4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
20 #include "qemu-common.h"
21 #ifdef CONFIG_USER_ONLY
32 #include "monitor/monitor.h"
33 #include "sysemu/char.h"
34 #include "sysemu/sysemu.h"
35 #include "exec/gdbstub.h"
38 #define MAX_PACKET_LENGTH 4096
41 #include "qemu/sockets.h"
42 #include "sysemu/kvm.h"
43 #include "qemu/bitops.h"
45 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
46 uint8_t *buf, int len, bool is_write)
48 CPUClass *cc = CPU_GET_CLASS(cpu);
50 if (cc->memory_rw_debug) {
51 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
53 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
65 GDB_SIGNAL_UNKNOWN = 143
68 #ifdef CONFIG_USER_ONLY
70 /* Map target signal numbers to GDB protocol signal numbers and vice
71 * versa. For user emulation's currently supported systems, we can
72 * assume most signals are defined.
75 static int gdb_signal_table[] = {
235 /* In system mode we only need SIGINT and SIGTRAP; other signals
236 are not yet supported. */
243 static int gdb_signal_table[] = {
253 #ifdef CONFIG_USER_ONLY
254 static int target_signal_to_gdb (int sig)
257 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
258 if (gdb_signal_table[i] == sig)
260 return GDB_SIGNAL_UNKNOWN;
264 static int gdb_signal_to_target (int sig)
266 if (sig < ARRAY_SIZE (gdb_signal_table))
267 return gdb_signal_table[sig];
274 typedef struct GDBRegisterState {
280 struct GDBRegisterState *next;
290 typedef struct GDBState {
291 CPUState *c_cpu; /* current CPU for step/continue ops */
292 CPUState *g_cpu; /* current CPU for other ops */
293 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
294 enum RSState state; /* parsing state */
295 char line_buf[MAX_PACKET_LENGTH];
298 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
301 #ifdef CONFIG_USER_ONLY
305 CharDriverState *chr;
306 CharDriverState *mon_chr;
308 char syscall_buf[256];
309 gdb_syscall_complete_cb current_syscall_cb;
312 /* By default use no IRQs and no timers while single stepping so as to
313 * make single stepping like an ICE HW step.
315 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
317 static GDBState *gdbserver_state;
319 /* This is an ugly hack to cope with both new and old gdb.
320 If gdb sends qXfer:features:read then assume we're talking to a newish
321 gdb that understands target descriptions. */
322 static int gdb_has_xml;
324 #ifdef CONFIG_USER_ONLY
325 /* XXX: This is not thread safe. Do we care? */
326 static int gdbserver_fd = -1;
328 static int get_char(GDBState *s)
334 ret = qemu_recv(s->fd, &ch, 1, 0);
336 if (errno == ECONNRESET)
338 if (errno != EINTR && errno != EAGAIN)
340 } else if (ret == 0) {
358 /* If gdb is connected when the first semihosting syscall occurs then use
359 remote gdb syscalls. Otherwise use native file IO. */
360 int use_gdb_syscalls(void)
362 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
363 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
366 return gdb_syscall_mode == GDB_SYS_ENABLED;
369 /* Resume execution. */
370 static inline void gdb_continue(GDBState *s)
372 #ifdef CONFIG_USER_ONLY
373 s->running_state = 1;
375 if (runstate_check(RUN_STATE_GUEST_PANICKED)) {
376 runstate_set(RUN_STATE_DEBUG);
378 if (!runstate_needs_reset()) {
384 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
386 #ifdef CONFIG_USER_ONLY
390 ret = send(s->fd, buf, len, 0);
392 if (errno != EINTR && errno != EAGAIN)
400 qemu_chr_fe_write(s->chr, buf, len);
404 static inline int fromhex(int v)
406 if (v >= '0' && v <= '9')
408 else if (v >= 'A' && v <= 'F')
410 else if (v >= 'a' && v <= 'f')
416 static inline int tohex(int v)
424 static void memtohex(char *buf, const uint8_t *mem, int len)
429 for(i = 0; i < len; i++) {
431 *q++ = tohex(c >> 4);
432 *q++ = tohex(c & 0xf);
437 static void hextomem(uint8_t *mem, const char *buf, int len)
441 for(i = 0; i < len; i++) {
442 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
447 /* return -1 if error, 0 if OK */
448 static int put_packet_binary(GDBState *s, const char *buf, int len)
459 for(i = 0; i < len; i++) {
463 *(p++) = tohex((csum >> 4) & 0xf);
464 *(p++) = tohex((csum) & 0xf);
466 s->last_packet_len = p - s->last_packet;
467 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
469 #ifdef CONFIG_USER_ONLY
482 /* return -1 if error, 0 if OK */
483 static int put_packet(GDBState *s, const char *buf)
486 printf("reply='%s'\n", buf);
489 return put_packet_binary(s, buf, strlen(buf));
492 /* The GDB remote protocol transfers values in target byte order. This means
493 we can use the raw memory access routines to access the value buffer.
