_GETLINE;
1696 s->line_buf[s->line_buf_index] = '\0';
1697 s->line_csum = fromhex(ch) << 4;
1698 s->state = RS_CHKSUM2;
1701 /* get low hex digit of checksum */
1702 if (!isxdigit(ch)) {
1703 trace_gdbstub_err_checksum_invalid((uint8_t)ch);
1704 s->state = RS_GETLINE;
1707 s->line_csum |= fromhex(ch);
1709 if (s->line_csum != (s->line_sum & 0xff)) {
1710 trace_gdbstub_err_checksum_incorrect(s->line_sum, s->line_csum);
1711 /* send NAK reply */
1713 put_buffer(s, &reply, 1);
1716 /* send ACK reply */
1718 put_buffer(s, &reply, 1);
1719 s->state = gdb_handle_packet(s, s->line_buf);
1728 /* Tell the remote gdb that the process has exited. */
1729 void gdb_exit(CPUArchState *env, int code)
1734 s = gdbserver_state;
1738 #ifdef CONFIG_USER_ONLY
1739 if (gdbserver_fd < 0 || s->fd < 0) {
1744 trace_gdbstub_op_exiting((uint8_t)code);
1746 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
1749 #ifndef CONFIG_USER_ONLY
1750 qemu_chr_fe_deinit(&s->chr, true);
1754 #ifdef CONFIG_USER_ONLY
1756 gdb_handlesig(CPUState *cpu, int sig)
1762 s = gdbserver_state;
1763 if (gdbserver_fd < 0 || s->fd < 0) {
1767 /* disable single step if it was enabled */
1768 cpu_single_step(cpu, 0);
1772 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
1775 /* put_packet() might have detected that the peer terminated the
1783 s->running_state = 0;
1784 while (s->running_state == 0) {
1785 n = read(s->fd, buf, 256);
1789 for (i = 0; i < n; i++) {
1790 gdb_read_byte(s, buf[i]);
1793 /* XXX: Connection closed. Should probably wait for another
1794 connection before continuing. */
1807 /* Tell the remote gdb that the process has exited due to SIG. */
1808 void gdb_signalled(CPUArchState *env, int sig)
1813 s = gdbserver_state;
1814 if (gdbserver_fd < 0 || s->fd < 0) {
1818 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
1822 static bool gdb_accept(void)
1825 struct sockaddr_in sockaddr;
1830 len = sizeof(sockaddr);
1831 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
1832 if (fd < 0 && errno != EINTR) {
1835 } else if (fd >= 0) {
1836 qemu_set_cloexec(fd);
1841 /* set short latency */
1842 if (socket_set_nodelay(fd)) {
1843 perror("setsockopt");
1848 s = g_malloc0(sizeof(GDBState));
1849 s->c_cpu = first_cpu;
1850 s->g_cpu = first_cpu;
1852 gdb_has_xml = false;
1854 gdbserver_state = s;
1858 static int gdbserver_open(int port)
1860 struct sockaddr_in sockaddr;
1863 fd = socket(PF_INET, SOCK_STREAM, 0);
1868 qemu_set_cloexec(fd);
1870 socket_set_fast_reuse(fd);
1872 sockaddr.sin_family = AF_INET;
1873 sockaddr.sin_port = htons(port);
1874 sockaddr.sin_addr.s_addr = 0;
1875 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
1881 ret = listen(fd, 1);
1890 int gdbserver_start(int port)
1892 gdbserver_fd = gdbserver_open(port);
1893 if (gdbserver_fd < 0)
1895 /* accept connections */
1896 if (!gdb_accept()) {
1897 close(gdbserver_fd);
1904 /* Disable gdb stub for child processes. */
1905 void gdbserver_fork(CPUState *cpu)
1907 GDBState *s = gdbserver_state;
1909 if (gdbserver_fd < 0 || s->fd < 0) {
1914 cpu_breakpoint_remove_all(cpu, BP_GDB);
1915 cpu_watchpoint_remove_all(cpu, BP_GDB);
1918 static int gdb_chr_can_receive(void *opaque)
1920 /* We can handle an arbitrarily large amount of data.
