4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
20 #include "qemu-common.h"
21 #ifdef CONFIG_USER_ONLY
32 #include "monitor/monitor.h"
33 #include "sysemu/char.h"
34 #include "sysemu/sysemu.h"
35 #include "exec/gdbstub.h"
38 #define MAX_PACKET_LENGTH 4096
41 #include "qemu/sockets.h"
42 #include "sysemu/kvm.h"
43 #include "qemu/bitops.h"
45 #ifndef TARGET_CPU_MEMORY_RW_DEBUG
46 static inline int target_memory_rw_debug(CPUArchState *env, target_ulong addr,
47 uint8_t *buf, int len, int is_write)
49 return cpu_memory_rw_debug(env, addr, buf, len, is_write);
52 /* target_memory_rw_debug() defined in cpu.h */
64 GDB_SIGNAL_UNKNOWN = 143
67 #ifdef CONFIG_USER_ONLY
69 /* Map target signal numbers to GDB protocol signal numbers and vice
70 * versa. For user emulation's currently supported systems, we can
71 * assume most signals are defined.
74 static int gdb_signal_table[] = {
234 /* In system mode we only need SIGINT and SIGTRAP; other signals
235 are not yet supported. */
242 static int gdb_signal_table[] = {
252 #ifdef CONFIG_USER_ONLY
253 static int target_signal_to_gdb (int sig)
256 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
257 if (gdb_signal_table[i] == sig)
259 return GDB_SIGNAL_UNKNOWN;
263 static int gdb_signal_to_target (int sig)
265 if (sig < ARRAY_SIZE (gdb_signal_table))
266 return gdb_signal_table[sig];
273 typedef struct GDBRegisterState {
279 struct GDBRegisterState *next;
289 typedef struct GDBState {
290 CPUArchState *c_cpu; /* current CPU for step/continue ops */
291 CPUArchState *g_cpu; /* current CPU for other ops */
292 CPUArchState *query_cpu; /* for q{f|s}ThreadInfo */
293 enum RSState state; /* parsing state */
294 char line_buf[MAX_PACKET_LENGTH];
297 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
300 #ifdef CONFIG_USER_ONLY
304 CharDriverState *chr;
305 CharDriverState *mon_chr;
307 char syscall_buf[256];
308 gdb_syscall_complete_cb current_syscall_cb;
311 /* By default use no IRQs and no timers while single stepping so as to
312 * make single stepping like an ICE HW step.
314 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
316 static GDBState *gdbserver_state;
318 /* This is an ugly hack to cope with both new and old gdb.
319 If gdb sends qXfer:features:read then assume we're talking to a newish
320 gdb that understands target descriptions. */
321 static int gdb_has_xml;
323 #ifdef CONFIG_USER_ONLY
324 /* XXX: This is not thread safe. Do we care? */
325 static int gdbserver_fd = -1;
327 static int get_char(GDBState *s)
333 ret = qemu_recv(s->fd, &ch, 1, 0);
335 if (errno == ECONNRESET)
337 if (errno != EINTR && errno != EAGAIN)
339 } else if (ret == 0) {
357 /* If gdb is connected when the first semihosting syscall occurs then use
358 remote gdb syscalls. Otherwise use native file IO. */
359 int use_gdb_syscalls(void)
361 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
362 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
365 return gdb_syscall_mode == GDB_SYS_ENABLED;
368 /* Resume execution. */
369 static inline void gdb_continue(GDBState *s)
371 #ifdef CONFIG_USER_ONLY
372 s->running_state = 1;
374 if (runstate_check(RUN_STATE_GUEST_PANICKED)) {
375 runstate_set(RUN_STATE_DEBUG);
377 if (!runstate_needs_reset()) {
383 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
385 #ifdef CONFIG_USER_ONLY
389 ret = send(s->fd, buf, len, 0);
391 if (errno != EINTR && errno != EAGAIN)
399 qemu_chr_fe_write(s->chr, buf, len);
403 static inline int fromhex(int v)
405 if (v >= '0' && v <= '9')
407 else if (v >= 'A' && v <= 'F')
409 else if (v >= 'a' && v <= 'f')
415 static inline int tohex(int v)
423 static void memtohex(char *buf, const uint8_t *mem, int len)
428 for(i = 0; i < len; i++) {
430 *q++ = tohex(c >> 4);
431 *q++ = tohex(c & 0xf);
436 static void hextomem(uint8_t *mem, const char *buf, int len)
440 for(i = 0; i < len; i++) {
441 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
446 /* return -1 if error, 0 if OK */
447 static int put_packet_binary(GDBState *s, const char *buf, int len)
458 for(i = 0; i < len; i++) {
462 *(p++) = tohex((csum >> 4) & 0xf);
463 *(p++) = tohex((csum) & 0xf);
465 s->last_packet_len = p - s->last_packet;
466 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
468 #ifdef CONFIG_USER_ONLY
481 /* return -1 if error, 0 if OK */
482 static int put_packet(GDBState *s, const char *buf)
485 printf("reply='%s'\n", buf);
488 return put_packet_binary(s, buf, strlen(buf));
491 /* The GDB remote protocol transfers values in target byte order. This means
492 we can use the raw memory access routines to access the value buffer.
493 Conveniently, these also handle the case where the buffer is mis-aligned.
495 #define GET_REG8(val) do { \
496 stb_p(mem_buf, val); \
499 #define GET_REG16(val) do { \
500 stw_p(mem_buf, val); \
503 #define GET_REG32(val) do { \
504 stl_p(mem_buf, val); \
507 #define GET_REG64(val) do { \
508 stq_p(mem_buf, val); \
512 #if TARGET_LONG_BITS == 64
513 #define GET_REGL(val) GET_REG64(val)
514 #define ldtul_p(addr) ldq_p(addr)
516 #define GET_REGL(val) GET_REG32(val)
517 #define ldtul_p(addr) ldl_p(addr)
520 #if defined(TARGET_I386)
523 static const int gpr_map[16] = {
524 R_EAX, R_EBX, R_ECX, R_EDX, R_ESI, R_EDI, R_EBP, R_ESP,
525 8, 9, 10, 11, 12, 13, 14, 15
528 #define gpr_map gpr_map32
530 static const int gpr_map32[8] = { 0, 1, 2, 3, 4, 5, 6, 7 };
532 #define NUM_CORE_REGS (CPU_NB_REGS * 2 + 25)
534 #define IDX_IP_REG CPU_NB_REGS
535 #define IDX_FLAGS_REG (IDX_IP_REG + 1)
536 #define IDX_SEG_REGS (IDX_FLAGS_REG + 1)
537 #define IDX_FP_REGS (IDX_SEG_REGS + 6)
538 #define IDX_XMM_REGS (IDX_FP_REGS + 16)
539 #define IDX_MXCSR_REG (IDX_XMM_REGS + CPU_NB_REGS)
541 static int cpu_gdb_read_register(CPUX86State *env, uint8_t *mem_buf, int n)
543 if (n < CPU_NB_REGS) {
