search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
9pfs: check the size of transport buffer before marshaling
[qemu/armbru.git] / gdbstub.c
blob2a94030d3b6e27d543213610b394e0241115f70c
1 /*
2 * gdb server stub
3 *
4 * Copyright (c) 2003-2005 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #include "qemu/error-report.h"
22 #include "qemu/cutils.h"
23 #include "cpu.h"
24 #ifdef CONFIG_USER_ONLY
25 #include "qemu.h"
26 #else
27 #include "monitor/monitor.h"
28 #include "chardev/char.h"
29 #include "chardev/char-fe.h"
30 #include "sysemu/sysemu.h"
31 #include "exec/gdbstub.h"
32 #endif
33
34 #define MAX_PACKET_LENGTH 4096
35
36 #include "qemu/sockets.h"
37 #include "sysemu/hw_accel.h"
38 #include "sysemu/kvm.h"
39 #include "exec/semihost.h"
40 #include "exec/exec-all.h"
41
42 #ifdef CONFIG_USER_ONLY
43 #define GDB_ATTACHED "0"
44 #else
45 #define GDB_ATTACHED "1"
46 #endif
47
48 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
49 uint8_t *buf, int len, bool is_write)
50 {
51 CPUClass *cc = CPU_GET_CLASS(cpu);
52
53 if (cc->memory_rw_debug) {
54 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
55 }
56 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
57 }
58
59 /* Return the GDB index for a given vCPU state.
60 *
61 * For user mode this is simply the thread id. In system mode GDB
62 * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
63 */
64 static inline int cpu_gdb_index(CPUState *cpu)
65 {
66 #if defined(CONFIG_USER_ONLY)
67 TaskState *ts = (TaskState *) cpu->opaque;
68 return ts->ts_tid;
69 #else
70 return cpu->cpu_index + 1;
71 #endif
72 }
73
74 enum {
75 GDB_SIGNAL_0 = 0,
76 GDB_SIGNAL_INT = 2,
77 GDB_SIGNAL_QUIT = 3,
78 GDB_SIGNAL_TRAP = 5,
79 GDB_SIGNAL_ABRT = 6,
80 GDB_SIGNAL_ALRM = 14,
81 GDB_SIGNAL_IO = 23,
82 GDB_SIGNAL_XCPU = 24,
83 GDB_SIGNAL_UNKNOWN = 143
84 };
85
86 #ifdef CONFIG_USER_ONLY
87
88 /* Map target signal numbers to GDB protocol signal numbers and vice
89 * versa. For user emulation's currently supported systems, we can
90 * assume most signals are defined.
91 */
92
93 static int gdb_signal_table[] = {
94 0,
95 TARGET_SIGHUP,
96 TARGET_SIGINT,
97 TARGET_SIGQUIT,
98 TARGET_SIGILL,
99 TARGET_SIGTRAP,
100 TARGET_SIGABRT,
101 -1, /* SIGEMT */
102 TARGET_SIGFPE,
103 TARGET_SIGKILL,
104 TARGET_SIGBUS,
105 TARGET_SIGSEGV,
106 TARGET_SIGSYS,
107 TARGET_SIGPIPE,
108 TARGET_SIGALRM,
109 TARGET_SIGTERM,
110 TARGET_SIGURG,
111 TARGET_SIGSTOP,
112 TARGET_SIGTSTP,
113 TARGET_SIGCONT,
114 TARGET_SIGCHLD,
115 TARGET_SIGTTIN,
116 TARGET_SIGTTOU,
117 TARGET_SIGIO,
118 TARGET_SIGXCPU,
119 TARGET_SIGXFSZ,
120 TARGET_SIGVTALRM,
121 TARGET_SIGPROF,
122 TARGET_SIGWINCH,
123 -1, /* SIGLOST */
124 TARGET_SIGUSR1,
125 TARGET_SIGUSR2,
126 #ifdef TARGET_SIGPWR
127 TARGET_SIGPWR,
128 #else
129 -1,
130 #endif
131 -1, /* SIGPOLL */
132 -1,
133 -1,
134 -1,
135 -1,
136 -1,
137 -1,
138 -1,
139 -1,
140 -1,
141 -1,
142 -1,
143 #ifdef __SIGRTMIN
144 __SIGRTMIN + 1,
145 __SIGRTMIN + 2,
146 __SIGRTMIN + 3,
147 __SIGRTMIN + 4,
148 __SIGRTMIN + 5,
149 __SIGRTMIN + 6,
150 __SIGRTMIN + 7,
151 __SIGRTMIN + 8,
152 __SIGRTMIN + 9,
153 __SIGRTMIN + 10,
154 __SIGRTMIN + 11,
155 __SIGRTMIN + 12,
156 __SIGRTMIN + 13,
157 __SIGRTMIN + 14,
158 __SIGRTMIN + 15,
159 __SIGRTMIN + 16,
160 __SIGRTMIN + 17,
161 __SIGRTMIN + 18,
162 __SIGRTMIN + 19,
163 __SIGRTMIN + 20,
164 __SIGRTMIN + 21,
165 __SIGRTMIN + 22,
166 __SIGRTMIN + 23,
167 __SIGRTMIN + 24,
168 __SIGRTMIN + 25,
169 __SIGRTMIN + 26,
170 __SIGRTMIN + 27,
171 __SIGRTMIN + 28,
172 __SIGRTMIN + 29,
173 __SIGRTMIN + 30,
174 __SIGRTMIN + 31,
175 -1, /* SIGCANCEL */
176 __SIGRTMIN,
177 __SIGRTMIN + 32,
178 __SIGRTMIN + 33,
179 __SIGRTMIN + 34,
180 __SIGRTMIN + 35,
181 __SIGRTMIN + 36,
182 __SIGRTMIN + 37,
183 __SIGRTMIN + 38,
184 __SIGRTMIN + 39,
185 __SIGRTMIN + 40,
186 __SIGRTMIN + 41,
187 __SIGRTMIN + 42,
188 __SIGRTMIN + 43,
189 __SIGRTMIN + 44,
190 __SIGRTMIN + 45,
191 __SIGRTMIN + 46,
192 __SIGRTMIN + 47,
193 __SIGRTMIN + 48,
194 __SIGRTMIN + 49,
195 __SIGRTMIN + 50,
196 __SIGRTMIN + 51,
197 __SIGRTMIN + 52,
198 __SIGRTMIN + 53,
199 __SIGRTMIN + 54,
200 __SIGRTMIN + 55,
201 __SIGRTMIN + 56,
202 __SIGRTMIN + 57,
203 __SIGRTMIN + 58,
204 __SIGRTMIN + 59,
205 __SIGRTMIN + 60,
206 __SIGRTMIN + 61,
207 __SIGRTMIN + 62,
208 __SIGRTMIN + 63,
209 __SIGRTMIN + 64,
210 __SIGRTMIN + 65,
211 __SIGRTMIN + 66,
212 __SIGRTMIN + 67,
213 __SIGRTMIN + 68,
214 __SIGRTMIN + 69,
215 __SIGRTMIN + 70,
216 __SIGRTMIN + 71,
217 __SIGRTMIN + 72,
218 __SIGRTMIN + 73,
219 __SIGRTMIN + 74,
220 __SIGRTMIN + 75,
221 __SIGRTMIN + 76,
222 __SIGRTMIN + 77,
223 __SIGRTMIN + 78,
224 __SIGRTMIN + 79,
225 __SIGRTMIN + 80,
226 __SIGRTMIN + 81,
227 __SIGRTMIN + 82,
228 __SIGRTMIN + 83,
