4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #include "qemu/error-report.h"
22 #include "qemu/cutils.h"
23 #include "trace-root.h"
24 #ifdef CONFIG_USER_ONLY
27 #include "monitor/monitor.h"
28 #include "chardev/char.h"
29 #include "chardev/char-fe.h"
30 #include "sysemu/sysemu.h"
31 #include "exec/gdbstub.h"
32 #include "hw/cpu/cluster.h"
35 #define MAX_PACKET_LENGTH 4096
37 #include "qemu/sockets.h"
38 #include "sysemu/hw_accel.h"
39 #include "sysemu/kvm.h"
40 #include "exec/semihost.h"
41 #include "exec/exec-all.h"
43 #ifdef CONFIG_USER_ONLY
44 #define GDB_ATTACHED "0"
46 #define GDB_ATTACHED "1"
49 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
50 uint8_t *buf, int len, bool is_write)
52 CPUClass *cc = CPU_GET_CLASS(cpu);
54 if (cc->memory_rw_debug) {
55 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
57 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
60 /* Return the GDB index for a given vCPU state.
62 * For user mode this is simply the thread id. In system mode GDB
63 * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
65 static inline int cpu_gdb_index(CPUState *cpu)
67 #if defined(CONFIG_USER_ONLY)
68 TaskState *ts = (TaskState *) cpu->opaque;
71 return cpu->cpu_index + 1;
84 GDB_SIGNAL_UNKNOWN = 143
87 #ifdef CONFIG_USER_ONLY
89 /* Map target signal numbers to GDB protocol signal numbers and vice
90 * versa. For user emulation's currently supported systems, we can
91 * assume most signals are defined.
94 static int gdb_signal_table[] = {
254 /* In system mode we only need SIGINT and SIGTRAP; other signals
255 are not yet supported. */
262 static int gdb_signal_table[] = {
272 #ifdef CONFIG_USER_ONLY
273 static int target_signal_to_gdb (int sig)
276 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
277 if (gdb_signal_table[i] == sig)
279 return GDB_SIGNAL_UNKNOWN;
283 static int gdb_signal_to_target (int sig)
285 if (sig < ARRAY_SIZE (gdb_signal_table))
286 return gdb_signal_table[sig];
291 typedef struct GDBRegisterState {
297 struct GDBRegisterState *next;
300 typedef struct GDBProcess {
304 char target_xml[1024];
316 typedef struct GDBState {
317 CPUState *c_cpu; /* current CPU for step/continue ops */
318 CPUState *g_cpu; /* current CPU for other ops */
319 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
320 enum RSState state; /* parsing state */
321 char line_buf[MAX_PACKET_LENGTH];
323 int line_sum; /* running checksum */
324 int line_csum; /* checksum at the end of the packet */
325 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
328 #ifdef CONFIG_USER_ONLY
336 GDBProcess *processes;
338 char syscall_buf[256];
339 gdb_syscall_complete_cb current_syscall_cb;
342 /* By default use no IRQs and no timers while single stepping so as to
343 * make single stepping like an ICE HW step.
345 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
347 static GDBState *gdbserver_state;
351 #ifdef CONFIG_USER_ONLY
352 /* XXX: This is not thread safe. Do we care? */
353 static int gdbserver_fd = -1;
355 static int get_char(GDBState *s)
361 ret = qemu_recv(s->fd, &ch, 1, 0);
363 if (errno == ECONNRESET)
367 } else if (ret == 0) {
385 /* Decide if either remote gdb syscalls or native file IO should be used. */
386 int use_gdb_syscalls(void)
388 SemihostingTarget target = semihosting_get_target();
389 if (target == SEMIHOSTING_TARGET_NATIVE) {
390 /* -semihosting-config target=native */
392 } else if (target == SEMIHOSTING_TARGET_GDB) {
393 /* -semihosting-config target=gdb */
397 /* -semihosting-config target=auto */
398 /* On the first call check if gdb is connected and remember. */
399 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
400 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
403 return gdb_syscall_mode == GDB_SYS_ENABLED;
406 /* Resume execution. */
407 static inline void gdb_continue(GDBState *s)
410 #ifdef CONFIG_USER_ONLY
411 s->running_state = 1;
412 trace_gdbstub_op_continue();
414 if (!runstate_needs_reset()) {
415 trace_gdbstub_op_continue();
422 * Resume execution, per CPU actions. For user-mode emulation it's
423 * equivalent to gdb_continue.
425 static int gdb_continue_partial(GDBState *s, char *newstates)
429 #ifdef CONFIG_USER_ONLY
431 * This is not exactly accurate, but it's an improvement compared to the
432 * previous situation, where only one CPU would be single-stepped.
