4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #include "qemu/cutils.h"
23 #ifdef CONFIG_USER_ONLY
26 #include "monitor/monitor.h"
27 #include "sysemu/char.h"
28 #include "sysemu/sysemu.h"
29 #include "exec/gdbstub.h"
32 #define MAX_PACKET_LENGTH 4096
35 #include "qemu/sockets.h"
36 #include "sysemu/kvm.h"
37 #include "exec/semihost.h"
38 #include "exec/exec-all.h"
40 #ifdef CONFIG_USER_ONLY
41 #define GDB_ATTACHED "0"
43 #define GDB_ATTACHED "1"
46 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
47 uint8_t *buf, int len, bool is_write)
49 CPUClass *cc = CPU_GET_CLASS(cpu);
51 if (cc->memory_rw_debug) {
52 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
54 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
66 GDB_SIGNAL_UNKNOWN = 143
69 #ifdef CONFIG_USER_ONLY
71 /* Map target signal numbers to GDB protocol signal numbers and vice
72 * versa. For user emulation's currently supported systems, we can
73 * assume most signals are defined.
76 static int gdb_signal_table[] = {
236 /* In system mode we only need SIGINT and SIGTRAP; other signals
237 are not yet supported. */
244 static int gdb_signal_table[] = {
254 #ifdef CONFIG_USER_ONLY
255 static int target_signal_to_gdb (int sig)
258 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
259 if (gdb_signal_table[i] == sig)
261 return GDB_SIGNAL_UNKNOWN;
265 static int gdb_signal_to_target (int sig)
267 if (sig < ARRAY_SIZE (gdb_signal_table))
268 return gdb_signal_table[sig];
275 typedef struct GDBRegisterState {
281 struct GDBRegisterState *next;
291 typedef struct GDBState {
292 CPUState *c_cpu; /* current CPU for step/continue ops */
293 CPUState *g_cpu; /* current CPU for other ops */
294 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
295 enum RSState state; /* parsing state */
296 char line_buf[MAX_PACKET_LENGTH];
299 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
302 #ifdef CONFIG_USER_ONLY
306 CharDriverState *chr;
307 CharDriverState *mon_chr;
309 char syscall_buf[256];
310 gdb_syscall_complete_cb current_syscall_cb;
313 /* By default use no IRQs and no timers while single stepping so as to
314 * make single stepping like an ICE HW step.
316 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
318 static GDBState *gdbserver_state;
322 #ifdef CONFIG_USER_ONLY
323 /* XXX: This is not thread safe. Do we care? */
324 static int gdbserver_fd = -1;
326 static int get_char(GDBState *s)
332 ret = qemu_recv(s->fd, &ch, 1, 0);
334 if (errno == ECONNRESET)
338 } else if (ret == 0) {
356 /* Decide if either remote gdb syscalls or native file IO should be used. */
357 int use_gdb_syscalls(void)
359 SemihostingTarget target = semihosting_get_target();
360 if (target == SEMIHOSTING_TARGET_NATIVE) {
361 /* -semihosting-config target=native */
363 } else if (target == SEMIHOSTING_TARGET_GDB) {
364 /* -semihosting-config target=gdb */
368 /* -semihosting-config target=auto */
369 /* On the first call check if gdb is connected and remember. */
370 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
371 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
374 return gdb_syscall_mode == GDB_SYS_ENABLED;
377 /* Resume execution. */
378 static inline void gdb_continue(GDBState *s)
380 #ifdef CONFIG_USER_ONLY
381 s->running_state = 1;
383 if (!runstate_needs_reset()) {
389 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
391 #ifdef CONFIG_USER_ONLY
395 ret = send(s->fd, buf, len, 0);
405 qemu_chr_fe_write(s->chr, buf, len);
409 static inline int fromhex(int v)
411 if (v >= '0' && v <= '9')
413 else if (v >= 'A' && v <= 'F')
415 else if (v >= 'a' && v <= 'f')
421 static inline int tohex(int v)
429 static void memtohex(char *buf, const uint8_t *mem, int len)
