4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
20 #include "qemu-common.h"
21 #ifdef CONFIG_USER_ONLY
32 #include "monitor/monitor.h"
33 #include "sysemu/char.h"
34 #include "sysemu/sysemu.h"
35 #include "exec/gdbstub.h"
38 #define MAX_PACKET_LENGTH 4096
41 #include "qemu/sockets.h"
42 #include "sysemu/kvm.h"
44 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
45 uint8_t *buf, int len, bool is_write)
47 CPUClass *cc = CPU_GET_CLASS(cpu);
49 if (cc->memory_rw_debug) {
50 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
52 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
64 GDB_SIGNAL_UNKNOWN = 143
67 #ifdef CONFIG_USER_ONLY
69 /* Map target signal numbers to GDB protocol signal numbers and vice
70 * versa. For user emulation's currently supported systems, we can
71 * assume most signals are defined.
74 static int gdb_signal_table[] = {
234 /* In system mode we only need SIGINT and SIGTRAP; other signals
235 are not yet supported. */
242 static int gdb_signal_table[] = {
252 #ifdef CONFIG_USER_ONLY
253 static int target_signal_to_gdb (int sig)
256 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
257 if (gdb_signal_table[i] == sig)
259 return GDB_SIGNAL_UNKNOWN;
263 static int gdb_signal_to_target (int sig)
265 if (sig < ARRAY_SIZE (gdb_signal_table))
266 return gdb_signal_table[sig];
273 typedef struct GDBRegisterState {
279 struct GDBRegisterState *next;
289 typedef struct GDBState {
290 CPUState *c_cpu; /* current CPU for step/continue ops */
291 CPUState *g_cpu; /* current CPU for other ops */
292 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
293 enum RSState state; /* parsing state */
294 char line_buf[MAX_PACKET_LENGTH];
297 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
300 #ifdef CONFIG_USER_ONLY
304 CharDriverState *chr;
305 CharDriverState *mon_chr;
307 char syscall_buf[256];
308 gdb_syscall_complete_cb current_syscall_cb;
311 /* By default use no IRQs and no timers while single stepping so as to
312 * make single stepping like an ICE HW step.
314 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
316 static GDBState *gdbserver_state;
320 #ifdef CONFIG_USER_ONLY
321 /* XXX: This is not thread safe. Do we care? */
322 static int gdbserver_fd = -1;
324 static int get_char(GDBState *s)
330 ret = qemu_recv(s->fd, &ch, 1, 0);
332 if (errno == ECONNRESET)
334 if (errno != EINTR && errno != EAGAIN)
336 } else if (ret == 0) {
354 /* If gdb is connected when the first semihosting syscall occurs then use
355 remote gdb syscalls. Otherwise use native file IO. */
356 int use_gdb_syscalls(void)
358 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
359 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
362 return gdb_syscall_mode == GDB_SYS_ENABLED;
365 /* Resume execution. */
366 static inline void gdb_continue(GDBState *s)
368 #ifdef CONFIG_USER_ONLY
369 s->running_state = 1;
371 if (runstate_check(RUN_STATE_GUEST_PANICKED)) {
372 runstate_set(RUN_STATE_DEBUG);
374 if (!runstate_needs_reset()) {
380 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
382 #ifdef CONFIG_USER_ONLY
386 ret = send(s->fd, buf, len, 0);
388 if (errno != EINTR && errno != EAGAIN)
396 qemu_chr_fe_write(s->chr, buf, len);
400 static inline int fromhex(int v)
402 if (v >= '0' && v <= '9')
404 else if (v >= 'A' && v <= 'F')
406 else if (v >= 'a' && v <= 'f')
412 static inline int tohex(int v)
