migration: consolidate VMStateField.start
[qemu/kevin.git] / gdbstub.c
blob755a8e378d9c4683878eb110720b49f1f5119bec
1 /*
2 * gdb server stub
4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #include "qemu/error-report.h"
22 #include "qemu/cutils.h"
23 #include "cpu.h"
24 #ifdef CONFIG_USER_ONLY
25 #include "qemu.h"
26 #else
27 #include "monitor/monitor.h"
28 #include "sysemu/char.h"
29 #include "sysemu/sysemu.h"
30 #include "exec/gdbstub.h"
31 #endif
33 #define MAX_PACKET_LENGTH 4096
35 #include "qemu/sockets.h"
36 #include "sysemu/hw_accel.h"
37 #include "sysemu/kvm.h"
38 #include "exec/semihost.h"
39 #include "exec/exec-all.h"
41 #ifdef CONFIG_USER_ONLY
42 #define GDB_ATTACHED "0"
43 #else
44 #define GDB_ATTACHED "1"
45 #endif
47 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
48 uint8_t *buf, int len, bool is_write)
50 CPUClass *cc = CPU_GET_CLASS(cpu);
52 if (cc->memory_rw_debug) {
53 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
55 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
58 enum {
59 GDB_SIGNAL_0 = 0,
60 GDB_SIGNAL_INT = 2,
61 GDB_SIGNAL_QUIT = 3,
62 GDB_SIGNAL_TRAP = 5,
63 GDB_SIGNAL_ABRT = 6,
64 GDB_SIGNAL_ALRM = 14,
65 GDB_SIGNAL_IO = 23,
66 GDB_SIGNAL_XCPU = 24,
67 GDB_SIGNAL_UNKNOWN = 143
70 #ifdef CONFIG_USER_ONLY
72 /* Map target signal numbers to GDB protocol signal numbers and vice
73 * versa. For user emulation's currently supported systems, we can
74 * assume most signals are defined.
77 static int gdb_signal_table[] = {
79 TARGET_SIGHUP,
80 TARGET_SIGINT,
81 TARGET_SIGQUIT,
82 TARGET_SIGILL,
83 TARGET_SIGTRAP,
84 TARGET_SIGABRT,
85 -1, /* SIGEMT */
86 TARGET_SIGFPE,
87 TARGET_SIGKILL,
88 TARGET_SIGBUS,
89 TARGET_SIGSEGV,
90 TARGET_SIGSYS,
91 TARGET_SIGPIPE,
92 TARGET_SIGALRM,
93 TARGET_SIGTERM,
94 TARGET_SIGURG,
95 TARGET_SIGSTOP,
96 TARGET_SIGTSTP,
97 TARGET_SIGCONT,
98 TARGET_SIGCHLD,
99 TARGET_SIGTTIN,
100 TARGET_SIGTTOU,
101 TARGET_SIGIO,
102 TARGET_SIGXCPU,
103 TARGET_SIGXFSZ,
104 TARGET_SIGVTALRM,
105 TARGET_SIGPROF,
106 TARGET_SIGWINCH,
107 -1, /* SIGLOST */
108 TARGET_SIGUSR1,
109 TARGET_SIGUSR2,
110 #ifdef TARGET_SIGPWR
111 TARGET_SIGPWR,
112 #else
114 #endif
115 -1, /* SIGPOLL */
127 #ifdef __SIGRTMIN
128 __SIGRTMIN + 1,
129 __SIGRTMIN + 2,
130 __SIGRTMIN + 3,
131 __SIGRTMIN + 4,
132 __SIGRTMIN + 5,
133 __SIGRTMIN + 6,
134 __SIGRTMIN + 7,
135 __SIGRTMIN + 8,
136 __SIGRTMIN + 9,
137 __SIGRTMIN + 10,
138 __SIGRTMIN + 11,
139 __SIGRTMIN + 12,
140 __SIGRTMIN + 13,
141 __SIGRTMIN + 14,
142 __SIGRTMIN + 15,
143 __SIGRTMIN + 16,
144 __SIGRTMIN + 17,
145 __SIGRTMIN + 18,
146 __SIGRTMIN + 19,
147 __SIGRTMIN + 20,
148 __SIGRTMIN + 21,
149 __SIGRTMIN + 22,
150 __SIGRTMIN + 23,
151 __SIGRTMIN + 24,
152 __SIGRTMIN + 25,
153 __SIGRTMIN + 26,
154 __SIGRTMIN + 27,
155 __SIGRTMIN + 28,
156 __SIGRTMIN + 29,
157 __SIGRTMIN + 30,
158 __SIGRTMIN + 31,
159 -1, /* SIGCANCEL */
160 __SIGRTMIN,
161 __SIGRTMIN + 32,
162 __SIGRTMIN + 33,
163 __SIGRTMIN + 34,
164 __SIGRTMIN + 35,
165 __SIGRTMIN + 36,
166 __SIGRTMIN + 37,
167 __SIGRTMIN + 38,
168 __SIGRTMIN + 39,
169 __SIGRTMIN + 40,
170 __SIGRTMIN + 41,
171 __SIGRTMIN + 42,
172 __SIGRTMIN + 43,
173 __SIGRTMIN + 44,
174 __SIGRTMIN + 45,
175 __SIGRTMIN + 46,
176 __SIGRTMIN + 47,
177 __SIGRTMIN + 48,
178 __SIGRTMIN + 49,
179 __SIGRTMIN + 50,
180 __SIGRTMIN + 51,
181 __SIGRTMIN + 52,
182 __SIGRTMIN + 53,
183 __SIGRTMIN + 54,
184 __SIGRTMIN + 55,
185 __SIGRTMIN + 56,
186 __SIGRTMIN + 57,
187 __SIGRTMIN + 58,
188 __SIGRTMIN + 59,
189 __SIGRTMIN + 60,
190 __SIGRTMIN + 61,
191 __SIGRTMIN + 62,
192 __SIGRTMIN + 63,
193 __SIGRTMIN + 64,
194 __SIGRTMIN + 65,
195 __SIGRTMIN + 66,
196 __SIGRTMIN + 67,
197 __SIGRTMIN + 68,
198 __SIGRTMIN + 69,
199 __SIGRTMIN + 70,
200 __SIGRTMIN + 71,
201 __SIGRTMIN + 72,
202 __SIGRTMIN + 73,
203 __SIGRTMIN + 74,
204 __SIGRTMIN + 75,
205 __SIGRTMIN + 76,
206 __SIGRTMIN + 77,
207 __SIGRTMIN + 78,
208 __SIGRTMIN + 79,
209 __SIGRTMIN + 80,
210 __SIGRTMIN + 81,
211 __SIGRTMIN + 82,
212 __SIGRTMIN + 83,
213 __SIGRTMIN + 84,
214 __SIGRTMIN + 85,
215 __SIGRTMIN + 86,
216 __SIGRTMIN + 87,
217 __SIGRTMIN + 88,
218 __SIGRTMIN + 89,
219 __SIGRTMIN + 90,
220 __SIGRTMIN + 91,
221 __SIGRTMIN + 92,
222 __SIGRTMIN + 93,
223 __SIGRTMIN + 94,
224 __SIGRTMIN + 95,
225 -1, /* SIGINFO */
226 -1, /* UNKNOWN */
227 -1, /* DEFAULT */
234 #endif
236 #else
237 /* In system mode we only need SIGINT and SIGTRAP; other signals
238 are not yet supported. */
240 enum {
241 TARGET_SIGINT = 2,
242 TARGET_SIGTRAP = 5
245 static int gdb_signal_table[] = {
248 TARGET_SIGINT,
251 TARGET_SIGTRAP
253 #endif
255 #ifdef CONFIG_USER_ONLY
256 static int target_signal_to_gdb (int sig)
258 int i;
259 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
260 if (gdb_signal_table[i] == sig)
261 return i;
262 return GDB_SIGNAL_UNKNOWN;
264 #endif
266 static int gdb_signal_to_target (int sig)
