4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #include "qemu/cutils.h"
23 #ifdef CONFIG_USER_ONLY
26 #include "monitor/monitor.h"
27 #include "sysemu/char.h"
28 #include "sysemu/sysemu.h"
29 #include "exec/gdbstub.h"
32 #define MAX_PACKET_LENGTH 4096
35 #include "qemu/sockets.h"
36 #include "sysemu/kvm.h"
37 #include "exec/semihost.h"
38 #include "exec/exec-all.h"
40 #ifdef CONFIG_USER_ONLY
41 #define GDB_ATTACHED "0"
43 #define GDB_ATTACHED "1"
46 static inline int target_memory_rw_debug(CPUState
*cpu
, target_ulong addr
,
47 uint8_t *buf
, int len
, bool is_write
)
49 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
51 if (cc
->memory_rw_debug
) {
52 return cc
->memory_rw_debug(cpu
, addr
, buf
, len
, is_write
);
54 return cpu_memory_rw_debug(cpu
, addr
, buf
, len
, is_write
);
66 GDB_SIGNAL_UNKNOWN
= 143
69 #ifdef CONFIG_USER_ONLY
71 /* Map target signal numbers to GDB protocol signal numbers and vice
72 * versa. For user emulation's currently supported systems, we can
73 * assume most signals are defined.
76 static int gdb_signal_table
[] = {
236 /* In system mode we only need SIGINT and SIGTRAP; other signals
237 are not yet supported. */
244 static int gdb_signal_table
[] = {
254 #ifdef CONFIG_USER_ONLY
255 static int target_signal_to_gdb (int sig
)
258 for (i
= 0; i
< ARRAY_SIZE (gdb_signal_table
); i
++)
259 if (gdb_signal_table
[i
] == sig
)
261 return GDB_SIGNAL_UNKNOWN
;
265 static int gdb_signal_to_target (int sig
)
267 if (sig
< ARRAY_SIZE (gdb_signal_table
))
268 return gdb_signal_table
[sig
];
275 typedef struct GDBRegisterState
{
281 struct GDBRegisterState
*next
;
291 typedef struct GDBState
{
292 CPUState
*c_cpu
; /* current CPU for step/continue ops */
293 CPUState
*g_cpu
; /* current CPU for other ops */
294 CPUState
*query_cpu
; /* for q{f|s}ThreadInfo */
295 enum RSState state
; /* parsing state */
296 char line_buf
[MAX_PACKET_LENGTH
];
299 uint8_t last_packet
[MAX_PACKET_LENGTH
+ 4];
302 #ifdef CONFIG_USER_ONLY
307 CharDriverState
*mon_chr
;
309 char syscall_buf
[256];
310 gdb_syscall_complete_cb current_syscall_cb
;
313 /* By default use no IRQs and no timers while single stepping so as to
314 * make single stepping like an ICE HW step.
316 static int sstep_flags
= SSTEP_ENABLE
|SSTEP_NOIRQ
|SSTEP_NOTIMER
;
318 static GDBState
*gdbserver_state
;
322 #ifdef CONFIG_USER_ONLY
323 /* XXX: This is not thread safe. Do we care? */
324 static int gdbserver_fd
= -1;
326 static int get_char(GDBState
*s
)
332 ret
= qemu_recv(s
->fd
, &ch
, 1, 0);
334 if (errno
== ECONNRESET
)
338 } else if (ret
== 0) {
356 /* Decide if either remote gdb syscalls or native file IO should be used. */
357 int use_gdb_syscalls(void)
359 SemihostingTarget target
= semihosting_get_target();
360 if (target
== SEMIHOSTING_TARGET_NATIVE
) {
361 /* -semihosting-config target=native */
363 } else if (target
== SEMIHOSTING_TARGET_GDB
) {
364 /* -semihosting-config target=gdb */
368 /* -semihosting-config target=auto */
369 /* On the first call check if gdb is connected and remember. */
370 if (gdb_syscall_mode
== GDB_SYS_UNKNOWN
) {
371 gdb_syscall_mode
= (gdbserver_state
? GDB_SYS_ENABLED
374 return gdb_syscall_mode
== GDB_SYS_ENABLED
;
377 /* Resume execution. */
378 static inline void gdb_continue(GDBState
*s
)
380 #ifdef CONFIG_USER_ONLY
381 s
->running_state
= 1;
383 if (!runstate_needs_reset()) {
389 static void put_buffer(GDBState
*s
, const uint8_t *buf
, int len
)
391 #ifdef CONFIG_USER_ONLY
395 ret
= send(s
->fd
, buf
, len
, 0);
405 /* XXX this blocks entire thread. Rewrite to use
406 * qemu_chr_fe_write and background I/O callbacks */