229 __SIGRTMIN + 84,
230 __SIGRTMIN + 85,
231 __SIGRTMIN + 86,
232 __SIGRTMIN + 87,
233 __SIGRTMIN + 88,
234 __SIGRTMIN + 89,
235 __SIGRTMIN + 90,
236 __SIGRTMIN + 91,
237 __SIGRTMIN + 92,
238 __SIGRTMIN + 93,
239 __SIGRTMIN + 94,
240 __SIGRTMIN + 95,
241 -1, /* SIGINFO */
242 -1, /* UNKNOWN */
243 -1, /* DEFAULT */
244 -1,
245 -1,
246 -1,
247 -1,
248 -1,
249 -1
250 #endif
251 };
252 #else
253 /* In system mode we only need SIGINT and SIGTRAP; other signals
254 are not yet supported. */
255
256 enum {
257 TARGET_SIGINT = 2,
258 TARGET_SIGTRAP = 5
259 };
260
261 static int gdb_signal_table[] = {
262 -1,
263 -1,
264 TARGET_SIGINT,
265 -1,
266 -1,
267 TARGET_SIGTRAP
268 };
269 #endif
270
271 #ifdef CONFIG_USER_ONLY
272 static int target_signal_to_gdb (int sig)
273 {
274 int i;
275 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
276 if (gdb_signal_table[i] == sig)
277 return i;
278 return GDB_SIGNAL_UNKNOWN;
279 }
280 #endif
281
282 static int gdb_signal_to_target (int sig)
283 {
284 if (sig < ARRAY_SIZE (gdb_signal_table))
285 return gdb_signal_table[sig];
286 else
287 return -1;
288 }
289
290 /* #define DEBUG_GDB */
291
292 #ifdef DEBUG_GDB
293 # define DEBUG_GDB_GATE 1
294 #else
295 # define DEBUG_GDB_GATE 0
296 #endif
297
298 #define gdb_debug(fmt, ...) do { \
299 if (DEBUG_GDB_GATE) { \
300 fprintf(stderr, "%s: " fmt, __func__, ## __VA_ARGS__); \
301 } \
302 } while (0)
303
304
305 typedef struct GDBRegisterState {
306 int base_reg;
307 int num_regs;
308 gdb_reg_cb get_reg;
309 gdb_reg_cb set_reg;
310 const char *xml;
311 struct GDBRegisterState *next;
312 } GDBRegisterState;
313
314 enum RSState {
315 RS_INACTIVE,
316 RS_IDLE,
317 RS_GETLINE,
318 RS_GETLINE_ESC,
319 RS_GETLINE_RLE,
320 RS_CHKSUM1,
321 RS_CHKSUM2,
322 };
323 typedef struct GDBState {
324 CPUState *c_cpu; /* current CPU for step/continue ops */
325 CPUState *g_cpu; /* current CPU for other ops */
326 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
327 enum RSState state; /* parsing state */
328 char line_buf[MAX_PACKET_LENGTH];
329 int line_buf_index;
330 int line_sum; /* running checksum */
331 int line_csum; /* checksum at the end of the packet */
332 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
333 int last_packet_len;
334 int signal;
335 #ifdef CONFIG_USER_ONLY
336 int fd;
337 int running_state;
338 #else
339 CharBackend chr;
340 Chardev *mon_chr;
341 #endif
342 char syscall_buf[256];
343 gdb_syscall_complete_cb current_syscall_cb;
344 } GDBState;
345
346 /* By default use no IRQs and no timers while single stepping so as to
347 * make single stepping like an ICE HW step.
348 */
349 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
350
351 static GDBState *gdbserver_state;
352
353 bool gdb_has_xml;
354
355 #ifdef CONFIG_USER_ONLY
356 /* XXX: This is not thread safe. Do we care? */
357 static int gdbserver_fd = -1;
358
359 static int get_char(GDBState *s)
360 {
361 uint8_t ch;
362 int ret;
363
364 for(;;) {
365 ret = qemu_recv(s->fd, &ch, 1, 0);
366 if (ret < 0) {
367 if (errno == ECONNRESET)
368 s->fd = -1;
369 if (errno != EINTR)
370 return -1;
371 } else if (ret == 0) {
372 close(s->fd);
373 s->fd = -1;
374 return -1;
375 } else {
376 break;
377 }
378 }
379 return ch;
380 }
381 #endif
382
383 static enum {
384 GDB_SYS_UNKNOWN,
385 GDB_SYS_ENABLED,
386 GDB_SYS_DISABLED,
387 } gdb_syscall_mode;
388
389 /* Decide if either remote gdb syscalls or native file IO should be used. */
390 int use_gdb_syscalls(void)
391 {
392 SemihostingTarget target = semihosting_get_target();
393 if (target == SEMIHOSTING_TARGET_NATIVE) {
394 /* -semihosting-config target=native */
395 return false;
396 } else if (target == SEMIHOSTING_TARGET_GDB) {
397 /* -semihosting-config target=gdb */
398 return true;
399 }
400
401 /* -semihosting-config target=auto */
402 /* On the first call check if gdb is connected and remember. */
403 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
404 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
405 : GDB_SYS_DISABLED);
406 }
407 return gdb_syscall_mode == GDB_SYS_ENABLED;
408 }
409
410 /* Resume execution. */
411 static inline void gdb_continue(GDBState *s)
412 {
413 #ifdef CONFIG_USER_ONLY
414 s->running_state = 1;
415 #else
416 if (!runstate_needs_reset()) {
417 vm_start();
418 }
419 #endif
420 }
421
422 /*
423 * Resume execution, per CPU actions. For user-mode emulation it's
424 * equivalent to gdb_continue.
425 */
426 static int gdb_continue_partial(GDBState *s, char *newstates)
427 {
428 CPUState *cpu;
429 int res = 0;
430 #ifdef CONFIG_USER_ONLY
431 /*
432 * This is not exactly accurate, but it's an improvement compared to the
433 * previous situation, where only one CPU would be single-stepped.
