4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
20 #include "qemu-common.h"
21 #ifdef CONFIG_USER_ONLY
32 #include "monitor/monitor.h"
33 #include "sysemu/char.h"
34 #include "sysemu/sysemu.h"
35 #include "exec/gdbstub.h"
38 #define MAX_PACKET_LENGTH 4096
41 #include "qemu/sockets.h"
42 #include "sysemu/kvm.h"
43 #include "qemu/bitops.h"
45 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
46 uint8_t *buf, int len, bool is_write)
48 CPUClass *cc = CPU_GET_CLASS(cpu);
50 if (cc->memory_rw_debug) {
51 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
53 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
65 GDB_SIGNAL_UNKNOWN = 143
68 #ifdef CONFIG_USER_ONLY
70 /* Map target signal numbers to GDB protocol signal numbers and vice
71 * versa. For user emulation's currently supported systems, we can
72 * assume most signals are defined.
75 static int gdb_signal_table[] = {
235 /* In system mode we only need SIGINT and SIGTRAP; other signals
236 are not yet supported. */
243 static int gdb_signal_table[] = {
253 #ifdef CONFIG_USER_ONLY
254 static int target_signal_to_gdb (int sig)
257 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
258 if (gdb_signal_table[i] == sig)
260 return GDB_SIGNAL_UNKNOWN;
264 static int gdb_signal_to_target (int sig)
266 if (sig < ARRAY_SIZE (gdb_signal_table))
267 return gdb_signal_table[sig];
274 typedef struct GDBRegisterState {
280 struct GDBRegisterState *next;
290 typedef struct GDBState {
291 CPUState *c_cpu; /* current CPU for step/continue ops */
292 CPUState *g_cpu; /* current CPU for other ops */
293 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
294 enum RSState state; /* parsing state */
295 char line_buf[MAX_PACKET_LENGTH];
298 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
301 #ifdef CONFIG_USER_ONLY
305 CharDriverState *chr;
306 CharDriverState *mon_chr;
308 char syscall_buf[256];
309 gdb_syscall_complete_cb current_syscall_cb;
312 /* By default use no IRQs and no timers while single stepping so as to
313 * make single stepping like an ICE HW step.
315 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
317 static GDBState *gdbserver_state;
319 /* This is an ugly hack to cope with both new and old gdb.
320 If gdb sends qXfer:features:read then assume we're talking to a newish
321 gdb that understands target descriptions. */
322 static int gdb_has_xml;
324 #ifdef CONFIG_USER_ONLY
325 /* XXX: This is not thread safe. Do we care? */
326 static int gdbserver_fd = -1;
328 static int get_char(GDBState *s)
334 ret = qemu_recv(s->fd, &ch, 1, 0);
336 if (errno == ECONNRESET)
338 if (errno != EINTR && errno != EAGAIN)
340 } else if (ret == 0) {
358 /* If gdb is connected when the first semihosting syscall occurs then use
359 remote gdb syscalls. Otherwise use native file IO. */
360 int use_gdb_syscalls(void)
362 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
363 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
366 return gdb_syscall_mode == GDB_SYS_ENABLED;
369 /* Resume execution. */
370 static inline void gdb_continue(GDBState *s)
372 #ifdef CONFIG_USER_ONLY
373 s->running_state = 1;
375 if (runstate_check(RUN_STATE_GUEST_PANICKED)) {
376 runstate_set(RUN_STATE_DEBUG);
378 if (!runstate_needs_reset()) {
384 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
386 #ifdef CONFIG_USER_ONLY
390 ret = send(s->fd, buf, len, 0);
392 if (errno != EINTR && errno != EAGAIN)
400 qemu_chr_fe_write(s->chr, buf, len);
404 static inline int fromhex(int v)
406 if (v >= '0' && v <= '9')
408 else if (v >= 'A' && v <= 'F')
410 else if (v >= 'a' && v <= 'f')
416 static inline int tohex(int v)
424 static void memtohex(char *buf, const uint8_t *mem, int len)
429 for(i = 0; i < len; i++) {
431 *q++ = tohex(c >> 4);
432 *q++ = tohex(c & 0xf);
437 static void hextomem(uint8_t *mem, const char *buf, int len)
441 for(i = 0; i < len; i++) {
442 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
447 /* return -1 if error, 0 if OK */
448 static int put_packet_binary(GDBState *s, const char *buf, int len)
459 for(i = 0; i < len; i++) {
463 *(p++) = tohex((csum >> 4) & 0xf);
464 *(p++) = tohex((csum) & 0xf);
466 s->last_packet_len = p - s->last_packet;
467 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
469 #ifdef CONFIG_USER_ONLY
482 /* return -1 if error, 0 if OK */
483 static int put_packet(GDBState *s, const char *buf)
486 printf("reply='%s'\n", buf);
489 return put_packet_binary(s, buf, strlen(buf));
492 /* The GDB remote protocol transfers values in target byte order. This means
493 we can use the raw memory access routines to access the value buffer.