407 qemu_chr_fe_write_all(&s
->chr
, buf
, len
);
411 static inline int fromhex(int v
)
413 if (v
>= '0' && v
<= '9')
415 else if (v
>= 'A' && v
<= 'F')
417 else if (v
>= 'a' && v
<= 'f')
423 static inline int tohex(int v
)
431 static void memtohex(char *buf
, const uint8_t *mem
, int len
)
436 for(i
= 0; i
< len
; i
++) {
438 *q
++ = tohex(c
>> 4);
439 *q
++ = tohex(c
& 0xf);
444 static void hextomem(uint8_t *mem
, const char *buf
, int len
)
448 for(i
= 0; i
< len
; i
++) {
449 mem
[i
] = (fromhex(buf
[0]) << 4) | fromhex(buf
[1]);
454 /* return -1 if error, 0 if OK */
455 static int put_packet_binary(GDBState
*s
, const char *buf
, int len
)
466 for(i
= 0; i
< len
; i
++) {
470 *(p
++) = tohex((csum
>> 4) & 0xf);
471 *(p
++) = tohex((csum
) & 0xf);
473 s
->last_packet_len
= p
- s
->last_packet
;
474 put_buffer(s
, (uint8_t *)s
->last_packet
, s
->last_packet_len
);
476 #ifdef CONFIG_USER_ONLY
489 /* return -1 if error, 0 if OK */
490 static int put_packet(GDBState
*s
, const char *buf
)
493 printf("reply='%s'\n", buf
);
496 return put_packet_binary(s
, buf
, strlen(buf
));
499 /* Encode data using the encoding for 'x' packets. */
500 static int memtox(char *buf
, const char *mem
, int len
)
508 case '#': case '$': case '*': case '}':
520 static const char *get_feature_xml(const char *p
, const char **newp
,
526 static char target_xml
[1024];
529 while (p
[len
] && p
[len
] != ':')
534 if (strncmp(p
, "target.xml", len
) == 0) {
535 /* Generate the XML description for this CPU. */
536 if (!target_xml
[0]) {
538 CPUState
*cpu
= first_cpu
;
540 pstrcat(target_xml
, sizeof(target_xml
),
541 "<?xml version=\"1.0\"?>"
542 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
544 if (cc
->gdb_arch_name
) {
545 gchar
*arch
= cc
->gdb_arch_name(cpu
);
546 pstrcat(target_xml
, sizeof(target_xml
), "<architecture>");
547 pstrcat(target_xml
, sizeof(target_xml
), arch
);
548 pstrcat(target_xml
, sizeof(target_xml
), "</architecture>");
551 pstrcat(target_xml
, sizeof(target_xml
), "<xi:include href=\"");
552 pstrcat(target_xml
, sizeof(target_xml
), cc
->gdb_core_xml_file
);
553 pstrcat(target_xml
, sizeof(target_xml
), "\"/>");
554 for (r
= cpu
->gdb_regs
; r
; r
= r
->next
) {
555 pstrcat(target_xml
, sizeof(target_xml
), "<xi:include href=\"");
556 pstrcat(target_xml
, sizeof(target_xml
), r
->xml
);
557 pstrcat(target_xml
, sizeof(target_xml
), "\"/>");
559 pstrcat(target_xml
, sizeof(target_xml
), "</target>");
564 name
= xml_builtin
[i
][0];
565 if (!name
|| (strncmp(name
, p
, len
) == 0 && strlen(name
) == len
))
568 return name
? xml_builtin
[i
][1] : NULL
;
571 static int gdb_read_register(CPUState
*cpu
, uint8_t *mem_buf
, int reg
)
573 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
574 CPUArchState
*env
= cpu
->env_ptr
;
577 if (reg
< cc
->gdb_num_core_regs
) {
578 return cc
->gdb_read_register(cpu
, mem_buf
, reg
);
581 for (r
= cpu
->gdb_regs
; r
; r
= r
->next
) {
582 if (r
->base_reg
<= reg
&& reg
< r
->base_reg
+ r
->num_regs
) {
583 return r
->get_reg(env
, mem_buf
, reg
- r
->base_reg
);
589 static int gdb_write_register(CPUState
*cpu
, uint8_t *mem_buf
, int reg
)
591 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
592 CPUArchState
*env
= cpu
->env_ptr
;
595 if (reg
< cc
->gdb_num_core_regs
) {
596 return cc
->gdb_write_register(cpu
, mem_buf
, reg
);
599 for (r
= cpu
->gdb_regs
; r
; r
= r
->next
) {
600 if (r
->base_reg
<= reg
&& reg
< r
->base_reg
+ r
->num_regs
) {
601 return r
->set_reg(env
, mem_buf
, reg
- r
->base_reg
);
607 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
