4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
20 #include "qemu-common.h"
21 #ifdef CONFIG_USER_ONLY
32 #include "monitor/monitor.h"
33 #include "sysemu/char.h"
34 #include "sysemu/sysemu.h"
35 #include "exec/gdbstub.h"
38 #define MAX_PACKET_LENGTH 4096
41 #include "qemu/sockets.h"
42 #include "sysemu/kvm.h"
43 #include "qemu/bitops.h"
45 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
46 uint8_t *buf, int len, bool is_write)
48 CPUClass *cc = CPU_GET_CLASS(cpu);
50 if (cc->memory_rw_debug) {
51 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
53 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
65 GDB_SIGNAL_UNKNOWN = 143
68 #ifdef CONFIG_USER_ONLY
70 /* Map target signal numbers to GDB protocol signal numbers and vice
71 * versa. For user emulation's currently supported systems, we can
72 * assume most signals are defined.
75 static int gdb_signal_table[] = {
235 /* In system mode we only need SIGINT and SIGTRAP; other signals
236 are not yet supported. */
243 static int gdb_signal_table[] = {
253 #ifdef CONFIG_USER_ONLY
254 static int target_signal_to_gdb (int sig)
257 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
258 if (gdb_signal_table[i] == sig)
260 return GDB_SIGNAL_UNKNOWN;
264 static int gdb_signal_to_target (int sig)
266 if (sig < ARRAY_SIZE (gdb_signal_table))
267 return gdb_signal_table[sig];
274 typedef struct GDBRegisterState {
280 struct GDBRegisterState *next;
290 typedef struct GDBState {
291 CPUState *c_cpu; /* current CPU for step/continue ops */
292 CPUState *g_cpu; /* current CPU for other ops */
293 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
294 enum RSState state; /* parsing state */
295 char line_buf[MAX_PACKET_LENGTH];
298 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
301 #ifdef CONFIG_USER_ONLY
305 CharDriverState *chr;
306 CharDriverState *mon_chr;
308 char syscall_buf[256];
309 gdb_syscall_complete_cb current_syscall_cb;
312 /* By default use no IRQs and no timers while single stepping so as to
313 * make single stepping like an ICE HW step.
315 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
317 static GDBState *gdbserver_state;
319 /* This is an ugly hack to cope with both new and old gdb.
320 If gdb sends qXfer:features:read then assume we're talking to a newish
321 gdb that understands target descriptions. */
322 static int gdb_has_xml;
324 #ifdef CONFIG_USER_ONLY
325 /* XXX: This is not thread safe. Do we care? */
326 static int gdbserver_fd = -1;
328 static int get_char(GDBState *s)
334 ret = qemu_recv(s->fd, &ch, 1, 0);
336 if (errno == ECONNRESET)
338 if (errno != EINTR && errno != EAGAIN)
340 } else if (ret == 0) {
358 /* If gdb is connected when the first semihosting syscall occurs then use
359 remote gdb syscalls. Otherwise use native file IO. */
360 int use_gdb_syscalls(void)
362 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
363 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
366 return gdb_syscall_mode == GDB_SYS_ENABLED;
369 /* Resume execution. */
370 static inline void gdb_continue(GDBState *s)
372 #ifdef CONFIG_USER_ONLY
373 s->running_state = 1;
375 if (runstate_check(RUN_STATE_GUEST_PANICKED)) {
376 runstate_set(RUN_STATE_DEBUG);
378 if (!runstate_needs_reset()) {
384 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
386 #ifdef CONFIG_USER_ONLY
390 ret = send(s->fd, buf, len, 0);
392 if (errno != EINTR && errno != EAGAIN)
400 qemu_chr_fe_write(s->chr, buf, len);
404 static inline int fromhex(int v)
406 if (v >= '0' && v <= '9')
408 else if (v >= 'A' && v <= 'F')
410 else if (v >= 'a' && v <= 'f')
416 static inline int tohex(int v)
424 static void memtohex(char *buf, const uint8_t *mem, int len)
429 for(i = 0; i < len; i++) {
431 *q++ = tohex(c >> 4);
432 *q++ = tohex(c & 0xf);
437 static void hextomem(uint8_t *mem, const char *buf, int len)
441 for(i = 0; i < len; i++) {
442 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
447 /* return -1 if error, 0 if OK */
448 static int put_packet_binary(GDBState *s, const char *buf, int len)
459 for(i = 0; i < len; i++) {
463 *(p++) = tohex((csum >> 4) & 0xf);
464 *(p++) = tohex((csum) & 0xf);
466 s->last_packet_len = p - s->last_packet;
467 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
469 #ifdef CONFIG_USER_ONLY
482 /* return -1 if error, 0 if OK */
483 static int put_packet(GDBState *s, const char *buf)
486 printf("reply='%s'\n", buf);
489 return put_packet_binary(s, buf, strlen(buf));
492 /* The GDB remote protocol transfers values in target byte order. This means
493 we can use the raw memory access routines to access the value buffer.
