4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
20 #include "qemu-common.h"
21 #ifdef CONFIG_USER_ONLY
32 #include "monitor/monitor.h"
33 #include "sysemu/char.h"
34 #include "sysemu/sysemu.h"
35 #include "exec/gdbstub.h"
38 #define MAX_PACKET_LENGTH 4096
41 #include "qemu/sockets.h"
42 #include "sysemu/kvm.h"
43 #include "exec/semihost.h"
45 #ifdef CONFIG_USER_ONLY
46 #define GDB_ATTACHED "0"
48 #define GDB_ATTACHED "1"
51 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
52 uint8_t *buf, int len, bool is_write)
54 CPUClass *cc = CPU_GET_CLASS(cpu);
56 if (cc->memory_rw_debug) {
57 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
59 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
71 GDB_SIGNAL_UNKNOWN = 143
74 #ifdef CONFIG_USER_ONLY
76 /* Map target signal numbers to GDB protocol signal numbers and vice
77 * versa. For user emulation's currently supported systems, we can
78 * assume most signals are defined.
81 static int gdb_signal_table[] = {
241 /* In system mode we only need SIGINT and SIGTRAP; other signals
242 are not yet supported. */
249 static int gdb_signal_table[] = {
259 #ifdef CONFIG_USER_ONLY
260 static int target_signal_to_gdb (int sig)
263 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
264 if (gdb_signal_table[i] == sig)
266 return GDB_SIGNAL_UNKNOWN;
270 static int gdb_signal_to_target (int sig)
272 if (sig < ARRAY_SIZE (gdb_signal_table))
273 return gdb_signal_table[sig];
280 typedef struct GDBRegisterState {
286 struct GDBRegisterState *next;
296 typedef struct GDBState {
297 CPUState *c_cpu; /* current CPU for step/continue ops */
298 CPUState *g_cpu; /* current CPU for other ops */
299 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
300 enum RSState state; /* parsing state */
301 char line_buf[MAX_PACKET_LENGTH];
304 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
307 #ifdef CONFIG_USER_ONLY
311 CharDriverState *chr;
312 CharDriverState *mon_chr;
314 char syscall_buf[256];
315 gdb_syscall_complete_cb current_syscall_cb;
318 /* By default use no IRQs and no timers while single stepping so as to
319 * make single stepping like an ICE HW step.
321 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
323 static GDBState *gdbserver_state;
327 #ifdef CONFIG_USER_ONLY
328 /* XXX: This is not thread safe. Do we care? */
329 static int gdbserver_fd = -1;
331 static int get_char(GDBState *s)
337 ret = qemu_recv(s->fd, &ch, 1, 0);
339 if (errno == ECONNRESET)
341 if (errno != EINTR && errno != EAGAIN)
343 } else if (ret == 0) {
361 /* Decide if either remote gdb syscalls or native file IO should be used. */
362 int use_gdb_syscalls(void)
364 SemihostingTarget target = semihosting_get_target();
365 if (target == SEMIHOSTING_TARGET_NATIVE) {
366 /* -semihosting-config target=native */
368 } else if (target == SEMIHOSTING_TARGET_GDB) {
369 /* -semihosting-config target=gdb */
373 /* -semihosting-config target=auto */
374 /* On the first call check if gdb is connected and remember. */
375 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
376 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
379 return gdb_syscall_mode == GDB_SYS_ENABLED;
382 /* Resume execution. */
383 static inline void gdb_continue(GDBState *s)
385 #ifdef CONFIG_USER_ONLY
386 s->running_state = 1;
388 if (!runstate_needs_reset()) {
394 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
396 #ifdef CONFIG_USER_ONLY
400 ret = send(s->fd, buf, len, 0);
402 if (errno != EINTR && errno != EAGAIN)
410 qemu_chr_fe_write(s->chr, buf, len);
414 static inline int fromhex(int v)
416 if (v >= '0' && v <= '9')