494 Conveniently, these also handle the case where the buffer is mis-aligned.
496 #define GET_REG8(val) do { \
497 stb_p(mem_buf, val); \
500 #define GET_REG16(val) do { \
501 stw_p(mem_buf, val); \
504 #define GET_REG32(val) do { \
505 stl_p(mem_buf, val); \
508 #define GET_REG64(val) do { \
509 stq_p(mem_buf, val); \
513 #if TARGET_LONG_BITS == 64
514 #define GET_REGL(val) GET_REG64(val)
515 #define ldtul_p(addr) ldq_p(addr)
517 #define GET_REGL(val) GET_REG32(val)
518 #define ldtul_p(addr) ldl_p(addr)
521 #if defined(TARGET_I386)
523 #include "target-i386/gdbstub.c"
525 #elif defined (TARGET_PPC)
527 #if defined (TARGET_PPC64)
528 #define GDB_CORE_XML "power64-core.xml"
530 #define GDB_CORE_XML "power-core.xml"
533 #include "target-ppc/gdbstub.c"
535 #elif defined (TARGET_SPARC)
537 #include "target-sparc/gdbstub.c"
539 #elif defined (TARGET_ARM)
541 #define GDB_CORE_XML "arm-core.xml"
543 #include "target-arm/gdbstub.c"
545 #elif defined (TARGET_M68K)
547 #define GDB_CORE_XML "cf-core.xml"
549 #include "target-m68k/gdbstub.c"
551 #elif defined (TARGET_MIPS)
553 #include "target-mips/gdbstub.c"
555 #elif defined(TARGET_OPENRISC)
557 #include "target-openrisc/gdbstub.c"
559 #elif defined (TARGET_SH4)
561 #include "target-sh4/gdbstub.c"
563 #elif defined (TARGET_MICROBLAZE)
565 #include "target-microblaze/gdbstub.c"
567 #elif defined (TARGET_CRIS)
569 #include "target-cris/gdbstub.c"
571 #elif defined (TARGET_ALPHA)
573 #include "target-alpha/gdbstub.c"
575 #elif defined (TARGET_S390X)
577 #include "target-s390x/gdbstub.c"
579 #elif defined (TARGET_LM32)
581 #include "target-lm32/gdbstub.c"
583 #elif defined(TARGET_XTENSA)
585 #include "target-xtensa/gdbstub.c"
589 static int cpu_gdb_read_register(CPUArchState *env, uint8_t *mem_buf, int n)
594 static int cpu_gdb_write_register(CPUArchState *env, uint8_t *mem_buf, int n)
602 /* Encode data using the encoding for 'x' packets. */
603 static int memtox(char *buf, const char *mem, int len)
611 case '#': case '$': case '*': case '}':
623 static const char *get_feature_xml(const char *p, const char **newp)
628 static char target_xml[1024];
631 while (p[len] && p[len] != ':')
636 if (strncmp(p, "target.xml", len) == 0) {
637 /* Generate the XML description for this CPU. */
638 if (!target_xml[0]) {
640 CPUState *cpu = first_cpu;
642 snprintf(target_xml, sizeof(target_xml),
643 "<?xml version=\"1.0\"?>"
644 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
646 "<xi:include href=\"%s\"/>",
649 for (r = cpu->gdb_regs; r; r = r->next) {
650 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
651 pstrcat(target_xml, sizeof(target_xml), r->xml);
652 pstrcat(target_xml, sizeof(target_xml), "\"/>");
654 pstrcat(target_xml, sizeof(target_xml), "</target>");
659 name = xml_builtin[i][0];
660 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
663 return name ? xml_builtin[i][1] : NULL;
667 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
669 CPUClass *cc = CPU_GET_CLASS(cpu);
670 CPUArchState *env = cpu->env_ptr;
673 if (reg < cc->gdb_num_core_regs) {
674 return cpu_gdb_read_register(env, mem_buf, reg);
677 for (r = cpu->gdb_regs; r; r = r->next) {
678 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
679 return r->get_reg(env, mem_buf, reg - r->base_reg);
685 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
687 CPUClass *cc = CPU_GET_CLASS(cpu);
688 CPUArchState *env = cpu->env_ptr;
691 if (reg < cc->gdb_num_core_regs) {
692 return cpu_gdb_write_register(env, mem_buf, reg);