494 Conveniently, these also handle the case where the buffer is mis-aligned.
496 #define GET_REG8(val) do { \
497 stb_p(mem_buf, val); \
500 #define GET_REG16(val) do { \
501 stw_p(mem_buf, val); \
504 #define GET_REG32(val) do { \
505 stl_p(mem_buf, val); \
508 #define GET_REG64(val) do { \
509 stq_p(mem_buf, val); \
513 #if TARGET_LONG_BITS == 64
514 #define GET_REGL(val) GET_REG64(val)
515 #define ldtul_p(addr) ldq_p(addr)
517 #define GET_REGL(val) GET_REG32(val)
518 #define ldtul_p(addr) ldl_p(addr)
521 #if defined(TARGET_I386)
523 #include "target-i386/gdbstub.c"
525 #elif defined (TARGET_PPC)
527 #if defined (TARGET_PPC64)
528 #define GDB_CORE_XML "power64-core.xml"
530 #define GDB_CORE_XML "power-core.xml"
533 #include "target-ppc/gdbstub.c"
535 #elif defined (TARGET_SPARC)
537 #include "target-sparc/gdbstub.c"
539 #elif defined (TARGET_ARM)
541 #define GDB_CORE_XML "arm-core.xml"
543 #include "target-arm/gdbstub.c"
545 #elif defined (TARGET_M68K)
547 #define GDB_CORE_XML "cf-core.xml"
549 #include "target-m68k/gdbstub.c"
551 #elif defined (TARGET_MIPS)
553 #include "target-mips/gdbstub.c"
555 #elif defined(TARGET_OPENRISC)
557 #include "target-openrisc/gdbstub.c"
559 #elif defined (TARGET_SH4)
561 #include "target-sh4/gdbstub.c"
563 #elif defined (TARGET_MICROBLAZE)
565 static int cpu_gdb_read_register(CPUMBState *env, uint8_t *mem_buf, int n)
568 GET_REG32(env->regs[n]);
570 GET_REG32(env->sregs[n - 32]);
575 static int cpu_gdb_write_register(CPUMBState *env, uint8_t *mem_buf, int n)
577 MicroBlazeCPU *cpu = mb_env_get_cpu(env);
578 CPUClass *cc = CPU_GET_CLASS(cpu);
581 if (n > cc->gdb_num_core_regs) {
585 tmp = ldl_p(mem_buf);
590 env->sregs[n - 32] = tmp;
594 #elif defined (TARGET_CRIS)
597 read_register_crisv10(CPUCRISState *env, uint8_t *mem_buf, int n)
600 GET_REG32(env->regs[n]);
610 GET_REG8(env->pregs[n - 16]);
612 GET_REG8(env->pregs[n - 16]);
615 GET_REG16(env->pregs[n - 16]);
618 GET_REG32(env->pregs[n - 16]);
626 static int cpu_gdb_read_register(CPUCRISState *env, uint8_t *mem_buf, int n)
630 if (env->pregs[PR_VR] < 32) {
631 return read_register_crisv10(env, mem_buf, n);
634 srs = env->pregs[PR_SRS];
636 GET_REG32(env->regs[n]);
639 if (n >= 21 && n < 32) {
640 GET_REG32(env->pregs[n - 16]);
642 if (n >= 33 && n < 49) {
643 GET_REG32(env->sregs[srs][n - 33]);
647 GET_REG8(env->pregs[0]);
649 GET_REG8(env->pregs[1]);
651 GET_REG32(env->pregs[2]);
655 GET_REG16(env->pregs[4]);
663 static int cpu_gdb_write_register(CPUCRISState *env, uint8_t *mem_buf, int n)
671 tmp = ldl_p(mem_buf);
677 if (n >= 21 && n < 32) {
678 env->pregs[n - 16] = tmp;
681 /* FIXME: Should support function regs be writable? */
688 env->pregs[PR_PID] = tmp;
701 #elif defined (TARGET_ALPHA)
703 static int cpu_gdb_read_register(CPUAlphaState *env, uint8_t *mem_buf, int n)
713 d.d = env->fir[n - 32];
717 val = cpu_alpha_load_fpcr(env);
727 /* 31 really is the zero register; 65 is unassigned in the
728 gdb protocol, but is still required to occupy 8 bytes. */
737 static int cpu_gdb_write_register(CPUAlphaState *env, uint8_t *mem_buf, int n)
739 target_ulong tmp = ldtul_p(mem_buf);
748 env->fir[n - 32] = d.d;
751 cpu_alpha_store_fpcr(env, tmp);
761 /* 31 really is the zero register; 65 is unassigned in the
762 gdb protocol, but is still required to occupy 8 bytes. */
769 #elif defined (TARGET_S390X)
771 static int cpu_gdb_read_register(CPUS390XState *env, uint8_t *mem_buf, int n)
777 case S390_PSWM_REGNUM:
778 cc_op = calc_cc(env, env->cc_op, env->cc_src, env->cc_dst, env->cc_vr);
779 val = deposit64(env->psw.mask, 44, 2, cc_op);
781 case S390_PSWA_REGNUM:
782 GET_REGL(env->psw.addr);
783 case S390_R0_REGNUM ... S390_R15_REGNUM:
784 GET_REGL(env->regs[n-S390_R0_REGNUM]);
785 case S390_A0_REGNUM ... S390_A15_REGNUM:
786 GET_REG32(env->aregs[n-S390_A0_REGNUM]);
787 case S390_FPC_REGNUM:
789 case S390_F0_REGNUM ... S390_F15_REGNUM:
790 GET_REG64(env->fregs[n-S390_F0_REGNUM].ll);
796 static int cpu_gdb_write_register(CPUS390XState *env, uint8_t *mem_buf, int n)