434 */
435 CPU_FOREACH(cpu) {
436 if (newstates[cpu->cpu_index] == 's') {
437 cpu_single_step(cpu, sstep_flags);
438 }
439 }
440 s->running_state = 1;
441 #else
442 int flag = 0;
443
444 if (!runstate_needs_reset()) {
445 if (vm_prepare_start()) {
446 return 0;
447 }
448
449 CPU_FOREACH(cpu) {
450 switch (newstates[cpu->cpu_index]) {
451 case 0:
452 case 1:
453 break; /* nothing to do here */
454 case 's':
455 cpu_single_step(cpu, sstep_flags);
456 cpu_resume(cpu);
457 flag = 1;
458 break;
459 case 'c':
460 cpu_resume(cpu);
461 flag = 1;
462 break;
463 default:
464 res = -1;
465 break;
466 }
467 }
468 }
469 if (flag) {
470 qemu_clock_enable(QEMU_CLOCK_VIRTUAL, true);
471 }
472 #endif
473 return res;
474 }
475
476 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
477 {
478 #ifdef CONFIG_USER_ONLY
479 int ret;
480
481 while (len > 0) {
482 ret = send(s->fd, buf, len, 0);
483 if (ret < 0) {
484 if (errno != EINTR)
485 return;
486 } else {
487 buf += ret;
488 len -= ret;
489 }
490 }
491 #else
492 /* XXX this blocks entire thread. Rewrite to use
493 * qemu_chr_fe_write and background I/O callbacks */
494 qemu_chr_fe_write_all(&s->chr, buf, len);
495 #endif
496 }
497
498 static inline int fromhex(int v)
499 {
500 if (v >= '0' && v <= '9')
501 return v - '0';
502 else if (v >= 'A' && v <= 'F')
503 return v - 'A' + 10;
504 else if (v >= 'a' && v <= 'f')
505 return v - 'a' + 10;
506 else
507 return 0;
508 }
509
510 static inline int tohex(int v)
511 {
512 if (v < 10)
513 return v + '0';
514 else
515 return v - 10 + 'a';
516 }
517
518 static void memtohex(char *buf, const uint8_t *mem, int len)
519 {
520 int i, c;
521 char *q;
522 q = buf;
523 for(i = 0; i < len; i++) {
524 c = mem[i];
525 *q++ = tohex(c >> 4);
526 *q++ = tohex(c & 0xf);
527 }
528 *q = '\0';
529 }
530
531 static void hextomem(uint8_t *mem, const char *buf, int len)
532 {
533 int i;
534
535 for(i = 0; i < len; i++) {
536 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
537 buf += 2;
538 }
539 }
540
541 /* return -1 if error, 0 if OK */
542 static int put_packet_binary(GDBState *s, const char *buf, int len)
543 {
544 int csum, i;
545 uint8_t *p;
546
547 for(;;) {
548 p = s->last_packet;
549 *(p++) = '$';
550 memcpy(p, buf, len);
551 p += len;
552 csum = 0;
553 for(i = 0; i < len; i++) {
554 csum += buf[i];
555 }
556 *(p++) = '#';
557 *(p++) = tohex((csum >> 4) & 0xf);
558 *(p++) = tohex((csum) & 0xf);
559
560 s->last_packet_len = p - s->last_packet;
561 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
562
563 #ifdef CONFIG_USER_ONLY
564 i = get_char(s);
565 if (i < 0)
566 return -1;
567 if (i == '+')
568 break;
569 #else
570 break;
571 #endif
572 }
573 return 0;
574 }
575
576 /* return -1 if error, 0 if OK */
577 static int put_packet(GDBState *s, const char *buf)
578 {
579 gdb_debug("reply='%s'\n", buf);
580
581 return put_packet_binary(s, buf, strlen(buf));
582 }
583
584 /* Encode data using the encoding for 'x' packets. */
585 static int memtox(char *buf, const char *mem, int len)
586 {
587 char *p = buf;
588 char c;
589
590 while (len--) {
591 c = *(mem++);
592 switch (c) {
593 case '#': case '$': case '*': case '}':
594 *(p++) = '}';
595 *(p++) = c ^ 0x20;
596 break;
597 default:
598 *(p++) = c;
599 break;
600 }
601 }
602 return p - buf;
603 }
604
605 static const char *get_feature_xml(const char *p, const char **newp,
606 CPUClass *cc)
607 {
608 size_t len;
609 int i;
610 const char *name;
611 static char target_xml[1024];
612
613 len = 0;
614 while (p[len] && p[len] != ':')
615 len++;
616 *newp = p + len;
617
618 name = NULL;
619 if (strncmp(p, "target.xml", len) == 0) {
620 /* Generate the XML description for this CPU. */
621 if (!target_xml[0]) {
622 GDBRegisterState *r;
623 CPUState *cpu = first_cpu;
624
625 pstrcat(target_xml, sizeof(target_xml),
626 "<?xml version=\"1.0\"?>"
627 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
628 "<target>");
629 if (cc->gdb_arch_name) {
630 gchar *arch = cc->gdb_arch_name(cpu);
631 pstrcat(target_xml, sizeof(target_xml), "<architecture>");
632 pstrcat(target_xml, sizeof(target_xml), arch);
633 pstrcat(target_xml, sizeof(target_xml), "</architecture>");
634 g_free(arch);
635 }
636 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
637 pstrcat(target_xml, sizeof(target_xml), cc->gdb_core_xml_file);
638 pstrcat(target_xml, sizeof(target_xml), "\"/>");
639 for (r = cpu->gdb_regs; r; r = r->next) {
640 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
641 pstrcat(target_xml, sizeof(target_xml), r->xml);
642 pstrcat(target_xml, sizeof(target_xml), "\"/>");
643 }
644 pstrcat(target_xml, sizeof(target_xml), "</target>");
645 }
646 return target_xml;
647 }
648 for (i = 0; ; i++) {
649 name = xml_builtin[i][0];
650 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
651 break;
652 }
653 return name ? xml_builtin[i][1] : NULL;
654 }
655
656 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
657 {
658 CPUClass *cc = CPU_GET_CLASS(cpu);
659 CPUArchState *env = cpu->env_ptr;
660 GDBRegisterState *r;
661
662 if (reg < cc->gdb_num_core_regs) {
663 return cc->gdb_read_register(cpu, mem_buf, reg);
664 }
665
666 for (r = cpu->gdb_regs; r; r = r->next) {
667 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
668 return r->get_reg(env, mem_buf, reg - r->base_reg);
669 }
670 }
671 return 0;
672 }
673
674 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
675 {
676 CPUClass *cc = CPU_GET_CLASS(cpu);
677 CPUArchState *env = cpu->env_ptr;
678 GDBRegisterState *r;
679
680 if (reg < cc->gdb_num_core_regs) {
681 return cc->gdb_write_register(cpu, mem_buf, reg);
682 }
683
684 for (r = cpu->gdb_regs; r; r = r->next) {
685 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
686 return r->set_reg(env, mem_buf, reg - r->base_reg);
687 }
688 }
689 return 0;
690 }
691
692 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
693 specifies the first register number and these registers are included in
694 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
695 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
696 */
697
698 void gdb_register_coprocessor(CPUState *cpu,
699 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
700 int num_regs, const char *xml, int g_pos)
701 {
702 GDBRegisterState *s;
703 GDBRegisterState **p;
704
705 p = &cpu->gdb_regs;
706 while (*p) {
707 /* Check for duplicates. */
708 if (strcmp((*p)->xml, xml) == 0)
709 return;
710 p = &(*p)->next;
711 }
712
713 s = g_new0(GDBRegisterState, 1);
714 s->base_reg = cpu->gdb_num_regs;
715 s->num_regs = num_regs;
716 s->get_reg = get_reg;
717 s->set_reg = set_reg;
718 s->xml = xml;
719
720 /* Add to end of list. */
721 cpu->gdb_num_regs += num_regs;
722 *p = s;
723 if (g_pos) {
724 if (g_pos != s->base_reg) {
725 error_report("Error: Bad gdb register numbering for '%s', "
726 "expected %d got %d", xml, g_pos, s->base_reg);
727 } else {
728 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
729 }
730 }
731 }
732
733 #ifndef CONFIG_USER_ONLY
734 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
735 static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
736 {
737 static const int xlat[] = {
738 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
739 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
740 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
741 };
742
743 CPUClass *cc = CPU_GET_CLASS(cpu);
744 int cputype = xlat[gdbtype];
745
746 if (cc->gdb_stop_before_watchpoint) {
747 cputype |= BP_STOP_BEFORE_ACCESS;
748 }
749 return cputype;
750 }
751 #endif
752
753 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
754 {
755 CPUState *cpu;
756 int err = 0;
757
758 if (kvm_enabled()) {
759 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
760 }
761
762 switch (type) {
763 case GDB_BREAKPOINT_SW:
764 case GDB_BREAKPOINT_HW:
765 CPU_FOREACH(cpu) {
766 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
767 if (err) {
768 break;
769 }
770 }
771 return err;
772 #ifndef CONFIG_USER_ONLY
773 case GDB_WATCHPOINT_WRITE:
774 case GDB_WATCHPOINT_READ:
775 case GDB_WATCHPOINT_ACCESS:
776 CPU_FOREACH(cpu) {
777 err = cpu_watchpoint_insert(cpu, addr, len,
778 xlat_gdb_type(cpu, type), NULL);
779 if (err) {
780 break;
781 }
782 }
783 return err;
784 #endif
785 default:
786 return -ENOSYS;
787 }
788 }
789
790 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
791 {
792 CPUState *cpu;
793 int err = 0;
794
795 if (kvm_enabled()) {
796 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
797 }
798
799 switch (type) {
800 case GDB_BREAKPOINT_SW:
801 case GDB_BREAKPOINT_HW:
802 CPU_FOREACH(cpu) {
803 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
804 if (err) {
805 break;
806 }
807 }
808 return err;
809 #ifndef CONFIG_USER_ONLY
810 case GDB_WATCHPOINT_WRITE:
811 case GDB_WATCHPOINT_READ:
812 case GDB_WATCHPOINT_ACCESS:
813 CPU_FOREACH(cpu) {
814 err = cpu_watchpoint_remove(cpu, addr, len,
815 xlat_gdb_type(cpu, type));
816 if (err)
817 break;
818 }
819 return err;
820 #endif
821 default:
822 return -ENOSYS;
823 }
824 }
825
826 static void gdb_breakpoint_remove_all(void)
827 {
828 CPUState *cpu;
829
830 if (kvm_enabled()) {
831 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
832 return;
833 }
834
835 CPU_FOREACH(cpu) {
836 cpu_breakpoint_remove_all(cpu, BP_GDB);
837 #ifndef CONFIG_USER_ONLY
838 cpu_watchpoint_remove_all(cpu, BP_GDB);
839 #endif
840 }
841 }
842
843 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
844 {
845 CPUState *cpu = s->c_cpu;
846
847 cpu_synchronize_state(cpu);
848 cpu_set_pc(cpu, pc);
849 }
850
851 static CPUState *find_cpu(uint32_t thread_id)
852 {
853 CPUState *cpu;
854
855 CPU_FOREACH(cpu) {
856 if (cpu_gdb_index(cpu) == thread_id) {
857 return cpu;
858 }
859 }
860
861 return NULL;
862 }
863
864 static int is_query_packet(const char *p, const char *query, char separator)
865 {
866 unsigned int query_len = strlen(query);
867
868 return strncmp(p, query, query_len) == 0 &&
869 (p[query_len] == '\0' || p[query_len] == separator);
870 }
871
872 /**
873 * gdb_handle_vcont - Parses and handles a vCont packet.