434 for(i = 0; i < len; i++) {
436 *q++ = tohex(c >> 4);
437 *q++ = tohex(c & 0xf);
442 static void hextomem(uint8_t *mem, const char *buf, int len)
446 for(i = 0; i < len; i++) {
447 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
452 /* return -1 if error, 0 if OK */
453 static int put_packet_binary(GDBState *s, const char *buf, int len)
464 for(i = 0; i < len; i++) {
468 *(p++) = tohex((csum >> 4) & 0xf);
469 *(p++) = tohex((csum) & 0xf);
471 s->last_packet_len = p - s->last_packet;
472 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
474 #ifdef CONFIG_USER_ONLY
487 /* return -1 if error, 0 if OK */
488 static int put_packet(GDBState *s, const char *buf)
491 printf("reply='%s'\n", buf);
494 return put_packet_binary(s, buf, strlen(buf));
497 /* Encode data using the encoding for 'x' packets. */
498 static int memtox(char *buf, const char *mem, int len)
506 case '#': case '$': case '*': case '}':
518 static const char *get_feature_xml(const char *p, const char **newp,
524 static char target_xml[1024];
527 while (p[len] && p[len] != ':')
532 if (strncmp(p, "target.xml", len) == 0) {
533 /* Generate the XML description for this CPU. */
534 if (!target_xml[0]) {
536 CPUState *cpu = first_cpu;
538 pstrcat(target_xml, sizeof(target_xml),
539 "<?xml version=\"1.0\"?>"
540 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
542 if (cc->gdb_arch_name) {
543 gchar *arch = cc->gdb_arch_name(cpu);
544 pstrcat(target_xml, sizeof(target_xml), "<architecture>");
545 pstrcat(target_xml, sizeof(target_xml), arch);
546 pstrcat(target_xml, sizeof(target_xml), "</architecture>");
549 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
550 pstrcat(target_xml, sizeof(target_xml), cc->gdb_core_xml_file);
551 pstrcat(target_xml, sizeof(target_xml), "\"/>");
552 for (r = cpu->gdb_regs; r; r = r->next) {
553 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
554 pstrcat(target_xml, sizeof(target_xml), r->xml);
555 pstrcat(target_xml, sizeof(target_xml), "\"/>");
557 pstrcat(target_xml, sizeof(target_xml), "</target>");
562 name = xml_builtin[i][0];
563 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
566 return name ? xml_builtin[i][1] : NULL;
569 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
571 CPUClass *cc = CPU_GET_CLASS(cpu);
572 CPUArchState *env = cpu->env_ptr;
575 if (reg < cc->gdb_num_core_regs) {
576 return cc->gdb_read_register(cpu, mem_buf, reg);
579 for (r = cpu->gdb_regs; r; r = r->next) {
580 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
581 return r->get_reg(env, mem_buf, reg - r->base_reg);
587 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
589 CPUClass *cc = CPU_GET_CLASS(cpu);
590 CPUArchState *env = cpu->env_ptr;
593 if (reg < cc->gdb_num_core_regs) {
594 return cc->gdb_write_register(cpu, mem_buf, reg);
597 for (r = cpu->gdb_regs; r; r = r->next) {
598 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
599 return r->set_reg(env, mem_buf, reg - r->base_reg);
605 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
606 specifies the first register number and these registers are included in
607 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
608 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
611 void gdb_register_coprocessor(CPUState *cpu,
612 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
613 int num_regs, const char *xml, int g_pos)
616 GDBRegisterState **p;
620 /* Check for duplicates. */
621 if (strcmp((*p)->xml, xml) == 0)
626 s = g_new0(GDBRegisterState, 1);
627 s->base_reg = cpu->gdb_num_regs;
628 s->num_regs = num_regs;
629 s->get_reg = get_reg;
630 s->set_reg = set_reg;
633 /* Add to end of list. */
634 cpu->gdb_num_regs += num_regs;