435 if (newstates[cpu->cpu_index] == 's') {
436 trace_gdbstub_op_stepping(cpu->cpu_index);
437 cpu_single_step(cpu, sstep_flags);
440 s->running_state = 1;
444 if (!runstate_needs_reset()) {
445 if (vm_prepare_start()) {
450 switch (newstates[cpu->cpu_index]) {
453 break; /* nothing to do here */
455 trace_gdbstub_op_stepping(cpu->cpu_index);
456 cpu_single_step(cpu, sstep_flags);
461 trace_gdbstub_op_continue_cpu(cpu->cpu_index);
472 qemu_clock_enable(QEMU_CLOCK_VIRTUAL, true);
478 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
480 #ifdef CONFIG_USER_ONLY
484 ret = send(s->fd, buf, len, 0);
494 /* XXX this blocks entire thread. Rewrite to use
495 * qemu_chr_fe_write and background I/O callbacks */
496 qemu_chr_fe_write_all(&s->chr, buf, len);
500 static inline int fromhex(int v)
502 if (v >= '0' && v <= '9')
504 else if (v >= 'A' && v <= 'F')
506 else if (v >= 'a' && v <= 'f')
512 static inline int tohex(int v)
520 /* writes 2*len+1 bytes in buf */
521 static void memtohex(char *buf, const uint8_t *mem, int len)
526 for(i = 0; i < len; i++) {
528 *q++ = tohex(c >> 4);
529 *q++ = tohex(c & 0xf);
534 static void hextomem(uint8_t *mem, const char *buf, int len)
538 for(i = 0; i < len; i++) {
539 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
544 static void hexdump(const char *buf, int len,
545 void (*trace_fn)(size_t ofs, char const *text))
547 char line_buffer[3 * 16 + 4 + 16 + 1];
550 for (i = 0; i < len || (i & 0xF); ++i) {
551 size_t byte_ofs = i & 15;
554 memset(line_buffer, ' ', 3 * 16 + 4 + 16);
555 line_buffer[3 * 16 + 4 + 16] = 0;
558 size_t col_group = (i >> 2) & 3;
559 size_t hex_col = byte_ofs * 3 + col_group;
560 size_t txt_col = 3 * 16 + 4 + byte_ofs;
565 line_buffer[hex_col + 0] = tohex((value >> 4) & 0xF);
566 line_buffer[hex_col + 1] = tohex((value >> 0) & 0xF);
567 line_buffer[txt_col + 0] = (value >= ' ' && value < 127)
573 trace_fn(i & -16, line_buffer);
577 /* return -1 if error, 0 if OK */
578 static int put_packet_binary(GDBState *s, const char *buf, int len, bool dump)
583 if (dump && trace_event_get_state_backends(TRACE_GDBSTUB_IO_BINARYREPLY)) {
584 hexdump(buf, len, trace_gdbstub_io_binaryreply);
593 for(i = 0; i < len; i++) {
597 *(p++) = tohex((csum >> 4) & 0xf);
598 *(p++) = tohex((csum) & 0xf);
600 s->last_packet_len = p - s->last_packet;
601 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
603 #ifdef CONFIG_USER_ONLY
616 /* return -1 if error, 0 if OK */
617 static int put_packet(GDBState *s, const char *buf)
619 trace_gdbstub_io_reply(buf);
621 return put_packet_binary(s, buf, strlen(buf), false);
624 /* Encode data using the encoding for 'x' packets. */
625 static int memtox(char *buf, const char *mem, int len)
633 case '#': case '$': case '*': case '}':
645 static uint32_t gdb_get_cpu_pid(const GDBState *s, CPUState *cpu)
647 /* TODO: In user mode, we should use the task state PID */
648 if (cpu->cluster_index == UNASSIGNED_CLUSTER_INDEX) {
649 /* Return the default process' PID */
650 return s->processes[s->process_num - 1].pid;
652 return cpu->cluster_index + 1;
655 static GDBProcess *gdb_get_process(const GDBState *s, uint32_t pid)
660 /* 0 means any process, we take the first one */
661 return &s->processes[0];
664 for (i = 0; i < s->process_num; i++) {
665 if (s->processes[i].pid == pid) {
666 return &s->processes[i];
673 static GDBProcess *gdb_get_cpu_process(const GDBState *s, CPUState *cpu)
675 return gdb_get_process(s, gdb_get_cpu_pid(s, cpu));
678 static CPUState *find_cpu(uint32_t thread_id)
683 if (cpu_gdb_index(cpu) == thread_id) {
691 static CPUState *get_first_cpu_in_process(const GDBState *s,
697 if (gdb_get_cpu_pid(s, cpu) == process->pid) {
705 static CPUState *gdb_next_cpu_in_process(const GDBState *s, CPUState *cpu)
707 uint32_t pid = gdb_get_cpu_pid(s, cpu);
711 if (gdb_get_cpu_pid(s, cpu) == pid) {
721 /* Return the cpu following @cpu, while ignoring unattached processes. */
722 static CPUState *gdb_next_attached_cpu(const GDBState *s, CPUState *cpu)
727 if (gdb_get_cpu_process(s, cpu)->attached) {
737 /* Return the first attached cpu */
738 static CPUState *gdb_first_attached_cpu(const GDBState *s)
740 CPUState *cpu = first_cpu;
741 GDBProcess *process = gdb_get_cpu_process(s, cpu);
743 if (!process->attached) {
744 return gdb_next_attached_cpu(s, cpu);
750 static CPUState *gdb_get_cpu(const GDBState *s, uint32_t pid, uint32_t tid)
756 /* 0 means any process/thread, we take the first attached one */
757 return gdb_first_attached_cpu(s);
758 } else if (pid && !tid) {
759 /* any thread in a specific process */
760 process = gdb_get_process(s, pid);
762 if (process == NULL) {
766 if (!process->attached) {
770 return get_first_cpu_in_process(s, process);
772 /* a specific thread */
779 process = gdb_get_cpu_process(s, cpu);
781 if (pid && process->pid != pid) {
785 if (!process->attached) {
793 static const char *get_feature_xml(const GDBState *s, const char *p,
794 const char **newp, GDBProcess *process)
799 CPUState *cpu = get_first_cpu_in_process(s, process);
800 CPUClass *cc = CPU_GET_CLASS(cpu);
803 while (p[len] && p[len] != ':')
808 if (strncmp(p, "target.xml", len) == 0) {
809 char *buf = process->target_xml;
810 const size_t buf_sz = sizeof(process->target_xml);
812 /* Generate the XML description for this CPU. */
817 "<?xml version=\"1.0\"?>"
818 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
820 if (cc->gdb_arch_name) {
821 gchar *arch = cc->gdb_arch_name(cpu);
822 pstrcat(buf, buf_sz, "<architecture>");
823 pstrcat(buf, buf_sz, arch);
824 pstrcat(buf, buf_sz, "</architecture>");
827 pstrcat(buf, buf_sz, "<xi:include href=\"");
828 pstrcat(buf, buf_sz, cc->gdb_core_xml_file);
829 pstrcat(buf, buf_sz, "\"/>");
830 for (r = cpu->gdb_regs; r; r = r->next) {
831 pstrcat(buf, buf_sz, "<xi:include href=\"");
832 pstrcat(buf, buf_sz, r->xml);
833 pstrcat(buf, buf_sz, "\"/>");
835 pstrcat(buf, buf_sz, "</target>");
