4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #include "qemu/error-report.h"
22 #include "qemu/cutils.h"
24 #ifdef CONFIG_USER_ONLY
27 #include "monitor/monitor.h"
28 #include "sysemu/char.h"
29 #include "sysemu/sysemu.h"
30 #include "exec/gdbstub.h"
33 #define MAX_PACKET_LENGTH 4096
35 #include "qemu/sockets.h"
36 #include "sysemu/hw_accel.h"
37 #include "sysemu/kvm.h"
38 #include "exec/semihost.h"
39 #include "exec/exec-all.h"
41 #ifdef CONFIG_USER_ONLY
42 #define GDB_ATTACHED "0"
44 #define GDB_ATTACHED "1"
47 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
48 uint8_t *buf, int len, bool is_write)
50 CPUClass *cc = CPU_GET_CLASS(cpu);
52 if (cc->memory_rw_debug) {
53 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
55 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
67 GDB_SIGNAL_UNKNOWN = 143
70 #ifdef CONFIG_USER_ONLY
72 /* Map target signal numbers to GDB protocol signal numbers and vice
73 * versa. For user emulation's currently supported systems, we can
74 * assume most signals are defined.
77 static int gdb_signal_table[] = {
237 /* In system mode we only need SIGINT and SIGTRAP; other signals
238 are not yet supported. */
245 static int gdb_signal_table[] = {
255 #ifdef CONFIG_USER_ONLY
256 static int target_signal_to_gdb (int sig)
259 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
260 if (gdb_signal_table[i] == sig)
262 return GDB_SIGNAL_UNKNOWN;
266 static int gdb_signal_to_target (int sig)
268 if (sig < ARRAY_SIZE (gdb_signal_table))
269 return gdb_signal_table[sig];
276 typedef struct GDBRegisterState {
282 struct GDBRegisterState *next;
292 typedef struct GDBState {
293 CPUState *c_cpu; /* current CPU for step/continue ops */
294 CPUState *g_cpu; /* current CPU for other ops */
295 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
296 enum RSState state; /* parsing state */
297 char line_buf[MAX_PACKET_LENGTH];
300 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
303 #ifdef CONFIG_USER_ONLY
310 char syscall_buf[256];
311 gdb_syscall_complete_cb current_syscall_cb;
314 /* By default use no IRQs and no timers while single stepping so as to
315 * make single stepping like an ICE HW step.
317 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
319 static GDBState *gdbserver_state;
323 #ifdef CONFIG_USER_ONLY
324 /* XXX: This is not thread safe. Do we care? */
325 static int gdbserver_fd = -1;
327 static int get_char(GDBState *s)
333 ret = qemu_recv(s->fd, &ch, 1, 0);
335 if (errno == ECONNRESET)
339 } else if (ret == 0) {
357 /* Decide if either remote gdb syscalls or native file IO should be used. */
358 int use_gdb_syscalls(void)
360 SemihostingTarget target = semihosting_get_target();
361 if (target == SEMIHOSTING_TARGET_NATIVE) {
362 /* -semihosting-config target=native */
364 } else if (target == SEMIHOSTING_TARGET_GDB) {
365 /* -semihosting-config target=gdb */
369 /* -semihosting-config target=auto */
370 /* On the first call check if gdb is connected and remember. */
371 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
372 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
375 return gdb_syscall_mode == GDB_SYS_ENABLED;
378 /* Resume execution. */
379 static inline void gdb_continue(GDBState *s)
381 #ifdef CONFIG_USER_ONLY
382 s->running_state = 1;
384 if (!runstate_needs_reset()) {
391 * Resume execution, per CPU actions. For user-mode emulation it's
392 * equivalent to gdb_continue.
394 static int gdb_continue_partial(GDBState *s, char *newstates)
398 #ifdef CONFIG_USER_ONLY
400 * This is not exactly accurate, but it's an improvement compared to the
401 * previous situation, where only one CPU would be single-stepped.
