4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #include "qemu/error-report.h"
22 #include "qemu/cutils.h"
24 #include "trace-root.h"
25 #ifdef CONFIG_USER_ONLY
28 #include "monitor/monitor.h"
29 #include "chardev/char.h"
30 #include "chardev/char-fe.h"
31 #include "sysemu/sysemu.h"
32 #include "exec/gdbstub.h"
35 #define MAX_PACKET_LENGTH 4096
37 #include "qemu/sockets.h"
38 #include "sysemu/hw_accel.h"
39 #include "sysemu/kvm.h"
40 #include "exec/semihost.h"
41 #include "exec/exec-all.h"
43 #ifdef CONFIG_USER_ONLY
44 #define GDB_ATTACHED "0"
46 #define GDB_ATTACHED "1"
49 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
50 uint8_t *buf, int len, bool is_write)
52 CPUClass *cc = CPU_GET_CLASS(cpu);
54 if (cc->memory_rw_debug) {
55 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
57 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
60 /* Return the GDB index for a given vCPU state.
62 * For user mode this is simply the thread id. In system mode GDB
63 * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
65 static inline int cpu_gdb_index(CPUState *cpu)
67 #if defined(CONFIG_USER_ONLY)
68 TaskState *ts = (TaskState *) cpu->opaque;
71 return cpu->cpu_index + 1;
84 GDB_SIGNAL_UNKNOWN = 143
87 #ifdef CONFIG_USER_ONLY
89 /* Map target signal numbers to GDB protocol signal numbers and vice
90 * versa. For user emulation's currently supported systems, we can
91 * assume most signals are defined.
94 static int gdb_signal_table[] = {
254 /* In system mode we only need SIGINT and SIGTRAP; other signals
255 are not yet supported. */
262 static int gdb_signal_table[] = {
272 #ifdef CONFIG_USER_ONLY
273 static int target_signal_to_gdb (int sig)
276 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
277 if (gdb_signal_table[i] == sig)
279 return GDB_SIGNAL_UNKNOWN;
283 static int gdb_signal_to_target (int sig)
285 if (sig < ARRAY_SIZE (gdb_signal_table))
286 return gdb_signal_table[sig];
291 typedef struct GDBRegisterState {
297 struct GDBRegisterState *next;
309 typedef struct GDBState {
310 CPUState *c_cpu; /* current CPU for step/continue ops */
311 CPUState *g_cpu; /* current CPU for other ops */
312 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
313 enum RSState state; /* parsing state */
314 char line_buf[MAX_PACKET_LENGTH];
316 int line_sum; /* running checksum */
317 int line_csum; /* checksum at the end of the packet */
318 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
321 #ifdef CONFIG_USER_ONLY
328 char syscall_buf[256];
329 gdb_syscall_complete_cb current_syscall_cb;
332 /* By default use no IRQs and no timers while single stepping so as to
333 * make single stepping like an ICE HW step.
335 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
337 static GDBState *gdbserver_state;
341 #ifdef CONFIG_USER_ONLY
342 /* XXX: This is not thread safe. Do we care? */
343 static int gdbserver_fd = -1;
345 static int get_char(GDBState *s)
351 ret = qemu_recv(s->fd, &ch, 1, 0);
353 if (errno == ECONNRESET)
357 } else if (ret == 0) {
375 /* Decide if either remote gdb syscalls or native file IO should be used. */
376 int use_gdb_syscalls(void)
378 SemihostingTarget target = semihosting_get_target();
379 if (target == SEMIHOSTING_TARGET_NATIVE) {
380 /* -semihosting-config target=native */
382 } else if (target == SEMIHOSTING_TARGET_GDB) {
383 /* -semihosting-config target=gdb */
387 /* -semihosting-config target=auto */
388 /* On the first call check if gdb is connected and remember. */
389 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
390 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
393 return gdb_syscall_mode == GDB_SYS_ENABLED;
396 /* Resume execution. */
397 static inline void gdb_continue(GDBState *s)
400 #ifdef CONFIG_USER_ONLY
401 s->running_state = 1;
402 trace_gdbstub_op_continue();
404 if (!runstate_needs_reset()) {
405 trace_gdbstub_op_continue();
412 * Resume execution, per CPU actions. For user-mode emulation it's
413 * equivalent to gdb_continue.
415 static int gdb_continue_partial(GDBState *s, char *newstates)
419 #ifdef CONFIG_USER_ONLY
421 * This is not exactly accurate, but it's an improvement compared to the
422 * previous situation, where only one CPU would be single-stepped.
