search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
qemu-io: don't allow I/O operations larger than BDRV_REQUEST_MAX_BYTES
[qemu.git] / gdbstub.c
blob755a8e378d9c4683878eb110720b49f1f5119bec
1 /*
2 * gdb server stub
3 *
4 * Copyright (c) 2003-2005 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #include "qemu/error-report.h"
22 #include "qemu/cutils.h"
23 #include "cpu.h"
24 #ifdef CONFIG_USER_ONLY
25 #include "qemu.h"
26 #else
27 #include "monitor/monitor.h"
28 #include "sysemu/char.h"
29 #include "sysemu/sysemu.h"
30 #include "exec/gdbstub.h"
31 #endif
32
33 #define MAX_PACKET_LENGTH 4096
34
35 #include "qemu/sockets.h"
36 #include "sysemu/hw_accel.h"
37 #include "sysemu/kvm.h"
38 #include "exec/semihost.h"
39 #include "exec/exec-all.h"
40
41 #ifdef CONFIG_USER_ONLY
42 #define GDB_ATTACHED "0"
43 #else
44 #define GDB_ATTACHED "1"
45 #endif
46
47 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
48 uint8_t *buf, int len, bool is_write)
49 {
50 CPUClass *cc = CPU_GET_CLASS(cpu);
51
52 if (cc->memory_rw_debug) {
53 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
54 }
55 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
56 }
57
58 enum {
59 GDB_SIGNAL_0 = 0,
60 GDB_SIGNAL_INT = 2,
61 GDB_SIGNAL_QUIT = 3,
62 GDB_SIGNAL_TRAP = 5,
63 GDB_SIGNAL_ABRT = 6,
64 GDB_SIGNAL_ALRM = 14,
65 GDB_SIGNAL_IO = 23,
66 GDB_SIGNAL_XCPU = 24,
67 GDB_SIGNAL_UNKNOWN = 143
68 };
69
70 #ifdef CONFIG_USER_ONLY
71
72 /* Map target signal numbers to GDB protocol signal numbers and vice
73 * versa. For user emulation's currently supported systems, we can
74 * assume most signals are defined.
75 */
76
77 static int gdb_signal_table[] = {
78 0,
79 TARGET_SIGHUP,
80 TARGET_SIGINT,
81 TARGET_SIGQUIT,
82 TARGET_SIGILL,
83 TARGET_SIGTRAP,
84 TARGET_SIGABRT,
85 -1, /* SIGEMT */
86 TARGET_SIGFPE,
87 TARGET_SIGKILL,
88 TARGET_SIGBUS,
89 TARGET_SIGSEGV,
90 TARGET_SIGSYS,
91 TARGET_SIGPIPE,
92 TARGET_SIGALRM,
93 TARGET_SIGTERM,
94 TARGET_SIGURG,
95 TARGET_SIGSTOP,
96 TARGET_SIGTSTP,
97 TARGET_SIGCONT,
98 TARGET_SIGCHLD,
99 TARGET_SIGTTIN,
100 TARGET_SIGTTOU,
101 TARGET_SIGIO,
102 TARGET_SIGXCPU,
103 TARGET_SIGXFSZ,
104 TARGET_SIGVTALRM,
105 TARGET_SIGPROF,
106 TARGET_SIGWINCH,
107 -1, /* SIGLOST */
108 TARGET_SIGUSR1,
109 TARGET_SIGUSR2,
110 #ifdef TARGET_SIGPWR
111 TARGET_SIGPWR,
112 #else
113 -1,
114 #endif
115 -1, /* SIGPOLL */
116 -1,
117 -1,
118 -1,
119 -1,
120 -1,
121 -1,
122 -1,
123 -1,
124 -1,
125 -1,
126 -1,
127 #ifdef __SIGRTMIN
128 __SIGRTMIN + 1,
129 __SIGRTMIN + 2,
130 __SIGRTMIN + 3,
131 __SIGRTMIN + 4,
132 __SIGRTMIN + 5,
133 __SIGRTMIN + 6,
134 __SIGRTMIN + 7,
135 __SIGRTMIN + 8,
136 __SIGRTMIN + 9,
137 __SIGRTMIN + 10,
138 __SIGRTMIN + 11,
139 __SIGRTMIN + 12,
140 __SIGRTMIN + 13,
141 __SIGRTMIN + 14,
142 __SIGRTMIN + 15,
143 __SIGRTMIN + 16,
144 __SIGRTMIN + 17,
145 __SIGRTMIN + 18,
146 __SIGRTMIN + 19,
147 __SIGRTMIN + 20,
148 __SIGRTMIN + 21,
149 __SIGRTMIN + 22,
150 __SIGRTMIN + 23,
151 __SIGRTMIN + 24,
152 __SIGRTMIN + 25,
153 __SIGRTMIN + 26,
154 __SIGRTMIN + 27,
155 __SIGRTMIN + 28,
156 __SIGRTMIN + 29,
157 __SIGRTMIN + 30,
158 __SIGRTMIN + 31,
159 -1, /* SIGCANCEL */
160 __SIGRTMIN,
161 __SIGRTMIN + 32,
162 __SIGRTMIN + 33,
163 __SIGRTMIN + 34,
164 __SIGRTMIN + 35,
165 __SIGRTMIN + 36,
166 __SIGRTMIN + 37,
167 __SIGRTMIN + 38,
168 __SIGRTMIN + 39,
169 __SIGRTMIN + 40,
170 __SIGRTMIN + 41,
171 __SIGRTMIN + 42,
172 __SIGRTMIN + 43,
173 __SIGRTMIN + 44,
174 __SIGRTMIN + 45,
175 __SIGRTMIN + 46,
176 __SIGRTMIN + 47,
177 __SIGRTMIN + 48,
178 __SIGRTMIN + 49,
179 __SIGRTMIN + 50,
180 __SIGRTMIN + 51,
181 __SIGRTMIN + 52,
182 __SIGRTMIN + 53,
183 __SIGRTMIN + 54,
184 __SIGRTMIN + 55,
185 __SIGRTMIN + 56,
186 __SIGRTMIN + 57,
187 __SIGRTMIN + 58,
188 __SIGRTMIN + 59,
189 __SIGRTMIN + 60,
190 __SIGRTMIN + 61,
191 __SIGRTMIN + 62,
192 __SIGRTMIN + 63,
193 __SIGRTMIN + 64,
194 __SIGRTMIN + 65,
195 __SIGRTMIN + 66,
196 __SIGRTMIN + 67,
197 __SIGRTMIN + 68,
198 __SIGRTMIN + 69,
199 __SIGRTMIN + 70,
200 __SIGRTMIN + 71,
201 __SIGRTMIN + 72,
202 __SIGRTMIN + 73,
203 __SIGRTMIN + 74,
204 __SIGRTMIN + 75,
205 __SIGRTMIN + 76,
206 __SIGRTMIN + 77,
207 __SIGRTMIN + 78,
208 __SIGRTMIN + 79,
209 __SIGRTMIN + 80,
210 __SIGRTMIN + 81,
211 __SIGRTMIN + 82,
212 __SIGRTMIN + 83,
213 __SIGRTMIN + 84,
214 __SIGRTMIN + 85,
215 __SIGRTMIN + 86,
216 __SIGRTMIN + 87,
217 __SIGRTMIN + 88,
218 __SIGRTMIN + 89,
219 __SIGRTMIN + 90,
220 __SIGRTMIN + 91,
221 __SIGRTMIN + 92,
222 __SIGRTMIN + 93,
223 __SIGRTMIN + 94,
224 __SIGRTMIN + 95,
225 -1, /* SIGINFO */
226 -1, /* UNKNOWN */
227 -1, /* DEFAULT */
228 -1,
229 -1,
230 -1,
231 -1,
232 -1,
233 -1
234 #endif
235 };
236 #else
237 /* In system mode we only need SIGINT and SIGTRAP; other signals
238 are not yet supported. */
239
240 enum {
241 TARGET_SIGINT = 2,
242 TARGET_SIGTRAP = 5
243 };
244
245 static int gdb_signal_table[] = {
246 -1,
247 -1,
248 TARGET_SIGINT,
249 -1,
250 -1,
251 TARGET_SIGTRAP
252 };
253 #endif
254
255 #ifdef CONFIG_USER_ONLY
256 static int target_signal_to_gdb (int sig)
257 {
258 int i;
259 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
260 if (gdb_signal_table[i] == sig)