420 static void memtohex(char *buf, const uint8_t *mem, int len)
425 for(i = 0; i < len; i++) {
427 *q++ = tohex(c >> 4);
428 *q++ = tohex(c & 0xf);
433 static void hextomem(uint8_t *mem, const char *buf, int len)
437 for(i = 0; i < len; i++) {
438 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
443 /* return -1 if error, 0 if OK */
444 static int put_packet_binary(GDBState *s, const char *buf, int len)
455 for(i = 0; i < len; i++) {
459 *(p++) = tohex((csum >> 4) & 0xf);
460 *(p++) = tohex((csum) & 0xf);
462 s->last_packet_len = p - s->last_packet;
463 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
465 #ifdef CONFIG_USER_ONLY
478 /* return -1 if error, 0 if OK */
479 static int put_packet(GDBState *s, const char *buf)
482 printf("reply='%s'\n", buf);
485 return put_packet_binary(s, buf, strlen(buf));
488 /* Encode data using the encoding for 'x' packets. */
489 static int memtox(char *buf, const char *mem, int len)
497 case '#': case '$': case '*': case '}':
509 static const char *get_feature_xml(const char *p, const char **newp,
515 static char target_xml[1024];
518 while (p[len] && p[len] != ':')
523 if (strncmp(p, "target.xml", len) == 0) {
524 /* Generate the XML description for this CPU. */
525 if (!target_xml[0]) {
527 CPUState *cpu = first_cpu;
529 snprintf(target_xml, sizeof(target_xml),
530 "<?xml version=\"1.0\"?>"
531 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
533 "<xi:include href=\"%s\"/>",
534 cc->gdb_core_xml_file);
536 for (r = cpu->gdb_regs; r; r = r->next) {
537 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
538 pstrcat(target_xml, sizeof(target_xml), r->xml);
539 pstrcat(target_xml, sizeof(target_xml), "\"/>");
541 pstrcat(target_xml, sizeof(target_xml), "</target>");
546 name = xml_builtin[i][0];
547 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
550 return name ? xml_builtin[i][1] : NULL;
553 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
555 CPUClass *cc = CPU_GET_CLASS(cpu);
556 CPUArchState *env = cpu->env_ptr;
559 if (reg < cc->gdb_num_core_regs) {
560 return cc->gdb_read_register(cpu, mem_buf, reg);
563 for (r = cpu->gdb_regs; r; r = r->next) {
564 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
565 return r->get_reg(env, mem_buf, reg - r->base_reg);
571 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
573 CPUClass *cc = CPU_GET_CLASS(cpu);
574 CPUArchState *env = cpu->env_ptr;
577 if (reg < cc->gdb_num_core_regs) {
578 return cc->gdb_write_register(cpu, mem_buf, reg);
581 for (r = cpu->gdb_regs; r; r = r->next) {
582 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
583 return r->set_reg(env, mem_buf, reg - r->base_reg);
589 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
590 specifies the first register number and these registers are included in
591 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
592 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
595 void gdb_register_coprocessor(CPUState *cpu,
596 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
597 int num_regs, const char *xml, int g_pos)
600 GDBRegisterState **p;
604 /* Check for duplicates. */
605 if (strcmp((*p)->xml, xml) == 0)
610 s = g_new0(GDBRegisterState, 1);
611 s->base_reg = cpu->gdb_num_regs;
612 s->num_regs = num_regs;
613 s->get_reg = get_reg;
614 s->set_reg = set_reg;
617 /* Add to end of list. */
618 cpu->gdb_num_regs += num_regs;
621 if (g_pos != s->base_reg) {