801 tmpl = ldtul_p(mem_buf);
802 tmp32 = ldl_p(mem_buf);
805 case S390_PSWM_REGNUM:
806 env->psw.mask = tmpl;
807 env->cc_op = extract64(tmpl, 44, 2);
809 case S390_PSWA_REGNUM:
810 env->psw.addr = tmpl;
812 case S390_R0_REGNUM ... S390_R15_REGNUM:
813 env->regs[n-S390_R0_REGNUM] = tmpl;
815 case S390_A0_REGNUM ... S390_A15_REGNUM:
816 env->aregs[n-S390_A0_REGNUM] = tmp32;
819 case S390_FPC_REGNUM:
823 case S390_F0_REGNUM ... S390_F15_REGNUM:
824 env->fregs[n-S390_F0_REGNUM].ll = tmpl;
831 #elif defined (TARGET_LM32)
833 #include "hw/lm32/lm32_pic.h"
835 static int cpu_gdb_read_register(CPULM32State *env, uint8_t *mem_buf, int n)
838 GET_REG32(env->regs[n]);
843 /* FIXME: put in right exception ID */
849 GET_REG32(env->deba);
853 GET_REG32(lm32_pic_get_im(env->pic_state));
855 GET_REG32(lm32_pic_get_ip(env->pic_state));
861 static int cpu_gdb_write_register(CPULM32State *env, uint8_t *mem_buf, int n)
863 LM32CPU *cpu = lm32_env_get_cpu(env);
864 CPUClass *cc = CPU_GET_CLASS(cpu);
867 if (n > cc->gdb_num_core_regs) {
871 tmp = ldl_p(mem_buf);
890 lm32_pic_set_im(env->pic_state, tmp);
893 lm32_pic_set_ip(env->pic_state, tmp);
899 #elif defined(TARGET_XTENSA)
901 static int cpu_gdb_read_register(CPUXtensaState *env, uint8_t *mem_buf, int n)
903 const XtensaGdbReg *reg = env->config->gdb_regmap.reg + n;
905 if (n < 0 || n >= env->config->gdb_regmap.num_regs) {
914 xtensa_sync_phys_from_window(env);
915 GET_REG32(env->phys_regs[(reg->targno & 0xff) % env->config->nareg]);
918 GET_REG32(env->sregs[reg->targno & 0xff]);
921 GET_REG32(env->uregs[reg->targno & 0xff]);
924 GET_REG32(float32_val(env->fregs[reg->targno & 0x0f]));
927 GET_REG32(env->regs[reg->targno & 0x0f]);
930 qemu_log("%s from reg %d of unsupported type %d\n",
931 __func__, n, reg->type);
936 static int cpu_gdb_write_register(CPUXtensaState *env, uint8_t *mem_buf, int n)
939 const XtensaGdbReg *reg = env->config->gdb_regmap.reg + n;
941 if (n < 0 || n >= env->config->gdb_regmap.num_regs) {
945 tmp = ldl_p(mem_buf);
953 env->phys_regs[(reg->targno & 0xff) % env->config->nareg] = tmp;
954 xtensa_sync_window_from_phys(env);
958 env->sregs[reg->targno & 0xff] = tmp;
962 env->uregs[reg->targno & 0xff] = tmp;
966 env->fregs[reg->targno & 0x0f] = make_float32(tmp);
970 env->regs[reg->targno & 0x0f] = tmp;
974 qemu_log("%s to reg %d of unsupported type %d\n",
975 __func__, n, reg->type);
983 static int cpu_gdb_read_register(CPUArchState *env, uint8_t *mem_buf, int n)
988 static int cpu_gdb_write_register(CPUArchState *env, uint8_t *mem_buf, int n)
996 /* Encode data using the encoding for 'x' packets. */
997 static int memtox(char *buf, const char *mem, int len)
1005 case '#': case '$': case '*': case '}':
1017 static const char *get_feature_xml(const char *p, const char **newp)
1022 static char target_xml[1024];
1025 while (p[len] && p[len] != ':')
1030 if (strncmp(p, "target.xml", len) == 0) {
1031 /* Generate the XML description for this CPU. */
1032 if (!target_xml[0]) {
1033 GDBRegisterState *r;
1034 CPUState *cpu = first_cpu;
1036 snprintf(target_xml, sizeof(target_xml),
1037 "<?xml version=\"1.0\"?>"
1038 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
1040 "<xi:include href=\"%s\"/>",
1043 for (r = cpu->gdb_regs; r; r = r->next) {
1044 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
1045 pstrcat(target_xml, sizeof(target_xml), r->xml);
1046 pstrcat(target_xml, sizeof(target_xml), "\"/>");
1048 pstrcat(target_xml, sizeof(target_xml), "</target>");
1052 for (i = 0; ; i++) {
1053 name = xml_builtin[i][0];
1054 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
1057 return name ? xml_builtin[i][1] : NULL;
1061 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
1063 CPUClass *cc = CPU_GET_CLASS(cpu);
1064 CPUArchState *env = cpu->env_ptr;
1065 GDBRegisterState *r;
1067 if (reg < cc->gdb_num_core_regs) {
1068 return cpu_gdb_read_register(env, mem_buf, reg);
1071 for (r = cpu->gdb_regs; r; r = r->next) {
1072 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