494 Conveniently, these also handle the case where the buffer is mis-aligned.
496 #define GET_REG8(val) do { \
497 stb_p(mem_buf, val); \
500 #define GET_REG16(val) do { \
501 stw_p(mem_buf, val); \
504 #define GET_REG32(val) do { \
505 stl_p(mem_buf, val); \
508 #define GET_REG64(val) do { \
509 stq_p(mem_buf, val); \
513 #if TARGET_LONG_BITS == 64
514 #define GET_REGL(val) GET_REG64(val)
515 #define ldtul_p(addr) ldq_p(addr)
517 #define GET_REGL(val) GET_REG32(val)
518 #define ldtul_p(addr) ldl_p(addr)
521 #if defined(TARGET_I386)
523 #include "target-i386/gdbstub.c"
525 #elif defined (TARGET_PPC)
527 #if defined (TARGET_PPC64)
528 #define GDB_CORE_XML "power64-core.xml"
530 #define GDB_CORE_XML "power-core.xml"
533 #include "target-ppc/gdbstub.c"
535 #elif defined (TARGET_SPARC)
537 #include "target-sparc/gdbstub.c"
539 #elif defined (TARGET_ARM)
541 #define GDB_CORE_XML "arm-core.xml"
543 #include "target-arm/gdbstub.c"
545 #elif defined (TARGET_M68K)
547 #define GDB_CORE_XML "cf-core.xml"
549 #include "target-m68k/gdbstub.c"
551 #elif defined (TARGET_MIPS)
553 #include "target-mips/gdbstub.c"
555 #elif defined(TARGET_OPENRISC)
557 #include "target-openrisc/gdbstub.c"
559 #elif defined (TARGET_SH4)
561 /* Hint: Use "set architecture sh4" in GDB to see fpu registers */
562 /* FIXME: We should use XML for this. */
564 static int cpu_gdb_read_register(CPUSH4State *env, uint8_t *mem_buf, int n)
568 if ((env->sr & (SR_MD | SR_RB)) == (SR_MD | SR_RB)) {
569 GET_REGL(env->gregs[n + 16]);
571 GET_REGL(env->gregs[n]);
574 GET_REGL(env->gregs[n]);
592 GET_REGL(env->fpscr);
594 if (env->fpscr & FPSCR_FR) {
595 stfl_p(mem_buf, env->fregs[n - 9]);
597 stfl_p(mem_buf, env->fregs[n - 25]);
605 GET_REGL(env->gregs[n - 43]);
607 GET_REGL(env->gregs[n - (51 - 16)]);
613 static int cpu_gdb_write_register(CPUSH4State *env, uint8_t *mem_buf, int n)
617 if ((env->sr & (SR_MD | SR_RB)) == (SR_MD | SR_RB)) {
618 env->gregs[n + 16] = ldl_p(mem_buf);
620 env->gregs[n] = ldl_p(mem_buf);
624 env->gregs[n] = ldl_p(mem_buf);
627 env->pc = ldl_p(mem_buf);
630 env->pr = ldl_p(mem_buf);
633 env->gbr = ldl_p(mem_buf);
636 env->vbr = ldl_p(mem_buf);
639 env->mach = ldl_p(mem_buf);
642 env->macl = ldl_p(mem_buf);
645 env->sr = ldl_p(mem_buf);
648 env->fpul = ldl_p(mem_buf);
651 env->fpscr = ldl_p(mem_buf);
654 if (env->fpscr & FPSCR_FR) {
655 env->fregs[n - 9] = ldfl_p(mem_buf);
657 env->fregs[n - 25] = ldfl_p(mem_buf);
661 env->ssr = ldl_p(mem_buf);
664 env->spc = ldl_p(mem_buf);
667 env->gregs[n - 43] = ldl_p(mem_buf);
670 env->gregs[n - (51 - 16)] = ldl_p(mem_buf);
678 #elif defined (TARGET_MICROBLAZE)
680 static int cpu_gdb_read_register(CPUMBState *env, uint8_t *mem_buf, int n)
683 GET_REG32(env->regs[n]);
685 GET_REG32(env->sregs[n - 32]);
690 static int cpu_gdb_write_register(CPUMBState *env, uint8_t *mem_buf, int n)
692 MicroBlazeCPU *cpu = mb_env_get_cpu(env);
693 CPUClass *cc = CPU_GET_CLASS(cpu);
696 if (n > cc->gdb_num_core_regs) {
700 tmp = ldl_p(mem_buf);
705 env->sregs[n - 32] = tmp;
709 #elif defined (TARGET_CRIS)
712 read_register_crisv10(CPUCRISState *env, uint8_t *mem_buf, int n)
715 GET_REG32(env->regs[n]);
725 GET_REG8(env->pregs[n - 16]);
727 GET_REG8(env->pregs[n - 16]);
730 GET_REG16(env->pregs[n - 16]);
733 GET_REG32(env->pregs[n - 16]);
741 static int cpu_gdb_read_register(CPUCRISState *env, uint8_t *mem_buf, int n)
745 if (env->pregs[PR_VR] < 32) {
746 return read_register_crisv10(env, mem_buf, n);
749 srs = env->pregs[PR_SRS];
751 GET_REG32(env->regs[n]);
754 if (n >= 21 && n < 32) {
755 GET_REG32(env->pregs[n - 16]);
757 if (n >= 33 && n < 49) {
758 GET_REG32(env->sregs[srs][n - 33]);
762 GET_REG8(env->pregs[0]);
764 GET_REG8(env->pregs[1]);
766 GET_REG32(env->pregs[2]);
770 GET_REG16(env->pregs[4]);
778 static int cpu_gdb_write_register(CPUCRISState *env, uint8_t *mem_buf, int n)
786 tmp = ldl_p(mem_buf);
792 if (n >= 21 && n < 32) {
793 env->pregs[n - 16] = tmp;
796 /* FIXME: Should support function regs be writable? */
803 env->pregs[PR_PID] = tmp;
816 #elif defined (TARGET_ALPHA)
818 static int cpu_gdb_read_register(CPUAlphaState *env, uint8_t *mem_buf, int n)
828 d.d = env->fir[n - 32];
832 val = cpu_alpha_load_fpcr(env);
842 /* 31 really is the zero register; 65 is unassigned in the