874 * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
875 * a format error, 0 on success.
876 */
877 static int gdb_handle_vcont(GDBState *s, const char *p)
878 {
879 int res, idx, signal = 0;
880 char cur_action;
881 char *newstates;
882 unsigned long tmp;
883 CPUState *cpu;
884 #ifdef CONFIG_USER_ONLY
885 int max_cpus = 1; /* global variable max_cpus exists only in system mode */
886
887 CPU_FOREACH(cpu) {
888 max_cpus = max_cpus <= cpu->cpu_index ? cpu->cpu_index + 1 : max_cpus;
889 }
890 #endif
891 /* uninitialised CPUs stay 0 */
892 newstates = g_new0(char, max_cpus);
893
894 /* mark valid CPUs with 1 */
895 CPU_FOREACH(cpu) {
896 newstates[cpu->cpu_index] = 1;
897 }
898
899 /*
900 * res keeps track of what error we are returning, with -ENOTSUP meaning
901 * that the command is unknown or unsupported, thus returning an empty
902 * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
903 * or incorrect parameters passed.
904 */
905 res = 0;
906 while (*p) {
907 if (*p++ != ';') {
908 res = -ENOTSUP;
909 goto out;
910 }
911
912 cur_action = *p++;
913 if (cur_action == 'C' || cur_action == 'S') {
914 cur_action = qemu_tolower(cur_action);
915 res = qemu_strtoul(p + 1, &p, 16, &tmp);
916 if (res) {
917 goto out;
918 }
919 signal = gdb_signal_to_target(tmp);
920 } else if (cur_action != 'c' && cur_action != 's') {
921 /* unknown/invalid/unsupported command */
922 res = -ENOTSUP;
923 goto out;
924 }
925 /* thread specification. special values: (none), -1 = all; 0 = any */
926 if ((p[0] == ':' && p[1] == '-' && p[2] == '1') || (p[0] != ':')) {
927 if (*p == ':') {
928 p += 3;
929 }
930 for (idx = 0; idx < max_cpus; idx++) {
931 if (newstates[idx] == 1) {
932 newstates[idx] = cur_action;
933 }
934 }
935 } else if (*p == ':') {
936 p++;
937 res = qemu_strtoul(p, &p, 16, &tmp);
938 if (res) {
939 goto out;
940 }
941
942 /* 0 means any thread, so we pick the first valid CPU */
943 cpu = tmp ? find_cpu(tmp) : first_cpu;
944
945 /* invalid CPU/thread specified */
946 if (!cpu) {
947 res = -EINVAL;
948 goto out;
949 }
950
951 /* only use if no previous match occourred */
952 if (newstates[cpu->cpu_index] == 1) {
953 newstates[cpu->cpu_index] = cur_action;
954 }
955 }
956 }
957 s->signal = signal;
958 gdb_continue_partial(s, newstates);
959
960 out:
961 g_free(newstates);
962
963 return res;
964 }
965
966 static int gdb_handle_packet(GDBState *s, const char *line_buf)
967 {
968 CPUState *cpu;
969 CPUClass *cc;
970 const char *p;
971 uint32_t thread;
972 int ch, reg_size, type, res;
973 char buf[MAX_PACKET_LENGTH];
974 uint8_t mem_buf[MAX_PACKET_LENGTH];
975 uint8_t *registers;
976 target_ulong addr, len;
977
978
979 gdb_debug("command='%s'\n", line_buf);
980
981 p = line_buf;
982 ch = *p++;
983 switch(ch) {
984 case '?':
985 /* TODO: Make this return the correct value for user-mode. */
986 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
987 cpu_gdb_index(s->c_cpu));
988 put_packet(s, buf);
989 /* Remove all the breakpoints when this query is issued,
990 * because gdb is doing and initial connect and the state
991 * should be cleaned up.
