4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #include "qemu/cutils.h"
23 #ifdef CONFIG_USER_ONLY
26 #include "monitor/monitor.h"
27 #include "sysemu/char.h"
28 #include "sysemu/sysemu.h"
29 #include "exec/gdbstub.h"
32 #define MAX_PACKET_LENGTH 4096
34 #include "qemu/sockets.h"
35 #include "sysemu/kvm.h"
36 #include "exec/semihost.h"
37 #include "exec/exec-all.h"
39 #ifdef CONFIG_USER_ONLY
40 #define GDB_ATTACHED "0"
42 #define GDB_ATTACHED "1"
45 static inline int target_memory_rw_debug(CPUState
*cpu
, target_ulong addr
,
46 uint8_t *buf
, int len
, bool is_write
)
48 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
50 if (cc
->memory_rw_debug
) {
51 return cc
->memory_rw_debug(cpu
, addr
, buf
, len
, is_write
);
53 return cpu_memory_rw_debug(cpu
, addr
, buf
, len
, is_write
);
65 GDB_SIGNAL_UNKNOWN
= 143
68 #ifdef CONFIG_USER_ONLY
70 /* Map target signal numbers to GDB protocol signal numbers and vice
71 * versa. For user emulation's currently supported systems, we can
72 * assume most signals are defined.
75 static int gdb_signal_table
[] = {
235 /* In system mode we only need SIGINT and SIGTRAP; other signals
236 are not yet supported. */
243 static int gdb_signal_table
[] = {
253 #ifdef CONFIG_USER_ONLY
254 static int target_signal_to_gdb (int sig
)
257 for (i
= 0; i
< ARRAY_SIZE (gdb_signal_table
); i
++)
258 if (gdb_signal_table
[i
] == sig
)
260 return GDB_SIGNAL_UNKNOWN
;
264 static int gdb_signal_to_target (int sig
)
266 if (sig
< ARRAY_SIZE (gdb_signal_table
))
267 return gdb_signal_table
[sig
];
274 typedef struct GDBRegisterState
{
280 struct GDBRegisterState
*next
;
290 typedef struct GDBState
{
291 CPUState
*c_cpu
; /* current CPU for step/continue ops */
292 CPUState
*g_cpu
; /* current CPU for other ops */
293 CPUState
*query_cpu
; /* for q{f|s}ThreadInfo */
294 enum RSState state
; /* parsing state */
295 char line_buf
[MAX_PACKET_LENGTH
];
298 uint8_t last_packet
[MAX_PACKET_LENGTH
+ 4];
301 #ifdef CONFIG_USER_ONLY
306 CharDriverState
*mon_chr
;
308 char syscall_buf
[256];
309 gdb_syscall_complete_cb current_syscall_cb
;
312 /* By default use no IRQs and no timers while single stepping so as to
313 * make single stepping like an ICE HW step.
315 static int sstep_flags
= SSTEP_ENABLE
|SSTEP_NOIRQ
|SSTEP_NOTIMER
;
317 static GDBState
*gdbserver_state
;
321 #ifdef CONFIG_USER_ONLY
322 /* XXX: This is not thread safe. Do we care? */
323 static int gdbserver_fd
= -1;
325 static int get_char(GDBState
*s
)
331 ret
= qemu_recv(s
->fd
, &ch
, 1, 0);
333 if (errno
== ECONNRESET
)
337 } else if (ret
== 0) {
355 /* Decide if either remote gdb syscalls or native file IO should be used. */
356 int use_gdb_syscalls(void)
358 SemihostingTarget target
= semihosting_get_target();
359 if (target
== SEMIHOSTING_TARGET_NATIVE
) {
360 /* -semihosting-config target=native */
362 } else if (target
== SEMIHOSTING_TARGET_GDB
) {
363 /* -semihosting-config target=gdb */
367 /* -semihosting-config target=auto */
368 /* On the first call check if gdb is connected and remember. */
369 if (gdb_syscall_mode
== GDB_SYS_UNKNOWN
) {
370 gdb_syscall_mode
= (gdbserver_state
? GDB_SYS_ENABLED
373 return gdb_syscall_mode
== GDB_SYS_ENABLED
;
376 /* Resume execution. */
377 static inline void gdb_continue(GDBState
*s
)
379 #ifdef CONFIG_USER_ONLY
380 s
->running_state
= 1;
382 if (!runstate_needs_reset()) {
388 static void put_buffer(GDBState
*s
, const uint8_t *buf
, int len
)
390 #ifdef CONFIG_USER_ONLY
394 ret
= send(s
->fd
, buf
, len
, 0);
404 /* XXX this blocks entire thread. Rewrite to use
405 * qemu_chr_fe_write and background I/O callbacks */
