4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
20 #include "qemu-common.h"
21 #ifdef CONFIG_USER_ONLY
32 #include "monitor/monitor.h"
33 #include "sysemu/char.h"
34 #include "sysemu/sysemu.h"
35 #include "exec/gdbstub.h"
38 #define MAX_PACKET_LENGTH 4096
41 #include "qemu/sockets.h"
42 #include "sysemu/kvm.h"
43 #include "exec/semihost.h"
45 #ifdef CONFIG_USER_ONLY
46 #define GDB_ATTACHED "0"
48 #define GDB_ATTACHED "1"
51 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
52 uint8_t *buf, int len, bool is_write)
54 CPUClass *cc = CPU_GET_CLASS(cpu);
56 if (cc->memory_rw_debug) {
57 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
59 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
71 GDB_SIGNAL_UNKNOWN = 143
74 #ifdef CONFIG_USER_ONLY
76 /* Map target signal numbers to GDB protocol signal numbers and vice
77 * versa. For user emulation's currently supported systems, we can
78 * assume most signals are defined.
81 static int gdb_signal_table[] = {
241 /* In system mode we only need SIGINT and SIGTRAP; other signals
242 are not yet supported. */
249 static int gdb_signal_table[] = {
259 #ifdef CONFIG_USER_ONLY
260 static int target_signal_to_gdb (int sig)
263 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
264 if (gdb_signal_table[i] == sig)
266 return GDB_SIGNAL_UNKNOWN;
270 static int gdb_signal_to_target (int sig)
272 if (sig < ARRAY_SIZE (gdb_signal_table))
273 return gdb_signal_table[sig];
280 typedef struct GDBRegisterState {
286 struct GDBRegisterState *next;
296 typedef struct GDBState {
297 CPUState *c_cpu; /* current CPU for step/continue ops */
298 CPUState *g_cpu; /* current CPU for other ops */
299 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
300 enum RSState state; /* parsing state */
301 char line_buf[MAX_PACKET_LENGTH];
304 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
307 #ifdef CONFIG_USER_ONLY
311 CharDriverState *chr;
312 CharDriverState *mon_chr;
314 char syscall_buf[256];
315 gdb_syscall_complete_cb current_syscall_cb;
318 /* By default use no IRQs and no timers while single stepping so as to
319 * make single stepping like an ICE HW step.
321 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
323 static GDBState *gdbserver_state;
327 #ifdef CONFIG_USER_ONLY
328 /* XXX: This is not thread safe. Do we care? */
329 static int gdbserver_fd = -1;
331 static int get_char(GDBState *s)
337 ret = qemu_recv(s->fd, &ch, 1, 0);
339 if (errno == ECONNRESET)
341 if (errno != EINTR && errno != EAGAIN)
343 } else if (ret == 0) {
361 /* Decide if either remote gdb syscalls or native file IO should be used. */
362 int use_gdb_syscalls(void)
364 SemihostingTarget target = semihosting_get_target();
365 if (target == SEMIHOSTING_TARGET_NATIVE) {
366 /* -semihosting-config target=native */
368 } else if (target == SEMIHOSTING_TARGET_GDB) {
369 /* -semihosting-config target=gdb */
373 /* -semihosting-config target=auto */
374 /* On the first call check if gdb is connected and remember. */
375 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
376 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
379 return gdb_syscall_mode == GDB_SYS_ENABLED;
382 /* Resume execution. */
383 static inline void gdb_continue(GDBState *s)
385 #ifdef CONFIG_USER_ONLY
386 s->running_state = 1;
388 if (!runstate_needs_reset()) {
394 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
396 #ifdef CONFIG_USER_ONLY
400 ret = send(s->fd, buf, len, 0);
402 if (errno != EINTR && errno != EAGAIN)
410 qemu_chr_fe_write(s->chr, buf, len);
414 static inline int fromhex(int v)
416 if (v >= '0' && v <= '9')
418 else if (v >= 'A' && v <= 'F')
420 else if (v >= 'a' && v <= 'f')
426 static inline int tohex(int v)