1073 return r->get_reg(env, mem_buf, reg - r->base_reg);
1079 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
1081 CPUClass *cc = CPU_GET_CLASS(cpu);
1082 CPUArchState *env = cpu->env_ptr;
1083 GDBRegisterState *r;
1085 if (reg < cc->gdb_num_core_regs) {
1086 return cpu_gdb_write_register(env, mem_buf, reg);
1089 for (r = cpu->gdb_regs; r; r = r->next) {
1090 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
1091 return r->set_reg(env, mem_buf, reg - r->base_reg);
1097 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
1098 specifies the first register number and these registers are included in
1099 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
1100 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
1103 void gdb_register_coprocessor(CPUState *cpu,
1104 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
1105 int num_regs, const char *xml, int g_pos)
1107 GDBRegisterState *s;
1108 GDBRegisterState **p;
1112 /* Check for duplicates. */
1113 if (strcmp((*p)->xml, xml) == 0)
1118 s = g_new0(GDBRegisterState, 1);
1119 s->base_reg = cpu->gdb_num_regs;
1120 s->num_regs = num_regs;
1121 s->get_reg = get_reg;
1122 s->set_reg = set_reg;
1125 /* Add to end of list. */
1126 cpu->gdb_num_regs += num_regs;
1129 if (g_pos != s->base_reg) {
1130 fprintf(stderr, "Error: Bad gdb register numbering for '%s'\n"
1131 "Expected %d got %d\n", xml, g_pos, s->base_reg);
1136 #ifndef CONFIG_USER_ONLY
1137 static const int xlat_gdb_type[] = {
1138 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
1139 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
1140 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
1144 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
1150 if (kvm_enabled()) {
1151 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
1155 case GDB_BREAKPOINT_SW:
1156 case GDB_BREAKPOINT_HW:
1157 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
1159 err = cpu_breakpoint_insert(env, addr, BP_GDB, NULL);
1164 #ifndef CONFIG_USER_ONLY
1165 case GDB_WATCHPOINT_WRITE:
1166 case GDB_WATCHPOINT_READ:
1167 case GDB_WATCHPOINT_ACCESS:
1168 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
1170 err = cpu_watchpoint_insert(env, addr, len, xlat_gdb_type[type],
1182 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
1188 if (kvm_enabled()) {
1189 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
1193 case GDB_BREAKPOINT_SW:
1194 case GDB_BREAKPOINT_HW:
1195 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
1197 err = cpu_breakpoint_remove(env, addr, BP_GDB);
1202 #ifndef CONFIG_USER_ONLY
1203 case GDB_WATCHPOINT_WRITE:
1204 case GDB_WATCHPOINT_READ:
1205 case GDB_WATCHPOINT_ACCESS:
1206 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
1208 err = cpu_watchpoint_remove(env, addr, len, xlat_gdb_type[type]);
1219 static void gdb_breakpoint_remove_all(void)
1224 if (kvm_enabled()) {
1225 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
1229 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
1231 cpu_breakpoint_remove_all(env, BP_GDB);
1232 #ifndef CONFIG_USER_ONLY
1233 cpu_watchpoint_remove_all(env, BP_GDB);
1238 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
1240 CPUState *cpu = s->c_cpu;
1241 CPUClass *cc = CPU_GET_CLASS(cpu);
1243 cpu_synchronize_state(cpu);
1245 cc->set_pc(cpu, pc);
1249 static CPUState *find_cpu(uint32_t thread_id)
1253 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
1254 if (cpu_index(cpu) == thread_id) {
1262 static int gdb_handle_packet(GDBState *s, const char *line_buf)
1267 int ch, reg_size, type, res;
1268 char buf[MAX_PACKET_LENGTH];
1269 uint8_t mem_buf[MAX_PACKET_LENGTH];
1271 target_ulong addr, len;
1274 printf("command='%s'\n", line_buf);
1280 /* TODO: Make this return the correct value for user-mode. */
1281 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
1282 cpu_index(s->c_cpu));
1284 /* Remove all the breakpoints when this query is issued,
1285 * because gdb is doing and initial connect and the state
1286 * should be cleaned up.