406 qemu_chr_fe_write_all(&s
->chr
, buf
, len
);
410 static inline int fromhex(int v
)
412 if (v
>= '0' && v
<= '9')
414 else if (v
>= 'A' && v
<= 'F')
416 else if (v
>= 'a' && v
<= 'f')
422 static inline int tohex(int v
)
430 static void memtohex(char *buf
, const uint8_t *mem
, int len
)
435 for(i
= 0; i
< len
; i
++) {
437 *q
++ = tohex(c
>> 4);
438 *q
++ = tohex(c
& 0xf);
443 static void hextomem(uint8_t *mem
, const char *buf
, int len
)
447 for(i
= 0; i
< len
; i
++) {
448 mem
[i
] = (fromhex(buf
[0]) << 4) | fromhex(buf
[1]);
453 /* return -1 if error, 0 if OK */
454 static int put_packet_binary(GDBState
*s
, const char *buf
, int len
)
465 for(i
= 0; i
< len
; i
++) {
469 *(p
++) = tohex((csum
>> 4) & 0xf);
470 *(p
++) = tohex((csum
) & 0xf);
472 s
->last_packet_len
= p
- s
->last_packet
;
473 put_buffer(s
, (uint8_t *)s
->last_packet
, s
->last_packet_len
);
475 #ifdef CONFIG_USER_ONLY
488 /* return -1 if error, 0 if OK */
489 static int put_packet(GDBState
*s
, const char *buf
)
492 printf("reply='%s'\n", buf
);
495 return put_packet_binary(s
, buf
, strlen(buf
));
498 /* Encode data using the encoding for 'x' packets. */
499 static int memtox(char *buf
, const char *mem
, int len
)
507 case '#': case '$': case '*': case '}':
519 static const char *get_feature_xml(const char *p
, const char **newp
,
525 static char target_xml
[1024];
528 while (p
[len
] && p
[len
] != ':')
533 if (strncmp(p
, "target.xml", len
) == 0) {
534 /* Generate the XML description for this CPU. */
535 if (!target_xml
[0]) {
537 CPUState
*cpu
= first_cpu
;
539 pstrcat(target_xml
, sizeof(target_xml
),
540 "<?xml version=\"1.0\"?>"
541 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
543 if (cc
->gdb_arch_name
) {
544 gchar
*arch
= cc
->gdb_arch_name(cpu
);
545 pstrcat(target_xml
, sizeof(target_xml
), "<architecture>");
546 pstrcat(target_xml
, sizeof(target_xml
), arch
);
547 pstrcat(target_xml
, sizeof(target_xml
), "</architecture>");
550 pstrcat(target_xml
, sizeof(target_xml
), "<xi:include href=\"");
551 pstrcat(target_xml
, sizeof(target_xml
), cc
->gdb_core_xml_file
);
552 pstrcat(target_xml
, sizeof(target_xml
), "\"/>");
553 for (r
= cpu
->gdb_regs
; r
; r
= r
->next
) {
554 pstrcat(target_xml
, sizeof(target_xml
), "<xi:include href=\"");
555 pstrcat(target_xml
, sizeof(target_xml
), r
->xml
);
556 pstrcat(target_xml
, sizeof(target_xml
), "\"/>");
558 pstrcat(target_xml
, sizeof(target_xml
), "</target>");
563 name
= xml_builtin
[i
][0];
564 if (!name
|| (strncmp(name
, p
, len
) == 0 && strlen(name
) == len
))
567 return name
? xml_builtin
[i
][1] : NULL
;
570 static int gdb_read_register(CPUState
*cpu
, uint8_t *mem_buf
, int reg
)
572 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
573 CPUArchState
*env
= cpu
->env_ptr
;
576 if (reg
< cc
->gdb_num_core_regs
) {
577 return cc
->gdb_read_register(cpu
, mem_buf
, reg
);
580 for (r
= cpu
->gdb_regs
; r
; r
= r
->next
) {
581 if (r
->base_reg
<= reg
&& reg
< r
->base_reg
+ r
->num_regs
) {
582 return r
->get_reg(env
, mem_buf
, reg
- r
->base_reg
);
588 static int gdb_write_register(CPUState
*cpu
, uint8_t *mem_buf
, int reg
)
590 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
591 CPUArchState
*env
= cpu
->env_ptr
;
594 if (reg
< cc
->gdb_num_core_regs
) {
595 return cc
->gdb_write_register(cpu
, mem_buf
, reg
);
598 for (r
= cpu
->gdb_regs
; r
; r
= r
->next
) {
599 if (r
->base_reg
<= reg
&& reg
< r
->base_reg
+ r
->num_regs
) {
600 return r
->set_reg(env
, mem_buf
, reg
- r
->base_reg
);
606 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