622 fprintf(stderr, "Error: Bad gdb register numbering for '%s'\n"
623 "Expected %d got %d\n", xml, g_pos, s->base_reg);
625 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
630 #ifndef CONFIG_USER_ONLY
631 static const int xlat_gdb_type[] = {
632 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
633 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
634 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
638 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
645 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
649 case GDB_BREAKPOINT_SW:
650 case GDB_BREAKPOINT_HW:
653 err = cpu_breakpoint_insert(env, addr, BP_GDB, NULL);
658 #ifndef CONFIG_USER_ONLY
659 case GDB_WATCHPOINT_WRITE:
660 case GDB_WATCHPOINT_READ:
661 case GDB_WATCHPOINT_ACCESS:
664 err = cpu_watchpoint_insert(env, addr, len, xlat_gdb_type[type],
676 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
683 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
687 case GDB_BREAKPOINT_SW:
688 case GDB_BREAKPOINT_HW:
691 err = cpu_breakpoint_remove(env, addr, BP_GDB);
696 #ifndef CONFIG_USER_ONLY
697 case GDB_WATCHPOINT_WRITE:
698 case GDB_WATCHPOINT_READ:
699 case GDB_WATCHPOINT_ACCESS:
702 err = cpu_watchpoint_remove(env, addr, len, xlat_gdb_type[type]);
713 static void gdb_breakpoint_remove_all(void)
719 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
725 cpu_breakpoint_remove_all(env, BP_GDB);
726 #ifndef CONFIG_USER_ONLY
727 cpu_watchpoint_remove_all(env, BP_GDB);
732 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
734 CPUState *cpu = s->c_cpu;
735 CPUClass *cc = CPU_GET_CLASS(cpu);
737 cpu_synchronize_state(cpu);
743 static CPUState *find_cpu(uint32_t thread_id)
748 if (cpu_index(cpu) == thread_id) {
756 static int gdb_handle_packet(GDBState *s, const char *line_buf)
762 int ch, reg_size, type, res;
763 char buf[MAX_PACKET_LENGTH];
764 uint8_t mem_buf[MAX_PACKET_LENGTH];
766 target_ulong addr, len;
769 printf("command='%s'\n", line_buf);
775 /* TODO: Make this return the correct value for user-mode. */
776 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
777 cpu_index(s->c_cpu));
779 /* Remove all the breakpoints when this query is issued,
780 * because gdb is doing and initial connect and the state
781 * should be cleaned up.
783 gdb_breakpoint_remove_all();
787 addr = strtoull(p, (char **)&p, 16);
788 gdb_set_cpu_pc(s, addr);
794 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
800 if (strncmp(p, "Cont", 4) == 0) {
801 int res_signal, res_thread;
805 put_packet(s, "vCont;c;C;s;S");
820 if (action == 'C' || action == 'S') {
821 signal = strtoul(p, (char **)&p, 16);
822 } else if (action != 'c' && action != 's') {
828 thread = strtoull(p+1, (char **)&p, 16);
830 action = tolower(action);
831 if (res == 0 || (res == 'c' && action == 's')) {
838 if (res_thread != -1 && res_thread != 0) {
839 cpu = find_cpu(res_thread);
841 put_packet(s, "E22");
847 cpu_single_step(s->c_cpu, sstep_flags);
849 s->signal = res_signal;
855 goto unknown_command;
858 #ifdef CONFIG_USER_ONLY
859 /* Kill the target */
860 fprintf(stderr, "\nQEMU: Terminated via GDBstub\n");
865 gdb_breakpoint_remove_all();
866 gdb_syscall_mode = GDB_SYS_DISABLED;
872 addr = strtoull(p, (char **)&p, 16);
873 gdb_set_cpu_pc(s, addr);
875 cpu_single_step(s->c_cpu, sstep_flags);
883 ret = strtoull(p, (char **)&p, 16);
886 err = strtoull(p, (char **)&p, 16);
