4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
20 #include "qemu-common.h"
21 #ifdef CONFIG_USER_ONLY
32 #include "monitor/monitor.h"
33 #include "sysemu/char.h"
34 #include "sysemu/sysemu.h"
35 #include "exec/gdbstub.h"
38 #define MAX_PACKET_LENGTH 4096
41 #include "qemu/sockets.h"
42 #include "sysemu/kvm.h"
43 #include "qemu/bitops.h"
45 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
46 uint8_t *buf, int len, bool is_write)
48 CPUClass *cc = CPU_GET_CLASS(cpu);
50 if (cc->memory_rw_debug) {
51 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
53 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
65 GDB_SIGNAL_UNKNOWN = 143
68 #ifdef CONFIG_USER_ONLY
70 /* Map target signal numbers to GDB protocol signal numbers and vice
71 * versa. For user emulation's currently supported systems, we can
72 * assume most signals are defined.
75 static int gdb_signal_table[] = {
235 /* In system mode we only need SIGINT and SIGTRAP; other signals
236 are not yet supported. */
243 static int gdb_signal_table[] = {
253 #ifdef CONFIG_USER_ONLY
254 static int target_signal_to_gdb (int sig)
257 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
258 if (gdb_signal_table[i] == sig)
260 return GDB_SIGNAL_UNKNOWN;
264 static int gdb_signal_to_target (int sig)
266 if (sig < ARRAY_SIZE (gdb_signal_table))
267 return gdb_signal_table[sig];
274 typedef struct GDBRegisterState {
280 struct GDBRegisterState *next;
290 typedef struct GDBState {
291 CPUState *c_cpu; /* current CPU for step/continue ops */
292 CPUState *g_cpu; /* current CPU for other ops */
293 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
294 enum RSState state; /* parsing state */
295 char line_buf[MAX_PACKET_LENGTH];
298 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
301 #ifdef CONFIG_USER_ONLY
305 CharDriverState *chr;
306 CharDriverState *mon_chr;
308 char syscall_buf[256];
309 gdb_syscall_complete_cb current_syscall_cb;
312 /* By default use no IRQs and no timers while single stepping so as to
313 * make single stepping like an ICE HW step.
315 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
317 static GDBState *gdbserver_state;
319 /* This is an ugly hack to cope with both new and old gdb.
320 If gdb sends qXfer:features:read then assume we're talking to a newish
321 gdb that understands target descriptions. */
322 static int gdb_has_xml;
324 #ifdef CONFIG_USER_ONLY
325 /* XXX: This is not thread safe. Do we care? */
326 static int gdbserver_fd = -1;
328 static int get_char(GDBState *s)
334 ret = qemu_recv(s->fd, &ch, 1, 0);
336 if (errno == ECONNRESET)
338 if (errno != EINTR && errno != EAGAIN)
340 } else if (ret == 0) {
358 /* If gdb is connected when the first semihosting syscall occurs then use
359 remote gdb syscalls. Otherwise use native file IO. */
360 int use_gdb_syscalls(void)
362 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
363 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
366 return gdb_syscall_mode == GDB_SYS_ENABLED;
369 /* Resume execution. */
370 static inline void gdb_continue(GDBState *s)
372 #ifdef CONFIG_USER_ONLY
373 s->running_state = 1;
375 if (runstate_check(RUN_STATE_GUEST_PANICKED)) {
376 runstate_set(RUN_STATE_DEBUG);
378 if (!runstate_needs_reset()) {
384 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
386 #ifdef CONFIG_USER_ONLY
390 ret = send(s->fd, buf, len, 0);
392 if (errno != EINTR && errno != EAGAIN)
400 qemu_chr_fe_write(s->chr, buf, len);
404 static inline int fromhex(int v)
406 if (v >= '0' && v <= '9')
408 else if (v >= 'A' && v <= 'F')
410 else if (v >= 'a' && v <= 'f')
416 static inline int tohex(int v)
424 static void memtohex(char *buf, const uint8_t *mem, int len)
429 for(i = 0; i < len; i++) {
431 *q++ = tohex(c >> 4);
432 *q++ = tohex(c & 0xf);
437 static void hextomem(uint8_t *mem, const char *buf, int len)
441 for(i = 0; i < len; i++) {
442 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
447 /* return -1 if error, 0 if OK */
448 static int put_packet_binary(GDBState *s, const char *buf, int len)
459 for(i = 0; i < len; i++) {
463 *(p++) = tohex((csum >> 4) & 0xf);
464 *(p++) = tohex((csum) & 0xf);
466 s->last_packet_len = p - s->last_packet;
467 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
469 #ifdef CONFIG_USER_ONLY
482 /* return -1 if error, 0 if OK */
483 static int put_packet(GDBState *s, const char *buf)
486 printf("reply='%s'\n", buf);
489 return put_packet_binary(s, buf, strlen(buf));
492 /* The GDB remote protocol transfers values in target byte order. This means
493 we can use the raw memory access routines to access the value buffer.