839 if (cc->gdb_get_dynamic_xml) {
840 char *xmlname = g_strndup(p, len);
841 const char *xml = cc->gdb_get_dynamic_xml(cpu, xmlname);
849 name = xml_builtin[i][0];
850 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
853 return name ? xml_builtin[i][1] : NULL;
856 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
858 CPUClass *cc = CPU_GET_CLASS(cpu);
859 CPUArchState *env = cpu->env_ptr;
862 if (reg < cc->gdb_num_core_regs) {
863 return cc->gdb_read_register(cpu, mem_buf, reg);
866 for (r = cpu->gdb_regs; r; r = r->next) {
867 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
868 return r->get_reg(env, mem_buf, reg - r->base_reg);
874 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
876 CPUClass *cc = CPU_GET_CLASS(cpu);
877 CPUArchState *env = cpu->env_ptr;
880 if (reg < cc->gdb_num_core_regs) {
881 return cc->gdb_write_register(cpu, mem_buf, reg);
884 for (r = cpu->gdb_regs; r; r = r->next) {
885 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
886 return r->set_reg(env, mem_buf, reg - r->base_reg);
892 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
893 specifies the first register number and these registers are included in
894 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
895 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
898 void gdb_register_coprocessor(CPUState *cpu,
899 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
900 int num_regs, const char *xml, int g_pos)
903 GDBRegisterState **p;
907 /* Check for duplicates. */
908 if (strcmp((*p)->xml, xml) == 0)
913 s = g_new0(GDBRegisterState, 1);
914 s->base_reg = cpu->gdb_num_regs;
915 s->num_regs = num_regs;
916 s->get_reg = get_reg;
917 s->set_reg = set_reg;
920 /* Add to end of list. */
921 cpu->gdb_num_regs += num_regs;
924 if (g_pos != s->base_reg) {
925 error_report("Error: Bad gdb register numbering for '%s', "
926 "expected %d got %d", xml, g_pos, s->base_reg);
928 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
933 #ifndef CONFIG_USER_ONLY
934 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
935 static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
937 static const int xlat[] = {
938 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
939 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
940 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
943 CPUClass *cc = CPU_GET_CLASS(cpu);
944 int cputype = xlat[gdbtype];
946 if (cc->gdb_stop_before_watchpoint) {
947 cputype |= BP_STOP_BEFORE_ACCESS;
953 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
959 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
963 case GDB_BREAKPOINT_SW:
964 case GDB_BREAKPOINT_HW:
966 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
972 #ifndef CONFIG_USER_ONLY
973 case GDB_WATCHPOINT_WRITE:
974 case GDB_WATCHPOINT_READ:
975 case GDB_WATCHPOINT_ACCESS:
977 err = cpu_watchpoint_insert(cpu, addr, len,
978 xlat_gdb_type(cpu, type), NULL);
990 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
996 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
1000 case GDB_BREAKPOINT_SW:
1001 case GDB_BREAKPOINT_HW:
1003 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
1009 #ifndef CONFIG_USER_ONLY
1010 case GDB_WATCHPOINT_WRITE:
1011 case GDB_WATCHPOINT_READ:
1012 case GDB_WATCHPOINT_ACCESS:
1014 err = cpu_watchpoint_remove(cpu, addr, len,
1015 xlat_gdb_type(cpu, type));
1026 static inline void gdb_cpu_breakpoint_remove_all(CPUState *cpu)
1028 cpu_breakpoint_remove_all(cpu, BP_GDB);
1029 #ifndef CONFIG_USER_ONLY
1030 cpu_watchpoint_remove_all(cpu, BP_GDB);
1034 static void gdb_process_breakpoint_remove_all(const GDBState *s, GDBProcess *p)
1036 CPUState *cpu = get_first_cpu_in_process(s, p);
1039 gdb_cpu_breakpoint_remove_all(cpu);
1040 cpu = gdb_next_cpu_in_process(s, cpu);
1044 static void gdb_breakpoint_remove_all(void)
1048 if (kvm_enabled()) {
1049 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
1054 gdb_cpu_breakpoint_remove_all(cpu);
1058 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
1060 CPUState *cpu = s->c_cpu;
1062 cpu_synchronize_state(cpu);
1063 cpu_set_pc(cpu, pc);
1066 static char *gdb_fmt_thread_id(const GDBState *s, CPUState *cpu,
1067 char *buf, size_t buf_size)
1069 if (s->multiprocess) {
1070 snprintf(buf, buf_size, "p%02x.%02x",
1071 gdb_get_cpu_pid(s, cpu), cpu_gdb_index(cpu));
1073 snprintf(buf, buf_size, "%02x", cpu_gdb_index(cpu));
1079 typedef enum GDBThreadIdKind {
1081 GDB_ALL_THREADS, /* One process, all threads */
1086 static GDBThreadIdKind read_thread_id(const char *buf, const char **end_buf,
1087 uint32_t *pid, uint32_t *tid)
1094 ret = qemu_strtoul(buf, &buf, 16, &p);
1097 return GDB_READ_THREAD_ERR;
1106 ret = qemu_strtoul(buf, &buf, 16, &t);
1109 return GDB_READ_THREAD_ERR;
1115 return GDB_ALL_PROCESSES;
1123 return GDB_ALL_THREADS;
1130 return GDB_ONE_THREAD;
1133 static int is_query_packet(const char *p, const char *query, char separator)
1135 unsigned int query_len = strlen(query);
1137 return strncmp(p, query, query_len) == 0 &&
1138 (p[query_len] == '\0' || p[query_len] == separator);
1142 * gdb_handle_vcont - Parses and handles a vCont packet.
1143 * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
1144 * a format error, 0 on success.
1146 static int gdb_handle_vcont(GDBState *s, const char *p)
1148 int res, signal = 0;
1153 GDBProcess *process;
1155 #ifdef CONFIG_USER_ONLY
1156 int max_cpus = 1; /* global variable max_cpus exists only in system mode */
1159 max_cpus = max_cpus <= cpu->cpu_index ? cpu->cpu_index + 1 : max_cpus;
1162 /* uninitialised CPUs stay 0 */
1163 newstates = g_new0(char, max_cpus);
1165 /* mark valid CPUs with 1 */
1167 newstates[cpu->cpu_index] = 1;
1171 * res keeps track of what error we are returning, with -ENOTSUP meaning
1172 * that the command is unknown or unsupported, thus returning an empty
1173 * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
1174 * or incorrect parameters passed.