268 if (sig < ARRAY_SIZE (gdb_signal_table))
269 return gdb_signal_table[sig];
270 else
271 return -1;
274 //#define DEBUG_GDB
276 typedef struct GDBRegisterState {
277 int base_reg;
278 int num_regs;
279 gdb_reg_cb get_reg;
280 gdb_reg_cb set_reg;
281 const char *xml;
282 struct GDBRegisterState *next;
283 } GDBRegisterState;
285 enum RSState {
286 RS_INACTIVE,
287 RS_IDLE,
288 RS_GETLINE,
289 RS_CHKSUM1,
290 RS_CHKSUM2,
292 typedef struct GDBState {
293 CPUState *c_cpu; /* current CPU for step/continue ops */
294 CPUState *g_cpu; /* current CPU for other ops */
295 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
296 enum RSState state; /* parsing state */
297 char line_buf[MAX_PACKET_LENGTH];
298 int line_buf_index;
299 int line_csum;
300 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
301 int last_packet_len;
302 int signal;
303 #ifdef CONFIG_USER_ONLY
304 int fd;
305 int running_state;
306 #else
307 CharBackend chr;
308 Chardev *mon_chr;
309 #endif
310 char syscall_buf[256];
311 gdb_syscall_complete_cb current_syscall_cb;
312 } GDBState;
314 /* By default use no IRQs and no timers while single stepping so as to
315 * make single stepping like an ICE HW step.
317 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
319 static GDBState *gdbserver_state;
321 bool gdb_has_xml;
323 #ifdef CONFIG_USER_ONLY
324 /* XXX: This is not thread safe. Do we care? */
325 static int gdbserver_fd = -1;
327 static int get_char(GDBState *s)
329 uint8_t ch;
330 int ret;
332 for(;;) {
333 ret = qemu_recv(s->fd, &ch, 1, 0);
334 if (ret < 0) {
335 if (errno == ECONNRESET)
336 s->fd = -1;
337 if (errno != EINTR)
338 return -1;
339 } else if (ret == 0) {
340 close(s->fd);
341 s->fd = -1;
342 return -1;
343 } else {
344 break;
347 return ch;
349 #endif
351 static enum {
352 GDB_SYS_UNKNOWN,
353 GDB_SYS_ENABLED,
354 GDB_SYS_DISABLED,
355 } gdb_syscall_mode;
357 /* Decide if either remote gdb syscalls or native file IO should be used. */
358 int use_gdb_syscalls(void)
360 SemihostingTarget target = semihosting_get_target();
361 if (target == SEMIHOSTING_TARGET_NATIVE) {
362 /* -semihosting-config target=native */
363 return false;
364 } else if (target == SEMIHOSTING_TARGET_GDB) {
365 /* -semihosting-config target=gdb */
366 return true;
369 /* -semihosting-config target=auto */
370 /* On the first call check if gdb is connected and remember. */
371 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
372 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
373 : GDB_SYS_DISABLED);
375 return gdb_syscall_mode == GDB_SYS_ENABLED;
378 /* Resume execution. */
379 static inline void gdb_continue(GDBState *s)
381 #ifdef CONFIG_USER_ONLY
382 s->running_state = 1;
383 #else
384 if (!runstate_needs_reset()) {
385 vm_start();
387 #endif
390 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
392 #ifdef CONFIG_USER_ONLY
393 int ret;
395 while (len > 0) {
396 ret = send(s->fd, buf, len, 0);
397 if (ret < 0) {
398 if (errno != EINTR)
399 return;
400 } else {
401 buf += ret;
402 len -= ret;
405 #else
406 /* XXX this blocks entire thread. Rewrite to use
407 * qemu_chr_fe_write and background I/O callbacks */
408 qemu_chr_fe_write_all(&s->chr, buf, len);
409 #endif
412 static inline int fromhex(int v)
414 if (v >= '0' && v <= '9')
415 return v - '0';
416 else if (v >= 'A' && v <= 'F')
417 return v - 'A' + 10;
418 else if (v >= 'a' && v <= 'f')
419 return v - 'a' + 10;
420 else
421 return 0;
424 static inline int tohex(int v)
426 if (v < 10)
427 return v + '0';
428 else
429 return v - 10 + 'a';
432 static void memtohex(char *buf, const uint8_t *mem, int len)
434 int i, c;
435 char *q;
436 q = buf;
437 for(i = 0; i < len; i++) {
438 c = mem[i];
439 *q++ = tohex(c >> 4);
440 *q++ = tohex(c & 0xf);
442 *q = '\0';
445 static void hextomem(uint8_t *mem, const char *buf, int len)
447 int i;
449 for(i = 0; i < len; i++) {
450 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
451 buf += 2;
455 /* return -1 if error, 0 if OK */
456 static int put_packet_binary(GDBState *s, const char *buf, int len)
458 int csum, i;
459 uint8_t *p;
461 for(;;) {
462 p = s->last_packet;
463 *(p++) = '$';
464 memcpy(p, buf, len);
465 p += len;
466 csum = 0;
467 for(i = 0; i < len; i++) {
468 csum += buf[i];
470 *(p++) = '#';
471 *(p++) = tohex((csum >> 4) & 0xf);
472 *(p++) = tohex((csum) & 0xf);
474 s->last_packet_len = p - s->last_packet;
475 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
477 #ifdef CONFIG_USER_ONLY
478 i = get_char(s);
479 if (i < 0)
480 return -1;
481 if (i == '+')
482 break;
483 #else
484 break;
485 #endif
487 return 0;
490 /* return -1 if error, 0 if OK */
491 static int put_packet(GDBState *s, const char *buf)
493 #ifdef DEBUG_GDB
494 printf("reply='%s'\n", buf);
495 #endif
497 return put_packet_binary(s, buf, strlen(buf));
500 /* Encode data using the encoding for 'x' packets. */