893 if (s->current_syscall_cb) {
894 s->current_syscall_cb(s->c_cpu, ret, err);
895 s->current_syscall_cb = NULL;
898 put_packet(s, "T02");
905 cpu_synchronize_state(s->g_cpu);
907 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs; addr++) {
908 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
911 memtohex(buf, mem_buf, len);
915 cpu_synchronize_state(s->g_cpu);
918 hextomem((uint8_t *)registers, p, len);
919 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs && len > 0; addr++) {
920 reg_size = gdb_write_register(s->g_cpu, registers, addr);
922 registers += reg_size;
927 addr = strtoull(p, (char **)&p, 16);
930 len = strtoull(p, NULL, 16);
931 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
932 put_packet (s, "E14");
934 memtohex(buf, mem_buf, len);
939 addr = strtoull(p, (char **)&p, 16);
942 len = strtoull(p, (char **)&p, 16);
945 hextomem(mem_buf, p, len);
946 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
948 put_packet(s, "E14");
954 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
955 This works, but can be very slow. Anything new enough to
956 understand XML also knows how to use this properly. */
958 goto unknown_command;
959 addr = strtoull(p, (char **)&p, 16);
960 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
962 memtohex(buf, mem_buf, reg_size);
965 put_packet(s, "E14");
970 goto unknown_command;
971 addr = strtoull(p, (char **)&p, 16);
974 reg_size = strlen(p) / 2;
975 hextomem(mem_buf, p, reg_size);
976 gdb_write_register(s->g_cpu, mem_buf, addr);
981 type = strtoul(p, (char **)&p, 16);
984 addr = strtoull(p, (char **)&p, 16);
987 len = strtoull(p, (char **)&p, 16);
989 res = gdb_breakpoint_insert(addr, len, type);
991 res = gdb_breakpoint_remove(addr, len, type);
994 else if (res == -ENOSYS)
997 put_packet(s, "E22");
1001 thread = strtoull(p, (char **)&p, 16);
1002 if (thread == -1 || thread == 0) {
1003 put_packet(s, "OK");
1006 cpu = find_cpu(thread);
1008 put_packet(s, "E22");
1014 put_packet(s, "OK");
1018 put_packet(s, "OK");
1021 put_packet(s, "E22");
1026 thread = strtoull(p, (char **)&p, 16);
1027 cpu = find_cpu(thread);
1030 put_packet(s, "OK");
1032 put_packet(s, "E22");
1037 /* parse any 'q' packets here */
1038 if (!strcmp(p,"qemu.sstepbits")) {
1039 /* Query Breakpoint bit definitions */
1040 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1046 } else if (strncmp(p,"qemu.sstep",10) == 0) {
1047 /* Display or change the sstep_flags */
1050 /* Display current setting */
1051 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1056 type = strtoul(p, (char **)&p, 16);
1058 put_packet(s, "OK");
1060 } else if (strcmp(p,"C") == 0) {
1061 /* "Current thread" remains vague in the spec, so always return
1062 * the first CPU (gdb returns the first thread). */
1063 put_packet(s, "QC1");
1065 } else if (strcmp(p,"fThreadInfo") == 0) {
1066 s->query_cpu = first_cpu;
1067 goto report_cpuinfo;
1068 } else if (strcmp(p,"sThreadInfo") == 0) {
1071 snprintf(buf, sizeof(buf), "m%x", cpu_index(s->query_cpu));
1073 s->query_cpu = CPU_NEXT(s->query_cpu);
1077 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1078 thread = strtoull(p+16, (char **)&p, 16);
1079 cpu = find_cpu(thread);
1081 cpu_synchronize_state(cpu);
1082 len = snprintf((char *)mem_buf, sizeof(mem_buf),
1083 "CPU#%d [%s]", cpu->cpu_index,
1084 cpu->halted ? "halted " : "running");
1085 memtohex(buf, mem_buf, len);