425 if (newstates[cpu->cpu_index] == 's') {
426 trace_gdbstub_op_stepping(cpu->cpu_index);
427 cpu_single_step(cpu, sstep_flags);
430 s->running_state = 1;
434 if (!runstate_needs_reset()) {
435 if (vm_prepare_start()) {
440 switch (newstates[cpu->cpu_index]) {
443 break; /* nothing to do here */
445 trace_gdbstub_op_stepping(cpu->cpu_index);
446 cpu_single_step(cpu, sstep_flags);
451 trace_gdbstub_op_continue_cpu(cpu->cpu_index);
462 qemu_clock_enable(QEMU_CLOCK_VIRTUAL, true);
468 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
470 #ifdef CONFIG_USER_ONLY
474 ret = send(s->fd, buf, len, 0);
484 /* XXX this blocks entire thread. Rewrite to use
485 * qemu_chr_fe_write and background I/O callbacks */
486 qemu_chr_fe_write_all(&s->chr, buf, len);
490 static inline int fromhex(int v)
492 if (v >= '0' && v <= '9')
494 else if (v >= 'A' && v <= 'F')
496 else if (v >= 'a' && v <= 'f')
502 static inline int tohex(int v)
510 static void memtohex(char *buf, const uint8_t *mem, int len)
515 for(i = 0; i < len; i++) {
517 *q++ = tohex(c >> 4);
518 *q++ = tohex(c & 0xf);
523 static void hextomem(uint8_t *mem, const char *buf, int len)
527 for(i = 0; i < len; i++) {
528 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
533 static void hexdump(const char *buf, int len,
534 void (*trace_fn)(size_t ofs, char const *text))
536 char line_buffer[3 * 16 + 4 + 16 + 1];
539 for (i = 0; i < len || (i & 0xF); ++i) {
540 size_t byte_ofs = i & 15;
543 memset(line_buffer, ' ', 3 * 16 + 4 + 16);
544 line_buffer[3 * 16 + 4 + 16] = 0;
547 size_t col_group = (i >> 2) & 3;
548 size_t hex_col = byte_ofs * 3 + col_group;
549 size_t txt_col = 3 * 16 + 4 + byte_ofs;
554 line_buffer[hex_col + 0] = tohex((value >> 4) & 0xF);
555 line_buffer[hex_col + 1] = tohex((value >> 0) & 0xF);
556 line_buffer[txt_col + 0] = (value >= ' ' && value < 127)
562 trace_fn(i & -16, line_buffer);
566 /* return -1 if error, 0 if OK */
567 static int put_packet_binary(GDBState *s, const char *buf, int len, bool dump)
572 if (dump && trace_event_get_state_backends(TRACE_GDBSTUB_IO_BINARYREPLY)) {
573 hexdump(buf, len, trace_gdbstub_io_binaryreply);
582 for(i = 0; i < len; i++) {
586 *(p++) = tohex((csum >> 4) & 0xf);
587 *(p++) = tohex((csum) & 0xf);
589 s->last_packet_len = p - s->last_packet;
590 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
592 #ifdef CONFIG_USER_ONLY
605 /* return -1 if error, 0 if OK */
606 static int put_packet(GDBState *s, const char *buf)
608 trace_gdbstub_io_reply(buf);
610 return put_packet_binary(s, buf, strlen(buf), false);
613 /* Encode data using the encoding for 'x' packets. */
614 static int memtox(char *buf, const char *mem, int len)
622 case '#': case '$': case '*': case '}':
634 static const char *get_feature_xml(const char *p, const char **newp,
640 static char target_xml[1024];
643 while (p[len] && p[len] != ':')
648 if (strncmp(p, "target.xml", len) == 0) {
649 /* Generate the XML description for this CPU. */
650 if (!target_xml[0]) {
652 CPUState *cpu = first_cpu;
654 pstrcat(target_xml, sizeof(target_xml),
655 "<?xml version=\"1.0\"?>"
656 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
658 if (cc->gdb_arch_name) {
659 gchar *arch = cc->gdb_arch_name(cpu);
660 pstrcat(target_xml, sizeof(target_xml), "<architecture>");
661 pstrcat(target_xml, sizeof(target_xml), arch);
662 pstrcat(target_xml, sizeof(target_xml), "</architecture>");
665 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
666 pstrcat(target_xml, sizeof(target_xml), cc->gdb_core_xml_file);
667 pstrcat(target_xml, sizeof(target_xml), "\"/>");
668 for (r = cpu->gdb_regs; r; r = r->next) {
669 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
670 pstrcat(target_xml, sizeof(target_xml), r->xml);
671 pstrcat(target_xml, sizeof(target_xml), "\"/>");
673 pstrcat(target_xml, sizeof(target_xml), "</target>");
678 name = xml_builtin[i][0];
679 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
682 return name ? xml_builtin[i][1] : NULL;
685 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
687 CPUClass *cc = CPU_GET_CLASS(cpu);
688 CPUArchState *env = cpu->env_ptr;
691 if (reg < cc->gdb_num_core_regs) {
692 return cc->gdb_read_register(cpu, mem_buf, reg);
695 for (r = cpu->gdb_regs; r; r = r->next) {