544 if (TARGET_LONG_BITS == 64 && env->hflags & HF_CS64_MASK) {
545 GET_REG64(env->regs[gpr_map[n]]);
546 } else if (n < CPU_NB_REGS32) {
547 GET_REG32(env->regs[gpr_map32[n]]);
549 } else if (n >= IDX_FP_REGS && n < IDX_FP_REGS + 8) {
550 #ifdef USE_X86LDOUBLE
551 /* FIXME: byteswap float values - after fixing fpregs layout. */
552 memcpy(mem_buf, &env->fpregs[n - IDX_FP_REGS], 10);
554 memset(mem_buf, 0, 10);
557 } else if (n >= IDX_XMM_REGS && n < IDX_XMM_REGS + CPU_NB_REGS) {
559 if (n < CPU_NB_REGS32 ||
560 (TARGET_LONG_BITS == 64 && env->hflags & HF_CS64_MASK)) {
561 stq_p(mem_buf, env->xmm_regs[n].XMM_Q(0));
562 stq_p(mem_buf + 8, env->xmm_regs[n].XMM_Q(1));
568 if (TARGET_LONG_BITS == 64 && env->hflags & HF_CS64_MASK) {
573 case IDX_FLAGS_REG: GET_REG32(env->eflags);
575 case IDX_SEG_REGS: GET_REG32(env->segs[R_CS].selector);
576 case IDX_SEG_REGS + 1: GET_REG32(env->segs[R_SS].selector);
577 case IDX_SEG_REGS + 2: GET_REG32(env->segs[R_DS].selector);
578 case IDX_SEG_REGS + 3: GET_REG32(env->segs[R_ES].selector);
579 case IDX_SEG_REGS + 4: GET_REG32(env->segs[R_FS].selector);
580 case IDX_SEG_REGS + 5: GET_REG32(env->segs[R_GS].selector);
582 case IDX_FP_REGS + 8: GET_REG32(env->fpuc);
583 case IDX_FP_REGS + 9: GET_REG32((env->fpus & ~0x3800) |
584 (env->fpstt & 0x7) << 11);
585 case IDX_FP_REGS + 10: GET_REG32(0); /* ftag */
586 case IDX_FP_REGS + 11: GET_REG32(0); /* fiseg */
587 case IDX_FP_REGS + 12: GET_REG32(0); /* fioff */
588 case IDX_FP_REGS + 13: GET_REG32(0); /* foseg */
589 case IDX_FP_REGS + 14: GET_REG32(0); /* fooff */
590 case IDX_FP_REGS + 15: GET_REG32(0); /* fop */
592 case IDX_MXCSR_REG: GET_REG32(env->mxcsr);
598 static int cpu_x86_gdb_load_seg(CPUX86State *env, int sreg, uint8_t *mem_buf)
600 uint16_t selector = ldl_p(mem_buf);
602 if (selector != env->segs[sreg].selector) {
603 #if defined(CONFIG_USER_ONLY)
604 cpu_x86_load_seg(env, sreg, selector);
606 unsigned int limit, flags;
609 if (!(env->cr[0] & CR0_PE_MASK) || (env->eflags & VM_MASK)) {
610 base = selector << 4;
614 if (!cpu_x86_get_descr_debug(env, selector, &base, &limit, &flags))
617 cpu_x86_load_seg_cache(env, sreg, selector, base, limit, flags);
623 static int cpu_gdb_write_register(CPUX86State *env, uint8_t *mem_buf, int n)
627 if (n < CPU_NB_REGS) {
628 if (TARGET_LONG_BITS == 64 && env->hflags & HF_CS64_MASK) {
629 env->regs[gpr_map[n]] = ldtul_p(mem_buf);
630 return sizeof(target_ulong);
631 } else if (n < CPU_NB_REGS32) {
633 env->regs[n] &= ~0xffffffffUL;
634 env->regs[n] |= (uint32_t)ldl_p(mem_buf);
637 } else if (n >= IDX_FP_REGS && n < IDX_FP_REGS + 8) {
638 #ifdef USE_X86LDOUBLE
639 /* FIXME: byteswap float values - after fixing fpregs layout. */
640 memcpy(&env->fpregs[n - IDX_FP_REGS], mem_buf, 10);
643 } else if (n >= IDX_XMM_REGS && n < IDX_XMM_REGS + CPU_NB_REGS) {
645 if (n < CPU_NB_REGS32 ||
646 (TARGET_LONG_BITS == 64 && env->hflags & HF_CS64_MASK)) {
647 env->xmm_regs[n].XMM_Q(0) = ldq_p(mem_buf);
648 env->xmm_regs[n].XMM_Q(1) = ldq_p(mem_buf + 8);
654 if (TARGET_LONG_BITS == 64 && env->hflags & HF_CS64_MASK) {
655 env->eip = ldq_p(mem_buf);
658 env->eip &= ~0xffffffffUL;
659 env->eip |= (uint32_t)ldl_p(mem_buf);
663 env->eflags = ldl_p(mem_buf);
666 case IDX_SEG_REGS: return cpu_x86_gdb_load_seg(env, R_CS, mem_buf);
667 case IDX_SEG_REGS + 1: return cpu_x86_gdb_load_seg(env, R_SS, mem_buf);
668 case IDX_SEG_REGS + 2: return cpu_x86_gdb_load_seg(env, R_DS, mem_buf);
669 case IDX_SEG_REGS + 3: return cpu_x86_gdb_load_seg(env, R_ES, mem_buf);
670 case IDX_SEG_REGS + 4: return cpu_x86_gdb_load_seg(env, R_FS, mem_buf);
671 case IDX_SEG_REGS + 5: return cpu_x86_gdb_load_seg(env, R_GS, mem_buf);
673 case IDX_FP_REGS + 8:
674 env->fpuc = ldl_p(mem_buf);
676 case IDX_FP_REGS + 9:
677 tmp = ldl_p(mem_buf);
678 env->fpstt = (tmp >> 11) & 7;
679 env->fpus = tmp & ~0x3800;
681 case IDX_FP_REGS + 10: /* ftag */ return 4;
682 case IDX_FP_REGS + 11: /* fiseg */ return 4;
683 case IDX_FP_REGS + 12: /* fioff */ return 4;
684 case IDX_FP_REGS + 13: /* foseg */ return 4;
685 case IDX_FP_REGS + 14: /* fooff */ return 4;
686 case IDX_FP_REGS + 15: /* fop */ return 4;
689 env->mxcsr = ldl_p(mem_buf);
693 /* Unrecognised register. */
697 #elif defined (TARGET_PPC)
699 /* Old gdb always expects FP registers. Newer (xml-aware) gdb only
700 expects whatever the target description contains. Due to a
701 historical mishap the FP registers appear in between core integer
702 regs and PC, MSR, CR, and so forth. We hack round this by giving the
703 FP regs zero size when talking to a newer gdb. */
704 #define NUM_CORE_REGS 71
705 #if defined (TARGET_PPC64)
706 #define GDB_CORE_XML "power64-core.xml"
708 #define GDB_CORE_XML "power-core.xml"
711 static int cpu_gdb_read_register(CPUPPCState *env, uint8_t *mem_buf, int n)
715 GET_REGL(env->gpr[n]);
720 stfq_p(mem_buf, env->fpr[n-32]);
724 case 64: GET_REGL(env->nip);
725 case 65: GET_REGL(env->msr);
730 for (i = 0; i < 8; i++)
731 cr |= env->crf[i] << (32 - ((i + 1) * 4));
734 case 67: GET_REGL(env->lr);
735 case 68: GET_REGL(env->ctr);
736 case 69: GET_REGL(env->xer);
741 GET_REG32(env->fpscr);
748 static int cpu_gdb_write_register(CPUPPCState *env, uint8_t *mem_buf, int n)
752 env->gpr[n] = ldtul_p(mem_buf);
753 return sizeof(target_ulong);
758 env->fpr[n-32] = ldfq_p(mem_buf);
763 env->nip = ldtul_p(mem_buf);
764 return sizeof(target_ulong);
766 ppc_store_msr(env, ldtul_p(mem_buf));
767 return sizeof(target_ulong);
770 uint32_t cr = ldl_p(mem_buf);
772 for (i = 0; i < 8; i++)
773 env->crf[i] = (cr >> (32 - ((i + 1) * 4))) & 0xF;
777 env->lr = ldtul_p(mem_buf);
778 return sizeof(target_ulong);
780 env->ctr = ldtul_p(mem_buf);
781 return sizeof(target_ulong);
783 env->xer = ldtul_p(mem_buf);
784 return sizeof(target_ulong);
789 store_fpscr(env, ldtul_p(mem_buf), 0xffffffff);