1288 gdb_breakpoint_remove_all();
1292 addr = strtoull(p, (char **)&p, 16);
1293 gdb_set_cpu_pc(s, addr);
1299 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
1300 if (s->signal == -1)
1305 if (strncmp(p, "Cont", 4) == 0) {
1306 int res_signal, res_thread;
1310 put_packet(s, "vCont;c;C;s;S");
1325 if (action == 'C' || action == 'S') {
1326 signal = strtoul(p, (char **)&p, 16);
1327 } else if (action != 'c' && action != 's') {
1333 thread = strtoull(p+1, (char **)&p, 16);
1335 action = tolower(action);
1336 if (res == 0 || (res == 'c' && action == 's')) {
1338 res_signal = signal;
1339 res_thread = thread;
1343 if (res_thread != -1 && res_thread != 0) {
1344 cpu = find_cpu(res_thread);
1346 put_packet(s, "E22");
1352 cpu_single_step(s->c_cpu, sstep_flags);
1354 s->signal = res_signal;
1360 goto unknown_command;
1363 #ifdef CONFIG_USER_ONLY
1364 /* Kill the target */
1365 fprintf(stderr, "\nQEMU: Terminated via GDBstub\n");
1370 gdb_breakpoint_remove_all();
1371 gdb_syscall_mode = GDB_SYS_DISABLED;
1373 put_packet(s, "OK");
1377 addr = strtoull(p, (char **)&p, 16);
1378 gdb_set_cpu_pc(s, addr);
1380 cpu_single_step(s->c_cpu, sstep_flags);
1388 ret = strtoull(p, (char **)&p, 16);
1391 err = strtoull(p, (char **)&p, 16);
1398 if (s->current_syscall_cb) {
1399 s->current_syscall_cb(s->c_cpu, ret, err);
1400 s->current_syscall_cb = NULL;
1403 put_packet(s, "T02");
1410 cpu_synchronize_state(s->g_cpu);
1412 for (addr = 0; addr < s->g_cpu->gdb_num_regs; addr++) {
1413 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
1416 memtohex(buf, mem_buf, len);
1420 cpu_synchronize_state(s->g_cpu);
1421 registers = mem_buf;
1422 len = strlen(p) / 2;
1423 hextomem((uint8_t *)registers, p, len);
1424 for (addr = 0; addr < s->g_cpu->gdb_num_regs && len > 0; addr++) {
1425 reg_size = gdb_write_register(s->g_cpu, registers, addr);
1427 registers += reg_size;
1429 put_packet(s, "OK");
1432 addr = strtoull(p, (char **)&p, 16);
1435 len = strtoull(p, NULL, 16);
1436 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
1437 put_packet (s, "E14");
1439 memtohex(buf, mem_buf, len);
1444 addr = strtoull(p, (char **)&p, 16);
1447 len = strtoull(p, (char **)&p, 16);
1450 hextomem(mem_buf, p, len);
1451 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
1453 put_packet(s, "E14");
1455 put_packet(s, "OK");
1459 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1460 This works, but can be very slow. Anything new enough to
1461 understand XML also knows how to use this properly. */
1463 goto unknown_command;
1464 addr = strtoull(p, (char **)&p, 16);
1465 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1467 memtohex(buf, mem_buf, reg_size);
1470 put_packet(s, "E14");
1475 goto unknown_command;
1476 addr = strtoull(p, (char **)&p, 16);
1479 reg_size = strlen(p) / 2;
1480 hextomem(mem_buf, p, reg_size);
1481 gdb_write_register(s->g_cpu, mem_buf, addr);
1482 put_packet(s, "OK");
1486 type = strtoul(p, (char **)&p, 16);
1489 addr = strtoull(p, (char **)&p, 16);
1492 len = strtoull(p, (char **)&p, 16);
1494 res = gdb_breakpoint_insert(addr, len, type);
1496 res = gdb_breakpoint_remove(addr, len, type);
1498 put_packet(s, "OK");
1499 else if (res == -ENOSYS)
1502 put_packet(s, "E22");
1506 thread = strtoull(p, (char **)&p, 16);
1507 if (thread == -1 || thread == 0) {
1508 put_packet(s, "OK");
1511 cpu = find_cpu(thread);
1513 put_packet(s, "E22");
1519 put_packet(s, "OK");
1523 put_packet(s, "OK");
1526 put_packet(s, "E22");
1531 thread = strtoull(p, (char **)&p, 16);
1532 cpu = find_cpu(thread);
1535 put_packet(s, "OK");
1537 put_packet(s, "E22");
1542 /* parse any 'q' packets here */
1543 if (!strcmp(p,"qemu.sstepbits")) {
1544 /* Query Breakpoint bit definitions */
1545 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1551 } else if (strncmp(p,"qemu.sstep",10) == 0) {
1552 /* Display or change the sstep_flags */
1555 /* Display current setting */