992 */
993 gdb_breakpoint_remove_all();
994 break;
995 case 'c':
996 if (*p != '\0') {
997 addr = strtoull(p, (char **)&p, 16);
998 gdb_set_cpu_pc(s, addr);
999 }
1000 s->signal = 0;
1001 gdb_continue(s);
1002 return RS_IDLE;
1003 case 'C':
1004 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
1005 if (s->signal == -1)
1006 s->signal = 0;
1007 gdb_continue(s);
1008 return RS_IDLE;
1009 case 'v':
1010 if (strncmp(p, "Cont", 4) == 0) {
1011 p += 4;
1012 if (*p == '?') {
1013 put_packet(s, "vCont;c;C;s;S");
1014 break;
1015 }
1016
1017 res = gdb_handle_vcont(s, p);
1018
1019 if (res) {
1020 if ((res == -EINVAL) || (res == -ERANGE)) {
1021 put_packet(s, "E22");
1022 break;
1023 }
1024 goto unknown_command;
1025 }
1026 break;
1027 } else {
1028 goto unknown_command;
1029 }
1030 case 'k':
1031 /* Kill the target */
1032 error_report("QEMU: Terminated via GDBstub");
1033 exit(0);
1034 case 'D':
1035 /* Detach packet */
1036 gdb_breakpoint_remove_all();
1037 gdb_syscall_mode = GDB_SYS_DISABLED;
1038 gdb_continue(s);
1039 put_packet(s, "OK");
1040 break;
1041 case 's':
1042 if (*p != '\0') {
1043 addr = strtoull(p, (char **)&p, 16);
1044 gdb_set_cpu_pc(s, addr);
1045 }
1046 cpu_single_step(s->c_cpu, sstep_flags);
1047 gdb_continue(s);
1048 return RS_IDLE;
1049 case 'F':
1050 {
1051 target_ulong ret;
1052 target_ulong err;
1053
1054 ret = strtoull(p, (char **)&p, 16);
1055 if (*p == ',') {
1056 p++;
1057 err = strtoull(p, (char **)&p, 16);
1058 } else {
1059 err = 0;
1060 }
1061 if (*p == ',')
1062 p++;
1063 type = *p;
1064 if (s->current_syscall_cb) {
1065 s->current_syscall_cb(s->c_cpu, ret, err);
1066 s->current_syscall_cb = NULL;
1067 }
1068 if (type == 'C') {
1069 put_packet(s, "T02");
1070 } else {
1071 gdb_continue(s);
1072 }
1073 }
1074 break;
1075 case 'g':
1076 cpu_synchronize_state(s->g_cpu);
1077 len = 0;
1078 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs; addr++) {
1079 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
1080 len += reg_size;
1081 }
1082 memtohex(buf, mem_buf, len);
1083 put_packet(s, buf);
1084 break;
1085 case 'G':
1086 cpu_synchronize_state(s->g_cpu);
1087 registers = mem_buf;
1088 len = strlen(p) / 2;
1089 hextomem((uint8_t *)registers, p, len);
1090 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs && len > 0; addr++) {
1091 reg_size = gdb_write_register(s->g_cpu, registers, addr);
1092 len -= reg_size;
1093 registers += reg_size;
1094 }
1095 put_packet(s, "OK");
1096 break;
1097 case 'm':
1098 addr = strtoull(p, (char **)&p, 16);
1099 if (*p == ',')
1100 p++;
1101 len = strtoull(p, NULL, 16);
1102
1103 /* memtohex() doubles the required space */
1104 if (len > MAX_PACKET_LENGTH / 2) {
1105 put_packet (s, "E22");
1106 break;
1107 }
1108
1109 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
1110 put_packet (s, "E14");
1111 } else {
1112 memtohex(buf, mem_buf, len);
1113 put_packet(s, buf);
1114 }
1115 break;
1116 case 'M':
1117 addr = strtoull(p, (char **)&p, 16);
1118 if (*p == ',')
1119 p++;
1120 len = strtoull(p, (char **)&p, 16);
1121 if (*p == ':')
1122 p++;
1123
1124 /* hextomem() reads 2*len bytes */
1125 if (len > strlen(p) / 2) {
1126 put_packet (s, "E22");
1127 break;
1128 }
1129 hextomem(mem_buf, p, len);
1130 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
1131 true) != 0) {
1132 put_packet(s, "E14");
1133 } else {
1134 put_packet(s, "OK");
1135 }
1136 break;
1137 case 'p':
1138 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1139 This works, but can be very slow. Anything new enough to
1140 understand XML also knows how to use this properly. */
1141 if (!gdb_has_xml)
1142 goto unknown_command;
1143 addr = strtoull(p, (char **)&p, 16);
1144 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1145 if (reg_size) {
1146 memtohex(buf, mem_buf, reg_size);
1147 put_packet(s, buf);
1148 } else {
1149 put_packet(s, "E14");
1150 }
1151 break;
1152 case 'P':
1153 if (!gdb_has_xml)
1154 goto unknown_command;
1155 addr = strtoull(p, (char **)&p, 16);
1156 if (*p == '=')
1157 p++;
1158 reg_size = strlen(p) / 2;
1159 hextomem(mem_buf, p, reg_size);
1160 gdb_write_register(s->g_cpu, mem_buf, addr);
1161 put_packet(s, "OK");
1162 break;
1163 case 'Z':
1164 case 'z':
1165 type = strtoul(p, (char **)&p, 16);
1166 if (*p == ',')
1167 p++;
1168 addr = strtoull(p, (char **)&p, 16);
1169 if (*p == ',')
1170 p++;
1171 len = strtoull(p, (char **)&p, 16);
1172 if (ch == 'Z')
1173 res = gdb_breakpoint_insert(addr, len, type);
1174 else
1175 res = gdb_breakpoint_remove(addr, len, type);
1176 if (res >= 0)
1177 put_packet(s, "OK");
1178 else if (res == -ENOSYS)
1179 put_packet(s, "");
1180 else
1181 put_packet(s, "E22");
1182 break;
1183 case 'H':
1184 type = *p++;
1185 thread = strtoull(p, (char **)&p, 16);
1186 if (thread == -1 || thread == 0) {
1187 put_packet(s, "OK");
1188 break;
1189 }
1190 cpu = find_cpu(thread);
1191 if (cpu == NULL) {
1192 put_packet(s, "E22");
1193 break;
1194 }
1195 switch (type) {
1196 case 'c':
1197 s->c_cpu = cpu;
1198 put_packet(s, "OK");
1199 break;
1200 case 'g':
1201 s->g_cpu = cpu;
1202 put_packet(s, "OK");
1203 break;
1204 default:
1205 put_packet(s, "E22");
1206 break;
1207 }
1208 break;
1209 case 'T':
1210 thread = strtoull(p, (char **)&p, 16);
1211 cpu = find_cpu(thread);
1212
1213 if (cpu != NULL) {
1214 put_packet(s, "OK");
1215 } else {
1216 put_packet(s, "E22");
1217 }
1218 break;
1219 case 'q':
1220 case 'Q':
1221 /* parse any 'q' packets here */
1222 if (!strcmp(p,"qemu.sstepbits")) {
1223 /* Query Breakpoint bit definitions */
1224 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1225 SSTEP_ENABLE,
1226 SSTEP_NOIRQ,
1227 SSTEP_NOTIMER);
1228 put_packet(s, buf);
1229 break;
1230 } else if (is_query_packet(p, "qemu.sstep", '=')) {
1231 /* Display or change the sstep_flags */
1232 p += 10;
1233 if (*p != '=') {
1234 /* Display current setting */
1235 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1236 put_packet(s, buf);