843 gdb protocol, but is still required to occupy 8 bytes. */
852 static int cpu_gdb_write_register(CPUAlphaState *env, uint8_t *mem_buf, int n)
854 target_ulong tmp = ldtul_p(mem_buf);
863 env->fir[n - 32] = d.d;
866 cpu_alpha_store_fpcr(env, tmp);
876 /* 31 really is the zero register; 65 is unassigned in the
877 gdb protocol, but is still required to occupy 8 bytes. */
884 #elif defined (TARGET_S390X)
886 static int cpu_gdb_read_register(CPUS390XState *env, uint8_t *mem_buf, int n)
892 case S390_PSWM_REGNUM:
893 cc_op = calc_cc(env, env->cc_op, env->cc_src, env->cc_dst, env->cc_vr);
894 val = deposit64(env->psw.mask, 44, 2, cc_op);
896 case S390_PSWA_REGNUM:
897 GET_REGL(env->psw.addr);
898 case S390_R0_REGNUM ... S390_R15_REGNUM:
899 GET_REGL(env->regs[n-S390_R0_REGNUM]);
900 case S390_A0_REGNUM ... S390_A15_REGNUM:
901 GET_REG32(env->aregs[n-S390_A0_REGNUM]);
902 case S390_FPC_REGNUM:
904 case S390_F0_REGNUM ... S390_F15_REGNUM:
905 GET_REG64(env->fregs[n-S390_F0_REGNUM].ll);
911 static int cpu_gdb_write_register(CPUS390XState *env, uint8_t *mem_buf, int n)
916 tmpl = ldtul_p(mem_buf);
917 tmp32 = ldl_p(mem_buf);
920 case S390_PSWM_REGNUM:
921 env->psw.mask = tmpl;
922 env->cc_op = extract64(tmpl, 44, 2);
924 case S390_PSWA_REGNUM:
925 env->psw.addr = tmpl;
927 case S390_R0_REGNUM ... S390_R15_REGNUM:
928 env->regs[n-S390_R0_REGNUM] = tmpl;
930 case S390_A0_REGNUM ... S390_A15_REGNUM:
931 env->aregs[n-S390_A0_REGNUM] = tmp32;
934 case S390_FPC_REGNUM:
938 case S390_F0_REGNUM ... S390_F15_REGNUM:
939 env->fregs[n-S390_F0_REGNUM].ll = tmpl;
946 #elif defined (TARGET_LM32)
948 #include "hw/lm32/lm32_pic.h"
950 static int cpu_gdb_read_register(CPULM32State *env, uint8_t *mem_buf, int n)
953 GET_REG32(env->regs[n]);
958 /* FIXME: put in right exception ID */
964 GET_REG32(env->deba);
968 GET_REG32(lm32_pic_get_im(env->pic_state));
970 GET_REG32(lm32_pic_get_ip(env->pic_state));
976 static int cpu_gdb_write_register(CPULM32State *env, uint8_t *mem_buf, int n)
978 LM32CPU *cpu = lm32_env_get_cpu(env);
979 CPUClass *cc = CPU_GET_CLASS(cpu);
982 if (n > cc->gdb_num_core_regs) {
986 tmp = ldl_p(mem_buf);
1005 lm32_pic_set_im(env->pic_state, tmp);
1008 lm32_pic_set_ip(env->pic_state, tmp);
1014 #elif defined(TARGET_XTENSA)
1016 static int cpu_gdb_read_register(CPUXtensaState *env, uint8_t *mem_buf, int n)
1018 const XtensaGdbReg *reg = env->config->gdb_regmap.reg + n;
1020 if (n < 0 || n >= env->config->gdb_regmap.num_regs) {
1024 switch (reg->type) {
1029 xtensa_sync_phys_from_window(env);
1030 GET_REG32(env->phys_regs[(reg->targno & 0xff) % env->config->nareg]);
1033 GET_REG32(env->sregs[reg->targno & 0xff]);
1036 GET_REG32(env->uregs[reg->targno & 0xff]);
1039 GET_REG32(float32_val(env->fregs[reg->targno & 0x0f]));
1042 GET_REG32(env->regs[reg->targno & 0x0f]);
1045 qemu_log("%s from reg %d of unsupported type %d\n",
1046 __func__, n, reg->type);
1051 static int cpu_gdb_write_register(CPUXtensaState *env, uint8_t *mem_buf, int n)
1054 const XtensaGdbReg *reg = env->config->gdb_regmap.reg + n;
1056 if (n < 0 || n >= env->config->gdb_regmap.num_regs) {
1060 tmp = ldl_p(mem_buf);
1062 switch (reg->type) {
1068 env->phys_regs[(reg->targno & 0xff) % env->config->nareg] = tmp;
1069 xtensa_sync_window_from_phys(env);
1073 env->sregs[reg->targno & 0xff] = tmp;
1077 env->uregs[reg->targno & 0xff] = tmp;
1081 env->fregs[reg->targno & 0x0f] = make_float32(tmp);
1085 env->regs[reg->targno & 0x0f] = tmp;
1089 qemu_log("%s to reg %d of unsupported type %d\n",
1090 __func__, n, reg->type);
1098 static int cpu_gdb_read_register(CPUArchState *env, uint8_t *mem_buf, int n)
1103 static int cpu_gdb_write_register(CPUArchState *env, uint8_t *mem_buf, int n)
1111 /* Encode data using the encoding for 'x' packets. */
1112 static int memtox(char *buf, const char *mem, int len)
1120 case '#': case '$': case '*': case '}':
1132 static const char *get_feature_xml(const char *p, const char **newp)
1137 static char target_xml[1024];
1140 while (p[len] && p[len] != ':')
1145 if (strncmp(p, "target.xml", len) == 0) {
1146 /* Generate the XML description for this CPU. */
1147 if (!target_xml[0]) {
1148 GDBRegisterState *r;
1149 CPUState *cpu = first_cpu;
1151 snprintf(target_xml, sizeof(target_xml),
