4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
20 #include "qemu-common.h"
21 #ifdef CONFIG_USER_ONLY
32 #include "monitor/monitor.h"
33 #include "char/char.h"
34 #include "sysemu/sysemu.h"
35 #include "exec/gdbstub.h"
38 #define MAX_PACKET_LENGTH 4096
41 #include "qemu/sockets.h"
42 #include "sysemu/kvm.h"
43 #include "qemu/bitops.h"
45 #ifndef TARGET_CPU_MEMORY_RW_DEBUG
46 static inline int target_memory_rw_debug(CPUArchState *env, target_ulong addr,
47 uint8_t *buf, int len, int is_write)
49 return cpu_memory_rw_debug(env, addr, buf, len, is_write);
52 /* target_memory_rw_debug() defined in cpu.h */
64 GDB_SIGNAL_UNKNOWN = 143
67 #ifdef CONFIG_USER_ONLY
69 /* Map target signal numbers to GDB protocol signal numbers and vice
70 * versa. For user emulation's currently supported systems, we can
71 * assume most signals are defined.
74 static int gdb_signal_table[] = {
234 /* In system mode we only need SIGINT and SIGTRAP; other signals
235 are not yet supported. */
242 static int gdb_signal_table[] = {
252 #ifdef CONFIG_USER_ONLY
253 static int target_signal_to_gdb (int sig)
256 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
257 if (gdb_signal_table[i] == sig)
259 return GDB_SIGNAL_UNKNOWN;
263 static int gdb_signal_to_target (int sig)
265 if (sig < ARRAY_SIZE (gdb_signal_table))
266 return gdb_signal_table[sig];
273 typedef struct GDBRegisterState {
279 struct GDBRegisterState *next;
289 typedef struct GDBState {
290 CPUArchState *c_cpu; /* current CPU for step/continue ops */
291 CPUArchState *g_cpu; /* current CPU for other ops */
292 CPUArchState *query_cpu; /* for q{f|s}ThreadInfo */
293 enum RSState state; /* parsing state */
294 char line_buf[MAX_PACKET_LENGTH];
297 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
300 #ifdef CONFIG_USER_ONLY
304 CharDriverState *chr;
305 CharDriverState *mon_chr;
307 char syscall_buf[256];
308 gdb_syscall_complete_cb current_syscall_cb;
311 /* By default use no IRQs and no timers while single stepping so as to
312 * make single stepping like an ICE HW step.
314 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
316 static GDBState *gdbserver_state;
318 /* This is an ugly hack to cope with both new and old gdb.
319 If gdb sends qXfer:features:read then assume we're talking to a newish
320 gdb that understands target descriptions. */
321 static int gdb_has_xml;
323 #ifdef CONFIG_USER_ONLY
324 /* XXX: This is not thread safe. Do we care? */
325 static int gdbserver_fd = -1;
327 static int get_char(GDBState *s)
333 ret = qemu_recv(s->fd, &ch, 1, 0);
335 if (errno == ECONNRESET)
337 if (errno != EINTR && errno != EAGAIN)
339 } else if (ret == 0) {
357 /* If gdb is connected when the first semihosting syscall occurs then use
358 remote gdb syscalls. Otherwise use native file IO. */
359 int use_gdb_syscalls(void)
361 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
362 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
365 return gdb_syscall_mode == GDB_SYS_ENABLED;
368 /* Resume execution. */
369 static inline void gdb_continue(GDBState *s)
371 #ifdef CONFIG_USER_ONLY
372 s->running_state = 1;
378 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
380 #ifdef CONFIG_USER_ONLY
384 ret = send(s->fd, buf, len, 0);
386 if (errno != EINTR && errno != EAGAIN)
394 qemu_chr_fe_write(s->chr, buf, len);
398 static inline int fromhex(int v)
400 if (v >= '0' && v <= '9')
402 else if (v >= 'A' && v <= 'F')
404 else if (v >= 'a' && v <= 'f')
410 static inline int tohex(int v)
418 static void memtohex(char *buf, const uint8_t *mem, int len)
423 for(i = 0; i < len; i++) {
425 *q++ = tohex(c >> 4);
426 *q++ = tohex(c & 0xf);
431 static void hextomem(uint8_t *mem, const char *buf, int len)
435 for(i = 0; i < len; i++) {
436 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
441 /* return -1 if error, 0 if OK */
442 static int put_packet_binary(GDBState *s, const char *buf, int len)
453 for(i = 0; i < len; i++) {
457 *(p++) = tohex((csum >> 4) & 0xf);
458 *(p++) = tohex((csum) & 0xf);
460 s->last_packet_len = p - s->last_packet;
461 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
463 #ifdef CONFIG_USER_ONLY
476 /* return -1 if error, 0 if OK */
477 static int put_packet(GDBState *s, const char *buf)
480 printf("reply='%s'\n", buf);
483 return put_packet_binary(s, buf, strlen(buf));
486 /* The GDB remote protocol transfers values in target byte order. This means
487 we can use the raw memory access routines to access the value buffer.
488 Conveniently, these also handle the case where the buffer is mis-aligned.
490 #define GET_REG8(val) do { \
491 stb_p(mem_buf, val); \
494 #define GET_REG16(val) do { \
495 stw_p(mem_buf, val); \
498 #define GET_REG32(val) do { \
499 stl_p(mem_buf, val); \
502 #define GET_REG64(val) do { \
503 stq_p(mem_buf, val); \
507 #if TARGET_LONG_BITS == 64
508 #define GET_REGL(val) GET_REG64(val)
509 #define ldtul_p(addr) ldq_p(addr)
511 #define GET_REGL(val) GET_REG32(val)
512 #define ldtul_p(addr) ldl_p(addr)
515 #if defined(TARGET_I386)
518 static const int gpr_map[16] = {
519 R_EAX, R_EBX, R_ECX, R_EDX, R_ESI, R_EDI, R_EBP, R_ESP,
520 8, 9, 10, 11, 12, 13, 14, 15
523 #define gpr_map gpr_map32
525 static const int gpr_map32[8] = { 0, 1, 2, 3, 4, 5, 6, 7 };
527 #define NUM_CORE_REGS (CPU_NB_REGS * 2 + 25)
529 #define IDX_IP_REG CPU_NB_REGS
530 #define IDX_FLAGS_REG (IDX_IP_REG + 1)
531 #define IDX_SEG_REGS (IDX_FLAGS_REG + 1)
532 #define IDX_FP_REGS (IDX_SEG_REGS + 6)
533 #define IDX_XMM_REGS (IDX_FP_REGS + 16)
534 #define IDX_MXCSR_REG (IDX_XMM_REGS + CPU_NB_REGS)
536 static int cpu_gdb_read_register(CPUX86State *env, uint8_t *mem_buf, int n)
538 if (n < CPU_NB_REGS) {
539 if (TARGET_LONG_BITS == 64 && env->hflags & HF_CS64_MASK) {
540 GET_REG64(env->regs[gpr_map[n]]);