261 return i;
262 return GDB_SIGNAL_UNKNOWN;
263 }
264 #endif
265
266 static int gdb_signal_to_target (int sig)
267 {
268 if (sig < ARRAY_SIZE (gdb_signal_table))
269 return gdb_signal_table[sig];
270 else
271 return -1;
272 }
273
274 //#define DEBUG_GDB
275
276 typedef struct GDBRegisterState {
277 int base_reg;
278 int num_regs;
279 gdb_reg_cb get_reg;
280 gdb_reg_cb set_reg;
281 const char *xml;
282 struct GDBRegisterState *next;
283 } GDBRegisterState;
284
285 enum RSState {
286 RS_INACTIVE,
287 RS_IDLE,
288 RS_GETLINE,
289 RS_CHKSUM1,
290 RS_CHKSUM2,
291 };
292 typedef struct GDBState {
293 CPUState *c_cpu; /* current CPU for step/continue ops */
294 CPUState *g_cpu; /* current CPU for other ops */
295 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
296 enum RSState state; /* parsing state */
297 char line_buf[MAX_PACKET_LENGTH];
298 int line_buf_index;
299 int line_csum;
300 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
301 int last_packet_len;
302 int signal;
303 #ifdef CONFIG_USER_ONLY
304 int fd;
305 int running_state;
306 #else
307 CharBackend chr;
308 Chardev *mon_chr;
309 #endif
310 char syscall_buf[256];
311 gdb_syscall_complete_cb current_syscall_cb;
312 } GDBState;
313
314 /* By default use no IRQs and no timers while single stepping so as to
315 * make single stepping like an ICE HW step.
316 */
317 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
318
319 static GDBState *gdbserver_state;
320
321 bool gdb_has_xml;
322
323 #ifdef CONFIG_USER_ONLY
324 /* XXX: This is not thread safe. Do we care? */
325 static int gdbserver_fd = -1;
326
327 static int get_char(GDBState *s)
328 {
329 uint8_t ch;
330 int ret;
331
332 for(;;) {
333 ret = qemu_recv(s->fd, &ch, 1, 0);
334 if (ret < 0) {
335 if (errno == ECONNRESET)
336 s->fd = -1;
337 if (errno != EINTR)
338 return -1;
339 } else if (ret == 0) {
340 close(s->fd);
341 s->fd = -1;
342 return -1;
343 } else {
344 break;
345 }
346 }
347 return ch;
348 }
349 #endif
350
351 static enum {
352 GDB_SYS_UNKNOWN,
353 GDB_SYS_ENABLED,
354 GDB_SYS_DISABLED,
355 } gdb_syscall_mode;
356
357 /* Decide if either remote gdb syscalls or native file IO should be used. */
358 int use_gdb_syscalls(void)
359 {
360 SemihostingTarget target = semihosting_get_target();
361 if (target == SEMIHOSTING_TARGET_NATIVE) {
362 /* -semihosting-config target=native */
363 return false;
364 } else if (target == SEMIHOSTING_TARGET_GDB) {
365 /* -semihosting-config target=gdb */
366 return true;
367 }
368
369 /* -semihosting-config target=auto */
370 /* On the first call check if gdb is connected and remember. */
371 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
372 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
373 : GDB_SYS_DISABLED);
374 }
375 return gdb_syscall_mode == GDB_SYS_ENABLED;
376 }
377
378 /* Resume execution. */
379 static inline void gdb_continue(GDBState *s)
380 {
381 #ifdef CONFIG_USER_ONLY
382 s->running_state = 1;
383 #else
384 if (!runstate_needs_reset()) {
385 vm_start();
386 }
387 #endif
388 }
389
390 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
391 {
392 #ifdef CONFIG_USER_ONLY
393 int ret;
394
395 while (len > 0) {
396 ret = send(s->fd, buf, len, 0);
397 if (ret < 0) {
398 if (errno != EINTR)
399 return;
400 } else {
401 buf += ret;
402 len -= ret;
403 }
404 }
405 #else
406 /* XXX this blocks entire thread. Rewrite to use
407 * qemu_chr_fe_write and background I/O callbacks */
408 qemu_chr_fe_write_all(&s->chr, buf, len);
409 #endif
410 }
411
412 static inline int fromhex(int v)
413 {
414 if (v >= '0' && v <= '9')
415 return v - '0';
416 else if (v >= 'A' && v <= 'F')
417 return v - 'A' + 10;
418 else if (v >= 'a' && v <= 'f')
419 return v - 'a' + 10;
420 else
421 return 0;
422 }
423
424 static inline int tohex(int v)
425 {
426 if (v < 10)
427 return v + '0';
428 else
429 return v - 10 + 'a';
430 }
431
432 static void memtohex(char *buf, const uint8_t *mem, int len)
433 {
434 int i, c;
435 char *q;
436 q = buf;
437 for(i = 0; i < len; i++) {
438 c = mem[i];
439 *q++ = tohex(c >> 4);
440 *q++ = tohex(c & 0xf);
441 }
442 *q = '\0';
443 }
444
445 static void hextomem(uint8_t *mem, const char *buf, int len)
446 {
447 int i;
448
449 for(i = 0; i < len; i++) {
450 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
451 buf += 2;
452 }
453 }
454
455 /* return -1 if error, 0 if OK */
456 static int put_packet_binary(GDBState *s, const char *buf, int len)
457 {
458 int csum, i;
459 uint8_t *p;
460
461 for(;;) {
462 p = s->last_packet;
463 *(p++) = '$';
464 memcpy(p, buf, len);
465 p += len;
466 csum = 0;
467 for(i = 0; i < len; i++) {
468 csum += buf[i];
469 }
470 *(p++) = '#';
471 *(p++) = tohex((csum >> 4) & 0xf);
472 *(p++) = tohex((csum) & 0xf);
473
474 s->last_packet_len = p - s->last_packet;
475 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
476
477 #ifdef CONFIG_USER_ONLY
478 i = get_char(s);
479 if (i < 0)
480 return -1;
481 if (i == '+')
482 break;
483 #else
484 break;
485 #endif
486 }
487 return 0;
488 }
489
490 /* return -1 if error, 0 if OK */
491 static int put_packet(GDBState *s, const char *buf)
492 {