696 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
697 return r->get_reg(env, mem_buf, reg - r->base_reg);
703 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
705 CPUClass *cc = CPU_GET_CLASS(cpu);
706 CPUArchState *env = cpu->env_ptr;
709 if (reg < cc->gdb_num_core_regs) {
710 return cc->gdb_write_register(cpu, mem_buf, reg);
713 for (r = cpu->gdb_regs; r; r = r->next) {
714 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
715 return r->set_reg(env, mem_buf, reg - r->base_reg);
721 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
722 specifies the first register number and these registers are included in
723 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
724 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
727 void gdb_register_coprocessor(CPUState *cpu,
728 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
729 int num_regs, const char *xml, int g_pos)
732 GDBRegisterState **p;
736 /* Check for duplicates. */
737 if (strcmp((*p)->xml, xml) == 0)
742 s = g_new0(GDBRegisterState, 1);
743 s->base_reg = cpu->gdb_num_regs;
744 s->num_regs = num_regs;
745 s->get_reg = get_reg;
746 s->set_reg = set_reg;
749 /* Add to end of list. */
750 cpu->gdb_num_regs += num_regs;
753 if (g_pos != s->base_reg) {
754 error_report("Error: Bad gdb register numbering for '%s', "
755 "expected %d got %d", xml, g_pos, s->base_reg);
757 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
762 #ifndef CONFIG_USER_ONLY
763 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
764 static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
766 static const int xlat[] = {
767 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
768 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
769 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
772 CPUClass *cc = CPU_GET_CLASS(cpu);
773 int cputype = xlat[gdbtype];
775 if (cc->gdb_stop_before_watchpoint) {
776 cputype |= BP_STOP_BEFORE_ACCESS;
782 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
788 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
792 case GDB_BREAKPOINT_SW:
793 case GDB_BREAKPOINT_HW:
795 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
801 #ifndef CONFIG_USER_ONLY
802 case GDB_WATCHPOINT_WRITE:
803 case GDB_WATCHPOINT_READ:
804 case GDB_WATCHPOINT_ACCESS:
806 err = cpu_watchpoint_insert(cpu, addr, len,
807 xlat_gdb_type(cpu, type), NULL);
819 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
825 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
829 case GDB_BREAKPOINT_SW:
830 case GDB_BREAKPOINT_HW:
832 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
838 #ifndef CONFIG_USER_ONLY
839 case GDB_WATCHPOINT_WRITE:
840 case GDB_WATCHPOINT_READ:
841 case GDB_WATCHPOINT_ACCESS:
843 err = cpu_watchpoint_remove(cpu, addr, len,
844 xlat_gdb_type(cpu, type));
855 static void gdb_breakpoint_remove_all(void)
860 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
865 cpu_breakpoint_remove_all(cpu, BP_GDB);
866 #ifndef CONFIG_USER_ONLY
867 cpu_watchpoint_remove_all(cpu, BP_GDB);
872 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
874 CPUState *cpu = s->c_cpu;
876 cpu_synchronize_state(cpu);
880 static CPUState *find_cpu(uint32_t thread_id)
885 if (cpu_gdb_index(cpu) == thread_id) {
893 static int is_query_packet(const char *p, const char *query, char separator)
895 unsigned int query_len = strlen(query);
897 return strncmp(p, query, query_len) == 0 &&
898 (p[query_len] == '\0' || p[query_len] == separator);
902 * gdb_handle_vcont - Parses and handles a vCont packet.
903 * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
904 * a format error, 0 on success.
906 static int gdb_handle_vcont(GDBState *s, const char *p)
908 int res, idx, signal = 0;
913 #ifdef CONFIG_USER_ONLY
914 int max_cpus = 1; /* global variable max_cpus exists only in system mode */
917 max_cpus = max_cpus <= cpu->cpu_index ? cpu->cpu_index + 1 : max_cpus;
920 /* uninitialised CPUs stay 0 */
921 newstates = g_new0(char, max_cpus);
923 /* mark valid CPUs with 1 */
925 newstates[cpu->cpu_index] = 1;
929 * res keeps track of what error we are returning, with -ENOTSUP meaning
930 * that the command is unknown or unsupported, thus returning an empty
931 * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
932 * or incorrect parameters passed.
