search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
gdbstub: Implement continue (c pkt) with new infra
[qemu.git] / gdbstub.c
blob53149c565ab29d8b17406990ab57066393259eec
1 /*
2 * gdb server stub
3 *
4 * Copyright (c) 2003-2005 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "qemu/osdep.h"
21 #include "qemu-common.h"
22 #include "qapi/error.h"
23 #include "qemu/error-report.h"
24 #include "qemu/ctype.h"
25 #include "qemu/cutils.h"
26 #include "qemu/module.h"
27 #include "trace-root.h"
28 #ifdef CONFIG_USER_ONLY
29 #include "qemu.h"
30 #else
31 #include "monitor/monitor.h"
32 #include "chardev/char.h"
33 #include "chardev/char-fe.h"
34 #include "sysemu/sysemu.h"
35 #include "exec/gdbstub.h"
36 #include "hw/cpu/cluster.h"
37 #endif
38
39 #define MAX_PACKET_LENGTH 4096
40
41 #include "qemu/sockets.h"
42 #include "sysemu/hw_accel.h"
43 #include "sysemu/kvm.h"
44 #include "hw/semihosting/semihost.h"
45 #include "exec/exec-all.h"
46
47 #ifdef CONFIG_USER_ONLY
48 #define GDB_ATTACHED "0"
49 #else
50 #define GDB_ATTACHED "1"
51 #endif
52
53 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
54 uint8_t *buf, int len, bool is_write)
55 {
56 CPUClass *cc = CPU_GET_CLASS(cpu);
57
58 if (cc->memory_rw_debug) {
59 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
60 }
61 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
62 }
63
64 /* Return the GDB index for a given vCPU state.
65 *
66 * For user mode this is simply the thread id. In system mode GDB
67 * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
68 */
69 static inline int cpu_gdb_index(CPUState *cpu)
70 {
71 #if defined(CONFIG_USER_ONLY)
72 TaskState *ts = (TaskState *) cpu->opaque;
73 return ts->ts_tid;
74 #else
75 return cpu->cpu_index + 1;
76 #endif
77 }
78
79 enum {
80 GDB_SIGNAL_0 = 0,
81 GDB_SIGNAL_INT = 2,
82 GDB_SIGNAL_QUIT = 3,
83 GDB_SIGNAL_TRAP = 5,
84 GDB_SIGNAL_ABRT = 6,
85 GDB_SIGNAL_ALRM = 14,
86 GDB_SIGNAL_IO = 23,
87 GDB_SIGNAL_XCPU = 24,
88 GDB_SIGNAL_UNKNOWN = 143
89 };
90
91 #ifdef CONFIG_USER_ONLY
92
93 /* Map target signal numbers to GDB protocol signal numbers and vice
94 * versa. For user emulation's currently supported systems, we can
95 * assume most signals are defined.
96 */
97
98 static int gdb_signal_table[] = {
99 0,
100 TARGET_SIGHUP,
101 TARGET_SIGINT,
102 TARGET_SIGQUIT,
103 TARGET_SIGILL,
104 TARGET_SIGTRAP,
105 TARGET_SIGABRT,
106 -1, /* SIGEMT */
107 TARGET_SIGFPE,
108 TARGET_SIGKILL,
109 TARGET_SIGBUS,
110 TARGET_SIGSEGV,
111 TARGET_SIGSYS,
112 TARGET_SIGPIPE,
113 TARGET_SIGALRM,
114 TARGET_SIGTERM,
115 TARGET_SIGURG,
116 TARGET_SIGSTOP,
117 TARGET_SIGTSTP,
118 TARGET_SIGCONT,
119 TARGET_SIGCHLD,
120 TARGET_SIGTTIN,
121 TARGET_SIGTTOU,
122 TARGET_SIGIO,
123 TARGET_SIGXCPU,
124 TARGET_SIGXFSZ,
125 TARGET_SIGVTALRM,
126 TARGET_SIGPROF,
127 TARGET_SIGWINCH,
128 -1, /* SIGLOST */
129 TARGET_SIGUSR1,
130 TARGET_SIGUSR2,
131 #ifdef TARGET_SIGPWR
132 TARGET_SIGPWR,
133 #else
134 -1,
135 #endif
136 -1, /* SIGPOLL */
137 -1,
138 -1,
139 -1,
140 -1,
141 -1,
142 -1,
143 -1,
144 -1,
145 -1,
146 -1,
147 -1,
148 #ifdef __SIGRTMIN
149 __SIGRTMIN + 1,
150 __SIGRTMIN + 2,
151 __SIGRTMIN + 3,
152 __SIGRTMIN + 4,
153 __SIGRTMIN + 5,
154 __SIGRTMIN + 6,
155 __SIGRTMIN + 7,
156 __SIGRTMIN + 8,
157 __SIGRTMIN + 9,
158 __SIGRTMIN + 10,
159 __SIGRTMIN + 11,
160 __SIGRTMIN + 12,
161 __SIGRTMIN + 13,
162 __SIGRTMIN + 14,
163 __SIGRTMIN + 15,
164 __SIGRTMIN + 16,
165 __SIGRTMIN + 17,
166 __SIGRTMIN + 18,
167 __SIGRTMIN + 19,
168 __SIGRTMIN + 20,
169 __SIGRTMIN + 21,
170 __SIGRTMIN + 22,
171 __SIGRTMIN + 23,
172 __SIGRTMIN + 24,
173 __SIGRTMIN + 25,
174 __SIGRTMIN + 26,
175 __SIGRTMIN + 27,
176 __SIGRTMIN + 28,
177 __SIGRTMIN + 29,
178 __SIGRTMIN + 30,
179 __SIGRTMIN + 31,
180 -1, /* SIGCANCEL */
181 __SIGRTMIN,
182 __SIGRTMIN + 32,
183 __SIGRTMIN + 33,
184 __SIGRTMIN + 34,
185 __SIGRTMIN + 35,
186 __SIGRTMIN + 36,
187 __SIGRTMIN + 37,
188 __SIGRTMIN + 38,
189 __SIGRTMIN + 39,
190 __SIGRTMIN + 40,
191 __SIGRTMIN + 41,
192 __SIGRTMIN + 42,
193 __SIGRTMIN + 43,
194 __SIGRTMIN + 44,
195 __SIGRTMIN + 45,
196 __SIGRTMIN + 46,
197 __SIGRTMIN + 47,
198 __SIGRTMIN + 48,
199 __SIGRTMIN + 49,
200 __SIGRTMIN + 50,
201 __SIGRTMIN + 51,
202 __SIGRTMIN + 52,
203 __SIGRTMIN + 53,
204 __SIGRTMIN + 54,
205 __SIGRTMIN + 55,
206 __SIGRTMIN + 56,
207 __SIGRTMIN + 57,
208 __SIGRTMIN + 58,
209 __SIGRTMIN + 59,
210 __SIGRTMIN + 60,
211 __SIGRTMIN + 61,
212 __SIGRTMIN + 62,
213 __SIGRTMIN + 63,
214 __SIGRTMIN + 64,
215 __SIGRTMIN + 65,
216 __SIGRTMIN + 66,
217 __SIGRTMIN + 67,
218 __SIGRTMIN + 68,
219 __SIGRTMIN + 69,
220 __SIGRTMIN + 70,
221 __SIGRTMIN + 71,
222 __SIGRTMIN + 72,
223 __SIGRTMIN + 73,
224 __SIGRTMIN + 74,
225 __SIGRTMIN + 75,
226 __SIGRTMIN + 76,
227 __SIGRTMIN + 77,
228 __SIGRTMIN + 78,
229 __SIGRTMIN + 79,
230 __SIGRTMIN + 80,
231 __SIGRTMIN + 81,
232 __SIGRTMIN + 82,
233 __SIGRTMIN + 83,
234 __SIGRTMIN + 84,
235 __SIGRTMIN + 85,
236 __SIGRTMIN + 86,
237 __SIGRTMIN + 87,
238 __SIGRTMIN + 88,
239 __SIGRTMIN + 89,
240 __SIGRTMIN + 90,
241 __SIGRTMIN + 91,
242 __SIGRTMIN + 92,
243 __SIGRTMIN + 93,
244 __SIGRTMIN + 94,
245 __SIGRTMIN + 95,
246 -1, /* SIGINFO */
247 -1, /* UNKNOWN */
248 -1, /* DEFAULT */
249 -1,
250 -1,
251 -1,
252 -1,
253 -1,
254 -1
255 #endif
256 };
257 #else
258 /* In system mode we only need SIGINT and SIGTRAP; other signals
259 are not yet supported. */
260
261 enum {
262 TARGET_SIGINT = 2,
263 TARGET_SIGTRAP = 5
264 };
265
266 static int gdb_signal_table[] = {
267 -1,
268 -1,
269 TARGET_SIGINT,
270 -1,
271 -1,
272 TARGET_SIGTRAP
273 };
274 #endif
275
276 #ifdef CONFIG_USER_ONLY
277 static int target_signal_to_gdb (int sig)
278 {
279 int i;
280 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
281 if (gdb_signal_table[i] == sig)
282 return i;
283 return GDB_SIGNAL_UNKNOWN;
284 }
285 #endif
286
287 static int gdb_signal_to_target (int sig)
288 {
289 if (sig < ARRAY_SIZE (gdb_signal_table))
290 return gdb_signal_table[sig];
291 else
292 return -1;
293 }
294
295 typedef struct GDBRegisterState {
296 int base_reg;
297 int num_regs;
298 gdb_reg_cb get_reg;
299 gdb_reg_cb set_reg;
300 const char *xml;
301 struct GDBRegisterState *next;
302 } GDBRegisterState;
303
304 typedef struct GDBProcess {
305 uint32_t pid;
306 bool attached;
307
308 char target_xml[1024];
309 } GDBProcess;
310
311 enum RSState {
312 RS_INACTIVE,
313 RS_IDLE,
314 RS_GETLINE,
315 RS_GETLINE_ESC,
316 RS_GETLINE_RLE,
317 RS_CHKSUM1,
318 RS_CHKSUM2,
319 };
320 typedef struct GDBState {
321 CPUState *c_cpu; /* current CPU for step/continue ops */
322 CPUState *g_cpu; /* current CPU for other ops */
323 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
324 enum RSState state; /* parsing state */
325 char line_buf[MAX_PACKET_LENGTH];
326 int line_buf_index;
327 int line_sum; /* running checksum */
328 int line_csum; /* checksum at the end of the packet */
329 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
330 int last_packet_len;
331 int signal;
332 #ifdef CONFIG_USER_ONLY
333 int fd;
334 int running_state;
335 #else
336 CharBackend chr;
337 Chardev *mon_chr;
338 #endif
339 bool multiprocess;
340 GDBProcess *processes;
341 int process_num;
342 char syscall_buf[256];
343 gdb_syscall_complete_cb current_syscall_cb;
344 } GDBState;
345
346 /* By default use no IRQs and no timers while single stepping so as to
347 * make single stepping like an ICE HW step.