608 specifies the first register number and these registers are included in
609 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
610 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
613 void gdb_register_coprocessor(CPUState
*cpu
,
614 gdb_reg_cb get_reg
, gdb_reg_cb set_reg
,
615 int num_regs
, const char *xml
, int g_pos
)
618 GDBRegisterState
**p
;
622 /* Check for duplicates. */
623 if (strcmp((*p
)->xml
, xml
) == 0)
628 s
= g_new0(GDBRegisterState
, 1);
629 s
->base_reg
= cpu
->gdb_num_regs
;
630 s
->num_regs
= num_regs
;
631 s
->get_reg
= get_reg
;
632 s
->set_reg
= set_reg
;
635 /* Add to end of list. */
636 cpu
->gdb_num_regs
+= num_regs
;
639 if (g_pos
!= s
->base_reg
) {
640 fprintf(stderr
, "Error: Bad gdb register numbering for '%s'\n"
641 "Expected %d got %d\n", xml
, g_pos
, s
->base_reg
);
643 cpu
->gdb_num_g_regs
= cpu
->gdb_num_regs
;
648 #ifndef CONFIG_USER_ONLY
649 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
650 static inline int xlat_gdb_type(CPUState
*cpu
, int gdbtype
)
652 static const int xlat
[] = {
653 [GDB_WATCHPOINT_WRITE
] = BP_GDB
| BP_MEM_WRITE
,
654 [GDB_WATCHPOINT_READ
] = BP_GDB
| BP_MEM_READ
,
655 [GDB_WATCHPOINT_ACCESS
] = BP_GDB
| BP_MEM_ACCESS
,
658 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
659 int cputype
= xlat
[gdbtype
];
661 if (cc
->gdb_stop_before_watchpoint
) {
662 cputype
|= BP_STOP_BEFORE_ACCESS
;
668 static int gdb_breakpoint_insert(target_ulong addr
, target_ulong len
, int type
)
674 return kvm_insert_breakpoint(gdbserver_state
->c_cpu
, addr
, len
, type
);
678 case GDB_BREAKPOINT_SW
:
679 case GDB_BREAKPOINT_HW
:
681 err
= cpu_breakpoint_insert(cpu
, addr
, BP_GDB
, NULL
);
687 #ifndef CONFIG_USER_ONLY
688 case GDB_WATCHPOINT_WRITE
:
689 case GDB_WATCHPOINT_READ
:
690 case GDB_WATCHPOINT_ACCESS
:
692 err
= cpu_watchpoint_insert(cpu
, addr
, len
,
693 xlat_gdb_type(cpu
, type
), NULL
);
705 static int gdb_breakpoint_remove(target_ulong addr
, target_ulong len
, int type
)
711 return kvm_remove_breakpoint(gdbserver_state
->c_cpu
, addr
, len
, type
);
715 case GDB_BREAKPOINT_SW
:
716 case GDB_BREAKPOINT_HW
:
718 err
= cpu_breakpoint_remove(cpu
, addr
, BP_GDB
);
724 #ifndef CONFIG_USER_ONLY
725 case GDB_WATCHPOINT_WRITE
:
726 case GDB_WATCHPOINT_READ
:
727 case GDB_WATCHPOINT_ACCESS
:
729 err
= cpu_watchpoint_remove(cpu
, addr
, len
,
730 xlat_gdb_type(cpu
, type
));
741 static void gdb_breakpoint_remove_all(void)
746 kvm_remove_all_breakpoints(gdbserver_state
->c_cpu
);
751 cpu_breakpoint_remove_all(cpu
, BP_GDB
);
752 #ifndef CONFIG_USER_ONLY
753 cpu_watchpoint_remove_all(cpu
, BP_GDB
);
758 static void gdb_set_cpu_pc(GDBState
*s
, target_ulong pc
)
760 CPUState
*cpu
= s
->c_cpu
;
762 cpu_synchronize_state(cpu
);
766 static CPUState
*find_cpu(uint32_t thread_id
)
771 if (cpu_index(cpu
) == thread_id
) {
779 static int is_query_packet(const char *p
, const char *query
, char separator
)
781 unsigned int query_len
= strlen(query
);
783 return strncmp(p
, query
, query_len
) == 0 &&
784 (p
[query_len
] == '\0' || p
[query_len
] == separator
);
787 static int gdb_handle_packet(GDBState
*s
, const char *line_buf
)
793 int ch
, reg_size
, type
, res
;
794 char buf
[MAX_PACKET_LENGTH
];
795 uint8_t mem_buf
[MAX_PACKET_LENGTH
];
797 target_ulong addr
, len
;
800 printf("command='%s'\n", line_buf
);
806 /* TODO: Make this return the correct value for user-mode. */
807 snprintf(buf
, sizeof(buf
), "T%02xthread:%02x;", GDB_SIGNAL_TRAP
,
808 cpu_index(s
->c_cpu
));
810 /* Remove all the breakpoints when this query is issued,
811 * because gdb is doing and initial connect and the state
812 * should be cleaned up.