942 if (cur_action == 'C' || cur_action == 'S') {
943 cur_action = qemu_tolower(cur_action);
944 res = qemu_strtoul(p + 1, &p, 16, &tmp);
948 signal = gdb_signal_to_target(tmp);
949 } else if (cur_action != 'c' && cur_action != 's') {
950 /* unknown/invalid/unsupported command */
954 /* thread specification. special values: (none), -1 = all; 0 = any */
955 if ((p[0] == ':' && p[1] == '-' && p[2] == '1') || (p[0] != ':')) {
959 for (idx = 0; idx < max_cpus; idx++) {
960 if (newstates[idx] == 1) {
961 newstates[idx] = cur_action;
964 } else if (*p == ':') {
966 res = qemu_strtoul(p, &p, 16, &tmp);
971 /* 0 means any thread, so we pick the first valid CPU */
972 cpu = tmp ? find_cpu(tmp) : first_cpu;
974 /* invalid CPU/thread specified */
980 /* only use if no previous match occourred */
981 if (newstates[cpu->cpu_index] == 1) {
982 newstates[cpu->cpu_index] = cur_action;
987 gdb_continue_partial(s, newstates);
995 static int gdb_handle_packet(GDBState *s, const char *line_buf)
1001 int ch, reg_size, type, res;
1002 char buf[MAX_PACKET_LENGTH];
1003 uint8_t mem_buf[MAX_PACKET_LENGTH];
1005 target_ulong addr, len;
1007 trace_gdbstub_io_command(line_buf);
1013 /* TODO: Make this return the correct value for user-mode. */
1014 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
1015 cpu_gdb_index(s->c_cpu));
1017 /* Remove all the breakpoints when this query is issued,
1018 * because gdb is doing and initial connect and the state
1019 * should be cleaned up.
1021 gdb_breakpoint_remove_all();
1025 addr = strtoull(p, (char **)&p, 16);
1026 gdb_set_cpu_pc(s, addr);
1032 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
1033 if (s->signal == -1)
1038 if (strncmp(p, "Cont", 4) == 0) {
1041 put_packet(s, "vCont;c;C;s;S");
1045 res = gdb_handle_vcont(s, p);
1048 if ((res == -EINVAL) || (res == -ERANGE)) {
1049 put_packet(s, "E22");
1052 goto unknown_command;
1056 goto unknown_command;
1059 /* Kill the target */
1060 error_report("QEMU: Terminated via GDBstub");
1064 gdb_breakpoint_remove_all();
1065 gdb_syscall_mode = GDB_SYS_DISABLED;
1067 put_packet(s, "OK");
1071 addr = strtoull(p, (char **)&p, 16);
1072 gdb_set_cpu_pc(s, addr);
1074 cpu_single_step(s->c_cpu, sstep_flags);
1082 ret = strtoull(p, (char **)&p, 16);
1085 err = strtoull(p, (char **)&p, 16);
1092 if (s->current_syscall_cb) {
1093 s->current_syscall_cb(s->c_cpu, ret, err);
1094 s->current_syscall_cb = NULL;
1097 put_packet(s, "T02");
1104 cpu_synchronize_state(s->g_cpu);
1106 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs; addr++) {
1107 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
1110 memtohex(buf, mem_buf, len);
1114 cpu_synchronize_state(s->g_cpu);
1115 registers = mem_buf;
1116 len = strlen(p) / 2;
1117 hextomem((uint8_t *)registers, p, len);
1118 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs && len > 0; addr++) {
1119 reg_size = gdb_write_register(s->g_cpu, registers, addr);
1121 registers += reg_size;
1123 put_packet(s, "OK");
1126 addr = strtoull(p, (char **)&p, 16);
1129 len = strtoull(p, NULL, 16);
1131 /* memtohex() doubles the required space */
1132 if (len > MAX_PACKET_LENGTH / 2) {
1133 put_packet (s, "E22");
1137 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
1138 put_packet (s, "E14");
1140 memtohex(buf, mem_buf, len);
1145 addr = strtoull(p, (char **)&p, 16);
1148 len = strtoull(p, (char **)&p, 16);
1152 /* hextomem() reads 2*len bytes */
1153 if (len > strlen(p) / 2) {
1154 put_packet (s, "E22");
1157 hextomem(mem_buf, p, len);
1158 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
1160 put_packet(s, "E14");
1162 put_packet(s, "OK");
1166 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1167 This works, but can be very slow. Anything new enough to
1168 understand XML also knows how to use this properly. */
1170 goto unknown_command;
1171 addr = strtoull(p, (char **)&p, 16);
1172 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1174 memtohex(buf, mem_buf, reg_size);
1177 put_packet(s, "E14");
1182 goto unknown_command;
1183 addr = strtoull(p, (char **)&p, 16);
1186 reg_size = strlen(p) / 2;
1187 hextomem(mem_buf, p, reg_size);
1188 gdb_write_register(s->g_cpu, mem_buf, addr);
1189 put_packet(s, "OK");
1193 type = strtoul(p, (char **)&p, 16);