1237 break;
1238 }
1239 p++;
1240 type = strtoul(p, (char **)&p, 16);
1241 sstep_flags = type;
1242 put_packet(s, "OK");
1243 break;
1244 } else if (strcmp(p,"C") == 0) {
1245 /* "Current thread" remains vague in the spec, so always return
1246 * the first CPU (gdb returns the first thread). */
1247 put_packet(s, "QC1");
1248 break;
1249 } else if (strcmp(p,"fThreadInfo") == 0) {
1250 s->query_cpu = first_cpu;
1251 goto report_cpuinfo;
1252 } else if (strcmp(p,"sThreadInfo") == 0) {
1253 report_cpuinfo:
1254 if (s->query_cpu) {
1255 snprintf(buf, sizeof(buf), "m%x", cpu_gdb_index(s->query_cpu));
1256 put_packet(s, buf);
1257 s->query_cpu = CPU_NEXT(s->query_cpu);
1258 } else
1259 put_packet(s, "l");
1260 break;
1261 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1262 thread = strtoull(p+16, (char **)&p, 16);
1263 cpu = find_cpu(thread);
1264 if (cpu != NULL) {
1265 cpu_synchronize_state(cpu);
1266 /* memtohex() doubles the required space */
1267 len = snprintf((char *)mem_buf, sizeof(buf) / 2,
1268 "CPU#%d [%s]", cpu->cpu_index,
1269 cpu->halted ? "halted " : "running");
1270 memtohex(buf, mem_buf, len);
1271 put_packet(s, buf);
1272 }
1273 break;
1274 }
1275 #ifdef CONFIG_USER_ONLY
1276 else if (strcmp(p, "Offsets") == 0) {
1277 TaskState *ts = s->c_cpu->opaque;
1278
1279 snprintf(buf, sizeof(buf),
1280 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1281 ";Bss=" TARGET_ABI_FMT_lx,
1282 ts->info->code_offset,
1283 ts->info->data_offset,
1284 ts->info->data_offset);
1285 put_packet(s, buf);
1286 break;
1287 }
1288 #else /* !CONFIG_USER_ONLY */
1289 else if (strncmp(p, "Rcmd,", 5) == 0) {
1290 int len = strlen(p + 5);
1291
1292 if ((len % 2) != 0) {
1293 put_packet(s, "E01");
1294 break;
1295 }
1296 len = len / 2;
1297 hextomem(mem_buf, p + 5, len);
1298 mem_buf[len++] = 0;
1299 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1300 put_packet(s, "OK");
1301 break;
1302 }
1303 #endif /* !CONFIG_USER_ONLY */
1304 if (is_query_packet(p, "Supported", ':')) {
1305 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1306 cc = CPU_GET_CLASS(first_cpu);
1307 if (cc->gdb_core_xml_file != NULL) {
1308 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1309 }
1310 put_packet(s, buf);
1311 break;
1312 }
1313 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1314 const char *xml;
1315 target_ulong total_len;
1316
1317 cc = CPU_GET_CLASS(first_cpu);
1318 if (cc->gdb_core_xml_file == NULL) {
1319 goto unknown_command;
1320 }
1321
1322 gdb_has_xml = true;
1323 p += 19;
1324 xml = get_feature_xml(p, &p, cc);
1325 if (!xml) {
1326 snprintf(buf, sizeof(buf), "E00");
1327 put_packet(s, buf);
1328 break;
1329 }
1330
1331 if (*p == ':')
1332 p++;
1333 addr = strtoul(p, (char **)&p, 16);
1334 if (*p == ',')
1335 p++;
1336 len = strtoul(p, (char **)&p, 16);
1337
1338 total_len = strlen(xml);
1339 if (addr > total_len) {
1340 snprintf(buf, sizeof(buf), "E00");
1341 put_packet(s, buf);
1342 break;
1343 }
1344 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1345 len = (MAX_PACKET_LENGTH - 5) / 2;
1346 if (len < total_len - addr) {
1347 buf[0] = 'm';
1348 len = memtox(buf + 1, xml + addr, len);
1349 } else {
1350 buf[0] = 'l';
1351 len = memtox(buf + 1, xml + addr, total_len - addr);
1352 }
1353 put_packet_binary(s, buf, len + 1);
1354 break;
1355 }
1356 if (is_query_packet(p, "Attached", ':')) {
1357 put_packet(s, GDB_ATTACHED);
1358 break;
1359 }
1360 /* Unrecognised 'q' command. */
1361 goto unknown_command;
1362
1363 default:
1364 unknown_command:
1365 /* put empty packet */
1366 buf[0] = '\0';
1367 put_packet(s, buf);
1368 break;
1369 }
1370 return RS_IDLE;
1371 }
1372
1373 void gdb_set_stop_cpu(CPUState *cpu)
1374 {
1375 gdbserver_state->c_cpu = cpu;
1376 gdbserver_state->g_cpu = cpu;
1377 }
1378
1379 #ifndef CONFIG_USER_ONLY
1380 static void gdb_vm_state_change(void *opaque, int running, RunState state)
1381 {
1382 GDBState *s = gdbserver_state;
1383 CPUState *cpu = s->c_cpu;
1384 char buf[256];
1385 const char *type;
1386 int ret;
1387
1388 if (running || s->state == RS_INACTIVE) {
1389 return;
1390 }
1391 /* Is there a GDB syscall waiting to be sent? */
1392 if (s->current_syscall_cb) {
1393 put_packet(s, s->syscall_buf);
1394 return;
1395 }
1396 switch (state) {
1397 case RUN_STATE_DEBUG:
1398 if (cpu->watchpoint_hit) {
1399 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
1400 case BP_MEM_READ:
1401 type = "r";
1402 break;
1403 case BP_MEM_ACCESS:
1404 type = "a";
1405 break;
1406 default:
1407 type = "";
1408 break;
1409 }
1410 snprintf(buf, sizeof(buf),
1411 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
1412 GDB_SIGNAL_TRAP, cpu_gdb_index(cpu), type,
1413 (target_ulong)cpu->watchpoint_hit->vaddr);
1414 cpu->watchpoint_hit = NULL;
1415 goto send_packet;
1416 }
1417 tb_flush(cpu);
1418 ret = GDB_SIGNAL_TRAP;
1419 break;
1420 case RUN_STATE_PAUSED:
1421 ret = GDB_SIGNAL_INT;
1422 break;
1423 case RUN_STATE_SHUTDOWN:
1424 ret = GDB_SIGNAL_QUIT;
1425 break;
1426 case RUN_STATE_IO_ERROR:
1427 ret = GDB_SIGNAL_IO;
1428 break;
1429 case RUN_STATE_WATCHDOG:
1430 ret = GDB_SIGNAL_ALRM;
1431 break;
1432 case RUN_STATE_INTERNAL_ERROR:
1433 ret = GDB_SIGNAL_ABRT;
1434 break;
1435 case RUN_STATE_SAVE_VM:
1436 case RUN_STATE_RESTORE_VM:
1437 return;
1438 case RUN_STATE_FINISH_MIGRATE:
1439 ret = GDB_SIGNAL_XCPU;
1440 break;
1441 default:
1442 ret = GDB_SIGNAL_UNKNOWN;
1443 break;
1444 }
1445 gdb_set_stop_cpu(cpu);
1446 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_gdb_index(cpu));
1447
1448 send_packet:
1449 put_packet(s, buf);
1450
1451 /* disable single step if it was enabled */
1452 cpu_single_step(cpu, 0);
1453 }
1454 #endif
1455
1456 /* Send a gdb syscall request.
1457 This accepts limited printf-style format specifiers, specifically:
1458 %x - target_ulong argument printed in hex.
1459 %lx - 64-bit argument printed in hex.