501 static int memtox(char *buf, const char *mem, int len)
503 char *p = buf;
504 char c;
506 while (len--) {
507 c = *(mem++);
508 switch (c) {
509 case '#': case '$': case '*': case '}':
510 *(p++) = '}';
511 *(p++) = c ^ 0x20;
512 break;
513 default:
514 *(p++) = c;
515 break;
518 return p - buf;
521 static const char *get_feature_xml(const char *p, const char **newp,
522 CPUClass *cc)
524 size_t len;
525 int i;
526 const char *name;
527 static char target_xml[1024];
529 len = 0;
530 while (p[len] && p[len] != ':')
531 len++;
532 *newp = p + len;
534 name = NULL;
535 if (strncmp(p, "target.xml", len) == 0) {
536 /* Generate the XML description for this CPU. */
537 if (!target_xml[0]) {
538 GDBRegisterState *r;
539 CPUState *cpu = first_cpu;
541 pstrcat(target_xml, sizeof(target_xml),
542 "<?xml version=\"1.0\"?>"
543 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
544 "<target>");
545 if (cc->gdb_arch_name) {
546 gchar *arch = cc->gdb_arch_name(cpu);
547 pstrcat(target_xml, sizeof(target_xml), "<architecture>");
548 pstrcat(target_xml, sizeof(target_xml), arch);
549 pstrcat(target_xml, sizeof(target_xml), "</architecture>");
550 g_free(arch);
552 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
553 pstrcat(target_xml, sizeof(target_xml), cc->gdb_core_xml_file);
554 pstrcat(target_xml, sizeof(target_xml), "\"/>");
555 for (r = cpu->gdb_regs; r; r = r->next) {
556 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
557 pstrcat(target_xml, sizeof(target_xml), r->xml);
558 pstrcat(target_xml, sizeof(target_xml), "\"/>");
560 pstrcat(target_xml, sizeof(target_xml), "</target>");
562 return target_xml;
564 for (i = 0; ; i++) {
565 name = xml_builtin[i][0];
566 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
567 break;
569 return name ? xml_builtin[i][1] : NULL;
572 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
574 CPUClass *cc = CPU_GET_CLASS(cpu);
575 CPUArchState *env = cpu->env_ptr;
576 GDBRegisterState *r;
578 if (reg < cc->gdb_num_core_regs) {
579 return cc->gdb_read_register(cpu, mem_buf, reg);
582 for (r = cpu->gdb_regs; r; r = r->next) {
583 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
584 return r->get_reg(env, mem_buf, reg - r->base_reg);
587 return 0;
590 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
592 CPUClass *cc = CPU_GET_CLASS(cpu);
593 CPUArchState *env = cpu->env_ptr;
594 GDBRegisterState *r;
596 if (reg < cc->gdb_num_core_regs) {
597 return cc->gdb_write_register(cpu, mem_buf, reg);
600 for (r = cpu->gdb_regs; r; r = r->next) {
601 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
602 return r->set_reg(env, mem_buf, reg - r->base_reg);
605 return 0;
608 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
609 specifies the first register number and these registers are included in
610 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
611 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
614 void gdb_register_coprocessor(CPUState *cpu,
615 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
616 int num_regs, const char *xml, int g_pos)
618 GDBRegisterState *s;
619 GDBRegisterState **p;
621 p = &cpu->gdb_regs;
622 while (*p) {
623 /* Check for duplicates. */
624 if (strcmp((*p)->xml, xml) == 0)
625 return;
626 p = &(*p)->next;
629 s = g_new0(GDBRegisterState, 1);
630 s->base_reg = cpu->gdb_num_regs;
631 s->num_regs = num_regs;
632 s->get_reg = get_reg;
633 s->set_reg = set_reg;
634 s->xml = xml;
636 /* Add to end of list. */
637 cpu->gdb_num_regs += num_regs;
638 *p = s;
639 if (g_pos) {
640 if (g_pos != s->base_reg) {
641 error_report("Error: Bad gdb register numbering for '%s', "
642 "expected %d got %d", xml, g_pos, s->base_reg);
643 } else {
644 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
649 #ifndef CONFIG_USER_ONLY
650 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
651 static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
653 static const int xlat[] = {
654 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
655 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
656 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
659 CPUClass *cc = CPU_GET_CLASS(cpu);
660 int cputype = xlat[gdbtype];
662 if (cc->gdb_stop_before_watchpoint) {
663 cputype |= BP_STOP_BEFORE_ACCESS;
665 return cputype;
667 #endif
669 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
671 CPUState *cpu;
672 int err = 0;
674 if (kvm_enabled()) {
675 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
678 switch (type) {
679 case GDB_BREAKPOINT_SW:
680 case GDB_BREAKPOINT_HW:
681 CPU_FOREACH(cpu) {
682 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
683 if (err) {
684 break;
687 return err;
688 #ifndef CONFIG_USER_ONLY
689 case GDB_WATCHPOINT_WRITE:
690 case GDB_WATCHPOINT_READ:
691 case GDB_WATCHPOINT_ACCESS:
692 CPU_FOREACH(cpu) {