607 specifies the first register number and these registers are included in
608 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
609 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
612 void gdb_register_coprocessor(CPUState
*cpu
,
613 gdb_reg_cb get_reg
, gdb_reg_cb set_reg
,
614 int num_regs
, const char *xml
, int g_pos
)
617 GDBRegisterState
**p
;
621 /* Check for duplicates. */
622 if (strcmp((*p
)->xml
, xml
) == 0)
627 s
= g_new0(GDBRegisterState
, 1);
628 s
->base_reg
= cpu
->gdb_num_regs
;
629 s
->num_regs
= num_regs
;
630 s
->get_reg
= get_reg
;
631 s
->set_reg
= set_reg
;
634 /* Add to end of list. */
635 cpu
->gdb_num_regs
+= num_regs
;
638 if (g_pos
!= s
->base_reg
) {
639 fprintf(stderr
, "Error: Bad gdb register numbering for '%s'\n"
640 "Expected %d got %d\n", xml
, g_pos
, s
->base_reg
);
642 cpu
->gdb_num_g_regs
= cpu
->gdb_num_regs
;
647 #ifndef CONFIG_USER_ONLY
648 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
649 static inline int xlat_gdb_type(CPUState
*cpu
, int gdbtype
)
651 static const int xlat
[] = {
652 [GDB_WATCHPOINT_WRITE
] = BP_GDB
| BP_MEM_WRITE
,
653 [GDB_WATCHPOINT_READ
] = BP_GDB
| BP_MEM_READ
,
654 [GDB_WATCHPOINT_ACCESS
] = BP_GDB
| BP_MEM_ACCESS
,
657 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
658 int cputype
= xlat
[gdbtype
];
660 if (cc
->gdb_stop_before_watchpoint
) {
661 cputype
|= BP_STOP_BEFORE_ACCESS
;
667 static int gdb_breakpoint_insert(target_ulong addr
, target_ulong len
, int type
)
673 return kvm_insert_breakpoint(gdbserver_state
->c_cpu
, addr
, len
, type
);
677 case GDB_BREAKPOINT_SW
:
678 case GDB_BREAKPOINT_HW
:
680 err
= cpu_breakpoint_insert(cpu
, addr
, BP_GDB
, NULL
);
686 #ifndef CONFIG_USER_ONLY
687 case GDB_WATCHPOINT_WRITE
:
688 case GDB_WATCHPOINT_READ
:
689 case GDB_WATCHPOINT_ACCESS
:
691 err
= cpu_watchpoint_insert(cpu
, addr
, len
,
692 xlat_gdb_type(cpu
, type
), NULL
);
704 static int gdb_breakpoint_remove(target_ulong addr
, target_ulong len
, int type
)
710 return kvm_remove_breakpoint(gdbserver_state
->c_cpu
, addr
, len
, type
);
714 case GDB_BREAKPOINT_SW
:
715 case GDB_BREAKPOINT_HW
:
717 err
= cpu_breakpoint_remove(cpu
, addr
, BP_GDB
);
723 #ifndef CONFIG_USER_ONLY
724 case GDB_WATCHPOINT_WRITE
:
725 case GDB_WATCHPOINT_READ
:
726 case GDB_WATCHPOINT_ACCESS
:
728 err
= cpu_watchpoint_remove(cpu
, addr
, len
,
729 xlat_gdb_type(cpu
, type
));
740 static void gdb_breakpoint_remove_all(void)
745 kvm_remove_all_breakpoints(gdbserver_state
->c_cpu
);
750 cpu_breakpoint_remove_all(cpu
, BP_GDB
);
751 #ifndef CONFIG_USER_ONLY
752 cpu_watchpoint_remove_all(cpu
, BP_GDB
);
757 static void gdb_set_cpu_pc(GDBState
*s
, target_ulong pc
)
759 CPUState
*cpu
= s
->c_cpu
;
761 cpu_synchronize_state(cpu
);
765 static CPUState
*find_cpu(uint32_t thread_id
)
770 if (cpu_index(cpu
) == thread_id
) {
778 static int is_query_packet(const char *p
, const char *query
, char separator
)
780 unsigned int query_len
= strlen(query
);
782 return strncmp(p
, query
, query_len
) == 0 &&
783 (p
[query_len
] == '\0' || p
[query_len
] == separator
);
786 static int gdb_handle_packet(GDBState
*s
, const char *line_buf
)
792 int ch
, reg_size
, type
, res
;
793 char buf
[MAX_PACKET_LENGTH
];
794 uint8_t mem_buf
[MAX_PACKET_LENGTH
];
796 target_ulong addr
, len
;
799 printf("command='%s'\n", line_buf
);
805 /* TODO: Make this return the correct value for user-mode. */
806 snprintf(buf
, sizeof(buf
), "T%02xthread:%02x;", GDB_SIGNAL_TRAP
,
807 cpu_index(s
->c_cpu
));
809 /* Remove all the breakpoints when this query is issued,
810 * because gdb is doing and initial connect and the state
811 * should be cleaned up.