1152 "<?xml version=\"1.0\"?>"
1153 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
1155 "<xi:include href=\"%s\"/>",
1158 for (r = cpu->gdb_regs; r; r = r->next) {
1159 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
1160 pstrcat(target_xml, sizeof(target_xml), r->xml);
1161 pstrcat(target_xml, sizeof(target_xml), "\"/>");
1163 pstrcat(target_xml, sizeof(target_xml), "</target>");
1167 for (i = 0; ; i++) {
1168 name = xml_builtin[i][0];
1169 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
1172 return name ? xml_builtin[i][1] : NULL;
1176 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
1178 CPUClass *cc = CPU_GET_CLASS(cpu);
1179 CPUArchState *env = cpu->env_ptr;
1180 GDBRegisterState *r;
1182 if (reg < cc->gdb_num_core_regs) {
1183 return cpu_gdb_read_register(env, mem_buf, reg);
1186 for (r = cpu->gdb_regs; r; r = r->next) {
1187 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
1188 return r->get_reg(env, mem_buf, reg - r->base_reg);
1194 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
1196 CPUClass *cc = CPU_GET_CLASS(cpu);
1197 CPUArchState *env = cpu->env_ptr;
1198 GDBRegisterState *r;
1200 if (reg < cc->gdb_num_core_regs) {
1201 return cpu_gdb_write_register(env, mem_buf, reg);
1204 for (r = cpu->gdb_regs; r; r = r->next) {
1205 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
1206 return r->set_reg(env, mem_buf, reg - r->base_reg);
1212 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
1213 specifies the first register number and these registers are included in
1214 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
1215 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
1218 void gdb_register_coprocessor(CPUState *cpu,
1219 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
1220 int num_regs, const char *xml, int g_pos)
1222 GDBRegisterState *s;
1223 GDBRegisterState **p;
1227 /* Check for duplicates. */
1228 if (strcmp((*p)->xml, xml) == 0)
1233 s = g_new0(GDBRegisterState, 1);
1234 s->base_reg = cpu->gdb_num_regs;
1235 s->num_regs = num_regs;
1236 s->get_reg = get_reg;
1237 s->set_reg = set_reg;
1240 /* Add to end of list. */
1241 cpu->gdb_num_regs += num_regs;
1244 if (g_pos != s->base_reg) {
1245 fprintf(stderr, "Error: Bad gdb register numbering for '%s'\n"
1246 "Expected %d got %d\n", xml, g_pos, s->base_reg);
1251 #ifndef CONFIG_USER_ONLY
1252 static const int xlat_gdb_type[] = {
1253 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
1254 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
1255 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
1259 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
1265 if (kvm_enabled()) {
1266 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
1270 case GDB_BREAKPOINT_SW:
1271 case GDB_BREAKPOINT_HW:
1272 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
1274 err = cpu_breakpoint_insert(env, addr, BP_GDB, NULL);
1279 #ifndef CONFIG_USER_ONLY
1280 case GDB_WATCHPOINT_WRITE:
1281 case GDB_WATCHPOINT_READ:
1282 case GDB_WATCHPOINT_ACCESS:
1283 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
1285 err = cpu_watchpoint_insert(env, addr, len, xlat_gdb_type[type],
1297 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
1303 if (kvm_enabled()) {
1304 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
1308 case GDB_BREAKPOINT_SW:
1309 case GDB_BREAKPOINT_HW:
1310 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
1312 err = cpu_breakpoint_remove(env, addr, BP_GDB);
1317 #ifndef CONFIG_USER_ONLY
1318 case GDB_WATCHPOINT_WRITE:
1319 case GDB_WATCHPOINT_READ:
1320 case GDB_WATCHPOINT_ACCESS:
1321 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
1323 err = cpu_watchpoint_remove(env, addr, len, xlat_gdb_type[type]);
1334 static void gdb_breakpoint_remove_all(void)
1339 if (kvm_enabled()) {
1340 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
1344 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
1346 cpu_breakpoint_remove_all(env, BP_GDB);
1347 #ifndef CONFIG_USER_ONLY
1348 cpu_watchpoint_remove_all(env, BP_GDB);
1353 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
1355 CPUState *cpu = s->c_cpu;
1356 CPUClass *cc = CPU_GET_CLASS(cpu);
1358 cpu_synchronize_state(cpu);
1360 cc->set_pc(cpu, pc);
1364 static CPUState *find_cpu(uint32_t thread_id)