494 Conveniently, these also handle the case where the buffer is mis-aligned.
496 #define GET_REG8(val) do { \
497 stb_p(mem_buf, val); \
500 #define GET_REG16(val) do { \
501 stw_p(mem_buf, val); \
504 #define GET_REG32(val) do { \
505 stl_p(mem_buf, val); \
508 #define GET_REG64(val) do { \
509 stq_p(mem_buf, val); \
513 #if TARGET_LONG_BITS == 64
514 #define GET_REGL(val) GET_REG64(val)
515 #define ldtul_p(addr) ldq_p(addr)
517 #define GET_REGL(val) GET_REG32(val)
518 #define ldtul_p(addr) ldl_p(addr)
521 #if defined(TARGET_I386)
523 #include "target-i386/gdbstub.c"
525 #elif defined (TARGET_PPC)
527 #if defined (TARGET_PPC64)
528 #define GDB_CORE_XML "power64-core.xml"
530 #define GDB_CORE_XML "power-core.xml"
533 #include "target-ppc/gdbstub.c"
535 #elif defined (TARGET_SPARC)
537 #include "target-sparc/gdbstub.c"
539 #elif defined (TARGET_ARM)
541 #define GDB_CORE_XML "arm-core.xml"
543 #include "target-arm/gdbstub.c"
545 #elif defined (TARGET_M68K)
547 #define GDB_CORE_XML "cf-core.xml"
549 #include "target-m68k/gdbstub.c"
551 #elif defined (TARGET_MIPS)
553 #include "target-mips/gdbstub.c"
555 #elif defined(TARGET_OPENRISC)
557 #include "target-openrisc/gdbstub.c"
559 #elif defined (TARGET_SH4)
561 #include "target-sh4/gdbstub.c"
563 #elif defined (TARGET_MICROBLAZE)
565 #include "target-microblaze/gdbstub.c"
567 #elif defined (TARGET_CRIS)
570 read_register_crisv10(CPUCRISState *env, uint8_t *mem_buf, int n)
573 GET_REG32(env->regs[n]);
583 GET_REG8(env->pregs[n - 16]);
585 GET_REG8(env->pregs[n - 16]);
588 GET_REG16(env->pregs[n - 16]);
591 GET_REG32(env->pregs[n - 16]);
599 static int cpu_gdb_read_register(CPUCRISState *env, uint8_t *mem_buf, int n)
603 if (env->pregs[PR_VR] < 32) {
604 return read_register_crisv10(env, mem_buf, n);
607 srs = env->pregs[PR_SRS];
609 GET_REG32(env->regs[n]);
612 if (n >= 21 && n < 32) {
613 GET_REG32(env->pregs[n - 16]);
615 if (n >= 33 && n < 49) {
616 GET_REG32(env->sregs[srs][n - 33]);
620 GET_REG8(env->pregs[0]);
622 GET_REG8(env->pregs[1]);
624 GET_REG32(env->pregs[2]);
628 GET_REG16(env->pregs[4]);
636 static int cpu_gdb_write_register(CPUCRISState *env, uint8_t *mem_buf, int n)
644 tmp = ldl_p(mem_buf);
650 if (n >= 21 && n < 32) {
651 env->pregs[n - 16] = tmp;
654 /* FIXME: Should support function regs be writable? */
661 env->pregs[PR_PID] = tmp;
674 #elif defined (TARGET_ALPHA)
676 static int cpu_gdb_read_register(CPUAlphaState *env, uint8_t *mem_buf, int n)
686 d.d = env->fir[n - 32];
690 val = cpu_alpha_load_fpcr(env);
700 /* 31 really is the zero register; 65 is unassigned in the
701 gdb protocol, but is still required to occupy 8 bytes. */
710 static int cpu_gdb_write_register(CPUAlphaState *env, uint8_t *mem_buf, int n)
712 target_ulong tmp = ldtul_p(mem_buf);
721 env->fir[n - 32] = d.d;
724 cpu_alpha_store_fpcr(env, tmp);
734 /* 31 really is the zero register; 65 is unassigned in the
735 gdb protocol, but is still required to occupy 8 bytes. */
742 #elif defined (TARGET_S390X)
744 static int cpu_gdb_read_register(CPUS390XState *env, uint8_t *mem_buf, int n)
750 case S390_PSWM_REGNUM:
751 cc_op = calc_cc(env, env->cc_op, env->cc_src, env->cc_dst, env->cc_vr);
752 val = deposit64(env->psw.mask, 44, 2, cc_op);
754 case S390_PSWA_REGNUM:
755 GET_REGL(env->psw.addr);
756 case S390_R0_REGNUM ... S390_R15_REGNUM:
757 GET_REGL(env->regs[n-S390_R0_REGNUM]);
758 case S390_A0_REGNUM ... S390_A15_REGNUM:
759 GET_REG32(env->aregs[n-S390_A0_REGNUM]);
760 case S390_FPC_REGNUM:
762 case S390_F0_REGNUM ... S390_F15_REGNUM:
763 GET_REG64(env->fregs[n-S390_F0_REGNUM].ll);
769 static int cpu_gdb_write_register(CPUS390XState *env, uint8_t *mem_buf, int n)
774 tmpl = ldtul_p(mem_buf);
775 tmp32 = ldl_p(mem_buf);
778 case S390_PSWM_REGNUM:
779 env->psw.mask = tmpl;
780 env->cc_op = extract64(tmpl, 44, 2);
782 case S390_PSWA_REGNUM:
783 env->psw.addr = tmpl;
