4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
20 #include "qemu-common.h"
21 #ifdef CONFIG_USER_ONLY
32 #include "monitor/monitor.h"
33 #include "sysemu/char.h"
34 #include "sysemu/sysemu.h"
35 #include "exec/gdbstub.h"
38 #define MAX_PACKET_LENGTH 4096
41 #include "qemu/sockets.h"
42 #include "sysemu/kvm.h"
44 static inline int target_memory_rw_debug(CPUState
*cpu
, target_ulong addr
,
45 uint8_t *buf
, int len
, bool is_write
)
47 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
49 if (cc
->memory_rw_debug
) {
50 return cc
->memory_rw_debug(cpu
, addr
, buf
, len
, is_write
);
52 return cpu_memory_rw_debug(cpu
, addr
, buf
, len
, is_write
);
64 GDB_SIGNAL_UNKNOWN
= 143
67 #ifdef CONFIG_USER_ONLY
69 /* Map target signal numbers to GDB protocol signal numbers and vice
70 * versa. For user emulation's currently supported systems, we can
71 * assume most signals are defined.
74 static int gdb_signal_table
[] = {
234 /* In system mode we only need SIGINT and SIGTRAP; other signals
235 are not yet supported. */
242 static int gdb_signal_table
[] = {
252 #ifdef CONFIG_USER_ONLY
253 static int target_signal_to_gdb (int sig
)
256 for (i
= 0; i
< ARRAY_SIZE (gdb_signal_table
); i
++)
257 if (gdb_signal_table
[i
] == sig
)
259 return GDB_SIGNAL_UNKNOWN
;
263 static int gdb_signal_to_target (int sig
)
265 if (sig
< ARRAY_SIZE (gdb_signal_table
))
266 return gdb_signal_table
[sig
];
273 typedef struct GDBRegisterState
{
279 struct GDBRegisterState
*next
;
289 typedef struct GDBState
{
290 CPUState
*c_cpu
; /* current CPU for step/continue ops */
291 CPUState
*g_cpu
; /* current CPU for other ops */
292 CPUState
*query_cpu
; /* for q{f|s}ThreadInfo */
293 enum RSState state
; /* parsing state */
294 char line_buf
[MAX_PACKET_LENGTH
];
297 uint8_t last_packet
[MAX_PACKET_LENGTH
+ 4];
300 #ifdef CONFIG_USER_ONLY
304 CharDriverState
*chr
;
305 CharDriverState
*mon_chr
;
307 char syscall_buf
[256];
308 gdb_syscall_complete_cb current_syscall_cb
;
311 /* By default use no IRQs and no timers while single stepping so as to
312 * make single stepping like an ICE HW step.
314 static int sstep_flags
= SSTEP_ENABLE
|SSTEP_NOIRQ
|SSTEP_NOTIMER
;
316 static GDBState
*gdbserver_state
;
320 #ifdef CONFIG_USER_ONLY
321 /* XXX: This is not thread safe. Do we care? */
322 static int gdbserver_fd
= -1;
324 static int get_char(GDBState
*s
)
330 ret
= qemu_recv(s
->fd
, &ch
, 1, 0);
332 if (errno
== ECONNRESET
)
334 if (errno
!= EINTR
&& errno
!= EAGAIN
)
336 } else if (ret
== 0) {
354 /* If gdb is connected when the first semihosting syscall occurs then use
355 remote gdb syscalls. Otherwise use native file IO. */
356 int use_gdb_syscalls(void)
358 if (gdb_syscall_mode
== GDB_SYS_UNKNOWN
) {
359 gdb_syscall_mode
= (gdbserver_state
? GDB_SYS_ENABLED
362 return gdb_syscall_mode
== GDB_SYS_ENABLED
;
365 /* Resume execution. */
366 static inline void gdb_continue(GDBState
*s
)
368 #ifdef CONFIG_USER_ONLY
369 s
->running_state
= 1;
371 if (runstate_check(RUN_STATE_GUEST_PANICKED
)) {
372 runstate_set(RUN_STATE_DEBUG
);
374 if (!runstate_needs_reset()) {
380 static void put_buffer(GDBState
*s
, const uint8_t *buf
, int len
)
382 #ifdef CONFIG_USER_ONLY
386 ret
= send(s
->fd
, buf
, len
, 0);
388 if (errno
!= EINTR
&& errno
!= EAGAIN
)
396 qemu_chr_fe_write(s
->chr
, buf
, len
);