493 #ifdef DEBUG_GDB
494 printf("reply='%s'\n", buf);
495 #endif
496
497 return put_packet_binary(s, buf, strlen(buf));
498 }
499
500 /* Encode data using the encoding for 'x' packets. */
501 static int memtox(char *buf, const char *mem, int len)
502 {
503 char *p = buf;
504 char c;
505
506 while (len--) {
507 c = *(mem++);
508 switch (c) {
509 case '#': case '$': case '*': case '}':
510 *(p++) = '}';
511 *(p++) = c ^ 0x20;
512 break;
513 default:
514 *(p++) = c;
515 break;
516 }
517 }
518 return p - buf;
519 }
520
521 static const char *get_feature_xml(const char *p, const char **newp,
522 CPUClass *cc)
523 {
524 size_t len;
525 int i;
526 const char *name;
527 static char target_xml[1024];
528
529 len = 0;
530 while (p[len] && p[len] != ':')
531 len++;
532 *newp = p + len;
533
534 name = NULL;
535 if (strncmp(p, "target.xml", len) == 0) {
536 /* Generate the XML description for this CPU. */
537 if (!target_xml[0]) {
538 GDBRegisterState *r;
539 CPUState *cpu = first_cpu;
540
541 pstrcat(target_xml, sizeof(target_xml),
542 "<?xml version=\"1.0\"?>"
543 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
544 "<target>");
545 if (cc->gdb_arch_name) {
546 gchar *arch = cc->gdb_arch_name(cpu);
547 pstrcat(target_xml, sizeof(target_xml), "<architecture>");
548 pstrcat(target_xml, sizeof(target_xml), arch);
549 pstrcat(target_xml, sizeof(target_xml), "</architecture>");
550 g_free(arch);
551 }
552 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
553 pstrcat(target_xml, sizeof(target_xml), cc->gdb_core_xml_file);
554 pstrcat(target_xml, sizeof(target_xml), "\"/>");
555 for (r = cpu->gdb_regs; r; r = r->next) {
556 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
557 pstrcat(target_xml, sizeof(target_xml), r->xml);
558 pstrcat(target_xml, sizeof(target_xml), "\"/>");
559 }
560 pstrcat(target_xml, sizeof(target_xml), "</target>");
561 }
562 return target_xml;
563 }
564 for (i = 0; ; i++) {
565 name = xml_builtin[i][0];
566 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
567 break;
568 }
569 return name ? xml_builtin[i][1] : NULL;
570 }
571
572 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
573 {
574 CPUClass *cc = CPU_GET_CLASS(cpu);
575 CPUArchState *env = cpu->env_ptr;
576 GDBRegisterState *r;
577
578 if (reg < cc->gdb_num_core_regs) {
579 return cc->gdb_read_register(cpu, mem_buf, reg);
580 }
581
582 for (r = cpu->gdb_regs; r; r = r->next) {
583 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
584 return r->get_reg(env, mem_buf, reg - r->base_reg);
585 }
586 }
587 return 0;
588 }
589
590 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
591 {
592 CPUClass *cc = CPU_GET_CLASS(cpu);
593 CPUArchState *env = cpu->env_ptr;
594 GDBRegisterState *r;
595
596 if (reg < cc->gdb_num_core_regs) {
597 return cc->gdb_write_register(cpu, mem_buf, reg);
598 }
599
600 for (r = cpu->gdb_regs; r; r = r->next) {
601 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
602 return r->set_reg(env, mem_buf, reg - r->base_reg);
603 }
604 }
605 return 0;
606 }
607
608 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
609 specifies the first register number and these registers are included in
610 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
611 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
612 */
613
614 void gdb_register_coprocessor(CPUState *cpu,
615 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
616 int num_regs, const char *xml, int g_pos)
617 {
618 GDBRegisterState *s;
619 GDBRegisterState **p;
620
621 p = &cpu->gdb_regs;
622 while (*p) {
623 /* Check for duplicates. */
624 if (strcmp((*p)->xml, xml) == 0)
625 return;
626 p = &(*p)->next;
627 }
628
629 s = g_new0(GDBRegisterState, 1);
630 s->base_reg = cpu->gdb_num_regs;
631 s->num_regs = num_regs;
632 s->get_reg = get_reg;
633 s->set_reg = set_reg;
634 s->xml = xml;
635
636 /* Add to end of list. */
637 cpu->gdb_num_regs += num_regs;
638 *p = s;
639 if (g_pos) {
640 if (g_pos != s->base_reg) {
641 error_report("Error: Bad gdb register numbering for '%s', "
642 "expected %d got %d", xml, g_pos, s->base_reg);
643 } else {
644 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
645 }
646 }
647 }
648
649 #ifndef CONFIG_USER_ONLY
650 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
651 static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
652 {
653 static const int xlat[] = {
654 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
655 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
656 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
657 };
658
659 CPUClass *cc = CPU_GET_CLASS(cpu);
660 int cputype = xlat[gdbtype];
661
662 if (cc->gdb_stop_before_watchpoint) {
663 cputype |= BP_STOP_BEFORE_ACCESS;
664 }
665 return cputype;
666 }
667 #endif
668
669 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
670 {
671 CPUState *cpu;
672 int err = 0;
673
674 if (kvm_enabled()) {
675 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
676 }
677
678 switch (type) {
679 case GDB_BREAKPOINT_SW:
680 case GDB_BREAKPOINT_HW:
681 CPU_FOREACH(cpu) {
682 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
683 if (err) {
684 break;