404 if (newstates[cpu->cpu_index] == 's') {
405 cpu_single_step(cpu, sstep_flags);
408 s->running_state = 1;
412 if (!runstate_needs_reset()) {
413 if (vm_prepare_start()) {
418 switch (newstates[cpu->cpu_index]) {
421 break; /* nothing to do here */
423 cpu_single_step(cpu, sstep_flags);
438 qemu_clock_enable(QEMU_CLOCK_VIRTUAL, true);
444 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
446 #ifdef CONFIG_USER_ONLY
450 ret = send(s->fd, buf, len, 0);
460 /* XXX this blocks entire thread. Rewrite to use
461 * qemu_chr_fe_write and background I/O callbacks */
462 qemu_chr_fe_write_all(&s->chr, buf, len);
466 static inline int fromhex(int v)
468 if (v >= '0' && v <= '9')
470 else if (v >= 'A' && v <= 'F')
472 else if (v >= 'a' && v <= 'f')
478 static inline int tohex(int v)
486 static void memtohex(char *buf, const uint8_t *mem, int len)
491 for(i = 0; i < len; i++) {
493 *q++ = tohex(c >> 4);
494 *q++ = tohex(c & 0xf);
499 static void hextomem(uint8_t *mem, const char *buf, int len)
503 for(i = 0; i < len; i++) {
504 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
509 /* return -1 if error, 0 if OK */
510 static int put_packet_binary(GDBState *s, const char *buf, int len)
521 for(i = 0; i < len; i++) {
525 *(p++) = tohex((csum >> 4) & 0xf);
526 *(p++) = tohex((csum) & 0xf);
528 s->last_packet_len = p - s->last_packet;
529 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
531 #ifdef CONFIG_USER_ONLY
544 /* return -1 if error, 0 if OK */
545 static int put_packet(GDBState *s, const char *buf)
548 printf("reply='%s'\n", buf);
551 return put_packet_binary(s, buf, strlen(buf));
554 /* Encode data using the encoding for 'x' packets. */
555 static int memtox(char *buf, const char *mem, int len)
563 case '#': case '$': case '*': case '}':
575 static const char *get_feature_xml(const char *p, const char **newp,
581 static char target_xml[1024];
584 while (p[len] && p[len] != ':')
589 if (strncmp(p, "target.xml", len) == 0) {
590 /* Generate the XML description for this CPU. */
591 if (!target_xml[0]) {
593 CPUState *cpu = first_cpu;
595 pstrcat(target_xml, sizeof(target_xml),
596 "<?xml version=\"1.0\"?>"
597 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
599 if (cc->gdb_arch_name) {
600 gchar *arch = cc->gdb_arch_name(cpu);
601 pstrcat(target_xml, sizeof(target_xml), "<architecture>");
602 pstrcat(target_xml, sizeof(target_xml), arch);
603 pstrcat(target_xml, sizeof(target_xml), "</architecture>");
606 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
607 pstrcat(target_xml, sizeof(target_xml), cc->gdb_core_xml_file);
608 pstrcat(target_xml, sizeof(target_xml), "\"/>");
609 for (r = cpu->gdb_regs; r; r = r->next) {
610 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
611 pstrcat(target_xml, sizeof(target_xml), r->xml);
612 pstrcat(target_xml, sizeof(target_xml), "\"/>");
614 pstrcat(target_xml, sizeof(target_xml), "</target>");
619 name = xml_builtin[i][0];
620 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
623 return name ? xml_builtin[i][1] : NULL;
626 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
628 CPUClass *cc = CPU_GET_CLASS(cpu);
629 CPUArchState *env = cpu->env_ptr;
632 if (reg < cc->gdb_num_core_regs) {
633 return cc->gdb_read_register(cpu, mem_buf, reg);
636 for (r = cpu->gdb_regs; r; r = r->next) {
637 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
638 return r->get_reg(env, mem_buf, reg - r->base_reg);
644 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
646 CPUClass *cc = CPU_GET_CLASS(cpu);
647 CPUArchState *env = cpu->env_ptr;
650 if (reg < cc->gdb_num_core_regs) {
651 return cc->gdb_write_register(cpu, mem_buf, reg);
654 for (r = cpu->gdb_regs; r; r = r->next) {
655 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
656 return r->set_reg(env, mem_buf, reg - r->base_reg);
662 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
663 specifies the first register number and these registers are included in
664 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
665 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
668 void gdb_register_coprocessor(CPUState *cpu,
669 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
670 int num_regs, const char *xml, int g_pos)
673 GDBRegisterState **p;