1196 addr = strtoull(p, (char **)&p, 16);
1199 len = strtoull(p, (char **)&p, 16);
1201 res = gdb_breakpoint_insert(addr, len, type);
1203 res = gdb_breakpoint_remove(addr, len, type);
1205 put_packet(s, "OK");
1206 else if (res == -ENOSYS)
1209 put_packet(s, "E22");
1213 thread = strtoull(p, (char **)&p, 16);
1214 if (thread == -1 || thread == 0) {
1215 put_packet(s, "OK");
1218 cpu = find_cpu(thread);
1220 put_packet(s, "E22");
1226 put_packet(s, "OK");
1230 put_packet(s, "OK");
1233 put_packet(s, "E22");
1238 thread = strtoull(p, (char **)&p, 16);
1239 cpu = find_cpu(thread);
1242 put_packet(s, "OK");
1244 put_packet(s, "E22");
1249 /* parse any 'q' packets here */
1250 if (!strcmp(p,"qemu.sstepbits")) {
1251 /* Query Breakpoint bit definitions */
1252 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1258 } else if (is_query_packet(p, "qemu.sstep", '=')) {
1259 /* Display or change the sstep_flags */
1262 /* Display current setting */
1263 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1268 type = strtoul(p, (char **)&p, 16);
1270 put_packet(s, "OK");
1272 } else if (strcmp(p,"C") == 0) {
1273 /* "Current thread" remains vague in the spec, so always return
1274 * the first CPU (gdb returns the first thread). */
1275 put_packet(s, "QC1");
1277 } else if (strcmp(p,"fThreadInfo") == 0) {
1278 s->query_cpu = first_cpu;
1279 goto report_cpuinfo;
1280 } else if (strcmp(p,"sThreadInfo") == 0) {
1283 snprintf(buf, sizeof(buf), "m%x", cpu_gdb_index(s->query_cpu));
1285 s->query_cpu = CPU_NEXT(s->query_cpu);
1289 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1290 thread = strtoull(p+16, (char **)&p, 16);
1291 cpu = find_cpu(thread);
1293 cpu_synchronize_state(cpu);
1294 /* memtohex() doubles the required space */
1295 len = snprintf((char *)mem_buf, sizeof(buf) / 2,
1296 "CPU#%d [%s]", cpu->cpu_index,
1297 cpu->halted ? "halted " : "running");
1298 trace_gdbstub_op_extra_info((char *)mem_buf);
1299 memtohex(buf, mem_buf, len);
1304 #ifdef CONFIG_USER_ONLY
1305 else if (strcmp(p, "Offsets") == 0) {
1306 TaskState *ts = s->c_cpu->opaque;
1308 snprintf(buf, sizeof(buf),
1309 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1310 ";Bss=" TARGET_ABI_FMT_lx,
1311 ts->info->code_offset,
1312 ts->info->data_offset,
1313 ts->info->data_offset);
1317 #else /* !CONFIG_USER_ONLY */
1318 else if (strncmp(p, "Rcmd,", 5) == 0) {
1319 int len = strlen(p + 5);
1321 if ((len % 2) != 0) {
1322 put_packet(s, "E01");
1326 hextomem(mem_buf, p + 5, len);
1328 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1329 put_packet(s, "OK");
1332 #endif /* !CONFIG_USER_ONLY */
1333 if (is_query_packet(p, "Supported", ':')) {
1334 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1335 cc = CPU_GET_CLASS(first_cpu);
1336 if (cc->gdb_core_xml_file != NULL) {
1337 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1342 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1344 target_ulong total_len;
1346 cc = CPU_GET_CLASS(first_cpu);
1347 if (cc->gdb_core_xml_file == NULL) {
1348 goto unknown_command;
1353 xml = get_feature_xml(p, &p, cc);
1355 snprintf(buf, sizeof(buf), "E00");
1362 addr = strtoul(p, (char **)&p, 16);
1365 len = strtoul(p, (char **)&p, 16);
1367 total_len = strlen(xml);
1368 if (addr > total_len) {
1369 snprintf(buf, sizeof(buf), "E00");
1373 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1374 len = (MAX_PACKET_LENGTH - 5) / 2;
1375 if (len < total_len - addr) {
1377 len = memtox(buf + 1, xml + addr, len);
1380 len = memtox(buf + 1, xml + addr, total_len - addr);
1382 put_packet_binary(s, buf, len + 1, true);
1385 if (is_query_packet(p, "Attached", ':')) {
1386 put_packet(s, GDB_ATTACHED);
1389 /* Unrecognised 'q' command. */
1390 goto unknown_command;
1394 /* put empty packet */
1402 void gdb_set_stop_cpu(CPUState *cpu)
1404 gdbserver_state->c_cpu = cpu;
1405 gdbserver_state->g_cpu = cpu;
1408 #ifndef CONFIG_USER_ONLY
1409 static void gdb_vm_state_change(void *opaque, int running, RunState state)
1411 GDBState *s = gdbserver_state;
1412 CPUState *cpu = s->c_cpu;
1417 if (running || s->state == RS_INACTIVE) {
1420 /* Is there a GDB syscall waiting to be sent? */
1421 if (s->current_syscall_cb) {
1422 put_packet(s, s->syscall_buf);
1426 case RUN_STATE_DEBUG:
1427 if (cpu->watchpoint_hit) {
1428 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
1439 trace_gdbstub_hit_watchpoint(type, cpu_gdb_index(cpu),
1440 (target_ulong)cpu->watchpoint_hit->vaddr);
1441 snprintf(buf, sizeof(buf),
1442 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
1443 GDB_SIGNAL_TRAP, cpu_gdb_index(cpu), type,
1444 (target_ulong)cpu->watchpoint_hit->vaddr);
1445 cpu->watchpoint_hit = NULL;
1448 trace_gdbstub_hit_break();
1451 ret = GDB_SIGNAL_TRAP;
1453 case RUN_STATE_PAUSED:
1454 trace_gdbstub_hit_paused();
1455 ret = GDB_SIGNAL_INT;
1457 case RUN_STATE_SHUTDOWN:
1458 trace_gdbstub_hit_shutdown();
1459 ret = GDB_SIGNAL_QUIT;
1461 case RUN_STATE_IO_ERROR:
1462 trace_gdbstub_hit_io_error();
1463 ret = GDB_SIGNAL_IO;
1465 case RUN_STATE_WATCHDOG:
1466 trace_gdbstub_hit_watchdog();
1467 ret = GDB_SIGNAL_ALRM;
1469 case RUN_STATE_INTERNAL_ERROR:
1470 trace_gdbstub_hit_internal_error();
1471 ret = GDB_SIGNAL_ABRT;
1473 case RUN_STATE_SAVE_VM:
1474 case RUN_STATE_RESTORE_VM:
1476 case RUN_STATE_FINISH_MIGRATE:
1477 ret = GDB_SIGNAL_XCPU;
1480 trace_gdbstub_hit_unknown(state);
1481 ret = GDB_SIGNAL_UNKNOWN;
1484 gdb_set_stop_cpu(cpu);
1485 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_gdb_index(cpu));
1490 /* disable single step if it was enabled */
1491 cpu_single_step(cpu, 0);
1495 /* Send a gdb syscall request.
1496 This accepts limited printf-style format specifiers, specifically:
1497 %x - target_ulong argument printed in hex.
1498 %lx - 64-bit argument printed in hex.
1499 %s - string pointer (target_ulong) and length (int) pair. */
1500 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
1508 s = gdbserver_state;
1511 s->current_syscall_cb = cb;
1512 #ifndef CONFIG_USER_ONLY
1513 vm_stop(RUN_STATE_DEBUG);
1516 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
1523 addr = va_arg(va, target_ulong);
1524 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
1527 if (*(fmt++) != 'x')
1529 i64 = va_arg(va, uint64_t);
1530 p += snprintf(p, p_end - p, "%" PRIx64, i64);
1533 addr = va_arg(va, target_ulong);
1534 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
1535 addr, va_arg(va, int));
1539 error_report("gdbstub: Bad syscall format string '%s'",
1548 #ifdef CONFIG_USER_ONLY
1549 put_packet(s, s->syscall_buf);
1550 gdb_handlesig(s->c_cpu, 0);
1552 /* In this case wait to send the syscall packet until notification that
1553 the CPU has stopped. This must be done because if the packet is sent
1554 now the reply from the syscall request could be received while the CPU
1555 is still in the running state, which can cause packets to be dropped
1556 and state transition 'T' packets to be sent while the syscall is still
1558 qemu_cpu_kick(s->c_cpu);
1562 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1567 gdb_do_syscallv(cb, fmt, va);
1571 static void gdb_read_byte(GDBState *s, int ch)
1575 #ifndef CONFIG_USER_ONLY
1576 if (s->last_packet_len) {
1577 /* Waiting for a response to the last packet. If we see the start
1578 of a new command then abandon the previous response. */
1580 trace_gdbstub_err_got_nack();
1581 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
1582 } else if (ch == '+') {
1583 trace_gdbstub_io_got_ack();
1585 trace_gdbstub_io_got_unexpected((uint8_t)ch);
1588 if (ch == '+' || ch == '$')
1589 s->last_packet_len = 0;
1593 if (runstate_is_running()) {
1594 /* when the CPU is running, we cannot do anything except stop
1595 it when receiving a char */
1596 vm_stop(RUN_STATE_PAUSED);
1603 /* start of command packet */
1604 s->line_buf_index = 0;
1606 s->state = RS_GETLINE;
1608 trace_gdbstub_err_garbage((uint8_t)ch);
1613 /* start escape sequence */
1614 s->state = RS_GETLINE_ESC;
1616 } else if (ch == '*') {
1617 /* start run length encoding sequence */
1618 s->state = RS_GETLINE_RLE;
1620 } else if (ch == '#') {
1621 /* end of command, start of checksum*/
1622 s->state = RS_CHKSUM1;
1623 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1624 trace_gdbstub_err_overrun();
1627 /* unescaped command character */
1628 s->line_buf[s->line_buf_index++] = ch;
1632 case RS_GETLINE_ESC:
1634 /* unexpected end of command in escape sequence */
1635 s->state = RS_CHKSUM1;
1636 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1637 /* command buffer overrun */