637 if (g_pos != s->base_reg) {
638 fprintf(stderr, "Error: Bad gdb register numbering for '%s'\n"
639 "Expected %d got %d\n", xml, g_pos, s->base_reg);
641 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
646 #ifndef CONFIG_USER_ONLY
647 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
648 static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
650 static const int xlat[] = {
651 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
652 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
653 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
656 CPUClass *cc = CPU_GET_CLASS(cpu);
657 int cputype = xlat[gdbtype];
659 if (cc->gdb_stop_before_watchpoint) {
660 cputype |= BP_STOP_BEFORE_ACCESS;
666 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
672 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
676 case GDB_BREAKPOINT_SW:
677 case GDB_BREAKPOINT_HW:
679 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
685 #ifndef CONFIG_USER_ONLY
686 case GDB_WATCHPOINT_WRITE:
687 case GDB_WATCHPOINT_READ:
688 case GDB_WATCHPOINT_ACCESS:
690 err = cpu_watchpoint_insert(cpu, addr, len,
691 xlat_gdb_type(cpu, type), NULL);
703 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
709 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
713 case GDB_BREAKPOINT_SW:
714 case GDB_BREAKPOINT_HW:
716 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
722 #ifndef CONFIG_USER_ONLY
723 case GDB_WATCHPOINT_WRITE:
724 case GDB_WATCHPOINT_READ:
725 case GDB_WATCHPOINT_ACCESS:
727 err = cpu_watchpoint_remove(cpu, addr, len,
728 xlat_gdb_type(cpu, type));
739 static void gdb_breakpoint_remove_all(void)
744 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
749 cpu_breakpoint_remove_all(cpu, BP_GDB);
750 #ifndef CONFIG_USER_ONLY
751 cpu_watchpoint_remove_all(cpu, BP_GDB);
756 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
758 CPUState *cpu = s->c_cpu;
760 cpu_synchronize_state(cpu);
764 static CPUState *find_cpu(uint32_t thread_id)
769 if (cpu_index(cpu) == thread_id) {
777 static int is_query_packet(const char *p, const char *query, char separator)
779 unsigned int query_len = strlen(query);
781 return strncmp(p, query, query_len) == 0 &&
782 (p[query_len] == '\0' || p[query_len] == separator);
785 static int gdb_handle_packet(GDBState *s, const char *line_buf)
791 int ch, reg_size, type, res;
792 char buf[MAX_PACKET_LENGTH];
793 uint8_t mem_buf[MAX_PACKET_LENGTH];
795 target_ulong addr, len;
798 printf("command='%s'\n", line_buf);
804 /* TODO: Make this return the correct value for user-mode. */
805 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
806 cpu_index(s->c_cpu));
808 /* Remove all the breakpoints when this query is issued,
809 * because gdb is doing and initial connect and the state
810 * should be cleaned up.
812 gdb_breakpoint_remove_all();
816 addr = strtoull(p, (char **)&p, 16);
817 gdb_set_cpu_pc(s, addr);
823 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
829 if (strncmp(p, "Cont", 4) == 0) {
830 int res_signal, res_thread;
834 put_packet(s, "vCont;c;C;s;S");
849 if (action == 'C' || action == 'S') {
850 signal = gdb_signal_to_target(strtoul(p, (char **)&p, 16));
854 } else if (action != 'c' && action != 's') {
860 thread = strtoull(p+1, (char **)&p, 16);
862 action = tolower(action);
863 if (res == 0 || (res == 'c' && action == 's')) {
870 if (res_thread != -1 && res_thread != 0) {
871 cpu = find_cpu(res_thread);
873 put_packet(s, "E22");
879 cpu_single_step(s->c_cpu, sstep_flags);
881 s->signal = res_signal;
887 goto unknown_command;
890 /* Kill the target */
891 fprintf(stderr, "\nQEMU: Terminated via GDBstub\n");
895 gdb_breakpoint_remove_all();
896 gdb_syscall_mode = GDB_SYS_DISABLED;