541 } else if (n < CPU_NB_REGS32) {
542 GET_REG32(env->regs[gpr_map32[n]]);
544 } else if (n >= IDX_FP_REGS && n < IDX_FP_REGS + 8) {
545 #ifdef USE_X86LDOUBLE
546 /* FIXME: byteswap float values - after fixing fpregs layout. */
547 memcpy(mem_buf, &env->fpregs[n - IDX_FP_REGS], 10);
549 memset(mem_buf, 0, 10);
552 } else if (n >= IDX_XMM_REGS && n < IDX_XMM_REGS + CPU_NB_REGS) {
554 if (n < CPU_NB_REGS32 ||
555 (TARGET_LONG_BITS == 64 && env->hflags & HF_CS64_MASK)) {
556 stq_p(mem_buf, env->xmm_regs[n].XMM_Q(0));
557 stq_p(mem_buf + 8, env->xmm_regs[n].XMM_Q(1));
563 if (TARGET_LONG_BITS == 64 && env->hflags & HF_CS64_MASK) {
568 case IDX_FLAGS_REG: GET_REG32(env->eflags);
570 case IDX_SEG_REGS: GET_REG32(env->segs[R_CS].selector);
571 case IDX_SEG_REGS + 1: GET_REG32(env->segs[R_SS].selector);
572 case IDX_SEG_REGS + 2: GET_REG32(env->segs[R_DS].selector);
573 case IDX_SEG_REGS + 3: GET_REG32(env->segs[R_ES].selector);
574 case IDX_SEG_REGS + 4: GET_REG32(env->segs[R_FS].selector);
575 case IDX_SEG_REGS + 5: GET_REG32(env->segs[R_GS].selector);
577 case IDX_FP_REGS + 8: GET_REG32(env->fpuc);
578 case IDX_FP_REGS + 9: GET_REG32((env->fpus & ~0x3800) |
579 (env->fpstt & 0x7) << 11);
580 case IDX_FP_REGS + 10: GET_REG32(0); /* ftag */
581 case IDX_FP_REGS + 11: GET_REG32(0); /* fiseg */
582 case IDX_FP_REGS + 12: GET_REG32(0); /* fioff */
583 case IDX_FP_REGS + 13: GET_REG32(0); /* foseg */
584 case IDX_FP_REGS + 14: GET_REG32(0); /* fooff */
585 case IDX_FP_REGS + 15: GET_REG32(0); /* fop */
587 case IDX_MXCSR_REG: GET_REG32(env->mxcsr);
593 static int cpu_x86_gdb_load_seg(CPUX86State *env, int sreg, uint8_t *mem_buf)
595 uint16_t selector = ldl_p(mem_buf);
597 if (selector != env->segs[sreg].selector) {
598 #if defined(CONFIG_USER_ONLY)
599 cpu_x86_load_seg(env, sreg, selector);
601 unsigned int limit, flags;
604 if (!(env->cr[0] & CR0_PE_MASK) || (env->eflags & VM_MASK)) {
605 base = selector << 4;
609 if (!cpu_x86_get_descr_debug(env, selector, &base, &limit, &flags))
612 cpu_x86_load_seg_cache(env, sreg, selector, base, limit, flags);
618 static int cpu_gdb_write_register(CPUX86State *env, uint8_t *mem_buf, int n)
622 if (n < CPU_NB_REGS) {
623 if (TARGET_LONG_BITS == 64 && env->hflags & HF_CS64_MASK) {
624 env->regs[gpr_map[n]] = ldtul_p(mem_buf);
625 return sizeof(target_ulong);
626 } else if (n < CPU_NB_REGS32) {
628 env->regs[n] &= ~0xffffffffUL;
629 env->regs[n] |= (uint32_t)ldl_p(mem_buf);
632 } else if (n >= IDX_FP_REGS && n < IDX_FP_REGS + 8) {
633 #ifdef USE_X86LDOUBLE
634 /* FIXME: byteswap float values - after fixing fpregs layout. */
635 memcpy(&env->fpregs[n - IDX_FP_REGS], mem_buf, 10);
638 } else if (n >= IDX_XMM_REGS && n < IDX_XMM_REGS + CPU_NB_REGS) {
640 if (n < CPU_NB_REGS32 ||
641 (TARGET_LONG_BITS == 64 && env->hflags & HF_CS64_MASK)) {
642 env->xmm_regs[n].XMM_Q(0) = ldq_p(mem_buf);
643 env->xmm_regs[n].XMM_Q(1) = ldq_p(mem_buf + 8);
649 if (TARGET_LONG_BITS == 64 && env->hflags & HF_CS64_MASK) {
650 env->eip = ldq_p(mem_buf);
653 env->eip &= ~0xffffffffUL;
654 env->eip |= (uint32_t)ldl_p(mem_buf);
658 env->eflags = ldl_p(mem_buf);
661 case IDX_SEG_REGS: return cpu_x86_gdb_load_seg(env, R_CS, mem_buf);
662 case IDX_SEG_REGS + 1: return cpu_x86_gdb_load_seg(env, R_SS, mem_buf);
663 case IDX_SEG_REGS + 2: return cpu_x86_gdb_load_seg(env, R_DS, mem_buf);
664 case IDX_SEG_REGS + 3: return cpu_x86_gdb_load_seg(env, R_ES, mem_buf);
665 case IDX_SEG_REGS + 4: return cpu_x86_gdb_load_seg(env, R_FS, mem_buf);
666 case IDX_SEG_REGS + 5: return cpu_x86_gdb_load_seg(env, R_GS, mem_buf);
668 case IDX_FP_REGS + 8:
669 env->fpuc = ldl_p(mem_buf);
671 case IDX_FP_REGS + 9:
672 tmp = ldl_p(mem_buf);
673 env->fpstt = (tmp >> 11) & 7;
674 env->fpus = tmp & ~0x3800;
676 case IDX_FP_REGS + 10: /* ftag */ return 4;
677 case IDX_FP_REGS + 11: /* fiseg */ return 4;
678 case IDX_FP_REGS + 12: /* fioff */ return 4;
679 case IDX_FP_REGS + 13: /* foseg */ return 4;
680 case IDX_FP_REGS + 14: /* fooff */ return 4;
681 case IDX_FP_REGS + 15: /* fop */ return 4;
684 env->mxcsr = ldl_p(mem_buf);
688 /* Unrecognised register. */
692 #elif defined (TARGET_PPC)
694 /* Old gdb always expects FP registers. Newer (xml-aware) gdb only
695 expects whatever the target description contains. Due to a
696 historical mishap the FP registers appear in between core integer
697 regs and PC, MSR, CR, and so forth. We hack round this by giving the
698 FP regs zero size when talking to a newer gdb. */
699 #define NUM_CORE_REGS 71
700 #if defined (TARGET_PPC64)
701 #define GDB_CORE_XML "power64-core.xml"
703 #define GDB_CORE_XML "power-core.xml"
706 static int cpu_gdb_read_register(CPUPPCState *env, uint8_t *mem_buf, int n)
710 GET_REGL(env->gpr[n]);
715 stfq_p(mem_buf, env->fpr[n-32]);
719 case 64: GET_REGL(env->nip);
720 case 65: GET_REGL(env->msr);
725 for (i = 0; i < 8; i++)
726 cr |= env->crf[i] << (32 - ((i + 1) * 4));
729 case 67: GET_REGL(env->lr);
730 case 68: GET_REGL(env->ctr);
731 case 69: GET_REGL(env->xer);
736 GET_REG32(env->fpscr);
743 static int cpu_gdb_write_register(CPUPPCState *env, uint8_t *mem_buf, int n)
747 env->gpr[n] = ldtul_p(mem_buf);
748 return sizeof(target_ulong);
753 env->fpr[n-32] = ldfq_p(mem_buf);
758 env->nip = ldtul_p(mem_buf);
759 return sizeof(target_ulong);
761 ppc_store_msr(env, ldtul_p(mem_buf));
762 return sizeof(target_ulong);
765 uint32_t cr = ldl_p(mem_buf);
767 for (i = 0; i < 8; i++)
768 env->crf[i] = (cr >> (32 - ((i + 1) * 4))) & 0xF;
772 env->lr = ldtul_p(mem_buf);
773 return sizeof(target_ulong);
775 env->ctr = ldtul_p(mem_buf);
776 return sizeof(target_ulong);
778 env->xer = ldtul_p(mem_buf);
779 return sizeof(target_ulong);
790 #elif defined (TARGET_SPARC)
792 #if defined(TARGET_SPARC64) && !defined(TARGET_ABI32)