1556 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1561 type = strtoul(p, (char **)&p, 16);
1563 put_packet(s, "OK");
1565 } else if (strcmp(p,"C") == 0) {
1566 /* "Current thread" remains vague in the spec, so always return
1567 * the first CPU (gdb returns the first thread). */
1568 put_packet(s, "QC1");
1570 } else if (strcmp(p,"fThreadInfo") == 0) {
1571 s->query_cpu = first_cpu;
1572 goto report_cpuinfo;
1573 } else if (strcmp(p,"sThreadInfo") == 0) {
1576 snprintf(buf, sizeof(buf), "m%x", cpu_index(s->query_cpu));
1578 s->query_cpu = s->query_cpu->next_cpu;
1582 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1583 thread = strtoull(p+16, (char **)&p, 16);
1584 cpu = find_cpu(thread);
1586 cpu_synchronize_state(cpu);
1587 len = snprintf((char *)mem_buf, sizeof(mem_buf),
1588 "CPU#%d [%s]", cpu->cpu_index,
1589 cpu->halted ? "halted " : "running");
1590 memtohex(buf, mem_buf, len);
1595 #ifdef CONFIG_USER_ONLY
1596 else if (strncmp(p, "Offsets", 7) == 0) {
1597 CPUArchState *env = s->c_cpu->env_ptr;
1598 TaskState *ts = env->opaque;
1600 snprintf(buf, sizeof(buf),
1601 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1602 ";Bss=" TARGET_ABI_FMT_lx,
1603 ts->info->code_offset,
1604 ts->info->data_offset,
1605 ts->info->data_offset);
1609 #else /* !CONFIG_USER_ONLY */
1610 else if (strncmp(p, "Rcmd,", 5) == 0) {
1611 int len = strlen(p + 5);
1613 if ((len % 2) != 0) {
1614 put_packet(s, "E01");
1617 hextomem(mem_buf, p + 5, len);
1620 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1621 put_packet(s, "OK");
1624 #endif /* !CONFIG_USER_ONLY */
1625 if (strncmp(p, "Supported", 9) == 0) {
1626 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1628 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1634 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1636 target_ulong total_len;
1640 xml = get_feature_xml(p, &p);
1642 snprintf(buf, sizeof(buf), "E00");
1649 addr = strtoul(p, (char **)&p, 16);
1652 len = strtoul(p, (char **)&p, 16);
1654 total_len = strlen(xml);
1655 if (addr > total_len) {
1656 snprintf(buf, sizeof(buf), "E00");
1660 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1661 len = (MAX_PACKET_LENGTH - 5) / 2;
1662 if (len < total_len - addr) {
1664 len = memtox(buf + 1, xml + addr, len);
1667 len = memtox(buf + 1, xml + addr, total_len - addr);
1669 put_packet_binary(s, buf, len + 1);
1673 /* Unrecognised 'q' command. */
1674 goto unknown_command;
1678 /* put empty packet */
1686 void gdb_set_stop_cpu(CPUState *cpu)
1688 gdbserver_state->c_cpu = cpu;
1689 gdbserver_state->g_cpu = cpu;
1692 #ifndef CONFIG_USER_ONLY
1693 static void gdb_vm_state_change(void *opaque, int running, RunState state)
1695 GDBState *s = gdbserver_state;
1696 CPUArchState *env = s->c_cpu->env_ptr;
1697 CPUState *cpu = s->c_cpu;
1702 if (running || s->state == RS_INACTIVE) {
1705 /* Is there a GDB syscall waiting to be sent? */
1706 if (s->current_syscall_cb) {
1707 put_packet(s, s->syscall_buf);
1711 case RUN_STATE_DEBUG:
1712 if (env->watchpoint_hit) {
1713 switch (env->watchpoint_hit->flags & BP_MEM_ACCESS) {
1724 snprintf(buf, sizeof(buf),
1725 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
1726 GDB_SIGNAL_TRAP, cpu_index(cpu), type,
1727 env->watchpoint_hit->vaddr);
1728 env->watchpoint_hit = NULL;
1732 ret = GDB_SIGNAL_TRAP;
1734 case RUN_STATE_PAUSED:
1735 ret = GDB_SIGNAL_INT;
1737 case RUN_STATE_SHUTDOWN:
1738 ret = GDB_SIGNAL_QUIT;
1740 case RUN_STATE_IO_ERROR:
1741 ret = GDB_SIGNAL_IO;
1743 case RUN_STATE_WATCHDOG:
1744 ret = GDB_SIGNAL_ALRM;
1746 case RUN_STATE_INTERNAL_ERROR:
1747 ret = GDB_SIGNAL_ABRT;
1749 case RUN_STATE_SAVE_VM:
1750 case RUN_STATE_RESTORE_VM:
1752 case RUN_STATE_FINISH_MIGRATE:
1753 ret = GDB_SIGNAL_XCPU;
1756 ret = GDB_SIGNAL_UNKNOWN;
1759 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_index(cpu));
1764 /* disable single step if it was enabled */
1765 cpu_single_step(cpu, 0);
1769 /* Send a gdb syscall request.