434 static void memtohex(char *buf, const uint8_t *mem, int len)
439 for(i = 0; i < len; i++) {
441 *q++ = tohex(c >> 4);
442 *q++ = tohex(c & 0xf);
447 static void hextomem(uint8_t *mem, const char *buf, int len)
451 for(i = 0; i < len; i++) {
452 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
457 /* return -1 if error, 0 if OK */
458 static int put_packet_binary(GDBState *s, const char *buf, int len)
469 for(i = 0; i < len; i++) {
473 *(p++) = tohex((csum >> 4) & 0xf);
474 *(p++) = tohex((csum) & 0xf);
476 s->last_packet_len = p - s->last_packet;
477 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
479 #ifdef CONFIG_USER_ONLY
492 /* return -1 if error, 0 if OK */
493 static int put_packet(GDBState *s, const char *buf)
496 printf("reply='%s'\n", buf);
499 return put_packet_binary(s, buf, strlen(buf));
502 /* Encode data using the encoding for 'x' packets. */
503 static int memtox(char *buf, const char *mem, int len)
511 case '#': case '$': case '*': case '}':
523 static const char *get_feature_xml(const char *p, const char **newp,
529 static char target_xml[1024];
532 while (p[len] && p[len] != ':')
537 if (strncmp(p, "target.xml", len) == 0) {
538 /* Generate the XML description for this CPU. */
539 if (!target_xml[0]) {
541 CPUState *cpu = first_cpu;
543 pstrcat(target_xml, sizeof(target_xml),
544 "<?xml version=\"1.0\"?>"
545 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
547 if (cc->gdb_arch_name) {
548 gchar *arch = cc->gdb_arch_name(cpu);
549 pstrcat(target_xml, sizeof(target_xml), "<architecture>");
550 pstrcat(target_xml, sizeof(target_xml), arch);
551 pstrcat(target_xml, sizeof(target_xml), "</architecture>");
554 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
555 pstrcat(target_xml, sizeof(target_xml), cc->gdb_core_xml_file);
556 pstrcat(target_xml, sizeof(target_xml), "\"/>");
557 for (r = cpu->gdb_regs; r; r = r->next) {
558 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
559 pstrcat(target_xml, sizeof(target_xml), r->xml);
560 pstrcat(target_xml, sizeof(target_xml), "\"/>");
562 pstrcat(target_xml, sizeof(target_xml), "</target>");
567 name = xml_builtin[i][0];
568 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
571 return name ? xml_builtin[i][1] : NULL;
574 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
576 CPUClass *cc = CPU_GET_CLASS(cpu);
577 CPUArchState *env = cpu->env_ptr;
580 if (reg < cc->gdb_num_core_regs) {
581 return cc->gdb_read_register(cpu, mem_buf, reg);
584 for (r = cpu->gdb_regs; r; r = r->next) {
585 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
586 return r->get_reg(env, mem_buf, reg - r->base_reg);
592 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
594 CPUClass *cc = CPU_GET_CLASS(cpu);
595 CPUArchState *env = cpu->env_ptr;
598 if (reg < cc->gdb_num_core_regs) {
599 return cc->gdb_write_register(cpu, mem_buf, reg);
602 for (r = cpu->gdb_regs; r; r = r->next) {
603 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
604 return r->set_reg(env, mem_buf, reg - r->base_reg);
610 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
611 specifies the first register number and these registers are included in
612 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
613 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
616 void gdb_register_coprocessor(CPUState *cpu,
617 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
618 int num_regs, const char *xml, int g_pos)
621 GDBRegisterState **p;
625 /* Check for duplicates. */
626 if (strcmp((*p)->xml, xml) == 0)
631 s = g_new0(GDBRegisterState, 1);
632 s->base_reg = cpu->gdb_num_regs;
633 s->num_regs = num_regs;
634 s->get_reg = get_reg;
635 s->set_reg = set_reg;
638 /* Add to end of list. */