813 gdb_breakpoint_remove_all();
817 addr
= strtoull(p
, (char **)&p
, 16);
818 gdb_set_cpu_pc(s
, addr
);
824 s
->signal
= gdb_signal_to_target (strtoul(p
, (char **)&p
, 16));
830 if (strncmp(p
, "Cont", 4) == 0) {
831 int res_signal
, res_thread
;
835 put_packet(s
, "vCont;c;C;s;S");
850 if (action
== 'C' || action
== 'S') {
851 signal
= gdb_signal_to_target(strtoul(p
, (char **)&p
, 16));
855 } else if (action
!= 'c' && action
!= 's') {
861 thread
= strtoull(p
+1, (char **)&p
, 16);
863 action
= tolower(action
);
864 if (res
== 0 || (res
== 'c' && action
== 's')) {
871 if (res_thread
!= -1 && res_thread
!= 0) {
872 cpu
= find_cpu(res_thread
);
874 put_packet(s
, "E22");
880 cpu_single_step(s
->c_cpu
, sstep_flags
);
882 s
->signal
= res_signal
;
888 goto unknown_command
;
891 /* Kill the target */
892 fprintf(stderr
, "\nQEMU: Terminated via GDBstub\n");
896 gdb_breakpoint_remove_all();
897 gdb_syscall_mode
= GDB_SYS_DISABLED
;
903 addr
= strtoull(p
, (char **)&p
, 16);
904 gdb_set_cpu_pc(s
, addr
);
906 cpu_single_step(s
->c_cpu
, sstep_flags
);
914 ret
= strtoull(p
, (char **)&p
, 16);
917 err
= strtoull(p
, (char **)&p
, 16);
924 if (s
->current_syscall_cb
) {
925 s
->current_syscall_cb(s
->c_cpu
, ret
, err
);
926 s
->current_syscall_cb
= NULL
;
929 put_packet(s
, "T02");
936 cpu_synchronize_state(s
->g_cpu
);
938 for (addr
= 0; addr
< s
->g_cpu
->gdb_num_g_regs
; addr
++) {
939 reg_size
= gdb_read_register(s
->g_cpu
, mem_buf
+ len
, addr
);
942 memtohex(buf
, mem_buf
, len
);
946 cpu_synchronize_state(s
->g_cpu
);
949 hextomem((uint8_t *)registers
, p
, len
);
950 for (addr
= 0; addr
< s
->g_cpu
->gdb_num_g_regs
&& len
> 0; addr
++) {
951 reg_size
= gdb_write_register(s
->g_cpu
, registers
, addr
);
953 registers
+= reg_size
;
958 addr
= strtoull(p
, (char **)&p
, 16);
961 len
= strtoull(p
, NULL
, 16);
963 /* memtohex() doubles the required space */
964 if (len
> MAX_PACKET_LENGTH
/ 2) {
965 put_packet (s
, "E22");
969 if (target_memory_rw_debug(s
->g_cpu
, addr
, mem_buf
, len
, false) != 0) {
970 put_packet (s
, "E14");
972 memtohex(buf
, mem_buf
, len
);
977 addr
= strtoull(p
, (char **)&p
, 16);
980 len
= strtoull(p
, (char **)&p
, 16);
984 /* hextomem() reads 2*len bytes */
985 if (len
> strlen(p
) / 2) {
986 put_packet (s
, "E22");
989 hextomem(mem_buf
, p
, len
);
990 if (target_memory_rw_debug(s
->g_cpu
, addr
, mem_buf
, len
,
992 put_packet(s
, "E14");
998 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
999 This works, but can be very slow. Anything new enough to
1000 understand XML also knows how to use this properly. */
1002 goto unknown_command
;
1003 addr
= strtoull(p
, (char **)&p
, 16);
1004 reg_size
= gdb_read_register(s
->g_cpu
, mem_buf
, addr
);
1006 memtohex(buf
, mem_buf
, reg_size
);
1009 put_packet(s
, "E14");
1014 goto unknown_command
;
1015 addr
= strtoull(p
, (char **)&p
, 16);
1018 reg_size
= strlen(p
) / 2;
1019 hextomem(mem_buf
, p
, reg_size
);
1020 gdb_write_register(s
->g_cpu
, mem_buf
, addr
);
1021 put_packet(s
, "OK");
1025 type
= strtoul(p
, (char **)&p
, 16);
1028 addr
= strtoull(p
, (char **)&p
, 16);
1031 len
= strtoull(p
, (char **)&p
, 16);
1033 res
= gdb_breakpoint_insert(addr
, len
, type
);
1035 res
= gdb_breakpoint_remove(addr
, len
, type
);
1037 put_packet(s
, "OK");
1038 else if (res
== -ENOSYS