790 return sizeof(target_ulong);
796 #elif defined (TARGET_SPARC)
798 #if defined(TARGET_SPARC64) && !defined(TARGET_ABI32)
799 #define NUM_CORE_REGS 86
801 #define NUM_CORE_REGS 72
805 #define GET_REGA(val) GET_REG32(val)
807 #define GET_REGA(val) GET_REGL(val)
810 static int cpu_gdb_read_register(CPUSPARCState *env, uint8_t *mem_buf, int n)
814 GET_REGA(env->gregs[n]);
817 /* register window */
818 GET_REGA(env->regwptr[n - 8]);
820 #if defined(TARGET_ABI32) || !defined(TARGET_SPARC64)
824 GET_REG32(env->fpr[(n - 32) / 2].l.lower);
826 GET_REG32(env->fpr[(n - 32) / 2].l.upper);
829 /* Y, PSR, WIM, TBR, PC, NPC, FPSR, CPSR */
831 case 64: GET_REGA(env->y);
832 case 65: GET_REGA(cpu_get_psr(env));
833 case 66: GET_REGA(env->wim);
834 case 67: GET_REGA(env->tbr);
835 case 68: GET_REGA(env->pc);
836 case 69: GET_REGA(env->npc);
837 case 70: GET_REGA(env->fsr);
838 case 71: GET_REGA(0); /* csr */
839 default: GET_REGA(0);
845 GET_REG32(env->fpr[(n - 32) / 2].l.lower);
847 GET_REG32(env->fpr[(n - 32) / 2].l.upper);
851 /* f32-f62 (double width, even numbers only) */
852 GET_REG64(env->fpr[(n - 32) / 2].ll);
855 case 80: GET_REGL(env->pc);
856 case 81: GET_REGL(env->npc);
857 case 82: GET_REGL((cpu_get_ccr(env) << 32) |
858 ((env->asi & 0xff) << 24) |
859 ((env->pstate & 0xfff) << 8) |
861 case 83: GET_REGL(env->fsr);
862 case 84: GET_REGL(env->fprs);
863 case 85: GET_REGL(env->y);
869 static int cpu_gdb_write_register(CPUSPARCState *env, uint8_t *mem_buf, int n)
871 #if defined(TARGET_ABI32)
874 tmp = ldl_p(mem_buf);
878 tmp = ldtul_p(mem_buf);
885 /* register window */
886 env->regwptr[n - 8] = tmp;
888 #if defined(TARGET_ABI32) || !defined(TARGET_SPARC64)
893 env->fpr[(n - 32) / 2].l.lower = tmp;
895 env->fpr[(n - 32) / 2].l.upper = tmp;
898 /* Y, PSR, WIM, TBR, PC, NPC, FPSR, CPSR */
900 case 64: env->y = tmp; break;
901 case 65: cpu_put_psr(env, tmp); break;
902 case 66: env->wim = tmp; break;
903 case 67: env->tbr = tmp; break;
904 case 68: env->pc = tmp; break;
905 case 69: env->npc = tmp; break;
906 case 70: env->fsr = tmp; break;
914 tmp = ldl_p(mem_buf);
916 env->fpr[(n - 32) / 2].l.lower = tmp;
918 env->fpr[(n - 32) / 2].l.upper = tmp;
922 /* f32-f62 (double width, even numbers only) */
923 env->fpr[(n - 32) / 2].ll = tmp;
926 case 80: env->pc = tmp; break;
927 case 81: env->npc = tmp; break;
929 cpu_put_ccr(env, tmp >> 32);
930 env->asi = (tmp >> 24) & 0xff;
931 env->pstate = (tmp >> 8) & 0xfff;
932 cpu_put_cwp64(env, tmp & 0xff);
934 case 83: env->fsr = tmp; break;
935 case 84: env->fprs = tmp; break;
936 case 85: env->y = tmp; break;
943 #elif defined (TARGET_ARM)
945 /* Old gdb always expect FPA registers. Newer (xml-aware) gdb only expect
946 whatever the target description contains. Due to a historical mishap
947 the FPA registers appear in between core integer regs and the CPSR.
948 We hack round this by giving the FPA regs zero size when talking to a
950 #define NUM_CORE_REGS 26
951 #define GDB_CORE_XML "arm-core.xml"
953 static int cpu_gdb_read_register(CPUARMState *env, uint8_t *mem_buf, int n)
956 /* Core integer register. */
957 GET_REG32(env->regs[n]);
963 memset(mem_buf, 0, 12);
968 /* FPA status register. */
974 GET_REG32(cpsr_read(env));
976 /* Unknown register. */
980 static int cpu_gdb_write_register(CPUARMState *env, uint8_t *mem_buf, int n)
984 tmp = ldl_p(mem_buf);
986 /* Mask out low bit of PC to workaround gdb bugs. This will probably
987 cause problems if we ever implement the Jazelle DBX extensions. */
992 /* Core integer register. */
996 if (n < 24) { /* 16-23 */
997 /* FPA registers (ignored). */
1004 /* FPA status register (ignored). */
1010 cpsr_write (env, tmp, 0xffffffff);
1013 /* Unknown register. */
1017 #elif defined (TARGET_M68K)
1019 #define NUM_CORE_REGS 18
1021 #define GDB_CORE_XML "cf-core.xml"
1023 static int cpu_gdb_read_register(CPUM68KState *env, uint8_t *mem_buf, int n)
1027 GET_REG32(env->dregs[n]);
1028 } else if (n < 16) {
1030 GET_REG32(env->aregs[n - 8]);
1033 case 16: GET_REG32(env->sr);
1034 case 17: GET_REG32(env->pc);
1037 /* FP registers not included here because they vary between
1038 ColdFire and m68k. Use XML bits for these. */
1042 static int cpu_gdb_write_register(CPUM68KState *env, uint8_t *mem_buf, int n)
1046 tmp = ldl_p(mem_buf);
1050 env->dregs[n] = tmp;
1051 } else if (n < 16) {
1053 env->aregs[n - 8] = tmp;
1056 case 16: env->sr = tmp; break;
1057 case 17: env->pc = tmp; break;
1063 #elif defined (TARGET_MIPS)
1065 #define NUM_CORE_REGS 73
1067 static int cpu_gdb_read_register(CPUMIPSState *env, uint8_t *mem_buf, int n)
1070 GET_REGL(env->active_tc.gpr[n]);
1072 if (env->CP0_Config1 & (1 << CP0C1_FP)) {
1073 if (n >= 38 && n < 70) {
1074 if (env->CP0_Status & (1 << CP0St_FR))
1075 GET_REGL(env->active_fpu.fpr[n - 38].d);
1077 GET_REGL(env->active_fpu.fpr[n - 38].w[FP_ENDIAN_IDX]);
1080 case 70: GET_REGL((int32_t)env->active_fpu.fcr31);
1081 case 71: GET_REGL((int32_t)env->active_fpu.fcr0);
1085 case 32: GET_REGL((int32_t)env->CP0_Status);
1086 case 33: GET_REGL(env->active_tc.LO[0]);
1087 case 34: GET_REGL(env->active_tc.HI[0]);
1088 case 35: GET_REGL(env->CP0_BadVAddr);
1089 case 36: GET_REGL((int32_t)env->CP0_Cause);
1090 case 37: GET_REGL(env->active_tc.PC | !!(env->hflags & MIPS_HFLAG_M16));
1091 case 72: GET_REGL(0); /* fp */
1092 case 89: GET_REGL((int32_t)env->CP0_PRid);
1094 if (n >= 73 && n <= 88) {
1095 /* 16 embedded regs. */
1102 /* convert MIPS rounding mode in FCR31 to IEEE library */
1103 static unsigned int ieee_rm[] =
1105 float_round_nearest_even,
1106 float_round_to_zero,
1110 #define RESTORE_ROUNDING_MODE \
1111 set_float_rounding_mode(ieee_rm[env->active_fpu.fcr31 & 3], &env->active_fpu.fp_status)
1113 static int cpu_gdb_write_register(CPUMIPSState *env, uint8_t *mem_buf, int n)