418 else if (v >= 'A' && v <= 'F')
420 else if (v >= 'a' && v <= 'f')
426 static inline int tohex(int v)
434 static void memtohex(char *buf, const uint8_t *mem, int len)
439 for(i = 0; i < len; i++) {
441 *q++ = tohex(c >> 4);
442 *q++ = tohex(c & 0xf);
447 static void hextomem(uint8_t *mem, const char *buf, int len)
451 for(i = 0; i < len; i++) {
452 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
457 /* return -1 if error, 0 if OK */
458 static int put_packet_binary(GDBState *s, const char *buf, int len)
469 for(i = 0; i < len; i++) {
473 *(p++) = tohex((csum >> 4) & 0xf);
474 *(p++) = tohex((csum) & 0xf);
476 s->last_packet_len = p - s->last_packet;
477 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
479 #ifdef CONFIG_USER_ONLY
492 /* return -1 if error, 0 if OK */
493 static int put_packet(GDBState *s, const char *buf)
496 printf("reply='%s'\n", buf);
499 return put_packet_binary(s, buf, strlen(buf));
502 /* Encode data using the encoding for 'x' packets. */
503 static int memtox(char *buf, const char *mem, int len)
511 case '#': case '$': case '*': case '}':
523 static const char *get_feature_xml(const char *p, const char **newp,
529 static char target_xml[1024];
532 while (p[len] && p[len] != ':')
537 if (strncmp(p, "target.xml", len) == 0) {
538 /* Generate the XML description for this CPU. */
539 if (!target_xml[0]) {
541 CPUState *cpu = first_cpu;
543 snprintf(target_xml, sizeof(target_xml),
544 "<?xml version=\"1.0\"?>"
545 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
547 "<xi:include href=\"%s\"/>",
548 cc->gdb_core_xml_file);
550 for (r = cpu->gdb_regs; r; r = r->next) {
551 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
552 pstrcat(target_xml, sizeof(target_xml), r->xml);
553 pstrcat(target_xml, sizeof(target_xml), "\"/>");
555 pstrcat(target_xml, sizeof(target_xml), "</target>");
560 name = xml_builtin[i][0];
561 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
564 return name ? xml_builtin[i][1] : NULL;
567 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
569 CPUClass *cc = CPU_GET_CLASS(cpu);
570 CPUArchState *env = cpu->env_ptr;
573 if (reg < cc->gdb_num_core_regs) {
574 return cc->gdb_read_register(cpu, mem_buf, reg);
577 for (r = cpu->gdb_regs; r; r = r->next) {
578 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
579 return r->get_reg(env, mem_buf, reg - r->base_reg);
585 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
587 CPUClass *cc = CPU_GET_CLASS(cpu);
588 CPUArchState *env = cpu->env_ptr;
591 if (reg < cc->gdb_num_core_regs) {
592 return cc->gdb_write_register(cpu, mem_buf, reg);
595 for (r = cpu->gdb_regs; r; r = r->next) {
596 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
597 return r->set_reg(env, mem_buf, reg - r->base_reg);
603 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
604 specifies the first register number and these registers are included in
605 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
606 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
609 void gdb_register_coprocessor(CPUState *cpu,
610 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
611 int num_regs, const char *xml, int g_pos)
614 GDBRegisterState **p;
618 /* Check for duplicates. */
619 if (strcmp((*p)->xml, xml) == 0)
624 s = g_new0(GDBRegisterState, 1);
625 s->base_reg = cpu->gdb_num_regs;
626 s->num_regs = num_regs;
627 s->get_reg = get_reg;
628 s->set_reg = set_reg;
631 /* Add to end of list. */
632 cpu->gdb_num_regs += num_regs;
635 if (g_pos != s->base_reg) {
636 fprintf(stderr, "Error: Bad gdb register numbering for '%s'\n"