1368 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
1369 if (cpu_index(cpu) == thread_id) {
1377 static int gdb_handle_packet(GDBState *s, const char *line_buf)
1382 int ch, reg_size, type, res;
1383 char buf[MAX_PACKET_LENGTH];
1384 uint8_t mem_buf[MAX_PACKET_LENGTH];
1386 target_ulong addr, len;
1389 printf("command='%s'\n", line_buf);
1395 /* TODO: Make this return the correct value for user-mode. */
1396 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
1397 cpu_index(s->c_cpu));
1399 /* Remove all the breakpoints when this query is issued,
1400 * because gdb is doing and initial connect and the state
1401 * should be cleaned up.
1403 gdb_breakpoint_remove_all();
1407 addr = strtoull(p, (char **)&p, 16);
1408 gdb_set_cpu_pc(s, addr);
1414 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
1415 if (s->signal == -1)
1420 if (strncmp(p, "Cont", 4) == 0) {
1421 int res_signal, res_thread;
1425 put_packet(s, "vCont;c;C;s;S");
1440 if (action == 'C' || action == 'S') {
1441 signal = strtoul(p, (char **)&p, 16);
1442 } else if (action != 'c' && action != 's') {
1448 thread = strtoull(p+1, (char **)&p, 16);
1450 action = tolower(action);
1451 if (res == 0 || (res == 'c' && action == 's')) {
1453 res_signal = signal;
1454 res_thread = thread;
1458 if (res_thread != -1 && res_thread != 0) {
1459 cpu = find_cpu(res_thread);
1461 put_packet(s, "E22");
1467 cpu_single_step(s->c_cpu, sstep_flags);
1469 s->signal = res_signal;
1475 goto unknown_command;
1478 #ifdef CONFIG_USER_ONLY
1479 /* Kill the target */
1480 fprintf(stderr, "\nQEMU: Terminated via GDBstub\n");
1485 gdb_breakpoint_remove_all();
1486 gdb_syscall_mode = GDB_SYS_DISABLED;
1488 put_packet(s, "OK");
1492 addr = strtoull(p, (char **)&p, 16);
1493 gdb_set_cpu_pc(s, addr);
1495 cpu_single_step(s->c_cpu, sstep_flags);
1503 ret = strtoull(p, (char **)&p, 16);
1506 err = strtoull(p, (char **)&p, 16);
1513 if (s->current_syscall_cb) {
1514 s->current_syscall_cb(s->c_cpu, ret, err);
1515 s->current_syscall_cb = NULL;
1518 put_packet(s, "T02");
1525 cpu_synchronize_state(s->g_cpu);
1527 for (addr = 0; addr < s->g_cpu->gdb_num_regs; addr++) {
1528 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
1531 memtohex(buf, mem_buf, len);
1535 cpu_synchronize_state(s->g_cpu);
1536 registers = mem_buf;
1537 len = strlen(p) / 2;
1538 hextomem((uint8_t *)registers, p, len);
1539 for (addr = 0; addr < s->g_cpu->gdb_num_regs && len > 0; addr++) {
1540 reg_size = gdb_write_register(s->g_cpu, registers, addr);
1542 registers += reg_size;
1544 put_packet(s, "OK");
1547 addr = strtoull(p, (char **)&p, 16);
1550 len = strtoull(p, NULL, 16);
1551 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
1552 put_packet (s, "E14");
1554 memtohex(buf, mem_buf, len);
1559 addr = strtoull(p, (char **)&p, 16);
1562 len = strtoull(p, (char **)&p, 16);
1565 hextomem(mem_buf, p, len);
1566 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
1568 put_packet(s, "E14");
1570 put_packet(s, "OK");
1574 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1575 This works, but can be very slow. Anything new enough to
1576 understand XML also knows how to use this properly. */
1578 goto unknown_command;
1579 addr = strtoull(p, (char **)&p, 16);
1580 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1582 memtohex(buf, mem_buf, reg_size);
1585 put_packet(s, "E14");
1590 goto unknown_command;
1591 addr = strtoull(p, (char **)&p, 16);
1594 reg_size = strlen(p) / 2;
1595 hextomem(mem_buf, p, reg_size);
1596 gdb_write_register(s->g_cpu, mem_buf, addr);
1597 put_packet(s, "OK");
1601 type = strtoul(p, (char **)&p, 16);
1604 addr = strtoull(p, (char **)&p, 16);
1607 len = strtoull(p, (char **)&p, 16);
1609 res = gdb_breakpoint_insert(addr, len, type);
1611 res = gdb_breakpoint_remove(addr, len, type);
1613 put_packet(s, "OK");
1614 else if (res == -ENOSYS)
1617 put_packet(s, "E22");
1621 thread = strtoull(p, (char **)&p, 16);
1622 if (thread == -1 || thread == 0) {
1623 put_packet(s, "OK");
1626 cpu = find_cpu(thread);
1628 put_packet(s, "E22");
1634 put_packet(s, "OK");
1638 put_packet(s, "OK");
1641 put_packet(s, "E22");
1646 thread = strtoull(p, (char **)&p, 16);
1647 cpu = find_cpu(thread);
1650 put_packet(s, "OK");
1652 put_packet(s, "E22");