1184 if (cur_action == 'C' || cur_action == 'S') {
1185 cur_action = qemu_tolower(cur_action);
1186 res = qemu_strtoul(p + 1, &p, 16, &tmp);
1190 signal = gdb_signal_to_target(tmp);
1191 } else if (cur_action != 'c' && cur_action != 's') {
1192 /* unknown/invalid/unsupported command */
1202 switch (read_thread_id(p, &p, &pid, &tid)) {
1203 case GDB_READ_THREAD_ERR:
1207 case GDB_ALL_PROCESSES:
1208 cpu = gdb_first_attached_cpu(s);
1210 if (newstates[cpu->cpu_index] == 1) {
1211 newstates[cpu->cpu_index] = cur_action;
1214 cpu = gdb_next_attached_cpu(s, cpu);
1218 case GDB_ALL_THREADS:
1219 process = gdb_get_process(s, pid);
1221 if (!process->attached) {
1226 cpu = get_first_cpu_in_process(s, process);
1228 if (newstates[cpu->cpu_index] == 1) {
1229 newstates[cpu->cpu_index] = cur_action;
1232 cpu = gdb_next_cpu_in_process(s, cpu);
1236 case GDB_ONE_THREAD:
1237 cpu = gdb_get_cpu(s, pid, tid);
1239 /* invalid CPU/thread specified */
1245 /* only use if no previous match occourred */
1246 if (newstates[cpu->cpu_index] == 1) {
1247 newstates[cpu->cpu_index] = cur_action;
1253 gdb_continue_partial(s, newstates);
1261 static int gdb_handle_packet(GDBState *s, const char *line_buf)
1264 GDBProcess *process;
1268 int ch, reg_size, type, res;
1269 uint8_t mem_buf[MAX_PACKET_LENGTH];
1270 char buf[sizeof(mem_buf) + 1 /* trailing NUL */];
1273 target_ulong addr, len;
1274 GDBThreadIdKind thread_kind;
1276 trace_gdbstub_io_command(line_buf);
1282 put_packet(s, "OK");
1285 /* TODO: Make this return the correct value for user-mode. */
1286 snprintf(buf, sizeof(buf), "T%02xthread:%s;", GDB_SIGNAL_TRAP,
1287 gdb_fmt_thread_id(s, s->c_cpu, thread_id, sizeof(thread_id)));
1289 /* Remove all the breakpoints when this query is issued,
1290 * because gdb is doing and initial connect and the state
1291 * should be cleaned up.
1293 gdb_breakpoint_remove_all();
1297 addr = strtoull(p, (char **)&p, 16);
1298 gdb_set_cpu_pc(s, addr);
1304 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
1305 if (s->signal == -1)
1310 if (strncmp(p, "Cont", 4) == 0) {
1313 put_packet(s, "vCont;c;C;s;S");
1317 res = gdb_handle_vcont(s, p);
1320 if ((res == -EINVAL) || (res == -ERANGE)) {
1321 put_packet(s, "E22");
1324 goto unknown_command;
1327 } else if (strncmp(p, "Attach;", 7) == 0) {
1332 if (qemu_strtoul(p, &p, 16, &pid)) {
1333 put_packet(s, "E22");
1337 process = gdb_get_process(s, pid);
1339 if (process == NULL) {
1340 put_packet(s, "E22");
1344 cpu = get_first_cpu_in_process(s, process);
1347 /* Refuse to attach an empty process */
1348 put_packet(s, "E22");
1352 process->attached = true;
1357 snprintf(buf, sizeof(buf), "T%02xthread:%s;", GDB_SIGNAL_TRAP,
1358 gdb_fmt_thread_id(s, cpu, thread_id, sizeof(thread_id)));
1363 goto unknown_command;
1366 /* Kill the target */
1367 error_report("QEMU: Terminated via GDBstub");
1373 if (s->multiprocess) {
1376 put_packet(s, "E22");
1380 if (qemu_strtoul(p + 1, &p, 16, &lpid)) {
1381 put_packet(s, "E22");
1388 process = gdb_get_process(s, pid);
1389 gdb_process_breakpoint_remove_all(s, process);
1390 process->attached = false;
1392 if (pid == gdb_get_cpu_pid(s, s->c_cpu)) {
1393 s->c_cpu = gdb_first_attached_cpu(s);
1396 if (pid == gdb_get_cpu_pid(s, s->g_cpu)) {
1397 s->g_cpu = gdb_first_attached_cpu(s);
1400 if (s->c_cpu == NULL) {
1401 /* No more process attached */
1402 gdb_syscall_mode = GDB_SYS_DISABLED;
1405 put_packet(s, "OK");
1409 addr = strtoull(p, (char **)&p, 16);
1410 gdb_set_cpu_pc(s, addr);
1412 cpu_single_step(s->c_cpu, sstep_flags);
1420 ret = strtoull(p, (char **)&p, 16);
1423 err = strtoull(p, (char **)&p, 16);
1430 if (s->current_syscall_cb) {
1431 s->current_syscall_cb(s->c_cpu, ret, err);
1432 s->current_syscall_cb = NULL;
1435 put_packet(s, "T02");
1442 cpu_synchronize_state(s->g_cpu);
1444 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs; addr++) {
1445 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
1448 memtohex(buf, mem_buf, len);
1452 cpu_synchronize_state(s->g_cpu);
1453 registers = mem_buf;
1454 len = strlen(p) / 2;
1455 hextomem((uint8_t *)registers, p, len);
1456 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs && len > 0; addr++) {
1457 reg_size = gdb_write_register(s->g_cpu, registers, addr);
1459 registers += reg_size;
1461 put_packet(s, "OK");
1464 addr = strtoull(p, (char **)&p, 16);
1467 len = strtoull(p, NULL, 16);
1469 /* memtohex() doubles the required space */
1470 if (len > MAX_PACKET_LENGTH / 2) {
1471 put_packet (s, "E22");
1475 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
1476 put_packet (s, "E14");
1478 memtohex(buf, mem_buf, len);
1483 addr = strtoull(p, (char **)&p, 16);
1486 len = strtoull(p, (char **)&p, 16);
1490 /* hextomem() reads 2*len bytes */
1491 if (len > strlen(p) / 2) {
1492 put_packet (s, "E22");
1495 hextomem(mem_buf, p, len);
1496 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
1498 put_packet(s, "E14");
1500 put_packet(s, "OK");
1504 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1505 This works, but can be very slow. Anything new enough to
1506 understand XML also knows how to use this properly. */
1508 goto unknown_command;
1509 addr = strtoull(p, (char **)&p, 16);
1510 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1512 memtohex(buf, mem_buf, reg_size);
1515 put_packet(s, "E14");