637 "Expected %d got %d\n", xml, g_pos, s->base_reg);
639 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
644 #ifndef CONFIG_USER_ONLY
645 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
646 static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
648 static const int xlat[] = {
649 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
650 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
651 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
654 CPUClass *cc = CPU_GET_CLASS(cpu);
655 int cputype = xlat[gdbtype];
657 if (cc->gdb_stop_before_watchpoint) {
658 cputype |= BP_STOP_BEFORE_ACCESS;
664 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
670 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
674 case GDB_BREAKPOINT_SW:
675 case GDB_BREAKPOINT_HW:
677 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
683 #ifndef CONFIG_USER_ONLY
684 case GDB_WATCHPOINT_WRITE:
685 case GDB_WATCHPOINT_READ:
686 case GDB_WATCHPOINT_ACCESS:
688 err = cpu_watchpoint_insert(cpu, addr, len,
689 xlat_gdb_type(cpu, type), NULL);
701 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
707 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
711 case GDB_BREAKPOINT_SW:
712 case GDB_BREAKPOINT_HW:
714 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
720 #ifndef CONFIG_USER_ONLY
721 case GDB_WATCHPOINT_WRITE:
722 case GDB_WATCHPOINT_READ:
723 case GDB_WATCHPOINT_ACCESS:
725 err = cpu_watchpoint_remove(cpu, addr, len,
726 xlat_gdb_type(cpu, type));
737 static void gdb_breakpoint_remove_all(void)
742 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
747 cpu_breakpoint_remove_all(cpu, BP_GDB);
748 #ifndef CONFIG_USER_ONLY
749 cpu_watchpoint_remove_all(cpu, BP_GDB);
754 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
756 CPUState *cpu = s->c_cpu;
757 CPUClass *cc = CPU_GET_CLASS(cpu);
759 cpu_synchronize_state(cpu);
765 static CPUState *find_cpu(uint32_t thread_id)
770 if (cpu_index(cpu) == thread_id) {
778 static int is_query_packet(const char *p, const char *query, char separator)
780 unsigned int query_len = strlen(query);
782 return strncmp(p, query, query_len) == 0 &&
783 (p[query_len] == '\0' || p[query_len] == separator);
786 static int gdb_handle_packet(GDBState *s, const char *line_buf)
792 int ch, reg_size, type, res;
793 char buf[MAX_PACKET_LENGTH];
794 uint8_t mem_buf[MAX_PACKET_LENGTH];
796 target_ulong addr, len;
799 printf("command='%s'\n", line_buf);
805 /* TODO: Make this return the correct value for user-mode. */
806 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
807 cpu_index(s->c_cpu));
809 /* Remove all the breakpoints when this query is issued,
810 * because gdb is doing and initial connect and the state
811 * should be cleaned up.
813 gdb_breakpoint_remove_all();
817 addr = strtoull(p, (char **)&p, 16);
818 gdb_set_cpu_pc(s, addr);
824 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
830 if (strncmp(p, "Cont", 4) == 0) {
831 int res_signal, res_thread;
835 put_packet(s, "vCont;c;C;s;S");
850 if (action == 'C' || action == 'S') {
851 signal = gdb_signal_to_target(strtoul(p, (char **)&p, 16));
855 } else if (action != 'c' && action != 's') {
861 thread = strtoull(p+1, (char **)&p, 16);
863 action = tolower(action);
864 if (res == 0 || (res == 'c' && action == 's')) {
871 if (res_thread != -1 && res_thread != 0) {
872 cpu = find_cpu(res_thread);
874 put_packet(s, "E22");
880 cpu_single_step(s->c_cpu, sstep_flags);
882 s->signal = res_signal;
888 goto unknown_command;
891 /* Kill the target */
892 fprintf(stderr, "\nQEMU: Terminated via GDBstub\n");