348 */
349 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
350
351 static GDBState *gdbserver_state;
352
353 bool gdb_has_xml;
354
355 #ifdef CONFIG_USER_ONLY
356 /* XXX: This is not thread safe. Do we care? */
357 static int gdbserver_fd = -1;
358
359 static int get_char(GDBState *s)
360 {
361 uint8_t ch;
362 int ret;
363
364 for(;;) {
365 ret = qemu_recv(s->fd, &ch, 1, 0);
366 if (ret < 0) {
367 if (errno == ECONNRESET)
368 s->fd = -1;
369 if (errno != EINTR)
370 return -1;
371 } else if (ret == 0) {
372 close(s->fd);
373 s->fd = -1;
374 return -1;
375 } else {
376 break;
377 }
378 }
379 return ch;
380 }
381 #endif
382
383 static enum {
384 GDB_SYS_UNKNOWN,
385 GDB_SYS_ENABLED,
386 GDB_SYS_DISABLED,
387 } gdb_syscall_mode;
388
389 /* Decide if either remote gdb syscalls or native file IO should be used. */
390 int use_gdb_syscalls(void)
391 {
392 SemihostingTarget target = semihosting_get_target();
393 if (target == SEMIHOSTING_TARGET_NATIVE) {
394 /* -semihosting-config target=native */
395 return false;
396 } else if (target == SEMIHOSTING_TARGET_GDB) {
397 /* -semihosting-config target=gdb */
398 return true;
399 }
400
401 /* -semihosting-config target=auto */
402 /* On the first call check if gdb is connected and remember. */
403 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
404 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
405 : GDB_SYS_DISABLED);
406 }
407 return gdb_syscall_mode == GDB_SYS_ENABLED;
408 }
409
410 /* Resume execution. */
411 static inline void gdb_continue(GDBState *s)
412 {
413
414 #ifdef CONFIG_USER_ONLY
415 s->running_state = 1;
416 trace_gdbstub_op_continue();
417 #else
418 if (!runstate_needs_reset()) {
419 trace_gdbstub_op_continue();
420 vm_start();
421 }
422 #endif
423 }
424
425 /*
426 * Resume execution, per CPU actions. For user-mode emulation it's
427 * equivalent to gdb_continue.
428 */
429 static int gdb_continue_partial(GDBState *s, char *newstates)
430 {
431 CPUState *cpu;
432 int res = 0;
433 #ifdef CONFIG_USER_ONLY
434 /*
435 * This is not exactly accurate, but it's an improvement compared to the
436 * previous situation, where only one CPU would be single-stepped.
437 */
438 CPU_FOREACH(cpu) {
439 if (newstates[cpu->cpu_index] == 's') {
440 trace_gdbstub_op_stepping(cpu->cpu_index);
441 cpu_single_step(cpu, sstep_flags);
442 }
443 }
444 s->running_state = 1;
445 #else
446 int flag = 0;
447
448 if (!runstate_needs_reset()) {
449 if (vm_prepare_start()) {
450 return 0;
451 }
452
453 CPU_FOREACH(cpu) {
454 switch (newstates[cpu->cpu_index]) {
455 case 0:
456 case 1:
457 break; /* nothing to do here */
458 case 's':
459 trace_gdbstub_op_stepping(cpu->cpu_index);
460 cpu_single_step(cpu, sstep_flags);
461 cpu_resume(cpu);
462 flag = 1;
463 break;
464 case 'c':
465 trace_gdbstub_op_continue_cpu(cpu->cpu_index);
466 cpu_resume(cpu);
467 flag = 1;
468 break;
469 default:
470 res = -1;
471 break;
472 }
473 }
474 }
475 if (flag) {
476 qemu_clock_enable(QEMU_CLOCK_VIRTUAL, true);
477 }
478 #endif
479 return res;
480 }
481
482 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
483 {
484 #ifdef CONFIG_USER_ONLY
485 int ret;
486
487 while (len > 0) {
488 ret = send(s->fd, buf, len, 0);
489 if (ret < 0) {
490 if (errno != EINTR)
491 return;
492 } else {
493 buf += ret;
494 len -= ret;
495 }
496 }
497 #else
498 /* XXX this blocks entire thread. Rewrite to use
499 * qemu_chr_fe_write and background I/O callbacks */
500 qemu_chr_fe_write_all(&s->chr, buf, len);
501 #endif
502 }
503
504 static inline int fromhex(int v)
505 {
506 if (v >= '0' && v <= '9')
507 return v - '0';
508 else if (v >= 'A' && v <= 'F')
509 return v - 'A' + 10;
510 else if (v >= 'a' && v <= 'f')
511 return v - 'a' + 10;
512 else
513 return 0;
514 }
515
516 static inline int tohex(int v)
517 {
518 if (v < 10)
519 return v + '0';
520 else
521 return v - 10 + 'a';
522 }
523
524 /* writes 2*len+1 bytes in buf */
525 static void memtohex(char *buf, const uint8_t *mem, int len)
526 {
527 int i, c;
528 char *q;
529 q = buf;
530 for(i = 0; i < len; i++) {
531 c = mem[i];
532 *q++ = tohex(c >> 4);
533 *q++ = tohex(c & 0xf);
534 }
535 *q = '\0';
536 }
537
538 static void hextomem(uint8_t *mem, const char *buf, int len)
539 {
540 int i;
541
542 for(i = 0; i < len; i++) {
543 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
544 buf += 2;
545 }
546 }
547
548 static void hexdump(const char *buf, int len,
549 void (*trace_fn)(size_t ofs, char const *text))
550 {
551 char line_buffer[3 * 16 + 4 + 16 + 1];
552
553 size_t i;
554 for (i = 0; i < len || (i & 0xF); ++i) {
555 size_t byte_ofs = i & 15;
556
557 if (byte_ofs == 0) {
558 memset(line_buffer, ' ', 3 * 16 + 4 + 16);
559 line_buffer[3 * 16 + 4 + 16] = 0;
560 }
561
562 size_t col_group = (i >> 2) & 3;
563 size_t hex_col = byte_ofs * 3 + col_group;
564 size_t txt_col = 3 * 16 + 4 + byte_ofs;
565
566 if (i < len) {
567 char value = buf[i];
568
569 line_buffer[hex_col + 0] = tohex((value >> 4) & 0xF);
570 line_buffer[hex_col + 1] = tohex((value >> 0) & 0xF);
571 line_buffer[txt_col + 0] = (value >= ' ' && value < 127)
572 ? value
573 : '.';
574 }
575
576 if (byte_ofs == 0xF)
577 trace_fn(i & -16, line_buffer);
578 }
579 }
580
581 /* return -1 if error, 0 if OK */
582 static int put_packet_binary(GDBState *s, const char *buf, int len, bool dump)
583 {
584 int csum, i;
585 uint8_t *p;
586
587 if (dump && trace_event_get_state_backends(TRACE_GDBSTUB_IO_BINARYREPLY)) {
588 hexdump(buf, len, trace_gdbstub_io_binaryreply);
589 }
590
591 for(;;) {
592 p = s->last_packet;
593 *(p++) = '$';
594 memcpy(p, buf, len);
595 p += len;
596 csum = 0;
597 for(i = 0; i < len; i++) {
598 csum += buf[i];
599 }
600 *(p++) = '#';
601 *(p++) = tohex((csum >> 4) & 0xf);
602 *(p++) = tohex((csum) & 0xf);
603
604 s->last_packet_len = p - s->last_packet;
605 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
606
607 #ifdef CONFIG_USER_ONLY
608 i = get_char(s);
609 if (i < 0)
610 return -1;
611 if (i == '+')
612 break;
613 #else
614 break;
615 #endif
616 }
617 return 0;
618 }
619
620 /* return -1 if error, 0 if OK */
621 static int put_packet(GDBState *s, const char *buf)
622 {
623 trace_gdbstub_io_reply(buf);
624
625 return put_packet_binary(s, buf, strlen(buf), false);
626 }
627
628 /* Encode data using the encoding for 'x' packets. */
629 static int memtox(char *buf, const char *mem, int len)
630 {
631 char *p = buf;
632 char c;
633
634 while (len--) {
635 c = *(mem++);
636 switch (c) {
637 case '#': case '$': case '*': case '}':
638 *(p++) = '}';
639 *(p++) = c ^ 0x20;
640 break;
641 default:
642 *(p++) = c;
643 break;
644 }
645 }
646 return p - buf;
647 }
648
649 static uint32_t gdb_get_cpu_pid(const GDBState *s, CPUState *cpu)
650 {
651 /* TODO: In user mode, we should use the task state PID */
652 if (cpu->cluster_index == UNASSIGNED_CLUSTER_INDEX) {
653 /* Return the default process' PID */
654 return s->processes[s->process_num - 1].pid;
655 }
656 return cpu->cluster_index + 1;
657 }
658
659 static GDBProcess *gdb_get_process(const GDBState *s, uint32_t pid)
660 {
661 int i;
662
663 if (!pid) {
664 /* 0 means any process, we take the first one */
665 return &s->processes[0];
666 }
667
668 for (i = 0; i < s->process_num; i++) {
669 if (s->processes[i].pid == pid) {
670 return &s->processes[i];
671 }
672 }
673
674 return NULL;
675 }
676
677 static GDBProcess *gdb_get_cpu_process(const GDBState *s, CPUState *cpu)
678 {
679 return gdb_get_process(s, gdb_get_cpu_pid(s, cpu));
680 }
681
682 static CPUState *find_cpu(uint32_t thread_id)
683 {
684 CPUState *cpu;
685
686 CPU_FOREACH(cpu) {
687 if (cpu_gdb_index(cpu) == thread_id) {
688 return cpu;
689 }
690 }
691
692 return NULL;
693 }
694
695 static CPUState *get_first_cpu_in_process(const GDBState *s,
696 GDBProcess *process)
697 {
698 CPUState *cpu;
699
700 CPU_FOREACH(cpu) {
701 if (gdb_get_cpu_pid(s, cpu) == process->pid) {
702 return cpu;
703 }
704 }
705
706 return NULL;
707 }
708
709 static CPUState *gdb_next_cpu_in_process(const GDBState *s, CPUState *cpu)
710 {
711 uint32_t pid = gdb_get_cpu_pid(s, cpu);
712 cpu = CPU_NEXT(cpu);
713
714 while (cpu) {
715 if (gdb_get_cpu_pid(s, cpu) == pid) {
716 break;
717 }
718
719 cpu = CPU_NEXT(cpu);
720 }
721
722 return cpu;
723 }
724
725 /* Return the cpu following @cpu, while ignoring unattached processes. */
726 static CPUState *gdb_next_attached_cpu(const GDBState *s, CPUState *cpu)
727 {
728 cpu = CPU_NEXT(cpu);
729
730 while (cpu) {
731 if (gdb_get_cpu_process(s, cpu)->attached) {
732 break;
733 }
734
735 cpu = CPU_NEXT(cpu);
736 }
737
738 return cpu;
739 }
740
741 /* Return the first attached cpu */
742 static CPUState *gdb_first_attached_cpu(const GDBState *s)
743 {
744 CPUState *cpu = first_cpu;
745 GDBProcess *process = gdb_get_cpu_process(s, cpu);
746
747 if (!process->attached) {
748 return gdb_next_attached_cpu(s, cpu);
749 }
750
751 return cpu;
752 }
753
754 static CPUState *gdb_get_cpu(const GDBState *s, uint32_t pid, uint32_t tid)
755 {
756 GDBProcess *process;
757 CPUState *cpu;
758
759 if (!pid && !tid) {
760 /* 0 means any process/thread, we take the first attached one */
761 return gdb_first_attached_cpu(s);
762 } else if (pid && !tid) {