685 }
686 }
687 return err;
688 #ifndef CONFIG_USER_ONLY
689 case GDB_WATCHPOINT_WRITE:
690 case GDB_WATCHPOINT_READ:
691 case GDB_WATCHPOINT_ACCESS:
692 CPU_FOREACH(cpu) {
693 err = cpu_watchpoint_insert(cpu, addr, len,
694 xlat_gdb_type(cpu, type), NULL);
695 if (err) {
696 break;
697 }
698 }
699 return err;
700 #endif
701 default:
702 return -ENOSYS;
703 }
704 }
705
706 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
707 {
708 CPUState *cpu;
709 int err = 0;
710
711 if (kvm_enabled()) {
712 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
713 }
714
715 switch (type) {
716 case GDB_BREAKPOINT_SW:
717 case GDB_BREAKPOINT_HW:
718 CPU_FOREACH(cpu) {
719 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
720 if (err) {
721 break;
722 }
723 }
724 return err;
725 #ifndef CONFIG_USER_ONLY
726 case GDB_WATCHPOINT_WRITE:
727 case GDB_WATCHPOINT_READ:
728 case GDB_WATCHPOINT_ACCESS:
729 CPU_FOREACH(cpu) {
730 err = cpu_watchpoint_remove(cpu, addr, len,
731 xlat_gdb_type(cpu, type));
732 if (err)
733 break;
734 }
735 return err;
736 #endif
737 default:
738 return -ENOSYS;
739 }
740 }
741
742 static void gdb_breakpoint_remove_all(void)
743 {
744 CPUState *cpu;
745
746 if (kvm_enabled()) {
747 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
748 return;
749 }
750
751 CPU_FOREACH(cpu) {
752 cpu_breakpoint_remove_all(cpu, BP_GDB);
753 #ifndef CONFIG_USER_ONLY
754 cpu_watchpoint_remove_all(cpu, BP_GDB);
755 #endif
756 }
757 }
758
759 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
760 {
761 CPUState *cpu = s->c_cpu;
762
763 cpu_synchronize_state(cpu);
764 cpu_set_pc(cpu, pc);
765 }
766
767 static CPUState *find_cpu(uint32_t thread_id)
768 {
769 CPUState *cpu;
770
771 CPU_FOREACH(cpu) {
772 if (cpu_index(cpu) == thread_id) {
773 return cpu;
774 }
775 }
776
777 return NULL;
778 }
779
780 static int is_query_packet(const char *p, const char *query, char separator)
781 {
782 unsigned int query_len = strlen(query);
783
784 return strncmp(p, query, query_len) == 0 &&
785 (p[query_len] == '\0' || p[query_len] == separator);
786 }
787
788 static int gdb_handle_packet(GDBState *s, const char *line_buf)
789 {
790 CPUState *cpu;
791 CPUClass *cc;
792 const char *p;
793 uint32_t thread;
794 int ch, reg_size, type, res;
795 char buf[MAX_PACKET_LENGTH];
796 uint8_t mem_buf[MAX_PACKET_LENGTH];
797 uint8_t *registers;
798 target_ulong addr, len;
799
800 #ifdef DEBUG_GDB
801 printf("command='%s'\n", line_buf);
802 #endif
803 p = line_buf;
804 ch = *p++;
805 switch(ch) {
806 case '?':
807 /* TODO: Make this return the correct value for user-mode. */
808 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
809 cpu_index(s->c_cpu));
810 put_packet(s, buf);
811 /* Remove all the breakpoints when this query is issued,
812 * because gdb is doing and initial connect and the state
813 * should be cleaned up.
814 */
815 gdb_breakpoint_remove_all();
816 break;
817 case 'c':
818 if (*p != '\0') {
819 addr = strtoull(p, (char **)&p, 16);
820 gdb_set_cpu_pc(s, addr);
821 }
822 s->signal = 0;
823 gdb_continue(s);
824 return RS_IDLE;
825 case 'C':
826 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
827 if (s->signal == -1)
828 s->signal = 0;
829 gdb_continue(s);
830 return RS_IDLE;
831 case 'v':
832 if (strncmp(p, "Cont", 4) == 0) {
833 int res_signal, res_thread;
834
835 p += 4;
836 if (*p == '?') {
837 put_packet(s, "vCont;c;C;s;S");
838 break;
839 }
840 res = 0;
841 res_signal = 0;
842 res_thread = 0;
843 while (*p) {
844 int action, signal;
845
846 if (*p++ != ';') {
847 res = 0;
848 break;
849 }
850 action = *p++;
851 signal = 0;
852 if (action == 'C' || action == 'S') {
853 signal = gdb_signal_to_target(strtoul(p, (char **)&p, 16));
854 if (signal == -1) {
855 signal = 0;
856 }
857 } else if (action != 'c' && action != 's') {
858 res = 0;
859 break;
860 }
861 thread = 0;
862 if (*p == ':') {
863 thread = strtoull(p+1, (char **)&p, 16);
864 }
865 action = tolower(action);
866 if (res == 0 || (res == 'c' && action == 's')) {
867 res = action;
868 res_signal = signal;
869 res_thread = thread;
870 }
871 }
872 if (res) {
873 if (res_thread != -1 && res_thread != 0) {
874 cpu = find_cpu(res_thread);
875 if (cpu == NULL) {
876 put_packet(s, "E22");
877 break;
878 }
879 s->c_cpu = cpu;
880 }
881 if (res == 's') {
882 cpu_single_step(s->c_cpu, sstep_flags);
883 }
884 s->signal = res_signal;
885 gdb_continue(s);
886 return RS_IDLE;
887 }
888 break;
889 } else {
890 goto unknown_command;
891 }
892 case 'k':
893 /* Kill the target */
894 error_report("QEMU: Terminated via GDBstub");
895 exit(0);
896 case 'D':
897 /* Detach packet */
898 gdb_breakpoint_remove_all();
899 gdb_syscall_mode = GDB_SYS_DISABLED;
900 gdb_continue(s);
901 put_packet(s, "OK");
902 break;
903 case 's':
904 if (*p != '\0') {
905 addr = strtoull(p, (char **)&p, 16);
906 gdb_set_cpu_pc(s, addr);
907 }
908 cpu_single_step(s->c_cpu, sstep_flags);
909 gdb_continue(s);
910 return RS_IDLE;
911 case 'F':
912 {
913 target_ulong ret;
914 target_ulong err;
915
916 ret = strtoull(p, (char **)&p, 16);
917 if (*p == ',') {
918 p++;
919 err = strtoull(p, (char **)&p, 16);
920 } else {