1117 tmp = ldtul_p(mem_buf);
1120 env->active_tc.gpr[n] = tmp;
1121 return sizeof(target_ulong);
1123 if (env->CP0_Config1 & (1 << CP0C1_FP)
1124 && n >= 38 && n < 73) {
1126 if (env->CP0_Status & (1 << CP0St_FR))
1127 env->active_fpu.fpr[n - 38].d = tmp;
1129 env->active_fpu.fpr[n - 38].w[FP_ENDIAN_IDX] = tmp;
1133 env->active_fpu.fcr31 = tmp & 0xFF83FFFF;
1134 /* set rounding mode */
1135 RESTORE_ROUNDING_MODE;
1137 case 71: env->active_fpu.fcr0 = tmp; break;
1139 return sizeof(target_ulong);
1142 case 32: env->CP0_Status = tmp; break;
1143 case 33: env->active_tc.LO[0] = tmp; break;
1144 case 34: env->active_tc.HI[0] = tmp; break;
1145 case 35: env->CP0_BadVAddr = tmp; break;
1146 case 36: env->CP0_Cause = tmp; break;
1148 env->active_tc.PC = tmp & ~(target_ulong)1;
1150 env->hflags |= MIPS_HFLAG_M16;
1152 env->hflags &= ~(MIPS_HFLAG_M16);
1155 case 72: /* fp, ignored */ break;
1159 /* Other registers are readonly. Ignore writes. */
1163 return sizeof(target_ulong);
1165 #elif defined(TARGET_OPENRISC)
1167 #define NUM_CORE_REGS (32 + 3)
1169 static int cpu_gdb_read_register(CPUOpenRISCState *env, uint8_t *mem_buf, int n)
1172 GET_REG32(env->gpr[n]);
1176 GET_REG32(env->ppc);
1180 GET_REG32(env->npc);
1194 static int cpu_gdb_write_register(CPUOpenRISCState *env,
1195 uint8_t *mem_buf, int n)
1199 if (n > NUM_CORE_REGS) {
1203 tmp = ldl_p(mem_buf);
1227 #elif defined (TARGET_SH4)
1229 /* Hint: Use "set architecture sh4" in GDB to see fpu registers */
1230 /* FIXME: We should use XML for this. */
1232 #define NUM_CORE_REGS 59
1234 static int cpu_gdb_read_register(CPUSH4State *env, uint8_t *mem_buf, int n)
1238 if ((env->sr & (SR_MD | SR_RB)) == (SR_MD | SR_RB)) {
1239 GET_REGL(env->gregs[n + 16]);
1241 GET_REGL(env->gregs[n]);
1244 GET_REGL(env->gregs[n]);
1254 GET_REGL(env->mach);
1256 GET_REGL(env->macl);
1260 GET_REGL(env->fpul);
1262 GET_REGL(env->fpscr);
1264 if (env->fpscr & FPSCR_FR) {
1265 stfl_p(mem_buf, env->fregs[n - 9]);
1267 stfl_p(mem_buf, env->fregs[n - 25]);
1275 GET_REGL(env->gregs[n - 43]);
1277 GET_REGL(env->gregs[n - (51 - 16)]);
1283 static int cpu_gdb_write_register(CPUSH4State *env, uint8_t *mem_buf, int n)
1287 if ((env->sr & (SR_MD | SR_RB)) == (SR_MD | SR_RB)) {
1288 env->gregs[n + 16] = ldl_p(mem_buf);
1290 env->gregs[n] = ldl_p(mem_buf);
1294 env->gregs[n] = ldl_p(mem_buf);
1297 env->pc = ldl_p(mem_buf);
1300 env->pr = ldl_p(mem_buf);
1303 env->gbr = ldl_p(mem_buf);
1306 env->vbr = ldl_p(mem_buf);
1309 env->mach = ldl_p(mem_buf);
1312 env->macl = ldl_p(mem_buf);
1315 env->sr = ldl_p(mem_buf);
1318 env->fpul = ldl_p(mem_buf);
1321 env->fpscr = ldl_p(mem_buf);
1324 if (env->fpscr & FPSCR_FR) {
1325 env->fregs[n - 9] = ldfl_p(mem_buf);
1327 env->fregs[n - 25] = ldfl_p(mem_buf);
1331 env->ssr = ldl_p(mem_buf);
1334 env->spc = ldl_p(mem_buf);
1337 env->gregs[n - 43] = ldl_p(mem_buf);
1340 env->gregs[n - (51 - 16)] = ldl_p(mem_buf);
1347 #elif defined (TARGET_MICROBLAZE)
1349 #define NUM_CORE_REGS (32 + 5)
1351 static int cpu_gdb_read_register(CPUMBState *env, uint8_t *mem_buf, int n)
1354 GET_REG32(env->regs[n]);
1356 GET_REG32(env->sregs[n - 32]);
1361 static int cpu_gdb_write_register(CPUMBState *env, uint8_t *mem_buf, int n)
1365 if (n > NUM_CORE_REGS)
1368 tmp = ldl_p(mem_buf);
1373 env->sregs[n - 32] = tmp;
1377 #elif defined (TARGET_CRIS)
1379 #define NUM_CORE_REGS 49
1382 read_register_crisv10(CPUCRISState *env, uint8_t *mem_buf, int n)
1385 GET_REG32(env->regs[n]);
1395 GET_REG8(env->pregs[n - 16]);
1398 GET_REG8(env->pregs[n - 16]);
1402 GET_REG16(env->pregs[n - 16]);
1406 GET_REG32(env->pregs[n - 16]);
1414 static int cpu_gdb_read_register(CPUCRISState *env, uint8_t *mem_buf, int n)
1418 if (env->pregs[PR_VR] < 32)
1419 return read_register_crisv10(env, mem_buf, n);
1421 srs = env->pregs[PR_SRS];
1423 GET_REG32(env->regs[n]);
1426 if (n >= 21 && n < 32) {
1427 GET_REG32(env->pregs[n - 16]);
1429 if (n >= 33 && n < 49) {
1430 GET_REG32(env->sregs[srs][n - 33]);
1433 case 16: GET_REG8(env->pregs[0]);
1434 case 17: GET_REG8(env->pregs[1]);
1435 case 18: GET_REG32(env->pregs[2]);
1436 case 19: GET_REG8(srs);
1437 case 20: GET_REG16(env->pregs[4]);
1438 case 32: GET_REG32(env->pc);
1444 static int cpu_gdb_write_register(CPUCRISState *env, uint8_t *mem_buf, int n)
1451 tmp = ldl_p(mem_buf);
1457 if (n >= 21 && n < 32) {
1458 env->pregs[n - 16] = tmp;
1461 /* FIXME: Should support function regs be writable? */
1465 case 18: env->pregs[PR_PID] = tmp; break;
1468 case 32: env->pc = tmp; break;
1473 #elif defined (TARGET_ALPHA)
1475 #define NUM_CORE_REGS 67
1477 static int cpu_gdb_read_register(CPUAlphaState *env, uint8_t *mem_buf, int n)
1487 d.d = env->fir[n - 32];
1491 val = cpu_alpha_load_fpcr(env);
1501 /* 31 really is the zero register; 65 is unassigned in the
1502 gdb protocol, but is still required to occupy 8 bytes. */
1511 static int cpu_gdb_write_register(CPUAlphaState *env, uint8_t *mem_buf, int n)
1513 target_ulong tmp = ldtul_p(mem_buf);
1522 env->fir[n - 32] = d.d;
1525 cpu_alpha_store_fpcr(env, tmp);
1535 /* 31 really is the zero register; 65 is unassigned in the
1536 gdb protocol, but is still required to occupy 8 bytes. */
1543 #elif defined (TARGET_S390X)
1545 #define NUM_CORE_REGS S390_NUM_REGS
1547 static int cpu_gdb_read_register(CPUS390XState *env, uint8_t *mem_buf, int n)
1553 case S390_PSWM_REGNUM:
1554 cc_op = calc_cc(env, env->cc_op, env->cc_src, env->cc_dst, env->cc_vr);
1555 val = deposit64(env->psw.mask, 44, 2, cc_op);
1558 case S390_PSWA_REGNUM:
1559 GET_REGL(env->psw.addr);
1561 case S390_R0_REGNUM ... S390_R15_REGNUM:
1562 GET_REGL(env->regs[n-S390_R0_REGNUM]);
1564 case S390_A0_REGNUM ... S390_A15_REGNUM:
1565 GET_REG32(env->aregs[n-S390_A0_REGNUM]);
1567 case S390_FPC_REGNUM:
1568 GET_REG32(env->fpc);