763 /* any thread in a specific process */
764 process = gdb_get_process(s, pid);
765
766 if (process == NULL) {
767 return NULL;
768 }
769
770 if (!process->attached) {
771 return NULL;
772 }
773
774 return get_first_cpu_in_process(s, process);
775 } else {
776 /* a specific thread */
777 cpu = find_cpu(tid);
778
779 if (cpu == NULL) {
780 return NULL;
781 }
782
783 process = gdb_get_cpu_process(s, cpu);
784
785 if (pid && process->pid != pid) {
786 return NULL;
787 }
788
789 if (!process->attached) {
790 return NULL;
791 }
792
793 return cpu;
794 }
795 }
796
797 static const char *get_feature_xml(const GDBState *s, const char *p,
798 const char **newp, GDBProcess *process)
799 {
800 size_t len;
801 int i;
802 const char *name;
803 CPUState *cpu = get_first_cpu_in_process(s, process);
804 CPUClass *cc = CPU_GET_CLASS(cpu);
805
806 len = 0;
807 while (p[len] && p[len] != ':')
808 len++;
809 *newp = p + len;
810
811 name = NULL;
812 if (strncmp(p, "target.xml", len) == 0) {
813 char *buf = process->target_xml;
814 const size_t buf_sz = sizeof(process->target_xml);
815
816 /* Generate the XML description for this CPU. */
817 if (!buf[0]) {
818 GDBRegisterState *r;
819
820 pstrcat(buf, buf_sz,
821 "<?xml version=\"1.0\"?>"
822 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
823 "<target>");
824 if (cc->gdb_arch_name) {
825 gchar *arch = cc->gdb_arch_name(cpu);
826 pstrcat(buf, buf_sz, "<architecture>");
827 pstrcat(buf, buf_sz, arch);
828 pstrcat(buf, buf_sz, "</architecture>");
829 g_free(arch);
830 }
831 pstrcat(buf, buf_sz, "<xi:include href=\"");
832 pstrcat(buf, buf_sz, cc->gdb_core_xml_file);
833 pstrcat(buf, buf_sz, "\"/>");
834 for (r = cpu->gdb_regs; r; r = r->next) {
835 pstrcat(buf, buf_sz, "<xi:include href=\"");
836 pstrcat(buf, buf_sz, r->xml);
837 pstrcat(buf, buf_sz, "\"/>");
838 }
839 pstrcat(buf, buf_sz, "</target>");
840 }
841 return buf;
842 }
843 if (cc->gdb_get_dynamic_xml) {
844 char *xmlname = g_strndup(p, len);
845 const char *xml = cc->gdb_get_dynamic_xml(cpu, xmlname);
846
847 g_free(xmlname);
848 if (xml) {
849 return xml;
850 }
851 }
852 for (i = 0; ; i++) {
853 name = xml_builtin[i][0];
854 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
855 break;
856 }
857 return name ? xml_builtin[i][1] : NULL;
858 }
859
860 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
861 {
862 CPUClass *cc = CPU_GET_CLASS(cpu);
863 CPUArchState *env = cpu->env_ptr;
864 GDBRegisterState *r;
865
866 if (reg < cc->gdb_num_core_regs) {
867 return cc->gdb_read_register(cpu, mem_buf, reg);
868 }
869
870 for (r = cpu->gdb_regs; r; r = r->next) {
871 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
872 return r->get_reg(env, mem_buf, reg - r->base_reg);
873 }
874 }
875 return 0;
876 }
877
878 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
879 {
880 CPUClass *cc = CPU_GET_CLASS(cpu);
881 CPUArchState *env = cpu->env_ptr;
882 GDBRegisterState *r;
883
884 if (reg < cc->gdb_num_core_regs) {
885 return cc->gdb_write_register(cpu, mem_buf, reg);
886 }
887
888 for (r = cpu->gdb_regs; r; r = r->next) {
889 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
890 return r->set_reg(env, mem_buf, reg - r->base_reg);
891 }
892 }
893 return 0;
894 }
895
896 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
897 specifies the first register number and these registers are included in
898 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
899 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
900 */
901
902 void gdb_register_coprocessor(CPUState *cpu,
903 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
904 int num_regs, const char *xml, int g_pos)
905 {
906 GDBRegisterState *s;
907 GDBRegisterState **p;
908
909 p = &cpu->gdb_regs;
910 while (*p) {
911 /* Check for duplicates. */
912 if (strcmp((*p)->xml, xml) == 0)
913 return;
914 p = &(*p)->next;
915 }
916
917 s = g_new0(GDBRegisterState, 1);
918 s->base_reg = cpu->gdb_num_regs;
919 s->num_regs = num_regs;
920 s->get_reg = get_reg;
921 s->set_reg = set_reg;
922 s->xml = xml;
923
924 /* Add to end of list. */
925 cpu->gdb_num_regs += num_regs;
926 *p = s;
927 if (g_pos) {
928 if (g_pos != s->base_reg) {
929 error_report("Error: Bad gdb register numbering for '%s', "
930 "expected %d got %d", xml, g_pos, s->base_reg);
931 } else {
932 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
933 }
934 }
935 }
936
937 #ifndef CONFIG_USER_ONLY
938 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
939 static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
940 {
941 static const int xlat[] = {
942 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
943 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
944 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
945 };
946
947 CPUClass *cc = CPU_GET_CLASS(cpu);
948 int cputype = xlat[gdbtype];
949
950 if (cc->gdb_stop_before_watchpoint) {
951 cputype |= BP_STOP_BEFORE_ACCESS;
952 }
953 return cputype;
954 }
955 #endif
956
957 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
958 {
959 CPUState *cpu;
960 int err = 0;
961
962 if (kvm_enabled()) {
963 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
964 }
965
966 switch (type) {
967 case GDB_BREAKPOINT_SW:
968 case GDB_BREAKPOINT_HW:
969 CPU_FOREACH(cpu) {
970 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
971 if (err) {
972 break;
973 }
974 }
975 return err;
976 #ifndef CONFIG_USER_ONLY
977 case GDB_WATCHPOINT_WRITE:
978 case GDB_WATCHPOINT_READ:
979 case GDB_WATCHPOINT_ACCESS:
980 CPU_FOREACH(cpu) {
981 err = cpu_watchpoint_insert(cpu, addr, len,
982 xlat_gdb_type(cpu, type), NULL);
983 if (err) {
984 break;
985 }
986 }
987 return err;
988 #endif
989 default:
990 return -ENOSYS;
991 }
992 }
993
994 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
995 {
996 CPUState *cpu;
997 int err = 0;
998
999 if (kvm_enabled()) {
1000 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
1001 }
1002
1003 switch (type) {
1004 case GDB_BREAKPOINT_SW:
1005 case GDB_BREAKPOINT_HW:
1006 CPU_FOREACH(cpu) {
1007 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
1008 if (err) {
1009 break;
1010 }
1011 }
1012 return err;
1013 #ifndef CONFIG_USER_ONLY
1014 case GDB_WATCHPOINT_WRITE:
1015 case GDB_WATCHPOINT_READ:
1016 case GDB_WATCHPOINT_ACCESS:
1017 CPU_FOREACH(cpu) {
1018 err = cpu_watchpoint_remove(cpu, addr, len,
1019 xlat_gdb_type(cpu, type));
1020 if (err)
1021 break;
1022 }
1023 return err;
1024 #endif
1025 default:
1026 return -ENOSYS;
1027 }
1028 }
1029
1030 static inline void gdb_cpu_breakpoint_remove_all(CPUState *cpu)
1031 {
1032 cpu_breakpoint_remove_all(cpu, BP_GDB);
1033 #ifndef CONFIG_USER_ONLY
1034 cpu_watchpoint_remove_all(cpu, BP_GDB);
1035 #endif
1036 }
1037
1038 static void gdb_process_breakpoint_remove_all(const GDBState *s, GDBProcess *p)
1039 {
1040 CPUState *cpu = get_first_cpu_in_process(s, p);
1041
1042 while (cpu) {
1043 gdb_cpu_breakpoint_remove_all(cpu);
1044 cpu = gdb_next_cpu_in_process(s, cpu);
1045 }
1046 }
1047
1048 static void gdb_breakpoint_remove_all(void)
1049 {
1050 CPUState *cpu;
1051
1052 if (kvm_enabled()) {
1053 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
1054 return;
1055 }
1056
1057 CPU_FOREACH(cpu) {
1058 gdb_cpu_breakpoint_remove_all(cpu);
1059 }
1060 }
1061
1062 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
1063 {
1064 CPUState *cpu = s->c_cpu;
1065
1066 cpu_synchronize_state(cpu);
1067 cpu_set_pc(cpu, pc);
1068 }
1069
1070 static char *gdb_fmt_thread_id(const GDBState *s, CPUState *cpu,
1071 char *buf, size_t buf_size)
1072 {
1073 if (s->multiprocess) {
1074 snprintf(buf, buf_size, "p%02x.%02x",
1075 gdb_get_cpu_pid(s, cpu), cpu_gdb_index(cpu));
1076 } else {
1077 snprintf(buf, buf_size, "%02x", cpu_gdb_index(cpu));
1078 }
1079
1080 return buf;
1081 }
1082
1083 typedef enum GDBThreadIdKind {
1084 GDB_ONE_THREAD = 0,
1085 GDB_ALL_THREADS, /* One process, all threads */
1086 GDB_ALL_PROCESSES,
1087 GDB_READ_THREAD_ERR
1088 } GDBThreadIdKind;
1089
1090 static GDBThreadIdKind read_thread_id(const char *buf, const char **end_buf,
1091 uint32_t *pid, uint32_t *tid)
1092 {
1093 unsigned long p, t;
1094 int ret;
1095
1096 if (*buf == 'p') {
1097 buf++;
1098 ret = qemu_strtoul(buf, &buf, 16, &p);
1099
1100 if (ret) {
1101 return GDB_READ_THREAD_ERR;
1102 }
1103
1104 /* Skip '.' */
1105 buf++;
1106 } else {
1107 p = 1;
1108 }
1109
1110 ret = qemu_strtoul(buf, &buf, 16, &t);
1111
1112 if (ret) {
1113 return GDB_READ_THREAD_ERR;
1114 }
1115
1116 *end_buf = buf;
1117
1118 if (p == -1) {
1119 return GDB_ALL_PROCESSES;
1120 }
1121
1122 if (pid) {
1123 *pid = p;
1124 }
1125
1126 if (t == -1) {
1127 return GDB_ALL_THREADS;
1128 }
1129
1130 if (tid) {
1131 *tid = t;
1132 }
1133
1134 return GDB_ONE_THREAD;
1135 }
1136
1137 static int is_query_packet(const char *p, const char *query, char separator)
1138 {
1139 unsigned int query_len = strlen(query);
1140
1141 return strncmp(p, query, query_len) == 0 &&
1142 (p[query_len] == '\0' || p[query_len] == separator);
1143 }
1144
1145 /**
1146 * gdb_handle_vcont - Parses and handles a vCont packet.
1147 * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
1148 * a format error, 0 on success.
