4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #include "qemu/error-report.h"
22 #include "qemu/cutils.h"
24 #ifdef CONFIG_USER_ONLY
27 #include "monitor/monitor.h"
28 #include "sysemu/char.h"
29 #include "sysemu/sysemu.h"
30 #include "exec/gdbstub.h"
33 #define MAX_PACKET_LENGTH 4096
35 #include "qemu/sockets.h"
36 #include "sysemu/hw_accel.h"
37 #include "sysemu/kvm.h"
38 #include "exec/semihost.h"
39 #include "exec/exec-all.h"
41 #ifdef CONFIG_USER_ONLY
42 #define GDB_ATTACHED "0"
44 #define GDB_ATTACHED "1"
47 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
48 uint8_t *buf, int len, bool is_write)
50 CPUClass *cc = CPU_GET_CLASS(cpu);
52 if (cc->memory_rw_debug) {
53 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
55 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
67 GDB_SIGNAL_UNKNOWN = 143
70 #ifdef CONFIG_USER_ONLY
72 /* Map target signal numbers to GDB protocol signal numbers and vice
73 * versa. For user emulation's currently supported systems, we can
74 * assume most signals are defined.
77 static int gdb_signal_table[] = {
237 /* In system mode we only need SIGINT and SIGTRAP; other signals
238 are not yet supported. */
245 static int gdb_signal_table[] = {
255 #ifdef CONFIG_USER_ONLY
256 static int target_signal_to_gdb (int sig)
259 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
260 if (gdb_signal_table[i] == sig)
262 return GDB_SIGNAL_UNKNOWN;
266 static int gdb_signal_to_target (int sig)
268 if (sig < ARRAY_SIZE (gdb_signal_table))
269 return gdb_signal_table[sig];
276 typedef struct GDBRegisterState {
282 struct GDBRegisterState *next;
292 typedef struct GDBState {
293 CPUState *c_cpu; /* current CPU for step/continue ops */
294 CPUState *g_cpu; /* current CPU for other ops */
295 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
296 enum RSState state; /* parsing state */
297 char line_buf[MAX_PACKET_LENGTH];
300 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
303 #ifdef CONFIG_USER_ONLY
308 CharDriverState *mon_chr;
310 char syscall_buf[256];
311 gdb_syscall_complete_cb current_syscall_cb;
314 /* By default use no IRQs and no timers while single stepping so as to
315 * make single stepping like an ICE HW step.
317 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
319 static GDBState *gdbserver_state;
323 #ifdef CONFIG_USER_ONLY
324 /* XXX: This is not thread safe. Do we care? */
325 static int gdbserver_fd = -1;
327 static int get_char(GDBState *s)
333 ret = qemu_recv(s->fd, &ch, 1, 0);
335 if (errno == ECONNRESET)
339 } else if (ret == 0) {
357 /* Decide if either remote gdb syscalls or native file IO should be used. */
358 int use_gdb_syscalls(void)
360 SemihostingTarget target = semihosting_get_target();
361 if (target == SEMIHOSTING_TARGET_NATIVE) {
362 /* -semihosting-config target=native */
364 } else if (target == SEMIHOSTING_TARGET_GDB) {
365 /* -semihosting-config target=gdb */
369 /* -semihosting-config target=auto */
370 /* On the first call check if gdb is connected and remember. */
371 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
372 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
375 return gdb_syscall_mode == GDB_SYS_ENABLED;
378 /* Resume execution. */
379 static inline void gdb_continue(GDBState *s)
381 #ifdef CONFIG_USER_ONLY
382 s->running_state = 1;
384 if (!runstate_needs_reset()) {
390 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
392 #ifdef CONFIG_USER_ONLY
396 ret = send(s->fd, buf, len, 0);
406 /* XXX this blocks entire thread. Rewrite to use
407 * qemu_chr_fe_write and background I/O callbacks */
408 qemu_chr_fe_write_all(&s->chr, buf, len);
412 static inline int fromhex(int v)
414 if (v >= '0' && v <= '9')
416 else if (v >= 'A' && v <= 'F')