693 err = cpu_watchpoint_insert(cpu, addr, len,
694 xlat_gdb_type(cpu, type), NULL);
695 if (err) {
696 break;
699 return err;
700 #endif
701 default:
702 return -ENOSYS;
706 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
708 CPUState *cpu;
709 int err = 0;
711 if (kvm_enabled()) {
712 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
715 switch (type) {
716 case GDB_BREAKPOINT_SW:
717 case GDB_BREAKPOINT_HW:
718 CPU_FOREACH(cpu) {
719 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
720 if (err) {
721 break;
724 return err;
725 #ifndef CONFIG_USER_ONLY
726 case GDB_WATCHPOINT_WRITE:
727 case GDB_WATCHPOINT_READ:
728 case GDB_WATCHPOINT_ACCESS:
729 CPU_FOREACH(cpu) {
730 err = cpu_watchpoint_remove(cpu, addr, len,
731 xlat_gdb_type(cpu, type));
732 if (err)
733 break;
735 return err;
736 #endif
737 default:
738 return -ENOSYS;
742 static void gdb_breakpoint_remove_all(void)
744 CPUState *cpu;
746 if (kvm_enabled()) {
747 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
748 return;
751 CPU_FOREACH(cpu) {
752 cpu_breakpoint_remove_all(cpu, BP_GDB);
753 #ifndef CONFIG_USER_ONLY
754 cpu_watchpoint_remove_all(cpu, BP_GDB);
755 #endif
759 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
761 CPUState *cpu = s->c_cpu;
763 cpu_synchronize_state(cpu);
764 cpu_set_pc(cpu, pc);
767 static CPUState *find_cpu(uint32_t thread_id)
769 CPUState *cpu;
771 CPU_FOREACH(cpu) {
772 if (cpu_index(cpu) == thread_id) {
773 return cpu;
777 return NULL;
780 static int is_query_packet(const char *p, const char *query, char separator)
782 unsigned int query_len = strlen(query);
784 return strncmp(p, query, query_len) == 0 &&
785 (p[query_len] == '\0' || p[query_len] == separator);
788 static int gdb_handle_packet(GDBState *s, const char *line_buf)
790 CPUState *cpu;
791 CPUClass *cc;
792 const char *p;
793 uint32_t thread;
794 int ch, reg_size, type, res;
795 char buf[MAX_PACKET_LENGTH];
796 uint8_t mem_buf[MAX_PACKET_LENGTH];
797 uint8_t *registers;
798 target_ulong addr, len;
800 #ifdef DEBUG_GDB
801 printf("command='%s'\n", line_buf);
802 #endif
803 p = line_buf;
804 ch = *p++;
805 switch(ch) {
806 case '?':
807 /* TODO: Make this return the correct value for user-mode. */
808 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
809 cpu_index(s->c_cpu));
810 put_packet(s, buf);
811 /* Remove all the breakpoints when this query is issued,
812 * because gdb is doing and initial connect and the state
813 * should be cleaned up.
815 gdb_breakpoint_remove_all();
816 break;
817 case 'c':
818 if (*p != '\0') {
819 addr = strtoull(p, (char **)&p, 16);
820 gdb_set_cpu_pc(s, addr);
822 s->signal = 0;
823 gdb_continue(s);
824 return RS_IDLE;
825 case 'C':
826 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
827 if (s->signal == -1)
828 s->signal = 0;
829 gdb_continue(s);
830 return RS_IDLE;
831 case 'v':
832 if (strncmp(p, "Cont", 4) == 0) {
833 int res_signal, res_thread;
835 p += 4;
836 if (*p == '?') {
837 put_packet(s, "vCont;c;C;s;S");
838 break;
840 res = 0;
841 res_signal = 0;
842 res_thread = 0;
843 while (*p) {
844 int action, signal;
846 if (*p++ != ';') {
847 res = 0;
848 break;
850 action = *p++;
851 signal = 0;
852 if (action == 'C' || action == 'S') {
853 signal = gdb_signal_to_target(strtoul(p, (char **)&p, 16));
854 if (signal == -1) {
855 signal = 0;
857 } else if (action != 'c' && action != 's') {
858 res = 0;
859 break;
861 thread = 0;
862 if (*p == ':') {
863 thread = strtoull(p+1, (char **)&p, 16);
865 action = tolower(action);
866 if (res == 0 || (res == 'c' && action == 's')) {
867 res = action;
868 res_signal = signal;
869 res_thread = thread;
872 if (res) {
873 if (res_thread != -1 && res_thread != 0) {
874 cpu = find_cpu(res_thread);
875 if (cpu == NULL) {
876 put_packet(s, "E22");
877 break;
879 s->c_cpu = cpu;
881 if (res == 's') {
882 cpu_single_step(s->c_cpu, sstep_flags);
884 s->signal = res_signal;
885 gdb_continue(s);
886 return RS_IDLE;
888 break;
889 } else {
890 goto unknown_command;
892 case 'k':
893 /* Kill the target */
894 error_report("QEMU: Terminated via GDBstub");
895 exit(0);
896 case 'D':
897 /* Detach packet */
898 gdb_breakpoint_remove_all();
899 gdb_syscall_mode = GDB_SYS_DISABLED;
900 gdb_continue(s);
901 put_packet(s, "OK");
902 break;
903 case 's':
904 if (*p != '\0') {
905 addr = strtoull(p, (char **)&p, 16);
906 gdb_set_cpu_pc(s, addr);
908 cpu_single_step(s->c_cpu, sstep_flags);
909 gdb_continue(s);
910 return RS_IDLE;
911 case 'F':
913 target_ulong ret;
914 target_ulong err;
916 ret = strtoull(p, (char **)&p, 16);
917 if (*p == ',') {
918 p++;
919 err = strtoull(p, (char **)&p, 16);
920 } else {
921 err = 0;
923 if (*p == ',')
924 p++;
925 type = *p;
926 if (s->current_syscall_cb) {
927 s->current_syscall_cb(s->c_cpu, ret, err);
928 s->current_syscall_cb = NULL;
930 if (type == 'C') {