814 gdb_breakpoint_remove_all();
818 addr
= strtoull(p
, (char **)&p
, 16);
819 gdb_set_cpu_pc(s
, addr
);
825 s
->signal
= gdb_signal_to_target (strtoul(p
, (char **)&p
, 16));
831 if (strncmp(p
, "Cont", 4) == 0) {
832 int res_signal
, res_thread
;
836 put_packet(s
, "vCont;c;C;s;S");
851 if (action
== 'C' || action
== 'S') {
852 signal
= gdb_signal_to_target(strtoul(p
, (char **)&p
, 16));
856 } else if (action
!= 'c' && action
!= 's') {
862 thread
= strtoull(p
+1, (char **)&p
, 16);
864 action
= tolower(action
);
865 if (res
== 0 || (res
== 'c' && action
== 's')) {
872 if (res_thread
!= -1 && res_thread
!= 0) {
873 cpu
= find_cpu(res_thread
);
875 put_packet(s
, "E22");
881 cpu_single_step(s
->c_cpu
, sstep_flags
);
883 s
->signal
= res_signal
;
889 goto unknown_command
;
892 /* Kill the target */
893 fprintf(stderr
, "\nQEMU: Terminated via GDBstub\n");
897 gdb_breakpoint_remove_all();
898 gdb_syscall_mode
= GDB_SYS_DISABLED
;
904 addr
= strtoull(p
, (char **)&p
, 16);
905 gdb_set_cpu_pc(s
, addr
);
907 cpu_single_step(s
->c_cpu
, sstep_flags
);
915 ret
= strtoull(p
, (char **)&p
, 16);
918 err
= strtoull(p
, (char **)&p
, 16);
925 if (s
->current_syscall_cb
) {
926 s
->current_syscall_cb(s
->c_cpu
, ret
, err
);
927 s
->current_syscall_cb
= NULL
;
930 put_packet(s
, "T02");
937 cpu_synchronize_state(s
->g_cpu
);
939 for (addr
= 0; addr
< s
->g_cpu
->gdb_num_g_regs
; addr
++) {
940 reg_size
= gdb_read_register(s
->g_cpu
, mem_buf
+ len
, addr
);
943 memtohex(buf
, mem_buf
, len
);
947 cpu_synchronize_state(s
->g_cpu
);
950 hextomem((uint8_t *)registers
, p
, len
);
951 for (addr
= 0; addr
< s
->g_cpu
->gdb_num_g_regs
&& len
> 0; addr
++) {
952 reg_size
= gdb_write_register(s
->g_cpu
, registers
, addr
);
954 registers
+= reg_size
;
959 addr
= strtoull(p
, (char **)&p
, 16);
962 len
= strtoull(p
, NULL
, 16);
964 /* memtohex() doubles the required space */
965 if (len
> MAX_PACKET_LENGTH
/ 2) {
966 put_packet (s
, "E22");
970 if (target_memory_rw_debug(s
->g_cpu
, addr
, mem_buf
, len
, false) != 0) {
971 put_packet (s
, "E14");
973 memtohex(buf
, mem_buf
, len
);
978 addr
= strtoull(p
, (char **)&p
, 16);
981 len
= strtoull(p
, (char **)&p
, 16);
985 /* hextomem() reads 2*len bytes */
986 if (len
> strlen(p
) / 2) {
987 put_packet (s
, "E22");
990 hextomem(mem_buf
, p
, len
);
991 if (target_memory_rw_debug(s
->g_cpu
, addr
, mem_buf
, len
,
993 put_packet(s
, "E14");
999 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1000 This works, but can be very slow. Anything new enough to
1001 understand XML also knows how to use this properly. */
1003 goto unknown_command
;
1004 addr
= strtoull(p
, (char **)&p
, 16);
1005 reg_size
= gdb_read_register(s
->g_cpu
, mem_buf
, addr
);
1007 memtohex(buf
, mem_buf
, reg_size
);
1010 put_packet(s
, "E14");
1015 goto unknown_command
;
1016 addr
= strtoull(p
, (char **)&p
, 16);
1019 reg_size
= strlen(p
) / 2;
1020 hextomem(mem_buf
, p
, reg_size
);
1021 gdb_write_register(s
->g_cpu
, mem_buf
, addr
);
1022 put_packet(s
, "OK");
1026 type
= strtoul(p
, (char **)&p
, 16);
1029 addr
= strtoull(p
, (char **)&p
, 16);
1032 len
= strtoull(p
, (char **)&p
, 16);
1034 res
= gdb_breakpoint_insert(addr
, len
, type
);
1036 res
= gdb_breakpoint_remove(addr
, len
, type
);
1038 put_packet(s
, "OK");
1039 else if (res
== -ENOSYS