695 for (r = cpu->gdb_regs; r; r = r->next) {
696 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
697 return r->set_reg(env, mem_buf, reg - r->base_reg);
703 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
704 specifies the first register number and these registers are included in
705 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
706 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
709 void gdb_register_coprocessor(CPUState *cpu,
710 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
711 int num_regs, const char *xml, int g_pos)
714 GDBRegisterState **p;
718 /* Check for duplicates. */
719 if (strcmp((*p)->xml, xml) == 0)
724 s = g_new0(GDBRegisterState, 1);
725 s->base_reg = cpu->gdb_num_regs;
726 s->num_regs = num_regs;
727 s->get_reg = get_reg;
728 s->set_reg = set_reg;
731 /* Add to end of list. */
732 cpu->gdb_num_regs += num_regs;
735 if (g_pos != s->base_reg) {
736 fprintf(stderr, "Error: Bad gdb register numbering for '%s'\n"
737 "Expected %d got %d\n", xml, g_pos, s->base_reg);
742 #ifndef CONFIG_USER_ONLY
743 static const int xlat_gdb_type[] = {
744 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
745 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
746 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
750 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
757 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
761 case GDB_BREAKPOINT_SW:
762 case GDB_BREAKPOINT_HW:
763 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
765 err = cpu_breakpoint_insert(env, addr, BP_GDB, NULL);
770 #ifndef CONFIG_USER_ONLY
771 case GDB_WATCHPOINT_WRITE:
772 case GDB_WATCHPOINT_READ:
773 case GDB_WATCHPOINT_ACCESS:
774 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
776 err = cpu_watchpoint_insert(env, addr, len, xlat_gdb_type[type],
788 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
795 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
799 case GDB_BREAKPOINT_SW:
800 case GDB_BREAKPOINT_HW:
801 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
803 err = cpu_breakpoint_remove(env, addr, BP_GDB);
808 #ifndef CONFIG_USER_ONLY
809 case GDB_WATCHPOINT_WRITE:
810 case GDB_WATCHPOINT_READ:
811 case GDB_WATCHPOINT_ACCESS:
812 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
814 err = cpu_watchpoint_remove(env, addr, len, xlat_gdb_type[type]);
825 static void gdb_breakpoint_remove_all(void)
831 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
835 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
837 cpu_breakpoint_remove_all(env, BP_GDB);
838 #ifndef CONFIG_USER_ONLY
839 cpu_watchpoint_remove_all(env, BP_GDB);
844 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
846 CPUState *cpu = s->c_cpu;
847 CPUClass *cc = CPU_GET_CLASS(cpu);
849 cpu_synchronize_state(cpu);
855 static CPUState *find_cpu(uint32_t thread_id)
859 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
860 if (cpu_index(cpu) == thread_id) {
868 static int gdb_handle_packet(GDBState *s, const char *line_buf)
873 int ch, reg_size, type, res;
874 char buf[MAX_PACKET_LENGTH];
875 uint8_t mem_buf[MAX_PACKET_LENGTH];
877 target_ulong addr, len;
880 printf("command='%s'\n", line_buf);
886 /* TODO: Make this return the correct value for user-mode. */
887 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
888 cpu_index(s->c_cpu));
890 /* Remove all the breakpoints when this query is issued,
891 * because gdb is doing and initial connect and the state
892 * should be cleaned up.