921 err = 0;
922 }
923 if (*p == ',')
924 p++;
925 type = *p;
926 if (s->current_syscall_cb) {
927 s->current_syscall_cb(s->c_cpu, ret, err);
928 s->current_syscall_cb = NULL;
929 }
930 if (type == 'C') {
931 put_packet(s, "T02");
932 } else {
933 gdb_continue(s);
934 }
935 }
936 break;
937 case 'g':
938 cpu_synchronize_state(s->g_cpu);
939 len = 0;
940 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs; addr++) {
941 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
942 len += reg_size;
943 }
944 memtohex(buf, mem_buf, len);
945 put_packet(s, buf);
946 break;
947 case 'G':
948 cpu_synchronize_state(s->g_cpu);
949 registers = mem_buf;
950 len = strlen(p) / 2;
951 hextomem((uint8_t *)registers, p, len);
952 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs && len > 0; addr++) {
953 reg_size = gdb_write_register(s->g_cpu, registers, addr);
954 len -= reg_size;
955 registers += reg_size;
956 }
957 put_packet(s, "OK");
958 break;
959 case 'm':
960 addr = strtoull(p, (char **)&p, 16);
961 if (*p == ',')
962 p++;
963 len = strtoull(p, NULL, 16);
964
965 /* memtohex() doubles the required space */
966 if (len > MAX_PACKET_LENGTH / 2) {
967 put_packet (s, "E22");
968 break;
969 }
970
971 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
972 put_packet (s, "E14");
973 } else {
974 memtohex(buf, mem_buf, len);
975 put_packet(s, buf);
976 }
977 break;
978 case 'M':
979 addr = strtoull(p, (char **)&p, 16);
980 if (*p == ',')
981 p++;
982 len = strtoull(p, (char **)&p, 16);
983 if (*p == ':')
984 p++;
985
986 /* hextomem() reads 2*len bytes */
987 if (len > strlen(p) / 2) {
988 put_packet (s, "E22");
989 break;
990 }
991 hextomem(mem_buf, p, len);
992 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
993 true) != 0) {
994 put_packet(s, "E14");
995 } else {
996 put_packet(s, "OK");
997 }
998 break;
999 case 'p':
1000 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1001 This works, but can be very slow. Anything new enough to
1002 understand XML also knows how to use this properly. */
1003 if (!gdb_has_xml)
1004 goto unknown_command;
1005 addr = strtoull(p, (char **)&p, 16);
1006 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1007 if (reg_size) {
1008 memtohex(buf, mem_buf, reg_size);
1009 put_packet(s, buf);
1010 } else {
1011 put_packet(s, "E14");
1012 }
1013 break;
1014 case 'P':
1015 if (!gdb_has_xml)
1016 goto unknown_command;
1017 addr = strtoull(p, (char **)&p, 16);
1018 if (*p == '=')
1019 p++;
1020 reg_size = strlen(p) / 2;
1021 hextomem(mem_buf, p, reg_size);
1022 gdb_write_register(s->g_cpu, mem_buf, addr);
1023 put_packet(s, "OK");
1024 break;
1025 case 'Z':
1026 case 'z':
1027 type = strtoul(p, (char **)&p, 16);
1028 if (*p == ',')
1029 p++;
1030 addr = strtoull(p, (char **)&p, 16);
1031 if (*p == ',')
1032 p++;
1033 len = strtoull(p, (char **)&p, 16);
1034 if (ch == 'Z')
1035 res = gdb_breakpoint_insert(addr, len, type);
1036 else
1037 res = gdb_breakpoint_remove(addr, len, type);
1038 if (res >= 0)
1039 put_packet(s, "OK");
1040 else if (res == -ENOSYS)
1041 put_packet(s, "");
1042 else
1043 put_packet(s, "E22");
1044 break;
1045 case 'H':
1046 type = *p++;
1047 thread = strtoull(p, (char **)&p, 16);
1048 if (thread == -1 || thread == 0) {
1049 put_packet(s, "OK");
1050 break;
1051 }
1052 cpu = find_cpu(thread);
1053 if (cpu == NULL) {
1054 put_packet(s, "E22");
1055 break;
1056 }
1057 switch (type) {
1058 case 'c':
1059 s->c_cpu = cpu;
1060 put_packet(s, "OK");
1061 break;
1062 case 'g':
1063 s->g_cpu = cpu;
1064 put_packet(s, "OK");
1065 break;
1066 default:
1067 put_packet(s, "E22");
1068 break;
1069 }
1070 break;
1071 case 'T':
1072 thread = strtoull(p, (char **)&p, 16);
1073 cpu = find_cpu(thread);
1074
1075 if (cpu != NULL) {
1076 put_packet(s, "OK");
1077 } else {
1078 put_packet(s, "E22");
1079 }
1080 break;
1081 case 'q':
1082 case 'Q':
1083 /* parse any 'q' packets here */
1084 if (!strcmp(p,"qemu.sstepbits")) {
1085 /* Query Breakpoint bit definitions */
1086 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1087 SSTEP_ENABLE,
1088 SSTEP_NOIRQ,
1089 SSTEP_NOTIMER);
1090 put_packet(s, buf);
1091 break;
1092 } else if (is_query_packet(p, "qemu.sstep", '=')) {
1093 /* Display or change the sstep_flags */
1094 p += 10;
1095 if (*p != '=') {
1096 /* Display current setting */
1097 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1098 put_packet(s, buf);
1099 break;
1100 }
1101 p++;
1102 type = strtoul(p, (char **)&p, 16);
1103 sstep_flags = type;
1104 put_packet(s, "OK");
1105 break;
1106 } else if (strcmp(p,"C") == 0) {
1107 /* "Current thread" remains vague in the spec, so always return
1108 * the first CPU (gdb returns the first thread). */
1109 put_packet(s, "QC1");
1110 break;
1111 } else if (strcmp(p,"fThreadInfo") == 0) {
1112 s->query_cpu = first_cpu;
1113 goto report_cpuinfo;
1114 } else if (strcmp(p,"sThreadInfo") == 0) {
1115 report_cpuinfo:
1116 if (s->query_cpu) {
1117 snprintf(buf, sizeof(buf), "m%x", cpu_index(s->query_cpu));
1118 put_packet(s, buf);
1119 s->query_cpu = CPU_NEXT(s->query_cpu);
1120 } else
1121 put_packet(s, "l");
1122 break;