902 addr = strtoull(p, (char **)&p, 16);
903 gdb_set_cpu_pc(s, addr);
905 cpu_single_step(s->c_cpu, sstep_flags);
913 ret = strtoull(p, (char **)&p, 16);
916 err = strtoull(p, (char **)&p, 16);
923 if (s->current_syscall_cb) {
924 s->current_syscall_cb(s->c_cpu, ret, err);
925 s->current_syscall_cb = NULL;
928 put_packet(s, "T02");
935 cpu_synchronize_state(s->g_cpu);
937 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs; addr++) {
938 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
941 memtohex(buf, mem_buf, len);
945 cpu_synchronize_state(s->g_cpu);
948 hextomem((uint8_t *)registers, p, len);
949 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs && len > 0; addr++) {
950 reg_size = gdb_write_register(s->g_cpu, registers, addr);
952 registers += reg_size;
957 addr = strtoull(p, (char **)&p, 16);
960 len = strtoull(p, NULL, 16);
962 /* memtohex() doubles the required space */
963 if (len > MAX_PACKET_LENGTH / 2) {
964 put_packet (s, "E22");
968 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
969 put_packet (s, "E14");
971 memtohex(buf, mem_buf, len);
976 addr = strtoull(p, (char **)&p, 16);
979 len = strtoull(p, (char **)&p, 16);
983 /* hextomem() reads 2*len bytes */
984 if (len > strlen(p) / 2) {
985 put_packet (s, "E22");
988 hextomem(mem_buf, p, len);
989 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
991 put_packet(s, "E14");
997 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
998 This works, but can be very slow. Anything new enough to
999 understand XML also knows how to use this properly. */
1001 goto unknown_command;
1002 addr = strtoull(p, (char **)&p, 16);
1003 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1005 memtohex(buf, mem_buf, reg_size);
1008 put_packet(s, "E14");
1013 goto unknown_command;
1014 addr = strtoull(p, (char **)&p, 16);
1017 reg_size = strlen(p) / 2;
1018 hextomem(mem_buf, p, reg_size);
1019 gdb_write_register(s->g_cpu, mem_buf, addr);
1020 put_packet(s, "OK");
1024 type = strtoul(p, (char **)&p, 16);
1027 addr = strtoull(p, (char **)&p, 16);
1030 len = strtoull(p, (char **)&p, 16);
1032 res = gdb_breakpoint_insert(addr, len, type);
1034 res = gdb_breakpoint_remove(addr, len, type);
1036 put_packet(s, "OK");
1037 else if (res == -ENOSYS)
1040 put_packet(s, "E22");
1044 thread = strtoull(p, (char **)&p, 16);
1045 if (thread == -1 || thread == 0) {
1046 put_packet(s, "OK");
1049 cpu = find_cpu(thread);
1051 put_packet(s, "E22");
1057 put_packet(s, "OK");
1061 put_packet(s, "OK");
1064 put_packet(s, "E22");
1069 thread = strtoull(p, (char **)&p, 16);
1070 cpu = find_cpu(thread);
1073 put_packet(s, "OK");
1075 put_packet(s, "E22");
1080 /* parse any 'q' packets here */
1081 if (!strcmp(p,"qemu.sstepbits")) {
1082 /* Query Breakpoint bit definitions */
1083 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1089 } else if (is_query_packet(p, "qemu.sstep", '=')) {
1090 /* Display or change the sstep_flags */
1093 /* Display current setting */
1094 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1099 type = strtoul(p, (char **)&p, 16);
1101 put_packet(s, "OK");
1103 } else if (strcmp(p,"C") == 0) {
1104 /* "Current thread" remains vague in the spec, so always return
1105 * the first CPU (gdb returns the first thread). */
1106 put_packet(s, "QC1");
1108 } else if (strcmp(p,"fThreadInfo") == 0) {
1109 s->query_cpu = first_cpu;
1110 goto report_cpuinfo;
1111 } else if (strcmp(p,"sThreadInfo") == 0) {
1114 snprintf(buf, sizeof(buf), "m%x", cpu_index(s->query_cpu));
1116 s->query_cpu = CPU_NEXT(s->query_cpu);
1120 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1121 thread = strtoull(p+16, (char **)&p, 16);
1122 cpu = find_cpu(thread);