896 gdb_breakpoint_remove_all();
897 gdb_syscall_mode = GDB_SYS_DISABLED;
903 addr = strtoull(p, (char **)&p, 16);
904 gdb_set_cpu_pc(s, addr);
906 cpu_single_step(s->c_cpu, sstep_flags);
914 ret = strtoull(p, (char **)&p, 16);
917 err = strtoull(p, (char **)&p, 16);
924 if (s->current_syscall_cb) {
925 s->current_syscall_cb(s->c_cpu, ret, err);
926 s->current_syscall_cb = NULL;
929 put_packet(s, "T02");
936 cpu_synchronize_state(s->g_cpu);
938 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs; addr++) {
939 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
942 memtohex(buf, mem_buf, len);
946 cpu_synchronize_state(s->g_cpu);
949 hextomem((uint8_t *)registers, p, len);
950 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs && len > 0; addr++) {
951 reg_size = gdb_write_register(s->g_cpu, registers, addr);
953 registers += reg_size;
958 addr = strtoull(p, (char **)&p, 16);
961 len = strtoull(p, NULL, 16);
962 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
963 put_packet (s, "E14");
965 memtohex(buf, mem_buf, len);
970 addr = strtoull(p, (char **)&p, 16);
973 len = strtoull(p, (char **)&p, 16);
976 hextomem(mem_buf, p, len);
977 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
979 put_packet(s, "E14");
985 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
986 This works, but can be very slow. Anything new enough to
987 understand XML also knows how to use this properly. */
989 goto unknown_command;
990 addr = strtoull(p, (char **)&p, 16);
991 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
993 memtohex(buf, mem_buf, reg_size);
996 put_packet(s, "E14");
1001 goto unknown_command;
1002 addr = strtoull(p, (char **)&p, 16);
1005 reg_size = strlen(p) / 2;
1006 hextomem(mem_buf, p, reg_size);
1007 gdb_write_register(s->g_cpu, mem_buf, addr);
1008 put_packet(s, "OK");
1012 type = strtoul(p, (char **)&p, 16);
1015 addr = strtoull(p, (char **)&p, 16);
1018 len = strtoull(p, (char **)&p, 16);
1020 res = gdb_breakpoint_insert(addr, len, type);
1022 res = gdb_breakpoint_remove(addr, len, type);
1024 put_packet(s, "OK");
1025 else if (res == -ENOSYS)
1028 put_packet(s, "E22");
1032 thread = strtoull(p, (char **)&p, 16);
1033 if (thread == -1 || thread == 0) {
1034 put_packet(s, "OK");
1037 cpu = find_cpu(thread);
1039 put_packet(s, "E22");
1045 put_packet(s, "OK");
1049 put_packet(s, "OK");
1052 put_packet(s, "E22");
1057 thread = strtoull(p, (char **)&p, 16);
1058 cpu = find_cpu(thread);
1061 put_packet(s, "OK");
1063 put_packet(s, "E22");
1068 /* parse any 'q' packets here */
1069 if (!strcmp(p,"qemu.sstepbits")) {
1070 /* Query Breakpoint bit definitions */
1071 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1077 } else if (is_query_packet(p, "qemu.sstep", '=')) {
1078 /* Display or change the sstep_flags */
1081 /* Display current setting */
1082 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1087 type = strtoul(p, (char **)&p, 16);
1089 put_packet(s, "OK");
1091 } else if (strcmp(p,"C") == 0) {
1092 /* "Current thread" remains vague in the spec, so always return
1093 * the first CPU (gdb returns the first thread). */
1094 put_packet(s, "QC1");
1096 } else if (strcmp(p,"fThreadInfo") == 0) {
1097 s->query_cpu = first_cpu;
1098 goto report_cpuinfo;
1099 } else if (strcmp(p,"sThreadInfo") == 0) {
1102 snprintf(buf, sizeof(buf), "m%x", cpu_index(s->query_cpu));
1104 s->query_cpu = CPU_NEXT(s->query_cpu);
1108 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1109 thread = strtoull(p+16, (char **)&p, 16);
1110 cpu = find_cpu(thread);
1112 cpu_synchronize_state(cpu);
1113 len = snprintf((char *)mem_buf, sizeof(mem_buf),