418 else if (v >= 'a' && v <= 'f')
424 static inline int tohex(int v)
432 static void memtohex(char *buf, const uint8_t *mem, int len)
437 for(i = 0; i < len; i++) {
439 *q++ = tohex(c >> 4);
440 *q++ = tohex(c & 0xf);
445 static void hextomem(uint8_t *mem, const char *buf, int len)
449 for(i = 0; i < len; i++) {
450 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
455 /* return -1 if error, 0 if OK */
456 static int put_packet_binary(GDBState *s, const char *buf, int len)
467 for(i = 0; i < len; i++) {
471 *(p++) = tohex((csum >> 4) & 0xf);
472 *(p++) = tohex((csum) & 0xf);
474 s->last_packet_len = p - s->last_packet;
475 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
477 #ifdef CONFIG_USER_ONLY
490 /* return -1 if error, 0 if OK */
491 static int put_packet(GDBState *s, const char *buf)
494 printf("reply='%s'\n", buf);
497 return put_packet_binary(s, buf, strlen(buf));
500 /* Encode data using the encoding for 'x' packets. */
501 static int memtox(char *buf, const char *mem, int len)
509 case '#': case '$': case '*': case '}':
521 static const char *get_feature_xml(const char *p, const char **newp,
527 static char target_xml[1024];
530 while (p[len] && p[len] != ':')
535 if (strncmp(p, "target.xml", len) == 0) {
536 /* Generate the XML description for this CPU. */
537 if (!target_xml[0]) {
539 CPUState *cpu = first_cpu;
541 pstrcat(target_xml, sizeof(target_xml),
542 "<?xml version=\"1.0\"?>"
543 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
545 if (cc->gdb_arch_name) {
546 gchar *arch = cc->gdb_arch_name(cpu);
547 pstrcat(target_xml, sizeof(target_xml), "<architecture>");
548 pstrcat(target_xml, sizeof(target_xml), arch);
549 pstrcat(target_xml, sizeof(target_xml), "</architecture>");
552 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
553 pstrcat(target_xml, sizeof(target_xml), cc->gdb_core_xml_file);
554 pstrcat(target_xml, sizeof(target_xml), "\"/>");
555 for (r = cpu->gdb_regs; r; r = r->next) {
556 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
557 pstrcat(target_xml, sizeof(target_xml), r->xml);
558 pstrcat(target_xml, sizeof(target_xml), "\"/>");
560 pstrcat(target_xml, sizeof(target_xml), "</target>");
565 name = xml_builtin[i][0];
566 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
569 return name ? xml_builtin[i][1] : NULL;
572 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
574 CPUClass *cc = CPU_GET_CLASS(cpu);
575 CPUArchState *env = cpu->env_ptr;
578 if (reg < cc->gdb_num_core_regs) {
579 return cc->gdb_read_register(cpu, mem_buf, reg);
582 for (r = cpu->gdb_regs; r; r = r->next) {
583 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
584 return r->get_reg(env, mem_buf, reg - r->base_reg);
590 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
592 CPUClass *cc = CPU_GET_CLASS(cpu);
593 CPUArchState *env = cpu->env_ptr;
596 if (reg < cc->gdb_num_core_regs) {
597 return cc->gdb_write_register(cpu, mem_buf, reg);
600 for (r = cpu->gdb_regs; r; r = r->next) {
601 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
602 return r->set_reg(env, mem_buf, reg - r->base_reg);
608 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
609 specifies the first register number and these registers are included in
610 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
611 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
614 void gdb_register_coprocessor(CPUState *cpu,
615 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
616 int num_regs, const char *xml, int g_pos)
619 GDBRegisterState **p;
623 /* Check for duplicates. */
624 if (strcmp((*p)->xml, xml) == 0)
629 s = g_new0(GDBRegisterState, 1);
630 s->base_reg = cpu->gdb_num_regs;
631 s->num_regs = num_regs;
632 s->get_reg = get_reg;