)
1041 put_packet(s
, "E22");
1045 thread
= strtoull(p
, (char **)&p
, 16);
1046 if (thread
== -1 || thread
== 0) {
1047 put_packet(s
, "OK");
1050 cpu
= find_cpu(thread
);
1052 put_packet(s
, "E22");
1058 put_packet(s
, "OK");
1062 put_packet(s
, "OK");
1065 put_packet(s
, "E22");
1070 thread
= strtoull(p
, (char **)&p
, 16);
1071 cpu
= find_cpu(thread
);
1074 put_packet(s
, "OK");
1076 put_packet(s
, "E22");
1081 /* parse any 'q' packets here */
1082 if (!strcmp(p
,"qemu.sstepbits")) {
1083 /* Query Breakpoint bit definitions */
1084 snprintf(buf
, sizeof(buf
), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1090 } else if (is_query_packet(p
, "qemu.sstep", '=')) {
1091 /* Display or change the sstep_flags */
1094 /* Display current setting */
1095 snprintf(buf
, sizeof(buf
), "0x%x", sstep_flags
);
1100 type
= strtoul(p
, (char **)&p
, 16);
1102 put_packet(s
, "OK");
1104 } else if (strcmp(p
,"C") == 0) {
1105 /* "Current thread" remains vague in the spec, so always return
1106 * the first CPU (gdb returns the first thread). */
1107 put_packet(s
, "QC1");
1109 } else if (strcmp(p
,"fThreadInfo") == 0) {
1110 s
->query_cpu
= first_cpu
;
1111 goto report_cpuinfo
;
1112 } else if (strcmp(p
,"sThreadInfo") == 0) {
1115 snprintf(buf
, sizeof(buf
), "m%x", cpu_index(s
->query_cpu
));
1117 s
->query_cpu
= CPU_NEXT(s
->query_cpu
);
1121 } else if (strncmp(p
,"ThreadExtraInfo,", 16) == 0) {
1122 thread
= strtoull(p
+16, (char **)&p
, 16);
1123 cpu
= find_cpu(thread
);
1125 cpu_synchronize_state(cpu
);
1126 /* memtohex() doubles the required space */
1127 len
= snprintf((char *)mem_buf
, sizeof(buf
) / 2,
1128 "CPU#%d [%s]", cpu
->cpu_index
,
1129 cpu
->halted
? "halted " : "running");
1130 memtohex(buf
, mem_buf
, len
);
1135 #ifdef CONFIG_USER_ONLY
1136 else if (strcmp(p
, "Offsets") == 0) {
1137 TaskState
*ts
= s
->c_cpu
->opaque
;
1139 snprintf(buf
, sizeof(buf
),
1140 "Text=" TARGET_ABI_FMT_lx
";Data=" TARGET_ABI_FMT_lx
1141 ";Bss=" TARGET_ABI_FMT_lx
,
1142 ts
->info
->code_offset
,
1143 ts
->info
->data_offset
,
1144 ts
->info
->data_offset
);
1148 #else /* !CONFIG_USER_ONLY */
1149 else if (strncmp(p
, "Rcmd,", 5) == 0) {
1150 int len
= strlen(p
+ 5);
1152 if ((len
% 2) != 0) {
1153 put_packet(s
, "E01");
1157 hextomem(mem_buf
, p
+ 5, len
);
1159 qemu_chr_be_write(s
->mon_chr
, mem_buf
, len
);
1160 put_packet(s
, "OK");
1163 #endif /* !CONFIG_USER_ONLY */
1164 if (is_query_packet(p
, "Supported", ':')) {
1165 snprintf(buf
, sizeof(buf
), "PacketSize=%x", MAX_PACKET_LENGTH
);
1166 cc
= CPU_GET_CLASS(first_cpu
);
1167 if (cc
->gdb_core_xml_file
!= NULL
) {
1168 pstrcat(buf
, sizeof(buf
), ";qXfer:features:read+");
1173 if (strncmp(p
, "Xfer:features:read:", 19) == 0) {
1175 target_ulong total_len
;
1177 cc
= CPU_GET_CLASS(first_cpu
);
1178 if (cc
->gdb_core_xml_file
== NULL
) {
1179 goto unknown_command
;
1184 xml
= get_feature_xml(p
, &p
, cc
);
1186 snprintf(buf
, sizeof(buf
), "E00");
1193 addr
= strtoul(p
, (char **)&p
, 16);
1196 len
= strtoul(p
, (char **)&p
, 16);
1198 total_len
= strlen(xml
);
1199 if (addr
> total_len
) {
1200 snprintf(buf
, sizeof(buf
), "E00");
1204 if (len
> (MAX_PACKET_LENGTH
- 5) / 2)
1205 len
= (MAX_PACKET_LENGTH
- 5) / 2;
1206 if (len
< total_len
- addr
) {
1208 len
= memtox(buf
+ 1, xml
+ addr
, len
);
1211 len