)
1042 put_packet(s
, "E22");
1046 thread
= strtoull(p
, (char **)&p
, 16);
1047 if (thread
== -1 || thread
== 0) {
1048 put_packet(s
, "OK");
1051 cpu
= find_cpu(thread
);
1053 put_packet(s
, "E22");
1059 put_packet(s
, "OK");
1063 put_packet(s
, "OK");
1066 put_packet(s
, "E22");
1071 thread
= strtoull(p
, (char **)&p
, 16);
1072 cpu
= find_cpu(thread
);
1075 put_packet(s
, "OK");
1077 put_packet(s
, "E22");
1082 /* parse any 'q' packets here */
1083 if (!strcmp(p
,"qemu.sstepbits")) {
1084 /* Query Breakpoint bit definitions */
1085 snprintf(buf
, sizeof(buf
), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1091 } else if (is_query_packet(p
, "qemu.sstep", '=')) {
1092 /* Display or change the sstep_flags */
1095 /* Display current setting */
1096 snprintf(buf
, sizeof(buf
), "0x%x", sstep_flags
);
1101 type
= strtoul(p
, (char **)&p
, 16);
1103 put_packet(s
, "OK");
1105 } else if (strcmp(p
,"C") == 0) {
1106 /* "Current thread" remains vague in the spec, so always return
1107 * the first CPU (gdb returns the first thread). */
1108 put_packet(s
, "QC1");
1110 } else if (strcmp(p
,"fThreadInfo") == 0) {
1111 s
->query_cpu
= first_cpu
;
1112 goto report_cpuinfo
;
1113 } else if (strcmp(p
,"sThreadInfo") == 0) {
1116 snprintf(buf
, sizeof(buf
), "m%x", cpu_index(s
->query_cpu
));
1118 s
->query_cpu
= CPU_NEXT(s
->query_cpu
);
1122 } else if (strncmp(p
,"ThreadExtraInfo,", 16) == 0) {
1123 thread
= strtoull(p
+16, (char **)&p
, 16);
1124 cpu
= find_cpu(thread
);
1126 cpu_synchronize_state(cpu
);
1127 /* memtohex() doubles the required space */
1128 len
= snprintf((char *)mem_buf
, sizeof(buf
) / 2,
1129 "CPU#%d [%s]", cpu
->cpu_index
,
1130 cpu
->halted
? "halted " : "running");
1131 memtohex(buf
, mem_buf
, len
);
1136 #ifdef CONFIG_USER_ONLY
1137 else if (strcmp(p
, "Offsets") == 0) {
1138 TaskState
*ts
= s
->c_cpu
->opaque
;
1140 snprintf(buf
, sizeof(buf
),
1141 "Text=" TARGET_ABI_FMT_lx
";Data=" TARGET_ABI_FMT_lx
1142 ";Bss=" TARGET_ABI_FMT_lx
,
1143 ts
->info
->code_offset
,
1144 ts
->info
->data_offset
,
1145 ts
->info
->data_offset
);
1149 #else /* !CONFIG_USER_ONLY */
1150 else if (strncmp(p
, "Rcmd,", 5) == 0) {
1151 int len
= strlen(p
+ 5);
1153 if ((len
% 2) != 0) {
1154 put_packet(s
, "E01");
1158 hextomem(mem_buf
, p
+ 5, len
);
1160 qemu_chr_be_write(s
->mon_chr
, mem_buf
, len
);
1161 put_packet(s
, "OK");
1164 #endif /* !CONFIG_USER_ONLY */
1165 if (is_query_packet(p
, "Supported", ':')) {
1166 snprintf(buf
, sizeof(buf
), "PacketSize=%x", MAX_PACKET_LENGTH
);
1167 cc
= CPU_GET_CLASS(first_cpu
);
1168 if (cc
->gdb_core_xml_file
!= NULL
) {
1169 pstrcat(buf
, sizeof(buf
), ";qXfer:features:read+");
1174 if (strncmp(p
, "Xfer:features:read:", 19) == 0) {
1176 target_ulong total_len
;
1178 cc
= CPU_GET_CLASS(first_cpu
);
1179 if (cc
->gdb_core_xml_file
== NULL
) {
1180 goto unknown_command
;
1185 xml
= get_feature_xml(p
, &p
, cc
);
1187 snprintf(buf
, sizeof(buf
), "E00");
1194 addr
= strtoul(p
, (char **)&p
, 16);
1197 len
= strtoul(p
, (char **)&p
, 16);
1199 total_len
= strlen(xml
);
1200 if (addr
> total_len
) {
1201 snprintf(buf
, sizeof(buf
), "E00");
1205 if (len
> (MAX_PACKET_LENGTH
- 5) / 2)
1206 len
= (MAX_PACKET_LENGTH
- 5) / 2;
1207 if (len
< total_len
- addr
) {
1209 len
= memtox(buf
+ 1, xml
+ addr
, len
);
1212 len