1124 cpu_synchronize_state(cpu);
1125 /* memtohex() doubles the required space */
1126 len = snprintf((char *)mem_buf, sizeof(buf) / 2,
1127 "CPU#%d [%s]", cpu->cpu_index,
1128 cpu->halted ? "halted " : "running");
1129 memtohex(buf, mem_buf, len);
1134 #ifdef CONFIG_USER_ONLY
1135 else if (strcmp(p, "Offsets") == 0) {
1136 TaskState *ts = s->c_cpu->opaque;
1138 snprintf(buf, sizeof(buf),
1139 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1140 ";Bss=" TARGET_ABI_FMT_lx,
1141 ts->info->code_offset,
1142 ts->info->data_offset,
1143 ts->info->data_offset);
1147 #else /* !CONFIG_USER_ONLY */
1148 else if (strncmp(p, "Rcmd,", 5) == 0) {
1149 int len = strlen(p + 5);
1151 if ((len % 2) != 0) {
1152 put_packet(s, "E01");
1156 hextomem(mem_buf, p + 5, len);
1158 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1159 put_packet(s, "OK");
1162 #endif /* !CONFIG_USER_ONLY */
1163 if (is_query_packet(p, "Supported", ':')) {
1164 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1165 cc = CPU_GET_CLASS(first_cpu);
1166 if (cc->gdb_core_xml_file != NULL) {
1167 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1172 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1174 target_ulong total_len;
1176 cc = CPU_GET_CLASS(first_cpu);
1177 if (cc->gdb_core_xml_file == NULL) {
1178 goto unknown_command;
1183 xml = get_feature_xml(p, &p, cc);
1185 snprintf(buf, sizeof(buf), "E00");
1192 addr = strtoul(p, (char **)&p, 16);
1195 len = strtoul(p, (char **)&p, 16);
1197 total_len = strlen(xml);
1198 if (addr > total_len) {
1199 snprintf(buf, sizeof(buf), "E00");
1203 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1204 len = (MAX_PACKET_LENGTH - 5) / 2;
1205 if (len < total_len - addr) {
1207 len = memtox(buf + 1, xml + addr, len);
1210 len = memtox(buf + 1, xml + addr, total_len - addr);
1212 put_packet_binary(s, buf, len + 1);
1215 if (is_query_packet(p, "Attached", ':')) {
1216 put_packet(s, GDB_ATTACHED);
1219 /* Unrecognised 'q' command. */
1220 goto unknown_command;
1224 /* put empty packet */
1232 void gdb_set_stop_cpu(CPUState *cpu)
1234 gdbserver_state->c_cpu = cpu;
1235 gdbserver_state->g_cpu = cpu;
1238 #ifndef CONFIG_USER_ONLY
1239 static void gdb_vm_state_change(void *opaque, int running, RunState state)
1241 GDBState *s = gdbserver_state;
1242 CPUState *cpu = s->c_cpu;
1247 if (running || s->state == RS_INACTIVE) {
1250 /* Is there a GDB syscall waiting to be sent? */
1251 if (s->current_syscall_cb) {
1252 put_packet(s, s->syscall_buf);
1256 case RUN_STATE_DEBUG:
1257 if (cpu->watchpoint_hit) {
1258 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
1269 snprintf(buf, sizeof(buf),
1270 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
1271 GDB_SIGNAL_TRAP, cpu_index(cpu), type,
1272 (target_ulong)cpu->watchpoint_hit->vaddr);
1273 cpu->watchpoint_hit = NULL;
1277 ret = GDB_SIGNAL_TRAP;
1279 case RUN_STATE_PAUSED:
1280 ret = GDB_SIGNAL_INT;
1282 case RUN_STATE_SHUTDOWN:
1283 ret = GDB_SIGNAL_QUIT;
1285 case RUN_STATE_IO_ERROR:
1286 ret = GDB_SIGNAL_IO;
1288 case RUN_STATE_WATCHDOG:
1289 ret = GDB_SIGNAL_ALRM;
1291 case RUN_STATE_INTERNAL_ERROR:
1292 ret = GDB_SIGNAL_ABRT;
1294 case RUN_STATE_SAVE_VM:
1295 case RUN_STATE_RESTORE_VM:
1297 case RUN_STATE_FINISH_MIGRATE:
1298 ret = GDB_SIGNAL_XCPU;
1301 ret = GDB_SIGNAL_UNKNOWN;
1304 gdb_set_stop_cpu(cpu);
1305 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_index(cpu));
1310 /* disable single step if it was enabled */
1311 cpu_single_step(cpu, 0);
1315 /* Send a gdb syscall request.
1316 This accepts limited printf-style format specifiers, specifically:
1317 %x - target_ulong argument printed in hex.
1318 %lx - 64-bit argument printed in hex.