= memtox(buf
+ 1, xml
+ addr
, total_len
- addr
);
1213 put_packet_binary(s
, buf
, len
+ 1);
1216 if (is_query_packet(p
, "Attached", ':')) {
1217 put_packet(s
, GDB_ATTACHED
);
1220 /* Unrecognised 'q' command. */
1221 goto unknown_command
;
1225 /* put empty packet */
1233 void gdb_set_stop_cpu(CPUState
*cpu
)
1235 gdbserver_state
->c_cpu
= cpu
;
1236 gdbserver_state
->g_cpu
= cpu
;
1239 #ifndef CONFIG_USER_ONLY
1240 static void gdb_vm_state_change(void *opaque
, int running
, RunState state
)
1242 GDBState
*s
= gdbserver_state
;
1243 CPUState
*cpu
= s
->c_cpu
;
1248 if (running
|| s
->state
== RS_INACTIVE
) {
1251 /* Is there a GDB syscall waiting to be sent? */
1252 if (s
->current_syscall_cb
) {
1253 put_packet(s
, s
->syscall_buf
);
1257 case RUN_STATE_DEBUG
:
1258 if (cpu
->watchpoint_hit
) {
1259 switch (cpu
->watchpoint_hit
->flags
& BP_MEM_ACCESS
) {
1270 snprintf(buf
, sizeof(buf
),
1271 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx
";",
1272 GDB_SIGNAL_TRAP
, cpu_index(cpu
), type
,
1273 (target_ulong
)cpu
->watchpoint_hit
->vaddr
);
1274 cpu
->watchpoint_hit
= NULL
;
1278 ret
= GDB_SIGNAL_TRAP
;
1280 case RUN_STATE_PAUSED
:
1281 ret
= GDB_SIGNAL_INT
;
1283 case RUN_STATE_SHUTDOWN
:
1284 ret
= GDB_SIGNAL_QUIT
;
1286 case RUN_STATE_IO_ERROR
:
1287 ret
= GDB_SIGNAL_IO
;
1289 case RUN_STATE_WATCHDOG
:
1290 ret
= GDB_SIGNAL_ALRM
;
1292 case RUN_STATE_INTERNAL_ERROR
:
1293 ret
= GDB_SIGNAL_ABRT
;
1295 case RUN_STATE_SAVE_VM
:
1296 case RUN_STATE_RESTORE_VM
:
1298 case RUN_STATE_FINISH_MIGRATE
:
1299 ret
= GDB_SIGNAL_XCPU
;
1302 ret
= GDB_SIGNAL_UNKNOWN
;
1305 gdb_set_stop_cpu(cpu
);
1306 snprintf(buf
, sizeof(buf
), "T%02xthread:%02x;", ret
, cpu_index(cpu
));
1311 /* disable single step if it was enabled */
1312 cpu_single_step(cpu
, 0);
1316 /* Send a gdb syscall request.
1317 This accepts limited printf-style format specifiers, specifically:
1318 %x - target_ulong argument printed in hex.
1319 %lx - 64-bit argument printed in hex.
1320 %s - string pointer (target_ulong) and length (int) pair. */
1321 void gdb_do_syscallv(gdb_syscall_complete_cb cb
, const char *fmt
, va_list va
)
1329 s
= gdbserver_state
;
1332 s
->current_syscall_cb
= cb
;
1333 #ifndef CONFIG_USER_ONLY
1334 vm_stop(RUN_STATE_DEBUG
);
1337 p_end
= &s
->syscall_buf
[sizeof(s
->syscall_buf
)];
1344 addr
= va_arg(va
, target_ulong
);
1345 p
+= snprintf(p
, p_end
- p
, TARGET_FMT_lx
, addr
);
1348 if (*(fmt
++) != 'x')
1350 i64
= va_arg(va
, uint64_t);
1351 p
+= snprintf(p
, p_end
- p
, "%" PRIx64
, i64
);
1354 addr
= va_arg(va
, target_ulong
);
1355 p
+= snprintf(p
, p_end
- p
, TARGET_FMT_lx
"/%x",
1356 addr
, va_arg(va
, int));
1360 fprintf(stderr
, "gdbstub: Bad syscall format string '%s'\n",
1369 #ifdef CONFIG_USER_ONLY
1370 put_packet(s
, s
->syscall_buf
);
1371 gdb_handlesig(s
->c_cpu
, 0);
1373 /* In this case wait to send the syscall packet until notification that
1374 the CPU has stopped. This must be done because if the packet is sent
1375 now the reply from the syscall request could be received while the CPU
1376 is still in the running state, which can cause packets to be dropped
1377 and state transition 'T' packets to be sent while the syscall is still
1379 qemu_cpu_kick(s
->c_cpu
);
1383 void gdb_do_syscall(gdb_syscall_complete_cb cb
, const char *fmt
, ...)