1520 goto unknown_command;
1521 addr = strtoull(p, (char **)&p, 16);
1524 reg_size = strlen(p) / 2;
1525 hextomem(mem_buf, p, reg_size);
1526 gdb_write_register(s->g_cpu, mem_buf, addr);
1527 put_packet(s, "OK");
1531 type = strtoul(p, (char **)&p, 16);
1534 addr = strtoull(p, (char **)&p, 16);
1537 len = strtoull(p, (char **)&p, 16);
1539 res = gdb_breakpoint_insert(addr, len, type);
1541 res = gdb_breakpoint_remove(addr, len, type);
1543 put_packet(s, "OK");
1544 else if (res == -ENOSYS)
1547 put_packet(s, "E22");
1552 thread_kind = read_thread_id(p, &p, &pid, &tid);
1553 if (thread_kind == GDB_READ_THREAD_ERR) {
1554 put_packet(s, "E22");
1558 if (thread_kind != GDB_ONE_THREAD) {
1559 put_packet(s, "OK");
1562 cpu = gdb_get_cpu(s, pid, tid);
1564 put_packet(s, "E22");
1570 put_packet(s, "OK");
1574 put_packet(s, "OK");
1577 put_packet(s, "E22");
1582 thread_kind = read_thread_id(p, &p, &pid, &tid);
1583 if (thread_kind == GDB_READ_THREAD_ERR) {
1584 put_packet(s, "E22");
1587 cpu = gdb_get_cpu(s, pid, tid);
1590 put_packet(s, "OK");
1592 put_packet(s, "E22");
1597 /* parse any 'q' packets here */
1598 if (!strcmp(p,"qemu.sstepbits")) {
1599 /* Query Breakpoint bit definitions */
1600 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1606 } else if (is_query_packet(p, "qemu.sstep", '=')) {
1607 /* Display or change the sstep_flags */
1610 /* Display current setting */
1611 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1616 type = strtoul(p, (char **)&p, 16);
1618 put_packet(s, "OK");
1620 } else if (strcmp(p,"C") == 0) {
1622 * "Current thread" remains vague in the spec, so always return
1623 * the first thread of the current process (gdb returns the
1626 cpu = get_first_cpu_in_process(s, gdb_get_cpu_process(s, s->g_cpu));
1627 snprintf(buf, sizeof(buf), "QC%s",
1628 gdb_fmt_thread_id(s, cpu, thread_id, sizeof(thread_id)));
1631 } else if (strcmp(p,"fThreadInfo") == 0) {
1632 s->query_cpu = gdb_first_attached_cpu(s);
1633 goto report_cpuinfo;
1634 } else if (strcmp(p,"sThreadInfo") == 0) {
1637 snprintf(buf, sizeof(buf), "m%s",
1638 gdb_fmt_thread_id(s, s->query_cpu,
1639 thread_id, sizeof(thread_id)));
1641 s->query_cpu = gdb_next_attached_cpu(s, s->query_cpu);
1645 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1646 if (read_thread_id(p + 16, &p, &pid, &tid) == GDB_READ_THREAD_ERR) {
1647 put_packet(s, "E22");
1650 cpu = gdb_get_cpu(s, pid, tid);
1652 cpu_synchronize_state(cpu);
1654 if (s->multiprocess && (s->process_num > 1)) {
1655 /* Print the CPU model and name in multiprocess mode */
1656 ObjectClass *oc = object_get_class(OBJECT(cpu));
1657 const char *cpu_model = object_class_get_name(oc);
1659 object_get_canonical_path_component(OBJECT(cpu));
1660 len = snprintf((char *)mem_buf, sizeof(buf) / 2,
1661 "%s %s [%s]", cpu_model, cpu_name,
1662 cpu->halted ? "halted " : "running");
1665 /* memtohex() doubles the required space */
1666 len = snprintf((char *)mem_buf, sizeof(buf) / 2,
1667 "CPU#%d [%s]", cpu->cpu_index,
1668 cpu->halted ? "halted " : "running");
1670 trace_gdbstub_op_extra_info((char *)mem_buf);
1671 memtohex(buf, mem_buf, len);
1676 #ifdef CONFIG_USER_ONLY
1677 else if (strcmp(p, "Offsets") == 0) {
1678 TaskState *ts = s->c_cpu->opaque;
1680 snprintf(buf, sizeof(buf),
1681 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1682 ";Bss=" TARGET_ABI_FMT_lx,
1683 ts->info->code_offset,
1684 ts->info->data_offset,
1685 ts->info->data_offset);
1689 #else /* !CONFIG_USER_ONLY */
1690 else if (strncmp(p, "Rcmd,", 5) == 0) {
1691 int len = strlen(p + 5);
1693 if ((len % 2) != 0) {
1694 put_packet(s, "E01");
1698 hextomem(mem_buf, p + 5, len);
1700 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1701 put_packet(s, "OK");
1704 #endif /* !CONFIG_USER_ONLY */
1705 if (is_query_packet(p, "Supported", ':')) {
1706 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1707 cc = CPU_GET_CLASS(first_cpu);
1708 if (cc->gdb_core_xml_file != NULL) {
1709 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1712 if (strstr(p, "multiprocess+")) {
1713 s->multiprocess = true;
1715 pstrcat(buf, sizeof(buf), ";multiprocess+");
1720 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1722 target_ulong total_len;
1724 process = gdb_get_cpu_process(s, s->g_cpu);
1725 cc = CPU_GET_CLASS(s->g_cpu);
1726 if (cc->gdb_core_xml_file == NULL) {
1727 goto unknown_command;
1732 xml = get_feature_xml(s, p, &p, process);
1734 snprintf(buf, sizeof(buf), "E00");
1741 addr = strtoul(p, (char **)&p, 16);
1744 len = strtoul(p, (char **)&p, 16);
1746 total_len = strlen(xml);
1747 if (addr > total_len) {
1748 snprintf(buf, sizeof(buf), "E00");
1752 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1753 len = (MAX_PACKET_LENGTH - 5) / 2;
1754 if (len < total_len - addr) {
1756 len = memtox(buf + 1, xml + addr, len);
1759 len = memtox(buf + 1, xml + addr, total_len - addr);
1761 put_packet_binary(s, buf, len + 1, true);
1764 if (is_query_packet(p, "Attached", ':')) {
1765 put_packet(s, GDB_ATTACHED);
1768 /* Unrecognised 'q' command. */
1769 goto unknown_command;
1773 /* put empty packet */
1781 void gdb_set_stop_cpu(CPUState *cpu)
1783 GDBProcess *p = gdb_get_cpu_process(gdbserver_state, cpu);
1787 * Having a stop CPU corresponding to a process that is not attached
1788 * confuses GDB. So we ignore the request.