894 gdb_breakpoint_remove_all();
898 addr = strtoull(p, (char **)&p, 16);
899 gdb_set_cpu_pc(s, addr);
905 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
911 if (strncmp(p, "Cont", 4) == 0) {
912 int res_signal, res_thread;
916 put_packet(s, "vCont;c;C;s;S");
931 if (action == 'C' || action == 'S') {
932 signal = strtoul(p, (char **)&p, 16);
933 } else if (action != 'c' && action != 's') {
939 thread = strtoull(p+1, (char **)&p, 16);
941 action = tolower(action);
942 if (res == 0 || (res == 'c' && action == 's')) {
949 if (res_thread != -1 && res_thread != 0) {
950 cpu = find_cpu(res_thread);
952 put_packet(s, "E22");
958 cpu_single_step(s->c_cpu, sstep_flags);
960 s->signal = res_signal;
966 goto unknown_command;
969 #ifdef CONFIG_USER_ONLY
970 /* Kill the target */
971 fprintf(stderr, "\nQEMU: Terminated via GDBstub\n");
976 gdb_breakpoint_remove_all();
977 gdb_syscall_mode = GDB_SYS_DISABLED;
983 addr = strtoull(p, (char **)&p, 16);
984 gdb_set_cpu_pc(s, addr);
986 cpu_single_step(s->c_cpu, sstep_flags);
994 ret = strtoull(p, (char **)&p, 16);
997 err = strtoull(p, (char **)&p, 16);
1004 if (s->current_syscall_cb) {
1005 s->current_syscall_cb(s->c_cpu, ret, err);
1006 s->current_syscall_cb = NULL;
1009 put_packet(s, "T02");
1016 cpu_synchronize_state(s->g_cpu);
1018 for (addr = 0; addr < s->g_cpu->gdb_num_regs; addr++) {
1019 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
1022 memtohex(buf, mem_buf, len);
1026 cpu_synchronize_state(s->g_cpu);
1027 registers = mem_buf;
1028 len = strlen(p) / 2;
1029 hextomem((uint8_t *)registers, p, len);
1030 for (addr = 0; addr < s->g_cpu->gdb_num_regs && len > 0; addr++) {
1031 reg_size = gdb_write_register(s->g_cpu, registers, addr);
1033 registers += reg_size;
1035 put_packet(s, "OK");
1038 addr = strtoull(p, (char **)&p, 16);
1041 len = strtoull(p, NULL, 16);
1042 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
1043 put_packet (s, "E14");
1045 memtohex(buf, mem_buf, len);
1050 addr = strtoull(p, (char **)&p, 16);
1053 len = strtoull(p, (char **)&p, 16);
1056 hextomem(mem_buf, p, len);
1057 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
1059 put_packet(s, "E14");
1061 put_packet(s, "OK");
1065 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1066 This works, but can be very slow. Anything new enough to
1067 understand XML also knows how to use this properly. */
1069 goto unknown_command;
1070 addr = strtoull(p, (char **)&p, 16);
1071 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1073 memtohex(buf, mem_buf, reg_size);
1076 put_packet(s, "E14");
1081 goto unknown_command;
1082 addr = strtoull(p, (char **)&p, 16);
1085 reg_size = strlen(p) / 2;
1086 hextomem(mem_buf, p, reg_size);
1087 gdb_write_register(s->g_cpu, mem_buf, addr);
1088 put_packet(s, "OK");
1092 type = strtoul(p, (char **)&p, 16);
1095 addr = strtoull(p, (char **)&p, 16);
1098 len = strtoull(p, (char **)&p, 16);
1100 res = gdb_breakpoint_insert(addr, len, type);
1102 res = gdb_breakpoint_remove(addr, len, type);
1104 put_packet(s, "OK");
1105 else if (res == -ENOSYS)
1108 put_packet(s, "E22");
1112 thread = strtoull(p, (char **)&p, 16);
1113 if (thread == -1 || thread == 0) {
1114 put_packet(s, "OK");
1117 cpu = find_cpu(thread);
1119 put_packet(s, "E22");
1125 put_packet(s, "OK");
1129 put_packet(s, "OK");
1132 put_packet(s, "E22");
1137 thread = strtoull(p, (char **)&p, 16);
1138 cpu = find_cpu(thread);
1141 put_packet(s, "OK");
1143 put_packet(s, "E22");
1148 /* parse any 'q' packets here */
1149 if (!strcmp(p,"qemu.sstepbits")) {
1150 /* Query Breakpoint bit definitions */
1151 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1157 } else if (strncmp(p,"qemu.sstep",10) == 0) {
1158 /* Display or change the sstep_flags */
1161 /* Display current setting */
1162 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1167 type = strtoul(p, (char **)&p, 16);
1169 put_packet(s, "OK");
1171 } else if (strcmp(p,"C") == 0) {