1149 */
1150 static int gdb_handle_vcont(GDBState *s, const char *p)
1151 {
1152 int res, signal = 0;
1153 char cur_action;
1154 char *newstates;
1155 unsigned long tmp;
1156 uint32_t pid, tid;
1157 GDBProcess *process;
1158 CPUState *cpu;
1159 GDBThreadIdKind kind;
1160 #ifdef CONFIG_USER_ONLY
1161 int max_cpus = 1; /* global variable max_cpus exists only in system mode */
1162
1163 CPU_FOREACH(cpu) {
1164 max_cpus = max_cpus <= cpu->cpu_index ? cpu->cpu_index + 1 : max_cpus;
1165 }
1166 #endif
1167 /* uninitialised CPUs stay 0 */
1168 newstates = g_new0(char, max_cpus);
1169
1170 /* mark valid CPUs with 1 */
1171 CPU_FOREACH(cpu) {
1172 newstates[cpu->cpu_index] = 1;
1173 }
1174
1175 /*
1176 * res keeps track of what error we are returning, with -ENOTSUP meaning
1177 * that the command is unknown or unsupported, thus returning an empty
1178 * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
1179 * or incorrect parameters passed.
1180 */
1181 res = 0;
1182 while (*p) {
1183 if (*p++ != ';') {
1184 res = -ENOTSUP;
1185 goto out;
1186 }
1187
1188 cur_action = *p++;
1189 if (cur_action == 'C' || cur_action == 'S') {
1190 cur_action = qemu_tolower(cur_action);
1191 res = qemu_strtoul(p + 1, &p, 16, &tmp);
1192 if (res) {
1193 goto out;
1194 }
1195 signal = gdb_signal_to_target(tmp);
1196 } else if (cur_action != 'c' && cur_action != 's') {
1197 /* unknown/invalid/unsupported command */
1198 res = -ENOTSUP;
1199 goto out;
1200 }
1201
1202 if (*p == '\0' || *p == ';') {
1203 /*
1204 * No thread specifier, action is on "all threads". The
1205 * specification is unclear regarding the process to act on. We
1206 * choose all processes.
1207 */
1208 kind = GDB_ALL_PROCESSES;
1209 } else if (*p++ == ':') {
1210 kind = read_thread_id(p, &p, &pid, &tid);
1211 } else {
1212 res = -ENOTSUP;
1213 goto out;
1214 }
1215
1216 switch (kind) {
1217 case GDB_READ_THREAD_ERR:
1218 res = -EINVAL;
1219 goto out;
1220
1221 case GDB_ALL_PROCESSES:
1222 cpu = gdb_first_attached_cpu(s);
1223 while (cpu) {
1224 if (newstates[cpu->cpu_index] == 1) {
1225 newstates[cpu->cpu_index] = cur_action;
1226 }
1227
1228 cpu = gdb_next_attached_cpu(s, cpu);
1229 }
1230 break;
1231
1232 case GDB_ALL_THREADS:
1233 process = gdb_get_process(s, pid);
1234
1235 if (!process->attached) {
1236 res = -EINVAL;
1237 goto out;
1238 }
1239
1240 cpu = get_first_cpu_in_process(s, process);
1241 while (cpu) {
1242 if (newstates[cpu->cpu_index] == 1) {
1243 newstates[cpu->cpu_index] = cur_action;
1244 }
1245
1246 cpu = gdb_next_cpu_in_process(s, cpu);
1247 }
1248 break;
1249
1250 case GDB_ONE_THREAD:
1251 cpu = gdb_get_cpu(s, pid, tid);
1252
1253 /* invalid CPU/thread specified */
1254 if (!cpu) {
1255 res = -EINVAL;
1256 goto out;
1257 }
1258
1259 /* only use if no previous match occourred */
1260 if (newstates[cpu->cpu_index] == 1) {
1261 newstates[cpu->cpu_index] = cur_action;
1262 }
1263 break;
1264 }
1265 }
1266 s->signal = signal;
1267 gdb_continue_partial(s, newstates);
1268
1269 out:
1270 g_free(newstates);
1271
1272 return res;
1273 }
1274
1275 typedef union GdbCmdVariant {
1276 const char *data;
1277 uint8_t opcode;
1278 unsigned long val_ul;
1279 unsigned long long val_ull;
1280 struct {
1281 GDBThreadIdKind kind;
1282 uint32_t pid;
1283 uint32_t tid;
1284 } thread_id;
1285 } GdbCmdVariant;
1286
1287 static const char *cmd_next_param(const char *param, const char delimiter)
1288 {
1289 static const char all_delimiters[] = ",;:=";
1290 char curr_delimiters[2] = {0};
1291 const char *delimiters;
1292
1293 if (delimiter == '?') {
1294 delimiters = all_delimiters;
1295 } else if (delimiter == '0') {
1296 return strchr(param, '\0');
1297 } else if (delimiter == '.' && *param) {
1298 return param + 1;
1299 } else {
1300 curr_delimiters[0] = delimiter;
1301 delimiters = curr_delimiters;
1302 }
1303
1304 param += strcspn(param, delimiters);
1305 if (*param) {
1306 param++;
1307 }
1308 return param;
1309 }
1310
1311 static int cmd_parse_params(const char *data, const char *schema,
1312 GdbCmdVariant *params, int *num_params)
1313 {
1314 int curr_param;
1315 const char *curr_schema, *curr_data;
1316
1317 *num_params = 0;
1318
1319 if (!schema) {
1320 return 0;
1321 }
1322
1323 curr_schema = schema;
1324 curr_param = 0;
1325 curr_data = data;
1326 while (curr_schema[0] && curr_schema[1] && *curr_data) {
1327 switch (curr_schema[0]) {
1328 case 'l':
1329 if (qemu_strtoul(curr_data, &curr_data, 16,
1330 &params[curr_param].val_ul)) {
1331 return -EINVAL;
1332 }
1333 curr_param++;
1334 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1335 break;
1336 case 'L':
1337 if (qemu_strtou64(curr_data, &curr_data, 16,
1338 (uint64_t *)&params[curr_param].val_ull)) {
1339 return -EINVAL;
1340 }
1341 curr_param++;
1342 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1343 break;
1344 case 's':
1345 params[curr_param].data = curr_data;
1346 curr_param++;
1347 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1348 break;
1349 case 'o':
1350 params[curr_param].opcode = *(uint8_t *)curr_data;
1351 curr_param++;
1352 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1353 break;
1354 case 't':
1355 params[curr_param].thread_id.kind =
1356 read_thread_id(curr_data, &curr_data,
1357 &params[curr_param].thread_id.pid,
1358 &params[curr_param].thread_id.tid);
1359 curr_param++;
1360 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1361 break;
1362 case '?':
1363 curr_data = cmd_next_param(curr_data, curr_schema[1]);
1364 break;
1365 default:
1366 return -EINVAL;
1367 }
1368 curr_schema += 2;
1369 }
1370
1371 *num_params = curr_param;
1372 return 0;
1373 }
1374
1375 typedef struct GdbCmdContext {
1376 GDBState *s;
1377 GdbCmdVariant *params;
1378 int num_params;
1379 uint8_t mem_buf[MAX_PACKET_LENGTH];
1380 char str_buf[MAX_PACKET_LENGTH + 1];
1381 } GdbCmdContext;
1382
1383 typedef void (*GdbCmdHandler)(GdbCmdContext *gdb_ctx, void *user_ctx);
1384
1385 /*
1386 * cmd_startswith -> cmd is compared using startswith
1387 *
1388 *
1389 * schema definitions:
1390 * Each schema parameter entry consists of 2 chars,
1391 * the first char represents the parameter type handling
1392 * the second char represents the delimiter for the next parameter
1393 *
1394 * Currently supported schema types:
1395 * 'l' -> unsigned long (stored in .val_ul)
1396 * 'L' -> unsigned long long (stored in .val_ull)
1397 * 's' -> string (stored in .data)
1398 * 'o' -> single char (stored in .opcode)
1399 * 't' -> thread id (stored in .thread_id)
1400 * '?' -> skip according to delimiter
1401 *
1402 * Currently supported delimiters:
1403 * '?' -> Stop at any delimiter (",;:=\0")
1404 * '0' -> Stop at "\0"
1405 * '.' -> Skip 1 char unless reached "\0"
1406 * Any other value is treated as the delimiter value itself
1407 */
1408 typedef struct GdbCmdParseEntry {
1409 GdbCmdHandler handler;
1410 const char *cmd;
1411 bool cmd_startswith;
1412 const char *schema;
1413 } GdbCmdParseEntry;
1414
1415 static inline int startswith(const char *string, const char *pattern)
1416 {
1417 return !strncmp(string, pattern, strlen(pattern));
1418 }
1419
1420 static int process_string_cmd(GDBState *s, void *user_ctx, const char *data,
1421 const GdbCmdParseEntry *cmds, int num_cmds)
1422 {
1423 int i, schema_len, max_num_params = 0;
1424 GdbCmdContext gdb_ctx;
1425
1426 if (!cmds) {
1427 return -1;
1428 }
1429
1430 for (i = 0; i < num_cmds; i++) {
1431 const GdbCmdParseEntry *cmd = &cmds[i];
1432 g_assert(cmd->handler && cmd->cmd);
1433
1434 if ((cmd->cmd_startswith && !startswith(data, cmd->cmd)) ||
1435 (!cmd->cmd_startswith && strcmp(cmd->cmd, data))) {
1436 continue;
1437 }
1438
1439 if (cmd->schema) {
1440 schema_len = strlen(cmd->schema);
1441 if (schema_len % 2) {
1442 return -2;
1443 }
1444
1445 max_num_params = schema_len / 2;
1446 }
1447
1448 gdb_ctx.params =
1449 (GdbCmdVariant *)alloca(sizeof(*gdb_ctx.params) * max_num_params);
1450 memset(gdb_ctx.params, 0, sizeof(*gdb_ctx.params) * max_num_params);
1451
1452 if (cmd_parse_params(&data[strlen(cmd->cmd)], cmd->schema,
1453 gdb_ctx.params, &gdb_ctx.num_params)) {
1454 return -1;
1455 }
1456
1457 gdb_ctx.s = s;
1458 cmd->handler(&gdb_ctx, user_ctx);
1459 return 0;
1460 }
1461
1462 return -1;
1463 }
1464
1465 static void run_cmd_parser(GDBState *s, const char *data,
1466 const GdbCmdParseEntry *cmd)
1467 {
1468 if (!data) {
1469 return;
1470 }
1471
1472 /* In case there was an error during the command parsing we must
1473 * send a NULL packet to indicate the command is not supported */
1474 if (process_string_cmd(s, NULL, data, cmd, 1)) {
1475 put_packet(s, "");
1476 }
1477 }
1478
1479 static void handle_detach(GdbCmdContext *gdb_ctx, void *user_ctx)
1480 {
1481 GDBProcess *process;
1482 GDBState *s = gdb_ctx->s;
1483 uint32_t pid = 1;
1484
1485 if (s->multiprocess) {
1486 if (!gdb_ctx->num_params) {
1487 put_packet(s, "E22");
1488 return;
1489 }
1490
1491 pid = gdb_ctx->params[0].val_ul;
1492 }
1493
1494 process = gdb_get_process(s, pid);
1495 gdb_process_breakpoint_remove_all(s, process);
1496 process->attached = false;
1497
1498 if (pid == gdb_get_cpu_pid(s, s->c_cpu)) {
1499 s->c_cpu = gdb_first_attached_cpu(s);
1500 }
1501
1502 if (pid == gdb_get_cpu_pid(s, s->g_cpu)) {
1503 s->g_cpu = gdb_first_attached_cpu(s);
1504 }
1505
1506 if (!s->c_cpu) {
1507 /* No more process attached */
1508 gdb_syscall_mode = GDB_SYS_DISABLED;
1509 gdb_continue(s);
1510 }
1511 put_packet(s, "OK");
1512 }
1513
1514 static void handle_thread_alive(GdbCmdContext *gdb_ctx, void *user_ctx)
1515 {
1516 CPUState *cpu;
1517
1518 if (!gdb_ctx->num_params) {
1519 put_packet(gdb_ctx->s, "E22");
1520 return;
1521 }
1522
1523 if (gdb_ctx->params[0].thread_id.kind == GDB_READ_THREAD_ERR) {
1524 put_packet(gdb_ctx->s, "E22");
1525 return;
1526 }
1527
1528 cpu = gdb_get_cpu(gdb_ctx->s, gdb_ctx->params[0].thread_id.pid,
1529 gdb_ctx->params[0].thread_id.tid);
1530 if (!cpu) {
1531 put_packet(gdb_ctx->s, "E22");
1532 return;
1533 }
1534
1535 put_packet(gdb_ctx->s, "OK");
1536 }
1537
1538 static void handle_continue(GdbCmdContext *gdb_ctx, void *user_ctx)
1539 {
1540 if (gdb_ctx->num_params) {
1541 gdb_set_cpu_pc(gdb_ctx->s, gdb_ctx->params[0].val_ull);
1542 }
1543
1544 gdb_ctx->s->signal = 0;
1545 gdb_continue(gdb_ctx->s);
1546 }
1547
1548 static int gdb_handle_packet(GDBState *s, const char *line_buf)
1549 {
1550 CPUState *cpu;
1551 GDBProcess *process;
1552 CPUClass *cc;
1553 const char *p;
1554 uint32_t pid, tid;
1555 int ch, reg_size, type, res;
1556 uint8_t mem_buf[MAX_PACKET_LENGTH];
1557 char buf[sizeof(mem_buf) + 1 /* trailing NUL */];
1558 char thread_id[16];
1559 uint8_t *registers;
1560 target_ulong addr, len;
1561 GDBThreadIdKind thread_kind;
1562 const GdbCmdParseEntry *cmd_parser = NULL;
1563
1564 trace_gdbstub_io_command(line_buf);
1565
1566 p = line_buf;
1567 ch = *p++;
1568 switch(ch) {
1569 case '!':
1570 put_packet(s, "OK");
1571 break;
1572 case '?':
1573 /* TODO: Make this return the correct value for user-mode. */
1574 snprintf(buf, sizeof(buf), "T%02xthread:%s;", GDB_SIGNAL_TRAP,
1575 gdb_fmt_thread_id(s, s->c_cpu, thread_id, sizeof(thread_id)));
1576 put_packet(s, buf);
1577 /* Remove all the breakpoints when this query is issued,
1578 * because gdb is doing and initial connect and the state
1579 * should be cleaned up.