1123 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1124 thread = strtoull(p+16, (char **)&p, 16);
1125 cpu = find_cpu(thread);
1126 if (cpu != NULL) {
1127 cpu_synchronize_state(cpu);
1128 /* memtohex() doubles the required space */
1129 len = snprintf((char *)mem_buf, sizeof(buf) / 2,
1130 "CPU#%d [%s]", cpu->cpu_index,
1131 cpu->halted ? "halted " : "running");
1132 memtohex(buf, mem_buf, len);
1133 put_packet(s, buf);
1134 }
1135 break;
1136 }
1137 #ifdef CONFIG_USER_ONLY
1138 else if (strcmp(p, "Offsets") == 0) {
1139 TaskState *ts = s->c_cpu->opaque;
1140
1141 snprintf(buf, sizeof(buf),
1142 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1143 ";Bss=" TARGET_ABI_FMT_lx,
1144 ts->info->code_offset,
1145 ts->info->data_offset,
1146 ts->info->data_offset);
1147 put_packet(s, buf);
1148 break;
1149 }
1150 #else /* !CONFIG_USER_ONLY */
1151 else if (strncmp(p, "Rcmd,", 5) == 0) {
1152 int len = strlen(p + 5);
1153
1154 if ((len % 2) != 0) {
1155 put_packet(s, "E01");
1156 break;
1157 }
1158 len = len / 2;
1159 hextomem(mem_buf, p + 5, len);
1160 mem_buf[len++] = 0;
1161 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1162 put_packet(s, "OK");
1163 break;
1164 }
1165 #endif /* !CONFIG_USER_ONLY */
1166 if (is_query_packet(p, "Supported", ':')) {
1167 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1168 cc = CPU_GET_CLASS(first_cpu);
1169 if (cc->gdb_core_xml_file != NULL) {
1170 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1171 }
1172 put_packet(s, buf);
1173 break;
1174 }
1175 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1176 const char *xml;
1177 target_ulong total_len;
1178
1179 cc = CPU_GET_CLASS(first_cpu);
1180 if (cc->gdb_core_xml_file == NULL) {
1181 goto unknown_command;
1182 }
1183
1184 gdb_has_xml = true;
1185 p += 19;
1186 xml = get_feature_xml(p, &p, cc);
1187 if (!xml) {
1188 snprintf(buf, sizeof(buf), "E00");
1189 put_packet(s, buf);
1190 break;
1191 }
1192
1193 if (*p == ':')
1194 p++;
1195 addr = strtoul(p, (char **)&p, 16);
1196 if (*p == ',')
1197 p++;
1198 len = strtoul(p, (char **)&p, 16);
1199
1200 total_len = strlen(xml);
1201 if (addr > total_len) {
1202 snprintf(buf, sizeof(buf), "E00");
1203 put_packet(s, buf);
1204 break;
1205 }
1206 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1207 len = (MAX_PACKET_LENGTH - 5) / 2;
1208 if (len < total_len - addr) {
1209 buf[0] = 'm';
1210 len = memtox(buf + 1, xml + addr, len);
1211 } else {
1212 buf[0] = 'l';
1213 len = memtox(buf + 1, xml + addr, total_len - addr);
1214 }
1215 put_packet_binary(s, buf, len + 1);
1216 break;
1217 }
1218 if (is_query_packet(p, "Attached", ':')) {
1219 put_packet(s, GDB_ATTACHED);
1220 break;
1221 }
1222 /* Unrecognised 'q' command. */
1223 goto unknown_command;
1224
1225 default:
1226 unknown_command:
1227 /* put empty packet */
1228 buf[0] = '\0';
1229 put_packet(s, buf);
1230 break;
1231 }
1232 return RS_IDLE;
1233 }
1234
1235 void gdb_set_stop_cpu(CPUState *cpu)
1236 {
1237 gdbserver_state->c_cpu = cpu;
1238 gdbserver_state->g_cpu = cpu;
1239 }
1240
1241 #ifndef CONFIG_USER_ONLY
1242 static void gdb_vm_state_change(void *opaque, int running, RunState state)
1243 {
1244 GDBState *s = gdbserver_state;
1245 CPUState *cpu = s->c_cpu;
1246 char buf[256];
1247 const char *type;
1248 int ret;
1249
1250 if (running || s->state == RS_INACTIVE) {
1251 return;
1252 }
1253 /* Is there a GDB syscall waiting to be sent? */
1254 if (s->current_syscall_cb) {
1255 put_packet(s, s->syscall_buf);
1256 return;
1257 }
1258 switch (state) {
1259 case RUN_STATE_DEBUG:
1260 if (cpu->watchpoint_hit) {
1261 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
1262 case BP_MEM_READ:
1263 type = "r";
1264 break;
1265 case BP_MEM_ACCESS:
1266 type = "a";
1267 break;
1268 default:
1269 type = "";
1270 break;
1271 }
1272 snprintf(buf, sizeof(buf),
1273 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
1274 GDB_SIGNAL_TRAP, cpu_index(cpu), type,
1275 (target_ulong)cpu->watchpoint_hit->vaddr);
1276 cpu->watchpoint_hit = NULL;
1277 goto send_packet;
1278 }
1279 tb_flush(cpu);
1280 ret = GDB_SIGNAL_TRAP;
1281 break;
1282 case RUN_STATE_PAUSED:
1283 ret = GDB_SIGNAL_INT;
1284 break;
1285 case RUN_STATE_SHUTDOWN:
1286 ret = GDB_SIGNAL_QUIT;
1287 break;
1288 case RUN_STATE_IO_ERROR:
1289 ret = GDB_SIGNAL_IO;
1290 break;
1291 case RUN_STATE_WATCHDOG:
1292 ret = GDB_SIGNAL_ALRM;
1293 break;
1294 case RUN_STATE_INTERNAL_ERROR:
1295 ret = GDB_SIGNAL_ABRT;
1296 break;
1297 case RUN_STATE_SAVE_VM:
1298 case RUN_STATE_RESTORE_VM:
1299 return;
1300 case RUN_STATE_FINISH_MIGRATE:
1301 ret = GDB_SIGNAL_XCPU;
1302 break;
1303 default:
1304 ret = GDB_SIGNAL_UNKNOWN;
1305 break;
1306 }
1307 gdb_set_stop_cpu(cpu);
1308 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_index(cpu));
1309
1310 send_packet:
1311 put_packet(s, buf);
1312
1313 /* disable single step if it was enabled */
1314 cpu_single_step(cpu, 0);
1315 }
1316 #endif
1317
1318 /* Send a gdb syscall request.
1319 This accepts limited printf-style format specifiers, specifically:
1320 %x - target_ulong argument printed in hex.
1321 %lx - 64-bit argument printed in hex.