785 case S390_R0_REGNUM ... S390_R15_REGNUM:
786 env->regs[n-S390_R0_REGNUM] = tmpl;
788 case S390_A0_REGNUM ... S390_A15_REGNUM:
789 env->aregs[n-S390_A0_REGNUM] = tmp32;
792 case S390_FPC_REGNUM:
796 case S390_F0_REGNUM ... S390_F15_REGNUM:
797 env->fregs[n-S390_F0_REGNUM].ll = tmpl;
804 #elif defined (TARGET_LM32)
806 #include "hw/lm32/lm32_pic.h"
808 static int cpu_gdb_read_register(CPULM32State *env, uint8_t *mem_buf, int n)
811 GET_REG32(env->regs[n]);
816 /* FIXME: put in right exception ID */
822 GET_REG32(env->deba);
826 GET_REG32(lm32_pic_get_im(env->pic_state));
828 GET_REG32(lm32_pic_get_ip(env->pic_state));
834 static int cpu_gdb_write_register(CPULM32State *env, uint8_t *mem_buf, int n)
836 LM32CPU *cpu = lm32_env_get_cpu(env);
837 CPUClass *cc = CPU_GET_CLASS(cpu);
840 if (n > cc->gdb_num_core_regs) {
844 tmp = ldl_p(mem_buf);
863 lm32_pic_set_im(env->pic_state, tmp);
866 lm32_pic_set_ip(env->pic_state, tmp);
872 #elif defined(TARGET_XTENSA)
874 static int cpu_gdb_read_register(CPUXtensaState *env, uint8_t *mem_buf, int n)
876 const XtensaGdbReg *reg = env->config->gdb_regmap.reg + n;
878 if (n < 0 || n >= env->config->gdb_regmap.num_regs) {
887 xtensa_sync_phys_from_window(env);
888 GET_REG32(env->phys_regs[(reg->targno & 0xff) % env->config->nareg]);
891 GET_REG32(env->sregs[reg->targno & 0xff]);
894 GET_REG32(env->uregs[reg->targno & 0xff]);
897 GET_REG32(float32_val(env->fregs[reg->targno & 0x0f]));
900 GET_REG32(env->regs[reg->targno & 0x0f]);
903 qemu_log("%s from reg %d of unsupported type %d\n",
904 __func__, n, reg->type);
909 static int cpu_gdb_write_register(CPUXtensaState *env, uint8_t *mem_buf, int n)
912 const XtensaGdbReg *reg = env->config->gdb_regmap.reg + n;
914 if (n < 0 || n >= env->config->gdb_regmap.num_regs) {
918 tmp = ldl_p(mem_buf);
926 env->phys_regs[(reg->targno & 0xff) % env->config->nareg] = tmp;
927 xtensa_sync_window_from_phys(env);
931 env->sregs[reg->targno & 0xff] = tmp;
935 env->uregs[reg->targno & 0xff] = tmp;
939 env->fregs[reg->targno & 0x0f] = make_float32(tmp);
943 env->regs[reg->targno & 0x0f] = tmp;
947 qemu_log("%s to reg %d of unsupported type %d\n",
948 __func__, n, reg->type);
956 static int cpu_gdb_read_register(CPUArchState *env, uint8_t *mem_buf, int n)
961 static int cpu_gdb_write_register(CPUArchState *env, uint8_t *mem_buf, int n)
969 /* Encode data using the encoding for 'x' packets. */
970 static int memtox(char *buf, const char *mem, int len)
978 case '#': case '$': case '*': case '}':
990 static const char *get_feature_xml(const char *p, const char **newp)
995 static char target_xml[1024];
998 while (p[len] && p[len] != ':')
1003 if (strncmp(p, "target.xml", len) == 0) {
1004 /* Generate the XML description for this CPU. */
1005 if (!target_xml[0]) {
1006 GDBRegisterState *r;
1007 CPUState *cpu = first_cpu;
1009 snprintf(target_xml, sizeof(target_xml),
1010 "<?xml version=\"1.0\"?>"
1011 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
1013 "<xi:include href=\"%s\"/>",
1016 for (r = cpu->gdb_regs; r; r = r->next) {
1017 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
1018 pstrcat(target_xml, sizeof(target_xml), r->xml);
1019 pstrcat(target_xml, sizeof(target_xml), "\"/>");
1021 pstrcat(target_xml, sizeof(target_xml), "</target>");
1025 for (i = 0; ; i++) {
1026 name = xml_builtin[i][0];
1027 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
1030 return name ? xml_builtin[i][1] : NULL;
1034 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
1036 CPUClass *cc = CPU_GET_CLASS(cpu);
1037 CPUArchState *env = cpu->env_ptr;
1038 GDBRegisterState *r;
1040 if (reg < cc->gdb_num_core_regs) {
1041 return cpu_gdb_read_register(env, mem_buf, reg);
1044 for (r = cpu->gdb_regs; r; r = r->next) {
1045 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
1046 return r->get_reg(env, mem_buf, reg - r->base_reg);
1052 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