793 #define NUM_CORE_REGS 86
795 #define NUM_CORE_REGS 72
799 #define GET_REGA(val) GET_REG32(val)
801 #define GET_REGA(val) GET_REGL(val)
804 static int cpu_gdb_read_register(CPUSPARCState *env, uint8_t *mem_buf, int n)
808 GET_REGA(env->gregs[n]);
811 /* register window */
812 GET_REGA(env->regwptr[n - 8]);
814 #if defined(TARGET_ABI32) || !defined(TARGET_SPARC64)
818 GET_REG32(env->fpr[(n - 32) / 2].l.lower);
820 GET_REG32(env->fpr[(n - 32) / 2].l.upper);
823 /* Y, PSR, WIM, TBR, PC, NPC, FPSR, CPSR */
825 case 64: GET_REGA(env->y);
826 case 65: GET_REGA(cpu_get_psr(env));
827 case 66: GET_REGA(env->wim);
828 case 67: GET_REGA(env->tbr);
829 case 68: GET_REGA(env->pc);
830 case 69: GET_REGA(env->npc);
831 case 70: GET_REGA(env->fsr);
832 case 71: GET_REGA(0); /* csr */
833 default: GET_REGA(0);
839 GET_REG32(env->fpr[(n - 32) / 2].l.lower);
841 GET_REG32(env->fpr[(n - 32) / 2].l.upper);
845 /* f32-f62 (double width, even numbers only) */
846 GET_REG64(env->fpr[(n - 32) / 2].ll);
849 case 80: GET_REGL(env->pc);
850 case 81: GET_REGL(env->npc);
851 case 82: GET_REGL((cpu_get_ccr(env) << 32) |
852 ((env->asi & 0xff) << 24) |
853 ((env->pstate & 0xfff) << 8) |
855 case 83: GET_REGL(env->fsr);
856 case 84: GET_REGL(env->fprs);
857 case 85: GET_REGL(env->y);
863 static int cpu_gdb_write_register(CPUSPARCState *env, uint8_t *mem_buf, int n)
865 #if defined(TARGET_ABI32)
868 tmp = ldl_p(mem_buf);
872 tmp = ldtul_p(mem_buf);
879 /* register window */
880 env->regwptr[n - 8] = tmp;
882 #if defined(TARGET_ABI32) || !defined(TARGET_SPARC64)
887 env->fpr[(n - 32) / 2].l.lower = tmp;
889 env->fpr[(n - 32) / 2].l.upper = tmp;
892 /* Y, PSR, WIM, TBR, PC, NPC, FPSR, CPSR */
894 case 64: env->y = tmp; break;
895 case 65: cpu_put_psr(env, tmp); break;
896 case 66: env->wim = tmp; break;
897 case 67: env->tbr = tmp; break;
898 case 68: env->pc = tmp; break;
899 case 69: env->npc = tmp; break;
900 case 70: env->fsr = tmp; break;
908 tmp = ldl_p(mem_buf);
910 env->fpr[(n - 32) / 2].l.lower = tmp;
912 env->fpr[(n - 32) / 2].l.upper = tmp;
916 /* f32-f62 (double width, even numbers only) */
917 env->fpr[(n - 32) / 2].ll = tmp;
920 case 80: env->pc = tmp; break;
921 case 81: env->npc = tmp; break;
923 cpu_put_ccr(env, tmp >> 32);
924 env->asi = (tmp >> 24) & 0xff;
925 env->pstate = (tmp >> 8) & 0xfff;
926 cpu_put_cwp64(env, tmp & 0xff);
928 case 83: env->fsr = tmp; break;
929 case 84: env->fprs = tmp; break;
930 case 85: env->y = tmp; break;
937 #elif defined (TARGET_ARM)
939 /* Old gdb always expect FPA registers. Newer (xml-aware) gdb only expect
940 whatever the target description contains. Due to a historical mishap
941 the FPA registers appear in between core integer regs and the CPSR.
942 We hack round this by giving the FPA regs zero size when talking to a
944 #define NUM_CORE_REGS 26
945 #define GDB_CORE_XML "arm-core.xml"
947 static int cpu_gdb_read_register(CPUARMState *env, uint8_t *mem_buf, int n)
950 /* Core integer register. */
951 GET_REG32(env->regs[n]);
957 memset(mem_buf, 0, 12);
962 /* FPA status register. */
968 GET_REG32(cpsr_read(env));
970 /* Unknown register. */
974 static int cpu_gdb_write_register(CPUARMState *env, uint8_t *mem_buf, int n)
978 tmp = ldl_p(mem_buf);
980 /* Mask out low bit of PC to workaround gdb bugs. This will probably
981 cause problems if we ever implement the Jazelle DBX extensions. */
986 /* Core integer register. */
990 if (n < 24) { /* 16-23 */
991 /* FPA registers (ignored). */
998 /* FPA status register (ignored). */
1004 cpsr_write (env, tmp, 0xffffffff);
1007 /* Unknown register. */
1011 #elif defined (TARGET_M68K)
1013 #define NUM_CORE_REGS 18
1015 #define GDB_CORE_XML "cf-core.xml"
1017 static int cpu_gdb_read_register(CPUM68KState *env, uint8_t *mem_buf, int n)
1021 GET_REG32(env->dregs[n]);
1022 } else if (n < 16) {
1024 GET_REG32(env->aregs[n - 8]);
1027 case 16: GET_REG32(env->sr);
1028 case 17: GET_REG32(env->pc);
1031 /* FP registers not included here because they vary between
1032 ColdFire and m68k. Use XML bits for these. */
1036 static int cpu_gdb_write_register(CPUM68KState *env, uint8_t *mem_buf, int n)
1040 tmp = ldl_p(mem_buf);
1044 env->dregs[n] = tmp;
1045 } else if (n < 16) {
1047 env->aregs[n - 8] = tmp;
1050 case 16: env->sr = tmp; break;
1051 case 17: env->pc = tmp; break;
1057 #elif defined (TARGET_MIPS)
1059 #define NUM_CORE_REGS 73
1061 static int cpu_gdb_read_register(CPUMIPSState *env, uint8_t *mem_buf, int n)
1064 GET_REGL(env->active_tc.gpr[n]);
1066 if (env->CP0_Config1 & (1 << CP0C1_FP)) {
1067 if (n >= 38 && n < 70) {
1068 if (env->CP0_Status & (1 << CP0St_FR))
1069 GET_REGL(env->active_fpu.fpr[n - 38].d);
1071 GET_REGL(env->active_fpu.fpr[n - 38].w[FP_ENDIAN_IDX]);
1074 case 70: GET_REGL((int32_t)env->active_fpu.fcr31);
1075 case 71: GET_REGL((int32_t)env->active_fpu.fcr0);
1079 case 32: GET_REGL((int32_t)env->CP0_Status);
1080 case 33: GET_REGL(env->active_tc.LO[0]);
1081 case 34: GET_REGL(env->active_tc.HI[0]);
1082 case 35: GET_REGL(env->CP0_BadVAddr);
1083 case 36: GET_REGL((int32_t)env->CP0_Cause);
1084 case 37: GET_REGL(env->active_tc.PC | !!(env->hflags & MIPS_HFLAG_M16));
1085 case 72: GET_REGL(0); /* fp */
1086 case 89: GET_REGL((int32_t)env->CP0_PRid);
1088 if (n >= 73 && n <= 88) {
1089 /* 16 embedded regs. */
1096 /* convert MIPS rounding mode in FCR31 to IEEE library */
1097 static unsigned int ieee_rm[] =
1099 float_round_nearest_even,
1100 float_round_to_zero,
1104 #define RESTORE_ROUNDING_MODE \
1105 set_float_rounding_mode(ieee_rm[env->active_fpu.fcr31 & 3], &env->active_fpu.fp_status)
1107 static int cpu_gdb_write_register(CPUMIPSState *env, uint8_t *mem_buf, int n)
1111 tmp = ldtul_p(mem_buf);
1114 env->active_tc.gpr[n] = tmp;
1115 return sizeof(target_ulong);