1172 /* "Current thread" remains vague in the spec, so always return
1173 * the first CPU (gdb returns the first thread). */
1174 put_packet(s, "QC1");
1176 } else if (strcmp(p,"fThreadInfo") == 0) {
1177 s->query_cpu = first_cpu;
1178 goto report_cpuinfo;
1179 } else if (strcmp(p,"sThreadInfo") == 0) {
1182 snprintf(buf, sizeof(buf), "m%x", cpu_index(s->query_cpu));
1184 s->query_cpu = s->query_cpu->next_cpu;
1188 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1189 thread = strtoull(p+16, (char **)&p, 16);
1190 cpu = find_cpu(thread);
1192 cpu_synchronize_state(cpu);
1193 len = snprintf((char *)mem_buf, sizeof(mem_buf),
1194 "CPU#%d [%s]", cpu->cpu_index,
1195 cpu->halted ? "halted " : "running");
1196 memtohex(buf, mem_buf, len);
1201 #ifdef CONFIG_USER_ONLY
1202 else if (strncmp(p, "Offsets", 7) == 0) {
1203 CPUArchState *env = s->c_cpu->env_ptr;
1204 TaskState *ts = env->opaque;
1206 snprintf(buf, sizeof(buf),
1207 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1208 ";Bss=" TARGET_ABI_FMT_lx,
1209 ts->info->code_offset,
1210 ts->info->data_offset,
1211 ts->info->data_offset);
1215 #else /* !CONFIG_USER_ONLY */
1216 else if (strncmp(p, "Rcmd,", 5) == 0) {
1217 int len = strlen(p + 5);
1219 if ((len % 2) != 0) {
1220 put_packet(s, "E01");
1223 hextomem(mem_buf, p + 5, len);
1226 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1227 put_packet(s, "OK");
1230 #endif /* !CONFIG_USER_ONLY */
1231 if (strncmp(p, "Supported", 9) == 0) {
1232 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1234 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1240 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1242 target_ulong total_len;
1246 xml = get_feature_xml(p, &p);
1248 snprintf(buf, sizeof(buf), "E00");
1255 addr = strtoul(p, (char **)&p, 16);
1258 len = strtoul(p, (char **)&p, 16);
1260 total_len = strlen(xml);
1261 if (addr > total_len) {
1262 snprintf(buf, sizeof(buf), "E00");
1266 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1267 len = (MAX_PACKET_LENGTH - 5) / 2;
1268 if (len < total_len - addr) {
1270 len = memtox(buf + 1, xml + addr, len);
1273 len = memtox(buf + 1, xml + addr, total_len - addr);
1275 put_packet_binary(s, buf, len + 1);
1279 /* Unrecognised 'q' command. */
1280 goto unknown_command;
1284 /* put empty packet */
1292 void gdb_set_stop_cpu(CPUState *cpu)
1294 gdbserver_state->c_cpu = cpu;
1295 gdbserver_state->g_cpu = cpu;
1298 #ifndef CONFIG_USER_ONLY
1299 static void gdb_vm_state_change(void *opaque, int running, RunState state)
1301 GDBState *s = gdbserver_state;
1302 CPUArchState *env = s->c_cpu->env_ptr;
1303 CPUState *cpu = s->c_cpu;
1308 if (running || s->state == RS_INACTIVE) {
1311 /* Is there a GDB syscall waiting to be sent? */
1312 if (s->current_syscall_cb) {
1313 put_packet(s, s->syscall_buf);
1317 case RUN_STATE_DEBUG:
1318 if (env->watchpoint_hit) {
1319 switch (env->watchpoint_hit->flags & BP_MEM_ACCESS) {
1330 snprintf(buf, sizeof(buf),
1331 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
1332 GDB_SIGNAL_TRAP, cpu_index(cpu), type,
1333 env->watchpoint_hit->vaddr);
1334 env->watchpoint_hit = NULL;
1338 ret = GDB_SIGNAL_TRAP;
1340 case RUN_STATE_PAUSED:
1341 ret = GDB_SIGNAL_INT;
1343 case RUN_STATE_SHUTDOWN:
1344 ret = GDB_SIGNAL_QUIT;
1346 case RUN_STATE_IO_ERROR:
1347 ret = GDB_SIGNAL_IO;
1349 case RUN_STATE_WATCHDOG:
1350 ret = GDB_SIGNAL_ALRM;
1352 case RUN_STATE_INTERNAL_ERROR:
1353 ret = GDB_SIGNAL_ABRT;
1355 case RUN_STATE_SAVE_VM:
1356 case RUN_STATE_RESTORE_VM:
1358 case RUN_STATE_FINISH_MIGRATE:
1359 ret = GDB_SIGNAL_XCPU;
1362 ret = GDB_SIGNAL_UNKNOWN;
1365 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_index(cpu));
1370 /* disable single step if it was enabled */
1371 cpu_single_step(cpu, 0);
1375 /* Send a gdb syscall request.
1376 This accepts limited printf-style format specifiers, specifically:
1377 %x - target_ulong argument printed in hex.
1378 %lx - 64-bit argument printed in hex.