1054 CPUClass *cc = CPU_GET_CLASS(cpu);
1055 CPUArchState *env = cpu->env_ptr;
1056 GDBRegisterState *r;
1058 if (reg < cc->gdb_num_core_regs) {
1059 return cpu_gdb_write_register(env, mem_buf, reg);
1062 for (r = cpu->gdb_regs; r; r = r->next) {
1063 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
1064 return r->set_reg(env, mem_buf, reg - r->base_reg);
1070 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
1071 specifies the first register number and these registers are included in
1072 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
1073 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
1076 void gdb_register_coprocessor(CPUState *cpu,
1077 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
1078 int num_regs, const char *xml, int g_pos)
1080 GDBRegisterState *s;
1081 GDBRegisterState **p;
1085 /* Check for duplicates. */
1086 if (strcmp((*p)->xml, xml) == 0)
1091 s = g_new0(GDBRegisterState, 1);
1092 s->base_reg = cpu->gdb_num_regs;
1093 s->num_regs = num_regs;
1094 s->get_reg = get_reg;
1095 s->set_reg = set_reg;
1098 /* Add to end of list. */
1099 cpu->gdb_num_regs += num_regs;
1102 if (g_pos != s->base_reg) {
1103 fprintf(stderr, "Error: Bad gdb register numbering for '%s'\n"
1104 "Expected %d got %d\n", xml, g_pos, s->base_reg);
1109 #ifndef CONFIG_USER_ONLY
1110 static const int xlat_gdb_type[] = {
1111 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
1112 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
1113 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
1117 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
1123 if (kvm_enabled()) {
1124 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
1128 case GDB_BREAKPOINT_SW:
1129 case GDB_BREAKPOINT_HW:
1130 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
1132 err = cpu_breakpoint_insert(env, addr, BP_GDB, NULL);
1137 #ifndef CONFIG_USER_ONLY
1138 case GDB_WATCHPOINT_WRITE:
1139 case GDB_WATCHPOINT_READ:
1140 case GDB_WATCHPOINT_ACCESS:
1141 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
1143 err = cpu_watchpoint_insert(env, addr, len, xlat_gdb_type[type],
1155 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
1161 if (kvm_enabled()) {
1162 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
1166 case GDB_BREAKPOINT_SW:
1167 case GDB_BREAKPOINT_HW:
1168 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
1170 err = cpu_breakpoint_remove(env, addr, BP_GDB);
1175 #ifndef CONFIG_USER_ONLY
1176 case GDB_WATCHPOINT_WRITE:
1177 case GDB_WATCHPOINT_READ:
1178 case GDB_WATCHPOINT_ACCESS:
1179 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
1181 err = cpu_watchpoint_remove(env, addr, len, xlat_gdb_type[type]);
1192 static void gdb_breakpoint_remove_all(void)
1197 if (kvm_enabled()) {
1198 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
1202 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
1204 cpu_breakpoint_remove_all(env, BP_GDB);
1205 #ifndef CONFIG_USER_ONLY
1206 cpu_watchpoint_remove_all(env, BP_GDB);
1211 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
1213 CPUState *cpu = s->c_cpu;
1214 CPUClass *cc = CPU_GET_CLASS(cpu);
1216 cpu_synchronize_state(cpu);
1218 cc->set_pc(cpu, pc);
1222 static CPUState *find_cpu(uint32_t thread_id)
1226 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
1227 if (cpu_index(cpu) == thread_id) {
1235 static int gdb_handle_packet(GDBState *s, const char *line_buf)
1240 int ch, reg_size, type, res;
1241 char buf[MAX_PACKET_LENGTH];
1242 uint8_t mem_buf[MAX_PACKET_LENGTH];
1244 target_ulong addr, len;
1247 printf("command='%s'\n", line_buf);
1253 /* TODO: Make this return the correct value for user-mode. */
1254 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
1255 cpu_index(s->c_cpu));
1257 /* Remove all the breakpoints when this query is issued,
1258 * because gdb is doing and initial connect and the state
1259 * should be cleaned up.