1117 if (env->CP0_Config1 & (1 << CP0C1_FP)
1118 && n >= 38 && n < 73) {
1120 if (env->CP0_Status & (1 << CP0St_FR))
1121 env->active_fpu.fpr[n - 38].d = tmp;
1123 env->active_fpu.fpr[n - 38].w[FP_ENDIAN_IDX] = tmp;
1127 env->active_fpu.fcr31 = tmp & 0xFF83FFFF;
1128 /* set rounding mode */
1129 RESTORE_ROUNDING_MODE;
1131 case 71: env->active_fpu.fcr0 = tmp; break;
1133 return sizeof(target_ulong);
1136 case 32: env->CP0_Status = tmp; break;
1137 case 33: env->active_tc.LO[0] = tmp; break;
1138 case 34: env->active_tc.HI[0] = tmp; break;
1139 case 35: env->CP0_BadVAddr = tmp; break;
1140 case 36: env->CP0_Cause = tmp; break;
1142 env->active_tc.PC = tmp & ~(target_ulong)1;
1144 env->hflags |= MIPS_HFLAG_M16;
1146 env->hflags &= ~(MIPS_HFLAG_M16);
1149 case 72: /* fp, ignored */ break;
1153 /* Other registers are readonly. Ignore writes. */
1157 return sizeof(target_ulong);
1159 #elif defined(TARGET_OPENRISC)
1161 #define NUM_CORE_REGS (32 + 3)
1163 static int cpu_gdb_read_register(CPUOpenRISCState *env, uint8_t *mem_buf, int n)
1166 GET_REG32(env->gpr[n]);
1170 GET_REG32(env->ppc);
1174 GET_REG32(env->npc);
1188 static int cpu_gdb_write_register(CPUOpenRISCState *env,
1189 uint8_t *mem_buf, int n)
1193 if (n > NUM_CORE_REGS) {
1197 tmp = ldl_p(mem_buf);
1221 #elif defined (TARGET_SH4)
1223 /* Hint: Use "set architecture sh4" in GDB to see fpu registers */
1224 /* FIXME: We should use XML for this. */
1226 #define NUM_CORE_REGS 59
1228 static int cpu_gdb_read_register(CPUSH4State *env, uint8_t *mem_buf, int n)
1232 if ((env->sr & (SR_MD | SR_RB)) == (SR_MD | SR_RB)) {
1233 GET_REGL(env->gregs[n + 16]);
1235 GET_REGL(env->gregs[n]);
1238 GET_REGL(env->gregs[n]);
1248 GET_REGL(env->mach);
1250 GET_REGL(env->macl);
1254 GET_REGL(env->fpul);
1256 GET_REGL(env->fpscr);
1258 if (env->fpscr & FPSCR_FR) {
1259 stfl_p(mem_buf, env->fregs[n - 9]);
1261 stfl_p(mem_buf, env->fregs[n - 25]);
1269 GET_REGL(env->gregs[n - 43]);
1271 GET_REGL(env->gregs[n - (51 - 16)]);
1277 static int cpu_gdb_write_register(CPUSH4State *env, uint8_t *mem_buf, int n)
1281 if ((env->sr & (SR_MD | SR_RB)) == (SR_MD | SR_RB)) {
1282 env->gregs[n + 16] = ldl_p(mem_buf);
1284 env->gregs[n] = ldl_p(mem_buf);
1288 env->gregs[n] = ldl_p(mem_buf);
1291 env->pc = ldl_p(mem_buf);
1294 env->pr = ldl_p(mem_buf);
1297 env->gbr = ldl_p(mem_buf);
1300 env->vbr = ldl_p(mem_buf);
1303 env->mach = ldl_p(mem_buf);
1306 env->macl = ldl_p(mem_buf);
1309 env->sr = ldl_p(mem_buf);
1312 env->fpul = ldl_p(mem_buf);
1315 env->fpscr = ldl_p(mem_buf);
1318 if (env->fpscr & FPSCR_FR) {
1319 env->fregs[n - 9] = ldfl_p(mem_buf);
1321 env->fregs[n - 25] = ldfl_p(mem_buf);
1325 env->ssr = ldl_p(mem_buf);
1328 env->spc = ldl_p(mem_buf);
1331 env->gregs[n - 43] = ldl_p(mem_buf);
1334 env->gregs[n - (51 - 16)] = ldl_p(mem_buf);
1341 #elif defined (TARGET_MICROBLAZE)
1343 #define NUM_CORE_REGS (32 + 5)
1345 static int cpu_gdb_read_register(CPUMBState *env, uint8_t *mem_buf, int n)
1348 GET_REG32(env->regs[n]);
1350 GET_REG32(env->sregs[n - 32]);
1355 static int cpu_gdb_write_register(CPUMBState *env, uint8_t *mem_buf, int n)
1359 if (n > NUM_CORE_REGS)
1362 tmp = ldl_p(mem_buf);
1367 env->sregs[n - 32] = tmp;
1371 #elif defined (TARGET_CRIS)
1373 #define NUM_CORE_REGS 49
1376 read_register_crisv10(CPUCRISState *env, uint8_t *mem_buf, int n)
1379 GET_REG32(env->regs[n]);
1389 GET_REG8(env->pregs[n - 16]);
1392 GET_REG8(env->pregs[n - 16]);
1396 GET_REG16(env->pregs[n - 16]);
1400 GET_REG32(env->pregs[n - 16]);
1408 static int cpu_gdb_read_register(CPUCRISState *env, uint8_t *mem_buf, int n)
1412 if (env->pregs[PR_VR] < 32)
1413 return read_register_crisv10(env, mem_buf, n);
1415 srs = env->pregs[PR_SRS];
1417 GET_REG32(env->regs[n]);
1420 if (n >= 21 && n < 32) {
1421 GET_REG32(env->pregs[n - 16]);
1423 if (n >= 33 && n < 49) {
1424 GET_REG32(env->sregs[srs][n - 33]);
1427 case 16: GET_REG8(env->pregs[0]);
1428 case 17: GET_REG8(env->pregs[1]);
1429 case 18: GET_REG32(env->pregs[2]);
1430 case 19: GET_REG8(srs);
1431 case 20: GET_REG16(env->pregs[4]);
1432 case 32: GET_REG32(env->pc);
1438 static int cpu_gdb_write_register(CPUCRISState *env, uint8_t *mem_buf, int n)
1445 tmp = ldl_p(mem_buf);
1451 if (n >= 21 && n < 32) {
1452 env->pregs[n - 16] = tmp;
1455 /* FIXME: Should support function regs be writable? */
1459 case 18: env->pregs[PR_PID] = tmp; break;
1462 case 32: env->pc = tmp; break;
1467 #elif defined (TARGET_ALPHA)
1469 #define NUM_CORE_REGS 67
1471 static int cpu_gdb_read_register(CPUAlphaState *env, uint8_t *mem_buf, int n)
1481 d.d = env->fir[n - 32];
1485 val = cpu_alpha_load_fpcr(env);
1495 /* 31 really is the zero register; 65 is unassigned in the
1496 gdb protocol, but is still required to occupy 8 bytes. */
1505 static int cpu_gdb_write_register(CPUAlphaState *env, uint8_t *mem_buf, int n)
1507 target_ulong tmp = ldtul_p(mem_buf);
1516 env->fir[n - 32] = d.d;
1519 cpu_alpha_store_fpcr(env, tmp);
1529 /* 31 really is the zero register; 65 is unassigned in the
1530 gdb protocol, but is still required to occupy 8 bytes. */
1537 #elif defined (TARGET_S390X)
1539 #define NUM_CORE_REGS S390_NUM_REGS
1541 static int cpu_gdb_read_register(CPUS390XState *env, uint8_t *mem_buf, int n)
1547 case S390_PSWM_REGNUM:
1548 cc_op = calc_cc(env, env->cc_op, env->cc_src, env->cc_dst, env->cc_vr);
1549 val = deposit64(env->psw.mask, 44, 2, cc_op);
1552 case S390_PSWA_REGNUM:
1553 GET_REGL(env->psw.addr);
1555 case S390_R0_REGNUM ... S390_R15_REGNUM:
1556 GET_REGL(env->regs[n-S390_R0_REGNUM]);
1558 case S390_A0_REGNUM ... S390_A15_REGNUM:
1559 GET_REG32(env->aregs[n-S390_A0_REGNUM]);
1561 case S390_FPC_REGNUM:
1562 GET_REG32(env->fpc);
1564 case S390_F0_REGNUM ... S390_F15_REGNUM:
1565 GET_REG64(env->fregs[n-S390_F0_REGNUM].ll);