677 /* Check for duplicates. */
678 if (strcmp((*p)->xml, xml) == 0)
683 s = g_new0(GDBRegisterState, 1);
684 s->base_reg = cpu->gdb_num_regs;
685 s->num_regs = num_regs;
686 s->get_reg = get_reg;
687 s->set_reg = set_reg;
690 /* Add to end of list. */
691 cpu->gdb_num_regs += num_regs;
694 if (g_pos != s->base_reg) {
695 error_report("Error: Bad gdb register numbering for '%s', "
696 "expected %d got %d", xml, g_pos, s->base_reg);
698 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
703 #ifndef CONFIG_USER_ONLY
704 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
705 static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
707 static const int xlat[] = {
708 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
709 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
710 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
713 CPUClass *cc = CPU_GET_CLASS(cpu);
714 int cputype = xlat[gdbtype];
716 if (cc->gdb_stop_before_watchpoint) {
717 cputype |= BP_STOP_BEFORE_ACCESS;
723 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
729 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
733 case GDB_BREAKPOINT_SW:
734 case GDB_BREAKPOINT_HW:
736 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
742 #ifndef CONFIG_USER_ONLY
743 case GDB_WATCHPOINT_WRITE:
744 case GDB_WATCHPOINT_READ:
745 case GDB_WATCHPOINT_ACCESS:
747 err = cpu_watchpoint_insert(cpu, addr, len,
748 xlat_gdb_type(cpu, type), NULL);
760 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
766 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
770 case GDB_BREAKPOINT_SW:
771 case GDB_BREAKPOINT_HW:
773 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
779 #ifndef CONFIG_USER_ONLY
780 case GDB_WATCHPOINT_WRITE:
781 case GDB_WATCHPOINT_READ:
782 case GDB_WATCHPOINT_ACCESS:
784 err = cpu_watchpoint_remove(cpu, addr, len,
785 xlat_gdb_type(cpu, type));
796 static void gdb_breakpoint_remove_all(void)
801 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
806 cpu_breakpoint_remove_all(cpu, BP_GDB);
807 #ifndef CONFIG_USER_ONLY
808 cpu_watchpoint_remove_all(cpu, BP_GDB);
813 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
815 CPUState *cpu = s->c_cpu;
817 cpu_synchronize_state(cpu);
821 static CPUState *find_cpu(uint32_t thread_id)
826 if (cpu_index(cpu) == thread_id) {
834 static int is_query_packet(const char *p, const char *query, char separator)
836 unsigned int query_len = strlen(query);
838 return strncmp(p, query, query_len) == 0 &&
839 (p[query_len] == '\0' || p[query_len] == separator);
843 * gdb_handle_vcont - Parses and handles a vCont packet.
844 * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
845 * a format error, 0 on success.
847 static int gdb_handle_vcont(GDBState *s, const char *p)
849 int res, idx, signal = 0;
854 #ifdef CONFIG_USER_ONLY
855 int max_cpus = 1; /* global variable max_cpus exists only in system mode */
858 max_cpus = max_cpus <= cpu->cpu_index ? cpu->cpu_index + 1 : max_cpus;
861 /* uninitialised CPUs stay 0 */
862 newstates = g_new0(char, max_cpus);
864 /* mark valid CPUs with 1 */
866 newstates[cpu->cpu_index] = 1;
870 * res keeps track of what error we are returning, with -ENOTSUP meaning
871 * that the command is unknown or unsupported, thus returning an empty
872 * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
873 * or incorrect parameters passed.
883 if (cur_action == 'C' || cur_action == 'S') {
884 cur_action = tolower(cur_action);
885 res = qemu_strtoul(p + 1, &p, 16, &tmp);
889 signal = gdb_signal_to_target(tmp);
890 } else if (cur_action != 'c' && cur_action != 's') {
891 /* unknown/invalid/unsupported command */
895 /* thread specification. special values: (none), -1 = all; 0 = any */
896 if ((p[0] == ':' && p[1] == '-' && p[2] == '1') || (p[0] != ':')) {
900 for (idx = 0; idx < max_cpus; idx++) {
901 if (newstates[idx] == 1) {
902 newstates[idx] = cur_action;
905 } else if (*p == ':') {
907 res = qemu_strtoul(p, &p, 16, &tmp);
912 /* 0 means any thread, so we pick the first valid CPU */
914 idx = cpu_index(first_cpu);
918 * If we are in user mode, the thread specified is actually a
919 * thread id, and not an index. We need to find the actual
920 * CPU first, and only then we can use its index.