1261 gdb_breakpoint_remove_all();
1265 addr = strtoull(p, (char **)&p, 16);
1266 gdb_set_cpu_pc(s, addr);
1272 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
1273 if (s->signal == -1)
1278 if (strncmp(p, "Cont", 4) == 0) {
1279 int res_signal, res_thread;
1283 put_packet(s, "vCont;c;C;s;S");
1298 if (action == 'C' || action == 'S') {
1299 signal = strtoul(p, (char **)&p, 16);
1300 } else if (action != 'c' && action != 's') {
1306 thread = strtoull(p+1, (char **)&p, 16);
1308 action = tolower(action);
1309 if (res == 0 || (res == 'c' && action == 's')) {
1311 res_signal = signal;
1312 res_thread = thread;
1316 if (res_thread != -1 && res_thread != 0) {
1317 cpu = find_cpu(res_thread);
1319 put_packet(s, "E22");
1325 cpu_single_step(s->c_cpu, sstep_flags);
1327 s->signal = res_signal;
1333 goto unknown_command;
1336 #ifdef CONFIG_USER_ONLY
1337 /* Kill the target */
1338 fprintf(stderr, "\nQEMU: Terminated via GDBstub\n");
1343 gdb_breakpoint_remove_all();
1344 gdb_syscall_mode = GDB_SYS_DISABLED;
1346 put_packet(s, "OK");
1350 addr = strtoull(p, (char **)&p, 16);
1351 gdb_set_cpu_pc(s, addr);
1353 cpu_single_step(s->c_cpu, sstep_flags);
1361 ret = strtoull(p, (char **)&p, 16);
1364 err = strtoull(p, (char **)&p, 16);
1371 if (s->current_syscall_cb) {
1372 s->current_syscall_cb(s->c_cpu, ret, err);
1373 s->current_syscall_cb = NULL;
1376 put_packet(s, "T02");
1383 cpu_synchronize_state(s->g_cpu);
1385 for (addr = 0; addr < s->g_cpu->gdb_num_regs; addr++) {
1386 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
1389 memtohex(buf, mem_buf, len);
1393 cpu_synchronize_state(s->g_cpu);
1394 registers = mem_buf;
1395 len = strlen(p) / 2;
1396 hextomem((uint8_t *)registers, p, len);
1397 for (addr = 0; addr < s->g_cpu->gdb_num_regs && len > 0; addr++) {
1398 reg_size = gdb_write_register(s->g_cpu, registers, addr);
1400 registers += reg_size;
1402 put_packet(s, "OK");
1405 addr = strtoull(p, (char **)&p, 16);
1408 len = strtoull(p, NULL, 16);
1409 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
1410 put_packet (s, "E14");
1412 memtohex(buf, mem_buf, len);
1417 addr = strtoull(p, (char **)&p, 16);
1420 len = strtoull(p, (char **)&p, 16);
1423 hextomem(mem_buf, p, len);
1424 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
1426 put_packet(s, "E14");
1428 put_packet(s, "OK");
1432 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1433 This works, but can be very slow. Anything new enough to
1434 understand XML also knows how to use this properly. */
1436 goto unknown_command;
1437 addr = strtoull(p, (char **)&p, 16);
1438 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1440 memtohex(buf, mem_buf, reg_size);
1443 put_packet(s, "E14");
1448 goto unknown_command;
1449 addr = strtoull(p, (char **)&p, 16);
1452 reg_size = strlen(p) / 2;
1453 hextomem(mem_buf, p, reg_size);
1454 gdb_write_register(s->g_cpu, mem_buf, addr);
1455 put_packet(s, "OK");
1459 type = strtoul(p, (char **)&p, 16);
1462 addr = strtoull(p, (char **)&p, 16);
1465 len = strtoull(p, (char **)&p, 16);
1467 res = gdb_breakpoint_insert(addr, len, type);
1469 res = gdb_breakpoint_remove(addr, len, type);
1471 put_packet(s, "OK");
1472 else if (res == -ENOSYS)
1475 put_packet(s, "E22");
1479 thread = strtoull(p, (char **)&p, 16);
1480 if (thread == -1 || thread == 0) {
1481 put_packet(s, "OK");
1484 cpu = find_cpu(thread);
1486 put_packet(s, "E22");
1492 put_packet(s, "OK");
1496 put_packet(s, "OK");
1499 put_packet(s, "E22");
1504 thread = strtoull(p, (char **)&p, 16);
1505 cpu = find_cpu(thread);
1508 put_packet(s, "OK");
1510 put_packet(s, "E22");
1515 /* parse any 'q' packets here */
1516 if (!strcmp(p,"qemu.sstepbits")) {
1517 /* Query Breakpoint bit definitions */
1518 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1524 } else if (strncmp(p,"qemu.sstep",10) == 0) {
1525 /* Display or change the sstep_flags */
1528 /* Display current setting */