633 s->set_reg = set_reg;
636 /* Add to end of list. */
637 cpu->gdb_num_regs += num_regs;
640 if (g_pos != s->base_reg) {
641 error_report("Error: Bad gdb register numbering for '%s', "
642 "expected %d got %d", xml, g_pos, s->base_reg);
644 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
649 #ifndef CONFIG_USER_ONLY
650 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
651 static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
653 static const int xlat[] = {
654 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
655 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
656 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
659 CPUClass *cc = CPU_GET_CLASS(cpu);
660 int cputype = xlat[gdbtype];
662 if (cc->gdb_stop_before_watchpoint) {
663 cputype |= BP_STOP_BEFORE_ACCESS;
669 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
675 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
679 case GDB_BREAKPOINT_SW:
680 case GDB_BREAKPOINT_HW:
682 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
688 #ifndef CONFIG_USER_ONLY
689 case GDB_WATCHPOINT_WRITE:
690 case GDB_WATCHPOINT_READ:
691 case GDB_WATCHPOINT_ACCESS:
693 err = cpu_watchpoint_insert(cpu, addr, len,
694 xlat_gdb_type(cpu, type), NULL);
706 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
712 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
716 case GDB_BREAKPOINT_SW:
717 case GDB_BREAKPOINT_HW:
719 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
725 #ifndef CONFIG_USER_ONLY
726 case GDB_WATCHPOINT_WRITE:
727 case GDB_WATCHPOINT_READ:
728 case GDB_WATCHPOINT_ACCESS:
730 err = cpu_watchpoint_remove(cpu, addr, len,
731 xlat_gdb_type(cpu, type));
742 static void gdb_breakpoint_remove_all(void)
747 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
752 cpu_breakpoint_remove_all(cpu, BP_GDB);
753 #ifndef CONFIG_USER_ONLY
754 cpu_watchpoint_remove_all(cpu, BP_GDB);
759 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
761 CPUState *cpu = s->c_cpu;
763 cpu_synchronize_state(cpu);
767 static CPUState *find_cpu(uint32_t thread_id)
772 if (cpu_index(cpu) == thread_id) {
780 static int is_query_packet(const char *p, const char *query, char separator)
782 unsigned int query_len = strlen(query);
784 return strncmp(p, query, query_len) == 0 &&
785 (p[query_len] == '\0' || p[query_len] == separator);
788 static int gdb_handle_packet(GDBState *s, const char *line_buf)
794 int ch, reg_size, type, res;
795 char buf[MAX_PACKET_LENGTH];
796 uint8_t mem_buf[MAX_PACKET_LENGTH];
798 target_ulong addr, len;
801 printf("command='%s'\n", line_buf);
807 /* TODO: Make this return the correct value for user-mode. */
808 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
809 cpu_index(s->c_cpu));
811 /* Remove all the breakpoints when this query is issued,
812 * because gdb is doing and initial connect and the state
813 * should be cleaned up.
815 gdb_breakpoint_remove_all();
819 addr = strtoull(p, (char **)&p, 16);
820 gdb_set_cpu_pc(s, addr);
826 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
832 if (strncmp(p, "Cont", 4) == 0) {
833 int res_signal, res_thread;
837 put_packet(s, "vCont;c;C;s;S");
852 if (action == 'C' || action == 'S') {
853 signal = gdb_signal_to_target(strtoul(p, (char **)&p, 16));
857 } else if (action != 'c' && action != 's') {
863 thread = strtoull(p+1, (char **)&p, 16);
865 action = tolower(action);
866 if (res == 0 || (res == 'c' && action == 's')) {
873 if (res_thread != -1 && res_thread != 0) {
874 cpu = find_cpu(res_thread);
876 put_packet(s, "E22");
882 cpu_single_step(s->c_cpu, sstep_flags);
884 s->signal = res_signal;
890 goto unknown_command;
893 /* Kill the target */
894 error_report("QEMU: Terminated via GDBstub");