1657 /* parse any 'q' packets here */
1658 if (!strcmp(p,"qemu.sstepbits")) {
1659 /* Query Breakpoint bit definitions */
1660 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1666 } else if (strncmp(p,"qemu.sstep",10) == 0) {
1667 /* Display or change the sstep_flags */
1670 /* Display current setting */
1671 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1676 type = strtoul(p, (char **)&p, 16);
1678 put_packet(s, "OK");
1680 } else if (strcmp(p,"C") == 0) {
1681 /* "Current thread" remains vague in the spec, so always return
1682 * the first CPU (gdb returns the first thread). */
1683 put_packet(s, "QC1");
1685 } else if (strcmp(p,"fThreadInfo") == 0) {
1686 s->query_cpu = first_cpu;
1687 goto report_cpuinfo;
1688 } else if (strcmp(p,"sThreadInfo") == 0) {
1691 snprintf(buf, sizeof(buf), "m%x", cpu_index(s->query_cpu));
1693 s->query_cpu = s->query_cpu->next_cpu;
1697 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1698 thread = strtoull(p+16, (char **)&p, 16);
1699 cpu = find_cpu(thread);
1701 cpu_synchronize_state(cpu);
1702 len = snprintf((char *)mem_buf, sizeof(mem_buf),
1703 "CPU#%d [%s]", cpu->cpu_index,
1704 cpu->halted ? "halted " : "running");
1705 memtohex(buf, mem_buf, len);
1710 #ifdef CONFIG_USER_ONLY
1711 else if (strncmp(p, "Offsets", 7) == 0) {
1712 CPUArchState *env = s->c_cpu->env_ptr;
1713 TaskState *ts = env->opaque;
1715 snprintf(buf, sizeof(buf),
1716 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1717 ";Bss=" TARGET_ABI_FMT_lx,
1718 ts->info->code_offset,
1719 ts->info->data_offset,
1720 ts->info->data_offset);
1724 #else /* !CONFIG_USER_ONLY */
1725 else if (strncmp(p, "Rcmd,", 5) == 0) {
1726 int len = strlen(p + 5);
1728 if ((len % 2) != 0) {
1729 put_packet(s, "E01");
1732 hextomem(mem_buf, p + 5, len);
1735 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1736 put_packet(s, "OK");
1739 #endif /* !CONFIG_USER_ONLY */
1740 if (strncmp(p, "Supported", 9) == 0) {
1741 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1743 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1749 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1751 target_ulong total_len;
1755 xml = get_feature_xml(p, &p);
1757 snprintf(buf, sizeof(buf), "E00");
1764 addr = strtoul(p, (char **)&p, 16);
1767 len = strtoul(p, (char **)&p, 16);
1769 total_len = strlen(xml);
1770 if (addr > total_len) {
1771 snprintf(buf, sizeof(buf), "E00");
1775 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1776 len = (MAX_PACKET_LENGTH - 5) / 2;
1777 if (len < total_len - addr) {
1779 len = memtox(buf + 1, xml + addr, len);
1782 len = memtox(buf + 1, xml + addr, total_len - addr);
1784 put_packet_binary(s, buf, len + 1);
1788 /* Unrecognised 'q' command. */
1789 goto unknown_command;
1793 /* put empty packet */
1801 void gdb_set_stop_cpu(CPUState *cpu)
1803 gdbserver_state->c_cpu = cpu;
1804 gdbserver_state->g_cpu = cpu;
1807 #ifndef CONFIG_USER_ONLY
1808 static void gdb_vm_state_change(void *opaque, int running, RunState state)
1810 GDBState *s = gdbserver_state;
1811 CPUArchState *env = s->c_cpu->env_ptr;
1812 CPUState *cpu = s->c_cpu;
1817 if (running || s->state == RS_INACTIVE) {
1820 /* Is there a GDB syscall waiting to be sent? */
1821 if (s->current_syscall_cb) {
1822 put_packet(s, s->syscall_buf);
1826 case RUN_STATE_DEBUG:
1827 if (env->watchpoint_hit) {
1828 switch (env->watchpoint_hit->flags & BP_MEM_ACCESS) {
1839 snprintf(buf, sizeof(buf),
1840 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
1841 GDB_SIGNAL_TRAP, cpu_index(cpu), type,
1842 env->watchpoint_hit->vaddr);
1843 env->watchpoint_hit = NULL;
1847 ret = GDB_SIGNAL_TRAP;
1849 case RUN_STATE_PAUSED:
1850 ret = GDB_SIGNAL_INT;
1852 case RUN_STATE_SHUTDOWN:
1853 ret = GDB_SIGNAL_QUIT;
1855 case RUN_STATE_IO_ERROR:
1856 ret = GDB_SIGNAL_IO;
1858 case RUN_STATE_WATCHDOG:
1859 ret = GDB_SIGNAL_ALRM;
1861 case RUN_STATE_INTERNAL_ERROR:
1862 ret = GDB_SIGNAL_ABRT;
1864 case RUN_STATE_SAVE_VM:
1865 case RUN_STATE_RESTORE_VM:
1867 case RUN_STATE_FINISH_MIGRATE:
1868 ret = GDB_SIGNAL_XCPU;
1871 ret = GDB_SIGNAL_UNKNOWN;
1874 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_index(cpu));
1879 /* disable single step if it was enabled */
1880 cpu_single_step(cpu, 0);
1884 /* Send a gdb syscall request.