1322 %s - string pointer (target_ulong) and length (int) pair. */
1323 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
1324 {
1325 char *p;
1326 char *p_end;
1327 target_ulong addr;
1328 uint64_t i64;
1329 GDBState *s;
1330
1331 s = gdbserver_state;
1332 if (!s)
1333 return;
1334 s->current_syscall_cb = cb;
1335 #ifndef CONFIG_USER_ONLY
1336 vm_stop(RUN_STATE_DEBUG);
1337 #endif
1338 p = s->syscall_buf;
1339 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
1340 *(p++) = 'F';
1341 while (*fmt) {
1342 if (*fmt == '%') {
1343 fmt++;
1344 switch (*fmt++) {
1345 case 'x':
1346 addr = va_arg(va, target_ulong);
1347 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
1348 break;
1349 case 'l':
1350 if (*(fmt++) != 'x')
1351 goto bad_format;
1352 i64 = va_arg(va, uint64_t);
1353 p += snprintf(p, p_end - p, "%" PRIx64, i64);
1354 break;
1355 case 's':
1356 addr = va_arg(va, target_ulong);
1357 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
1358 addr, va_arg(va, int));
1359 break;
1360 default:
1361 bad_format:
1362 error_report("gdbstub: Bad syscall format string '%s'",
1363 fmt - 1);
1364 break;
1365 }
1366 } else {
1367 *(p++) = *(fmt++);
1368 }
1369 }
1370 *p = 0;
1371 #ifdef CONFIG_USER_ONLY
1372 put_packet(s, s->syscall_buf);
1373 gdb_handlesig(s->c_cpu, 0);
1374 #else
1375 /* In this case wait to send the syscall packet until notification that
1376 the CPU has stopped. This must be done because if the packet is sent
1377 now the reply from the syscall request could be received while the CPU
1378 is still in the running state, which can cause packets to be dropped
1379 and state transition 'T' packets to be sent while the syscall is still
1380 being processed. */
1381 qemu_cpu_kick(s->c_cpu);
1382 #endif
1383 }
1384
1385 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1386 {
1387 va_list va;
1388
1389 va_start(va, fmt);
1390 gdb_do_syscallv(cb, fmt, va);
1391 va_end(va);
1392 }
1393
1394 static void gdb_read_byte(GDBState *s, int ch)
1395 {
1396 int i, csum;
1397 uint8_t reply;
1398
1399 #ifndef CONFIG_USER_ONLY
1400 if (s->last_packet_len) {
1401 /* Waiting for a response to the last packet. If we see the start
1402 of a new command then abandon the previous response. */
1403 if (ch == '-') {
1404 #ifdef DEBUG_GDB
1405 printf("Got NACK, retransmitting\n");
1406 #endif
1407 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
1408 }
1409 #ifdef DEBUG_GDB
1410 else if (ch == '+')
1411 printf("Got ACK\n");
1412 else
1413 printf("Got '%c' when expecting ACK/NACK\n", ch);
1414 #endif
1415 if (ch == '+' || ch == '$')
1416 s->last_packet_len = 0;
1417 if (ch != '$')
1418 return;
1419 }
1420 if (runstate_is_running()) {
1421 /* when the CPU is running, we cannot do anything except stop
1422 it when receiving a char */
1423 vm_stop(RUN_STATE_PAUSED);
1424 } else
1425 #endif
1426 {
1427 switch(s->state) {
1428 case RS_IDLE:
1429 if (ch == '$') {
1430 s->line_buf_index = 0;
1431 s->state = RS_GETLINE;
1432 }
1433 break;
1434 case RS_GETLINE:
1435 if (ch == '#') {
1436 s->state = RS_CHKSUM1;
1437 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1438 s->state = RS_IDLE;
1439 } else {
1440 s->line_buf[s->line_buf_index++] = ch;
1441 }
1442 break;
1443 case RS_CHKSUM1:
1444 s->line_buf[s->line_buf_index] = '\0';
1445 s->line_csum = fromhex(ch) << 4;
1446 s->state = RS_CHKSUM2;
1447 break;
1448 case RS_CHKSUM2:
1449 s->line_csum |= fromhex(ch);
1450 csum = 0;
1451 for(i = 0; i < s->line_buf_index; i++) {
1452 csum += s->line_buf[i];
1453 }
1454 if (s->line_csum != (csum & 0xff)) {
1455 reply = '-';
1456 put_buffer(s, &reply, 1);
1457 s->state = RS_IDLE;
1458 } else {
1459 reply = '+';
1460 put_buffer(s, &reply, 1);
1461 s->state = gdb_handle_packet(s, s->line_buf);
1462 }
1463 break;
1464 default:
1465 abort();
1466 }
1467 }
1468 }
1469
1470 /* Tell the remote gdb that the process has exited. */
1471 void gdb_exit(CPUArchState *env, int code)
1472 {
1473 GDBState *s;
1474 char buf[4];
1475 #ifndef CONFIG_USER_ONLY
1476 Chardev *chr;
1477 #endif
1478
1479 s = gdbserver_state;
1480 if (!s) {
1481 return;
1482 }
1483 #ifdef CONFIG_USER_ONLY
1484 if (gdbserver_fd < 0 || s->fd < 0) {
1485 return;
1486 }
1487 #else
1488 chr = qemu_chr_fe_get_driver(&s->chr);
1489 if (!chr) {
1490 return;
1491 }
1492 #endif
1493
1494 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
1495 put_packet(s, buf);
1496
1497 #ifndef CONFIG_USER_ONLY
1498 qemu_chr_fe_deinit(&s->chr);
1499 qemu_chr_delete(chr);
1500 #endif
1501 }
1502
1503 #ifdef CONFIG_USER_ONLY
1504 int
1505 gdb_handlesig(CPUState *cpu, int sig)
1506 {
1507 GDBState *s;
1508 char buf[256];
1509 int n;
1510
1511 s = gdbserver_state;
1512 if (gdbserver_fd < 0 || s->fd < 0) {
1513 return sig;
1514 }
1515
1516 /* disable single step if it was enabled */
1517 cpu_single_step(cpu, 0);
1518 tb_flush(cpu);
1519
1520 if (sig != 0) {
1521 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
1522 put_packet(s, buf);
1523 }
1524 /* put_packet() might have detected that the peer terminated the
1525 connection. */
1526 if (s->fd < 0) {
1527 return sig;
1528 }
1529
1530 sig = 0;
1531 s->state = RS_IDLE;
1532 s->running_state = 0;
1533 while (s->running_state == 0) {
1534 n = read(s->fd, buf, 256);
1535 if (n > 0) {
1536 int i;
1537
1538 for (i = 0; i < n; i++) {
1539 gdb_read_byte(s, buf[i]);
1540 }
1541 } else {
1542 /* XXX: Connection closed. Should probably wait for another
1543 connection before continuing. */
1544 if (n == 0) {
1545 close(s->fd);
1546 }
1547 s->fd = -1;
1548 return sig;
1549 }
1550 }
1551 sig = s->signal;
1552 s->signal = 0;
1553 return sig;
1554 }
1555
1556 /* Tell the remote gdb that the process has exited due to SIG. */
1557 void gdb_signalled(CPUArchState *env, int sig)
1558 {
1559 GDBState *s;
1560 char buf[4];
1561
1562 s = gdbserver_state;
1563 if (gdbserver_fd < 0 || s->fd < 0) {
1564 return;
1565 }
1566
1567 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
1568 put_packet(s, buf);
1569 }
1570
1571 static void gdb_accept(void)
1572 {
1573 GDBState *s;
1574 struct sockaddr_in sockaddr;
1575 socklen_t len;
1576 int fd;
1577
1578 for(;;) {
1579 len = sizeof(sockaddr);
1580 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
1581 if (fd < 0 && errno != EINTR) {
1582 perror("accept");
1583 return;
1584 } else if (fd >= 0) {
1585 #ifndef _WIN32
1586 fcntl(fd, F_SETFD, FD_CLOEXEC);
1587 #endif
1588 break;
1589 }
1590 }
1591
1592 /* set short latency */
1593 socket_set_nodelay(fd);
1594
1595 s = g_malloc0(sizeof(GDBState));
1596 s->c_cpu = first_cpu;
1597 s->g_cpu = first_cpu;
1598 s->fd = fd;
1599 gdb_has_xml = false;
1600
1601 gdbserver_state = s;
1602 }
1603
1604 static int gdbserver_open(int port)
1605 {
1606 struct sockaddr_in sockaddr;
1607 int fd, ret;
1608
1609 fd = socket(PF_INET, SOCK_STREAM, 0);
1610 if (fd < 0) {
1611 perror("socket");
1612 return -1;
1613 }
1614 #ifndef _WIN32
1615 fcntl(fd, F_SETFD, FD_CLOEXEC);
1616 #endif
1617
1618 socket_set_fast_reuse(fd);
1619
1620 sockaddr.sin_family = AF_INET;
1621 sockaddr.sin_port = htons(port);
1622 sockaddr.sin_addr.s_addr = 0;
1623 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
1624 if (ret < 0) {
1625 perror("bind");
1626 close(fd);
1627 return -1;
1628 }
1629 ret = listen(fd, 1);
1630 if (ret < 0) {
1631 perror("listen");
1632 close(fd);
1633 return -1;
1634 }
1635 return fd;
1636 }
1637
1638 int gdbserver_start(int port)
1639 {
1640 gdbserver_fd = gdbserver_open(port);
1641 if (gdbserver_fd < 0)
1642 return -1;
1643 /* accept connections */
1644 gdb_accept();
1645 return 0;
1646 }
1647
1648 /* Disable gdb stub for child processes. */
1649 void gdbserver_fork(CPUState *cpu)
1650 {
1651 GDBState *s = gdbserver_state;
1652
1653 if (gdbserver_fd < 0 || s->fd < 0) {
1654 return;
1655 }
1656 close(s->fd);
1657 s->fd = -1;
1658 cpu_breakpoint_remove_all(cpu, BP_GDB);
1659 cpu_watchpoint_remove_all(cpu, BP_GDB);
1660 }
1661 #else
1662 static int gdb_chr_can_receive(void *opaque)
1663 {
1664 /* We can handle an arbitrarily large amount of data.