1570 case S390_F0_REGNUM ... S390_F15_REGNUM:
1571 GET_REG64(env->fregs[n-S390_F0_REGNUM].ll);
1578 static int cpu_gdb_write_register(CPUS390XState *env, uint8_t *mem_buf, int n)
1583 tmpl = ldtul_p(mem_buf);
1584 tmp32 = ldl_p(mem_buf);
1587 case S390_PSWM_REGNUM:
1588 env->psw.mask = tmpl;
1589 env->cc_op = extract64(tmpl, 44, 2);
1591 case S390_PSWA_REGNUM:
1592 env->psw.addr = tmpl;
1594 case S390_R0_REGNUM ... S390_R15_REGNUM:
1595 env->regs[n-S390_R0_REGNUM] = tmpl;
1597 case S390_A0_REGNUM ... S390_A15_REGNUM:
1598 env->aregs[n-S390_A0_REGNUM] = tmp32;
1601 case S390_FPC_REGNUM:
1605 case S390_F0_REGNUM ... S390_F15_REGNUM:
1606 env->fregs[n-S390_F0_REGNUM].ll = tmpl;
1613 #elif defined (TARGET_LM32)
1615 #include "hw/lm32/lm32_pic.h"
1616 #define NUM_CORE_REGS (32 + 7)
1618 static int cpu_gdb_read_register(CPULM32State *env, uint8_t *mem_buf, int n)
1621 GET_REG32(env->regs[n]);
1627 /* FIXME: put in right exception ID */
1632 GET_REG32(env->eba);
1635 GET_REG32(env->deba);
1641 GET_REG32(lm32_pic_get_im(env->pic_state));
1644 GET_REG32(lm32_pic_get_ip(env->pic_state));
1651 static int cpu_gdb_write_register(CPULM32State *env, uint8_t *mem_buf, int n)
1655 if (n > NUM_CORE_REGS) {
1659 tmp = ldl_p(mem_buf);
1678 lm32_pic_set_im(env->pic_state, tmp);
1681 lm32_pic_set_ip(env->pic_state, tmp);
1687 #elif defined(TARGET_XTENSA)
1689 /* Use num_core_regs to see only non-privileged registers in an unmodified gdb.
1690 * Use num_regs to see all registers. gdb modification is required for that:
1691 * reset bit 0 in the 'flags' field of the registers definitions in the
1692 * gdb/xtensa-config.c inside gdb source tree or inside gdb overlay.
1694 #define NUM_CORE_REGS (env->config->gdb_regmap.num_regs)
1695 #define num_g_regs NUM_CORE_REGS
1697 static int cpu_gdb_read_register(CPUXtensaState *env, uint8_t *mem_buf, int n)
1699 const XtensaGdbReg *reg = env->config->gdb_regmap.reg + n;
1701 if (n < 0 || n >= env->config->gdb_regmap.num_regs) {
1705 switch (reg->type) {
1711 xtensa_sync_phys_from_window(env);
1712 GET_REG32(env->phys_regs[(reg->targno & 0xff) % env->config->nareg]);
1716 GET_REG32(env->sregs[reg->targno & 0xff]);
1720 GET_REG32(env->uregs[reg->targno & 0xff]);
1724 GET_REG32(float32_val(env->fregs[reg->targno & 0x0f]));
1728 GET_REG32(env->regs[reg->targno & 0x0f]);
1732 qemu_log("%s from reg %d of unsupported type %d\n",
1733 __func__, n, reg->type);
1738 static int cpu_gdb_write_register(CPUXtensaState *env, uint8_t *mem_buf, int n)
1741 const XtensaGdbReg *reg = env->config->gdb_regmap.reg + n;
1743 if (n < 0 || n >= env->config->gdb_regmap.num_regs) {
1747 tmp = ldl_p(mem_buf);
1749 switch (reg->type) {
1755 env->phys_regs[(reg->targno & 0xff) % env->config->nareg] = tmp;
1756 xtensa_sync_window_from_phys(env);
1760 env->sregs[reg->targno & 0xff] = tmp;
1764 env->uregs[reg->targno & 0xff] = tmp;
1768 env->fregs[reg->targno & 0x0f] = make_float32(tmp);
1772 env->regs[reg->targno & 0x0f] = tmp;
1776 qemu_log("%s to reg %d of unsupported type %d\n",
1777 __func__, n, reg->type);
1785 #define NUM_CORE_REGS 0
1787 static int cpu_gdb_read_register(CPUArchState *env, uint8_t *mem_buf, int n)
1792 static int cpu_gdb_write_register(CPUArchState *env, uint8_t *mem_buf, int n)
1799 #if !defined(TARGET_XTENSA)
1800 static int num_g_regs = NUM_CORE_REGS;
1804 /* Encode data using the encoding for 'x' packets. */
1805 static int memtox(char *buf, const char *mem, int len)
1813 case '#': case '$': case '*': case '}':
1825 static const char *get_feature_xml(const char *p, const char **newp)
1830 static char target_xml[1024];
1833 while (p[len] && p[len] != ':')
1838 if (strncmp(p, "target.xml", len) == 0) {
1839 /* Generate the XML description for this CPU. */
1840 if (!target_xml[0]) {
1841 GDBRegisterState *r;
1843 snprintf(target_xml, sizeof(target_xml),
1844 "<?xml version=\"1.0\"?>"
1845 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
1847 "<xi:include href=\"%s\"/>",
1850 for (r = first_cpu->gdb_regs; r; r = r->next) {
1851 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
1852 pstrcat(target_xml, sizeof(target_xml), r->xml);
1853 pstrcat(target_xml, sizeof(target_xml), "\"/>");
1855 pstrcat(target_xml, sizeof(target_xml), "</target>");
1859 for (i = 0; ; i++) {
1860 name = xml_builtin[i][0];
1861 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
1864 return name ? xml_builtin[i][1] : NULL;
1868 static int gdb_read_register(CPUArchState *env, uint8_t *mem_buf, int reg)
1870 GDBRegisterState *r;
1872 if (reg < NUM_CORE_REGS)
1873 return cpu_gdb_read_register(env, mem_buf, reg);
1875 for (r = env->gdb_regs; r; r = r->next) {
1876 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
1877 return r->get_reg(env, mem_buf, reg - r->base_reg);
1883 static int gdb_write_register(CPUArchState *env, uint8_t *mem_buf, int reg)
1885 GDBRegisterState *r;
1887 if (reg < NUM_CORE_REGS)
1888 return cpu_gdb_write_register(env, mem_buf, reg);
1890 for (r = env->gdb_regs; r; r = r->next) {
1891 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
1892 return r->set_reg(env, mem_buf, reg - r->base_reg);
1898 #if !defined(TARGET_XTENSA)
1899 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
1900 specifies the first register number and these registers are included in
1901 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
1902 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
1905 void gdb_register_coprocessor(CPUArchState * env,
1906 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
1907 int num_regs, const char *xml, int g_pos)
1909 GDBRegisterState *s;
1910 GDBRegisterState **p;
1911 static int last_reg = NUM_CORE_REGS;
1915 /* Check for duplicates. */
1916 if (strcmp((*p)->xml, xml) == 0)
1921 s = g_new0(GDBRegisterState, 1);
1922 s->base_reg = last_reg;