639 cpu->gdb_num_regs += num_regs;
642 if (g_pos != s->base_reg) {
643 fprintf(stderr, "Error: Bad gdb register numbering for '%s'\n"
644 "Expected %d got %d\n", xml, g_pos, s->base_reg);
646 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
651 #ifndef CONFIG_USER_ONLY
652 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
653 static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
655 static const int xlat[] = {
656 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
657 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
658 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
661 CPUClass *cc = CPU_GET_CLASS(cpu);
662 int cputype = xlat[gdbtype];
664 if (cc->gdb_stop_before_watchpoint) {
665 cputype |= BP_STOP_BEFORE_ACCESS;
671 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
677 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
681 case GDB_BREAKPOINT_SW:
682 case GDB_BREAKPOINT_HW:
684 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
690 #ifndef CONFIG_USER_ONLY
691 case GDB_WATCHPOINT_WRITE:
692 case GDB_WATCHPOINT_READ:
693 case GDB_WATCHPOINT_ACCESS:
695 err = cpu_watchpoint_insert(cpu, addr, len,
696 xlat_gdb_type(cpu, type), NULL);
708 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
714 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
718 case GDB_BREAKPOINT_SW:
719 case GDB_BREAKPOINT_HW:
721 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
727 #ifndef CONFIG_USER_ONLY
728 case GDB_WATCHPOINT_WRITE:
729 case GDB_WATCHPOINT_READ:
730 case GDB_WATCHPOINT_ACCESS:
732 err = cpu_watchpoint_remove(cpu, addr, len,
733 xlat_gdb_type(cpu, type));
744 static void gdb_breakpoint_remove_all(void)
749 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
754 cpu_breakpoint_remove_all(cpu, BP_GDB);
755 #ifndef CONFIG_USER_ONLY
756 cpu_watchpoint_remove_all(cpu, BP_GDB);
761 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
763 CPUState *cpu = s->c_cpu;
765 cpu_synchronize_state(cpu);
769 static CPUState *find_cpu(uint32_t thread_id)
774 if (cpu_index(cpu) == thread_id) {
782 static int is_query_packet(const char *p, const char *query, char separator)
784 unsigned int query_len = strlen(query);
786 return strncmp(p, query, query_len) == 0 &&
787 (p[query_len] == '\0' || p[query_len] == separator);
790 static int gdb_handle_packet(GDBState *s, const char *line_buf)
796 int ch, reg_size, type, res;
797 char buf[MAX_PACKET_LENGTH];
798 uint8_t mem_buf[MAX_PACKET_LENGTH];
800 target_ulong addr, len;
803 printf("command='%s'\n", line_buf);
809 /* TODO: Make this return the correct value for user-mode. */
810 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
811 cpu_index(s->c_cpu));
813 /* Remove all the breakpoints when this query is issued,
814 * because gdb is doing and initial connect and the state
815 * should be cleaned up.
817 gdb_breakpoint_remove_all();
821 addr = strtoull(p, (char **)&p, 16);
822 gdb_set_cpu_pc(s, addr);
828 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
834 if (strncmp(p, "Cont", 4) == 0) {
835 int res_signal, res_thread;
839 put_packet(s, "vCont;c;C;s;S");
854 if (action == 'C' || action == 'S') {
855 signal = gdb_signal_to_target(strtoul(p, (char **)&p, 16));
859 } else if (action != 'c' && action != 's') {
865 thread = strtoull(p+1, (char **)&p, 16);
867 action = tolower(action);
868 if (res == 0 || (res == 'c' && action == 's')) {
875 if (res_thread != -1 && res_thread != 0) {
876 cpu = find_cpu(res_thread);
878 put_packet(s, "E22");
884 cpu_single_step(s->c_cpu, sstep_flags);
886 s->signal = res_signal;
892 goto unknown_command;
895 /* Kill the target */
896 fprintf(stderr, "\nQEMU: Terminated via GDBstub\n");
900 gdb_breakpoint_remove_all();