1388 gdb_do_syscallv(cb
, fmt
, va
);
1392 static void gdb_read_byte(GDBState
*s
, int ch
)
1397 #ifndef CONFIG_USER_ONLY
1398 if (s
->last_packet_len
) {
1399 /* Waiting for a response to the last packet. If we see the start
1400 of a new command then abandon the previous response. */
1403 printf("Got NACK, retransmitting\n");
1405 put_buffer(s
, (uint8_t *)s
->last_packet
, s
->last_packet_len
);
1409 printf("Got ACK\n");
1411 printf("Got '%c' when expecting ACK/NACK\n", ch
);
1413 if (ch
== '+' || ch
== '$')
1414 s
->last_packet_len
= 0;
1418 if (runstate_is_running()) {
1419 /* when the CPU is running, we cannot do anything except stop
1420 it when receiving a char */
1421 vm_stop(RUN_STATE_PAUSED
);
1428 s
->line_buf_index
= 0;
1429 s
->state
= RS_GETLINE
;
1434 s
->state
= RS_CHKSUM1
;
1435 } else if (s
->line_buf_index
>= sizeof(s
->line_buf
) - 1) {
1438 s
->line_buf
[s
->line_buf_index
++] = ch
;
1442 s
->line_buf
[s
->line_buf_index
] = '\0';
1443 s
->line_csum
= fromhex(ch
) << 4;
1444 s
->state
= RS_CHKSUM2
;
1447 s
->line_csum
|= fromhex(ch
);
1449 for(i
= 0; i
< s
->line_buf_index
; i
++) {
1450 csum
+= s
->line_buf
[i
];
1452 if (s
->line_csum
!= (csum
& 0xff)) {
1454 put_buffer(s
, &reply
, 1);
1458 put_buffer(s
, &reply
, 1);
1459 s
->state
= gdb_handle_packet(s
, s
->line_buf
);
1468 /* Tell the remote gdb that the process has exited. */
1469 void gdb_exit(CPUArchState
*env
, int code
)
1473 #ifndef CONFIG_USER_ONLY
1474 CharDriverState
*chr
;
1477 s
= gdbserver_state
;
1481 #ifdef CONFIG_USER_ONLY
1482 if (gdbserver_fd
< 0 || s
->fd
< 0) {
1486 chr
= qemu_chr_fe_get_driver(&s
->chr
);
1492 snprintf(buf
, sizeof(buf
), "W%02x", (uint8_t)code
);
1495 #ifndef CONFIG_USER_ONLY
1496 qemu_chr_fe_deinit(&s
->chr
);
1497 qemu_chr_delete(chr
);
1501 #ifdef CONFIG_USER_ONLY
1503 gdb_handlesig(CPUState
*cpu
, int sig
)
1509 s
= gdbserver_state
;
1510 if (gdbserver_fd
< 0 || s
->fd
< 0) {
1514 /* disable single step if it was enabled */
1515 cpu_single_step(cpu
, 0);
1519 snprintf(buf
, sizeof(buf
), "S%02x", target_signal_to_gdb(sig
));
1522 /* put_packet() might have detected that the peer terminated the
1530 s
->running_state
= 0;
1531 while (s
->running_state
== 0) {
1532 n
= read(s
->fd
, buf
, 256);
1536 for (i
= 0; i
< n
; i
++) {
1537 gdb_read_byte(s
, buf
[i
]);
1540 /* XXX: Connection closed. Should probably wait for another
1541 connection before continuing. */
1554 /* Tell the remote gdb that the process has exited due to SIG. */
1555 void gdb_signalled(CPUArchState
*env
, int sig
)
1560 s
= gdbserver_state
;
1561 if (gdbserver_fd
< 0 || s
->fd
< 0) {
1565 snprintf(buf
, sizeof(buf
), "X%02x", target_signal_to_gdb(sig
));
1569 static void gdb_accept(void)
1572 struct sockaddr_in sockaddr
;
1577 len
= sizeof(sockaddr
);
1578 fd
= accept(gdbserver_fd
, (struct sockaddr
*)&sockaddr
, &len
);
1579 if (fd
< 0 && errno
!= EINTR
) {
1582 } else if (fd
>= 0) {
1584 fcntl(fd
, F_SETFD
, FD_CLOEXEC
);
1590 /* set short latency */
1591 socket_set_nodelay(fd
);
1593 s
= g_malloc0(sizeof(GDBState
));
1594 s
->c_cpu
= first_cpu
;
1595 s
->g_cpu
= first_cpu
;
1597 gdb_has_xml
= false;
1599 gdbserver_state
= s
;
1602 static int gdbserver_open(int port
)
1604 struct sockaddr_in sockaddr
;
1607 fd
= socket(PF_INET
, SOCK_STREAM
, 0);
1613 fcntl(fd
, F_SETFD
, FD_CLOEXEC
);
1616 socket_set_fast_reuse(fd
);
1618 sockaddr
.sin_family
= AF_INET
;
1619 sockaddr
.sin_port
= htons(port
);
1620 sockaddr
.sin_addr
.s_addr
= 0;
1621 ret
= bind(fd
, (struct sockaddr
*)&sockaddr
, sizeof(sockaddr
));
1627 ret
= listen(fd
, 1);
1636 int gdbserver_start(int port
)
1638 gdbserver_fd
= gdbserver_open(port
);
1639 if (gdbserver_fd
< 0)
1641 /* accept connections */
1646 /* Disable gdb stub for child processes. */
1647 void gdbserver_fork(CPUState
*cpu
)
1649 GDBState
*s
= gdbserver_state
;
1651 if (gdbserver_fd
< 0 || s
->fd
< 0) {
1656 cpu_breakpoint_remove_all(cpu
, BP_GDB
);
1657 cpu_watchpoint_remove_all(cpu
, BP_GDB
);
1660 static int gdb_chr_can_receive(void *opaque
)
1662 /* We can handle an arbitrarily large amount of data.