1090 #ifdef CONFIG_USER_ONLY
1091 else if (strncmp(p, "Offsets", 7) == 0) {
1092 CPUArchState *env = s->c_cpu->env_ptr;
1093 TaskState *ts = env->opaque;
1095 snprintf(buf, sizeof(buf),
1096 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1097 ";Bss=" TARGET_ABI_FMT_lx,
1098 ts->info->code_offset,
1099 ts->info->data_offset,
1100 ts->info->data_offset);
1104 #else /* !CONFIG_USER_ONLY */
1105 else if (strncmp(p, "Rcmd,", 5) == 0) {
1106 int len = strlen(p + 5);
1108 if ((len % 2) != 0) {
1109 put_packet(s, "E01");
1112 hextomem(mem_buf, p + 5, len);
1115 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1116 put_packet(s, "OK");
1119 #endif /* !CONFIG_USER_ONLY */
1120 if (strncmp(p, "Supported", 9) == 0) {
1121 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1122 cc = CPU_GET_CLASS(first_cpu);
1123 if (cc->gdb_core_xml_file != NULL) {
1124 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1129 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1131 target_ulong total_len;
1133 cc = CPU_GET_CLASS(first_cpu);
1134 if (cc->gdb_core_xml_file == NULL) {
1135 goto unknown_command;
1140 xml = get_feature_xml(p, &p, cc);
1142 snprintf(buf, sizeof(buf), "E00");
1149 addr = strtoul(p, (char **)&p, 16);
1152 len = strtoul(p, (char **)&p, 16);
1154 total_len = strlen(xml);
1155 if (addr > total_len) {
1156 snprintf(buf, sizeof(buf), "E00");
1160 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1161 len = (MAX_PACKET_LENGTH - 5) / 2;
1162 if (len < total_len - addr) {
1164 len = memtox(buf + 1, xml + addr, len);
1167 len = memtox(buf + 1, xml + addr, total_len - addr);
1169 put_packet_binary(s, buf, len + 1);
1172 /* Unrecognised 'q' command. */
1173 goto unknown_command;
1177 /* put empty packet */
1185 void gdb_set_stop_cpu(CPUState *cpu)
1187 gdbserver_state->c_cpu = cpu;
1188 gdbserver_state->g_cpu = cpu;
1191 #ifndef CONFIG_USER_ONLY
1192 static void gdb_vm_state_change(void *opaque, int running, RunState state)
1194 GDBState *s = gdbserver_state;
1195 CPUArchState *env = s->c_cpu->env_ptr;
1196 CPUState *cpu = s->c_cpu;
1201 if (running || s->state == RS_INACTIVE) {
1204 /* Is there a GDB syscall waiting to be sent? */
1205 if (s->current_syscall_cb) {
1206 put_packet(s, s->syscall_buf);
1210 case RUN_STATE_DEBUG:
1211 if (env->watchpoint_hit) {
1212 switch (env->watchpoint_hit->flags & BP_MEM_ACCESS) {
1223 snprintf(buf, sizeof(buf),
1224 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
1225 GDB_SIGNAL_TRAP, cpu_index(cpu), type,
1226 env->watchpoint_hit->vaddr);
1227 env->watchpoint_hit = NULL;
1231 ret = GDB_SIGNAL_TRAP;
1233 case RUN_STATE_PAUSED:
1234 ret = GDB_SIGNAL_INT;
1236 case RUN_STATE_SHUTDOWN:
1237 ret = GDB_SIGNAL_QUIT;
1239 case RUN_STATE_IO_ERROR:
1240 ret = GDB_SIGNAL_IO;
1242 case RUN_STATE_WATCHDOG:
1243 ret = GDB_SIGNAL_ALRM;
1245 case RUN_STATE_INTERNAL_ERROR:
1246 ret = GDB_SIGNAL_ABRT;
1248 case RUN_STATE_SAVE_VM:
1249 case RUN_STATE_RESTORE_VM:
1251 case RUN_STATE_FINISH_MIGRATE:
1252 ret = GDB_SIGNAL_XCPU;
1255 ret = GDB_SIGNAL_UNKNOWN;
1258 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_index(cpu));
1263 /* disable single step if it was enabled */
1264 cpu_single_step(cpu, 0);
1268 /* Send a gdb syscall request.
1269 This accepts limited printf-style format specifiers, specifically:
1270 %x - target_ulong argument printed in hex.
1271 %lx - 64-bit argument printed in hex.