901 gdb_syscall_mode = GDB_SYS_DISABLED;
907 addr = strtoull(p, (char **)&p, 16);
908 gdb_set_cpu_pc(s, addr);
910 cpu_single_step(s->c_cpu, sstep_flags);
918 ret = strtoull(p, (char **)&p, 16);
921 err = strtoull(p, (char **)&p, 16);
928 if (s->current_syscall_cb) {
929 s->current_syscall_cb(s->c_cpu, ret, err);
930 s->current_syscall_cb = NULL;
933 put_packet(s, "T02");
940 cpu_synchronize_state(s->g_cpu);
942 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs; addr++) {
943 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
946 memtohex(buf, mem_buf, len);
950 cpu_synchronize_state(s->g_cpu);
953 hextomem((uint8_t *)registers, p, len);
954 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs && len > 0; addr++) {
955 reg_size = gdb_write_register(s->g_cpu, registers, addr);
957 registers += reg_size;
962 addr = strtoull(p, (char **)&p, 16);
965 len = strtoull(p, NULL, 16);
967 /* memtohex() doubles the required space */
968 if (len > MAX_PACKET_LENGTH / 2) {
969 put_packet (s, "E22");
973 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
974 put_packet (s, "E14");
976 memtohex(buf, mem_buf, len);
981 addr = strtoull(p, (char **)&p, 16);
984 len = strtoull(p, (char **)&p, 16);
988 /* hextomem() reads 2*len bytes */
989 if (len > strlen(p) / 2) {
990 put_packet (s, "E22");
993 hextomem(mem_buf, p, len);
994 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
996 put_packet(s, "E14");
1002 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1003 This works, but can be very slow. Anything new enough to
1004 understand XML also knows how to use this properly. */
1006 goto unknown_command;
1007 addr = strtoull(p, (char **)&p, 16);
1008 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1010 memtohex(buf, mem_buf, reg_size);
1013 put_packet(s, "E14");
1018 goto unknown_command;
1019 addr = strtoull(p, (char **)&p, 16);
1022 reg_size = strlen(p) / 2;
1023 hextomem(mem_buf, p, reg_size);
1024 gdb_write_register(s->g_cpu, mem_buf, addr);
1025 put_packet(s, "OK");
1029 type = strtoul(p, (char **)&p, 16);
1032 addr = strtoull(p, (char **)&p, 16);
1035 len = strtoull(p, (char **)&p, 16);
1037 res = gdb_breakpoint_insert(addr, len, type);
1039 res = gdb_breakpoint_remove(addr, len, type);
1041 put_packet(s, "OK");
1042 else if (res == -ENOSYS)
1045 put_packet(s, "E22");
1049 thread = strtoull(p, (char **)&p, 16);
1050 if (thread == -1 || thread == 0) {
1051 put_packet(s, "OK");
1054 cpu = find_cpu(thread);
1056 put_packet(s, "E22");
1062 put_packet(s, "OK");
1066 put_packet(s, "OK");
1069 put_packet(s, "E22");
1074 thread = strtoull(p, (char **)&p, 16);
1075 cpu = find_cpu(thread);
1078 put_packet(s, "OK");
1080 put_packet(s, "E22");
1085 /* parse any 'q' packets here */
1086 if (!strcmp(p,"qemu.sstepbits")) {
1087 /* Query Breakpoint bit definitions */
1088 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1094 } else if (is_query_packet(p, "qemu.sstep", '=')) {
1095 /* Display or change the sstep_flags */
1098 /* Display current setting */
1099 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1104 type = strtoul(p, (char **)&p, 16);
1106 put_packet(s, "OK");
1108 } else if (strcmp(p,"C") == 0) {
1109 /* "Current thread" remains vague in the spec, so always return
1110 * the first CPU (gdb returns the first thread). */
1111 put_packet(s, "QC1");
1113 } else if (strcmp(p,"fThreadInfo") == 0) {
1114 s->query_cpu = first_cpu;
1115 goto report_cpuinfo;
1116 } else if (strcmp(p,"sThreadInfo") == 0) {
1119 snprintf(buf, sizeof(buf), "m%x", cpu_index(s->query_cpu));
1121 s->query_cpu = CPU_NEXT(s->query_cpu);
1125 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1126 thread = strtoull(p+16, (char **)&p, 16);