400 static inline int fromhex(int v
)
402 if (v
>= '0' && v
<= '9')
404 else if (v
>= 'A' && v
<= 'F')
406 else if (v
>= 'a' && v
<= 'f')
412 static inline int tohex(int v
)
420 static void memtohex(char *buf
, const uint8_t *mem
, int len
)
425 for(i
= 0; i
< len
; i
++) {
427 *q
++ = tohex(c
>> 4);
428 *q
++ = tohex(c
& 0xf);
433 static void hextomem(uint8_t *mem
, const char *buf
, int len
)
437 for(i
= 0; i
< len
; i
++) {
438 mem
[i
] = (fromhex(buf
[0]) << 4) | fromhex(buf
[1]);
443 /* return -1 if error, 0 if OK */
444 static int put_packet_binary(GDBState
*s
, const char *buf
, int len
)
455 for(i
= 0; i
< len
; i
++) {
459 *(p
++) = tohex((csum
>> 4) & 0xf);
460 *(p
++) = tohex((csum
) & 0xf);
462 s
->last_packet_len
= p
- s
->last_packet
;
463 put_buffer(s
, (uint8_t *)s
->last_packet
, s
->last_packet_len
);
465 #ifdef CONFIG_USER_ONLY
478 /* return -1 if error, 0 if OK */
479 static int put_packet(GDBState
*s
, const char *buf
)
482 printf("reply='%s'\n", buf
);
485 return put_packet_binary(s
, buf
, strlen(buf
));
488 /* Encode data using the encoding for 'x' packets. */
489 static int memtox(char *buf
, const char *mem
, int len
)
497 case '#': case '$': case '*': case '}':
509 static const char *get_feature_xml(const char *p
, const char **newp
,
515 static char target_xml
[1024];
518 while (p
[len
] && p
[len
] != ':')
523 if (strncmp(p
, "target.xml", len
) == 0) {
524 /* Generate the XML description for this CPU. */
525 if (!target_xml
[0]) {
527 CPUState
*cpu
= first_cpu
;
529 snprintf(target_xml
, sizeof(target_xml
),
530 "<?xml version=\"1.0\"?>"
531 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
533 "<xi:include href=\"%s\"/>",
534 cc
->gdb_core_xml_file
);
536 for (r
= cpu
->gdb_regs
; r
; r
= r
->next
) {
537 pstrcat(target_xml
, sizeof(target_xml
), "<xi:include href=\"");
538 pstrcat(target_xml
, sizeof(target_xml
), r
->xml
);
539 pstrcat(target_xml
, sizeof(target_xml
), "\"/>");
541 pstrcat(target_xml
, sizeof(target_xml
), "</target>");
546 name
= xml_builtin
[i
][0];
547 if (!name
|| (strncmp(name
, p
, len
) == 0 && strlen(name
) == len
))
550 return name
? xml_builtin
[i
][1] : NULL
;
553 static int gdb_read_register(CPUState
*cpu
, uint8_t *mem_buf
, int reg
)
555 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
556 CPUArchState
*env
= cpu
->env_ptr
;
559 if (reg
< cc
->gdb_num_core_regs
) {
560 return cc
->gdb_read_register(cpu
, mem_buf
, reg
);
563 for (r
= cpu
->gdb_regs
; r
; r
= r
->next
) {
564 if (r
->base_reg
<= reg
&& reg
< r
->base_reg
+ r
->num_regs
) {
565 return r
->get_reg(env
, mem_buf
, reg
- r
->base_reg
);
571 static int gdb_write_register(CPUState
*cpu
, uint8_t *mem_buf
, int reg
)
573 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
574 CPUArchState
*env
= cpu
->env_ptr
;
577 if (reg
< cc
->gdb_num_core_regs
) {
578 return cc
->gdb_write_register(cpu
, mem_buf
, reg
);
581 for (r
= cpu
->gdb_regs
; r
; r
= r
->next
) {
582 if (r
->base_reg
<= reg
&& reg
< r
->base_reg
+ r
->num_regs
) {
583 return r
->set_reg(env
, mem_buf
, reg
- r
->base_reg
);
589 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
590 specifies the first register number and these registers are included in
591 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
592 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