931 put_packet(s, "T02");
932 } else {
933 gdb_continue(s);
936 break;
937 case 'g':
938 cpu_synchronize_state(s->g_cpu);
939 len = 0;
940 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs; addr++) {
941 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
942 len += reg_size;
944 memtohex(buf, mem_buf, len);
945 put_packet(s, buf);
946 break;
947 case 'G':
948 cpu_synchronize_state(s->g_cpu);
949 registers = mem_buf;
950 len = strlen(p) / 2;
951 hextomem((uint8_t *)registers, p, len);
952 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs && len > 0; addr++) {
953 reg_size = gdb_write_register(s->g_cpu, registers, addr);
954 len -= reg_size;
955 registers += reg_size;
957 put_packet(s, "OK");
958 break;
959 case 'm':
960 addr = strtoull(p, (char **)&p, 16);
961 if (*p == ',')
962 p++;
963 len = strtoull(p, NULL, 16);
965 /* memtohex() doubles the required space */
966 if (len > MAX_PACKET_LENGTH / 2) {
967 put_packet (s, "E22");
968 break;
971 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
972 put_packet (s, "E14");
973 } else {
974 memtohex(buf, mem_buf, len);
975 put_packet(s, buf);
977 break;
978 case 'M':
979 addr = strtoull(p, (char **)&p, 16);
980 if (*p == ',')
981 p++;
982 len = strtoull(p, (char **)&p, 16);
983 if (*p == ':')
984 p++;
986 /* hextomem() reads 2*len bytes */
987 if (len > strlen(p) / 2) {
988 put_packet (s, "E22");
989 break;
991 hextomem(mem_buf, p, len);
992 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
993 true) != 0) {
994 put_packet(s, "E14");
995 } else {
996 put_packet(s, "OK");
998 break;
999 case 'p':
1000 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1001 This works, but can be very slow. Anything new enough to
1002 understand XML also knows how to use this properly. */
1003 if (!gdb_has_xml)
1004 goto unknown_command;
1005 addr = strtoull(p, (char **)&p, 16);
1006 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1007 if (reg_size) {
1008 memtohex(buf, mem_buf, reg_size);
1009 put_packet(s, buf);
1010 } else {
1011 put_packet(s, "E14");
1013 break;
1014 case 'P':
1015 if (!gdb_has_xml)
1016 goto unknown_command;
1017 addr = strtoull(p, (char **)&p, 16);
1018 if (*p == '=')
1019 p++;
1020 reg_size = strlen(p) / 2;
1021 hextomem(mem_buf, p, reg_size);
1022 gdb_write_register(s->g_cpu, mem_buf, addr);
1023 put_packet(s, "OK");
1024 break;
1025 case 'Z':
1026 case 'z':
1027 type = strtoul(p, (char **)&p, 16);
1028 if (*p == ',')
1029 p++;
1030 addr = strtoull(p, (char **)&p, 16);
1031 if (*p == ',')
1032 p++;
1033 len = strtoull(p, (char **)&p, 16);
1034 if (ch == 'Z')
1035 res = gdb_breakpoint_insert(addr, len, type);
1036 else
1037 res = gdb_breakpoint_remove(addr, len, type);
1038 if (res >= 0)
1039 put_packet(s, "OK");
1040 else if (res == -ENOSYS)
1041 put_packet(s, "");
1042 else
1043 put_packet(s, "E22");
1044 break;
1045 case 'H':
1046 type = *p++;
1047 thread = strtoull(p, (char **)&p, 16);
1048 if (thread == -1 || thread == 0) {
1049 put_packet(s, "OK");
1050 break;
1052 cpu = find_cpu(thread);
1053 if (cpu == NULL) {
1054 put_packet(s, "E22");
1055 break;
1057 switch (type) {
1058 case 'c':
1059 s->c_cpu = cpu;
1060 put_packet(s, "OK");
1061 break;
1062 case 'g':
1063 s->g_cpu = cpu;
1064 put_packet(s, "OK");
1065 break;
1066 default:
1067 put_packet(s, "E22");
1068 break;
1070 break;
1071 case 'T':
1072 thread = strtoull(p, (char **)&p, 16);
1073 cpu = find_cpu(thread);
1075 if (cpu != NULL) {
1076 put_packet(s, "OK");
1077 } else {
1078 put_packet(s, "E22");
1080 break;
1081 case 'q':
1082 case 'Q':
1083 /* parse any 'q' packets here */
1084 if (!strcmp(p,"qemu.sstepbits")) {
1085 /* Query Breakpoint bit definitions */
1086 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1087 SSTEP_ENABLE,
1088 SSTEP_NOIRQ,
1089 SSTEP_NOTIMER);
1090 put_packet(s, buf);
1091 break;
1092 } else if (is_query_packet(p, "qemu.sstep", '=')) {
1093 /* Display or change the sstep_flags */
1094 p += 10;
1095 if (*p != '=') {
1096 /* Display current setting */
1097 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1098 put_packet(s, buf);
1099 break;
1101 p++;
1102 type = strtoul(p, (char **)&p, 16);
1103 sstep_flags = type;
1104 put_packet(s, "OK");
1105 break;
1106 } else if (strcmp(p,"C") == 0) {
1107 /* "Current thread" remains vague in the spec, so always return
1108 * the first CPU (gdb returns the first thread). */
1109 put_packet(s, "QC1");
1110 break;
1111 } else if (strcmp(p,"fThreadInfo") == 0) {
1112 s->query_cpu = first_cpu;
1113 goto report_cpuinfo;
1114 } else if (strcmp(p,"sThreadInfo") == 0) {
1115 report_cpuinfo:
1116 if (s->query_cpu) {
1117 snprintf(buf, sizeof(buf), "m%x", cpu_index(s->query_cpu));
1118 put_packet(s, buf);
1119 s->query_cpu = CPU_NEXT(s->query_cpu);
1120 } else
1121 put_packet(s, "l");
1122 break;
1123 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1124 thread = strtoull(p+16, (char **)&p, 16);