1127 cpu = find_cpu(thread);
1129 cpu_synchronize_state(cpu);
1130 /* memtohex() doubles the required space */
1131 len = snprintf((char *)mem_buf, sizeof(buf) / 2,
1132 "CPU#%d [%s]", cpu->cpu_index,
1133 cpu->halted ? "halted " : "running");
1134 memtohex(buf, mem_buf, len);
1139 #ifdef CONFIG_USER_ONLY
1140 else if (strcmp(p, "Offsets") == 0) {
1141 TaskState *ts = s->c_cpu->opaque;
1143 snprintf(buf, sizeof(buf),
1144 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1145 ";Bss=" TARGET_ABI_FMT_lx,
1146 ts->info->code_offset,
1147 ts->info->data_offset,
1148 ts->info->data_offset);
1152 #else /* !CONFIG_USER_ONLY */
1153 else if (strncmp(p, "Rcmd,", 5) == 0) {
1154 int len = strlen(p + 5);
1156 if ((len % 2) != 0) {
1157 put_packet(s, "E01");
1161 hextomem(mem_buf, p + 5, len);
1163 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1164 put_packet(s, "OK");
1167 #endif /* !CONFIG_USER_ONLY */
1168 if (is_query_packet(p, "Supported", ':')) {
1169 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1170 cc = CPU_GET_CLASS(first_cpu);
1171 if (cc->gdb_core_xml_file != NULL) {
1172 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1177 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1179 target_ulong total_len;
1181 cc = CPU_GET_CLASS(first_cpu);
1182 if (cc->gdb_core_xml_file == NULL) {
1183 goto unknown_command;
1188 xml = get_feature_xml(p, &p, cc);
1190 snprintf(buf, sizeof(buf), "E00");
1197 addr = strtoul(p, (char **)&p, 16);
1200 len = strtoul(p, (char **)&p, 16);
1202 total_len = strlen(xml);
1203 if (addr > total_len) {
1204 snprintf(buf, sizeof(buf), "E00");
1208 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1209 len = (MAX_PACKET_LENGTH - 5) / 2;
1210 if (len < total_len - addr) {
1212 len = memtox(buf + 1, xml + addr, len);
1215 len = memtox(buf + 1, xml + addr, total_len - addr);
1217 put_packet_binary(s, buf, len + 1);
1220 if (is_query_packet(p, "Attached", ':')) {
1221 put_packet(s, GDB_ATTACHED);
1224 /* Unrecognised 'q' command. */
1225 goto unknown_command;
1229 /* put empty packet */
1237 void gdb_set_stop_cpu(CPUState *cpu)
1239 gdbserver_state->c_cpu = cpu;
1240 gdbserver_state->g_cpu = cpu;
1243 #ifndef CONFIG_USER_ONLY
1244 static void gdb_vm_state_change(void *opaque, int running, RunState state)
1246 GDBState *s = gdbserver_state;
1247 CPUState *cpu = s->c_cpu;
1252 if (running || s->state == RS_INACTIVE) {
1255 /* Is there a GDB syscall waiting to be sent? */
1256 if (s->current_syscall_cb) {
1257 put_packet(s, s->syscall_buf);
1261 case RUN_STATE_DEBUG:
1262 if (cpu->watchpoint_hit) {
1263 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
1274 snprintf(buf, sizeof(buf),
1275 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
1276 GDB_SIGNAL_TRAP, cpu_index(cpu), type,
1277 (target_ulong)cpu->watchpoint_hit->vaddr);
1278 cpu->watchpoint_hit = NULL;
1282 ret = GDB_SIGNAL_TRAP;
1284 case RUN_STATE_PAUSED:
1285 ret = GDB_SIGNAL_INT;
1287 case RUN_STATE_SHUTDOWN:
1288 ret = GDB_SIGNAL_QUIT;
1290 case RUN_STATE_IO_ERROR:
1291 ret = GDB_SIGNAL_IO;
1293 case RUN_STATE_WATCHDOG:
1294 ret = GDB_SIGNAL_ALRM;
1296 case RUN_STATE_INTERNAL_ERROR:
1297 ret = GDB_SIGNAL_ABRT;
1299 case RUN_STATE_SAVE_VM:
1300 case RUN_STATE_RESTORE_VM:
1302 case RUN_STATE_FINISH_MIGRATE:
1303 ret = GDB_SIGNAL_XCPU;
1306 ret = GDB_SIGNAL_UNKNOWN;
1309 gdb_set_stop_cpu(cpu);
1310 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_index(cpu));
1315 /* disable single step if it was enabled */
1316 cpu_single_step(cpu, 0);
1320 /* Send a gdb syscall request.
1321 This accepts limited printf-style format specifiers, specifically:
1322 %x - target_ulong argument printed in hex.
1323 %lx - 64-bit argument printed in hex.