595 void gdb_register_coprocessor(CPUState
*cpu
,
596 gdb_reg_cb get_reg
, gdb_reg_cb set_reg
,
597 int num_regs
, const char *xml
, int g_pos
)
600 GDBRegisterState
**p
;
604 /* Check for duplicates. */
605 if (strcmp((*p
)->xml
, xml
) == 0)
610 s
= g_new0(GDBRegisterState
, 1);
611 s
->base_reg
= cpu
->gdb_num_regs
;
612 s
->num_regs
= num_regs
;
613 s
->get_reg
= get_reg
;
614 s
->set_reg
= set_reg
;
617 /* Add to end of list. */
618 cpu
->gdb_num_regs
+= num_regs
;
621 if (g_pos
!= s
->base_reg
) {
622 fprintf(stderr
, "Error: Bad gdb register numbering for '%s'\n"
623 "Expected %d got %d\n", xml
, g_pos
, s
->base_reg
);
628 #ifndef CONFIG_USER_ONLY
629 static const int xlat_gdb_type
[] = {
630 [GDB_WATCHPOINT_WRITE
] = BP_GDB
| BP_MEM_WRITE
,
631 [GDB_WATCHPOINT_READ
] = BP_GDB
| BP_MEM_READ
,
632 [GDB_WATCHPOINT_ACCESS
] = BP_GDB
| BP_MEM_ACCESS
,
636 static int gdb_breakpoint_insert(target_ulong addr
, target_ulong len
, int type
)
643 return kvm_insert_breakpoint(gdbserver_state
->c_cpu
, addr
, len
, type
);
647 case GDB_BREAKPOINT_SW
:
648 case GDB_BREAKPOINT_HW
:
649 for (cpu
= first_cpu
; cpu
!= NULL
; cpu
= cpu
->next_cpu
) {
651 err
= cpu_breakpoint_insert(env
, addr
, BP_GDB
, NULL
);
656 #ifndef CONFIG_USER_ONLY
657 case GDB_WATCHPOINT_WRITE
:
658 case GDB_WATCHPOINT_READ
:
659 case GDB_WATCHPOINT_ACCESS
:
660 for (cpu
= first_cpu
; cpu
!= NULL
; cpu
= cpu
->next_cpu
) {
662 err
= cpu_watchpoint_insert(env
, addr
, len
, xlat_gdb_type
[type
],
674 static int gdb_breakpoint_remove(target_ulong addr
, target_ulong len
, int type
)
681 return kvm_remove_breakpoint(gdbserver_state
->c_cpu
, addr
, len
, type
);
685 case GDB_BREAKPOINT_SW
:
686 case GDB_BREAKPOINT_HW
:
687 for (cpu
= first_cpu
; cpu
!= NULL
; cpu
= cpu
->next_cpu
) {
689 err
= cpu_breakpoint_remove(env
, addr
, BP_GDB
);
694 #ifndef CONFIG_USER_ONLY
695 case GDB_WATCHPOINT_WRITE
:
696 case GDB_WATCHPOINT_READ
:
697 case GDB_WATCHPOINT_ACCESS
:
698 for (cpu
= first_cpu
; cpu
!= NULL
; cpu
= cpu
->next_cpu
) {
700 err
= cpu_watchpoint_remove(env
, addr
, len
, xlat_gdb_type
[type
]);
711 static void gdb_breakpoint_remove_all(void)
717 kvm_remove_all_breakpoints(gdbserver_state
->c_cpu
);
721 for (cpu
= first_cpu
; cpu
!= NULL
; cpu
= cpu
->next_cpu
) {
723 cpu_breakpoint_remove_all(env
, BP_GDB
);
724 #ifndef CONFIG_USER_ONLY
725 cpu_watchpoint_remove_all(env
, BP_GDB
);
730 static void gdb_set_cpu_pc(GDBState
*s
, target_ulong pc
)
732 CPUState
*cpu
= s
->c_cpu
;
733 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
735 cpu_synchronize_state(cpu
);
741 static CPUState
*find_cpu(uint32_t thread_id
)
745 for (cpu
= first_cpu
; cpu
!= NULL
; cpu
= cpu
->next_cpu
) {
746 if (cpu_index(cpu
) == thread_id
) {
754 static int gdb_handle_packet(GDBState
*s
, const char *line_buf
)
760 int ch
, reg_size
, type
, res
;
761 char buf
[MAX_PACKET_LENGTH
];
762 uint8_t mem_buf
[MAX_PACKET_LENGTH
];
764 target_ulong addr
, len
;
767 printf("command='%s'\n", line_buf
);
773 /* TODO: Make this return the correct value for user-mode. */
774 snprintf(buf
, sizeof(buf
), "T%02xthread:%02x;", GDB_SIGNAL_TRAP
,
775 cpu_index(s
->c_cpu
));
777 /* Remove all the breakpoints when this query is issued,
778 * because gdb is doing and initial connect and the state
779 * should be cleaned up.