= memtox(buf
+ 1, xml
+ addr
, total_len
- addr
);
1214 put_packet_binary(s
, buf
, len
+ 1);
1217 if (is_query_packet(p
, "Attached", ':')) {
1218 put_packet(s
, GDB_ATTACHED
);
1221 /* Unrecognised 'q' command. */
1222 goto unknown_command
;
1226 /* put empty packet */
1234 void gdb_set_stop_cpu(CPUState
*cpu
)
1236 gdbserver_state
->c_cpu
= cpu
;
1237 gdbserver_state
->g_cpu
= cpu
;
1240 #ifndef CONFIG_USER_ONLY
1241 static void gdb_vm_state_change(void *opaque
, int running
, RunState state
)
1243 GDBState
*s
= gdbserver_state
;
1244 CPUState
*cpu
= s
->c_cpu
;
1249 if (running
|| s
->state
== RS_INACTIVE
) {
1252 /* Is there a GDB syscall waiting to be sent? */
1253 if (s
->current_syscall_cb
) {
1254 put_packet(s
, s
->syscall_buf
);
1258 case RUN_STATE_DEBUG
:
1259 if (cpu
->watchpoint_hit
) {
1260 switch (cpu
->watchpoint_hit
->flags
& BP_MEM_ACCESS
) {
1271 snprintf(buf
, sizeof(buf
),
1272 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx
";",
1273 GDB_SIGNAL_TRAP
, cpu_index(cpu
), type
,
1274 (target_ulong
)cpu
->watchpoint_hit
->vaddr
);
1275 cpu
->watchpoint_hit
= NULL
;
1279 ret
= GDB_SIGNAL_TRAP
;
1281 case RUN_STATE_PAUSED
:
1282 ret
= GDB_SIGNAL_INT
;
1284 case RUN_STATE_SHUTDOWN
:
1285 ret
= GDB_SIGNAL_QUIT
;
1287 case RUN_STATE_IO_ERROR
:
1288 ret
= GDB_SIGNAL_IO
;
1290 case RUN_STATE_WATCHDOG
:
1291 ret
= GDB_SIGNAL_ALRM
;
1293 case RUN_STATE_INTERNAL_ERROR
:
1294 ret
= GDB_SIGNAL_ABRT
;
1296 case RUN_STATE_SAVE_VM
:
1297 case RUN_STATE_RESTORE_VM
:
1299 case RUN_STATE_FINISH_MIGRATE
:
1300 ret
= GDB_SIGNAL_XCPU
;
1303 ret
= GDB_SIGNAL_UNKNOWN
;
1306 gdb_set_stop_cpu(cpu
);
1307 snprintf(buf
, sizeof(buf
), "T%02xthread:%02x;", ret
, cpu_index(cpu
));
1312 /* disable single step if it was enabled */
1313 cpu_single_step(cpu
, 0);
1317 /* Send a gdb syscall request.
1318 This accepts limited printf-style format specifiers, specifically:
1319 %x - target_ulong argument printed in hex.
1320 %lx - 64-bit argument printed in hex.
1321 %s - string pointer (target_ulong) and length (int) pair. */
1322 void gdb_do_syscallv(gdb_syscall_complete_cb cb
, const char *fmt
, va_list va
)
1330 s
= gdbserver_state
;
1333 s
->current_syscall_cb
= cb
;
1334 #ifndef CONFIG_USER_ONLY
1335 vm_stop(RUN_STATE_DEBUG
);
1338 p_end
= &s
->syscall_buf
[sizeof(s
->syscall_buf
)];
1345 addr
= va_arg(va
, target_ulong
);
1346 p
+= snprintf(p
, p_end
- p
, TARGET_FMT_lx
, addr
);
1349 if (*(fmt
++) != 'x')
1351 i64
= va_arg(va
, uint64_t);
1352 p
+= snprintf(p
, p_end
- p
, "%" PRIx64
, i64
);
1355 addr
= va_arg(va
, target_ulong
);
1356 p
+= snprintf(p
, p_end
- p
, TARGET_FMT_lx
"/%x",
1357 addr
, va_arg(va
, int));
1361 fprintf(stderr
, "gdbstub: Bad syscall format string '%s'\n",
1370 #ifdef CONFIG_USER_ONLY
1371 put_packet(s
, s
->syscall_buf
);
1372 gdb_handlesig(s
->c_cpu
, 0);
1374 /* In this case wait to send the syscall packet until notification that
1375 the CPU has stopped. This must be done because if the packet is sent
1376 now the reply from the syscall request could be received while the CPU
1377 is still in the running state, which can cause packets to be dropped
1378 and state transition 'T' packets to be sent while the syscall is still
1380 qemu_cpu_kick(s
->c_cpu
);
1384 void gdb_do_syscall(gdb_syscall_complete_cb cb
, const char *fmt
, ...)