1324 %s - string pointer (target_ulong) and length (int) pair. */
1325 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
1333 s = gdbserver_state;
1336 s->current_syscall_cb = cb;
1337 #ifndef CONFIG_USER_ONLY
1338 vm_stop(RUN_STATE_DEBUG);
1341 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
1348 addr = va_arg(va, target_ulong);
1349 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
1352 if (*(fmt++) != 'x')
1354 i64 = va_arg(va, uint64_t);
1355 p += snprintf(p, p_end - p, "%" PRIx64, i64);
1358 addr = va_arg(va, target_ulong);
1359 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
1360 addr, va_arg(va, int));
1364 fprintf(stderr, "gdbstub: Bad syscall format string '%s'\n",
1373 #ifdef CONFIG_USER_ONLY
1374 put_packet(s, s->syscall_buf);
1375 gdb_handlesig(s->c_cpu, 0);
1377 /* In this case wait to send the syscall packet until notification that
1378 the CPU has stopped. This must be done because if the packet is sent
1379 now the reply from the syscall request could be received while the CPU
1380 is still in the running state, which can cause packets to be dropped
1381 and state transition 'T' packets to be sent while the syscall is still
1383 qemu_cpu_kick(s->c_cpu);
1387 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1392 gdb_do_syscallv(cb, fmt, va);
1396 static void gdb_read_byte(GDBState *s, int ch)
1401 #ifndef CONFIG_USER_ONLY
1402 if (s->last_packet_len) {
1403 /* Waiting for a response to the last packet. If we see the start
1404 of a new command then abandon the previous response. */
1407 printf("Got NACK, retransmitting\n");
1409 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
1413 printf("Got ACK\n");
1415 printf("Got '%c' when expecting ACK/NACK\n", ch);
1417 if (ch == '+' || ch == '$')
1418 s->last_packet_len = 0;
1422 if (runstate_is_running()) {
1423 /* when the CPU is running, we cannot do anything except stop
1424 it when receiving a char */
1425 vm_stop(RUN_STATE_PAUSED);
1432 s->line_buf_index = 0;
1433 s->state = RS_GETLINE;
1438 s->state = RS_CHKSUM1;
1439 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1442 s->line_buf[s->line_buf_index++] = ch;
1446 s->line_buf[s->line_buf_index] = '\0';
1447 s->line_csum = fromhex(ch) << 4;
1448 s->state = RS_CHKSUM2;
1451 s->line_csum |= fromhex(ch);
1453 for(i = 0; i < s->line_buf_index; i++) {
1454 csum += s->line_buf[i];
1456 if (s->line_csum != (csum & 0xff)) {
1458 put_buffer(s, &reply, 1);
1462 put_buffer(s, &reply, 1);
1463 s->state = gdb_handle_packet(s, s->line_buf);
1472 /* Tell the remote gdb that the process has exited. */
1473 void gdb_exit(CPUArchState *env, int code)
1478 s = gdbserver_state;
1482 #ifdef CONFIG_USER_ONLY
1483 if (gdbserver_fd < 0 || s->fd < 0) {
1492 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
1495 #ifndef CONFIG_USER_ONLY
1496 qemu_chr_delete(s->chr);
1500 #ifdef CONFIG_USER_ONLY
1506 s = gdbserver_state;
1508 if (gdbserver_fd < 0 || s->fd < 0)
1515 gdb_handlesig(CPUState *cpu, int sig)
1521 s = gdbserver_state;
1522 if (gdbserver_fd < 0 || s->fd < 0) {
1526 /* disable single step if it was enabled */
1527 cpu_single_step(cpu, 0);
1531 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
1534 /* put_packet() might have detected that the peer terminated the
1542 s->running_state = 0;
1543 while (s->running_state == 0) {
1544 n = read(s->fd, buf, 256);
1548 for (i = 0; i < n; i++) {
1549 gdb_read_byte(s, buf[i]);
1551 } else if (n == 0 || errno != EAGAIN) {
1552 /* XXX: Connection closed. Should probably wait for another
1553 connection before continuing. */
1562 /* Tell the remote gdb that the process has exited due to SIG. */
1563 void gdb_signalled(CPUArchState *env, int sig)
1568 s = gdbserver_state;
1569 if (gdbserver_fd < 0 || s->fd < 0) {
1573 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
1577 static void gdb_accept(void)
1580 struct sockaddr_in sockaddr;
1585 len = sizeof(sockaddr);
1586 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
1587 if (fd < 0 && errno != EINTR) {
1590 } else if (fd >= 0) {
1592 fcntl(fd, F_SETFD, FD_CLOEXEC);
1598 /* set short latency */
1599 socket_set_nodelay(fd);
1601 s = g_malloc0(sizeof(GDBState));
1602 s->c_cpu = first_cpu;
1603 s->g_cpu = first_cpu;
1605 gdb_has_xml = false;
1607 gdbserver_state = s;
1609 fcntl(fd, F_SETFL, O_NONBLOCK);
1612 static int gdbserver_open(int port)
1614 struct sockaddr_in sockaddr;
1617 fd = socket(PF_INET, SOCK_STREAM, 0);
1623 fcntl(fd, F_SETFD, FD_CLOEXEC);
1626 socket_set_fast_reuse(fd);
1628 sockaddr.sin_family = AF_INET;
1629 sockaddr.sin_port = htons(port);
1630 sockaddr.sin_addr.s_addr = 0;
1631 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
1637 ret = listen(fd, 0);
1646 int gdbserver_start(int port)
1648 gdbserver_fd = gdbserver_open(port);
1649 if (gdbserver_fd < 0)
1651 /* accept connections */
1656 /* Disable gdb stub for child processes. */
1657 void gdbserver_fork(CPUState *cpu)
1659 GDBState *s = gdbserver_state;
1661 if (gdbserver_fd < 0 || s->fd < 0) {
1666 cpu_breakpoint_remove_all(cpu, BP_GDB);
1667 cpu_watchpoint_remove_all(cpu, BP_GDB);
1670 static int gdb_chr_can_receive(void *opaque)
1672 /* We can handle an arbitrarily large amount of data.