1665 Pick the maximum packet size, which is as good as anything. */
1666 return MAX_PACKET_LENGTH;
1667 }
1668
1669 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
1670 {
1671 int i;
1672
1673 for (i = 0; i < size; i++) {
1674 gdb_read_byte(gdbserver_state, buf[i]);
1675 }
1676 }
1677
1678 static void gdb_chr_event(void *opaque, int event)
1679 {
1680 switch (event) {
1681 case CHR_EVENT_OPENED:
1682 vm_stop(RUN_STATE_PAUSED);
1683 gdb_has_xml = false;
1684 break;
1685 default:
1686 break;
1687 }
1688 }
1689
1690 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
1691 {
1692 char buf[MAX_PACKET_LENGTH];
1693
1694 buf[0] = 'O';
1695 if (len > (MAX_PACKET_LENGTH/2) - 1)
1696 len = (MAX_PACKET_LENGTH/2) - 1;
1697 memtohex(buf + 1, (uint8_t *)msg, len);
1698 put_packet(s, buf);
1699 }
1700
1701 static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len)
1702 {
1703 const char *p = (const char *)buf;
1704 int max_sz;
1705
1706 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
1707 for (;;) {
1708 if (len <= max_sz) {
1709 gdb_monitor_output(gdbserver_state, p, len);
1710 break;
1711 }
1712 gdb_monitor_output(gdbserver_state, p, max_sz);
1713 p += max_sz;
1714 len -= max_sz;
1715 }
1716 return len;
1717 }
1718
1719 #ifndef _WIN32
1720 static void gdb_sigterm_handler(int signal)
1721 {
1722 if (runstate_is_running()) {
1723 vm_stop(RUN_STATE_PAUSED);
1724 }
1725 }
1726 #endif
1727
1728 static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend,
1729 bool *be_opened, Error **errp)
1730 {
1731 *be_opened = false;
1732 }
1733
1734 static void char_gdb_class_init(ObjectClass *oc, void *data)
1735 {
1736 ChardevClass *cc = CHARDEV_CLASS(oc);
1737
1738 cc->internal = true;
1739 cc->open = gdb_monitor_open;
1740 cc->chr_write = gdb_monitor_write;
1741 }
1742
1743 #define TYPE_CHARDEV_GDB "chardev-gdb"
1744
1745 static const TypeInfo char_gdb_type_info = {
1746 .name = TYPE_CHARDEV_GDB,
1747 .parent = TYPE_CHARDEV,
1748 .class_init = char_gdb_class_init,
1749 };
1750
1751 int gdbserver_start(const char *device)
1752 {
1753 GDBState *s;
1754 char gdbstub_device_name[128];
1755 Chardev *chr = NULL;
1756 Chardev *mon_chr;
1757
1758 if (!first_cpu) {
1759 error_report("gdbstub: meaningless to attach gdb to a "
1760 "machine without any CPU.");
1761 return -1;
1762 }
1763
1764 if (!device)
1765 return -1;
1766 if (strcmp(device, "none") != 0) {
1767 if (strstart(device, "tcp:", NULL)) {
1768 /* enforce required TCP attributes */
1769 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
1770 "%s,nowait,nodelay,server", device);
1771 device = gdbstub_device_name;
1772 }
1773 #ifndef _WIN32
1774 else if (strcmp(device, "stdio") == 0) {
1775 struct sigaction act;
1776
1777 memset(&act, 0, sizeof(act));
1778 act.sa_handler = gdb_sigterm_handler;
1779 sigaction(SIGINT, &act, NULL);
1780 }
1781 #endif
1782 chr = qemu_chr_new_noreplay("gdb", device);
1783 if (!chr)
1784 return -1;
1785 }
1786
1787 s = gdbserver_state;
1788 if (!s) {
1789 s = g_malloc0(sizeof(GDBState));
1790 gdbserver_state = s;
1791
1792 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
1793
1794 /* Initialize a monitor terminal for gdb */
1795 mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB,
1796 NULL, &error_abort);
1797 monitor_init(mon_chr, 0);
1798 } else {
1799 if (qemu_chr_fe_get_driver(&s->chr)) {
1800 qemu_chr_delete(qemu_chr_fe_get_driver(&s->chr));
1801 }
1802 mon_chr = s->mon_chr;
1803 memset(s, 0, sizeof(GDBState));
1804 s->mon_chr = mon_chr;
1805 }
1806 s->c_cpu = first_cpu;
1807 s->g_cpu = first_cpu;
1808 if (chr) {
1809 qemu_chr_fe_init(&s->chr, chr, &error_abort);
1810 qemu_chr_fe_set_handlers(&s->chr, gdb_chr_can_receive, gdb_chr_receive,
1811 gdb_chr_event, NULL, NULL, true);
1812 }
1813 s->state = chr ? RS_IDLE : RS_INACTIVE;
1814 s->mon_chr = mon_chr;
1815 s->current_syscall_cb = NULL;
1816
1817 return 0;
1818 }
1819
1820 static void register_types(void)
1821 {
1822 type_register_static(&char_gdb_type_info);
1823 }
1824
1825 type_init(register_types);
1826 #endif
QEmu