1793 gdbserver_state->c_cpu = cpu;
1794 gdbserver_state->g_cpu = cpu;
1797 #ifndef CONFIG_USER_ONLY
1798 static void gdb_vm_state_change(void *opaque, int running, RunState state)
1800 GDBState *s = gdbserver_state;
1801 CPUState *cpu = s->c_cpu;
1807 if (running || s->state == RS_INACTIVE) {
1810 /* Is there a GDB syscall waiting to be sent? */
1811 if (s->current_syscall_cb) {
1812 put_packet(s, s->syscall_buf);
1817 /* No process attached */
1821 gdb_fmt_thread_id(s, cpu, thread_id, sizeof(thread_id));
1824 case RUN_STATE_DEBUG:
1825 if (cpu->watchpoint_hit) {
1826 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
1837 trace_gdbstub_hit_watchpoint(type, cpu_gdb_index(cpu),
1838 (target_ulong)cpu->watchpoint_hit->vaddr);
1839 snprintf(buf, sizeof(buf),
1840 "T%02xthread:%s;%swatch:" TARGET_FMT_lx ";",
1841 GDB_SIGNAL_TRAP, thread_id, type,
1842 (target_ulong)cpu->watchpoint_hit->vaddr);
1843 cpu->watchpoint_hit = NULL;
1846 trace_gdbstub_hit_break();
1849 ret = GDB_SIGNAL_TRAP;
1851 case RUN_STATE_PAUSED:
1852 trace_gdbstub_hit_paused();
1853 ret = GDB_SIGNAL_INT;
1855 case RUN_STATE_SHUTDOWN:
1856 trace_gdbstub_hit_shutdown();
1857 ret = GDB_SIGNAL_QUIT;
1859 case RUN_STATE_IO_ERROR:
1860 trace_gdbstub_hit_io_error();
1861 ret = GDB_SIGNAL_IO;
1863 case RUN_STATE_WATCHDOG:
1864 trace_gdbstub_hit_watchdog();
1865 ret = GDB_SIGNAL_ALRM;
1867 case RUN_STATE_INTERNAL_ERROR:
1868 trace_gdbstub_hit_internal_error();
1869 ret = GDB_SIGNAL_ABRT;
1871 case RUN_STATE_SAVE_VM:
1872 case RUN_STATE_RESTORE_VM:
1874 case RUN_STATE_FINISH_MIGRATE:
1875 ret = GDB_SIGNAL_XCPU;
1878 trace_gdbstub_hit_unknown(state);
1879 ret = GDB_SIGNAL_UNKNOWN;
1882 gdb_set_stop_cpu(cpu);
1883 snprintf(buf, sizeof(buf), "T%02xthread:%s;", ret, thread_id);
1888 /* disable single step if it was enabled */
1889 cpu_single_step(cpu, 0);
1893 /* Send a gdb syscall request.
1894 This accepts limited printf-style format specifiers, specifically:
1895 %x - target_ulong argument printed in hex.
1896 %lx - 64-bit argument printed in hex.
1897 %s - string pointer (target_ulong) and length (int) pair. */
1898 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
1906 s = gdbserver_state;
1909 s->current_syscall_cb = cb;
1910 #ifndef CONFIG_USER_ONLY
1911 vm_stop(RUN_STATE_DEBUG);
1914 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
1921 addr = va_arg(va, target_ulong);
1922 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
1925 if (*(fmt++) != 'x')
1927 i64 = va_arg(va, uint64_t);
1928 p += snprintf(p, p_end - p, "%" PRIx64, i64);
1931 addr = va_arg(va, target_ulong);
1932 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
1933 addr, va_arg(va, int));
1937 error_report("gdbstub: Bad syscall format string '%s'",
1946 #ifdef CONFIG_USER_ONLY
1947 put_packet(s, s->syscall_buf);
1948 /* Return control to gdb for it to process the syscall request.
1949 * Since the protocol requires that gdb hands control back to us
1950 * using a "here are the results" F packet, we don't need to check
1951 * gdb_handlesig's return value (which is the signal to deliver if
1952 * execution was resumed via a continue packet).