1885 This accepts limited printf-style format specifiers, specifically:
1886 %x - target_ulong argument printed in hex.
1887 %lx - 64-bit argument printed in hex.
1888 %s - string pointer (target_ulong) and length (int) pair. */
1889 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1898 s = gdbserver_state;
1901 s->current_syscall_cb = cb;
1902 #ifndef CONFIG_USER_ONLY
1903 vm_stop(RUN_STATE_DEBUG);
1907 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
1914 addr = va_arg(va, target_ulong);
1915 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
1918 if (*(fmt++) != 'x')
1920 i64 = va_arg(va, uint64_t);
1921 p += snprintf(p, p_end - p, "%" PRIx64, i64);
1924 addr = va_arg(va, target_ulong);
1925 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
1926 addr, va_arg(va, int));
1930 fprintf(stderr, "gdbstub: Bad syscall format string '%s'\n",
1940 #ifdef CONFIG_USER_ONLY
1941 put_packet(s, s->syscall_buf);
1942 gdb_handlesig(s->c_cpu, 0);
1944 /* In this case wait to send the syscall packet until notification that
1945 the CPU has stopped. This must be done because if the packet is sent
1946 now the reply from the syscall request could be received while the CPU
1947 is still in the running state, which can cause packets to be dropped
1948 and state transition 'T' packets to be sent while the syscall is still
1954 static void gdb_read_byte(GDBState *s, int ch)
1959 #ifndef CONFIG_USER_ONLY
1960 if (s->last_packet_len) {
1961 /* Waiting for a response to the last packet. If we see the start
1962 of a new command then abandon the previous response. */
1965 printf("Got NACK, retransmitting\n");
1967 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
1971 printf("Got ACK\n");
1973 printf("Got '%c' when expecting ACK/NACK\n", ch);
1975 if (ch == '+' || ch == '$')
1976 s->last_packet_len = 0;
1980 if (runstate_is_running()) {
1981 /* when the CPU is running, we cannot do anything except stop
1982 it when receiving a char */
1983 vm_stop(RUN_STATE_PAUSED);
1990 s->line_buf_index = 0;
1991 s->state = RS_GETLINE;
1996 s->state = RS_CHKSUM1;
1997 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
2000 s->line_buf[s->line_buf_index++] = ch;
2004 s->line_buf[s->line_buf_index] = '\0';
2005 s->line_csum = fromhex(ch) << 4;
2006 s->state = RS_CHKSUM2;
2009 s->line_csum |= fromhex(ch);
2011 for(i = 0; i < s->line_buf_index; i++) {
2012 csum += s->line_buf[i];
2014 if (s->line_csum != (csum & 0xff)) {
2016 put_buffer(s, &reply, 1);
2020 put_buffer(s, &reply, 1);
2021 s->state = gdb_handle_packet(s, s->line_buf);
2030 /* Tell the remote gdb that the process has exited. */
2031 void gdb_exit(CPUArchState *env, int code)
2036 s = gdbserver_state;
2040 #ifdef CONFIG_USER_ONLY
2041 if (gdbserver_fd < 0 || s->fd < 0) {
2046 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
2049 #ifndef CONFIG_USER_ONLY
2051 qemu_chr_delete(s->chr);
2056 #ifdef CONFIG_USER_ONLY
2062 s = gdbserver_state;
2064 if (gdbserver_fd < 0 || s->fd < 0)
2071 gdb_handlesig(CPUState *cpu, int sig)
2073 CPUArchState *env = cpu->env_ptr;
2078 s = gdbserver_state;
2079 if (gdbserver_fd < 0 || s->fd < 0) {
2083 /* disable single step if it was enabled */
2084 cpu_single_step(cpu, 0);
2088 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
2091 /* put_packet() might have detected that the peer terminated the
2099 s->running_state = 0;
2100 while (s->running_state == 0) {
2101 n = read(s->fd, buf, 256);
2105 for (i = 0; i < n; i++) {
2106 gdb_read_byte(s, buf[i]);
2108 } else if (n == 0 || errno != EAGAIN) {
2109 /* XXX: Connection closed. Should probably wait for another
2110 connection before continuing. */
2119 /* Tell the remote gdb that the process has exited due to SIG. */
2120 void gdb_signalled(CPUArchState *env, int sig)
2125 s = gdbserver_state;
2126 if (gdbserver_fd < 0 || s->fd < 0) {