1580 */
1581 gdb_breakpoint_remove_all();
1582 break;
1583 case 'c':
1584 {
1585 static const GdbCmdParseEntry continue_cmd_desc = {
1586 .handler = handle_continue,
1587 .cmd = "c",
1588 .cmd_startswith = 1,
1589 .schema = "L0"
1590 };
1591 cmd_parser = &continue_cmd_desc;
1592 }
1593 break;
1594 case 'C':
1595 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
1596 if (s->signal == -1)
1597 s->signal = 0;
1598 gdb_continue(s);
1599 return RS_IDLE;
1600 case 'v':
1601 if (strncmp(p, "Cont", 4) == 0) {
1602 p += 4;
1603 if (*p == '?') {
1604 put_packet(s, "vCont;c;C;s;S");
1605 break;
1606 }
1607
1608 res = gdb_handle_vcont(s, p);
1609
1610 if (res) {
1611 if ((res == -EINVAL) || (res == -ERANGE)) {
1612 put_packet(s, "E22");
1613 break;
1614 }
1615 goto unknown_command;
1616 }
1617 break;
1618 } else if (strncmp(p, "Attach;", 7) == 0) {
1619 unsigned long pid;
1620
1621 p += 7;
1622
1623 if (qemu_strtoul(p, &p, 16, &pid)) {
1624 put_packet(s, "E22");
1625 break;
1626 }
1627
1628 process = gdb_get_process(s, pid);
1629
1630 if (process == NULL) {
1631 put_packet(s, "E22");
1632 break;
1633 }
1634
1635 cpu = get_first_cpu_in_process(s, process);
1636
1637 if (cpu == NULL) {
1638 /* Refuse to attach an empty process */
1639 put_packet(s, "E22");
1640 break;
1641 }
1642
1643 process->attached = true;
1644
1645 s->g_cpu = cpu;
1646 s->c_cpu = cpu;
1647
1648 snprintf(buf, sizeof(buf), "T%02xthread:%s;", GDB_SIGNAL_TRAP,
1649 gdb_fmt_thread_id(s, cpu, thread_id, sizeof(thread_id)));
1650
1651 put_packet(s, buf);
1652 break;
1653 } else if (strncmp(p, "Kill;", 5) == 0) {
1654 /* Kill the target */
1655 put_packet(s, "OK");
1656 error_report("QEMU: Terminated via GDBstub");
1657 exit(0);
1658 } else {
1659 goto unknown_command;
1660 }
1661 case 'k':
1662 /* Kill the target */
1663 error_report("QEMU: Terminated via GDBstub");
1664 exit(0);
1665 case 'D':
1666 {
1667 static const GdbCmdParseEntry detach_cmd_desc = {
1668 .handler = handle_detach,
1669 .cmd = "D",
1670 .cmd_startswith = 1,
1671 .schema = "?.l0"
1672 };
1673 cmd_parser = &detach_cmd_desc;
1674 }
1675 break;
1676 case 's':
1677 if (*p != '\0') {
1678 addr = strtoull(p, (char **)&p, 16);
1679 gdb_set_cpu_pc(s, addr);
1680 }
1681 cpu_single_step(s->c_cpu, sstep_flags);
1682 gdb_continue(s);
1683 return RS_IDLE;
1684 case 'F':
1685 {
1686 target_ulong ret;
1687 target_ulong err;
1688
1689 ret = strtoull(p, (char **)&p, 16);
1690 if (*p == ',') {
1691 p++;
1692 err = strtoull(p, (char **)&p, 16);
1693 } else {
1694 err = 0;
1695 }
1696 if (*p == ',')
1697 p++;
1698 type = *p;
1699 if (s->current_syscall_cb) {
1700 s->current_syscall_cb(s->c_cpu, ret, err);
1701 s->current_syscall_cb = NULL;
1702 }
1703 if (type == 'C') {
1704 put_packet(s, "T02");
1705 } else {
1706 gdb_continue(s);
1707 }
1708 }
1709 break;
1710 case 'g':
1711 cpu_synchronize_state(s->g_cpu);
1712 len = 0;
1713 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs; addr++) {
1714 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
1715 len += reg_size;
1716 }
1717 memtohex(buf, mem_buf, len);
1718 put_packet(s, buf);
1719 break;
1720 case 'G':
1721 cpu_synchronize_state(s->g_cpu);
1722 registers = mem_buf;
1723 len = strlen(p) / 2;
1724 hextomem((uint8_t *)registers, p, len);
1725 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs && len > 0; addr++) {
1726 reg_size = gdb_write_register(s->g_cpu, registers, addr);
1727 len -= reg_size;
1728 registers += reg_size;
1729 }
1730 put_packet(s, "OK");
1731 break;
1732 case 'm':
1733 addr = strtoull(p, (char **)&p, 16);
1734 if (*p == ',')
1735 p++;
1736 len = strtoull(p, NULL, 16);
1737
1738 /* memtohex() doubles the required space */
1739 if (len > MAX_PACKET_LENGTH / 2) {
1740 put_packet (s, "E22");
1741 break;
1742 }
1743
1744 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
1745 put_packet (s, "E14");
1746 } else {
1747 memtohex(buf, mem_buf, len);
1748 put_packet(s, buf);
1749 }
1750 break;
1751 case 'M':
1752 addr = strtoull(p, (char **)&p, 16);
1753 if (*p == ',')
1754 p++;
1755 len = strtoull(p, (char **)&p, 16);
1756 if (*p == ':')
1757 p++;
1758
1759 /* hextomem() reads 2*len bytes */
1760 if (len > strlen(p) / 2) {
1761 put_packet (s, "E22");
1762 break;
1763 }
1764 hextomem(mem_buf, p, len);
1765 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
1766 true) != 0) {
1767 put_packet(s, "E14");
1768 } else {
1769 put_packet(s, "OK");
1770 }
1771 break;
1772 case 'p':
1773 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1774 This works, but can be very slow. Anything new enough to
1775 understand XML also knows how to use this properly. */
1776 if (!gdb_has_xml)
1777 goto unknown_command;
1778 addr = strtoull(p, (char **)&p, 16);
1779 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1780 if (reg_size) {
1781 memtohex(buf, mem_buf, reg_size);
1782 put_packet(s, buf);
1783 } else {
1784 put_packet(s, "E14");
1785 }
1786 break;
1787 case 'P':
1788 if (!gdb_has_xml)
1789 goto unknown_command;
1790 addr = strtoull(p, (char **)&p, 16);
1791 if (*p == '=')
1792 p++;
1793 reg_size = strlen(p) / 2;
1794 hextomem(mem_buf, p, reg_size);
1795 gdb_write_register(s->g_cpu, mem_buf, addr);
1796 put_packet(s, "OK");
1797 break;
1798 case 'Z':
1799 case 'z':
1800 type = strtoul(p, (char **)&p, 16);
1801 if (*p == ',')
1802 p++;
1803 addr = strtoull(p, (char **)&p, 16);
1804 if (*p == ',')
1805 p++;
1806 len = strtoull(p, (char **)&p, 16);
1807 if (ch == 'Z')
1808 res = gdb_breakpoint_insert(addr, len, type);
1809 else
1810 res = gdb_breakpoint_remove(addr, len, type);
1811 if (res >= 0)
1812 put_packet(s, "OK");
1813 else if (res == -ENOSYS)
1814 put_packet(s, "");
1815 else
1816 put_packet(s, "E22");
1817 break;
1818 case 'H':
1819 type = *p++;
1820
1821 thread_kind = read_thread_id(p, &p, &pid, &tid);
1822 if (thread_kind == GDB_READ_THREAD_ERR) {
1823 put_packet(s, "E22");
1824 break;
1825 }
1826
1827 if (thread_kind != GDB_ONE_THREAD) {
1828 put_packet(s, "OK");
1829 break;
1830 }
1831 cpu = gdb_get_cpu(s, pid, tid);
1832 if (cpu == NULL) {
1833 put_packet(s, "E22");
1834 break;
1835 }
1836 switch (type) {
1837 case 'c':
1838 s->c_cpu = cpu;
1839 put_packet(s, "OK");
1840 break;
1841 case 'g':
1842 s->g_cpu = cpu;
1843 put_packet(s, "OK");
1844 break;
1845 default:
1846 put_packet(s, "E22");
1847 break;
1848 }
1849 break;
1850 case 'T':
1851 {
1852 static const GdbCmdParseEntry thread_alive_cmd_desc = {
1853 .handler = handle_thread_alive,
1854 .cmd = "T",
1855 .cmd_startswith = 1,
1856 .schema = "t0"
1857 };
1858 cmd_parser = &thread_alive_cmd_desc;
1859 }
1860 break;
1861 case 'q':
1862 case 'Q':
1863 /* parse any 'q' packets here */
1864 if (!strcmp(p,"qemu.sstepbits")) {
1865 /* Query Breakpoint bit definitions */
1866 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1867 SSTEP_ENABLE,
1868 SSTEP_NOIRQ,
1869 SSTEP_NOTIMER);
1870 put_packet(s, buf);
1871 break;
1872 } else if (is_query_packet(p, "qemu.sstep", '=')) {
1873 /* Display or change the sstep_flags */
1874 p += 10;
1875 if (*p != '=') {
1876 /* Display current setting */
1877 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1878 put_packet(s, buf);
1879 break;
1880 }
1881 p++;
1882 type = strtoul(p, (char **)&p, 16);
1883 sstep_flags = type;
1884 put_packet(s, "OK");
1885 break;
1886 } else if (strcmp(p,"C") == 0) {
1887 /*
1888 * "Current thread" remains vague in the spec, so always return
1889 * the first thread of the current process (gdb returns the
1890 * first thread).