1923 s->num_regs = num_regs;
1924 s->get_reg = get_reg;
1925 s->set_reg = set_reg;
1928 /* Add to end of list. */
1929 last_reg += num_regs;
1932 if (g_pos != s->base_reg) {
1933 fprintf(stderr, "Error: Bad gdb register numbering for '%s'\n"
1934 "Expected %d got %d\n", xml, g_pos, s->base_reg);
1936 num_g_regs = last_reg;
1942 #ifndef CONFIG_USER_ONLY
1943 static const int xlat_gdb_type[] = {
1944 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
1945 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
1946 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
1950 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
1956 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
1959 case GDB_BREAKPOINT_SW:
1960 case GDB_BREAKPOINT_HW:
1961 for (env = first_cpu; env != NULL; env = env->next_cpu) {
1962 err = cpu_breakpoint_insert(env, addr, BP_GDB, NULL);
1967 #ifndef CONFIG_USER_ONLY
1968 case GDB_WATCHPOINT_WRITE:
1969 case GDB_WATCHPOINT_READ:
1970 case GDB_WATCHPOINT_ACCESS:
1971 for (env = first_cpu; env != NULL; env = env->next_cpu) {
1972 err = cpu_watchpoint_insert(env, addr, len, xlat_gdb_type[type],
1984 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
1990 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
1993 case GDB_BREAKPOINT_SW:
1994 case GDB_BREAKPOINT_HW:
1995 for (env = first_cpu; env != NULL; env = env->next_cpu) {
1996 err = cpu_breakpoint_remove(env, addr, BP_GDB);
2001 #ifndef CONFIG_USER_ONLY
2002 case GDB_WATCHPOINT_WRITE:
2003 case GDB_WATCHPOINT_READ:
2004 case GDB_WATCHPOINT_ACCESS:
2005 for (env = first_cpu; env != NULL; env = env->next_cpu) {
2006 err = cpu_watchpoint_remove(env, addr, len, xlat_gdb_type[type]);
2017 static void gdb_breakpoint_remove_all(void)
2021 if (kvm_enabled()) {
2022 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
2026 for (env = first_cpu; env != NULL; env = env->next_cpu) {
2027 cpu_breakpoint_remove_all(env, BP_GDB);
2028 #ifndef CONFIG_USER_ONLY
2029 cpu_watchpoint_remove_all(env, BP_GDB);
2034 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
2036 cpu_synchronize_state(ENV_GET_CPU(s->c_cpu));
2037 #if defined(TARGET_I386)
2039 #elif defined (TARGET_PPC)
2041 #elif defined (TARGET_SPARC)
2043 s->c_cpu->npc = pc + 4;
2044 #elif defined (TARGET_ARM)
2045 s->c_cpu->regs[15] = pc;
2046 #elif defined (TARGET_SH4)
2048 #elif defined (TARGET_MIPS)
2049 s->c_cpu->active_tc.PC = pc & ~(target_ulong)1;
2051 s->c_cpu->hflags |= MIPS_HFLAG_M16;
2053 s->c_cpu->hflags &= ~(MIPS_HFLAG_M16);
2055 #elif defined (TARGET_MICROBLAZE)
2056 s->c_cpu->sregs[SR_PC] = pc;
2057 #elif defined(TARGET_OPENRISC)
2059 #elif defined (TARGET_CRIS)
2061 #elif defined (TARGET_ALPHA)
2063 #elif defined (TARGET_S390X)
2064 s->c_cpu->psw.addr = pc;
2065 #elif defined (TARGET_LM32)
2067 #elif defined(TARGET_XTENSA)
2072 static CPUArchState *find_cpu(uint32_t thread_id)
2076 cpu = qemu_get_cpu(thread_id);
2080 return cpu->env_ptr;
2083 static int gdb_handle_packet(GDBState *s, const char *line_buf)
2088 int ch, reg_size, type, res;
2089 char buf[MAX_PACKET_LENGTH];
2090 uint8_t mem_buf[MAX_PACKET_LENGTH];
2092 target_ulong addr, len;
2095 printf("command='%s'\n", line_buf);
2101 /* TODO: Make this return the correct value for user-mode. */
2102 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
2103 cpu_index(ENV_GET_CPU(s->c_cpu)));
2105 /* Remove all the breakpoints when this query is issued,
2106 * because gdb is doing and initial connect and the state
2107 * should be cleaned up.
2109 gdb_breakpoint_remove_all();
2113 addr = strtoull(p, (char **)&p, 16);
2114 gdb_set_cpu_pc(s, addr);
2120 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
2121 if (s->signal == -1)
2126 if (strncmp(p, "Cont", 4) == 0) {
2127 int res_signal, res_thread;
2131 put_packet(s, "vCont;c;C;s;S");
2146 if (action == 'C' || action == 'S') {
2147 signal = strtoul(p, (char **)&p, 16);
2148 } else if (action != 'c' && action != 's') {
2154 thread = strtoull(p+1, (char **)&p, 16);
2156 action = tolower(action);
2157 if (res == 0 || (res == 'c' && action == 's')) {
2159 res_signal = signal;
2160 res_thread = thread;
2164 if (res_thread != -1 && res_thread != 0) {
2165 env = find_cpu(res_thread);
2167 put_packet(s, "E22");
2173 cpu_single_step(s->c_cpu, sstep_flags);
2175 s->signal = res_signal;
2181 goto unknown_command;
2184 #ifdef CONFIG_USER_ONLY
2185 /* Kill the target */
2186 fprintf(stderr, "\nQEMU: Terminated via GDBstub\n");
2191 gdb_breakpoint_remove_all();
2192 gdb_syscall_mode = GDB_SYS_DISABLED;
2194 put_packet(s, "OK");
2198 addr = strtoull(p, (char **)&p, 16);
2199 gdb_set_cpu_pc(s, addr);
2201 cpu_single_step(s->c_cpu, sstep_flags);
2209 ret = strtoull(p, (char **)&p, 16);
2212 err = strtoull(p, (char **)&p, 16);
2219 if (s->current_syscall_cb) {
2220 s->current_syscall_cb(s->c_cpu, ret, err);
2221 s->current_syscall_cb = NULL;
2224 put_packet(s, "T02");
2231 cpu_synchronize_state(ENV_GET_CPU(s->g_cpu));
2234 for (addr = 0; addr < num_g_regs; addr++) {
2235 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
2238 memtohex(buf, mem_buf, len);
2242 cpu_synchronize_state(ENV_GET_CPU(s->g_cpu));
2244 registers = mem_buf;
2245 len = strlen(p) / 2;
2246 hextomem((uint8_t *)registers, p, len);
2247 for (addr = 0; addr < num_g_regs && len > 0; addr++) {
2248 reg_size = gdb_write_register(s->g_cpu, registers, addr);
2250 registers += reg_size;
2252 put_packet(s, "OK");
2255 addr = strtoull(p, (char **)&p, 16);
2258 len = strtoull(p, NULL, 16);
2259 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, 0) != 0) {
2260 put_packet (s, "E14");
2262 memtohex(buf, mem_buf, len);
2267 addr = strtoull(p, (char **)&p, 16);
2270 len = strtoull(p, (char **)&p, 16);
2273 hextomem(mem_buf, p, len);
2274 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, 1) != 0) {