1389 gdb_do_syscallv(cb
, fmt
, va
);
1393 static void gdb_read_byte(GDBState
*s
, int ch
)
1398 #ifndef CONFIG_USER_ONLY
1399 if (s
->last_packet_len
) {
1400 /* Waiting for a response to the last packet. If we see the start
1401 of a new command then abandon the previous response. */
1404 printf("Got NACK, retransmitting\n");
1406 put_buffer(s
, (uint8_t *)s
->last_packet
, s
->last_packet_len
);
1410 printf("Got ACK\n");
1412 printf("Got '%c' when expecting ACK/NACK\n", ch
);
1414 if (ch
== '+' || ch
== '$')
1415 s
->last_packet_len
= 0;
1419 if (runstate_is_running()) {
1420 /* when the CPU is running, we cannot do anything except stop
1421 it when receiving a char */
1422 vm_stop(RUN_STATE_PAUSED
);
1429 s
->line_buf_index
= 0;
1430 s
->state
= RS_GETLINE
;
1435 s
->state
= RS_CHKSUM1
;
1436 } else if (s
->line_buf_index
>= sizeof(s
->line_buf
) - 1) {
1439 s
->line_buf
[s
->line_buf_index
++] = ch
;
1443 s
->line_buf
[s
->line_buf_index
] = '\0';
1444 s
->line_csum
= fromhex(ch
) << 4;
1445 s
->state
= RS_CHKSUM2
;
1448 s
->line_csum
|= fromhex(ch
);
1450 for(i
= 0; i
< s
->line_buf_index
; i
++) {
1451 csum
+= s
->line_buf
[i
];
1453 if (s
->line_csum
!= (csum
& 0xff)) {
1455 put_buffer(s
, &reply
, 1);
1459 put_buffer(s
, &reply
, 1);
1460 s
->state
= gdb_handle_packet(s
, s
->line_buf
);
1469 /* Tell the remote gdb that the process has exited. */
1470 void gdb_exit(CPUArchState
*env
, int code
)
1474 #ifndef CONFIG_USER_ONLY
1475 CharDriverState
*chr
;
1478 s
= gdbserver_state
;
1482 #ifdef CONFIG_USER_ONLY
1483 if (gdbserver_fd
< 0 || s
->fd
< 0) {
1487 chr
= qemu_chr_fe_get_driver(&s
->chr
);
1493 snprintf(buf
, sizeof(buf
), "W%02x", (uint8_t)code
);
1496 #ifndef CONFIG_USER_ONLY
1497 qemu_chr_fe_deinit(&s
->chr
);
1498 qemu_chr_delete(chr
);
1502 #ifdef CONFIG_USER_ONLY
1504 gdb_handlesig(CPUState
*cpu
, int sig
)
1510 s
= gdbserver_state
;
1511 if (gdbserver_fd
< 0 || s
->fd
< 0) {
1515 /* disable single step if it was enabled */
1516 cpu_single_step(cpu
, 0);
1520 snprintf(buf
, sizeof(buf
), "S%02x", target_signal_to_gdb(sig
));
1523 /* put_packet() might have detected that the peer terminated the
1531 s
->running_state
= 0;
1532 while (s
->running_state
== 0) {
1533 n
= read(s
->fd
, buf
, 256);
1537 for (i
= 0; i
< n
; i
++) {
1538 gdb_read_byte(s
, buf
[i
]);
1541 /* XXX: Connection closed. Should probably wait for another
1542 connection before continuing. */
1555 /* Tell the remote gdb that the process has exited due to SIG. */
1556 void gdb_signalled(CPUArchState
*env
, int sig
)
1561 s
= gdbserver_state
;
1562 if (gdbserver_fd
< 0 || s
->fd
< 0) {
1566 snprintf(buf
, sizeof(buf
), "X%02x", target_signal_to_gdb(sig
));
1570 static void gdb_accept(void)
1573 struct sockaddr_in sockaddr
;
1578 len
= sizeof(sockaddr
);
1579 fd
= accept(gdbserver_fd
, (struct sockaddr
*)&sockaddr
, &len
);
1580 if (fd
< 0 && errno
!= EINTR
) {
1583 } else if (fd
>= 0) {
1585 fcntl(fd
, F_SETFD
, FD_CLOEXEC
);
1591 /* set short latency */
1592 socket_set_nodelay(fd
);
1594 s
= g_malloc0(sizeof(GDBState
));
1595 s
->c_cpu
= first_cpu
;
1596 s
->g_cpu
= first_cpu
;
1598 gdb_has_xml
= false;
1600 gdbserver_state
= s
;
1603 static int gdbserver_open(int port
)
1605 struct sockaddr_in sockaddr
;
1608 fd
= socket(PF_INET
, SOCK_STREAM
, 0);
1614 fcntl(fd
, F_SETFD
, FD_CLOEXEC
);
1617 socket_set_fast_reuse(fd
);
1619 sockaddr
.sin_family
= AF_INET
;
1620 sockaddr
.sin_port
= htons(port
);
1621 sockaddr
.sin_addr
.s_addr
= 0;
1622 ret
= bind(fd
, (struct sockaddr
*)&sockaddr
, sizeof(sockaddr
));
1628 ret
= listen(fd
, 1);
1637 int gdbserver_start(int port
)
1639 gdbserver_fd
= gdbserver_open(port
);
1640 if (gdbserver_fd
< 0)
1642 /* accept connections */
1647 /* Disable gdb stub for child processes. */
1648 void gdbserver_fork(CPUState
*cpu
)
1650 GDBState
*s
= gdbserver_state
;
1652 if (gdbserver_fd
< 0 || s
->fd
< 0) {
1657 cpu_breakpoint_remove_all(cpu
, BP_GDB
);
1658 cpu_watchpoint_remove_all(cpu
, BP_GDB
);
1661 static int gdb_chr_can_receive(void *opaque
)
1663 /* We can handle an arbitrarily large amount of data.