1529 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1534 type = strtoul(p, (char **)&p, 16);
1536 put_packet(s, "OK");
1538 } else if (strcmp(p,"C") == 0) {
1539 /* "Current thread" remains vague in the spec, so always return
1540 * the first CPU (gdb returns the first thread). */
1541 put_packet(s, "QC1");
1543 } else if (strcmp(p,"fThreadInfo") == 0) {
1544 s->query_cpu = first_cpu;
1545 goto report_cpuinfo;
1546 } else if (strcmp(p,"sThreadInfo") == 0) {
1549 snprintf(buf, sizeof(buf), "m%x", cpu_index(s->query_cpu));
1551 s->query_cpu = s->query_cpu->next_cpu;
1555 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1556 thread = strtoull(p+16, (char **)&p, 16);
1557 cpu = find_cpu(thread);
1559 cpu_synchronize_state(cpu);
1560 len = snprintf((char *)mem_buf, sizeof(mem_buf),
1561 "CPU#%d [%s]", cpu->cpu_index,
1562 cpu->halted ? "halted " : "running");
1563 memtohex(buf, mem_buf, len);
1568 #ifdef CONFIG_USER_ONLY
1569 else if (strncmp(p, "Offsets", 7) == 0) {
1570 CPUArchState *env = s->c_cpu->env_ptr;
1571 TaskState *ts = env->opaque;
1573 snprintf(buf, sizeof(buf),
1574 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1575 ";Bss=" TARGET_ABI_FMT_lx,
1576 ts->info->code_offset,
1577 ts->info->data_offset,
1578 ts->info->data_offset);
1582 #else /* !CONFIG_USER_ONLY */
1583 else if (strncmp(p, "Rcmd,", 5) == 0) {
1584 int len = strlen(p + 5);
1586 if ((len % 2) != 0) {
1587 put_packet(s, "E01");
1590 hextomem(mem_buf, p + 5, len);
1593 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1594 put_packet(s, "OK");
1597 #endif /* !CONFIG_USER_ONLY */
1598 if (strncmp(p, "Supported", 9) == 0) {
1599 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1601 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1607 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1609 target_ulong total_len;
1613 xml = get_feature_xml(p, &p);
1615 snprintf(buf, sizeof(buf), "E00");
1622 addr = strtoul(p, (char **)&p, 16);
1625 len = strtoul(p, (char **)&p, 16);
1627 total_len = strlen(xml);
1628 if (addr > total_len) {
1629 snprintf(buf, sizeof(buf), "E00");
1633 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1634 len = (MAX_PACKET_LENGTH - 5) / 2;
1635 if (len < total_len - addr) {
1637 len = memtox(buf + 1, xml + addr, len);
1640 len = memtox(buf + 1, xml + addr, total_len - addr);
1642 put_packet_binary(s, buf, len + 1);
1646 /* Unrecognised 'q' command. */
1647 goto unknown_command;
1651 /* put empty packet */
1659 void gdb_set_stop_cpu(CPUState *cpu)
1661 gdbserver_state->c_cpu = cpu;
1662 gdbserver_state->g_cpu = cpu;
1665 #ifndef CONFIG_USER_ONLY
1666 static void gdb_vm_state_change(void *opaque, int running, RunState state)
1668 GDBState *s = gdbserver_state;
1669 CPUArchState *env = s->c_cpu->env_ptr;
1670 CPUState *cpu = s->c_cpu;
1675 if (running || s->state == RS_INACTIVE) {
1678 /* Is there a GDB syscall waiting to be sent? */
1679 if (s->current_syscall_cb) {
1680 put_packet(s, s->syscall_buf);
1684 case RUN_STATE_DEBUG:
1685 if (env->watchpoint_hit) {
1686 switch (env->watchpoint_hit->flags & BP_MEM_ACCESS) {
1697 snprintf(buf, sizeof(buf),
1698 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
1699 GDB_SIGNAL_TRAP, cpu_index(cpu), type,
1700 env->watchpoint_hit->vaddr);
1701 env->watchpoint_hit = NULL;
1705 ret = GDB_SIGNAL_TRAP;
1707 case RUN_STATE_PAUSED:
1708 ret = GDB_SIGNAL_INT;
1710 case RUN_STATE_SHUTDOWN:
1711 ret = GDB_SIGNAL_QUIT;
1713 case RUN_STATE_IO_ERROR:
1714 ret = GDB_SIGNAL_IO;
1716 case RUN_STATE_WATCHDOG:
1717 ret = GDB_SIGNAL_ALRM;
1719 case RUN_STATE_INTERNAL_ERROR:
1720 ret = GDB_SIGNAL_ABRT;
1722 case RUN_STATE_SAVE_VM:
1723 case RUN_STATE_RESTORE_VM:
1725 case RUN_STATE_FINISH_MIGRATE:
1726 ret = GDB_SIGNAL_XCPU;
1729 ret = GDB_SIGNAL_UNKNOWN;
1732 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_index(cpu));
1737 /* disable single step if it was enabled */
1738 cpu_single_step(cpu, 0);
1742 /* Send a gdb syscall request.