1460 %s - string pointer (target_ulong) and length (int) pair. */
1461 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
1462 {
1463 char *p;
1464 char *p_end;
1465 target_ulong addr;
1466 uint64_t i64;
1467 GDBState *s;
1468
1469 s = gdbserver_state;
1470 if (!s)
1471 return;
1472 s->current_syscall_cb = cb;
1473 #ifndef CONFIG_USER_ONLY
1474 vm_stop(RUN_STATE_DEBUG);
1475 #endif
1476 p = s->syscall_buf;
1477 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
1478 *(p++) = 'F';
1479 while (*fmt) {
1480 if (*fmt == '%') {
1481 fmt++;
1482 switch (*fmt++) {
1483 case 'x':
1484 addr = va_arg(va, target_ulong);
1485 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
1486 break;
1487 case 'l':
1488 if (*(fmt++) != 'x')
1489 goto bad_format;
1490 i64 = va_arg(va, uint64_t);
1491 p += snprintf(p, p_end - p, "%" PRIx64, i64);
1492 break;
1493 case 's':
1494 addr = va_arg(va, target_ulong);
1495 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
1496 addr, va_arg(va, int));
1497 break;
1498 default:
1499 bad_format:
1500 error_report("gdbstub: Bad syscall format string '%s'",
1501 fmt - 1);
1502 break;
1503 }
1504 } else {
1505 *(p++) = *(fmt++);
1506 }
1507 }
1508 *p = 0;
1509 #ifdef CONFIG_USER_ONLY
1510 put_packet(s, s->syscall_buf);
1511 gdb_handlesig(s->c_cpu, 0);
1512 #else
1513 /* In this case wait to send the syscall packet until notification that
1514 the CPU has stopped. This must be done because if the packet is sent
1515 now the reply from the syscall request could be received while the CPU
1516 is still in the running state, which can cause packets to be dropped
1517 and state transition 'T' packets to be sent while the syscall is still
1518 being processed. */
1519 qemu_cpu_kick(s->c_cpu);
1520 #endif
1521 }
1522
1523 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1524 {
1525 va_list va;
1526
1527 va_start(va, fmt);
1528 gdb_do_syscallv(cb, fmt, va);
1529 va_end(va);
1530 }
1531
1532 static void gdb_read_byte(GDBState *s, int ch)
1533 {
1534 uint8_t reply;
1535
1536 #ifndef CONFIG_USER_ONLY
1537 if (s->last_packet_len) {
1538 /* Waiting for a response to the last packet. If we see the start
1539 of a new command then abandon the previous response. */
1540 if (ch == '-') {
1541 gdb_debug("Got NACK, retransmitting\n");
1542 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
1543 } else if (ch == '+') {
1544 gdb_debug("Got ACK\n");
1545 } else {
1546 gdb_debug("Got '%c' when expecting ACK/NACK\n", ch);
1547 }
1548
1549 if (ch == '+' || ch == '$')
1550 s->last_packet_len = 0;
1551 if (ch != '$')
1552 return;
1553 }
1554 if (runstate_is_running()) {
1555 /* when the CPU is running, we cannot do anything except stop
1556 it when receiving a char */
1557 vm_stop(RUN_STATE_PAUSED);
1558 } else
1559 #endif
1560 {
1561 switch(s->state) {
1562 case RS_IDLE:
1563 if (ch == '$') {
1564 /* start of command packet */
1565 s->line_buf_index = 0;
1566 s->line_sum = 0;
1567 s->state = RS_GETLINE;
1568 } else {
1569 gdb_debug("received garbage between packets: 0x%x\n", ch);
1570 }
1571 break;
1572 case RS_GETLINE:
1573 if (ch == '}') {
1574 /* start escape sequence */
1575 s->state = RS_GETLINE_ESC;
1576 s->line_sum += ch;
1577 } else if (ch == '*') {
1578 /* start run length encoding sequence */
1579 s->state = RS_GETLINE_RLE;
1580 s->line_sum += ch;
1581 } else if (ch == '#') {
1582 /* end of command, start of checksum*/
1583 s->state = RS_CHKSUM1;
1584 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1585 gdb_debug("command buffer overrun, dropping command\n");
1586 s->state = RS_IDLE;
1587 } else {
1588 /* unescaped command character */
1589 s->line_buf[s->line_buf_index++] = ch;
1590 s->line_sum += ch;
1591 }
1592 break;
1593 case RS_GETLINE_ESC:
1594 if (ch == '#') {
1595 /* unexpected end of command in escape sequence */
1596 s->state = RS_CHKSUM1;
1597 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1598 /* command buffer overrun */
1599 gdb_debug("command buffer overrun, dropping command\n");
1600 s->state = RS_IDLE;
1601 } else {
1602 /* parse escaped character and leave escape state */
1603 s->line_buf[s->line_buf_index++] = ch ^ 0x20;
1604 s->line_sum += ch;
1605 s->state = RS_GETLINE;
1606 }
1607 break;
1608 case RS_GETLINE_RLE:
1609 if (ch < ' ') {
1610 /* invalid RLE count encoding */
1611 gdb_debug("got invalid RLE count: 0x%x\n", ch);
1612 s->state = RS_GETLINE;
1613 } else {
1614 /* decode repeat length */
1615 int repeat = (unsigned char)ch - ' ' + 3;
1616 if (s->line_buf_index + repeat >= sizeof(s->line_buf) - 1) {
1617 /* that many repeats would overrun the command buffer */
1618 gdb_debug("command buffer overrun, dropping command\n");
1619 s->state = RS_IDLE;
1620 } else if (s->line_buf_index < 1) {
1621 /* got a repeat but we have nothing to repeat */
1622 gdb_debug("got invalid RLE sequence\n");
1623 s->state = RS_GETLINE;
1624 } else {
1625 /* repeat the last character */
1626 memset(s->line_buf + s->line_buf_index,
1627 s->line_buf[s->line_buf_index - 1], repeat);
1628 s->line_buf_index += repeat;
1629 s->line_sum += ch;
1630 s->state = RS_GETLINE;
1631 }
1632 }
1633 break;
1634 case RS_CHKSUM1:
1635 /* get high hex digit of checksum */
1636 if (!isxdigit(ch)) {
1637 gdb_debug("got invalid command checksum digit\n");
1638 s->state = RS_GETLINE;
1639 break;
1640 }
1641 s->line_buf[s->line_buf_index] = '\0';
1642 s->line_csum = fromhex(ch) << 4;
1643 s->state = RS_CHKSUM2;
1644 break;
1645 case RS_CHKSUM2:
1646 /* get low hex digit of checksum */
1647 if (!isxdigit(ch)) {
1648 gdb_debug("got invalid command checksum digit\n");
1649 s->state = RS_GETLINE;
1650 break;
1651 }
1652 s->line_csum |= fromhex(ch);
1653
1654 if (s->line_csum != (s->line_sum & 0xff)) {
1655 gdb_debug("got command packet with incorrect checksum\n");
1656 /* send NAK reply */
1657 reply = '-';
1658 put_buffer(s, &reply, 1);
1659 s->state = RS_IDLE;
1660 } else {
1661 /* send ACK reply */
1662 reply = '+';
1663 put_buffer(s, &reply, 1);
1664 s->state = gdb_handle_packet(s, s->line_buf);
1665 }
1666 break;
1667 default:
1668 abort();
1669 }
1670 }
1671 }
1672
1673 /* Tell the remote gdb that the process has exited. */
1674 void gdb_exit(CPUArchState *env, int code)
1675 {
1676 GDBState *s;
1677 char buf[4];
1678
1679 s = gdbserver_state;
1680 if (!s) {
1681 return;
1682 }
1683 #ifdef CONFIG_USER_ONLY
1684 if (gdbserver_fd < 0 || s->fd < 0) {
1685 return;
1686 }
1687 #endif
1688
1689 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
1690 put_packet(s, buf);
1691
1692 #ifndef CONFIG_USER_ONLY
1693 qemu_chr_fe_deinit(&s->chr, true);
1694 #endif
1695 }
1696
1697 #ifdef CONFIG_USER_ONLY
1698 int
1699 gdb_handlesig(CPUState *cpu, int sig)
1700 {
1701 GDBState *s;
1702 char buf[256];
1703 int n;
1704
1705 s = gdbserver_state;
1706 if (gdbserver_fd < 0 || s->fd < 0) {
1707 return sig;
1708 }
1709
1710 /* disable single step if it was enabled */
1711 cpu_single_step(cpu, 0);
1712 tb_flush(cpu);
1713
1714 if (sig != 0) {
1715 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
1716 put_packet(s, buf);
1717 }