1125 cpu = find_cpu(thread);
1126 if (cpu != NULL) {
1127 cpu_synchronize_state(cpu);
1128 /* memtohex() doubles the required space */
1129 len = snprintf((char *)mem_buf, sizeof(buf) / 2,
1130 "CPU#%d [%s]", cpu->cpu_index,
1131 cpu->halted ? "halted " : "running");
1132 memtohex(buf, mem_buf, len);
1133 put_packet(s, buf);
1135 break;
1137 #ifdef CONFIG_USER_ONLY
1138 else if (strcmp(p, "Offsets") == 0) {
1139 TaskState *ts = s->c_cpu->opaque;
1141 snprintf(buf, sizeof(buf),
1142 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1143 ";Bss=" TARGET_ABI_FMT_lx,
1144 ts->info->code_offset,
1145 ts->info->data_offset,
1146 ts->info->data_offset);
1147 put_packet(s, buf);
1148 break;
1150 #else /* !CONFIG_USER_ONLY */
1151 else if (strncmp(p, "Rcmd,", 5) == 0) {
1152 int len = strlen(p + 5);
1154 if ((len % 2) != 0) {
1155 put_packet(s, "E01");
1156 break;
1158 len = len / 2;
1159 hextomem(mem_buf, p + 5, len);
1160 mem_buf[len++] = 0;
1161 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1162 put_packet(s, "OK");
1163 break;
1165 #endif /* !CONFIG_USER_ONLY */
1166 if (is_query_packet(p, "Supported", ':')) {
1167 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1168 cc = CPU_GET_CLASS(first_cpu);
1169 if (cc->gdb_core_xml_file != NULL) {
1170 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1172 put_packet(s, buf);
1173 break;
1175 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1176 const char *xml;
1177 target_ulong total_len;
1179 cc = CPU_GET_CLASS(first_cpu);
1180 if (cc->gdb_core_xml_file == NULL) {
1181 goto unknown_command;
1184 gdb_has_xml = true;
1185 p += 19;
1186 xml = get_feature_xml(p, &p, cc);
1187 if (!xml) {
1188 snprintf(buf, sizeof(buf), "E00");
1189 put_packet(s, buf);
1190 break;
1193 if (*p == ':')
1194 p++;
1195 addr = strtoul(p, (char **)&p, 16);
1196 if (*p == ',')
1197 p++;
1198 len = strtoul(p, (char **)&p, 16);
1200 total_len = strlen(xml);
1201 if (addr > total_len) {
1202 snprintf(buf, sizeof(buf), "E00");
1203 put_packet(s, buf);
1204 break;
1206 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1207 len = (MAX_PACKET_LENGTH - 5) / 2;
1208 if (len < total_len - addr) {
1209 buf[0] = 'm';
1210 len = memtox(buf + 1, xml + addr, len);
1211 } else {
1212 buf[0] = 'l';
1213 len = memtox(buf + 1, xml + addr, total_len - addr);
1215 put_packet_binary(s, buf, len + 1);
1216 break;
1218 if (is_query_packet(p, "Attached", ':')) {
1219 put_packet(s, GDB_ATTACHED);
1220 break;
1222 /* Unrecognised 'q' command. */
1223 goto unknown_command;
1225 default:
1226 unknown_command:
1227 /* put empty packet */
1228 buf[0] = '\0';
1229 put_packet(s, buf);
1230 break;
1232 return RS_IDLE;
1235 void gdb_set_stop_cpu(CPUState *cpu)
1237 gdbserver_state->c_cpu = cpu;
1238 gdbserver_state->g_cpu = cpu;
1241 #ifndef CONFIG_USER_ONLY
1242 static void gdb_vm_state_change(void *opaque, int running, RunState state)
1244 GDBState *s = gdbserver_state;
1245 CPUState *cpu = s->c_cpu;
1246 char buf[256];
1247 const char *type;
1248 int ret;
1250 if (running || s->state == RS_INACTIVE) {
1251 return;
1253 /* Is there a GDB syscall waiting to be sent? */
1254 if (s->current_syscall_cb) {
1255 put_packet(s, s->syscall_buf);
1256 return;
1258 switch (state) {
1259 case RUN_STATE_DEBUG:
1260 if (cpu->watchpoint_hit) {
1261 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
1262 case BP_MEM_READ:
1263 type = "r";
1264 break;
1265 case BP_MEM_ACCESS:
1266 type = "a";
1267 break;
1268 default:
1269 type = "";
1270 break;
1272 snprintf(buf, sizeof(buf),
1273 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
1274 GDB_SIGNAL_TRAP, cpu_index(cpu), type,
1275 (target_ulong)cpu->watchpoint_hit->vaddr);
1276 cpu->watchpoint_hit = NULL;
1277 goto send_packet;
1279 tb_flush(cpu);
1280 ret = GDB_SIGNAL_TRAP;
1281 break;
1282 case RUN_STATE_PAUSED:
1283 ret = GDB_SIGNAL_INT;
1284 break;
1285 case RUN_STATE_SHUTDOWN:
1286 ret = GDB_SIGNAL_QUIT;
1287 break;
1288 case RUN_STATE_IO_ERROR:
1289 ret = GDB_SIGNAL_IO;
1290 break;
1291 case RUN_STATE_WATCHDOG:
1292 ret = GDB_SIGNAL_ALRM;
1293 break;
1294 case RUN_STATE_INTERNAL_ERROR:
1295 ret = GDB_SIGNAL_ABRT;
1296 break;
1297 case RUN_STATE_SAVE_VM:
1298 case RUN_STATE_RESTORE_VM:
1299 return;
1300 case RUN_STATE_FINISH_MIGRATE:
1301 ret = GDB_SIGNAL_XCPU;
1302 break;
1303 default:
1304 ret = GDB_SIGNAL_UNKNOWN;
1305 break;
1307 gdb_set_stop_cpu(cpu);
1308 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_index(cpu));
1310 send_packet:
1311 put_packet(s, buf);
1313 /* disable single step if it was enabled */
1314 cpu_single_step(cpu, 0);
1316 #endif
1318 /* Send a gdb syscall request.
1319 This accepts limited printf-style format specifiers, specifically:
1320 %x - target_ulong argument printed in hex.
1321 %lx - 64-bit argument printed in hex.