781 gdb_breakpoint_remove_all();
785 addr
= strtoull(p
, (char **)&p
, 16);
786 gdb_set_cpu_pc(s
, addr
);
792 s
->signal
= gdb_signal_to_target (strtoul(p
, (char **)&p
, 16));
798 if (strncmp(p
, "Cont", 4) == 0) {
799 int res_signal
, res_thread
;
803 put_packet(s
, "vCont;c;C;s;S");
818 if (action
== 'C' || action
== 'S') {
819 signal
= strtoul(p
, (char **)&p
, 16);
820 } else if (action
!= 'c' && action
!= 's') {
826 thread
= strtoull(p
+1, (char **)&p
, 16);
828 action
= tolower(action
);
829 if (res
== 0 || (res
== 'c' && action
== 's')) {
836 if (res_thread
!= -1 && res_thread
!= 0) {
837 cpu
= find_cpu(res_thread
);
839 put_packet(s
, "E22");
845 cpu_single_step(s
->c_cpu
, sstep_flags
);
847 s
->signal
= res_signal
;
853 goto unknown_command
;
856 #ifdef CONFIG_USER_ONLY
857 /* Kill the target */
858 fprintf(stderr
, "\nQEMU: Terminated via GDBstub\n");
863 gdb_breakpoint_remove_all();
864 gdb_syscall_mode
= GDB_SYS_DISABLED
;
870 addr
= strtoull(p
, (char **)&p
, 16);
871 gdb_set_cpu_pc(s
, addr
);
873 cpu_single_step(s
->c_cpu
, sstep_flags
);
881 ret
= strtoull(p
, (char **)&p
, 16);
884 err
= strtoull(p
, (char **)&p
, 16);
891 if (s
->current_syscall_cb
) {
892 s
->current_syscall_cb(s
->c_cpu
, ret
, err
);
893 s
->current_syscall_cb
= NULL
;
896 put_packet(s
, "T02");
903 cpu_synchronize_state(s
->g_cpu
);
905 for (addr
= 0; addr
< s
->g_cpu
->gdb_num_regs
; addr
++) {
906 reg_size
= gdb_read_register(s
->g_cpu
, mem_buf
+ len
, addr
);
909 memtohex(buf
, mem_buf
, len
);
913 cpu_synchronize_state(s
->g_cpu
);
916 hextomem((uint8_t *)registers
, p
, len
);
917 for (addr
= 0; addr
< s
->g_cpu
->gdb_num_regs
&& len
> 0; addr
++) {
918 reg_size
= gdb_write_register(s
->g_cpu
, registers
, addr
);
920 registers
+= reg_size
;
925 addr
= strtoull(p
, (char **)&p
, 16);
928 len
= strtoull(p
, NULL
, 16);
929 if (target_memory_rw_debug(s
->g_cpu
, addr
, mem_buf
, len
, false) != 0) {
930 put_packet (s
, "E14");
932 memtohex(buf
, mem_buf
, len
);
937 addr
= strtoull(p
, (char **)&p
, 16);
940 len
= strtoull(p
, (char **)&p
, 16);
943 hextomem(mem_buf
, p
, len
);
944 if (target_memory_rw_debug(s
->g_cpu
, addr
, mem_buf
, len
,
946 put_packet(s
, "E14");
952 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
953 This works, but can be very slow. Anything new enough to
954 understand XML also knows how to use this properly. */
956 goto unknown_command
;
957 addr
= strtoull(p
, (char **)&p
, 16);
958 reg_size
= gdb_read_register(s
->g_cpu
, mem_buf
, addr
);
960 memtohex(buf
, mem_buf
, reg_size
);
963 put_packet(s
, "E14");
968 goto unknown_command
;
969 addr
= strtoull(p
, (char **)&p
, 16);
972 reg_size
= strlen(p
) / 2;
973 hextomem(mem_buf
, p
, reg_size
);
974 gdb_write_register(s
->g_cpu
, mem_buf
, addr
);
979 type
= strtoul(p
, (char **)&p
, 16);
982 addr
= strtoull(p
, (char **)&p
, 16);
985 len
= strtoull(p
, (char **)&p
, 16);
987 res
= gdb_breakpoint_insert(addr
, len
, type
);
989 res
= gdb_breakpoint_remove(addr
, len
, type
);
992 else if (res
== -ENOSYS
)
995 put_packet(s
, "E22");
999 thread
= strtoull(p
, (char **)&p
, 16);
1000 if (thread
== -1 || thread
== 0) {
1001 put_packet(s
, "OK");
1004 cpu
= find_cpu(thread
);
1006 put_packet(s
, "E22");
1012 put_packet(s
, "OK");
1016 put_packet(s
, "OK");
1019 put_packet(s
, "E22");
1024 thread
= strtoull(p
, (char **)&p
, 16);
1025 cpu
= find_cpu(thread
);
1028 put_packet(s