1954 gdb_handlesig(s->c_cpu, 0);
1956 /* In this case wait to send the syscall packet until notification that
1957 the CPU has stopped. This must be done because if the packet is sent
1958 now the reply from the syscall request could be received while the CPU
1959 is still in the running state, which can cause packets to be dropped
1960 and state transition 'T' packets to be sent while the syscall is still
1962 qemu_cpu_kick(s->c_cpu);
1966 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1971 gdb_do_syscallv(cb, fmt, va);
1975 static void gdb_read_byte(GDBState *s, int ch)
1979 #ifndef CONFIG_USER_ONLY
1980 if (s->last_packet_len) {
1981 /* Waiting for a response to the last packet. If we see the start
1982 of a new command then abandon the previous response. */
1984 trace_gdbstub_err_got_nack();
1985 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
1986 } else if (ch == '+') {
1987 trace_gdbstub_io_got_ack();
1989 trace_gdbstub_io_got_unexpected((uint8_t)ch);
1992 if (ch == '+' || ch == '$')
1993 s->last_packet_len = 0;
1997 if (runstate_is_running()) {
1998 /* when the CPU is running, we cannot do anything except stop
1999 it when receiving a char */
2000 vm_stop(RUN_STATE_PAUSED);
2007 /* start of command packet */
2008 s->line_buf_index = 0;
2010 s->state = RS_GETLINE;
2012 trace_gdbstub_err_garbage((uint8_t)ch);
2017 /* start escape sequence */
2018 s->state = RS_GETLINE_ESC;
2020 } else if (ch == '*') {
2021 /* start run length encoding sequence */
2022 s->state = RS_GETLINE_RLE;
2024 } else if (ch == '#') {
2025 /* end of command, start of checksum*/
2026 s->state = RS_CHKSUM1;
2027 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
2028 trace_gdbstub_err_overrun();
2031 /* unescaped command character */
2032 s->line_buf[s->line_buf_index++] = ch;
2036 case RS_GETLINE_ESC:
2038 /* unexpected end of command in escape sequence */
2039 s->state = RS_CHKSUM1;
2040 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
2041 /* command buffer overrun */
2042 trace_gdbstub_err_overrun();
2045 /* parse escaped character and leave escape state */
2046 s->line_buf[s->line_buf_index++] = ch ^ 0x20;
2048 s->state = RS_GETLINE;
2051 case RS_GETLINE_RLE:
2053 /* invalid RLE count encoding */
2054 trace_gdbstub_err_invalid_repeat((uint8_t)ch);
2055 s->state = RS_GETLINE;
2057 /* decode repeat length */
2058 int repeat = (unsigned char)ch - ' ' + 3;
2059 if (s->line_buf_index + repeat >= sizeof(s->line_buf) - 1) {
2060 /* that many repeats would overrun the command buffer */
2061 trace_gdbstub_err_overrun();
2063 } else if (s->line_buf_index < 1) {
2064 /* got a repeat but we have nothing to repeat */
2065 trace_gdbstub_err_invalid_rle();
2066 s->state = RS_GETLINE;
2068 /* repeat the last character */
2069 memset(s->line_buf + s->line_buf_index,
2070 s->line_buf[s->line_buf_index - 1], repeat);
2071 s->line_buf_index += repeat;
2073 s->state = RS_GETLINE;
2078 /* get high hex digit of checksum */
2079 if (!isxdigit(ch)) {
2080 trace_gdbstub_err_checksum_invalid((uint8_t)ch);
2081 s->state = RS_GETLINE;
2084 s->line_buf[s->line_buf_index] = '\0';
2085 s->line_csum = fromhex(ch) << 4;
2086 s->state = RS_CHKSUM2;
2089 /* get low hex digit of checksum */
2090 if (!isxdigit(ch)) {
2091 trace_gdbstub_err_checksum_invalid((uint8_t)ch);
2092 s->state = RS_GETLINE;
2095 s->line_csum |= fromhex(ch);
2097 if (s->line_csum != (s->line_sum & 0xff)) {
2098 trace_gdbstub_err_checksum_incorrect(s->line_sum, s->line_csum);
2099 /* send NAK reply */
2101 put_buffer(s, &reply, 1);
2104 /* send ACK reply */
2106 put_buffer(s, &reply, 1);
2107 s->state = gdb_handle_packet(s, s->line_buf);
2116 /* Tell the remote gdb that the process has exited. */
2117 void gdb_exit(CPUArchState *env, int code)
2122 s = gdbserver_state;
2126 #ifdef CONFIG_USER_ONLY
2127 if (gdbserver_fd < 0 || s->fd < 0) {
2132 trace_gdbstub_op_exiting((uint8_t)code);
2134 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
2137 #ifndef CONFIG_USER_ONLY
2138 qemu_chr_fe_deinit(&s->chr, true);
2143 * Create the process that will contain all the "orphan" CPUs (that are not
2144 * part of a CPU cluster). Note that if this process contains no CPUs, it won't
2145 * be attachable and thus will be invisible to the user.
2147 static void create_default_process(GDBState *s)
2149 GDBProcess *process;
2152 if (s->process_num) {
2153 max_pid = s->processes[s->process_num - 1].pid;
2156 s->processes = g_renew(GDBProcess, s->processes, ++s->process_num);
2157 process = &s->processes[s->process_num - 1];
2159 /* We need an available PID slot for this process */
2160 assert(max_pid < UINT32_MAX);
2162 process->pid = max_pid + 1;
2163 process->attached = false;
2164 process->target_xml[0] = '\0';
2167 #ifdef CONFIG_USER_ONLY
2169 gdb_handlesig(CPUState *cpu, int sig)
2175 s = gdbserver_state;
2176 if (gdbserver_fd < 0 || s->fd < 0) {
2180 /* disable single step if it was enabled */
2181 cpu_single_step(cpu, 0);
2185 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
2188 /* put_packet() might have detected that the peer terminated the
2196 s->running_state = 0;
2197 while (s->running_state == 0) {
2198 n = read(s->fd, buf, 256);
2202 for (i = 0; i < n; i++) {
2203 gdb_read_byte(s, buf[i]);
2206 /* XXX: Connection closed. Should probably wait for another
2207 connection before continuing. */
2220 /* Tell the remote gdb that the process has exited due to SIG. */
2221 void gdb_signalled(CPUArchState *env, int sig)
2226 s = gdbserver_state;
2227 if (gdbserver_fd < 0 || s->fd < 0) {
2231 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
2235 static bool gdb_accept(void)
2238 struct sockaddr_in sockaddr;
2243 len = sizeof(sockaddr);
2244 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
2245 if (fd < 0 && errno != EINTR) {
2248 } else if (fd >= 0) {
2249 qemu_set_cloexec(fd);
2254 /* set short latency */
2255 if (socket_set_nodelay(fd)) {
2256 perror("setsockopt");
2261 s = g_malloc0(sizeof(GDBState));
2262 create_default_process(s);
2263 s->processes[0].attached = true;
2264 s->c_cpu = gdb_first_attached_cpu(s);
2265 s->g_cpu = s->c_cpu;
2267 gdb_has_xml = false;
2269 gdbserver_state = s;
2273 static int gdbserver_open(int port)
2275 struct sockaddr_in sockaddr;
2278 fd = socket(PF_INET, SOCK_STREAM, 0);
2283 qemu_set_cloexec(fd);
2285 socket_set_fast_reuse(fd);
2287 sockaddr.sin_family = AF_INET;
2288 sockaddr.sin_port = htons(port);
2289 sockaddr.sin_addr.s_addr = 0;
2290 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
2296 ret = listen(fd, 1);
2305 int gdbserver_start(int port)
2307 gdbserver_fd = gdbserver_open(port);
2308 if (gdbserver_fd < 0)
2310 /* accept connections */
2311 if (!gdb_accept()) {
2312 close(gdbserver_fd);
2319 /* Disable gdb stub for child processes. */
2320 void gdbserver_fork(CPUState *cpu)
2322 GDBState *s = gdbserver_state;
2324 if (gdbserver_fd < 0 || s->fd < 0) {
2329 cpu_breakpoint_remove_all(cpu, BP_GDB);
2330 cpu_watchpoint_remove_all(cpu, BP_GDB);
2333 static int gdb_chr_can_receive(void *opaque)
2335 /* We can handle an arbitrarily large amount of data.