1921 Pick the maximum packet size, which is as good as anything. */
1922 return MAX_PACKET_LENGTH;
1925 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
1929 for (i = 0; i < size; i++) {
1930 gdb_read_byte(gdbserver_state, buf[i]);
1934 static void gdb_chr_event(void *opaque, int event)
1937 case CHR_EVENT_OPENED:
1938 vm_stop(RUN_STATE_PAUSED);
1939 gdb_has_xml = false;
1946 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
1948 char buf[MAX_PACKET_LENGTH];
1951 if (len > (MAX_PACKET_LENGTH/2) - 1)
1952 len = (MAX_PACKET_LENGTH/2) - 1;
1953 memtohex(buf + 1, (uint8_t *)msg, len);
1957 static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len)
1959 const char *p = (const char *)buf;
1962 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
1964 if (len <= max_sz) {
1965 gdb_monitor_output(gdbserver_state, p, len);
1968 gdb_monitor_output(gdbserver_state, p, max_sz);
1976 static void gdb_sigterm_handler(int signal)
1978 if (runstate_is_running()) {
1979 vm_stop(RUN_STATE_PAUSED);
1984 static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend,
1985 bool *be_opened, Error **errp)
1990 static void char_gdb_class_init(ObjectClass *oc, void *data)
1992 ChardevClass *cc = CHARDEV_CLASS(oc);
1994 cc->internal = true;
1995 cc->open = gdb_monitor_open;
1996 cc->chr_write = gdb_monitor_write;
1999 #define TYPE_CHARDEV_GDB "chardev-gdb"
2001 static const TypeInfo char_gdb_type_info = {
2002 .name = TYPE_CHARDEV_GDB,
2003 .parent = TYPE_CHARDEV,
2004 .class_init = char_gdb_class_init,
2007 int gdbserver_start(const char *device)
2009 trace_gdbstub_op_start(device);
2012 char gdbstub_device_name[128];
2013 Chardev *chr = NULL;
2017 error_report("gdbstub: meaningless to attach gdb to a "
2018 "machine without any CPU.");
2024 if (strcmp(device, "none") != 0) {
2025 if (strstart(device, "tcp:", NULL)) {
2026 /* enforce required TCP attributes */
2027 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
2028 "%s,nowait,nodelay,server", device);
2029 device = gdbstub_device_name;
2032 else if (strcmp(device, "stdio") == 0) {
2033 struct sigaction act;
2035 memset(&act, 0, sizeof(act));
2036 act.sa_handler = gdb_sigterm_handler;
2037 sigaction(SIGINT, &act, NULL);
2041 * FIXME: it's a bit weird to allow using a mux chardev here
2042 * and implicitly setup a monitor. We may want to break this.
2044 chr = qemu_chr_new_noreplay("gdb", device, true);
2049 s = gdbserver_state;
2051 s = g_malloc0(sizeof(GDBState));
2052 gdbserver_state = s;
2054 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
2056 /* Initialize a monitor terminal for gdb */
2057 mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB,
2058 NULL, &error_abort);
2059 monitor_init(mon_chr, 0);
2061 qemu_chr_fe_deinit(&s->chr, true);
2062 mon_chr = s->mon_chr;
2063 memset(s, 0, sizeof(GDBState));
2064 s->mon_chr = mon_chr;
2066 s->c_cpu = first_cpu;
2067 s->g_cpu = first_cpu;
2069 qemu_chr_fe_init(&s->chr, chr, &error_abort);
2070 qemu_chr_fe_set_handlers(&s->chr, gdb_chr_can_receive, gdb_chr_receive,
2071 gdb_chr_event, NULL, NULL, NULL, true);
2073 s->state = chr ? RS_IDLE : RS_INACTIVE;
2074 s->mon_chr = mon_chr;
2075 s->current_syscall_cb = NULL;
2080 void gdbserver_cleanup(void)
2082 if (gdbserver_state) {
2083 put_packet(gdbserver_state, "W00");
2087 static void register_types(void)
2089 type_register_static(&char_gdb_type_info);
2092 type_init(register_types);
projects / qemu.git / blob