, "OK");
1030 put_packet(s
, "E22");
1035 /* parse any 'q' packets here */
1036 if (!strcmp(p
,"qemu.sstepbits")) {
1037 /* Query Breakpoint bit definitions */
1038 snprintf(buf
, sizeof(buf
), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1044 } else if (strncmp(p
,"qemu.sstep",10) == 0) {
1045 /* Display or change the sstep_flags */
1048 /* Display current setting */
1049 snprintf(buf
, sizeof(buf
), "0x%x", sstep_flags
);
1054 type
= strtoul(p
, (char **)&p
, 16);
1056 put_packet(s
, "OK");
1058 } else if (strcmp(p
,"C") == 0) {
1059 /* "Current thread" remains vague in the spec, so always return
1060 * the first CPU (gdb returns the first thread). */
1061 put_packet(s
, "QC1");
1063 } else if (strcmp(p
,"fThreadInfo") == 0) {
1064 s
->query_cpu
= first_cpu
;
1065 goto report_cpuinfo
;
1066 } else if (strcmp(p
,"sThreadInfo") == 0) {
1069 snprintf(buf
, sizeof(buf
), "m%x", cpu_index(s
->query_cpu
));
1071 s
->query_cpu
= s
->query_cpu
->next_cpu
;
1075 } else if (strncmp(p
,"ThreadExtraInfo,", 16) == 0) {
1076 thread
= strtoull(p
+16, (char **)&p
, 16);
1077 cpu
= find_cpu(thread
);
1079 cpu_synchronize_state(cpu
);
1080 len
= snprintf((char *)mem_buf
, sizeof(mem_buf
),
1081 "CPU#%d [%s]", cpu
->cpu_index
,
1082 cpu
->halted
? "halted " : "running");
1083 memtohex(buf
, mem_buf
, len
);
1088 #ifdef CONFIG_USER_ONLY
1089 else if (strncmp(p
, "Offsets", 7) == 0) {
1090 CPUArchState
*env
= s
->c_cpu
->env_ptr
;
1091 TaskState
*ts
= env
->opaque
;
1093 snprintf(buf
, sizeof(buf
),
1094 "Text=" TARGET_ABI_FMT_lx
";Data=" TARGET_ABI_FMT_lx
1095 ";Bss=" TARGET_ABI_FMT_lx
,
1096 ts
->info
->code_offset
,
1097 ts
->info
->data_offset
,
1098 ts
->info
->data_offset
);
1102 #else /* !CONFIG_USER_ONLY */
1103 else if (strncmp(p
, "Rcmd,", 5) == 0) {
1104 int len
= strlen(p
+ 5);
1106 if ((len
% 2) != 0) {
1107 put_packet(s
, "E01");
1110 hextomem(mem_buf
, p
+ 5, len
);
1113 qemu_chr_be_write(s
->mon_chr
, mem_buf
, len
);
1114 put_packet(s
, "OK");
1117 #endif /* !CONFIG_USER_ONLY */
1118 if (strncmp(p
, "Supported", 9) == 0) {
1119 snprintf(buf
, sizeof(buf
), "PacketSize=%x", MAX_PACKET_LENGTH
);
1120 cc
= CPU_GET_CLASS(first_cpu
);
1121 if (cc
->gdb_core_xml_file
!= NULL
) {
1122 pstrcat(buf
, sizeof(buf
), ";qXfer:features:read+");
1127 if (strncmp(p
, "Xfer:features:read:", 19) == 0) {
1129 target_ulong total_len
;
1131 cc
= CPU_GET_CLASS(first_cpu
);
1132 if (cc
->gdb_core_xml_file
== NULL
) {
1133 goto unknown_command
;
1138 xml
= get_feature_xml(p
, &p
, cc
);
1140 snprintf(buf
, sizeof(buf
), "E00");
1147 addr
= strtoul(p
, (char **)&p
, 16);
1150 len
= strtoul(p
, (char **)&p
, 16);
1152 total_len
= strlen(xml
);
1153 if (addr
> total_len
) {
1154 snprintf(buf
, sizeof(buf
), "E00");
1158 if (len
> (MAX_PACKET_LENGTH
- 5) / 2)
1159 len
= (MAX_PACKET_LENGTH
- 5) / 2;
1160 if (len
< total_len
- addr
) {
1162 len
= memtox(buf
+ 1, xml
+ addr
, len
);
1165 len
= memtox(buf
+ 1, xml
+ addr
, total_len
- addr
);
1167 put_packet_binary(s
, buf
, len
+ 1);
1170 /* Unrecognised 'q' command. */
1171 goto unknown_command
;
1175 /* put empty packet */
1183 void gdb_set_stop_cpu(CPUState
*cpu
)
1185 gdbserver_state
->c_cpu
= cpu
;
1186 gdbserver_state
->g_cpu
= cpu
;
1189 #ifndef CONFIG_USER_ONLY
1190 static void gdb_vm_state_change(void *opaque
, int running
, RunState state
)
1192 GDBState
*s
= gdbserver_state
;
1193 CPUArchState
*env
= s
->c_cpu