1322 %s - string pointer (target_ulong) and length (int) pair. */
1323 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
1325 char *p;
1326 char *p_end;
1327 target_ulong addr;
1328 uint64_t i64;
1329 GDBState *s;
1331 s = gdbserver_state;
1332 if (!s)
1333 return;
1334 s->current_syscall_cb = cb;
1335 #ifndef CONFIG_USER_ONLY
1336 vm_stop(RUN_STATE_DEBUG);
1337 #endif
1338 p = s->syscall_buf;
1339 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
1340 *(p++) = 'F';
1341 while (*fmt) {
1342 if (*fmt == '%') {
1343 fmt++;
1344 switch (*fmt++) {
1345 case 'x':
1346 addr = va_arg(va, target_ulong);
1347 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
1348 break;
1349 case 'l':
1350 if (*(fmt++) != 'x')
1351 goto bad_format;
1352 i64 = va_arg(va, uint64_t);
1353 p += snprintf(p, p_end - p, "%" PRIx64, i64);
1354 break;
1355 case 's':
1356 addr = va_arg(va, target_ulong);
1357 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
1358 addr, va_arg(va, int));
1359 break;
1360 default:
1361 bad_format:
1362 error_report("gdbstub: Bad syscall format string '%s'",
1363 fmt - 1);
1364 break;
1366 } else {
1367 *(p++) = *(fmt++);
1370 *p = 0;
1371 #ifdef CONFIG_USER_ONLY
1372 put_packet(s, s->syscall_buf);
1373 gdb_handlesig(s->c_cpu, 0);
1374 #else
1375 /* In this case wait to send the syscall packet until notification that
1376 the CPU has stopped. This must be done because if the packet is sent
1377 now the reply from the syscall request could be received while the CPU
1378 is still in the running state, which can cause packets to be dropped
1379 and state transition 'T' packets to be sent while the syscall is still
1380 being processed. */
1381 qemu_cpu_kick(s->c_cpu);
1382 #endif
1385 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1387 va_list va;
1389 va_start(va, fmt);
1390 gdb_do_syscallv(cb, fmt, va);
1391 va_end(va);
1394 static void gdb_read_byte(GDBState *s, int ch)
1396 int i, csum;
1397 uint8_t reply;
1399 #ifndef CONFIG_USER_ONLY
1400 if (s->last_packet_len) {
1401 /* Waiting for a response to the last packet. If we see the start
1402 of a new command then abandon the previous response. */
1403 if (ch == '-') {
1404 #ifdef DEBUG_GDB
1405 printf("Got NACK, retransmitting\n");
1406 #endif
1407 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
1409 #ifdef DEBUG_GDB
1410 else if (ch == '+')
1411 printf("Got ACK\n");
1412 else
1413 printf("Got '%c' when expecting ACK/NACK\n", ch);
1414 #endif
1415 if (ch == '+' || ch == '$')
1416 s->last_packet_len = 0;
1417 if (ch != '$')
1418 return;
1420 if (runstate_is_running()) {
1421 /* when the CPU is running, we cannot do anything except stop
1422 it when receiving a char */
1423 vm_stop(RUN_STATE_PAUSED);
1424 } else
1425 #endif
1427 switch(s->state) {
1428 case RS_IDLE:
1429 if (ch == '$') {
1430 s->line_buf_index = 0;
1431 s->state = RS_GETLINE;
1433 break;
1434 case RS_GETLINE:
1435 if (ch == '#') {
1436 s->state = RS_CHKSUM1;
1437 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1438 s->state = RS_IDLE;
1439 } else {
1440 s->line_buf[s->line_buf_index++] = ch;
1442 break;
1443 case RS_CHKSUM1:
1444 s->line_buf[s->line_buf_index] = '\0';
1445 s->line_csum = fromhex(ch) << 4;
1446 s->state = RS_CHKSUM2;
1447 break;
1448 case RS_CHKSUM2:
1449 s->line_csum |= fromhex(ch);
1450 csum = 0;
1451 for(i = 0; i < s->line_buf_index; i++) {
1452 csum += s->line_buf[i];
1454 if (s->line_csum != (csum & 0xff)) {
1455 reply = '-';
1456 put_buffer(s, &reply, 1);
1457 s->state = RS_IDLE;
1458 } else {
1459 reply = '+';
1460 put_buffer(s, &reply, 1);
1461 s->state = gdb_handle_packet(s, s->line_buf);
1463 break;
1464 default:
1465 abort();
1470 /* Tell the remote gdb that the process has exited. */
1471 void gdb_exit(CPUArchState *env, int code)
1473 GDBState *s;
1474 char buf[4];
1475 #ifndef CONFIG_USER_ONLY
1476 Chardev *chr;
1477 #endif
1479 s = gdbserver_state;
1480 if (!s) {
1481 return;
1483 #ifdef CONFIG_USER_ONLY
1484 if (gdbserver_fd < 0 || s->fd < 0) {
1485 return;
1487 #else
1488 chr = qemu_chr_fe_get_driver(&s->chr);
1489 if (!chr) {
1490 return;
1492 #endif
1494 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
1495 put_packet(s, buf);
1497 #ifndef CONFIG_USER_ONLY
1498 qemu_chr_fe_deinit(&s->chr);
1499 qemu_chr_delete(chr);
1500 #endif
1503 #ifdef CONFIG_USER_ONLY
1505 gdb_handlesig(CPUState *cpu, int sig)
1507 GDBState *s;
1508 char buf[256];
1509 int n;
1511 s = gdbserver_state;
1512 if (gdbserver_fd < 0 || s->fd < 0) {
1513 return sig;
1516 /* disable single step if it was enabled */
1517 cpu_single_step(cpu, 0);
1518 tb_flush(cpu);
1520 if (sig != 0) {
1521 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
1522 put_packet(s, buf);
1524 /* put_packet() might have detected that the peer terminated the
1525 connection. */
1526 if (s->fd < 0) {
1527 return sig;
1530 sig = 0;
1531 s->state = RS_IDLE;
1532 s->running_state = 0;
1533 while (s->running_state == 0) {
1534 n = read(s->fd, buf, 256);
1535 if (n > 0) {
1536 int i;
1538 for (i = 0; i < n; i++) {
1539 gdb_read_byte(s, buf[i]);
1541 } else {
1542 /* XXX: Connection closed. Should probably wait for another
1543 connection before continuing. */
1544 if (n == 0) {
1545 close(s->fd);
1547 s->fd = -1;
1548 return sig;
1551 sig = s->signal;
1552 s->signal = 0;
1553 return sig;
1556 /* Tell the remote gdb that the process has exited due to SIG. */
1557 void gdb_signalled(CPUArchState *env, int sig)
1559 GDBState *s;
1560 char buf[4];
1562 s = gdbserver_state;
1563 if (gdbserver_fd < 0 || s->fd < 0) {
1564 return;
1567 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
1568 put_packet(s, buf);
1571 static void gdb_accept(void)
1573 GDBState *s;
1574 struct sockaddr_in sockaddr;
1575 socklen_t len;
1576 int fd;
1578 for(;;) {
1579 len = sizeof(sockaddr);
1580 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
1581 if (fd < 0 && errno != EINTR) {
1582 perror("accept");
1583 return;
1584 } else if (fd >= 0) {
1585 #ifndef _WIN32
1586 fcntl(fd, F_SETFD, FD_CLOEXEC);
1587 #endif
1588 break;
1592 /* set short latency */
1593 socket_set_nodelay(fd);
1595 s = g_malloc0(sizeof(GDBState));
1596 s->c_cpu = first_cpu;
1597 s->g_cpu = first_cpu;
1598 s->fd = fd;
1599 gdb_has_xml = false;
1601 gdbserver_state = s;
1604 static int gdbserver_open(int port)
1606 struct sockaddr_in sockaddr;
1607 int fd, ret;
1609 fd = socket(PF_INET, SOCK_STREAM, 0);
1610 if (fd < 0) {
1611 perror("socket");
1612 return -1;
1614 #ifndef _WIN32
1615 fcntl(fd, F_SETFD, FD_CLOEXEC);
1616 #endif
1618 socket_set_fast_reuse(fd);
1620 sockaddr.sin_family = AF_INET;
1621 sockaddr.sin_port = htons(port);
1622 sockaddr.sin_addr.s_addr = 0;
1623 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
1624 if (ret < 0) {
1625 perror("bind");
1626 close(fd);
1627 return -1;
1629 ret = listen(fd, 1);
1630 if (ret < 0) {
1631 perror("listen");
1632 close(fd);
1633 return -1;
1635 return fd;
1638 int gdbserver_start(int port)
1640 gdbserver_fd = gdbserver_open(port);
1641 if (gdbserver_fd < 0)
1642 return -1;
1643 /* accept connections */
1644 gdb_accept();
1645 return 0;
1648 /* Disable gdb stub for child processes. */
1649 void gdbserver_fork(CPUState *cpu)
1651 GDBState *s = gdbserver_state;
1653 if (gdbserver_fd < 0 || s->fd < 0) {
1654 return;
1656 close(s->fd);
1657 s->fd = -1;
1658 cpu_breakpoint_remove_all(cpu, BP_GDB);
1659 cpu_watchpoint_remove_all(cpu, BP_GDB);
1661 #else
1662 static int gdb_chr_can_receive(void *opaque)
1664 /* We can handle an arbitrarily large amount of data.