1572 static int cpu_gdb_write_register(CPUS390XState *env, uint8_t *mem_buf, int n)
1577 tmpl = ldtul_p(mem_buf);
1578 tmp32 = ldl_p(mem_buf);
1581 case S390_PSWM_REGNUM:
1582 env->psw.mask = tmpl;
1583 env->cc_op = extract64(tmpl, 44, 2);
1585 case S390_PSWA_REGNUM:
1586 env->psw.addr = tmpl;
1588 case S390_R0_REGNUM ... S390_R15_REGNUM:
1589 env->regs[n-S390_R0_REGNUM] = tmpl;
1591 case S390_A0_REGNUM ... S390_A15_REGNUM:
1592 env->aregs[n-S390_A0_REGNUM] = tmp32;
1595 case S390_FPC_REGNUM:
1599 case S390_F0_REGNUM ... S390_F15_REGNUM:
1600 env->fregs[n-S390_F0_REGNUM].ll = tmpl;
1607 #elif defined (TARGET_LM32)
1609 #include "hw/lm32_pic.h"
1610 #define NUM_CORE_REGS (32 + 7)
1612 static int cpu_gdb_read_register(CPULM32State *env, uint8_t *mem_buf, int n)
1615 GET_REG32(env->regs[n]);
1621 /* FIXME: put in right exception ID */
1626 GET_REG32(env->eba);
1629 GET_REG32(env->deba);
1635 GET_REG32(lm32_pic_get_im(env->pic_state));
1638 GET_REG32(lm32_pic_get_ip(env->pic_state));
1645 static int cpu_gdb_write_register(CPULM32State *env, uint8_t *mem_buf, int n)
1649 if (n > NUM_CORE_REGS) {
1653 tmp = ldl_p(mem_buf);
1672 lm32_pic_set_im(env->pic_state, tmp);
1675 lm32_pic_set_ip(env->pic_state, tmp);
1681 #elif defined(TARGET_XTENSA)
1683 /* Use num_core_regs to see only non-privileged registers in an unmodified gdb.
1684 * Use num_regs to see all registers. gdb modification is required for that:
1685 * reset bit 0 in the 'flags' field of the registers definitions in the
1686 * gdb/xtensa-config.c inside gdb source tree or inside gdb overlay.
1688 #define NUM_CORE_REGS (env->config->gdb_regmap.num_regs)
1689 #define num_g_regs NUM_CORE_REGS
1691 static int cpu_gdb_read_register(CPUXtensaState *env, uint8_t *mem_buf, int n)
1693 const XtensaGdbReg *reg = env->config->gdb_regmap.reg + n;
1695 if (n < 0 || n >= env->config->gdb_regmap.num_regs) {
1699 switch (reg->type) {
1705 xtensa_sync_phys_from_window(env);
1706 GET_REG32(env->phys_regs[(reg->targno & 0xff) % env->config->nareg]);
1710 GET_REG32(env->sregs[reg->targno & 0xff]);
1714 GET_REG32(env->uregs[reg->targno & 0xff]);
1718 GET_REG32(float32_val(env->fregs[reg->targno & 0x0f]));
1722 GET_REG32(env->regs[reg->targno & 0x0f]);
1726 qemu_log("%s from reg %d of unsupported type %d\n",
1727 __func__, n, reg->type);
1732 static int cpu_gdb_write_register(CPUXtensaState *env, uint8_t *mem_buf, int n)
1735 const XtensaGdbReg *reg = env->config->gdb_regmap.reg + n;
1737 if (n < 0 || n >= env->config->gdb_regmap.num_regs) {
1741 tmp = ldl_p(mem_buf);
1743 switch (reg->type) {
1749 env->phys_regs[(reg->targno & 0xff) % env->config->nareg] = tmp;
1750 xtensa_sync_window_from_phys(env);
1754 env->sregs[reg->targno & 0xff] = tmp;
1758 env->uregs[reg->targno & 0xff] = tmp;
1762 env->fregs[reg->targno & 0x0f] = make_float32(tmp);
1766 env->regs[reg->targno & 0x0f] = tmp;
1770 qemu_log("%s to reg %d of unsupported type %d\n",
1771 __func__, n, reg->type);
1779 #define NUM_CORE_REGS 0
1781 static int cpu_gdb_read_register(CPUArchState *env, uint8_t *mem_buf, int n)
1786 static int cpu_gdb_write_register(CPUArchState *env, uint8_t *mem_buf, int n)
1793 #if !defined(TARGET_XTENSA)
1794 static int num_g_regs = NUM_CORE_REGS;
1798 /* Encode data using the encoding for 'x' packets. */
1799 static int memtox(char *buf, const char *mem, int len)
1807 case '#': case '$': case '*': case '}':
1819 static const char *get_feature_xml(const char *p, const char **newp)
1824 static char target_xml[1024];
1827 while (p[len] && p[len] != ':')
1832 if (strncmp(p, "target.xml", len) == 0) {
1833 /* Generate the XML description for this CPU. */
1834 if (!target_xml[0]) {
1835 GDBRegisterState *r;
1837 snprintf(target_xml, sizeof(target_xml),
1838 "<?xml version=\"1.0\"?>"
1839 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
1841 "<xi:include href=\"%s\"/>",
1844 for (r = first_cpu->gdb_regs; r; r = r->next) {
1845 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
1846 pstrcat(target_xml, sizeof(target_xml), r->xml);
1847 pstrcat(target_xml, sizeof(target_xml), "\"/>");
1849 pstrcat(target_xml, sizeof(target_xml), "</target>");
1853 for (i = 0; ; i++) {
1854 name = xml_builtin[i][0];
1855 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
1858 return name ? xml_builtin[i][1] : NULL;
1862 static int gdb_read_register(CPUArchState *env, uint8_t *mem_buf, int reg)
1864 GDBRegisterState *r;
1866 if (reg < NUM_CORE_REGS)
1867 return cpu_gdb_read_register(env, mem_buf, reg);
1869 for (r = env->gdb_regs; r; r = r->next) {
1870 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
1871 return r->get_reg(env, mem_buf, reg - r->base_reg);
1877 static int gdb_write_register(CPUArchState *env, uint8_t *mem_buf, int reg)
1879 GDBRegisterState *r;
1881 if (reg < NUM_CORE_REGS)
1882 return cpu_gdb_write_register(env, mem_buf, reg);
1884 for (r = env->gdb_regs; r; r = r->next) {
1885 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
1886 return r->set_reg(env, mem_buf, reg - r->base_reg);
1892 #if !defined(TARGET_XTENSA)
1893 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
1894 specifies the first register number and these registers are included in
1895 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
1896 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
1899 void gdb_register_coprocessor(CPUArchState * env,
1900 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
1901 int num_regs, const char *xml, int g_pos)
1903 GDBRegisterState *s;
1904 GDBRegisterState **p;
1905 static int last_reg = NUM_CORE_REGS;
1909 /* Check for duplicates. */
1910 if (strcmp((*p)->xml, xml) == 0)
1915 s = g_new0(GDBRegisterState, 1);
1916 s->base_reg = last_reg;
1917 s->num_regs = num_regs;
1918 s->get_reg = get_reg;