->env_ptr
;
1194 CPUState
*cpu
= s
->c_cpu
;
1199 if (running
|| s
->state
== RS_INACTIVE
) {
1202 /* Is there a GDB syscall waiting to be sent? */
1203 if (s
->current_syscall_cb
) {
1204 put_packet(s
, s
->syscall_buf
);
1208 case RUN_STATE_DEBUG
:
1209 if (env
->watchpoint_hit
) {
1210 switch (env
->watchpoint_hit
->flags
& BP_MEM_ACCESS
) {
1221 snprintf(buf
, sizeof(buf
),
1222 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx
";",
1223 GDB_SIGNAL_TRAP
, cpu_index(cpu
), type
,
1224 env
->watchpoint_hit
->vaddr
);
1225 env
->watchpoint_hit
= NULL
;
1229 ret
= GDB_SIGNAL_TRAP
;
1231 case RUN_STATE_PAUSED
:
1232 ret
= GDB_SIGNAL_INT
;
1234 case RUN_STATE_SHUTDOWN
:
1235 ret
= GDB_SIGNAL_QUIT
;
1237 case RUN_STATE_IO_ERROR
:
1238 ret
= GDB_SIGNAL_IO
;
1240 case RUN_STATE_WATCHDOG
:
1241 ret
= GDB_SIGNAL_ALRM
;
1243 case RUN_STATE_INTERNAL_ERROR
:
1244 ret
= GDB_SIGNAL_ABRT
;
1246 case RUN_STATE_SAVE_VM
:
1247 case RUN_STATE_RESTORE_VM
:
1249 case RUN_STATE_FINISH_MIGRATE
:
1250 ret
= GDB_SIGNAL_XCPU
;
1253 ret
= GDB_SIGNAL_UNKNOWN
;
1256 snprintf(buf
, sizeof(buf
), "T%02xthread:%02x;", ret
, cpu_index(cpu
));
1261 /* disable single step if it was enabled */
1262 cpu_single_step(cpu
, 0);
1266 /* Send a gdb syscall request.
1267 This accepts limited printf-style format specifiers, specifically:
1268 %x - target_ulong argument printed in hex.
1269 %lx - 64-bit argument printed in hex.
1270 %s - string pointer (target_ulong) and length (int) pair. */
1271 void gdb_do_syscall(gdb_syscall_complete_cb cb
, const char *fmt
, ...)
1280 s
= gdbserver_state
;
1283 s
->current_syscall_cb
= cb
;
1284 #ifndef CONFIG_USER_ONLY
1285 vm_stop(RUN_STATE_DEBUG
);
1289 p_end
= &s
->syscall_buf
[sizeof(s
->syscall_buf
)];
1296 addr
= va_arg(va
, target_ulong
);
1297 p
+= snprintf(p
, p_end
- p
, TARGET_FMT_lx
, addr
);
1300 if (*(fmt
++) != 'x')
1302 i64
= va_arg(va
, uint64_t);
1303 p
+= snprintf(p
, p_end
- p
, "%" PRIx64
, i64
);
1306 addr
= va_arg(va
, target_ulong
);
1307 p
+= snprintf(p
, p_end
- p
, TARGET_FMT_lx
"/%x",
1308 addr
, va_arg(va
, int));
1312 fprintf(stderr
, "gdbstub: Bad syscall format string '%s'\n",
1322 #ifdef CONFIG_USER_ONLY
1323 put_packet(s
, s
->syscall_buf
);
1324 gdb_handlesig(s
->c_cpu
, 0);
1326 /* In this case wait to send the syscall packet until notification that
1327 the CPU has stopped. This must be done because if the packet is sent
1328 now the reply from the syscall request could be received while the CPU
1329 is still in the running state, which can cause packets to be dropped
1330 and state transition 'T' packets to be sent while the syscall is still
1336 static void gdb_read_byte(GDBState
*s
, int ch
)
1341 #ifndef CONFIG_USER_ONLY
1342 if (s
->last_packet_len
) {
1343 /* Waiting for a response to the last packet. If we see the start
1344 of a new command then abandon the previous response. */
1347 printf("Got NACK, retransmitting\n");
1349 put_buffer(s
, (uint8_t *)s
->last_packet
, s
->last_packet_len
);
1353 printf("Got ACK\n");
1355 printf("Got '%c' when expecting ACK/NACK\n", ch
);
1357 if (ch
== '+' || ch
== '$')
1358 s
->last_packet_len
= 0;
1362 if (runstate_is_running()) {
1363 /* when the CPU is running, we cannot do anything except stop
1364 it when receiving a char */
1365 vm_stop(RUN_STATE_PAUSED
);
1372 s
->line_buf_index
= 0;
1373 s
->state
= RS_GETLINE
;
1378 s
->state
= RS_CHKSUM1
;
1379 } else if (s