1319 %s - string pointer (target_ulong) and length (int) pair. */
1320 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
1328 s = gdbserver_state;
1331 s->current_syscall_cb = cb;
1332 #ifndef CONFIG_USER_ONLY
1333 vm_stop(RUN_STATE_DEBUG);
1336 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
1343 addr = va_arg(va, target_ulong);
1344 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
1347 if (*(fmt++) != 'x')
1349 i64 = va_arg(va, uint64_t);
1350 p += snprintf(p, p_end - p, "%" PRIx64, i64);
1353 addr = va_arg(va, target_ulong);
1354 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
1355 addr, va_arg(va, int));
1359 fprintf(stderr, "gdbstub: Bad syscall format string '%s'\n",
1368 #ifdef CONFIG_USER_ONLY
1369 put_packet(s, s->syscall_buf);
1370 gdb_handlesig(s->c_cpu, 0);
1372 /* In this case wait to send the syscall packet until notification that
1373 the CPU has stopped. This must be done because if the packet is sent
1374 now the reply from the syscall request could be received while the CPU
1375 is still in the running state, which can cause packets to be dropped
1376 and state transition 'T' packets to be sent while the syscall is still
1378 qemu_cpu_kick(s->c_cpu);
1382 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1387 gdb_do_syscallv(cb, fmt, va);
1391 static void gdb_read_byte(GDBState *s, int ch)
1396 #ifndef CONFIG_USER_ONLY
1397 if (s->last_packet_len) {
1398 /* Waiting for a response to the last packet. If we see the start
1399 of a new command then abandon the previous response. */
1402 printf("Got NACK, retransmitting\n");
1404 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
1408 printf("Got ACK\n");
1410 printf("Got '%c' when expecting ACK/NACK\n", ch);
1412 if (ch == '+' || ch == '$')
1413 s->last_packet_len = 0;
1417 if (runstate_is_running()) {
1418 /* when the CPU is running, we cannot do anything except stop
1419 it when receiving a char */
1420 vm_stop(RUN_STATE_PAUSED);
1427 s->line_buf_index = 0;
1428 s->state = RS_GETLINE;
1433 s->state = RS_CHKSUM1;
1434 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1437 s->line_buf[s->line_buf_index++] = ch;
1441 s->line_buf[s->line_buf_index] = '\0';
1442 s->line_csum = fromhex(ch) << 4;
1443 s->state = RS_CHKSUM2;
1446 s->line_csum |= fromhex(ch);
1448 for(i = 0; i < s->line_buf_index; i++) {
1449 csum += s->line_buf[i];
1451 if (s->line_csum != (csum & 0xff)) {
1453 put_buffer(s, &reply, 1);
1457 put_buffer(s, &reply, 1);
1458 s->state = gdb_handle_packet(s, s->line_buf);
1467 /* Tell the remote gdb that the process has exited. */
1468 void gdb_exit(CPUArchState *env, int code)
1473 s = gdbserver_state;
1477 #ifdef CONFIG_USER_ONLY
1478 if (gdbserver_fd < 0 || s->fd < 0) {
1487 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
1490 #ifndef CONFIG_USER_ONLY
1491 qemu_chr_delete(s->chr);
1495 #ifdef CONFIG_USER_ONLY
1497 gdb_handlesig(CPUState *cpu, int sig)
1503 s = gdbserver_state;
1504 if (gdbserver_fd < 0 || s->fd < 0) {
1508 /* disable single step if it was enabled */
1509 cpu_single_step(cpu, 0);
1513 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
1516 /* put_packet() might have detected that the peer terminated the
1524 s->running_state = 0;
1525 while (s->running_state == 0) {
1526 n = read(s->fd, buf, 256);
1530 for (i = 0; i < n; i++) {
1531 gdb_read_byte(s, buf[i]);
1534 /* XXX: Connection closed. Should probably wait for another
1535 connection before continuing. */
1548 /* Tell the remote gdb that the process has exited due to SIG. */
1549 void gdb_signalled(CPUArchState *env, int sig)
1554 s = gdbserver_state;
1555 if (gdbserver_fd < 0 || s->fd < 0) {
1559 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
1563 static void gdb_accept(void)
1566 struct sockaddr_in sockaddr;
1571 len = sizeof(sockaddr);
1572 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
1573 if (fd < 0 && errno != EINTR) {
1576 } else if (fd >= 0) {
1578 fcntl(fd, F_SETFD, FD_CLOEXEC);
1584 /* set short latency */
1585 socket_set_nodelay(fd);
1587 s = g_malloc0(sizeof(GDBState));
1588 s->c_cpu = first_cpu;
1589 s->g_cpu = first_cpu;
1591 gdb_has_xml = false;
1593 gdbserver_state = s;
1596 static int gdbserver_open(int port)
1598 struct sockaddr_in sockaddr;
1601 fd = socket(PF_INET, SOCK_STREAM, 0);
1607 fcntl(fd, F_SETFD, FD_CLOEXEC);
1610 socket_set_fast_reuse(fd);
1612 sockaddr.sin_family = AF_INET;
1613 sockaddr.sin_port = htons(port);
1614 sockaddr.sin_addr.s_addr = 0;
1615 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
1621 ret = listen(fd, 1);
1630 int gdbserver_start(int port)
1632 gdbserver_fd = gdbserver_open(port);
1633 if (gdbserver_fd < 0)
1635 /* accept connections */
1640 /* Disable gdb stub for child processes. */
1641 void gdbserver_fork(CPUState *cpu)
1643 GDBState *s = gdbserver_state;
1645 if (gdbserver_fd < 0 || s->fd < 0) {
1650 cpu_breakpoint_remove_all(cpu, BP_GDB);
1651 cpu_watchpoint_remove_all(cpu, BP_GDB);
1654 static int gdb_chr_can_receive(void *opaque)
1656 /* We can handle an arbitrarily large amount of data.