2275 put_packet(s, "E14");
2277 put_packet(s, "OK");
2281 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
2282 This works, but can be very slow. Anything new enough to
2283 understand XML also knows how to use this properly. */
2285 goto unknown_command;
2286 addr = strtoull(p, (char **)&p, 16);
2287 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
2289 memtohex(buf, mem_buf, reg_size);
2292 put_packet(s, "E14");
2297 goto unknown_command;
2298 addr = strtoull(p, (char **)&p, 16);
2301 reg_size = strlen(p) / 2;
2302 hextomem(mem_buf, p, reg_size);
2303 gdb_write_register(s->g_cpu, mem_buf, addr);
2304 put_packet(s, "OK");
2308 type = strtoul(p, (char **)&p, 16);
2311 addr = strtoull(p, (char **)&p, 16);
2314 len = strtoull(p, (char **)&p, 16);
2316 res = gdb_breakpoint_insert(addr, len, type);
2318 res = gdb_breakpoint_remove(addr, len, type);
2320 put_packet(s, "OK");
2321 else if (res == -ENOSYS)
2324 put_packet(s, "E22");
2328 thread = strtoull(p, (char **)&p, 16);
2329 if (thread == -1 || thread == 0) {
2330 put_packet(s, "OK");
2333 env = find_cpu(thread);
2335 put_packet(s, "E22");
2341 put_packet(s, "OK");
2345 put_packet(s, "OK");
2348 put_packet(s, "E22");
2353 thread = strtoull(p, (char **)&p, 16);
2354 env = find_cpu(thread);
2357 put_packet(s, "OK");
2359 put_packet(s, "E22");
2364 /* parse any 'q' packets here */
2365 if (!strcmp(p,"qemu.sstepbits")) {
2366 /* Query Breakpoint bit definitions */
2367 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
2373 } else if (strncmp(p,"qemu.sstep",10) == 0) {
2374 /* Display or change the sstep_flags */
2377 /* Display current setting */
2378 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
2383 type = strtoul(p, (char **)&p, 16);
2385 put_packet(s, "OK");
2387 } else if (strcmp(p,"C") == 0) {
2388 /* "Current thread" remains vague in the spec, so always return
2389 * the first CPU (gdb returns the first thread). */
2390 put_packet(s, "QC1");
2392 } else if (strcmp(p,"fThreadInfo") == 0) {
2393 s->query_cpu = first_cpu;
2394 goto report_cpuinfo;
2395 } else if (strcmp(p,"sThreadInfo") == 0) {
2398 snprintf(buf, sizeof(buf), "m%x",
2399 cpu_index(ENV_GET_CPU(s->query_cpu)));
2401 s->query_cpu = s->query_cpu->next_cpu;
2405 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
2406 thread = strtoull(p+16, (char **)&p, 16);
2407 env = find_cpu(thread);
2409 CPUState *cpu = ENV_GET_CPU(env);
2410 cpu_synchronize_state(cpu);
2411 len = snprintf((char *)mem_buf, sizeof(mem_buf),
2412 "CPU#%d [%s]", cpu->cpu_index,
2413 cpu->halted ? "halted " : "running");
2414 memtohex(buf, mem_buf, len);
2419 #ifdef CONFIG_USER_ONLY
2420 else if (strncmp(p, "Offsets", 7) == 0) {
2421 TaskState *ts = s->c_cpu->opaque;
2423 snprintf(buf, sizeof(buf),
2424 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
2425 ";Bss=" TARGET_ABI_FMT_lx,
2426 ts->info->code_offset,
2427 ts->info->data_offset,
2428 ts->info->data_offset);
2432 #else /* !CONFIG_USER_ONLY */
2433 else if (strncmp(p, "Rcmd,", 5) == 0) {
2434 int len = strlen(p + 5);
2436 if ((len % 2) != 0) {
2437 put_packet(s, "E01");
2440 hextomem(mem_buf, p + 5, len);
2443 qemu_chr_be_write(s->mon_chr, mem_buf, len);
2444 put_packet(s, "OK");
2447 #endif /* !CONFIG_USER_ONLY */
2448 if (strncmp(p, "Supported", 9) == 0) {
2449 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
2451 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
2457 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
2459 target_ulong total_len;
2463 xml = get_feature_xml(p, &p);
2465 snprintf(buf, sizeof(buf), "E00");
2472 addr = strtoul(p, (char **)&p, 16);
2475 len = strtoul(p, (char **)&p, 16);
2477 total_len = strlen(xml);
2478 if (addr > total_len) {
2479 snprintf(buf, sizeof(buf), "E00");
2483 if (len > (MAX_PACKET_LENGTH - 5) / 2)
2484 len = (MAX_PACKET_LENGTH - 5) / 2;
2485 if (len < total_len - addr) {
2487 len = memtox(buf + 1, xml + addr, len);
2490 len = memtox(buf + 1, xml + addr, total_len - addr);
2492 put_packet_binary(s, buf, len + 1);
2496 /* Unrecognised 'q' command. */
2497 goto unknown_command;
2501 /* put empty packet */
2509 void gdb_set_stop_cpu(CPUState *cpu)
2511 CPUArchState *env = cpu->env_ptr;
2513 gdbserver_state->c_cpu = env;
2514 gdbserver_state->g_cpu = env;
2517 #ifndef CONFIG_USER_ONLY
2518 static void gdb_vm_state_change(void *opaque, int running, RunState state)
2520 GDBState *s = gdbserver_state;
2521 CPUArchState *env = s->c_cpu;
2522 CPUState *cpu = ENV_GET_CPU(env);
2527 if (running || s->state == RS_INACTIVE) {
2530 /* Is there a GDB syscall waiting to be sent? */
2531 if (s->current_syscall_cb) {
2532 put_packet(s, s->syscall_buf);
2536 case RUN_STATE_DEBUG:
2537 if (env->watchpoint_hit) {
2538 switch (env->watchpoint_hit->flags & BP_MEM_ACCESS) {
2549 snprintf(buf, sizeof(buf),
2550 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
2551 GDB_SIGNAL_TRAP, cpu_index(cpu), type,
2552 env->watchpoint_hit->vaddr);
2553 env->watchpoint_hit = NULL;
2557 ret = GDB_SIGNAL_TRAP;
2559 case RUN_STATE_PAUSED:
2560 ret = GDB_SIGNAL_INT;
2562 case RUN_STATE_SHUTDOWN:
2563 ret = GDB_SIGNAL_QUIT;
2565 case RUN_STATE_IO_ERROR:
2566 ret = GDB_SIGNAL_IO;
2568 case RUN_STATE_WATCHDOG:
2569 ret = GDB_SIGNAL_ALRM;
2571 case RUN_STATE_INTERNAL_ERROR:
2572 ret = GDB_SIGNAL_ABRT;
2574 case RUN_STATE_SAVE_VM:
2575 case RUN_STATE_RESTORE_VM:
2577 case RUN_STATE_FINISH_MIGRATE:
2578 ret = GDB_SIGNAL_XCPU;
2581 ret = GDB_SIGNAL_UNKNOWN;
2584 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_index(cpu));
2589 /* disable single step if it was enabled */
2590 cpu_single_step(env, 0);
2594 /* Send a gdb syscall request.
2595 This accepts limited printf-style format specifiers, specifically:
2596 %x - target_ulong argument printed in hex.
2597 %lx - 64-bit argument printed in hex.