->line_buf_index
>= sizeof(s
->line_buf
) - 1) {
1382 s
->line_buf
[s
->line_buf_index
++] = ch
;
1386 s
->line_buf
[s
->line_buf_index
] = '\0';
1387 s
->line_csum
= fromhex(ch
) << 4;
1388 s
->state
= RS_CHKSUM2
;
1391 s
->line_csum
|= fromhex(ch
);
1393 for(i
= 0; i
< s
->line_buf_index
; i
++) {
1394 csum
+= s
->line_buf
[i
];
1396 if (s
->line_csum
!= (csum
& 0xff)) {
1398 put_buffer(s
, &reply
, 1);
1402 put_buffer(s
, &reply
, 1);
1403 s
->state
= gdb_handle_packet(s
, s
->line_buf
);
1412 /* Tell the remote gdb that the process has exited. */
1413 void gdb_exit(CPUArchState
*env
, int code
)
1418 s
= gdbserver_state
;
1422 #ifdef CONFIG_USER_ONLY
1423 if (gdbserver_fd
< 0 || s
->fd
< 0) {
1428 snprintf(buf
, sizeof(buf
), "W%02x", (uint8_t)code
);
1431 #ifndef CONFIG_USER_ONLY
1433 qemu_chr_delete(s
->chr
);
1438 #ifdef CONFIG_USER_ONLY
1444 s
= gdbserver_state
;
1446 if (gdbserver_fd
< 0 || s
->fd
< 0)
1453 gdb_handlesig(CPUState
*cpu
, int sig
)
1455 CPUArchState
*env
= cpu
->env_ptr
;
1460 s
= gdbserver_state
;
1461 if (gdbserver_fd
< 0 || s
->fd
< 0) {
1465 /* disable single step if it was enabled */
1466 cpu_single_step(cpu
, 0);
1470 snprintf(buf
, sizeof(buf
), "S%02x", target_signal_to_gdb(sig
));
1473 /* put_packet() might have detected that the peer terminated the
1481 s
->running_state
= 0;
1482 while (s
->running_state
== 0) {
1483 n
= read(s
->fd
, buf
, 256);
1487 for (i
= 0; i
< n
; i
++) {
1488 gdb_read_byte(s
, buf
[i
]);
1490 } else if (n
== 0 || errno
!= EAGAIN
) {
1491 /* XXX: Connection closed. Should probably wait for another
1492 connection before continuing. */
1501 /* Tell the remote gdb that the process has exited due to SIG. */
1502 void gdb_signalled(CPUArchState
*env
, int sig
)
1507 s
= gdbserver_state
;
1508 if (gdbserver_fd
< 0 || s
->fd
< 0) {
1512 snprintf(buf
, sizeof(buf
), "X%02x", target_signal_to_gdb(sig
));
1516 static void gdb_accept(void)
1519 struct sockaddr_in sockaddr
;
1524 len
= sizeof(sockaddr
);
1525 fd
= accept(gdbserver_fd
, (struct sockaddr
*)&sockaddr
, &len
);
1526 if (fd
< 0 && errno
!= EINTR
) {
1529 } else if (fd
>= 0) {
1531 fcntl(fd
, F_SETFD
, FD_CLOEXEC
);
1537 /* set short latency */
1538 socket_set_nodelay(fd
);
1540 s
= g_malloc0(sizeof(GDBState
));
1541 s
->c_cpu
= first_cpu
;
1542 s
->g_cpu
= first_cpu
;
1544 gdb_has_xml
= false;
1546 gdbserver_state
= s
;
1548 fcntl(fd
, F_SETFL
, O_NONBLOCK
);
1551 static int gdbserver_open(int port
)
1553 struct sockaddr_in sockaddr
;
1556 fd
= socket(PF_INET
, SOCK_STREAM
, 0);
1562 fcntl(fd
, F_SETFD
, FD_CLOEXEC
);
1565 /* allow fast reuse */
1567 qemu_setsockopt(fd
, SOL_SOCKET
, SO_REUSEADDR
, &val
, sizeof(val
));
1569 sockaddr
.sin_family
= AF_INET
;
1570 sockaddr
.sin_port
= htons(port
);
1571 sockaddr
.sin_addr
.s_addr
= 0;
1572 ret
= bind(fd
, (struct sockaddr
*)&sockaddr
, sizeof(sockaddr
));
1578 ret
= listen(fd
, 0);
1587 int gdbserver_start(int port
)
1589 gdbserver_fd
= gdbserver_open(port
);
1590 if (gdbserver_fd
< 0)
1592 /* accept connections */
1597 /* Disable gdb stub for child processes. */
1598 void gdbserver_fork(CPUArchState
*env
)
1600 GDBState
*s
= gdbserver_state
;
1601 if (gdbserver_fd
< 0 || s
->fd
< 0)
1605 cpu_breakpoint_remove_all(env
, BP_GDB
);
1606 cpu_watchpoint_remove_all(env
, BP_GDB
);
1609 static int gdb_chr_can_receive(void *opaque
)
1611 /* We can handle an arbitrarily large amount of data.