1657 Pick the maximum packet size, which is as good as anything. */
1658 return MAX_PACKET_LENGTH;
1661 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
1665 for (i = 0; i < size; i++) {
1666 gdb_read_byte(gdbserver_state, buf[i]);
1670 static void gdb_chr_event(void *opaque, int event)
1673 case CHR_EVENT_OPENED:
1674 vm_stop(RUN_STATE_PAUSED);
1675 gdb_has_xml = false;
1682 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
1684 char buf[MAX_PACKET_LENGTH];
1687 if (len > (MAX_PACKET_LENGTH/2) - 1)
1688 len = (MAX_PACKET_LENGTH/2) - 1;
1689 memtohex(buf + 1, (uint8_t *)msg, len);
1693 static int gdb_monitor_write(CharDriverState *chr, const uint8_t *buf, int len)
1695 const char *p = (const char *)buf;
1698 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
1700 if (len <= max_sz) {
1701 gdb_monitor_output(gdbserver_state, p, len);
1704 gdb_monitor_output(gdbserver_state, p, max_sz);
1712 static void gdb_sigterm_handler(int signal)
1714 if (runstate_is_running()) {
1715 vm_stop(RUN_STATE_PAUSED);
1720 int gdbserver_start(const char *device)
1723 char gdbstub_device_name[128];
1724 CharDriverState *chr = NULL;
1725 CharDriverState *mon_chr;
1726 ChardevCommon common = { 0 };
1730 if (strcmp(device, "none") != 0) {
1731 if (strstart(device, "tcp:", NULL)) {
1732 /* enforce required TCP attributes */
1733 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
1734 "%s,nowait,nodelay,server", device);
1735 device = gdbstub_device_name;
1738 else if (strcmp(device, "stdio") == 0) {
1739 struct sigaction act;
1741 memset(&act, 0, sizeof(act));
1742 act.sa_handler = gdb_sigterm_handler;
1743 sigaction(SIGINT, &act, NULL);
1746 chr = qemu_chr_new_noreplay("gdb", device, NULL);
1750 qemu_chr_fe_claim_no_fail(chr);
1751 qemu_chr_add_handlers(chr, gdb_chr_can_receive, gdb_chr_receive,
1752 gdb_chr_event, NULL);
1755 s = gdbserver_state;
1757 s = g_malloc0(sizeof(GDBState));
1758 gdbserver_state = s;
1760 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
1762 /* Initialize a monitor terminal for gdb */
1763 mon_chr = qemu_chr_alloc(&common, &error_abort);
1764 mon_chr->chr_write = gdb_monitor_write;
1765 monitor_init(mon_chr, 0);
1768 qemu_chr_delete(s->chr);
1769 mon_chr = s->mon_chr;
1770 memset(s, 0, sizeof(GDBState));
1772 s->c_cpu = first_cpu;
1773 s->g_cpu = first_cpu;
1775 s->state = chr ? RS_IDLE : RS_INACTIVE;
1776 s->mon_chr = mon_chr;
1777 s->current_syscall_cb = NULL;
projects / sdk / emulator / qemu.git / blob