2598 %s - string pointer (target_ulong) and length (int) pair. */
2599 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
2608 s = gdbserver_state;
2611 s->current_syscall_cb = cb;
2612 #ifndef CONFIG_USER_ONLY
2613 vm_stop(RUN_STATE_DEBUG);
2617 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
2624 addr = va_arg(va, target_ulong);
2625 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
2628 if (*(fmt++) != 'x')
2630 i64 = va_arg(va, uint64_t);
2631 p += snprintf(p, p_end - p, "%" PRIx64, i64);
2634 addr = va_arg(va, target_ulong);
2635 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
2636 addr, va_arg(va, int));
2640 fprintf(stderr, "gdbstub: Bad syscall format string '%s'\n",
2650 #ifdef CONFIG_USER_ONLY
2651 put_packet(s, s->syscall_buf);
2652 gdb_handlesig(s->c_cpu, 0);
2654 /* In this case wait to send the syscall packet until notification that
2655 the CPU has stopped. This must be done because if the packet is sent
2656 now the reply from the syscall request could be received while the CPU
2657 is still in the running state, which can cause packets to be dropped
2658 and state transition 'T' packets to be sent while the syscall is still
2660 cpu_exit(ENV_GET_CPU(s->c_cpu));
2664 static void gdb_read_byte(GDBState *s, int ch)
2669 #ifndef CONFIG_USER_ONLY
2670 if (s->last_packet_len) {
2671 /* Waiting for a response to the last packet. If we see the start
2672 of a new command then abandon the previous response. */
2675 printf("Got NACK, retransmitting\n");
2677 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
2681 printf("Got ACK\n");
2683 printf("Got '%c' when expecting ACK/NACK\n", ch);
2685 if (ch == '+' || ch == '$')
2686 s->last_packet_len = 0;
2690 if (runstate_is_running()) {
2691 /* when the CPU is running, we cannot do anything except stop
2692 it when receiving a char */
2693 vm_stop(RUN_STATE_PAUSED);
2700 s->line_buf_index = 0;
2701 s->state = RS_GETLINE;
2706 s->state = RS_CHKSUM1;
2707 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
2710 s->line_buf[s->line_buf_index++] = ch;
2714 s->line_buf[s->line_buf_index] = '\0';
2715 s->line_csum = fromhex(ch) << 4;
2716 s->state = RS_CHKSUM2;
2719 s->line_csum |= fromhex(ch);
2721 for(i = 0; i < s->line_buf_index; i++) {
2722 csum += s->line_buf[i];
2724 if (s->line_csum != (csum & 0xff)) {
2726 put_buffer(s, &reply, 1);
2730 put_buffer(s, &reply, 1);
2731 s->state = gdb_handle_packet(s, s->line_buf);
2740 /* Tell the remote gdb that the process has exited. */
2741 void gdb_exit(CPUArchState *env, int code)
2746 s = gdbserver_state;
2750 #ifdef CONFIG_USER_ONLY
2751 if (gdbserver_fd < 0 || s->fd < 0) {
2756 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
2759 #ifndef CONFIG_USER_ONLY
2761 qemu_chr_delete(s->chr);
2766 #ifdef CONFIG_USER_ONLY
2772 s = gdbserver_state;
2774 if (gdbserver_fd < 0 || s->fd < 0)
2781 gdb_handlesig (CPUArchState *env, int sig)
2787 s = gdbserver_state;
2788 if (gdbserver_fd < 0 || s->fd < 0)
2791 /* disable single step if it was enabled */
2792 cpu_single_step(env, 0);
2797 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb (sig));
2800 /* put_packet() might have detected that the peer terminated the
2807 s->running_state = 0;
2808 while (s->running_state == 0) {
2809 n = read (s->fd, buf, 256);
2814 for (i = 0; i < n; i++)
2815 gdb_read_byte (s, buf[i]);
2817 else if (n == 0 || errno != EAGAIN)
2819 /* XXX: Connection closed. Should probably wait for another
2820 connection before continuing. */
2829 /* Tell the remote gdb that the process has exited due to SIG. */
2830 void gdb_signalled(CPUArchState *env, int sig)
2835 s = gdbserver_state;
2836 if (gdbserver_fd < 0 || s->fd < 0)
2839 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb (sig));
2843 static void gdb_accept(void)
2846 struct sockaddr_in sockaddr;
2851 len = sizeof(sockaddr);
2852 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
2853 if (fd < 0 && errno != EINTR) {
2856 } else if (fd >= 0) {
2858 fcntl(fd, F_SETFD, FD_CLOEXEC);
2864 /* set short latency */
2865 socket_set_nodelay(fd);
2867 s = g_malloc0(sizeof(GDBState));
2868 s->c_cpu = first_cpu;
2869 s->g_cpu = first_cpu;
2873 gdbserver_state = s;
2875 fcntl(fd, F_SETFL, O_NONBLOCK);
2878 static int gdbserver_open(int port)
2880 struct sockaddr_in sockaddr;
2883 fd = socket(PF_INET, SOCK_STREAM, 0);
2889 fcntl(fd, F_SETFD, FD_CLOEXEC);
2892 /* allow fast reuse */
2894 qemu_setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val));
2896 sockaddr.sin_family = AF_INET;
2897 sockaddr.sin_port = htons(port);
2898 sockaddr.sin_addr.s_addr = 0;
2899 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
2905 ret = listen(fd, 0);
2914 int gdbserver_start(int port)
2916 gdbserver_fd = gdbserver_open(port);
2917 if (gdbserver_fd < 0)
2919 /* accept connections */
2924 /* Disable gdb stub for child processes. */
2925 void gdbserver_fork(CPUArchState *env)
2927 GDBState *s = gdbserver_state;
2928 if (gdbserver_fd < 0 || s->fd < 0)
2932 cpu_breakpoint_remove_all(env, BP_GDB);
2933 cpu_watchpoint_remove_all(env, BP_GDB);
2936 static int gdb_chr_can_receive(void *opaque)
2938 /* We can handle an arbitrarily large amount of data.
2939 Pick the maximum packet size, which is as good as anything. */
2940 return MAX_PACKET_LENGTH;
2943 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
2947 for (i = 0; i < size; i++) {
2948 gdb_read_byte(gdbserver_state, buf[i]);
2952 static void gdb_chr_event(void *opaque, int event)
2955 case CHR_EVENT_OPENED:
2956 vm_stop(RUN_STATE_PAUSED);
2964 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
2966 char buf[MAX_PACKET_LENGTH];
2969 if (len > (MAX_PACKET_LENGTH/2) - 1)
2970 len = (MAX_PACKET_LENGTH/2) - 1;
2971 memtohex(buf + 1, (uint8_t *)msg, len);
2975 static int gdb_monitor_write(CharDriverState *chr, const uint8_t *buf, int len)
2977 const char *p = (const char *)buf;
2980 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
2982 if (len <= max_sz) {
2983 gdb_monitor_output(gdbserver_state, p, len);
2986 gdb_monitor_output(gdbserver_state, p, max_sz);
2994 static void gdb_sigterm_handler(int signal)
2996 if (runstate_is_running()) {
2997 vm_stop(RUN_STATE_PAUSED);
3002 int gdbserver_start(const char *device)
3005 char gdbstub_device_name[128];
3006 CharDriverState *chr = NULL;
3007 CharDriverState *mon_chr;
3011 if (strcmp(device, "none") != 0) {
3012 if (strstart(device, "tcp:", NULL)) {
3013 /* enforce required TCP attributes */
3014 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
3015 "%s,nowait,nodelay,server", device);
3016 device = gdbstub_device_name;
3019 else if (strcmp(device, "stdio") == 0) {
3020 struct sigaction act;
3022 memset(&act, 0, sizeof(act));
3023 act.sa_handler = gdb_sigterm_handler;
3024 sigaction(SIGINT, &act, NULL);
3027 chr = qemu_chr_new("gdb", device, NULL);
3031 qemu_chr_fe_claim_no_fail(chr);
3032 qemu_chr_add_handlers(chr, gdb_chr_can_receive, gdb_chr_receive,
3033 gdb_chr_event, NULL);
3036 s = gdbserver_state;
3038 s = g_malloc0(sizeof(GDBState));
3039 gdbserver_state = s;
3041 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
3043 /* Initialize a monitor terminal for gdb */
3044 mon_chr = g_malloc0(sizeof(*mon_chr));
3045 mon_chr->chr_write = gdb_monitor_write;
3046 monitor_init(mon_chr, 0);
3049 qemu_chr_delete(s->chr);
3050 mon_chr = s->mon_chr;
3051 memset(s, 0, sizeof(GDBState));
3053 s->c_cpu = first_cpu;
3054 s->g_cpu = first_cpu;
3056 s->state = chr ? RS_IDLE : RS_INACTIVE;
3057 s->mon_chr = mon_chr;
3058 s->current_syscall_cb = NULL;
projects / qemu.git / blob