1379 %s - string pointer (target_ulong) and length (int) pair. */
1380 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1389 s = gdbserver_state;
1392 s->current_syscall_cb = cb;
1393 #ifndef CONFIG_USER_ONLY
1394 vm_stop(RUN_STATE_DEBUG);
1398 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
1405 addr = va_arg(va, target_ulong);
1406 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
1409 if (*(fmt++) != 'x')
1411 i64 = va_arg(va, uint64_t);
1412 p += snprintf(p, p_end - p, "%" PRIx64, i64);
1415 addr = va_arg(va, target_ulong);
1416 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
1417 addr, va_arg(va, int));
1421 fprintf(stderr, "gdbstub: Bad syscall format string '%s'\n",
1431 #ifdef CONFIG_USER_ONLY
1432 put_packet(s, s->syscall_buf);
1433 gdb_handlesig(s->c_cpu, 0);
1435 /* In this case wait to send the syscall packet until notification that
1436 the CPU has stopped. This must be done because if the packet is sent
1437 now the reply from the syscall request could be received while the CPU
1438 is still in the running state, which can cause packets to be dropped
1439 and state transition 'T' packets to be sent while the syscall is still
1445 static void gdb_read_byte(GDBState *s, int ch)
1450 #ifndef CONFIG_USER_ONLY
1451 if (s->last_packet_len) {
1452 /* Waiting for a response to the last packet. If we see the start
1453 of a new command then abandon the previous response. */
1456 printf("Got NACK, retransmitting\n");
1458 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
1462 printf("Got ACK\n");
1464 printf("Got '%c' when expecting ACK/NACK\n", ch);
1466 if (ch == '+' || ch == '$')
1467 s->last_packet_len = 0;
1471 if (runstate_is_running()) {
1472 /* when the CPU is running, we cannot do anything except stop
1473 it when receiving a char */
1474 vm_stop(RUN_STATE_PAUSED);
1481 s->line_buf_index = 0;
1482 s->state = RS_GETLINE;
1487 s->state = RS_CHKSUM1;
1488 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1491 s->line_buf[s->line_buf_index++] = ch;
1495 s->line_buf[s->line_buf_index] = '\0';
1496 s->line_csum = fromhex(ch) << 4;
1497 s->state = RS_CHKSUM2;
1500 s->line_csum |= fromhex(ch);
1502 for(i = 0; i < s->line_buf_index; i++) {
1503 csum += s->line_buf[i];
1505 if (s->line_csum != (csum & 0xff)) {
1507 put_buffer(s, &reply, 1);
1511 put_buffer(s, &reply, 1);
1512 s->state = gdb_handle_packet(s, s->line_buf);
1521 /* Tell the remote gdb that the process has exited. */
1522 void gdb_exit(CPUArchState *env, int code)
1527 s = gdbserver_state;
1531 #ifdef CONFIG_USER_ONLY