2130 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
2134 static void gdb_accept(void)
2137 struct sockaddr_in sockaddr;
2142 len = sizeof(sockaddr);
2143 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
2144 if (fd < 0 && errno != EINTR) {
2147 } else if (fd >= 0) {
2149 fcntl(fd, F_SETFD, FD_CLOEXEC);
2155 /* set short latency */
2156 socket_set_nodelay(fd);
2158 s = g_malloc0(sizeof(GDBState));
2159 s->c_cpu = first_cpu;
2160 s->g_cpu = first_cpu;
2164 gdbserver_state = s;
2166 fcntl(fd, F_SETFL, O_NONBLOCK);
2169 static int gdbserver_open(int port)
2171 struct sockaddr_in sockaddr;
2174 fd = socket(PF_INET, SOCK_STREAM, 0);
2180 fcntl(fd, F_SETFD, FD_CLOEXEC);
2183 /* allow fast reuse */
2185 qemu_setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val));
2187 sockaddr.sin_family = AF_INET;
2188 sockaddr.sin_port = htons(port);
2189 sockaddr.sin_addr.s_addr = 0;
2190 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
2196 ret = listen(fd, 0);
2205 int gdbserver_start(int port)
2207 gdbserver_fd = gdbserver_open(port);
2208 if (gdbserver_fd < 0)
2210 /* accept connections */
2215 /* Disable gdb stub for child processes. */
2216 void gdbserver_fork(CPUArchState *env)
2218 GDBState *s = gdbserver_state;
2219 if (gdbserver_fd < 0 || s->fd < 0)
2223 cpu_breakpoint_remove_all(env, BP_GDB);
2224 cpu_watchpoint_remove_all(env, BP_GDB);
2227 static int gdb_chr_can_receive(void *opaque)
2229 /* We can handle an arbitrarily large amount of data.
2230 Pick the maximum packet size, which is as good as anything. */
2231 return MAX_PACKET_LENGTH;
2234 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
2238 for (i = 0; i < size; i++) {
2239 gdb_read_byte(gdbserver_state, buf[i]);
2243 static void gdb_chr_event(void *opaque, int event)
2246 case CHR_EVENT_OPENED:
2247 vm_stop(RUN_STATE_PAUSED);
2255 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
2257 char buf[MAX_PACKET_LENGTH];
2260 if (len > (MAX_PACKET_LENGTH/2) - 1)
2261 len = (MAX_PACKET_LENGTH/2) - 1;
2262 memtohex(buf + 1, (uint8_t *)msg, len);
2266 static int gdb_monitor_write(CharDriverState *chr, const uint8_t *buf, int len)
2268 const char *p = (const char *)buf;
2271 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
2273 if (len <= max_sz) {
2274 gdb_monitor_output(gdbserver_state, p, len);
2277 gdb_monitor_output(gdbserver_state, p, max_sz);
2285 static void gdb_sigterm_handler(int signal)
2287 if (runstate_is_running()) {
2288 vm_stop(RUN_STATE_PAUSED);
2293 int gdbserver_start(const char *device)
2296 char gdbstub_device_name[128];
2297 CharDriverState *chr = NULL;
2298 CharDriverState *mon_chr;
2302 if (strcmp(device, "none") != 0) {
2303 if (strstart(device, "tcp:", NULL)) {
2304 /* enforce required TCP attributes */
2305 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
2306 "%s,nowait,nodelay,server", device);
2307 device = gdbstub_device_name;
2310 else if (strcmp(device, "stdio") == 0) {
2311 struct sigaction act;
2313 memset(&act, 0, sizeof(act));
2314 act.sa_handler = gdb_sigterm_handler;
2315 sigaction(SIGINT, &act, NULL);
2318 chr = qemu_chr_new("gdb", device, NULL);
2322 qemu_chr_fe_claim_no_fail(chr);
2323 qemu_chr_add_handlers(chr, gdb_chr_can_receive, gdb_chr_receive,
2324 gdb_chr_event, NULL);
2327 s = gdbserver_state;
2329 s = g_malloc0(sizeof(GDBState));
2330 gdbserver_state = s;
2332 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
2334 /* Initialize a monitor terminal for gdb */
2335 mon_chr = g_malloc0(sizeof(*mon_chr));
2336 mon_chr->chr_write = gdb_monitor_write;
2337 monitor_init(mon_chr, 0);
2340 qemu_chr_delete(s->chr);
2341 mon_chr = s->mon_chr;
2342 memset(s, 0, sizeof(GDBState));
2344 s->c_cpu = first_cpu;
2345 s->g_cpu = first_cpu;
2347 s->state = chr ? RS_IDLE : RS_INACTIVE;
2348 s->mon_chr = mon_chr;
2349 s->current_syscall_cb = NULL;
projects / sdk / emulator / qemu.git / blob