1665 Pick the maximum packet size, which is as good as anything. */
1666 return MAX_PACKET_LENGTH;
1669 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
1671 int i;
1673 for (i = 0; i < size; i++) {
1674 gdb_read_byte(gdbserver_state, buf[i]);
1678 static void gdb_chr_event(void *opaque, int event)
1680 switch (event) {
1681 case CHR_EVENT_OPENED:
1682 vm_stop(RUN_STATE_PAUSED);
1683 gdb_has_xml = false;
1684 break;
1685 default:
1686 break;
1690 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
1692 char buf[MAX_PACKET_LENGTH];
1694 buf[0] = 'O';
1695 if (len > (MAX_PACKET_LENGTH/2) - 1)
1696 len = (MAX_PACKET_LENGTH/2) - 1;
1697 memtohex(buf + 1, (uint8_t *)msg, len);
1698 put_packet(s, buf);
1701 static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len)
1703 const char *p = (const char *)buf;
1704 int max_sz;
1706 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
1707 for (;;) {
1708 if (len <= max_sz) {
1709 gdb_monitor_output(gdbserver_state, p, len);
1710 break;
1712 gdb_monitor_output(gdbserver_state, p, max_sz);
1713 p += max_sz;
1714 len -= max_sz;
1716 return len;
1719 #ifndef _WIN32
1720 static void gdb_sigterm_handler(int signal)
1722 if (runstate_is_running()) {
1723 vm_stop(RUN_STATE_PAUSED);
1726 #endif
1728 static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend,
1729 bool *be_opened, Error **errp)
1731 *be_opened = false;
1734 static void char_gdb_class_init(ObjectClass *oc, void *data)
1736 ChardevClass *cc = CHARDEV_CLASS(oc);
1738 cc->internal = true;
1739 cc->open = gdb_monitor_open;
1740 cc->chr_write = gdb_monitor_write;
1743 #define TYPE_CHARDEV_GDB "chardev-gdb"
1745 static const TypeInfo char_gdb_type_info = {
1746 .name = TYPE_CHARDEV_GDB,
1747 .parent = TYPE_CHARDEV,
1748 .class_init = char_gdb_class_init,
1751 int gdbserver_start(const char *device)
1753 GDBState *s;
1754 char gdbstub_device_name[128];
1755 Chardev *chr = NULL;
1756 Chardev *mon_chr;
1758 if (!first_cpu) {
1759 error_report("gdbstub: meaningless to attach gdb to a "
1760 "machine without any CPU.");
1761 return -1;
1764 if (!device)
1765 return -1;
1766 if (strcmp(device, "none") != 0) {
1767 if (strstart(device, "tcp:", NULL)) {
1768 /* enforce required TCP attributes */
1769 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
1770 "%s,nowait,nodelay,server", device);
1771 device = gdbstub_device_name;
1773 #ifndef _WIN32
1774 else if (strcmp(device, "stdio") == 0) {
1775 struct sigaction act;
1777 memset(&act, 0, sizeof(act));
1778 act.sa_handler = gdb_sigterm_handler;
1779 sigaction(SIGINT, &act, NULL);
1781 #endif
1782 chr = qemu_chr_new_noreplay("gdb", device);
1783 if (!chr)
1784 return -1;
1787 s = gdbserver_state;
1788 if (!s) {
1789 s = g_malloc0(sizeof(GDBState));
1790 gdbserver_state = s;
1792 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
1794 /* Initialize a monitor terminal for gdb */
1795 mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB,
1796 NULL, &error_abort);
1797 monitor_init(mon_chr, 0);
1798 } else {
1799 if (qemu_chr_fe_get_driver(&s->chr)) {
1800 qemu_chr_delete(qemu_chr_fe_get_driver(&s->chr));
1802 mon_chr = s->mon_chr;
1803 memset(s, 0, sizeof(GDBState));
1804 s->mon_chr = mon_chr;
1806 s->c_cpu = first_cpu;
1807 s->g_cpu = first_cpu;
1808 if (chr) {
1809 qemu_chr_fe_init(&s->chr, chr, &error_abort);
1810 qemu_chr_fe_set_handlers(&s->chr, gdb_chr_can_receive, gdb_chr_receive,
1811 gdb_chr_event, NULL, NULL, true);
1813 s->state = chr ? RS_IDLE : RS_INACTIVE;
1814 s->mon_chr = mon_chr;
1815 s->current_syscall_cb = NULL;
1817 return 0;
1820 static void register_types(void)
1822 type_register_static(&char_gdb_type_info);
1825 type_init(register_types);
1826 #endif