1532 if (gdbserver_fd < 0 || s->fd < 0) {
1537 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
1540 #ifndef CONFIG_USER_ONLY
1542 qemu_chr_delete(s->chr);
1547 #ifdef CONFIG_USER_ONLY
1553 s = gdbserver_state;
1555 if (gdbserver_fd < 0 || s->fd < 0)
1562 gdb_handlesig(CPUState *cpu, int sig)
1564 CPUArchState *env = cpu->env_ptr;
1569 s = gdbserver_state;
1570 if (gdbserver_fd < 0 || s->fd < 0) {
1574 /* disable single step if it was enabled */
1575 cpu_single_step(cpu, 0);
1579 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
1582 /* put_packet() might have detected that the peer terminated the
1590 s->running_state = 0;
1591 while (s->running_state == 0) {
1592 n = read(s->fd, buf, 256);
1596 for (i = 0; i < n; i++) {
1597 gdb_read_byte(s, buf[i]);
1599 } else if (n == 0 || errno != EAGAIN) {
1600 /* XXX: Connection closed. Should probably wait for another
1601 connection before continuing. */
1610 /* Tell the remote gdb that the process has exited due to SIG. */
1611 void gdb_signalled(CPUArchState *env, int sig)
1616 s = gdbserver_state;
1617 if (gdbserver_fd < 0 || s->fd < 0) {
1621 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
1625 static void gdb_accept(void)
1628 struct sockaddr_in sockaddr;
1633 len = sizeof(sockaddr);
1634 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
1635 if (fd < 0 && errno != EINTR) {
1638 } else if (fd >= 0) {
1640 fcntl(fd, F_SETFD, FD_CLOEXEC);
1646 /* set short latency */
1647 socket_set_nodelay(fd);
1649 s = g_malloc0(sizeof(GDBState));
1650 s->c_cpu = first_cpu;
1651 s->g_cpu = first_cpu;
1655 gdbserver_state = s;
1657 fcntl(fd, F_SETFL, O_NONBLOCK);
1660 static int gdbserver_open(int port)
1662 struct sockaddr_in sockaddr;
1665 fd = socket(PF_INET, SOCK_STREAM, 0);
1671 fcntl(fd, F_SETFD, FD_CLOEXEC);
1674 /* allow fast reuse */
1676 qemu_setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val));
1678 sockaddr.sin_family = AF_INET;
1679 sockaddr.sin_port = htons(port);
1680 sockaddr.sin_addr.s_addr = 0;
1681 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
1687 ret = listen(fd, 0);
1696 int gdbserver_start(int port)
1698 gdbserver_fd = gdbserver_open(port);
1699 if (gdbserver_fd < 0)
1701 /* accept connections */
1706 /* Disable gdb stub for child processes. */
1707 void gdbserver_fork(CPUArchState *env)
1709 GDBState *s = gdbserver_state;
1710 if (gdbserver_fd < 0 || s->fd < 0)
1714 cpu_breakpoint_remove_all(env, BP_GDB);
1715 cpu_watchpoint_remove_all(env, BP_GDB);
1718 static int gdb_chr_can_receive(void *opaque)
1720 /* We can handle an arbitrarily large amount of data.