1638 trace_gdbstub_err_overrun();
1641 /* parse escaped character and leave escape state */
1642 s->line_buf[s->line_buf_index++] = ch ^ 0x20;
1644 s->state = RS_GETLINE;
1647 case RS_GETLINE_RLE:
1649 /* invalid RLE count encoding */
1650 trace_gdbstub_err_invalid_repeat((uint8_t)ch);
1651 s->state = RS_GETLINE;
1653 /* decode repeat length */
1654 int repeat = (unsigned char)ch - ' ' + 3;
1655 if (s->line_buf_index + repeat >= sizeof(s->line_buf) - 1) {
1656 /* that many repeats would overrun the command buffer */
1657 trace_gdbstub_err_overrun();
1659 } else if (s->line_buf_index < 1) {
1660 /* got a repeat but we have nothing to repeat */
1661 trace_gdbstub_err_invalid_rle();
1662 s->state = RS_GETLINE;
1664 /* repeat the last character */
1665 memset(s->line_buf + s->line_buf_index,
1666 s->line_buf[s->line_buf_index - 1], repeat);
1667 s->line_buf_index += repeat;
1669 s->state = RS_GETLINE;
1674 /* get high hex digit of checksum */
1675 if (!isxdigit(ch)) {
1676 trace_gdbstub_err_checksum_invalid((uint8_t)ch);
1677 s->state = RS_GETLINE;
1680 s->line_buf[s->line_buf_index] = '\0';
1681 s->line_csum = fromhex(ch) << 4;
1682 s->state = RS_CHKSUM2;
1685 /* get low hex digit of checksum */
1686 if (!isxdigit(ch)) {
1687 trace_gdbstub_err_checksum_invalid((uint8_t)ch);
1688 s->state = RS_GETLINE;
1691 s->line_csum |= fromhex(ch);
1693 if (s->line_csum != (s->line_sum & 0xff)) {
1694 trace_gdbstub_err_checksum_incorrect(s->line_sum, s->line_csum);
1695 /* send NAK reply */
1697 put_buffer(s, &reply, 1);
1700 /* send ACK reply */
1702 put_buffer(s, &reply, 1);
1703 s->state = gdb_handle_packet(s, s->line_buf);
1712 /* Tell the remote gdb that the process has exited. */
1713 void gdb_exit(CPUArchState *env, int code)
1718 s = gdbserver_state;
1722 #ifdef CONFIG_USER_ONLY
1723 if (gdbserver_fd < 0 || s->fd < 0) {
1728 trace_gdbstub_op_exiting((uint8_t)code);
1730 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
1733 #ifndef CONFIG_USER_ONLY
1734 qemu_chr_fe_deinit(&s->chr, true);
1738 #ifdef CONFIG_USER_ONLY
1740 gdb_handlesig(CPUState *cpu, int sig)
1746 s = gdbserver_state;
1747 if (gdbserver_fd < 0 || s->fd < 0) {
1751 /* disable single step if it was enabled */
1752 cpu_single_step(cpu, 0);
1756 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
1759 /* put_packet() might have detected that the peer terminated the
1767 s->running_state = 0;
1768 while (s->running_state == 0) {
1769 n = read(s->fd, buf, 256);
1773 for (i = 0; i < n; i++) {
1774 gdb_read_byte(s, buf[i]);
1777 /* XXX: Connection closed. Should probably wait for another
1778 connection before continuing. */
1791 /* Tell the remote gdb that the process has exited due to SIG. */
1792 void gdb_signalled(CPUArchState *env, int sig)
1797 s = gdbserver_state;
1798 if (gdbserver_fd < 0 || s->fd < 0) {
1802 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
1806 static void gdb_accept(void)
1809 struct sockaddr_in sockaddr;
1814 len = sizeof(sockaddr);
1815 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
1816 if (fd < 0 && errno != EINTR) {
1819 } else if (fd >= 0) {
1821 fcntl(fd, F_SETFD, FD_CLOEXEC);
1827 /* set short latency */
1828 socket_set_nodelay(fd);
1830 s = g_malloc0(sizeof(GDBState));
1831 s->c_cpu = first_cpu;
1832 s->g_cpu = first_cpu;
1834 gdb_has_xml = false;
1836 gdbserver_state = s;
1839 static int gdbserver_open(int port)
1841 struct sockaddr_in sockaddr;
1844 fd = socket(PF_INET, SOCK_STREAM, 0);
1850 fcntl(fd, F_SETFD, FD_CLOEXEC);
1853 socket_set_fast_reuse(fd);
1855 sockaddr.sin_family = AF_INET;
1856 sockaddr.sin_port = htons(port);
1857 sockaddr.sin_addr.s_addr = 0;
1858 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
1864 ret = listen(fd, 1);
1873 int gdbserver_start(int port)
1875 gdbserver_fd = gdbserver_open(port);
1876 if (gdbserver_fd < 0)
1878 /* accept connections */
1883 /* Disable gdb stub for child processes. */
1884 void gdbserver_fork(CPUState *cpu)
1886 GDBState *s = gdbserver_state;
1888 if (gdbserver_fd < 0 || s->fd < 0) {
1893 cpu_breakpoint_remove_all(cpu, BP_GDB);
1894 cpu_watchpoint_remove_all(cpu, BP_GDB);
1897 static int gdb_chr_can_receive(void *opaque)
1899 /* We can handle an arbitrarily large amount of data.