923 /* invalid CPU/thread specified */
928 /* only use if no previous match occourred */
929 if (newstates[cpu->cpu_index] == 1) {
930 newstates[cpu->cpu_index] = cur_action;
935 gdb_continue_partial(s, newstates);
943 static int gdb_handle_packet(GDBState *s, const char *line_buf)
949 int ch, reg_size, type, res;
950 char buf[MAX_PACKET_LENGTH];
951 uint8_t mem_buf[MAX_PACKET_LENGTH];
953 target_ulong addr, len;
956 printf("command='%s'\n", line_buf);
962 /* TODO: Make this return the correct value for user-mode. */
963 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
964 cpu_index(s->c_cpu));
966 /* Remove all the breakpoints when this query is issued,
967 * because gdb is doing and initial connect and the state
968 * should be cleaned up.
970 gdb_breakpoint_remove_all();
974 addr = strtoull(p, (char **)&p, 16);
975 gdb_set_cpu_pc(s, addr);
981 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
987 if (strncmp(p, "Cont", 4) == 0) {
990 put_packet(s, "vCont;c;C;s;S");
994 res = gdb_handle_vcont(s, p);
997 if ((res == -EINVAL) || (res == -ERANGE)) {
998 put_packet(s, "E22");
1001 goto unknown_command;
1005 goto unknown_command;
1008 /* Kill the target */
1009 error_report("QEMU: Terminated via GDBstub");
1013 gdb_breakpoint_remove_all();
1014 gdb_syscall_mode = GDB_SYS_DISABLED;
1016 put_packet(s, "OK");
1020 addr = strtoull(p, (char **)&p, 16);
1021 gdb_set_cpu_pc(s, addr);
1023 cpu_single_step(s->c_cpu, sstep_flags);
1031 ret = strtoull(p, (char **)&p, 16);
1034 err = strtoull(p, (char **)&p, 16);
1041 if (s->current_syscall_cb) {
1042 s->current_syscall_cb(s->c_cpu, ret, err);
1043 s->current_syscall_cb = NULL;
1046 put_packet(s, "T02");
1053 cpu_synchronize_state(s->g_cpu);
1055 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs; addr++) {
1056 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
1059 memtohex(buf, mem_buf, len);
1063 cpu_synchronize_state(s->g_cpu);
1064 registers = mem_buf;
1065 len = strlen(p) / 2;
1066 hextomem((uint8_t *)registers, p, len);
1067 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs && len > 0; addr++) {
1068 reg_size = gdb_write_register(s->g_cpu, registers, addr);
1070 registers += reg_size;
1072 put_packet(s, "OK");
1075 addr = strtoull(p, (char **)&p, 16);
1078 len = strtoull(p, NULL, 16);
1080 /* memtohex() doubles the required space */
1081 if (len > MAX_PACKET_LENGTH / 2) {
1082 put_packet (s, "E22");
1086 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
1087 put_packet (s, "E14");
1089 memtohex(buf, mem_buf, len);
1094 addr = strtoull(p, (char **)&p, 16);
1097 len = strtoull(p, (char **)&p, 16);
1101 /* hextomem() reads 2*len bytes */
1102 if (len > strlen(p) / 2) {
1103 put_packet (s, "E22");
1106 hextomem(mem_buf, p, len);
1107 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
1109 put_packet(s, "E14");
1111 put_packet(s, "OK");
1115 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1116 This works, but can be very slow. Anything new enough to
1117 understand XML also knows how to use this properly. */
1119 goto unknown_command;
1120 addr = strtoull(p, (char **)&p, 16);
1121 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1123 memtohex(buf, mem_buf, reg_size);
1126 put_packet(s, "E14");
1131 goto unknown_command;
1132 addr = strtoull(p, (char **)&p, 16);
1135 reg_size = strlen(p) / 2;
1136 hextomem(mem_buf, p, reg_size);
1137 gdb_write_register(s->g_cpu, mem_buf, addr);
1138 put_packet(s, "OK");
1142 type = strtoul(p, (char **)&p, 16);