1721 Pick the maximum packet size, which is as good as anything. */
1722 return MAX_PACKET_LENGTH;
1725 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
1729 for (i = 0; i < size; i++) {
1730 gdb_read_byte(gdbserver_state, buf[i]);
1734 static void gdb_chr_event(void *opaque, int event)
1737 case CHR_EVENT_OPENED:
1738 vm_stop(RUN_STATE_PAUSED);
1746 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
1748 char buf[MAX_PACKET_LENGTH];
1751 if (len > (MAX_PACKET_LENGTH/2) - 1)
1752 len = (MAX_PACKET_LENGTH/2) - 1;
1753 memtohex(buf + 1, (uint8_t *)msg, len);
1757 static int gdb_monitor_write(CharDriverState *chr, const uint8_t *buf, int len)
1759 const char *p = (const char *)buf;
1762 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
1764 if (len <= max_sz) {
1765 gdb_monitor_output(gdbserver_state, p, len);
1768 gdb_monitor_output(gdbserver_state, p, max_sz);
1776 static void gdb_sigterm_handler(int signal)
1778 if (runstate_is_running()) {
1779 vm_stop(RUN_STATE_PAUSED);
1784 int gdbserver_start(const char *device)
1787 char gdbstub_device_name[128];
1788 CharDriverState *chr = NULL;
1789 CharDriverState *mon_chr;
1793 if (strcmp(device, "none") != 0) {
1794 if (strstart(device, "tcp:", NULL)) {
1795 /* enforce required TCP attributes */
1796 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
1797 "%s,nowait,nodelay,server", device);
1798 device = gdbstub_device_name;
1801 else if (strcmp(device, "stdio") == 0) {
1802 struct sigaction act;
1804 memset(&act, 0, sizeof(act));
1805 act.sa_handler = gdb_sigterm_handler;
1806 sigaction(SIGINT, &act, NULL);
1809 chr = qemu_chr_new("gdb", device, NULL);
1813 qemu_chr_fe_claim_no_fail(chr);
1814 qemu_chr_add_handlers(chr, gdb_chr_can_receive, gdb_chr_receive,
1815 gdb_chr_event, NULL);
1818 s = gdbserver_state;
1820 s = g_malloc0(sizeof(GDBState));
1821 gdbserver_state = s;
1823 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
1825 /* Initialize a monitor terminal for gdb */
1826 mon_chr = g_malloc0(sizeof(*mon_chr));
1827 mon_chr->chr_write = gdb_monitor_write;
1828 monitor_init(mon_chr, 0);
1831 qemu_chr_delete(s->chr);
1832 mon_chr = s->mon_chr;
1833 memset(s, 0, sizeof(GDBState));
1835 s->c_cpu = first_cpu;
1836 s->g_cpu = first_cpu;
1838 s->state = chr ? RS_IDLE : RS_INACTIVE;
1839 s->mon_chr = mon_chr;
1840 s->current_syscall_cb = NULL;
projects / sdk / emulator / qemu.git / blob