1664 Pick the maximum packet size, which is as good as anything. */
1665 return MAX_PACKET_LENGTH
;
1668 static void gdb_chr_receive(void *opaque
, const uint8_t *buf
, int size
)
1672 for (i
= 0; i
< size
; i
++) {
1673 gdb_read_byte(gdbserver_state
, buf
[i
]);
1677 static void gdb_chr_event(void *opaque
, int event
)
1680 case CHR_EVENT_OPENED
:
1681 vm_stop(RUN_STATE_PAUSED
);
1682 gdb_has_xml
= false;
1689 static void gdb_monitor_output(GDBState
*s
, const char *msg
, int len
)
1691 char buf
[MAX_PACKET_LENGTH
];
1694 if (len
> (MAX_PACKET_LENGTH
/2) - 1)
1695 len
= (MAX_PACKET_LENGTH
/2) - 1;
1696 memtohex(buf
+ 1, (uint8_t *)msg
, len
);
1700 static int gdb_monitor_write(CharDriverState
*chr
, const uint8_t *buf
, int len
)
1702 const char *p
= (const char *)buf
;
1705 max_sz
= (sizeof(gdbserver_state
->last_packet
) - 2) / 2;
1707 if (len
<= max_sz
) {
1708 gdb_monitor_output(gdbserver_state
, p
, len
);
1711 gdb_monitor_output(gdbserver_state
, p
, max_sz
);
1719 static void gdb_sigterm_handler(int signal
)
1721 if (runstate_is_running()) {
1722 vm_stop(RUN_STATE_PAUSED
);
1727 int gdbserver_start(const char *device
)
1730 char gdbstub_device_name
[128];
1731 CharDriverState
*chr
= NULL
;
1732 CharDriverState
*mon_chr
;
1733 ChardevCommon common
= { 0 };
1737 if (strcmp(device
, "none") != 0) {
1738 if (strstart(device
, "tcp:", NULL
)) {
1739 /* enforce required TCP attributes */
1740 snprintf(gdbstub_device_name
, sizeof(gdbstub_device_name
),
1741 "%s,nowait,nodelay,server", device
);
1742 device
= gdbstub_device_name
;
1745 else if (strcmp(device
, "stdio") == 0) {
1746 struct sigaction act
;
1748 memset(&act
, 0, sizeof(act
));
1749 act
.sa_handler
= gdb_sigterm_handler
;
1750 sigaction(SIGINT
, &act
, NULL
);
1753 chr
= qemu_chr_new_noreplay("gdb", device
);
1758 s
= gdbserver_state
;
1760 s
= g_malloc0(sizeof(GDBState
));
1761 gdbserver_state
= s
;
1763 qemu_add_vm_change_state_handler(gdb_vm_state_change
, NULL
);
1765 /* Initialize a monitor terminal for gdb */
1766 mon_chr
= qemu_chr_alloc(&common
, &error_abort
);
1767 mon_chr
->chr_write
= gdb_monitor_write
;
1768 monitor_init(mon_chr
, 0);
1770 if (qemu_chr_fe_get_driver(&s
->chr
)) {
1771 qemu_chr_delete(qemu_chr_fe_get_driver(&s
->chr
));
1773 mon_chr
= s
->mon_chr
;
1774 memset(s
, 0, sizeof(GDBState
));
1775 s
->mon_chr
= mon_chr
;
1777 s
->c_cpu
= first_cpu
;
1778 s
->g_cpu
= first_cpu
;
1780 qemu_chr_fe_init(&s
->chr
, chr
, &error_abort
);
1781 qemu_chr_fe_set_handlers(&s
->chr
, gdb_chr_can_receive
, gdb_chr_receive
,
1782 gdb_chr_event
, NULL
, NULL
, true);
1784 s
->state
= chr
? RS_IDLE
: RS_INACTIVE
;
1785 s
->mon_chr
= mon_chr
;
1786 s
->current_syscall_cb
= NULL
;