1919 s->set_reg = set_reg;
1922 /* Add to end of list. */
1923 last_reg += num_regs;
1926 if (g_pos != s->base_reg) {
1927 fprintf(stderr, "Error: Bad gdb register numbering for '%s'\n"
1928 "Expected %d got %d\n", xml, g_pos, s->base_reg);
1930 num_g_regs = last_reg;
1936 #ifndef CONFIG_USER_ONLY
1937 static const int xlat_gdb_type[] = {
1938 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
1939 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
1940 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
1944 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
1950 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
1953 case GDB_BREAKPOINT_SW:
1954 case GDB_BREAKPOINT_HW:
1955 for (env = first_cpu; env != NULL; env = env->next_cpu) {
1956 err = cpu_breakpoint_insert(env, addr, BP_GDB, NULL);
1961 #ifndef CONFIG_USER_ONLY
1962 case GDB_WATCHPOINT_WRITE:
1963 case GDB_WATCHPOINT_READ:
1964 case GDB_WATCHPOINT_ACCESS:
1965 for (env = first_cpu; env != NULL; env = env->next_cpu) {
1966 err = cpu_watchpoint_insert(env, addr, len, xlat_gdb_type[type],
1978 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
1984 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
1987 case GDB_BREAKPOINT_SW:
1988 case GDB_BREAKPOINT_HW:
1989 for (env = first_cpu; env != NULL; env = env->next_cpu) {
1990 err = cpu_breakpoint_remove(env, addr, BP_GDB);
1995 #ifndef CONFIG_USER_ONLY
1996 case GDB_WATCHPOINT_WRITE:
1997 case GDB_WATCHPOINT_READ:
1998 case GDB_WATCHPOINT_ACCESS:
1999 for (env = first_cpu; env != NULL; env = env->next_cpu) {
2000 err = cpu_watchpoint_remove(env, addr, len, xlat_gdb_type[type]);
2011 static void gdb_breakpoint_remove_all(void)
2015 if (kvm_enabled()) {
2016 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
2020 for (env = first_cpu; env != NULL; env = env->next_cpu) {
2021 cpu_breakpoint_remove_all(env, BP_GDB);
2022 #ifndef CONFIG_USER_ONLY
2023 cpu_watchpoint_remove_all(env, BP_GDB);
2028 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
2030 cpu_synchronize_state(s->c_cpu);
2031 #if defined(TARGET_I386)
2033 #elif defined (TARGET_PPC)
2035 #elif defined (TARGET_SPARC)
2037 s->c_cpu->npc = pc + 4;
2038 #elif defined (TARGET_ARM)
2039 s->c_cpu->regs[15] = pc;
2040 #elif defined (TARGET_SH4)
2042 #elif defined (TARGET_MIPS)
2043 s->c_cpu->active_tc.PC = pc & ~(target_ulong)1;
2045 s->c_cpu->hflags |= MIPS_HFLAG_M16;
2047 s->c_cpu->hflags &= ~(MIPS_HFLAG_M16);
2049 #elif defined (TARGET_MICROBLAZE)
2050 s->c_cpu->sregs[SR_PC] = pc;
2051 #elif defined(TARGET_OPENRISC)
2053 #elif defined (TARGET_CRIS)
2055 #elif defined (TARGET_ALPHA)
2057 #elif defined (TARGET_S390X)
2058 s->c_cpu->psw.addr = pc;
2059 #elif defined (TARGET_LM32)
2061 #elif defined(TARGET_XTENSA)
2066 static CPUArchState *find_cpu(uint32_t thread_id)
2071 for (env = first_cpu; env != NULL; env = env->next_cpu) {
2072 cpu = ENV_GET_CPU(env);
2073 if (cpu_index(cpu) == thread_id) {
2081 static int gdb_handle_packet(GDBState *s, const char *line_buf)
2086 int ch, reg_size, type, res;
2087 char buf[MAX_PACKET_LENGTH];
2088 uint8_t mem_buf[MAX_PACKET_LENGTH];
2090 target_ulong addr, len;
2093 printf("command='%s'\n", line_buf);
2099 /* TODO: Make this return the correct value for user-mode. */
2100 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
2101 cpu_index(ENV_GET_CPU(s->c_cpu)));
2103 /* Remove all the breakpoints when this query is issued,
2104 * because gdb is doing and initial connect and the state
2105 * should be cleaned up.
2107 gdb_breakpoint_remove_all();
2111 addr = strtoull(p, (char **)&p, 16);
2112 gdb_set_cpu_pc(s, addr);
2118 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
2119 if (s->signal == -1)
2124 if (strncmp(p, "Cont", 4) == 0) {
2125 int res_signal, res_thread;
2129 put_packet(s, "vCont;c;C;s;S");
2144 if (action == 'C' || action == 'S') {
2145 signal = strtoul(p, (char **)&p, 16);
2146 } else if (action != 'c' && action != 's') {
2152 thread = strtoull(p+1, (char **)&p, 16);
2154 action = tolower(action);
2155 if (res == 0 || (res == 'c' && action == 's')) {
2157 res_signal = signal;
2158 res_thread = thread;
2162 if (res_thread != -1 && res_thread != 0) {
2163 env = find_cpu(res_thread);
2165 put_packet(s, "E22");
2171 cpu_single_step(s->c_cpu, sstep_flags);
2173 s->signal = res_signal;
2179 goto unknown_command;
2182 #ifdef CONFIG_USER_ONLY
2183 /* Kill the target */
2184 fprintf(stderr, "\nQEMU: Terminated via GDBstub\n");
2189 gdb_breakpoint_remove_all();
2190 gdb_syscall_mode = GDB_SYS_DISABLED;
2192 put_packet(s, "OK");
2196 addr = strtoull(p, (char **)&p, 16);
2197 gdb_set_cpu_pc(s, addr);
2199 cpu_single_step(s->c_cpu, sstep_flags);
2207 ret = strtoull(p, (char **)&p, 16);
2210 err = strtoull(p, (char **)&p, 16);
2217 if (s->current_syscall_cb) {
2218 s->current_syscall_cb(s->c_cpu, ret, err);
2219 s->current_syscall_cb = NULL;
2222 put_packet(s, "T02");
2229 cpu_synchronize_state(s->g_cpu);
2232 for (addr = 0; addr < num_g_regs; addr++) {
2233 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
2236 memtohex(buf, mem_buf, len);
2240 cpu_synchronize_state(s->g_cpu);
2242 registers = mem_buf;
2243 len = strlen(p) / 2;
2244 hextomem((uint8_t *)registers, p, len);
2245 for (addr = 0; addr < num_g_regs && len > 0; addr++) {
2246 reg_size = gdb_write_register(s->g_cpu, registers, addr);
2248 registers += reg_size;
2250 put_packet(s, "OK");
2253 addr = strtoull(p, (char **)&p, 16);
2256 len = strtoull(p, NULL, 16);
2257 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, 0) != 0) {
2258 put_packet (s, "E14");
2260 memtohex(buf, mem_buf, len);
2265 addr = strtoull(p, (char **)&p, 16);
2268 len = strtoull(p, (char **)&p, 16);
2271 hextomem(mem_buf, p, len);
2272 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, 1) != 0) {