1770 This accepts limited printf-style format specifiers, specifically:
1771 %x - target_ulong argument printed in hex.
1772 %lx - 64-bit argument printed in hex.
1773 %s - string pointer (target_ulong) and length (int) pair. */
1774 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1783 s = gdbserver_state;
1786 s->current_syscall_cb = cb;
1787 #ifndef CONFIG_USER_ONLY
1788 vm_stop(RUN_STATE_DEBUG);
1792 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
1799 addr = va_arg(va, target_ulong);
1800 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
1803 if (*(fmt++) != 'x')
1805 i64 = va_arg(va, uint64_t);
1806 p += snprintf(p, p_end - p, "%" PRIx64, i64);
1809 addr = va_arg(va, target_ulong);
1810 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
1811 addr, va_arg(va, int));
1815 fprintf(stderr, "gdbstub: Bad syscall format string '%s'\n",
1825 #ifdef CONFIG_USER_ONLY
1826 put_packet(s, s->syscall_buf);
1827 gdb_handlesig(s->c_cpu, 0);
1829 /* In this case wait to send the syscall packet until notification that
1830 the CPU has stopped. This must be done because if the packet is sent
1831 now the reply from the syscall request could be received while the CPU
1832 is still in the running state, which can cause packets to be dropped
1833 and state transition 'T' packets to be sent while the syscall is still
1839 static void gdb_read_byte(GDBState *s, int ch)
1844 #ifndef CONFIG_USER_ONLY
1845 if (s->last_packet_len) {
1846 /* Waiting for a response to the last packet. If we see the start
1847 of a new command then abandon the previous response. */
1850 printf("Got NACK, retransmitting\n");
1852 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
1856 printf("Got ACK\n");
1858 printf("Got '%c' when expecting ACK/NACK\n", ch);
1860 if (ch == '+' || ch == '$')
1861 s->last_packet_len = 0;
1865 if (runstate_is_running()) {
1866 /* when the CPU is running, we cannot do anything except stop
1867 it when receiving a char */
1868 vm_stop(RUN_STATE_PAUSED);
1875 s->line_buf_index = 0;
1876 s->state = RS_GETLINE;
1881 s->state = RS_CHKSUM1;
1882 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1885 s->line_buf[s->line_buf_index++] = ch;
1889 s->line_buf[s->line_buf_index] = '\0';
1890 s->line_csum = fromhex(ch) << 4;
1891 s->state = RS_CHKSUM2;
1894 s->line_csum |= fromhex(ch);
1896 for(i = 0; i < s->line_buf_index; i++) {
1897 csum += s->line_buf[i];
1899 if (s->line_csum != (csum & 0xff)) {
1901 put_buffer(s, &reply, 1);
1905 put_buffer(s, &reply, 1);
1906 s->state = gdb_handle_packet(s, s->line_buf);
1915 /* Tell the remote gdb that the process has exited. */
1916 void gdb_exit(CPUArchState *env, int code)
1921 s = gdbserver_state;
1925 #ifdef CONFIG_USER_ONLY
1926 if (gdbserver_fd < 0 || s->fd < 0) {
1931 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
1934 #ifndef CONFIG_USER_ONLY
1936 qemu_chr_delete(s->chr);
1941 #ifdef CONFIG_USER_ONLY
1947 s = gdbserver_state;
1949 if (gdbserver_fd < 0 || s->fd < 0)
1956 gdb_handlesig(CPUState *cpu, int sig)
1958 CPUArchState *env = cpu->env_ptr;
1963 s = gdbserver_state;
1964 if (gdbserver_fd < 0 || s->fd < 0) {
1968 /* disable single step if it was enabled */
1969 cpu_single_step(cpu, 0);
1973 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
1976 /* put_packet() might have detected that the peer terminated the
1984 s->running_state = 0;
1985 while (s->running_state == 0) {
1986 n = read(s->fd, buf, 256);
1990 for (i = 0; i < n; i++) {
1991 gdb_read_byte(s, buf[i]);
1993 } else if (n == 0 || errno != EAGAIN) {
1994 /* XXX: Connection closed. Should probably wait for another
1995 connection before continuing. */
2004 /* Tell the remote gdb that the process has exited due to SIG. */
2005 void gdb_signalled(CPUArchState *env, int sig)
2010 s = gdbserver_state;
2011 if (gdbserver_fd < 0 || s->fd < 0) {