898 gdb_breakpoint_remove_all();
899 gdb_syscall_mode = GDB_SYS_DISABLED;
905 addr = strtoull(p, (char **)&p, 16);
906 gdb_set_cpu_pc(s, addr);
908 cpu_single_step(s->c_cpu, sstep_flags);
916 ret = strtoull(p, (char **)&p, 16);
919 err = strtoull(p, (char **)&p, 16);
926 if (s->current_syscall_cb) {
927 s->current_syscall_cb(s->c_cpu, ret, err);
928 s->current_syscall_cb = NULL;
931 put_packet(s, "T02");
938 cpu_synchronize_state(s->g_cpu);
940 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs; addr++) {
941 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
944 memtohex(buf, mem_buf, len);
948 cpu_synchronize_state(s->g_cpu);
951 hextomem((uint8_t *)registers, p, len);
952 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs && len > 0; addr++) {
953 reg_size = gdb_write_register(s->g_cpu, registers, addr);
955 registers += reg_size;
960 addr = strtoull(p, (char **)&p, 16);
963 len = strtoull(p, NULL, 16);
965 /* memtohex() doubles the required space */
966 if (len > MAX_PACKET_LENGTH / 2) {
967 put_packet (s, "E22");
971 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
972 put_packet (s, "E14");
974 memtohex(buf, mem_buf, len);
979 addr = strtoull(p, (char **)&p, 16);
982 len = strtoull(p, (char **)&p, 16);
986 /* hextomem() reads 2*len bytes */
987 if (len > strlen(p) / 2) {
988 put_packet (s, "E22");
991 hextomem(mem_buf, p, len);
992 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
994 put_packet(s, "E14");
1000 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1001 This works, but can be very slow. Anything new enough to
1002 understand XML also knows how to use this properly. */
1004 goto unknown_command;
1005 addr = strtoull(p, (char **)&p, 16);
1006 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1008 memtohex(buf, mem_buf, reg_size);
1011 put_packet(s, "E14");
1016 goto unknown_command;
1017 addr = strtoull(p, (char **)&p, 16);
1020 reg_size = strlen(p) / 2;
1021 hextomem(mem_buf, p, reg_size);
1022 gdb_write_register(s->g_cpu, mem_buf, addr);
1023 put_packet(s, "OK");
1027 type = strtoul(p, (char **)&p, 16);
1030 addr = strtoull(p, (char **)&p, 16);
1033 len = strtoull(p, (char **)&p, 16);
1035 res = gdb_breakpoint_insert(addr, len, type);
1037 res = gdb_breakpoint_remove(addr, len, type);
1039 put_packet(s, "OK");
1040 else if (res == -ENOSYS)
1043 put_packet(s, "E22");
1047 thread = strtoull(p, (char **)&p, 16);
1048 if (thread == -1 || thread == 0) {
1049 put_packet(s, "OK");
1052 cpu = find_cpu(thread);
1054 put_packet(s, "E22");
1060 put_packet(s, "OK");
1064 put_packet(s, "OK");
1067 put_packet(s, "E22");
1072 thread = strtoull(p, (char **)&p, 16);
1073 cpu = find_cpu(thread);
1076 put_packet(s, "OK");
1078 put_packet(s, "E22");
1083 /* parse any 'q' packets here */
1084 if (!strcmp(p,"qemu.sstepbits")) {
1085 /* Query Breakpoint bit definitions */
1086 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1092 } else if (is_query_packet(p, "qemu.sstep", '=')) {
1093 /* Display or change the sstep_flags */
1096 /* Display current setting */
1097 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1102 type = strtoul(p, (char **)&p, 16);
1104 put_packet(s, "OK");
1106 } else if (strcmp(p,"C") == 0) {
1107 /* "Current thread" remains vague in the spec, so always return
1108 * the first CPU (gdb returns the first thread). */
1109 put_packet(s, "QC1");
1111 } else if (strcmp(p,"fThreadInfo") == 0) {
1112 s->query_cpu = first_cpu;
1113 goto report_cpuinfo;
1114 } else if (strcmp(p,"sThreadInfo") == 0) {
1117 snprintf(buf, sizeof(buf), "m%x", cpu_index(s->query_cpu));
1119 s->query_cpu = CPU_NEXT(s->query_cpu);
1123 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1124 thread = strtoull(p+16, (char **)&p, 16);