1145 addr = strtoull(p, (char **)&p, 16);
1148 len = strtoull(p, (char **)&p, 16);
1150 res = gdb_breakpoint_insert(addr, len, type);
1152 res = gdb_breakpoint_remove(addr, len, type);
1154 put_packet(s, "OK");
1155 else if (res == -ENOSYS)
1158 put_packet(s, "E22");
1162 thread = strtoull(p, (char **)&p, 16);
1163 if (thread == -1 || thread == 0) {
1164 put_packet(s, "OK");
1167 cpu = find_cpu(thread);
1169 put_packet(s, "E22");
1175 put_packet(s, "OK");
1179 put_packet(s, "OK");
1182 put_packet(s, "E22");
1187 thread = strtoull(p, (char **)&p, 16);
1188 cpu = find_cpu(thread);
1191 put_packet(s, "OK");
1193 put_packet(s, "E22");
1198 /* parse any 'q' packets here */
1199 if (!strcmp(p,"qemu.sstepbits")) {
1200 /* Query Breakpoint bit definitions */
1201 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1207 } else if (is_query_packet(p, "qemu.sstep", '=')) {
1208 /* Display or change the sstep_flags */
1211 /* Display current setting */
1212 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1217 type = strtoul(p, (char **)&p, 16);
1219 put_packet(s, "OK");
1221 } else if (strcmp(p,"C") == 0) {
1222 /* "Current thread" remains vague in the spec, so always return
1223 * the first CPU (gdb returns the first thread). */
1224 put_packet(s, "QC1");
1226 } else if (strcmp(p,"fThreadInfo") == 0) {
1227 s->query_cpu = first_cpu;
1228 goto report_cpuinfo;
1229 } else if (strcmp(p,"sThreadInfo") == 0) {
1232 snprintf(buf, sizeof(buf), "m%x", cpu_index(s->query_cpu));
1234 s->query_cpu = CPU_NEXT(s->query_cpu);
1238 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1239 thread = strtoull(p+16, (char **)&p, 16);
1240 cpu = find_cpu(thread);
1242 cpu_synchronize_state(cpu);
1243 /* memtohex() doubles the required space */
1244 len = snprintf((char *)mem_buf, sizeof(buf) / 2,
1245 "CPU#%d [%s]", cpu->cpu_index,
1246 cpu->halted ? "halted " : "running");
1247 memtohex(buf, mem_buf, len);
1252 #ifdef CONFIG_USER_ONLY
1253 else if (strcmp(p, "Offsets") == 0) {
1254 TaskState *ts = s->c_cpu->opaque;
1256 snprintf(buf, sizeof(buf),
1257 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1258 ";Bss=" TARGET_ABI_FMT_lx,
1259 ts->info->code_offset,
1260 ts->info->data_offset,
1261 ts->info->data_offset);
1265 #else /* !CONFIG_USER_ONLY */
1266 else if (strncmp(p, "Rcmd,", 5) == 0) {
1267 int len = strlen(p + 5);
1269 if ((len % 2) != 0) {
1270 put_packet(s, "E01");
1274 hextomem(mem_buf, p + 5, len);
1276 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1277 put_packet(s, "OK");
1280 #endif /* !CONFIG_USER_ONLY */
1281 if (is_query_packet(p, "Supported", ':')) {
1282 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1283 cc = CPU_GET_CLASS(first_cpu);
1284 if (cc->gdb_core_xml_file != NULL) {
1285 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1290 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1292 target_ulong total_len;
1294 cc = CPU_GET_CLASS(first_cpu);
1295 if (cc->gdb_core_xml_file == NULL) {
1296 goto unknown_command;
1301 xml = get_feature_xml(p, &p, cc);
1303 snprintf(buf, sizeof(buf), "E00");
1310 addr = strtoul(p, (char **)&p, 16);
1313 len = strtoul(p, (char **)&p, 16);
1315 total_len = strlen(xml);
1316 if (addr > total_len) {
1317 snprintf(buf, sizeof(buf), "E00");
1321 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1322 len = (MAX_PACKET_LENGTH - 5) / 2;
1323 if (len < total_len - addr) {
1325 len = memtox(buf + 1, xml + addr, len);
1328 len = memtox(buf + 1, xml + addr, total_len - addr);