1114 "CPU#%d [%s]", cpu->cpu_index,
1115 cpu->halted ? "halted " : "running");
1116 memtohex(buf, mem_buf, len);
1121 #ifdef CONFIG_USER_ONLY
1122 else if (strcmp(p, "Offsets") == 0) {
1123 TaskState *ts = s->c_cpu->opaque;
1125 snprintf(buf, sizeof(buf),
1126 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1127 ";Bss=" TARGET_ABI_FMT_lx,
1128 ts->info->code_offset,
1129 ts->info->data_offset,
1130 ts->info->data_offset);
1134 #else /* !CONFIG_USER_ONLY */
1135 else if (strncmp(p, "Rcmd,", 5) == 0) {
1136 int len = strlen(p + 5);
1138 if ((len % 2) != 0) {
1139 put_packet(s, "E01");
1142 hextomem(mem_buf, p + 5, len);
1145 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1146 put_packet(s, "OK");
1149 #endif /* !CONFIG_USER_ONLY */
1150 if (is_query_packet(p, "Supported", ':')) {
1151 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1152 cc = CPU_GET_CLASS(first_cpu);
1153 if (cc->gdb_core_xml_file != NULL) {
1154 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1159 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1161 target_ulong total_len;
1163 cc = CPU_GET_CLASS(first_cpu);
1164 if (cc->gdb_core_xml_file == NULL) {
1165 goto unknown_command;
1170 xml = get_feature_xml(p, &p, cc);
1172 snprintf(buf, sizeof(buf), "E00");
1179 addr = strtoul(p, (char **)&p, 16);
1182 len = strtoul(p, (char **)&p, 16);
1184 total_len = strlen(xml);
1185 if (addr > total_len) {
1186 snprintf(buf, sizeof(buf), "E00");
1190 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1191 len = (MAX_PACKET_LENGTH - 5) / 2;
1192 if (len < total_len - addr) {
1194 len = memtox(buf + 1, xml + addr, len);
1197 len = memtox(buf + 1, xml + addr, total_len - addr);
1199 put_packet_binary(s, buf, len + 1);
1202 if (is_query_packet(p, "Attached", ':')) {
1203 put_packet(s, GDB_ATTACHED);
1206 /* Unrecognised 'q' command. */
1207 goto unknown_command;
1211 /* put empty packet */
1219 void gdb_set_stop_cpu(CPUState *cpu)
1221 gdbserver_state->c_cpu = cpu;
1222 gdbserver_state->g_cpu = cpu;
1225 #ifndef CONFIG_USER_ONLY
1226 static void gdb_vm_state_change(void *opaque, int running, RunState state)
1228 GDBState *s = gdbserver_state;
1229 CPUArchState *env = s->c_cpu->env_ptr;
1230 CPUState *cpu = s->c_cpu;
1235 if (running || s->state == RS_INACTIVE) {
1238 /* Is there a GDB syscall waiting to be sent? */
1239 if (s->current_syscall_cb) {
1240 put_packet(s, s->syscall_buf);
1244 case RUN_STATE_DEBUG:
1245 if (cpu->watchpoint_hit) {
1246 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
1257 snprintf(buf, sizeof(buf),
1258 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
1259 GDB_SIGNAL_TRAP, cpu_index(cpu), type,
1260 (target_ulong)cpu->watchpoint_hit->vaddr);
1261 cpu->watchpoint_hit = NULL;
1265 ret = GDB_SIGNAL_TRAP;
1267 case RUN_STATE_PAUSED:
1268 ret = GDB_SIGNAL_INT;
1270 case RUN_STATE_SHUTDOWN:
1271 ret = GDB_SIGNAL_QUIT;
1273 case RUN_STATE_IO_ERROR:
1274 ret = GDB_SIGNAL_IO;
1276 case RUN_STATE_WATCHDOG:
1277 ret = GDB_SIGNAL_ALRM;
1279 case RUN_STATE_INTERNAL_ERROR:
1280 ret = GDB_SIGNAL_ABRT;
1282 case RUN_STATE_SAVE_VM:
1283 case RUN_STATE_RESTORE_VM:
1285 case RUN_STATE_FINISH_MIGRATE:
1286 ret = GDB_SIGNAL_XCPU;
1289 ret = GDB_SIGNAL_UNKNOWN;
1292 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_index(cpu));
1297 /* disable single step if it was enabled */
1298 cpu_single_step(cpu, 0);
1302 /* Send a gdb syscall request.
1303 This accepts limited printf-style format specifiers, specifically:
1304 %x - target_ulong argument printed in hex.
1305 %lx - 64-bit argument printed in hex.