2273 put_packet(s, "E14");
2275 put_packet(s, "OK");
2279 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
2280 This works, but can be very slow. Anything new enough to
2281 understand XML also knows how to use this properly. */
2283 goto unknown_command;
2284 addr = strtoull(p, (char **)&p, 16);
2285 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
2287 memtohex(buf, mem_buf, reg_size);
2290 put_packet(s, "E14");
2295 goto unknown_command;
2296 addr = strtoull(p, (char **)&p, 16);
2299 reg_size = strlen(p) / 2;
2300 hextomem(mem_buf, p, reg_size);
2301 gdb_write_register(s->g_cpu, mem_buf, addr);
2302 put_packet(s, "OK");
2306 type = strtoul(p, (char **)&p, 16);
2309 addr = strtoull(p, (char **)&p, 16);
2312 len = strtoull(p, (char **)&p, 16);
2314 res = gdb_breakpoint_insert(addr, len, type);
2316 res = gdb_breakpoint_remove(addr, len, type);
2318 put_packet(s, "OK");
2319 else if (res == -ENOSYS)
2322 put_packet(s, "E22");
2326 thread = strtoull(p, (char **)&p, 16);
2327 if (thread == -1 || thread == 0) {
2328 put_packet(s, "OK");
2331 env = find_cpu(thread);
2333 put_packet(s, "E22");
2339 put_packet(s, "OK");
2343 put_packet(s, "OK");
2346 put_packet(s, "E22");
2351 thread = strtoull(p, (char **)&p, 16);
2352 env = find_cpu(thread);
2355 put_packet(s, "OK");
2357 put_packet(s, "E22");
2362 /* parse any 'q' packets here */
2363 if (!strcmp(p,"qemu.sstepbits")) {
2364 /* Query Breakpoint bit definitions */
2365 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
2371 } else if (strncmp(p,"qemu.sstep",10) == 0) {
2372 /* Display or change the sstep_flags */
2375 /* Display current setting */
2376 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
2381 type = strtoul(p, (char **)&p, 16);
2383 put_packet(s, "OK");
2385 } else if (strcmp(p,"C") == 0) {
2386 /* "Current thread" remains vague in the spec, so always return
2387 * the first CPU (gdb returns the first thread). */
2388 put_packet(s, "QC1");
2390 } else if (strcmp(p,"fThreadInfo") == 0) {
2391 s->query_cpu = first_cpu;
2392 goto report_cpuinfo;
2393 } else if (strcmp(p,"sThreadInfo") == 0) {
2396 snprintf(buf, sizeof(buf), "m%x",
2397 cpu_index(ENV_GET_CPU(s->query_cpu)));
2399 s->query_cpu = s->query_cpu->next_cpu;
2403 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
2404 thread = strtoull(p+16, (char **)&p, 16);
2405 env = find_cpu(thread);
2407 CPUState *cpu = ENV_GET_CPU(env);
2408 cpu_synchronize_state(env);
2409 len = snprintf((char *)mem_buf, sizeof(mem_buf),
2410 "CPU#%d [%s]", cpu->cpu_index,
2411 cpu->halted ? "halted " : "running");
2412 memtohex(buf, mem_buf, len);
2417 #ifdef CONFIG_USER_ONLY
2418 else if (strncmp(p, "Offsets", 7) == 0) {
2419 TaskState *ts = s->c_cpu->opaque;
2421 snprintf(buf, sizeof(buf),
2422 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
2423 ";Bss=" TARGET_ABI_FMT_lx,
2424 ts->info->code_offset,
2425 ts->info->data_offset,
2426 ts->info->data_offset);
2430 #else /* !CONFIG_USER_ONLY */
2431 else if (strncmp(p, "Rcmd,", 5) == 0) {
2432 int len = strlen(p + 5);
2434 if ((len % 2) != 0) {
2435 put_packet(s, "E01");
2438 hextomem(mem_buf, p + 5, len);
2441 qemu_chr_be_write(s->mon_chr, mem_buf, len);
2442 put_packet(s, "OK");
2445 #endif /* !CONFIG_USER_ONLY */
2446 if (strncmp(p, "Supported", 9) == 0) {
2447 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
2449 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
2455 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
2457 target_ulong total_len;
2461 xml = get_feature_xml(p, &p);
2463 snprintf(buf, sizeof(buf), "E00");
2470 addr = strtoul(p, (char **)&p, 16);
2473 len = strtoul(p, (char **)&p, 16);
2475 total_len = strlen(xml);
2476 if (addr > total_len) {
2477 snprintf(buf, sizeof(buf), "E00");
2481 if (len > (MAX_PACKET_LENGTH - 5) / 2)
2482 len = (MAX_PACKET_LENGTH - 5) / 2;
2483 if (len < total_len - addr) {
2485 len = memtox(buf + 1, xml + addr, len);
2488 len = memtox(buf + 1, xml + addr, total_len - addr);
2490 put_packet_binary(s, buf, len + 1);
2494 /* Unrecognised 'q' command. */
2495 goto unknown_command;
2499 /* put empty packet */
2507 void gdb_set_stop_cpu(CPUArchState *env)
2509 gdbserver_state->c_cpu = env;
2510 gdbserver_state->g_cpu = env;
2513 #ifndef CONFIG_USER_ONLY
2514 static void gdb_vm_state_change(void *opaque, int running, RunState state)
2516 GDBState *s = gdbserver_state;
2517 CPUArchState *env = s->c_cpu;
2518 CPUState *cpu = ENV_GET_CPU(env);
2523 if (running || s->state == RS_INACTIVE) {
2526 /* Is there a GDB syscall waiting to be sent? */
2527 if (s->current_syscall_cb) {
2528 put_packet(s, s->syscall_buf);
2532 case RUN_STATE_DEBUG:
2533 if (env->watchpoint_hit) {
2534 switch (env->watchpoint_hit->flags & BP_MEM_ACCESS) {
2545 snprintf(buf, sizeof(buf),
2546 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
2547 GDB_SIGNAL_TRAP, cpu_index(cpu), type,
2548 env->watchpoint_hit->vaddr);
2549 env->watchpoint_hit = NULL;
2553 ret = GDB_SIGNAL_TRAP;
2555 case RUN_STATE_PAUSED:
2556 ret = GDB_SIGNAL_INT;
2558 case RUN_STATE_SHUTDOWN:
2559 ret = GDB_SIGNAL_QUIT;
2561 case RUN_STATE_IO_ERROR:
2562 ret = GDB_SIGNAL_IO;
2564 case RUN_STATE_WATCHDOG:
2565 ret = GDB_SIGNAL_ALRM;
2567 case RUN_STATE_INTERNAL_ERROR:
2568 ret = GDB_SIGNAL_ABRT;
2570 case RUN_STATE_SAVE_VM:
2571 case RUN_STATE_RESTORE_VM:
2573 case RUN_STATE_FINISH_MIGRATE:
2574 ret = GDB_SIGNAL_XCPU;
2577 ret = GDB_SIGNAL_UNKNOWN;
2580 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_index(cpu));
2585 /* disable single step if it was enabled */
2586 cpu_single_step(env, 0);
2590 /* Send a gdb syscall request.
2591 This accepts limited printf-style format specifiers, specifically:
2592 %x - target_ulong argument printed in hex.
2593 %lx - 64-bit argument printed in hex.