1125 cpu = find_cpu(thread);
1127 cpu_synchronize_state(cpu);
1128 /* memtohex() doubles the required space */
1129 len = snprintf((char *)mem_buf, sizeof(buf) / 2,
1130 "CPU#%d [%s]", cpu->cpu_index,
1131 cpu->halted ? "halted " : "running");
1132 memtohex(buf, mem_buf, len);
1137 #ifdef CONFIG_USER_ONLY
1138 else if (strcmp(p, "Offsets") == 0) {
1139 TaskState *ts = s->c_cpu->opaque;
1141 snprintf(buf, sizeof(buf),
1142 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1143 ";Bss=" TARGET_ABI_FMT_lx,
1144 ts->info->code_offset,
1145 ts->info->data_offset,
1146 ts->info->data_offset);
1150 #else /* !CONFIG_USER_ONLY */
1151 else if (strncmp(p, "Rcmd,", 5) == 0) {
1152 int len = strlen(p + 5);
1154 if ((len % 2) != 0) {
1155 put_packet(s, "E01");
1159 hextomem(mem_buf, p + 5, len);
1161 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1162 put_packet(s, "OK");
1165 #endif /* !CONFIG_USER_ONLY */
1166 if (is_query_packet(p, "Supported", ':')) {
1167 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1168 cc = CPU_GET_CLASS(first_cpu);
1169 if (cc->gdb_core_xml_file != NULL) {
1170 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1175 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1177 target_ulong total_len;
1179 cc = CPU_GET_CLASS(first_cpu);
1180 if (cc->gdb_core_xml_file == NULL) {
1181 goto unknown_command;
1186 xml = get_feature_xml(p, &p, cc);
1188 snprintf(buf, sizeof(buf), "E00");
1195 addr = strtoul(p, (char **)&p, 16);
1198 len = strtoul(p, (char **)&p, 16);
1200 total_len = strlen(xml);
1201 if (addr > total_len) {
1202 snprintf(buf, sizeof(buf), "E00");
1206 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1207 len = (MAX_PACKET_LENGTH - 5) / 2;
1208 if (len < total_len - addr) {
1210 len = memtox(buf + 1, xml + addr, len);
1213 len = memtox(buf + 1, xml + addr, total_len - addr);
1215 put_packet_binary(s, buf, len + 1);
1218 if (is_query_packet(p, "Attached", ':')) {
1219 put_packet(s, GDB_ATTACHED);
1222 /* Unrecognised 'q' command. */
1223 goto unknown_command;
1227 /* put empty packet */
1235 void gdb_set_stop_cpu(CPUState *cpu)
1237 gdbserver_state->c_cpu = cpu;
1238 gdbserver_state->g_cpu = cpu;
1241 #ifndef CONFIG_USER_ONLY
1242 static void gdb_vm_state_change(void *opaque, int running, RunState state)
1244 GDBState *s = gdbserver_state;
1245 CPUState *cpu = s->c_cpu;
1250 if (running || s->state == RS_INACTIVE) {
1253 /* Is there a GDB syscall waiting to be sent? */
1254 if (s->current_syscall_cb) {
1255 put_packet(s, s->syscall_buf);
1259 case RUN_STATE_DEBUG:
1260 if (cpu->watchpoint_hit) {
1261 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
1272 snprintf(buf, sizeof(buf),
1273 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
1274 GDB_SIGNAL_TRAP, cpu_index(cpu), type,
1275 (target_ulong)cpu->watchpoint_hit->vaddr);
1276 cpu->watchpoint_hit = NULL;
1280 ret = GDB_SIGNAL_TRAP;
1282 case RUN_STATE_PAUSED:
1283 ret = GDB_SIGNAL_INT;
1285 case RUN_STATE_SHUTDOWN:
1286 ret = GDB_SIGNAL_QUIT;
1288 case RUN_STATE_IO_ERROR:
1289 ret = GDB_SIGNAL_IO;
1291 case RUN_STATE_WATCHDOG:
1292 ret = GDB_SIGNAL_ALRM;
1294 case RUN_STATE_INTERNAL_ERROR:
1295 ret = GDB_SIGNAL_ABRT;
1297 case RUN_STATE_SAVE_VM:
1298 case RUN_STATE_RESTORE_VM:
1300 case RUN_STATE_FINISH_MIGRATE:
1301 ret = GDB_SIGNAL_XCPU;
1304 ret = GDB_SIGNAL_UNKNOWN;
1307 gdb_set_stop_cpu(cpu);
1308 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_index(cpu));
1313 /* disable single step if it was enabled */
1314 cpu_single_step(cpu, 0);
1318 /* Send a gdb syscall request.
1319 This accepts limited printf-style format specifiers, specifically:
1320 %x - target_ulong argument printed in hex.
1321 %lx - 64-bit argument printed in hex.