1891 */
1892 cpu = get_first_cpu_in_process(s, gdb_get_cpu_process(s, s->g_cpu));
1893 snprintf(buf, sizeof(buf), "QC%s",
1894 gdb_fmt_thread_id(s, cpu, thread_id, sizeof(thread_id)));
1895 put_packet(s, buf);
1896 break;
1897 } else if (strcmp(p,"fThreadInfo") == 0) {
1898 s->query_cpu = gdb_first_attached_cpu(s);
1899 goto report_cpuinfo;
1900 } else if (strcmp(p,"sThreadInfo") == 0) {
1901 report_cpuinfo:
1902 if (s->query_cpu) {
1903 snprintf(buf, sizeof(buf), "m%s",
1904 gdb_fmt_thread_id(s, s->query_cpu,
1905 thread_id, sizeof(thread_id)));
1906 put_packet(s, buf);
1907 s->query_cpu = gdb_next_attached_cpu(s, s->query_cpu);
1908 } else
1909 put_packet(s, "l");
1910 break;
1911 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1912 if (read_thread_id(p + 16, &p, &pid, &tid) == GDB_READ_THREAD_ERR) {
1913 put_packet(s, "E22");
1914 break;
1915 }
1916 cpu = gdb_get_cpu(s, pid, tid);
1917 if (cpu != NULL) {
1918 cpu_synchronize_state(cpu);
1919
1920 if (s->multiprocess && (s->process_num > 1)) {
1921 /* Print the CPU model and name in multiprocess mode */
1922 ObjectClass *oc = object_get_class(OBJECT(cpu));
1923 const char *cpu_model = object_class_get_name(oc);
1924 char *cpu_name =
1925 object_get_canonical_path_component(OBJECT(cpu));
1926 len = snprintf((char *)mem_buf, sizeof(buf) / 2,
1927 "%s %s [%s]", cpu_model, cpu_name,
1928 cpu->halted ? "halted " : "running");
1929 g_free(cpu_name);
1930 } else {
1931 /* memtohex() doubles the required space */
1932 len = snprintf((char *)mem_buf, sizeof(buf) / 2,
1933 "CPU#%d [%s]", cpu->cpu_index,
1934 cpu->halted ? "halted " : "running");
1935 }
1936 trace_gdbstub_op_extra_info((char *)mem_buf);
1937 memtohex(buf, mem_buf, len);
1938 put_packet(s, buf);
1939 }
1940 break;
1941 }
1942 #ifdef CONFIG_USER_ONLY
1943 else if (strcmp(p, "Offsets") == 0) {
1944 TaskState *ts = s->c_cpu->opaque;
1945
1946 snprintf(buf, sizeof(buf),
1947 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1948 ";Bss=" TARGET_ABI_FMT_lx,
1949 ts->info->code_offset,
1950 ts->info->data_offset,
1951 ts->info->data_offset);
1952 put_packet(s, buf);
1953 break;
1954 }
1955 #else /* !CONFIG_USER_ONLY */
1956 else if (strncmp(p, "Rcmd,", 5) == 0) {
1957 int len = strlen(p + 5);
1958
1959 if ((len % 2) != 0) {
1960 put_packet(s, "E01");
1961 break;
1962 }
1963 len = len / 2;
1964 hextomem(mem_buf, p + 5, len);
1965 mem_buf[len++] = 0;
1966 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1967 put_packet(s, "OK");
1968 break;
1969 }
1970 #endif /* !CONFIG_USER_ONLY */
1971 if (is_query_packet(p, "Supported", ':')) {
1972 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1973 cc = CPU_GET_CLASS(first_cpu);
1974 if (cc->gdb_core_xml_file != NULL) {
1975 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1976 }
1977
1978 if (strstr(p, "multiprocess+")) {
1979 s->multiprocess = true;
1980 }
1981 pstrcat(buf, sizeof(buf), ";multiprocess+");
1982
1983 put_packet(s, buf);
1984 break;
1985 }
1986 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1987 const char *xml;
1988 target_ulong total_len;
1989
1990 process = gdb_get_cpu_process(s, s->g_cpu);
1991 cc = CPU_GET_CLASS(s->g_cpu);
1992 if (cc->gdb_core_xml_file == NULL) {
1993 goto unknown_command;
1994 }
1995
1996 gdb_has_xml = true;
1997 p += 19;
1998 xml = get_feature_xml(s, p, &p, process);
1999 if (!xml) {
2000 snprintf(buf, sizeof(buf), "E00");
2001 put_packet(s, buf);
2002 break;
2003 }
2004
2005 if (*p == ':')
2006 p++;
2007 addr = strtoul(p, (char **)&p, 16);
2008 if (*p == ',')
2009 p++;
2010 len = strtoul(p, (char **)&p, 16);
2011
2012 total_len = strlen(xml);
2013 if (addr > total_len) {
2014 snprintf(buf, sizeof(buf), "E00");
2015 put_packet(s, buf);
2016 break;
2017 }
2018 if (len > (MAX_PACKET_LENGTH - 5) / 2)
2019 len = (MAX_PACKET_LENGTH - 5) / 2;
2020 if (len < total_len - addr) {
2021 buf[0] = 'm';
2022 len = memtox(buf + 1, xml + addr, len);
2023 } else {
2024 buf[0] = 'l';
2025 len = memtox(buf + 1, xml + addr, total_len - addr);
2026 }
2027 put_packet_binary(s, buf, len + 1, true);
2028 break;
2029 }
2030 if (is_query_packet(p, "Attached", ':')) {
2031 put_packet(s, GDB_ATTACHED);
2032 break;
2033 }
2034 /* Unrecognised 'q' command. */
2035 goto unknown_command;
2036
2037 default:
2038 unknown_command:
2039 /* put empty packet */
2040 buf[0] = '\0';
2041 put_packet(s, buf);
2042 break;
2043 }
2044
2045 run_cmd_parser(s, line_buf, cmd_parser);
2046
2047 return RS_IDLE;
2048 }
2049
2050 void gdb_set_stop_cpu(CPUState *cpu)
2051 {
2052 GDBProcess *p = gdb_get_cpu_process(gdbserver_state, cpu);
2053
2054 if (!p->attached) {
2055 /*
2056 * Having a stop CPU corresponding to a process that is not attached
2057 * confuses GDB. So we ignore the request.
2058 */
2059 return;
2060 }
2061
2062 gdbserver_state->c_cpu = cpu;
2063 gdbserver_state->g_cpu = cpu;
2064 }
2065
2066 #ifndef CONFIG_USER_ONLY
2067 static void gdb_vm_state_change(void *opaque, int running, RunState state)
2068 {
2069 GDBState *s = gdbserver_state;
2070 CPUState *cpu = s->c_cpu;
2071 char buf[256];
2072 char thread_id[16];
2073 const char *type;
2074 int ret;
2075
2076 if (running || s->state == RS_INACTIVE) {
2077 return;
2078 }
2079 /* Is there a GDB syscall waiting to be sent? */
2080 if (s->current_syscall_cb) {
2081 put_packet(s, s->syscall_buf);
2082 return;
2083 }
2084
2085 if (cpu == NULL) {
2086 /* No process attached */
2087 return;
2088 }
2089
2090 gdb_fmt_thread_id(s, cpu, thread_id, sizeof(thread_id));
2091
2092 switch (state) {
2093 case RUN_STATE_DEBUG:
2094 if (cpu->watchpoint_hit) {
2095 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
2096 case BP_MEM_READ:
2097 type = "r";
2098 break;
2099 case BP_MEM_ACCESS:
2100 type = "a";
2101 break;
2102 default:
2103 type = "";
2104 break;
2105 }
2106 trace_gdbstub_hit_watchpoint(type, cpu_gdb_index(cpu),
2107 (target_ulong)cpu->watchpoint_hit->vaddr);
2108 snprintf(buf, sizeof(buf),
2109 "T%02xthread:%s;%swatch:" TARGET_FMT_lx ";",
2110 GDB_SIGNAL_TRAP, thread_id, type,
2111 (target_ulong)cpu->watchpoint_hit->vaddr);
2112 cpu->watchpoint_hit = NULL;
2113 goto send_packet;
2114 } else {
2115 trace_gdbstub_hit_break();
2116 }
2117 tb_flush(cpu);
2118 ret = GDB_SIGNAL_TRAP;
2119 break;
2120 case RUN_STATE_PAUSED:
2121 trace_gdbstub_hit_paused();
2122 ret = GDB_SIGNAL_INT;
2123 break;
2124 case RUN_STATE_SHUTDOWN:
2125 trace_gdbstub_hit_shutdown();
2126 ret = GDB_SIGNAL_QUIT;
2127 break;
2128 case RUN_STATE_IO_ERROR:
2129 trace_gdbstub_hit_io_error();
2130 ret = GDB_SIGNAL_IO;
2131 break;
2132 case RUN_STATE_WATCHDOG:
2133 trace_gdbstub_hit_watchdog();
2134 ret = GDB_SIGNAL_ALRM;
2135 break;
2136 case RUN_STATE_INTERNAL_ERROR:
2137 trace_gdbstub_hit_internal_error();
2138 ret = GDB_SIGNAL_ABRT;
2139 break;
2140 case RUN_STATE_SAVE_VM:
2141 case RUN_STATE_RESTORE_VM:
2142 return;
2143 case RUN_STATE_FINISH_MIGRATE:
2144 ret = GDB_SIGNAL_XCPU;
2145 break;
2146 default:
2147 trace_gdbstub_hit_unknown(state);
2148 ret = GDB_SIGNAL_UNKNOWN;
2149 break;
2150 }
2151 gdb_set_stop_cpu(cpu);
2152 snprintf(buf, sizeof(buf), "T%02xthread:%s;", ret, thread_id);
2153
2154 send_packet:
2155 put_packet(s, buf);
2156
2157 /* disable single step if it was enabled */
2158 cpu_single_step(cpu, 0);
2159 }
2160 #endif
2161
2162 /* Send a gdb syscall request.