1330 put_packet_binary(s, buf, len + 1);
1333 if (is_query_packet(p, "Attached", ':')) {
1334 put_packet(s, GDB_ATTACHED);
1337 /* Unrecognised 'q' command. */
1338 goto unknown_command;
1342 /* put empty packet */
1350 void gdb_set_stop_cpu(CPUState *cpu)
1352 gdbserver_state->c_cpu = cpu;
1353 gdbserver_state->g_cpu = cpu;
1356 #ifndef CONFIG_USER_ONLY
1357 static void gdb_vm_state_change(void *opaque, int running, RunState state)
1359 GDBState *s = gdbserver_state;
1360 CPUState *cpu = s->c_cpu;
1365 if (running || s->state == RS_INACTIVE) {
1368 /* Is there a GDB syscall waiting to be sent? */
1369 if (s->current_syscall_cb) {
1370 put_packet(s, s->syscall_buf);
1374 case RUN_STATE_DEBUG:
1375 if (cpu->watchpoint_hit) {
1376 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
1387 snprintf(buf, sizeof(buf),
1388 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
1389 GDB_SIGNAL_TRAP, cpu_index(cpu), type,
1390 (target_ulong)cpu->watchpoint_hit->vaddr);
1391 cpu->watchpoint_hit = NULL;
1395 ret = GDB_SIGNAL_TRAP;
1397 case RUN_STATE_PAUSED:
1398 ret = GDB_SIGNAL_INT;
1400 case RUN_STATE_SHUTDOWN:
1401 ret = GDB_SIGNAL_QUIT;
1403 case RUN_STATE_IO_ERROR:
1404 ret = GDB_SIGNAL_IO;
1406 case RUN_STATE_WATCHDOG:
1407 ret = GDB_SIGNAL_ALRM;
1409 case RUN_STATE_INTERNAL_ERROR:
1410 ret = GDB_SIGNAL_ABRT;
1412 case RUN_STATE_SAVE_VM:
1413 case RUN_STATE_RESTORE_VM:
1415 case RUN_STATE_FINISH_MIGRATE:
1416 ret = GDB_SIGNAL_XCPU;
1419 ret = GDB_SIGNAL_UNKNOWN;
1422 gdb_set_stop_cpu(cpu);
1423 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_index(cpu));
1428 /* disable single step if it was enabled */
1429 cpu_single_step(cpu, 0);
1433 /* Send a gdb syscall request.
1434 This accepts limited printf-style format specifiers, specifically:
1435 %x - target_ulong argument printed in hex.
1436 %lx - 64-bit argument printed in hex.
1437 %s - string pointer (target_ulong) and length (int) pair. */
1438 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
1446 s = gdbserver_state;
1449 s->current_syscall_cb = cb;
1450 #ifndef CONFIG_USER_ONLY
1451 vm_stop(RUN_STATE_DEBUG);
1454 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
1461 addr = va_arg(va, target_ulong);
1462 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
1465 if (*(fmt++) != 'x')
1467 i64 = va_arg(va, uint64_t);
1468 p += snprintf(p, p_end - p, "%" PRIx64, i64);
1471 addr = va_arg(va, target_ulong);
1472 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
1473 addr, va_arg(va, int));
1477 error_report("gdbstub: Bad syscall format string '%s'",
1486 #ifdef CONFIG_USER_ONLY
1487 put_packet(s, s->syscall_buf);
1488 gdb_handlesig(s->c_cpu, 0);
1490 /* In this case wait to send the syscall packet until notification that
1491 the CPU has stopped. This must be done because if the packet is sent
1492 now the reply from the syscall request could be received while the CPU
1493 is still in the running state, which can cause packets to be dropped
1494 and state transition 'T' packets to be sent while the syscall is still
1496 qemu_cpu_kick(s->c_cpu);
1500 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1505 gdb_do_syscallv(cb, fmt, va);
1509 static void gdb_read_byte(GDBState *s, int ch)
1514 #ifndef CONFIG_USER_ONLY
1515 if (s->last_packet_len) {
1516 /* Waiting for a response to the last packet. If we see the start
1517 of a new command then abandon the previous response. */
1520 printf("Got NACK, retransmitting\n");
1522 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