1743 This accepts limited printf-style format specifiers, specifically:
1744 %x - target_ulong argument printed in hex.
1745 %lx - 64-bit argument printed in hex.
1746 %s - string pointer (target_ulong) and length (int) pair. */
1747 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1756 s = gdbserver_state;
1759 s->current_syscall_cb = cb;
1760 #ifndef CONFIG_USER_ONLY
1761 vm_stop(RUN_STATE_DEBUG);
1765 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
1772 addr = va_arg(va, target_ulong);
1773 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
1776 if (*(fmt++) != 'x')
1778 i64 = va_arg(va, uint64_t);
1779 p += snprintf(p, p_end - p, "%" PRIx64, i64);
1782 addr = va_arg(va, target_ulong);
1783 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
1784 addr, va_arg(va, int));
1788 fprintf(stderr, "gdbstub: Bad syscall format string '%s'\n",
1798 #ifdef CONFIG_USER_ONLY
1799 put_packet(s, s->syscall_buf);
1800 gdb_handlesig(s->c_cpu, 0);
1802 /* In this case wait to send the syscall packet until notification that
1803 the CPU has stopped. This must be done because if the packet is sent
1804 now the reply from the syscall request could be received while the CPU
1805 is still in the running state, which can cause packets to be dropped
1806 and state transition 'T' packets to be sent while the syscall is still
1812 static void gdb_read_byte(GDBState *s, int ch)
1817 #ifndef CONFIG_USER_ONLY
1818 if (s->last_packet_len) {
1819 /* Waiting for a response to the last packet. If we see the start
1820 of a new command then abandon the previous response. */
1823 printf("Got NACK, retransmitting\n");
1825 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
1829 printf("Got ACK\n");
1831 printf("Got '%c' when expecting ACK/NACK\n", ch);
1833 if (ch == '+' || ch == '$')
1834 s->last_packet_len = 0;
1838 if (runstate_is_running()) {
1839 /* when the CPU is running, we cannot do anything except stop
1840 it when receiving a char */
1841 vm_stop(RUN_STATE_PAUSED);
1848 s->line_buf_index = 0;
1849 s->state = RS_GETLINE;
1854 s->state = RS_CHKSUM1;
1855 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1858 s->line_buf[s->line_buf_index++] = ch;
1862 s->line_buf[s->line_buf_index] = '\0';
1863 s->line_csum = fromhex(ch) << 4;
1864 s->state = RS_CHKSUM2;
1867 s->line_csum |= fromhex(ch);
1869 for(i = 0; i < s->line_buf_index; i++) {
1870 csum += s->line_buf[i];
1872 if (s->line_csum != (csum & 0xff)) {
1874 put_buffer(s, &reply, 1);
1878 put_buffer(s, &reply, 1);
1879 s->state = gdb_handle_packet(s, s->line_buf);
1888 /* Tell the remote gdb that the process has exited. */
1889 void gdb_exit(CPUArchState *env, int code)
1894 s = gdbserver_state;
1898 #ifdef CONFIG_USER_ONLY
1899 if (gdbserver_fd < 0 || s->fd < 0) {
1904 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
1907 #ifndef CONFIG_USER_ONLY
1909 qemu_chr_delete(s->chr);
1914 #ifdef CONFIG_USER_ONLY
1920 s = gdbserver_state;
1922 if (gdbserver_fd < 0 || s->fd < 0)
1929 gdb_handlesig(CPUState *cpu, int sig)
1931 CPUArchState *env = cpu->env_ptr;
1936 s = gdbserver_state;
1937 if (gdbserver_fd < 0 || s->fd < 0) {
1941 /* disable single step if it was enabled */
1942 cpu_single_step(cpu, 0);
1946 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
1949 /* put_packet() might have detected that the peer terminated the
1957 s->running_state = 0;
1958 while (s->running_state == 0) {
1959 n = read(s->fd, buf, 256);
1963 for (i = 0; i < n; i++) {
1964 gdb_read_byte(s, buf[i]);
1966 } else if (n == 0 || errno != EAGAIN) {
1967 /* XXX: Connection closed. Should probably wait for another
1968 connection before continuing. */
1977 /* Tell the remote gdb that the process has exited due to SIG. */
1978 void gdb_signalled(CPUArchState *env, int sig)
1983 s = gdbserver_state;
1984 if (gdbserver_fd < 0 || s->fd < 0) {