2163 This accepts limited printf-style format specifiers, specifically:
2164 %x - target_ulong argument printed in hex.
2165 %lx - 64-bit argument printed in hex.
2166 %s - string pointer (target_ulong) and length (int) pair. */
2167 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
2168 {
2169 char *p;
2170 char *p_end;
2171 target_ulong addr;
2172 uint64_t i64;
2173 GDBState *s;
2174
2175 s = gdbserver_state;
2176 if (!s)
2177 return;
2178 s->current_syscall_cb = cb;
2179 #ifndef CONFIG_USER_ONLY
2180 vm_stop(RUN_STATE_DEBUG);
2181 #endif
2182 p = s->syscall_buf;
2183 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
2184 *(p++) = 'F';
2185 while (*fmt) {
2186 if (*fmt == '%') {
2187 fmt++;
2188 switch (*fmt++) {
2189 case 'x':
2190 addr = va_arg(va, target_ulong);
2191 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
2192 break;
2193 case 'l':
2194 if (*(fmt++) != 'x')
2195 goto bad_format;
2196 i64 = va_arg(va, uint64_t);
2197 p += snprintf(p, p_end - p, "%" PRIx64, i64);
2198 break;
2199 case 's':
2200 addr = va_arg(va, target_ulong);
2201 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
2202 addr, va_arg(va, int));
2203 break;
2204 default:
2205 bad_format:
2206 error_report("gdbstub: Bad syscall format string '%s'",
2207 fmt - 1);
2208 break;
2209 }
2210 } else {
2211 *(p++) = *(fmt++);
2212 }
2213 }
2214 *p = 0;
2215 #ifdef CONFIG_USER_ONLY
2216 put_packet(s, s->syscall_buf);
2217 /* Return control to gdb for it to process the syscall request.
2218 * Since the protocol requires that gdb hands control back to us
2219 * using a "here are the results" F packet, we don't need to check
2220 * gdb_handlesig's return value (which is the signal to deliver if
2221 * execution was resumed via a continue packet).
2222 */
2223 gdb_handlesig(s->c_cpu, 0);
2224 #else
2225 /* In this case wait to send the syscall packet until notification that
2226 the CPU has stopped. This must be done because if the packet is sent
2227 now the reply from the syscall request could be received while the CPU
2228 is still in the running state, which can cause packets to be dropped
2229 and state transition 'T' packets to be sent while the syscall is still
2230 being processed. */
2231 qemu_cpu_kick(s->c_cpu);
2232 #endif
2233 }
2234
2235 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
2236 {
2237 va_list va;
2238
2239 va_start(va, fmt);
2240 gdb_do_syscallv(cb, fmt, va);
2241 va_end(va);
2242 }
2243
2244 static void gdb_read_byte(GDBState *s, uint8_t ch)
2245 {
2246 uint8_t reply;
2247
2248 #ifndef CONFIG_USER_ONLY
2249 if (s->last_packet_len) {
2250 /* Waiting for a response to the last packet. If we see the start
2251 of a new command then abandon the previous response. */
2252 if (ch == '-') {
2253 trace_gdbstub_err_got_nack();
2254 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
2255 } else if (ch == '+') {
2256 trace_gdbstub_io_got_ack();
2257 } else {
2258 trace_gdbstub_io_got_unexpected(ch);
2259 }
2260
2261 if (ch == '+' || ch == '$')
2262 s->last_packet_len = 0;
2263 if (ch != '$')
2264 return;
2265 }
2266 if (runstate_is_running()) {
2267 /* when the CPU is running, we cannot do anything except stop
2268 it when receiving a char */
2269 vm_stop(RUN_STATE_PAUSED);
2270 } else
2271 #endif
2272 {
2273 switch(s->state) {
2274 case RS_IDLE:
2275 if (ch == '$') {
2276 /* start of command packet */
2277 s->line_buf_index = 0;
2278 s->line_sum = 0;
2279 s->state = RS_GETLINE;
2280 } else {
2281 trace_gdbstub_err_garbage(ch);
2282 }
2283 break;
2284 case RS_GETLINE:
2285 if (ch == '}') {
2286 /* start escape sequence */
2287 s->state = RS_GETLINE_ESC;
2288 s->line_sum += ch;
2289 } else if (ch == '*') {
2290 /* start run length encoding sequence */
2291 s->state = RS_GETLINE_RLE;
2292 s->line_sum += ch;
2293 } else if (ch == '#') {
2294 /* end of command, start of checksum*/
2295 s->state = RS_CHKSUM1;
2296 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
2297 trace_gdbstub_err_overrun();
2298 s->state = RS_IDLE;
2299 } else {
2300 /* unescaped command character */
2301 s->line_buf[s->line_buf_index++] = ch;
2302 s->line_sum += ch;
2303 }
2304 break;
2305 case RS_GETLINE_ESC:
2306 if (ch == '#') {
2307 /* unexpected end of command in escape sequence */
2308 s->state = RS_CHKSUM1;
2309 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
2310 /* command buffer overrun */
2311 trace_gdbstub_err_overrun();
2312 s->state = RS_IDLE;
2313 } else {
2314 /* parse escaped character and leave escape state */
2315 s->line_buf[s->line_buf_index++] = ch ^ 0x20;
2316 s->line_sum += ch;
2317 s->state = RS_GETLINE;
2318 }
2319 break;
2320 case RS_GETLINE_RLE:
2321 /*
2322 * Run-length encoding is explained in "Debugging with GDB /
2323 * Appendix E GDB Remote Serial Protocol / Overview".
2324 */
2325 if (ch < ' ' || ch == '#' || ch == '$' || ch > 126) {
2326 /* invalid RLE count encoding */
2327 trace_gdbstub_err_invalid_repeat(ch);
2328 s->state = RS_GETLINE;
2329 } else {
2330 /* decode repeat length */
2331 int repeat = ch - ' ' + 3;
2332 if (s->line_buf_index + repeat >= sizeof(s->line_buf) - 1) {
2333 /* that many repeats would overrun the command buffer */
2334 trace_gdbstub_err_overrun();
2335 s->state = RS_IDLE;
2336 } else if (s->line_buf_index < 1) {
2337 /* got a repeat but we have nothing to repeat */
2338 trace_gdbstub_err_invalid_rle();
2339 s->state = RS_GETLINE;
2340 } else {
2341 /* repeat the last character */
2342 memset(s->line_buf + s->line_buf_index,
2343 s->line_buf[s->line_buf_index - 1], repeat);
2344 s->line_buf_index += repeat;
2345 s->line_sum += ch;
2346 s->state = RS_GETLINE;
2347 }
2348 }
2349 break;
2350 case RS_CHKSUM1:
2351 /* get high hex digit of checksum */
2352 if (!isxdigit(ch)) {
2353 trace_gdbstub_err_checksum_invalid(ch);
2354 s->state = RS_GETLINE;
2355 break;
2356 }
2357 s->line_buf[s->line_buf_index] = '\0';
2358 s->line_csum = fromhex(ch) << 4;
2359 s->state = RS_CHKSUM2;
2360 break;
2361 case RS_CHKSUM2:
2362 /* get low hex digit of checksum */
2363 if (!isxdigit(ch)) {
2364 trace_gdbstub_err_checksum_invalid(ch);
2365 s->state = RS_GETLINE;
2366 break;
2367 }
2368 s->line_csum |= fromhex(ch);
2369
2370 if (s->line_csum != (s->line_sum & 0xff)) {
2371 trace_gdbstub_err_checksum_incorrect(s->line_sum, s->line_csum);
2372 /* send NAK reply */
2373 reply = '-';
2374 put_buffer(s, &reply, 1);
2375 s->state = RS_IDLE;
2376 } else {
2377 /* send ACK reply */
2378 reply = '+';
2379 put_buffer(s, &reply, 1);
2380 s->state = gdb_handle_packet(s, s->line_buf);
2381 }
2382 break;
2383 default:
2384 abort();
2385 }
2386 }
2387 }
2388
2389 /* Tell the remote gdb that the process has exited. */
2390 void gdb_exit(CPUArchState *env, int code)
2391 {
2392 GDBState *s;
2393 char buf[4];
2394
2395 s = gdbserver_state;
2396 if (!s) {
2397 return;
2398 }
2399 #ifdef CONFIG_USER_ONLY
2400 if (gdbserver_fd < 0 || s->fd < 0) {
2401 return;
2402 }
2403 #endif
2404
2405 trace_gdbstub_op_exiting((uint8_t)code);
2406
2407 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
2408 put_packet(s, buf);
2409
2410 #ifndef CONFIG_USER_ONLY
2411 qemu_chr_fe_deinit(&s->chr, true);
2412 #endif
2413 }
2414
2415 /*
2416 * Create the process that will contain all the "orphan" CPUs (that are not
2417 * part of a CPU cluster). Note that if this process contains no CPUs, it won't
2418 * be attachable and thus will be invisible to the user.