1322 %s - string pointer (target_ulong) and length (int) pair. */
1323 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
1331 s = gdbserver_state;
1334 s->current_syscall_cb = cb;
1335 #ifndef CONFIG_USER_ONLY
1336 vm_stop(RUN_STATE_DEBUG);
1339 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
1346 addr = va_arg(va, target_ulong);
1347 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
1350 if (*(fmt++) != 'x')
1352 i64 = va_arg(va, uint64_t);
1353 p += snprintf(p, p_end - p, "%" PRIx64, i64);
1356 addr = va_arg(va, target_ulong);
1357 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
1358 addr, va_arg(va, int));
1362 error_report("gdbstub: Bad syscall format string '%s'",
1371 #ifdef CONFIG_USER_ONLY
1372 put_packet(s, s->syscall_buf);
1373 gdb_handlesig(s->c_cpu, 0);
1375 /* In this case wait to send the syscall packet until notification that
1376 the CPU has stopped. This must be done because if the packet is sent
1377 now the reply from the syscall request could be received while the CPU
1378 is still in the running state, which can cause packets to be dropped
1379 and state transition 'T' packets to be sent while the syscall is still
1381 qemu_cpu_kick(s->c_cpu);
1385 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1390 gdb_do_syscallv(cb, fmt, va);
1394 static void gdb_read_byte(GDBState *s, int ch)
1399 #ifndef CONFIG_USER_ONLY
1400 if (s->last_packet_len) {
1401 /* Waiting for a response to the last packet. If we see the start
1402 of a new command then abandon the previous response. */
1405 printf("Got NACK, retransmitting\n");
1407 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
1411 printf("Got ACK\n");
1413 printf("Got '%c' when expecting ACK/NACK\n", ch);
1415 if (ch == '+' || ch == '$')
1416 s->last_packet_len = 0;
1420 if (runstate_is_running()) {
1421 /* when the CPU is running, we cannot do anything except stop
1422 it when receiving a char */
1423 vm_stop(RUN_STATE_PAUSED);
1430 s->line_buf_index = 0;
1431 s->state = RS_GETLINE;
1436 s->state = RS_CHKSUM1;
1437 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1440 s->line_buf[s->line_buf_index++] = ch;
1444 s->line_buf[s->line_buf_index] = '\0';
1445 s->line_csum = fromhex(ch) << 4;
1446 s->state = RS_CHKSUM2;
1449 s->line_csum |= fromhex(ch);
1451 for(i = 0; i < s->line_buf_index; i++) {
1452 csum += s->line_buf[i];
1454 if (s->line_csum != (csum & 0xff)) {
1456 put_buffer(s, &reply, 1);
1460 put_buffer(s, &reply, 1);
1461 s->state = gdb_handle_packet(s, s->line_buf);
1470 /* Tell the remote gdb that the process has exited. */
1471 void gdb_exit(CPUArchState *env, int code)
1475 #ifndef CONFIG_USER_ONLY
1476 CharDriverState *chr;
1479 s = gdbserver_state;
1483 #ifdef CONFIG_USER_ONLY
1484 if (gdbserver_fd < 0 || s->fd < 0) {
1488 chr = qemu_chr_fe_get_driver(&s->chr);
1494 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
1497 #ifndef CONFIG_USER_ONLY
1498 qemu_chr_fe_deinit(&s->chr);
1499 qemu_chr_delete(chr);
1503 #ifdef CONFIG_USER_ONLY
1505 gdb_handlesig(CPUState *cpu, int sig)
1511 s = gdbserver_state;
1512 if (gdbserver_fd < 0 || s->fd < 0) {
1516 /* disable single step if it was enabled */
1517 cpu_single_step(cpu, 0);
1521 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
1524 /* put_packet() might have detected that the peer terminated the
1532 s->running_state = 0;
1533 while (s->running_state == 0) {
1534 n = read(s->fd, buf, 256);
1538 for (i = 0; i < n; i++) {
1539 gdb_read_byte(s, buf[i]);
1542 /* XXX: Connection closed. Should probably wait for another
1543 connection before continuing. */
1556 /* Tell the remote gdb that the process has exited due to SIG. */
1557 void gdb_signalled(CPUArchState *env, int sig)
1562 s = gdbserver_state;
1563 if (gdbserver_fd < 0 || s->fd < 0) {
1567 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
1571 static void gdb_accept(void)
1574 struct sockaddr_in sockaddr;
1579 len = sizeof(sockaddr);
1580 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
1581 if (fd < 0 && errno != EINTR) {
1584 } else if (fd >= 0) {
1586 fcntl(fd, F_SETFD, FD_CLOEXEC);
1592 /* set short latency */
1593 socket_set_nodelay(fd);
1595 s = g_malloc0(sizeof(GDBState));
1596 s->c_cpu = first_cpu;
1597 s->g_cpu = first_cpu;
1599 gdb_has_xml = false;
1601 gdbserver_state = s;
1604 static int gdbserver_open(int port)
1606 struct sockaddr_in sockaddr;
1609 fd = socket(PF_INET, SOCK_STREAM, 0);
1615 fcntl(fd, F_SETFD, FD_CLOEXEC);
1618 socket_set_fast_reuse(fd);
1620 sockaddr.sin_family = AF_INET;
1621 sockaddr.sin_port = htons(port);
1622 sockaddr.sin_addr.s_addr = 0;
1623 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
1629 ret = listen(fd, 1);
1638 int gdbserver_start(int port)
1640 gdbserver_fd = gdbserver_open(port);
1641 if (gdbserver_fd < 0)
1643 /* accept connections */
1648 /* Disable gdb stub for child processes. */
1649 void gdbserver_fork(CPUState *cpu)
1651 GDBState *s = gdbserver_state;
1653 if (gdbserver_fd < 0 || s->fd < 0) {
1658 cpu_breakpoint_remove_all(cpu, BP_GDB);
1659 cpu_watchpoint_remove_all(cpu, BP_GDB);
1662 static int gdb_chr_can_receive(void *opaque)
1664 /* We can handle an arbitrarily large amount of data.