1718 /* put_packet() might have detected that the peer terminated the
1719 connection. */
1720 if (s->fd < 0) {
1721 return sig;
1722 }
1723
1724 sig = 0;
1725 s->state = RS_IDLE;
1726 s->running_state = 0;
1727 while (s->running_state == 0) {
1728 n = read(s->fd, buf, 256);
1729 if (n > 0) {
1730 int i;
1731
1732 for (i = 0; i < n; i++) {
1733 gdb_read_byte(s, buf[i]);
1734 }
1735 } else {
1736 /* XXX: Connection closed. Should probably wait for another
1737 connection before continuing. */
1738 if (n == 0) {
1739 close(s->fd);
1740 }
1741 s->fd = -1;
1742 return sig;
1743 }
1744 }
1745 sig = s->signal;
1746 s->signal = 0;
1747 return sig;
1748 }
1749
1750 /* Tell the remote gdb that the process has exited due to SIG. */
1751 void gdb_signalled(CPUArchState *env, int sig)
1752 {
1753 GDBState *s;
1754 char buf[4];
1755
1756 s = gdbserver_state;
1757 if (gdbserver_fd < 0 || s->fd < 0) {
1758 return;
1759 }
1760
1761 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
1762 put_packet(s, buf);
1763 }
1764
1765 static void gdb_accept(void)
1766 {
1767 GDBState *s;
1768 struct sockaddr_in sockaddr;
1769 socklen_t len;
1770 int fd;
1771
1772 for(;;) {
1773 len = sizeof(sockaddr);
1774 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
1775 if (fd < 0 && errno != EINTR) {
1776 perror("accept");
1777 return;
1778 } else if (fd >= 0) {
1779 #ifndef _WIN32
1780 fcntl(fd, F_SETFD, FD_CLOEXEC);
1781 #endif
1782 break;
1783 }
1784 }
1785
1786 /* set short latency */
1787 socket_set_nodelay(fd);
1788
1789 s = g_malloc0(sizeof(GDBState));
1790 s->c_cpu = first_cpu;
1791 s->g_cpu = first_cpu;
1792 s->fd = fd;
1793 gdb_has_xml = false;
1794
1795 gdbserver_state = s;
1796 }
1797
1798 static int gdbserver_open(int port)
1799 {
1800 struct sockaddr_in sockaddr;
1801 int fd, ret;
1802
1803 fd = socket(PF_INET, SOCK_STREAM, 0);
1804 if (fd < 0) {
1805 perror("socket");
1806 return -1;
1807 }
1808 #ifndef _WIN32
1809 fcntl(fd, F_SETFD, FD_CLOEXEC);
1810 #endif
1811
1812 socket_set_fast_reuse(fd);
1813
1814 sockaddr.sin_family = AF_INET;
1815 sockaddr.sin_port = htons(port);
1816 sockaddr.sin_addr.s_addr = 0;
1817 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
1818 if (ret < 0) {
1819 perror("bind");
1820 close(fd);
1821 return -1;
1822 }
1823 ret = listen(fd, 1);
1824 if (ret < 0) {
1825 perror("listen");
1826 close(fd);
1827 return -1;
1828 }
1829 return fd;
1830 }
1831
1832 int gdbserver_start(int port)
1833 {
1834 gdbserver_fd = gdbserver_open(port);
1835 if (gdbserver_fd < 0)
1836 return -1;
1837 /* accept connections */
1838 gdb_accept();
1839 return 0;
1840 }
1841
1842 /* Disable gdb stub for child processes. */
1843 void gdbserver_fork(CPUState *cpu)
1844 {
1845 GDBState *s = gdbserver_state;
1846
1847 if (gdbserver_fd < 0 || s->fd < 0) {
1848 return;
1849 }
1850 close(s->fd);
1851 s->fd = -1;
1852 cpu_breakpoint_remove_all(cpu, BP_GDB);
1853 cpu_watchpoint_remove_all(cpu, BP_GDB);
1854 }
1855 #else
1856 static int gdb_chr_can_receive(void *opaque)
1857 {
1858 /* We can handle an arbitrarily large amount of data.
1859 Pick the maximum packet size, which is as good as anything. */
1860 return MAX_PACKET_LENGTH;
1861 }
1862
1863 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
1864 {
1865 int i;
1866
1867 for (i = 0; i < size; i++) {
1868 gdb_read_byte(gdbserver_state, buf[i]);
1869 }
1870 }
1871
1872 static void gdb_chr_event(void *opaque, int event)
1873 {
1874 switch (event) {
1875 case CHR_EVENT_OPENED:
1876 vm_stop(RUN_STATE_PAUSED);
1877 gdb_has_xml = false;
1878 break;
1879 default:
1880 break;
1881 }
1882 }
1883
1884 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
1885 {
1886 char buf[MAX_PACKET_LENGTH];
1887
1888 buf[0] = 'O';
1889 if (len > (MAX_PACKET_LENGTH/2) - 1)
1890 len = (MAX_PACKET_LENGTH/2) - 1;
1891 memtohex(buf + 1, (uint8_t *)msg, len);
1892 put_packet(s, buf);
1893 }
1894
1895 static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len)
1896 {
1897 const char *p = (const char *)buf;
1898 int max_sz;
1899
1900 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
1901 for (;;) {
1902 if (len <= max_sz) {
1903 gdb_monitor_output(gdbserver_state, p, len);
1904 break;
1905 }
1906 gdb_monitor_output(gdbserver_state, p, max_sz);
1907 p += max_sz;
1908 len -= max_sz;
1909 }
1910 return len;
1911 }
1912
1913 #ifndef _WIN32
1914 static void gdb_sigterm_handler(int signal)
1915 {
1916 if (runstate_is_running()) {
1917 vm_stop(RUN_STATE_PAUSED);
1918 }
1919 }
1920 #endif
1921
1922 static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend,
1923 bool *be_opened, Error **errp)
1924 {
1925 *be_opened = false;
1926 }
1927
1928 static void char_gdb_class_init(ObjectClass *oc, void *data)
1929 {
1930 ChardevClass *cc = CHARDEV_CLASS(oc);
1931
1932 cc->internal = true;
1933 cc->open = gdb_monitor_open;
1934 cc->chr_write = gdb_monitor_write;
1935 }
1936
1937 #define TYPE_CHARDEV_GDB "chardev-gdb"
1938
1939 static const TypeInfo char_gdb_type_info = {
1940 .name = TYPE_CHARDEV_GDB,
1941 .parent = TYPE_CHARDEV,
1942 .class_init = char_gdb_class_init,
1943 };
1944
1945 int gdbserver_start(const char *device)
1946 {
1947 GDBState *s;
1948 char gdbstub_device_name[128];
1949 Chardev *chr = NULL;
1950 Chardev *mon_chr;
1951
1952 if (!first_cpu) {
1953 error_report("gdbstub: meaningless to attach gdb to a "
1954 "machine without any CPU.");
1955 return -1;
1956 }
1957
1958 if (!device)
1959 return -1;
1960 if (strcmp(device, "none") != 0) {
1961 if (strstart(device, "tcp:", NULL)) {
1962 /* enforce required TCP attributes */
1963 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
1964 "%s,nowait,nodelay,server", device);
1965 device = gdbstub_device_name;
1966 }
1967 #ifndef _WIN32
1968 else if (strcmp(device, "stdio") == 0) {
1969 struct sigaction act;
1970
1971 memset(&act, 0, sizeof(act));
1972 act.sa_handler = gdb_sigterm_handler;
1973 sigaction(SIGINT, &act, NULL);
1974 }
1975 #endif
1976 chr = qemu_chr_new_noreplay("gdb", device);
1977 if (!chr)
1978 return -1;
1979 }
1980
1981 s = gdbserver_state;
1982 if (!s) {
1983 s = g_malloc0(sizeof(GDBState));
1984 gdbserver_state = s;
1985
1986 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
1987
1988 /* Initialize a monitor terminal for gdb */
1989 mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB,
1990 NULL, &error_abort);
1991 monitor_init(mon_chr, 0);
1992 } else {
1993 qemu_chr_fe_deinit(&s->chr, true);
1994 mon_chr = s->mon_chr;
1995 memset(s, 0, sizeof(GDBState));
1996 s->mon_chr = mon_chr;
1997 }
1998 s->c_cpu = first_cpu;
1999 s->g_cpu = first_cpu;
2000 if (chr) {
2001 qemu_chr_fe_init(&s->chr, chr, &error_abort);
2002 qemu_chr_fe_set_handlers(&s->chr, gdb_chr_can_receive, gdb_chr_receive,
2003 gdb_chr_event, NULL, NULL, NULL, true);
2004 }
2005 s->state = chr ? RS_IDLE : RS_INACTIVE;
2006 s->mon_chr = mon_chr;
2007 s->current_syscall_cb = NULL;
2008
2009 return 0;
2010 }
2011
2012 static void register_types(void)
2013 {
2014 type_register_static(&char_gdb_type_info);
2015 }
2016
2017 type_init(register_types);
2018 #endif
armbru's QEMU hackery