1673 Pick the maximum packet size, which is as good as anything. */
1674 return MAX_PACKET_LENGTH;
1677 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
1681 for (i = 0; i < size; i++) {
1682 gdb_read_byte(gdbserver_state, buf[i]);
1686 static void gdb_chr_event(void *opaque, int event)
1689 case CHR_EVENT_OPENED:
1690 vm_stop(RUN_STATE_PAUSED);
1691 gdb_has_xml = false;
1698 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
1700 char buf[MAX_PACKET_LENGTH];
1703 if (len > (MAX_PACKET_LENGTH/2) - 1)
1704 len = (MAX_PACKET_LENGTH/2) - 1;
1705 memtohex(buf + 1, (uint8_t *)msg, len);
1709 static int gdb_monitor_write(CharDriverState *chr, const uint8_t *buf, int len)
1711 const char *p = (const char *)buf;
1714 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
1716 if (len <= max_sz) {
1717 gdb_monitor_output(gdbserver_state, p, len);
1720 gdb_monitor_output(gdbserver_state, p, max_sz);
1728 static void gdb_sigterm_handler(int signal)
1730 if (runstate_is_running()) {
1731 vm_stop(RUN_STATE_PAUSED);
1736 int gdbserver_start(const char *device)
1739 char gdbstub_device_name[128];
1740 CharDriverState *chr = NULL;
1741 CharDriverState *mon_chr;
1742 ChardevCommon common = { 0 };
1746 if (strcmp(device, "none") != 0) {
1747 if (strstart(device, "tcp:", NULL)) {
1748 /* enforce required TCP attributes */
1749 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
1750 "%s,nowait,nodelay,server", device);
1751 device = gdbstub_device_name;
1754 else if (strcmp(device, "stdio") == 0) {
1755 struct sigaction act;
1757 memset(&act, 0, sizeof(act));
1758 act.sa_handler = gdb_sigterm_handler;
1759 sigaction(SIGINT, &act, NULL);
1762 chr = qemu_chr_new("gdb", device, NULL);
1766 qemu_chr_fe_claim_no_fail(chr);
1767 qemu_chr_add_handlers(chr, gdb_chr_can_receive, gdb_chr_receive,
1768 gdb_chr_event, NULL);
1771 s = gdbserver_state;
1773 s = g_malloc0(sizeof(GDBState));
1774 gdbserver_state = s;
1776 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
1778 /* Initialize a monitor terminal for gdb */
1779 mon_chr = qemu_chr_alloc(&common, &error_abort);
1780 mon_chr->chr_write = gdb_monitor_write;
1781 monitor_init(mon_chr, 0);
1784 qemu_chr_delete(s->chr);
1785 mon_chr = s->mon_chr;
1786 memset(s, 0, sizeof(GDBState));
1788 s->c_cpu = first_cpu;
1789 s->g_cpu = first_cpu;
1791 s->state = chr ? RS_IDLE : RS_INACTIVE;
1792 s->mon_chr = mon_chr;
1793 s->current_syscall_cb = NULL;
projects / qemu.git / blob