1306 %s - string pointer (target_ulong) and length (int) pair. */
1307 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1316 s = gdbserver_state;
1319 s->current_syscall_cb = cb;
1320 #ifndef CONFIG_USER_ONLY
1321 vm_stop(RUN_STATE_DEBUG);
1325 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
1332 addr = va_arg(va, target_ulong);
1333 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
1336 if (*(fmt++) != 'x')
1338 i64 = va_arg(va, uint64_t);
1339 p += snprintf(p, p_end - p, "%" PRIx64, i64);
1342 addr = va_arg(va, target_ulong);
1343 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
1344 addr, va_arg(va, int));
1348 fprintf(stderr, "gdbstub: Bad syscall format string '%s'\n",
1358 #ifdef CONFIG_USER_ONLY
1359 put_packet(s, s->syscall_buf);
1360 gdb_handlesig(s->c_cpu, 0);
1362 /* In this case wait to send the syscall packet until notification that
1363 the CPU has stopped. This must be done because if the packet is sent
1364 now the reply from the syscall request could be received while the CPU
1365 is still in the running state, which can cause packets to be dropped
1366 and state transition 'T' packets to be sent while the syscall is still
1372 static void gdb_read_byte(GDBState *s, int ch)
1377 #ifndef CONFIG_USER_ONLY
1378 if (s->last_packet_len) {
1379 /* Waiting for a response to the last packet. If we see the start
1380 of a new command then abandon the previous response. */
1383 printf("Got NACK, retransmitting\n");
1385 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
1389 printf("Got ACK\n");
1391 printf("Got '%c' when expecting ACK/NACK\n", ch);
1393 if (ch == '+' || ch == '$')
1394 s->last_packet_len = 0;
1398 if (runstate_is_running()) {
1399 /* when the CPU is running, we cannot do anything except stop
1400 it when receiving a char */
1401 vm_stop(RUN_STATE_PAUSED);
1408 s->line_buf_index = 0;
1409 s->state = RS_GETLINE;
1414 s->state = RS_CHKSUM1;
1415 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1418 s->line_buf[s->line_buf_index++] = ch;
1422 s->line_buf[s->line_buf_index] = '\0';
1423 s->line_csum = fromhex(ch) << 4;
1424 s->state = RS_CHKSUM2;
1427 s->line_csum |= fromhex(ch);
1429 for(i = 0; i < s->line_buf_index; i++) {
1430 csum += s->line_buf[i];
1432 if (s->line_csum != (csum & 0xff)) {
1434 put_buffer(s, &reply, 1);
1438 put_buffer(s, &reply, 1);
1439 s->state = gdb_handle_packet(s, s->line_buf);
1448 /* Tell the remote gdb that the process has exited. */
1449 void gdb_exit(CPUArchState *env, int code)
1454 s = gdbserver_state;
1458 #ifdef CONFIG_USER_ONLY
1459 if (gdbserver_fd < 0 || s->fd < 0) {
1468 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
1471 #ifndef CONFIG_USER_ONLY
1472 qemu_chr_delete(s->chr);
1476 #ifdef CONFIG_USER_ONLY
1482 s = gdbserver_state;
1484 if (gdbserver_fd < 0 || s->fd < 0)
1491 gdb_handlesig(CPUState *cpu, int sig)
1493 CPUArchState *env = cpu->env_ptr;
1498 s = gdbserver_state;
1499 if (gdbserver_fd < 0 || s->fd < 0) {
1503 /* disable single step if it was enabled */
1504 cpu_single_step(cpu, 0);
1508 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
1511 /* put_packet() might have detected that the peer terminated the
1519 s->running_state = 0;
1520 while (s->running_state == 0) {
1521 n = read(s->fd, buf, 256);
1525 for (i = 0; i < n; i++) {
1526 gdb_read_byte(s, buf[i]);
1528 } else if (n == 0 || errno != EAGAIN) {
1529 /* XXX: Connection closed. Should probably wait for another
1530 connection before continuing. */
1539 /* Tell the remote gdb that the process has exited due to SIG. */
1540 void gdb_signalled(CPUArchState *env, int sig)
1545 s = gdbserver_state;
1546 if (gdbserver_fd < 0 || s->fd < 0) {
1550 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
1554 static void gdb_accept(void)
1557 struct sockaddr_in sockaddr;
1562 len = sizeof(sockaddr);
1563 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
1564 if (fd < 0 && errno != EINTR) {
1567 } else if (fd >= 0) {
1569 fcntl(fd, F_SETFD, FD_CLOEXEC);
1575 /* set short latency */
1576 socket_set_nodelay(fd);
1578 s = g_malloc0(sizeof(GDBState));
1579 s->c_cpu = first_cpu;
1580 s->g_cpu = first_cpu;
1582 gdb_has_xml = false;
1584 gdbserver_state = s;
1586 fcntl(fd, F_SETFL, O_NONBLOCK);
1589 static int gdbserver_open(int port)
1591 struct sockaddr_in sockaddr;
1594 fd = socket(PF_INET, SOCK_STREAM, 0);
1600 fcntl(fd, F_SETFD, FD_CLOEXEC);
1603 socket_set_fast_reuse(fd);
1605 sockaddr.sin_family = AF_INET;
1606 sockaddr.sin_port = htons(port);
1607 sockaddr.sin_addr.s_addr = 0;
1608 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
1614 ret = listen(fd, 0);
1623 int gdbserver_start(int port)
1625 gdbserver_fd = gdbserver_open(port);
1626 if (gdbserver_fd < 0)
1628 /* accept connections */
1633 /* Disable gdb stub for child processes. */
1634 void gdbserver_fork(CPUArchState *env)
1636 CPUState *cpu = ENV_GET_CPU(env);
1637 GDBState *s = gdbserver_state;
1639 if (gdbserver_fd < 0 || s->fd < 0) {
1644 cpu_breakpoint_remove_all(cpu, BP_GDB);
1645 cpu_watchpoint_remove_all(cpu, BP_GDB);
1648 static int gdb_chr_can_receive(void *opaque)
1650 /* We can handle an arbitrarily large amount of data.