1526 printf("Got ACK\n");
1528 printf("Got '%c' when expecting ACK/NACK\n", ch);
1530 if (ch == '+' || ch == '$')
1531 s->last_packet_len = 0;
1535 if (runstate_is_running()) {
1536 /* when the CPU is running, we cannot do anything except stop
1537 it when receiving a char */
1538 vm_stop(RUN_STATE_PAUSED);
1545 s->line_buf_index = 0;
1546 s->state = RS_GETLINE;
1551 s->state = RS_CHKSUM1;
1552 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1555 s->line_buf[s->line_buf_index++] = ch;
1559 s->line_buf[s->line_buf_index] = '\0';
1560 s->line_csum = fromhex(ch) << 4;
1561 s->state = RS_CHKSUM2;
1564 s->line_csum |= fromhex(ch);
1566 for(i = 0; i < s->line_buf_index; i++) {
1567 csum += s->line_buf[i];
1569 if (s->line_csum != (csum & 0xff)) {
1571 put_buffer(s, &reply, 1);
1575 put_buffer(s, &reply, 1);
1576 s->state = gdb_handle_packet(s, s->line_buf);
1585 /* Tell the remote gdb that the process has exited. */
1586 void gdb_exit(CPUArchState *env, int code)
1590 #ifndef CONFIG_USER_ONLY
1594 s = gdbserver_state;
1598 #ifdef CONFIG_USER_ONLY
1599 if (gdbserver_fd < 0 || s->fd < 0) {
1603 chr = qemu_chr_fe_get_driver(&s->chr);
1609 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
1612 #ifndef CONFIG_USER_ONLY
1613 qemu_chr_fe_deinit(&s->chr);
1614 qemu_chr_delete(chr);
1618 #ifdef CONFIG_USER_ONLY
1620 gdb_handlesig(CPUState *cpu, int sig)
1626 s = gdbserver_state;
1627 if (gdbserver_fd < 0 || s->fd < 0) {
1631 /* disable single step if it was enabled */
1632 cpu_single_step(cpu, 0);
1636 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
1639 /* put_packet() might have detected that the peer terminated the
1647 s->running_state = 0;
1648 while (s->running_state == 0) {
1649 n = read(s->fd, buf, 256);
1653 for (i = 0; i < n; i++) {
1654 gdb_read_byte(s, buf[i]);
1657 /* XXX: Connection closed. Should probably wait for another
1658 connection before continuing. */
1671 /* Tell the remote gdb that the process has exited due to SIG. */
1672 void gdb_signalled(CPUArchState *env, int sig)
1677 s = gdbserver_state;
1678 if (gdbserver_fd < 0 || s->fd < 0) {
1682 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
1686 static void gdb_accept(void)
1689 struct sockaddr_in sockaddr;
1694 len = sizeof(sockaddr);
1695 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
1696 if (fd < 0 && errno != EINTR) {
1699 } else if (fd >= 0) {
1701 fcntl(fd, F_SETFD, FD_CLOEXEC);
1707 /* set short latency */
1708 socket_set_nodelay(fd);
1710 s = g_malloc0(sizeof(GDBState));
1711 s->c_cpu = first_cpu;
1712 s->g_cpu = first_cpu;
1714 gdb_has_xml = false;
1716 gdbserver_state = s;
1719 static int gdbserver_open(int port)
1721 struct sockaddr_in sockaddr;
1724 fd = socket(PF_INET, SOCK_STREAM, 0);
1730 fcntl(fd, F_SETFD, FD_CLOEXEC);
1733 socket_set_fast_reuse(fd);
1735 sockaddr.sin_family = AF_INET;
1736 sockaddr.sin_port = htons(port);
1737 sockaddr.sin_addr.s_addr = 0;
1738 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
1744 ret = listen(fd, 1);
1753 int gdbserver_start(int port)
1755 gdbserver_fd = gdbserver_open(port);
1756 if (gdbserver_fd < 0)
1758 /* accept connections */
1763 /* Disable gdb stub for child processes. */
1764 void gdbserver_fork(CPUState *cpu)
1766 GDBState *s = gdbserver_state;
1768 if (gdbserver_fd < 0 || s->fd < 0) {
1773 cpu_breakpoint_remove_all(cpu, BP_GDB);
1774 cpu_watchpoint_remove_all(cpu, BP_GDB);
1777 static int gdb_chr_can_receive(void *opaque)
1779 /* We can handle an arbitrarily large amount of data.