2419 */
2420 static void create_default_process(GDBState *s)
2421 {
2422 GDBProcess *process;
2423 int max_pid = 0;
2424
2425 if (s->process_num) {
2426 max_pid = s->processes[s->process_num - 1].pid;
2427 }
2428
2429 s->processes = g_renew(GDBProcess, s->processes, ++s->process_num);
2430 process = &s->processes[s->process_num - 1];
2431
2432 /* We need an available PID slot for this process */
2433 assert(max_pid < UINT32_MAX);
2434
2435 process->pid = max_pid + 1;
2436 process->attached = false;
2437 process->target_xml[0] = '\0';
2438 }
2439
2440 #ifdef CONFIG_USER_ONLY
2441 int
2442 gdb_handlesig(CPUState *cpu, int sig)
2443 {
2444 GDBState *s;
2445 char buf[256];
2446 int n;
2447
2448 s = gdbserver_state;
2449 if (gdbserver_fd < 0 || s->fd < 0) {
2450 return sig;
2451 }
2452
2453 /* disable single step if it was enabled */
2454 cpu_single_step(cpu, 0);
2455 tb_flush(cpu);
2456
2457 if (sig != 0) {
2458 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
2459 put_packet(s, buf);
2460 }
2461 /* put_packet() might have detected that the peer terminated the
2462 connection. */
2463 if (s->fd < 0) {
2464 return sig;
2465 }
2466
2467 sig = 0;
2468 s->state = RS_IDLE;
2469 s->running_state = 0;
2470 while (s->running_state == 0) {
2471 n = read(s->fd, buf, 256);
2472 if (n > 0) {
2473 int i;
2474
2475 for (i = 0; i < n; i++) {
2476 gdb_read_byte(s, buf[i]);
2477 }
2478 } else {
2479 /* XXX: Connection closed. Should probably wait for another
2480 connection before continuing. */
2481 if (n == 0) {
2482 close(s->fd);
2483 }
2484 s->fd = -1;
2485 return sig;
2486 }
2487 }
2488 sig = s->signal;
2489 s->signal = 0;
2490 return sig;
2491 }
2492
2493 /* Tell the remote gdb that the process has exited due to SIG. */
2494 void gdb_signalled(CPUArchState *env, int sig)
2495 {
2496 GDBState *s;
2497 char buf[4];
2498
2499 s = gdbserver_state;
2500 if (gdbserver_fd < 0 || s->fd < 0) {
2501 return;
2502 }
2503
2504 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
2505 put_packet(s, buf);
2506 }
2507
2508 static bool gdb_accept(void)
2509 {
2510 GDBState *s;
2511 struct sockaddr_in sockaddr;
2512 socklen_t len;
2513 int fd;
2514
2515 for(;;) {
2516 len = sizeof(sockaddr);
2517 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
2518 if (fd < 0 && errno != EINTR) {
2519 perror("accept");
2520 return false;
2521 } else if (fd >= 0) {
2522 qemu_set_cloexec(fd);
2523 break;
2524 }
2525 }
2526
2527 /* set short latency */
2528 if (socket_set_nodelay(fd)) {
2529 perror("setsockopt");
2530 close(fd);
2531 return false;
2532 }
2533
2534 s = g_malloc0(sizeof(GDBState));
2535 create_default_process(s);
2536 s->processes[0].attached = true;
2537 s->c_cpu = gdb_first_attached_cpu(s);
2538 s->g_cpu = s->c_cpu;
2539 s->fd = fd;
2540 gdb_has_xml = false;
2541
2542 gdbserver_state = s;
2543 return true;
2544 }
2545
2546 static int gdbserver_open(int port)
2547 {
2548 struct sockaddr_in sockaddr;
2549 int fd, ret;
2550
2551 fd = socket(PF_INET, SOCK_STREAM, 0);
2552 if (fd < 0) {
2553 perror("socket");
2554 return -1;
2555 }
2556 qemu_set_cloexec(fd);
2557
2558 socket_set_fast_reuse(fd);
2559
2560 sockaddr.sin_family = AF_INET;
2561 sockaddr.sin_port = htons(port);
2562 sockaddr.sin_addr.s_addr = 0;
2563 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
2564 if (ret < 0) {
2565 perror("bind");
2566 close(fd);
2567 return -1;
2568 }
2569 ret = listen(fd, 1);
2570 if (ret < 0) {
2571 perror("listen");
2572 close(fd);
2573 return -1;
2574 }
2575 return fd;
2576 }
2577
2578 int gdbserver_start(int port)
2579 {
2580 gdbserver_fd = gdbserver_open(port);
2581 if (gdbserver_fd < 0)
2582 return -1;
2583 /* accept connections */
2584 if (!gdb_accept()) {
2585 close(gdbserver_fd);
2586 gdbserver_fd = -1;
2587 return -1;
2588 }
2589 return 0;
2590 }
2591
2592 /* Disable gdb stub for child processes. */
2593 void gdbserver_fork(CPUState *cpu)
2594 {
2595 GDBState *s = gdbserver_state;
2596
2597 if (gdbserver_fd < 0 || s->fd < 0) {
2598 return;
2599 }
2600 close(s->fd);
2601 s->fd = -1;
2602 cpu_breakpoint_remove_all(cpu, BP_GDB);
2603 cpu_watchpoint_remove_all(cpu, BP_GDB);
2604 }
2605 #else
2606 static int gdb_chr_can_receive(void *opaque)
2607 {
2608 /* We can handle an arbitrarily large amount of data.
2609 Pick the maximum packet size, which is as good as anything. */
2610 return MAX_PACKET_LENGTH;
2611 }
2612
2613 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
2614 {
2615 int i;
2616
2617 for (i = 0; i < size; i++) {
2618 gdb_read_byte(gdbserver_state, buf[i]);
2619 }
2620 }
2621
2622 static void gdb_chr_event(void *opaque, int event)
2623 {
2624 int i;
2625 GDBState *s = (GDBState *) opaque;
2626
2627 switch (event) {
2628 case CHR_EVENT_OPENED:
2629 /* Start with first process attached, others detached */
2630 for (i = 0; i < s->process_num; i++) {
2631 s->processes[i].attached = !i;
2632 }
2633
2634 s->c_cpu = gdb_first_attached_cpu(s);
2635 s->g_cpu = s->c_cpu;
2636
2637 vm_stop(RUN_STATE_PAUSED);
2638 gdb_has_xml = false;
2639 break;
2640 default:
2641 break;
2642 }
2643 }
2644
2645 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
2646 {
2647 char buf[MAX_PACKET_LENGTH];
2648
2649 buf[0] = 'O';
2650 if (len > (MAX_PACKET_LENGTH/2) - 1)
2651 len = (MAX_PACKET_LENGTH/2) - 1;
2652 memtohex(buf + 1, (uint8_t *)msg, len);
2653 put_packet(s, buf);
2654 }
2655
2656 static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len)
2657 {
2658 const char *p = (const char *)buf;
2659 int max_sz;
2660
2661 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
2662 for (;;) {
2663 if (len <= max_sz) {
2664 gdb_monitor_output(gdbserver_state, p, len);
2665 break;
2666 }
2667 gdb_monitor_output(gdbserver_state, p, max_sz);
2668 p += max_sz;
2669 len -= max_sz;
2670 }
2671 return len;
2672 }
2673
2674 #ifndef _WIN32
2675 static void gdb_sigterm_handler(int signal)
2676 {
2677 if (runstate_is_running()) {
2678 vm_stop(RUN_STATE_PAUSED);
2679 }
2680 }
2681 #endif
2682
2683 static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend,
2684 bool *be_opened, Error **errp)
2685 {
2686 *be_opened = false;
2687 }
2688
2689 static void char_gdb_class_init(ObjectClass *oc, void *data)
2690 {
2691 ChardevClass *cc = CHARDEV_CLASS(oc);
2692
2693 cc->internal = true;
2694 cc->open = gdb_monitor_open;
2695 cc->chr_write = gdb_monitor_write;
2696 }
2697
2698 #define TYPE_CHARDEV_GDB "chardev-gdb"
2699
2700 static const TypeInfo char_gdb_type_info = {
2701 .name = TYPE_CHARDEV_GDB,
2702 .parent = TYPE_CHARDEV,
2703 .class_init = char_gdb_class_init,
2704 };
2705
2706 static int find_cpu_clusters(Object *child, void *opaque)
2707 {
2708 if (object_dynamic_cast(child, TYPE_CPU_CLUSTER)) {
2709 GDBState *s = (GDBState *) opaque;
2710 CPUClusterState *cluster = CPU_CLUSTER(child);
2711 GDBProcess *process;
2712
2713 s->processes = g_renew(GDBProcess, s->processes, ++s->process_num);
2714
2715 process = &s->processes[s->process_num - 1];
2716
2717 /*
2718 * GDB process IDs -1 and 0 are reserved. To avoid subtle errors at
2719 * runtime, we enforce here that the machine does not use a cluster ID
2720 * that would lead to PID 0.
2721 */
2722 assert(cluster->cluster_id != UINT32_MAX);
2723 process->pid = cluster->cluster_id + 1;
2724 process->attached = false;
2725 process->target_xml[0] = '\0';
2726
2727 return 0;
2728 }
2729
2730 return object_child_foreach(child, find_cpu_clusters, opaque);
2731 }
2732
2733 static int pid_order(const void *a, const void *b)
2734 {
2735 GDBProcess *pa = (GDBProcess *) a;
2736 GDBProcess *pb = (GDBProcess *) b;
2737
2738 if (pa->pid < pb->pid) {
2739 return -1;
2740 } else if (pa->pid > pb->pid) {
2741 return 1;
2742 } else {
2743 return 0;
2744 }
2745 }
2746
2747 static void create_processes(GDBState *s)
2748 {
2749 object_child_foreach(object_get_root(), find_cpu_clusters, s);
2750
2751 if (s->processes) {
2752 /* Sort by PID */
2753 qsort(s->processes, s->process_num, sizeof(s->processes[0]), pid_order);
2754 }
2755
2756 create_default_process(s);
2757 }
2758
2759 static void cleanup_processes(GDBState *s)
2760 {
2761 g_free(s->processes);
2762 s->process_num = 0;
2763 s->processes = NULL;
2764 }
2765
2766 int gdbserver_start(const char *device)
2767 {
2768 trace_gdbstub_op_start(device);
2769
2770 GDBState *s;
2771 char gdbstub_device_name[128];
2772 Chardev *chr = NULL;
2773 Chardev *mon_chr;
2774
2775 if (!first_cpu) {
2776 error_report("gdbstub: meaningless to attach gdb to a "
2777 "machine without any CPU.");
2778 return -1;
2779 }
2780
2781 if (!device)
2782 return -1;
2783 if (strcmp(device, "none") != 0) {
2784 if (strstart(device, "tcp:", NULL)) {
2785 /* enforce required TCP attributes */
2786 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
2787 "%s,nowait,nodelay,server", device);
2788 device = gdbstub_device_name;
2789 }
2790 #ifndef _WIN32
2791 else if (strcmp(device, "stdio") == 0) {
2792 struct sigaction act;
2793
2794 memset(&act, 0, sizeof(act));
2795 act.sa_handler = gdb_sigterm_handler;
2796 sigaction(SIGINT, &act, NULL);
2797 }
2798 #endif
2799 /*
2800 * FIXME: it's a bit weird to allow using a mux chardev here
2801 * and implicitly setup a monitor. We may want to break this.
2802 */
2803 chr = qemu_chr_new_noreplay("gdb", device, true, NULL);
2804 if (!chr)
2805 return -1;
2806 }
2807
2808 s = gdbserver_state;
2809 if (!s) {
2810 s = g_malloc0(sizeof(GDBState));
2811 gdbserver_state = s;
2812
2813 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
2814
2815 /* Initialize a monitor terminal for gdb */
2816 mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB,
2817 NULL, NULL, &error_abort);
2818 monitor_init(mon_chr, 0);
2819 } else {
2820 qemu_chr_fe_deinit(&s->chr, true);
2821 mon_chr = s->mon_chr;
2822 cleanup_processes(s);
2823 memset(s, 0, sizeof(GDBState));
2824 s->mon_chr = mon_chr;
2825 }
2826
2827 create_processes(s);
2828
2829 if (chr) {
2830 qemu_chr_fe_init(&s->chr, chr, &error_abort);
2831 qemu_chr_fe_set_handlers(&s->chr, gdb_chr_can_receive, gdb_chr_receive,
2832 gdb_chr_event, NULL, s, NULL, true);
2833 }
2834 s->state = chr ? RS_IDLE : RS_INACTIVE;
2835 s->mon_chr = mon_chr;
2836 s->current_syscall_cb = NULL;
2837
2838 return 0;
2839 }
2840
2841 void gdbserver_cleanup(void)
2842 {
2843 if (gdbserver_state) {
2844 put_packet(gdbserver_state, "W00");
2845 }
2846 }
2847
2848 static void register_types(void)
2849 {
2850 type_register_static(&char_gdb_type_info);
2851 }
2852
2853 type_init(register_types);
2854 #endif
QEmu