2015 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
2019 static void gdb_accept(void)
2022 struct sockaddr_in sockaddr;
2027 len = sizeof(sockaddr);
2028 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
2029 if (fd < 0 && errno != EINTR) {
2032 } else if (fd >= 0) {
2034 fcntl(fd, F_SETFD, FD_CLOEXEC);
2040 /* set short latency */
2041 socket_set_nodelay(fd);
2043 s = g_malloc0(sizeof(GDBState));
2044 s->c_cpu = first_cpu;
2045 s->g_cpu = first_cpu;
2049 gdbserver_state = s;
2051 fcntl(fd, F_SETFL, O_NONBLOCK);
2054 static int gdbserver_open(int port)
2056 struct sockaddr_in sockaddr;
2059 fd = socket(PF_INET, SOCK_STREAM, 0);
2065 fcntl(fd, F_SETFD, FD_CLOEXEC);
2068 /* allow fast reuse */
2070 qemu_setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val));
2072 sockaddr.sin_family = AF_INET;
2073 sockaddr.sin_port = htons(port);
2074 sockaddr.sin_addr.s_addr = 0;
2075 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
2081 ret = listen(fd, 0);
2090 int gdbserver_start(int port)
2092 gdbserver_fd = gdbserver_open(port);
2093 if (gdbserver_fd < 0)
2095 /* accept connections */
2100 /* Disable gdb stub for child processes. */
2101 void gdbserver_fork(CPUArchState *env)
2103 GDBState *s = gdbserver_state;
2104 if (gdbserver_fd < 0 || s->fd < 0)
2108 cpu_breakpoint_remove_all(env, BP_GDB);
2109 cpu_watchpoint_remove_all(env, BP_GDB);
2112 static int gdb_chr_can_receive(void *opaque)
2114 /* We can handle an arbitrarily large amount of data.
2115 Pick the maximum packet size, which is as good as anything. */
2116 return MAX_PACKET_LENGTH;
2119 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
2123 for (i = 0; i < size; i++) {
2124 gdb_read_byte(gdbserver_state, buf[i]);
2128 static void gdb_chr_event(void *opaque, int event)
2131 case CHR_EVENT_OPENED:
2132 vm_stop(RUN_STATE_PAUSED);
2140 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
2142 char buf[MAX_PACKET_LENGTH];
2145 if (len > (MAX_PACKET_LENGTH/2) - 1)
2146 len = (MAX_PACKET_LENGTH/2) - 1;
2147 memtohex(buf + 1, (uint8_t *)msg, len);
2151 static int gdb_monitor_write(CharDriverState *chr, const uint8_t *buf, int len)
2153 const char *p = (const char *)buf;
2156 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
2158 if (len <= max_sz) {
2159 gdb_monitor_output(gdbserver_state, p, len);
2162 gdb_monitor_output(gdbserver_state, p, max_sz);
2170 static void gdb_sigterm_handler(int signal)
2172 if (runstate_is_running()) {
2173 vm_stop(RUN_STATE_PAUSED);
2178 int gdbserver_start(const char *device)
2181 char gdbstub_device_name[128];
2182 CharDriverState *chr = NULL;
2183 CharDriverState *mon_chr;
2187 if (strcmp(device, "none") != 0) {
2188 if (strstart(device, "tcp:", NULL)) {
2189 /* enforce required TCP attributes */
2190 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
2191 "%s,nowait,nodelay,server", device);
2192 device = gdbstub_device_name;
2195 else if (strcmp(device, "stdio") == 0) {
2196 struct sigaction act;
2198 memset(&act, 0, sizeof(act));
2199 act.sa_handler = gdb_sigterm_handler;
2200 sigaction(SIGINT, &act, NULL);
2203 chr = qemu_chr_new("gdb", device, NULL);
2207 qemu_chr_fe_claim_no_fail(chr);
2208 qemu_chr_add_handlers(chr, gdb_chr_can_receive, gdb_chr_receive,
2209 gdb_chr_event, NULL);
2212 s = gdbserver_state;
2214 s = g_malloc0(sizeof(GDBState));
2215 gdbserver_state = s;
2217 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
2219 /* Initialize a monitor terminal for gdb */
2220 mon_chr = g_malloc0(sizeof(*mon_chr));
2221 mon_chr->chr_write = gdb_monitor_write;
2222 monitor_init(mon_chr, 0);
2225 qemu_chr_delete(s->chr);
2226 mon_chr = s->mon_chr;
2227 memset(s, 0, sizeof(GDBState));
2229 s->c_cpu = first_cpu;
2230 s->g_cpu = first_cpu;
2232 s->state = chr ? RS_IDLE : RS_INACTIVE;
2233 s->mon_chr = mon_chr;
2234 s->current_syscall_cb = NULL;
projects / sdk / emulator / qemu.git / blob