1780 Pick the maximum packet size, which is as good as anything. */
1781 return MAX_PACKET_LENGTH;
1784 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
1788 for (i = 0; i < size; i++) {
1789 gdb_read_byte(gdbserver_state, buf[i]);
1793 static void gdb_chr_event(void *opaque, int event)
1796 case CHR_EVENT_OPENED:
1797 vm_stop(RUN_STATE_PAUSED);
1798 gdb_has_xml = false;
1805 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
1807 char buf[MAX_PACKET_LENGTH];
1810 if (len > (MAX_PACKET_LENGTH/2) - 1)
1811 len = (MAX_PACKET_LENGTH/2) - 1;
1812 memtohex(buf + 1, (uint8_t *)msg, len);
1816 static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len)
1818 const char *p = (const char *)buf;
1821 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
1823 if (len <= max_sz) {
1824 gdb_monitor_output(gdbserver_state, p, len);
1827 gdb_monitor_output(gdbserver_state, p, max_sz);
1835 static void gdb_sigterm_handler(int signal)
1837 if (runstate_is_running()) {
1838 vm_stop(RUN_STATE_PAUSED);
1843 static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend,
1844 bool *be_opened, Error **errp)
1849 static void char_gdb_class_init(ObjectClass *oc, void *data)
1851 ChardevClass *cc = CHARDEV_CLASS(oc);
1853 cc->internal = true;
1854 cc->open = gdb_monitor_open;
1855 cc->chr_write = gdb_monitor_write;
1858 #define TYPE_CHARDEV_GDB "chardev-gdb"
1860 static const TypeInfo char_gdb_type_info = {
1861 .name = TYPE_CHARDEV_GDB,
1862 .parent = TYPE_CHARDEV,
1863 .class_init = char_gdb_class_init,
1866 int gdbserver_start(const char *device)
1869 char gdbstub_device_name[128];
1870 Chardev *chr = NULL;
1874 error_report("gdbstub: meaningless to attach gdb to a "
1875 "machine without any CPU.");
1881 if (strcmp(device, "none") != 0) {
1882 if (strstart(device, "tcp:", NULL)) {
1883 /* enforce required TCP attributes */
1884 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
1885 "%s,nowait,nodelay,server", device);
1886 device = gdbstub_device_name;
1889 else if (strcmp(device, "stdio") == 0) {
1890 struct sigaction act;
1892 memset(&act, 0, sizeof(act));
1893 act.sa_handler = gdb_sigterm_handler;
1894 sigaction(SIGINT, &act, NULL);
1897 chr = qemu_chr_new_noreplay("gdb", device);
1902 s = gdbserver_state;
1904 s = g_malloc0(sizeof(GDBState));
1905 gdbserver_state = s;
1907 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
1909 /* Initialize a monitor terminal for gdb */
1910 mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB,
1911 NULL, &error_abort);
1912 monitor_init(mon_chr, 0);
1914 if (qemu_chr_fe_get_driver(&s->chr)) {
1915 qemu_chr_delete(qemu_chr_fe_get_driver(&s->chr));
1917 mon_chr = s->mon_chr;
1918 memset(s, 0, sizeof(GDBState));
1919 s->mon_chr = mon_chr;
1921 s->c_cpu = first_cpu;
1922 s->g_cpu = first_cpu;
1924 qemu_chr_fe_init(&s->chr, chr, &error_abort);
1925 qemu_chr_fe_set_handlers(&s->chr, gdb_chr_can_receive, gdb_chr_receive,
1926 gdb_chr_event, NULL, NULL, true);
1928 s->state = chr ? RS_IDLE : RS_INACTIVE;
1929 s->mon_chr = mon_chr;
1930 s->current_syscall_cb = NULL;
1935 static void register_types(void)
1937 type_register_static(&char_gdb_type_info);
1940 type_init(register_types);
projects / qemu.git / blob