2594 %s - string pointer (target_ulong) and length (int) pair. */
2595 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
2604 s = gdbserver_state;
2607 s->current_syscall_cb = cb;
2608 #ifndef CONFIG_USER_ONLY
2609 vm_stop(RUN_STATE_DEBUG);
2613 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
2620 addr = va_arg(va, target_ulong);
2621 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
2624 if (*(fmt++) != 'x')
2626 i64 = va_arg(va, uint64_t);
2627 p += snprintf(p, p_end - p, "%" PRIx64, i64);
2630 addr = va_arg(va, target_ulong);
2631 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
2632 addr, va_arg(va, int));
2636 fprintf(stderr, "gdbstub: Bad syscall format string '%s'\n",
2646 #ifdef CONFIG_USER_ONLY
2647 put_packet(s, s->syscall_buf);
2648 gdb_handlesig(s->c_cpu, 0);
2650 /* In this case wait to send the syscall packet until notification that
2651 the CPU has stopped. This must be done because if the packet is sent
2652 now the reply from the syscall request could be received while the CPU
2653 is still in the running state, which can cause packets to be dropped
2654 and state transition 'T' packets to be sent while the syscall is still
2660 static void gdb_read_byte(GDBState *s, int ch)
2665 #ifndef CONFIG_USER_ONLY
2666 if (s->last_packet_len) {
2667 /* Waiting for a response to the last packet. If we see the start
2668 of a new command then abandon the previous response. */
2671 printf("Got NACK, retransmitting\n");
2673 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
2677 printf("Got ACK\n");
2679 printf("Got '%c' when expecting ACK/NACK\n", ch);
2681 if (ch == '+' || ch == '$')
2682 s->last_packet_len = 0;
2686 if (runstate_is_running()) {
2687 /* when the CPU is running, we cannot do anything except stop
2688 it when receiving a char */
2689 vm_stop(RUN_STATE_PAUSED);
2696 s->line_buf_index = 0;
2697 s->state = RS_GETLINE;
2702 s->state = RS_CHKSUM1;
2703 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
2706 s->line_buf[s->line_buf_index++] = ch;
2710 s->line_buf[s->line_buf_index] = '\0';
2711 s->line_csum = fromhex(ch) << 4;
2712 s->state = RS_CHKSUM2;
2715 s->line_csum |= fromhex(ch);
2717 for(i = 0; i < s->line_buf_index; i++) {
2718 csum += s->line_buf[i];
2720 if (s->line_csum != (csum & 0xff)) {
2722 put_buffer(s, &reply, 1);
2726 put_buffer(s, &reply, 1);
2727 s->state = gdb_handle_packet(s, s->line_buf);
2736 /* Tell the remote gdb that the process has exited. */
2737 void gdb_exit(CPUArchState *env, int code)
2742 s = gdbserver_state;
2746 #ifdef CONFIG_USER_ONLY
2747 if (gdbserver_fd < 0 || s->fd < 0) {
2752 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
2755 #ifndef CONFIG_USER_ONLY
2757 qemu_chr_delete(s->chr);
2762 #ifdef CONFIG_USER_ONLY
2768 s = gdbserver_state;
2770 if (gdbserver_fd < 0 || s->fd < 0)
2777 gdb_handlesig (CPUArchState *env, int sig)
2783 s = gdbserver_state;
2784 if (gdbserver_fd < 0 || s->fd < 0)
2787 /* disable single step if it was enabled */
2788 cpu_single_step(env, 0);
2793 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb (sig));
2796 /* put_packet() might have detected that the peer terminated the
2803 s->running_state = 0;
2804 while (s->running_state == 0) {
2805 n = read (s->fd, buf, 256);
2810 for (i = 0; i < n; i++)
2811 gdb_read_byte (s, buf[i]);
2813 else if (n == 0 || errno != EAGAIN)
2815 /* XXX: Connection closed. Should probably wait for another
2816 connection before continuing. */
2825 /* Tell the remote gdb that the process has exited due to SIG. */
2826 void gdb_signalled(CPUArchState *env, int sig)
2831 s = gdbserver_state;
2832 if (gdbserver_fd < 0 || s->fd < 0)
2835 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb (sig));
2839 static void gdb_accept(void)
2842 struct sockaddr_in sockaddr;
2847 len = sizeof(sockaddr);
2848 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
2849 if (fd < 0 && errno != EINTR) {
2852 } else if (fd >= 0) {
2854 fcntl(fd, F_SETFD, FD_CLOEXEC);
2860 /* set short latency */
2861 socket_set_nodelay(fd);
2863 s = g_malloc0(sizeof(GDBState));
2864 s->c_cpu = first_cpu;
2865 s->g_cpu = first_cpu;
2869 gdbserver_state = s;
2871 fcntl(fd, F_SETFL, O_NONBLOCK);
2874 static int gdbserver_open(int port)
2876 struct sockaddr_in sockaddr;
2879 fd = socket(PF_INET, SOCK_STREAM, 0);
2885 fcntl(fd, F_SETFD, FD_CLOEXEC);
2888 /* allow fast reuse */
2890 setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)&val, sizeof(val));
2892 sockaddr.sin_family = AF_INET;
2893 sockaddr.sin_port = htons(port);
2894 sockaddr.sin_addr.s_addr = 0;
2895 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
2901 ret = listen(fd, 0);
2910 int gdbserver_start(int port)
2912 gdbserver_fd = gdbserver_open(port);
2913 if (gdbserver_fd < 0)
2915 /* accept connections */
2920 /* Disable gdb stub for child processes. */
2921 void gdbserver_fork(CPUArchState *env)
2923 GDBState *s = gdbserver_state;
2924 if (gdbserver_fd < 0 || s->fd < 0)
2928 cpu_breakpoint_remove_all(env, BP_GDB);
2929 cpu_watchpoint_remove_all(env, BP_GDB);
2932 static int gdb_chr_can_receive(void *opaque)
2934 /* We can handle an arbitrarily large amount of data.
2935 Pick the maximum packet size, which is as good as anything. */
2936 return MAX_PACKET_LENGTH;
2939 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
2943 for (i = 0; i < size; i++) {
2944 gdb_read_byte(gdbserver_state, buf[i]);
2948 static void gdb_chr_event(void *opaque, int event)
2951 case CHR_EVENT_OPENED:
2952 vm_stop(RUN_STATE_PAUSED);
2960 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
2962 char buf[MAX_PACKET_LENGTH];
2965 if (len > (MAX_PACKET_LENGTH/2) - 1)
2966 len = (MAX_PACKET_LENGTH/2) - 1;
2967 memtohex(buf + 1, (uint8_t *)msg, len);
2971 static int gdb_monitor_write(CharDriverState *chr, const uint8_t *buf, int len)
2973 const char *p = (const char *)buf;
2976 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
2978 if (len <= max_sz) {
2979 gdb_monitor_output(gdbserver_state, p, len);
2982 gdb_monitor_output(gdbserver_state, p, max_sz);
2990 static void gdb_sigterm_handler(int signal)
2992 if (runstate_is_running()) {
2993 vm_stop(RUN_STATE_PAUSED);
2998 int gdbserver_start(const char *device)
3001 char gdbstub_device_name[128];
3002 CharDriverState *chr = NULL;
3003 CharDriverState *mon_chr;
3007 if (strcmp(device, "none") != 0) {
3008 if (strstart(device, "tcp:", NULL)) {
3009 /* enforce required TCP attributes */
3010 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
3011 "%s,nowait,nodelay,server", device);
3012 device = gdbstub_device_name;
3015 else if (strcmp(device, "stdio") == 0) {
3016 struct sigaction act;
3018 memset(&act, 0, sizeof(act));
3019 act.sa_handler = gdb_sigterm_handler;
3020 sigaction(SIGINT, &act, NULL);
3023 chr = qemu_chr_new("gdb", device, NULL);
3027 qemu_chr_add_handlers(chr, gdb_chr_can_receive, gdb_chr_receive,
3028 gdb_chr_event, NULL);
3031 s = gdbserver_state;
3033 s = g_malloc0(sizeof(GDBState));
3034 gdbserver_state = s;
3036 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
3038 /* Initialize a monitor terminal for gdb */
3039 mon_chr = g_malloc0(sizeof(*mon_chr));
3040 mon_chr->chr_write = gdb_monitor_write;
3041 monitor_init(mon_chr, 0);
3044 qemu_chr_delete(s->chr);
3045 mon_chr = s->mon_chr;
3046 memset(s, 0, sizeof(GDBState));
3048 s->c_cpu = first_cpu;
3049 s->g_cpu = first_cpu;
3051 s->state = chr ? RS_IDLE : RS_INACTIVE;
3052 s->mon_chr = mon_chr;
3053 s->current_syscall_cb = NULL;
projects / qemu.git / blob