1665 Pick the maximum packet size, which is as good as anything. */
1666 return MAX_PACKET_LENGTH;
1669 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
1673 for (i = 0; i < size; i++) {
1674 gdb_read_byte(gdbserver_state, buf[i]);
1678 static void gdb_chr_event(void *opaque, int event)
1681 case CHR_EVENT_OPENED:
1682 vm_stop(RUN_STATE_PAUSED);
1683 gdb_has_xml = false;
1690 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
1692 char buf[MAX_PACKET_LENGTH];
1695 if (len > (MAX_PACKET_LENGTH/2) - 1)
1696 len = (MAX_PACKET_LENGTH/2) - 1;
1697 memtohex(buf + 1, (uint8_t *)msg, len);
1701 static int gdb_monitor_write(CharDriverState *chr, const uint8_t *buf, int len)
1703 const char *p = (const char *)buf;
1706 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
1708 if (len <= max_sz) {
1709 gdb_monitor_output(gdbserver_state, p, len);
1712 gdb_monitor_output(gdbserver_state, p, max_sz);
1720 static void gdb_sigterm_handler(int signal)
1722 if (runstate_is_running()) {
1723 vm_stop(RUN_STATE_PAUSED);
1728 int gdbserver_start(const char *device)
1731 char gdbstub_device_name[128];
1732 CharDriverState *chr = NULL;
1733 CharDriverState *mon_chr;
1734 ChardevCommon common = { 0 };
1737 error_report("gdbstub: meaningless to attach gdb to a "
1738 "machine without any CPU.");
1744 if (strcmp(device, "none") != 0) {
1745 if (strstart(device, "tcp:", NULL)) {
1746 /* enforce required TCP attributes */
1747 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
1748 "%s,nowait,nodelay,server", device);
1749 device = gdbstub_device_name;
1752 else if (strcmp(device, "stdio") == 0) {
1753 struct sigaction act;
1755 memset(&act, 0, sizeof(act));
1756 act.sa_handler = gdb_sigterm_handler;
1757 sigaction(SIGINT, &act, NULL);
1760 chr = qemu_chr_new_noreplay("gdb", device);
1765 s = gdbserver_state;
1767 s = g_malloc0(sizeof(GDBState));
1768 gdbserver_state = s;
1770 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
1772 /* Initialize a monitor terminal for gdb */
1773 mon_chr = qemu_chr_alloc(&common, &error_abort);
1774 mon_chr->chr_write = gdb_monitor_write;
1775 monitor_init(mon_chr, 0);
1777 if (qemu_chr_fe_get_driver(&s->chr)) {
1778 qemu_chr_delete(qemu_chr_fe_get_driver(&s->chr));
1780 mon_chr = s->mon_chr;
1781 memset(s, 0, sizeof(GDBState));
1782 s->mon_chr = mon_chr;
1784 s->c_cpu = first_cpu;
1785 s->g_cpu = first_cpu;
1787 qemu_chr_fe_init(&s->chr, chr, &error_abort);
1788 qemu_chr_fe_set_handlers(&s->chr, gdb_chr_can_receive, gdb_chr_receive,
1789 gdb_chr_event, NULL, NULL, true);
1791 s->state = chr ? RS_IDLE : RS_INACTIVE;
1792 s->mon_chr = mon_chr;
1793 s->current_syscall_cb = NULL;
projects / qemu.git / blob