1988 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
1992 static void gdb_accept(void)
1995 struct sockaddr_in sockaddr;
2000 len = sizeof(sockaddr);
2001 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
2002 if (fd < 0 && errno != EINTR) {
2005 } else if (fd >= 0) {
2007 fcntl(fd, F_SETFD, FD_CLOEXEC);
2013 /* set short latency */
2014 socket_set_nodelay(fd);
2016 s = g_malloc0(sizeof(GDBState));
2017 s->c_cpu = first_cpu;
2018 s->g_cpu = first_cpu;
2022 gdbserver_state = s;
2024 fcntl(fd, F_SETFL, O_NONBLOCK);
2027 static int gdbserver_open(int port)
2029 struct sockaddr_in sockaddr;
2032 fd = socket(PF_INET, SOCK_STREAM, 0);
2038 fcntl(fd, F_SETFD, FD_CLOEXEC);
2041 /* allow fast reuse */
2043 qemu_setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val));
2045 sockaddr.sin_family = AF_INET;
2046 sockaddr.sin_port = htons(port);
2047 sockaddr.sin_addr.s_addr = 0;
2048 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
2054 ret = listen(fd, 0);
2063 int gdbserver_start(int port)
2065 gdbserver_fd = gdbserver_open(port);
2066 if (gdbserver_fd < 0)
2068 /* accept connections */
2073 /* Disable gdb stub for child processes. */
2074 void gdbserver_fork(CPUArchState *env)
2076 GDBState *s = gdbserver_state;
2077 if (gdbserver_fd < 0 || s->fd < 0)
2081 cpu_breakpoint_remove_all(env, BP_GDB);
2082 cpu_watchpoint_remove_all(env, BP_GDB);
2085 static int gdb_chr_can_receive(void *opaque)
2087 /* We can handle an arbitrarily large amount of data.
2088 Pick the maximum packet size, which is as good as anything. */
2089 return MAX_PACKET_LENGTH;
2092 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
2096 for (i = 0; i < size; i++) {
2097 gdb_read_byte(gdbserver_state, buf[i]);
2101 static void gdb_chr_event(void *opaque, int event)
2104 case CHR_EVENT_OPENED:
2105 vm_stop(RUN_STATE_PAUSED);
2113 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
2115 char buf[MAX_PACKET_LENGTH];
2118 if (len > (MAX_PACKET_LENGTH/2) - 1)
2119 len = (MAX_PACKET_LENGTH/2) - 1;
2120 memtohex(buf + 1, (uint8_t *)msg, len);
2124 static int gdb_monitor_write(CharDriverState *chr, const uint8_t *buf, int len)
2126 const char *p = (const char *)buf;
2129 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
2131 if (len <= max_sz) {
2132 gdb_monitor_output(gdbserver_state, p, len);
2135 gdb_monitor_output(gdbserver_state, p, max_sz);
2143 static void gdb_sigterm_handler(int signal)
2145 if (runstate_is_running()) {
2146 vm_stop(RUN_STATE_PAUSED);
2151 int gdbserver_start(const char *device)
2154 char gdbstub_device_name[128];
2155 CharDriverState *chr = NULL;
2156 CharDriverState *mon_chr;
2160 if (strcmp(device, "none") != 0) {
2161 if (strstart(device, "tcp:", NULL)) {
2162 /* enforce required TCP attributes */
2163 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
2164 "%s,nowait,nodelay,server", device);
2165 device = gdbstub_device_name;
2168 else if (strcmp(device, "stdio") == 0) {
2169 struct sigaction act;
2171 memset(&act, 0, sizeof(act));
2172 act.sa_handler = gdb_sigterm_handler;
2173 sigaction(SIGINT, &act, NULL);
2176 chr = qemu_chr_new("gdb", device, NULL);
2180 qemu_chr_fe_claim_no_fail(chr);
2181 qemu_chr_add_handlers(chr, gdb_chr_can_receive, gdb_chr_receive,
2182 gdb_chr_event, NULL);
2185 s = gdbserver_state;
2187 s = g_malloc0(sizeof(GDBState));
2188 gdbserver_state = s;
2190 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
2192 /* Initialize a monitor terminal for gdb */
2193 mon_chr = g_malloc0(sizeof(*mon_chr));
2194 mon_chr->chr_write = gdb_monitor_write;
2195 monitor_init(mon_chr, 0);
2198 qemu_chr_delete(s->chr);
2199 mon_chr = s->mon_chr;
2200 memset(s, 0, sizeof(GDBState));
2202 s->c_cpu = first_cpu;
2203 s->g_cpu = first_cpu;
2205 s->state = chr ? RS_IDLE : RS_INACTIVE;
2206 s->mon_chr = mon_chr;
2207 s->current_syscall_cb = NULL;
projects / sdk / emulator / qemu.git / blob