1663 Pick the maximum packet size, which is as good as anything. */
1664 return MAX_PACKET_LENGTH
;
1667 static void gdb_chr_receive(void *opaque
, const uint8_t *buf
, int size
)
1671 for (i
= 0; i
< size
; i
++) {
1672 gdb_read_byte(gdbserver_state
, buf
[i
]);
1676 static void gdb_chr_event(void *opaque
, int event
)
1679 case CHR_EVENT_OPENED
:
1680 vm_stop(RUN_STATE_PAUSED
);
1681 gdb_has_xml
= false;
1688 static void gdb_monitor_output(GDBState
*s
, const char *msg
, int len
)
1690 char buf
[MAX_PACKET_LENGTH
];
1693 if (len
> (MAX_PACKET_LENGTH
/2) - 1)
1694 len
= (MAX_PACKET_LENGTH
/2) - 1;
1695 memtohex(buf
+ 1, (uint8_t *)msg
, len
);
1699 static int gdb_monitor_write(CharDriverState
*chr
, const uint8_t *buf
, int len
)
1701 const char *p
= (const char *)buf
;
1704 max_sz
= (sizeof(gdbserver_state
->last_packet
) - 2) / 2;
1706 if (len
<= max_sz
) {
1707 gdb_monitor_output(gdbserver_state
, p
, len
);
1710 gdb_monitor_output(gdbserver_state
, p
, max_sz
);
1718 static void gdb_sigterm_handler(int signal
)
1720 if (runstate_is_running()) {
1721 vm_stop(RUN_STATE_PAUSED
);
1726 int gdbserver_start(const char *device
)
1729 char gdbstub_device_name
[128];
1730 CharDriverState
*chr
= NULL
;
1731 CharDriverState
*mon_chr
;
1732 ChardevCommon common
= { 0 };
1736 if (strcmp(device
, "none") != 0) {
1737 if (strstart(device
, "tcp:", NULL
)) {
1738 /* enforce required TCP attributes */
1739 snprintf(gdbstub_device_name
, sizeof(gdbstub_device_name
),
1740 "%s,nowait,nodelay,server", device
);
1741 device
= gdbstub_device_name
;
1744 else if (strcmp(device
, "stdio") == 0) {
1745 struct sigaction act
;
1747 memset(&act
, 0, sizeof(act
));
1748 act
.sa_handler
= gdb_sigterm_handler
;
1749 sigaction(SIGINT
, &act
, NULL
);
1752 chr
= qemu_chr_new_noreplay("gdb", device
);
1757 s
= gdbserver_state
;
1759 s
= g_malloc0(sizeof(GDBState
));
1760 gdbserver_state
= s
;
1762 qemu_add_vm_change_state_handler(gdb_vm_state_change
, NULL
);
1764 /* Initialize a monitor terminal for gdb */
1765 mon_chr
= qemu_chr_alloc(&common
, &error_abort
);
1766 mon_chr
->chr_write
= gdb_monitor_write
;
1767 monitor_init(mon_chr
, 0);
1769 if (qemu_chr_fe_get_driver(&s
->chr
)) {
1770 qemu_chr_delete(qemu_chr_fe_get_driver(&s
->chr
));
1772 mon_chr
= s
->mon_chr
;
1773 memset(s
, 0, sizeof(GDBState
));
1774 s
->mon_chr
= mon_chr
;
1776 s
->c_cpu
= first_cpu
;
1777 s
->g_cpu
= first_cpu
;
1779 qemu_chr_fe_init(&s
->chr
, chr
, &error_abort
);
1780 qemu_chr_fe_set_handlers(&s
->chr
, gdb_chr_can_receive
, gdb_chr_receive
,
1781 gdb_chr_event
, NULL
, NULL
, true);
1783 s
->state
= chr
? RS_IDLE
: RS_INACTIVE
;
1784 s
->mon_chr
= mon_chr
;
1785 s
->current_syscall_cb
= NULL
;