1651 Pick the maximum packet size, which is as good as anything. */
1652 return MAX_PACKET_LENGTH;
1655 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
1659 for (i = 0; i < size; i++) {
1660 gdb_read_byte(gdbserver_state, buf[i]);
1664 static void gdb_chr_event(void *opaque, int event)
1667 case CHR_EVENT_OPENED:
1668 vm_stop(RUN_STATE_PAUSED);
1669 gdb_has_xml = false;
1676 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
1678 char buf[MAX_PACKET_LENGTH];
1681 if (len > (MAX_PACKET_LENGTH/2) - 1)
1682 len = (MAX_PACKET_LENGTH/2) - 1;
1683 memtohex(buf + 1, (uint8_t *)msg, len);
1687 static int gdb_monitor_write(CharDriverState *chr, const uint8_t *buf, int len)
1689 const char *p = (const char *)buf;
1692 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
1694 if (len <= max_sz) {
1695 gdb_monitor_output(gdbserver_state, p, len);
1698 gdb_monitor_output(gdbserver_state, p, max_sz);
1706 static void gdb_sigterm_handler(int signal)
1708 if (runstate_is_running()) {
1709 vm_stop(RUN_STATE_PAUSED);
1714 int gdbserver_start(const char *device)
1717 char gdbstub_device_name[128];
1718 CharDriverState *chr = NULL;
1719 CharDriverState *mon_chr;
1723 if (strcmp(device, "none") != 0) {
1724 if (strstart(device, "tcp:", NULL)) {
1725 /* enforce required TCP attributes */
1726 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
1727 "%s,nowait,nodelay,server", device);
1728 device = gdbstub_device_name;
1731 else if (strcmp(device, "stdio") == 0) {
1732 struct sigaction act;
1734 memset(&act, 0, sizeof(act));
1735 act.sa_handler = gdb_sigterm_handler;
1736 sigaction(SIGINT, &act, NULL);
1739 chr = qemu_chr_new("gdb", device, NULL);
1743 qemu_chr_fe_claim_no_fail(chr);
1744 qemu_chr_add_handlers(chr, gdb_chr_can_receive, gdb_chr_receive,
1745 gdb_chr_event, NULL);
1748 s = gdbserver_state;
1750 s = g_malloc0(sizeof(GDBState));
1751 gdbserver_state = s;
1753 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
1755 /* Initialize a monitor terminal for gdb */
1756 mon_chr = qemu_chr_alloc();
1757 mon_chr->chr_write = gdb_monitor_write;
1758 monitor_init(mon_chr, 0);
1761 qemu_chr_delete(s->chr);
1762 mon_chr = s->mon_chr;
1763 memset(s, 0, sizeof(GDBState));
1765 s->c_cpu = first_cpu;
1766 s->g_cpu = first_cpu;
1768 s->state = chr ? RS_IDLE : RS_INACTIVE;
1769 s->mon_chr = mon_chr;
1770 s->current_syscall_cb = NULL;
projects / qemu.git / blob