2336 Pick the maximum packet size, which is as good as anything. */
2337 return MAX_PACKET_LENGTH;
2340 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
2344 for (i = 0; i < size; i++) {
2345 gdb_read_byte(gdbserver_state, buf[i]);
2349 static void gdb_chr_event(void *opaque, int event)
2352 GDBState *s = (GDBState *) opaque;
2355 case CHR_EVENT_OPENED:
2356 /* Start with first process attached, others detached */
2357 for (i = 0; i < s->process_num; i++) {
2358 s->processes[i].attached = !i;
2361 s->c_cpu = gdb_first_attached_cpu(s);
2362 s->g_cpu = s->c_cpu;
2364 vm_stop(RUN_STATE_PAUSED);
2365 gdb_has_xml = false;
2372 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
2374 char buf[MAX_PACKET_LENGTH];
2377 if (len > (MAX_PACKET_LENGTH/2) - 1)
2378 len = (MAX_PACKET_LENGTH/2) - 1;
2379 memtohex(buf + 1, (uint8_t *)msg, len);
2383 static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len)
2385 const char *p = (const char *)buf;
2388 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
2390 if (len <= max_sz) {
2391 gdb_monitor_output(gdbserver_state, p, len);
2394 gdb_monitor_output(gdbserver_state, p, max_sz);
2402 static void gdb_sigterm_handler(int signal)
2404 if (runstate_is_running()) {
2405 vm_stop(RUN_STATE_PAUSED);
2410 static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend,
2411 bool *be_opened, Error **errp)
2416 static void char_gdb_class_init(ObjectClass *oc, void *data)
2418 ChardevClass *cc = CHARDEV_CLASS(oc);
2420 cc->internal = true;
2421 cc->open = gdb_monitor_open;
2422 cc->chr_write = gdb_monitor_write;
2425 #define TYPE_CHARDEV_GDB "chardev-gdb"
2427 static const TypeInfo char_gdb_type_info = {
2428 .name = TYPE_CHARDEV_GDB,
2429 .parent = TYPE_CHARDEV,
2430 .class_init = char_gdb_class_init,
2433 static int find_cpu_clusters(Object *child, void *opaque)
2435 if (object_dynamic_cast(child, TYPE_CPU_CLUSTER)) {
2436 GDBState *s = (GDBState *) opaque;
2437 CPUClusterState *cluster = CPU_CLUSTER(child);
2438 GDBProcess *process;
2440 s->processes = g_renew(GDBProcess, s->processes, ++s->process_num);
2442 process = &s->processes[s->process_num - 1];
2445 * GDB process IDs -1 and 0 are reserved. To avoid subtle errors at
2446 * runtime, we enforce here that the machine does not use a cluster ID
2447 * that would lead to PID 0.
2449 assert(cluster->cluster_id != UINT32_MAX);
2450 process->pid = cluster->cluster_id + 1;
2451 process->attached = false;
2452 process->target_xml[0] = '\0';
2457 return object_child_foreach(child, find_cpu_clusters, opaque);
2460 static int pid_order(const void *a, const void *b)
2462 GDBProcess *pa = (GDBProcess *) a;
2463 GDBProcess *pb = (GDBProcess *) b;
2465 if (pa->pid < pb->pid) {
2467 } else if (pa->pid > pb->pid) {
2474 static void create_processes(GDBState *s)
2476 object_child_foreach(object_get_root(), find_cpu_clusters, s);
2480 qsort(s->processes, s->process_num, sizeof(s->processes[0]), pid_order);
2483 create_default_process(s);
2486 static void cleanup_processes(GDBState *s)
2488 g_free(s->processes);
2490 s->processes = NULL;
2493 int gdbserver_start(const char *device)
2495 trace_gdbstub_op_start(device);
2498 char gdbstub_device_name[128];
2499 Chardev *chr = NULL;
2503 error_report("gdbstub: meaningless to attach gdb to a "
2504 "machine without any CPU.");
2510 if (strcmp(device, "none") != 0) {
2511 if (strstart(device, "tcp:", NULL)) {
2512 /* enforce required TCP attributes */
2513 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
2514 "%s,nowait,nodelay,server", device);
2515 device = gdbstub_device_name;
2518 else if (strcmp(device, "stdio") == 0) {
2519 struct sigaction act;
2521 memset(&act, 0, sizeof(act));
2522 act.sa_handler = gdb_sigterm_handler;
2523 sigaction(SIGINT, &act, NULL);
2527 * FIXME: it's a bit weird to allow using a mux chardev here
2528 * and implicitly setup a monitor. We may want to break this.
2530 chr = qemu_chr_new_noreplay("gdb", device, true);
2535 s = gdbserver_state;
2537 s = g_malloc0(sizeof(GDBState));
2538 gdbserver_state = s;
2540 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
2542 /* Initialize a monitor terminal for gdb */
2543 mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB,
2544 NULL, &error_abort);
2545 monitor_init(mon_chr, 0);
2547 qemu_chr_fe_deinit(&s->chr, true);
2548 mon_chr = s->mon_chr;
2549 cleanup_processes(s);
2550 memset(s, 0, sizeof(GDBState));
2551 s->mon_chr = mon_chr;
2554 create_processes(s);
2557 qemu_chr_fe_init(&s->chr, chr, &error_abort);
2558 qemu_chr_fe_set_handlers(&s->chr, gdb_chr_can_receive, gdb_chr_receive,
2559 gdb_chr_event, NULL, s, NULL, true);
2561 s->state = chr ? RS_IDLE : RS_INACTIVE;
2562 s->mon_chr = mon_chr;
2563 s->current_syscall_cb = NULL;
2568 void gdbserver_cleanup(void)
2570 if (gdbserver_state) {
2571 put_packet(gdbserver_state, "W00");
2575 static void register_types(void)
2577 type_register_static(&char_gdb_type_info);
2580 type_init(register_types);
projects / qemu.git / blob