1612 Pick the maximum packet size, which is as good as anything. */
1613 return MAX_PACKET_LENGTH
;
1616 static void gdb_chr_receive(void *opaque
, const uint8_t *buf
, int size
)
1620 for (i
= 0; i
< size
; i
++) {
1621 gdb_read_byte(gdbserver_state
, buf
[i
]);
1625 static void gdb_chr_event(void *opaque
, int event
)
1628 case CHR_EVENT_OPENED
:
1629 vm_stop(RUN_STATE_PAUSED
);
1630 gdb_has_xml
= false;
1637 static void gdb_monitor_output(GDBState
*s
, const char *msg
, int len
)
1639 char buf
[MAX_PACKET_LENGTH
];
1642 if (len
> (MAX_PACKET_LENGTH
/2) - 1)
1643 len
= (MAX_PACKET_LENGTH
/2) - 1;
1644 memtohex(buf
+ 1, (uint8_t *)msg
, len
);
1648 static int gdb_monitor_write(CharDriverState
*chr
, const uint8_t *buf
, int len
)
1650 const char *p
= (const char *)buf
;
1653 max_sz
= (sizeof(gdbserver_state
->last_packet
) - 2) / 2;
1655 if (len
<= max_sz
) {
1656 gdb_monitor_output(gdbserver_state
, p
, len
);
1659 gdb_monitor_output(gdbserver_state
, p
, max_sz
);
1667 static void gdb_sigterm_handler(int signal
)
1669 if (runstate_is_running()) {
1670 vm_stop(RUN_STATE_PAUSED
);
1675 int gdbserver_start(const char *device
)
1678 char gdbstub_device_name
[128];
1679 CharDriverState
*chr
= NULL
;
1680 CharDriverState
*mon_chr
;
1684 if (strcmp(device
, "none") != 0) {
1685 if (strstart(device
, "tcp:", NULL
)) {
1686 /* enforce required TCP attributes */
1687 snprintf(gdbstub_device_name
, sizeof(gdbstub_device_name
),
1688 "%s,nowait,nodelay,server", device
);
1689 device
= gdbstub_device_name
;
1692 else if (strcmp(device
, "stdio") == 0) {
1693 struct sigaction act
;
1695 memset(&act
, 0, sizeof(act
));
1696 act
.sa_handler
= gdb_sigterm_handler
;
1697 sigaction(SIGINT
, &act
, NULL
);
1700 chr
= qemu_chr_new("gdb", device
, NULL
);
1704 qemu_chr_fe_claim_no_fail(chr
);
1705 qemu_chr_add_handlers(chr
, gdb_chr_can_receive
, gdb_chr_receive
,
1706 gdb_chr_event
, NULL
);
1709 s
= gdbserver_state
;
1711 s
= g_malloc0(sizeof(GDBState
));
1712 gdbserver_state
= s
;
1714 qemu_add_vm_change_state_handler(gdb_vm_state_change
, NULL
);
1716 /* Initialize a monitor terminal for gdb */
1717 mon_chr
= g_malloc0(sizeof(*mon_chr
));
1718 mon_chr
->chr_write
= gdb_monitor_write
;
1719 monitor_init(mon_chr
, 0);
1722 qemu_chr_delete(s
->chr
);
1723 mon_chr
= s
->mon_chr
;
1724 memset(s
, 0, sizeof(GDBState
));
1726 s
->c_cpu
= first_cpu
;
1727 s
->g_cpu
= first_cpu
;
1729 s
->state
= chr
? RS_IDLE
: RS_INACTIVE
;
1730 s
->mon_chr
= mon_chr
;
1731 s
->current_syscall_cb
= NULL
;