1900 Pick the maximum packet size, which is as good as anything. */
1901 return MAX_PACKET_LENGTH;
1904 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
1908 for (i = 0; i < size; i++) {
1909 gdb_read_byte(gdbserver_state, buf[i]);
1913 static void gdb_chr_event(void *opaque, int event)
1916 case CHR_EVENT_OPENED:
1917 vm_stop(RUN_STATE_PAUSED);
1918 gdb_has_xml = false;
1925 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
1927 char buf[MAX_PACKET_LENGTH];
1930 if (len > (MAX_PACKET_LENGTH/2) - 1)
1931 len = (MAX_PACKET_LENGTH/2) - 1;
1932 memtohex(buf + 1, (uint8_t *)msg, len);
1936 static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len)
1938 const char *p = (const char *)buf;
1941 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
1943 if (len <= max_sz) {
1944 gdb_monitor_output(gdbserver_state, p, len);
1947 gdb_monitor_output(gdbserver_state, p, max_sz);
1955 static void gdb_sigterm_handler(int signal)
1957 if (runstate_is_running()) {
1958 vm_stop(RUN_STATE_PAUSED);
1963 static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend,
1964 bool *be_opened, Error **errp)
1969 static void char_gdb_class_init(ObjectClass *oc, void *data)
1971 ChardevClass *cc = CHARDEV_CLASS(oc);
1973 cc->internal = true;
1974 cc->open = gdb_monitor_open;
1975 cc->chr_write = gdb_monitor_write;
1978 #define TYPE_CHARDEV_GDB "chardev-gdb"
1980 static const TypeInfo char_gdb_type_info = {
1981 .name = TYPE_CHARDEV_GDB,
1982 .parent = TYPE_CHARDEV,
1983 .class_init = char_gdb_class_init,
1986 int gdbserver_start(const char *device)
1988 trace_gdbstub_op_start(device);
1991 char gdbstub_device_name[128];
1992 Chardev *chr = NULL;
1996 error_report("gdbstub: meaningless to attach gdb to a "
1997 "machine without any CPU.");
2003 if (strcmp(device, "none") != 0) {
2004 if (strstart(device, "tcp:", NULL)) {
2005 /* enforce required TCP attributes */
2006 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
2007 "%s,nowait,nodelay,server", device);
2008 device = gdbstub_device_name;
2011 else if (strcmp(device, "stdio") == 0) {
2012 struct sigaction act;
2014 memset(&act, 0, sizeof(act));
2015 act.sa_handler = gdb_sigterm_handler;
2016 sigaction(SIGINT, &act, NULL);
2019 chr = qemu_chr_new_noreplay("gdb", device);
2024 s = gdbserver_state;
2026 s = g_malloc0(sizeof(GDBState));
2027 gdbserver_state = s;
2029 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
2031 /* Initialize a monitor terminal for gdb */
2032 mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB,
2033 NULL, &error_abort);
2034 monitor_init(mon_chr, 0);
2036 qemu_chr_fe_deinit(&s->chr, true);
2037 mon_chr = s->mon_chr;
2038 memset(s, 0, sizeof(GDBState));
2039 s->mon_chr = mon_chr;
2041 s->c_cpu = first_cpu;
2042 s->g_cpu = first_cpu;
2044 qemu_chr_fe_init(&s->chr, chr, &error_abort);
2045 qemu_chr_fe_set_handlers(&s->chr, gdb_chr_can_receive, gdb_chr_receive,
2046 gdb_chr_event, NULL, NULL, NULL, true);
2048 s->state = chr ? RS_IDLE : RS_INACTIVE;
2049 s->mon_chr = mon_chr;
2050 s->current_syscall_cb = NULL;
2055 static void register_types(void)
2057 type_register_static(&char_gdb_type_info);
2060 type_init(register_types);
projects / qemu.git / blob