1272 %s - string pointer (target_ulong) and length (int) pair. */
1273 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1282 s = gdbserver_state;
1285 s->current_syscall_cb = cb;
1286 #ifndef CONFIG_USER_ONLY
1287 vm_stop(RUN_STATE_DEBUG);
1291 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
1298 addr = va_arg(va, target_ulong);
1299 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
1302 if (*(fmt++) != 'x')
1304 i64 = va_arg(va, uint64_t);
1305 p += snprintf(p, p_end - p, "%" PRIx64, i64);
1308 addr = va_arg(va, target_ulong);
1309 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
1310 addr, va_arg(va, int));
1314 fprintf(stderr, "gdbstub: Bad syscall format string '%s'\n",
1324 #ifdef CONFIG_USER_ONLY
1325 put_packet(s, s->syscall_buf);
1326 gdb_handlesig(s->c_cpu, 0);
1328 /* In this case wait to send the syscall packet until notification that
1329 the CPU has stopped. This must be done because if the packet is sent
1330 now the reply from the syscall request could be received while the CPU
1331 is still in the running state, which can cause packets to be dropped
1332 and state transition 'T' packets to be sent while the syscall is still
1338 static void gdb_read_byte(GDBState *s, int ch)
1343 #ifndef CONFIG_USER_ONLY
1344 if (s->last_packet_len) {
1345 /* Waiting for a response to the last packet. If we see the start
1346 of a new command then abandon the previous response. */
1349 printf("Got NACK, retransmitting\n");
1351 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
1355 printf("Got ACK\n");
1357 printf("Got '%c' when expecting ACK/NACK\n", ch);
1359 if (ch == '+' || ch == '$')
1360 s->last_packet_len = 0;
1364 if (runstate_is_running()) {
1365 /* when the CPU is running, we cannot do anything except stop
1366 it when receiving a char */
1367 vm_stop(RUN_STATE_PAUSED);
1374 s->line_buf_index = 0;
1375 s->state = RS_GETLINE;
1380 s->state = RS_CHKSUM1;
1381 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1384 s->line_buf[s->line_buf_index++] = ch;
1388 s->line_buf[s->line_buf_index] = '\0';
1389 s->line_csum = fromhex(ch) << 4;
1390 s->state = RS_CHKSUM2;
1393 s->line_csum |= fromhex(ch);
1395 for(i = 0; i < s->line_buf_index; i++) {
1396 csum += s->line_buf[i];
1398 if (s->line_csum != (csum & 0xff)) {
1400 put_buffer(s, &reply, 1);
1404 put_buffer(s, &reply, 1);
1405 s->state = gdb_handle_packet(s, s->line_buf);
1414 /* Tell the remote gdb that the process has exited. */
1415 void gdb_exit(CPUArchState *env, int code)
1420 s = gdbserver_state;
1424 #ifdef CONFIG_USER_ONLY
1425 if (gdbserver_fd < 0 || s->fd < 0) {
1430 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
1433 #ifndef CONFIG_USER_ONLY
1435 qemu_chr_delete(s->chr);
1440 #ifdef CONFIG_USER_ONLY
1446 s = gdbserver_state;
1448 if (gdbserver_fd < 0 || s->fd < 0)
1455 gdb_handlesig(CPUState *cpu, int sig)
1457 CPUArchState *env = cpu->env_ptr;
1462 s = gdbserver_state;
1463 if (gdbserver_fd < 0 || s->fd < 0) {
1467 /* disable single step if it was enabled */
1468 cpu_single_step(cpu, 0);
1472 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
1475 /* put_packet() might have detected that the peer terminated the
1483 s->running_state = 0;
1484 while (s->running_state == 0) {
1485 n = read(s->fd, buf, 256);
1489 for (i = 0; i < n; i++) {
1490 gdb_read_byte(s, buf[i]);
1492 } else if (n == 0 || errno != EAGAIN) {
1493 /* XXX: Connection closed. Should probably wait for another
1494 connection before continuing. */
1503 /* Tell the remote gdb that the process has exited due to SIG. */
1504 void gdb_signalled(CPUArchState *env, int sig)
1509 s = gdbserver_state;
1510 if (gdbserver_fd < 0 || s->fd < 0) {
1514 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
1518 static void gdb_accept(void)
1521 struct sockaddr_in sockaddr;
1526 len = sizeof(sockaddr);
1527 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
1528 if (fd < 0 && errno != EINTR) {
1531 } else if (fd >= 0) {
1533 fcntl(fd, F_SETFD, FD_CLOEXEC);
1539 /* set short latency */
1540 socket_set_nodelay(fd);
1542 s = g_malloc0(sizeof(GDBState));
1543 s->c_cpu = first_cpu;
1544 s->g_cpu = first_cpu;
1546 gdb_has_xml = false;
1548 gdbserver_state = s;
1550 fcntl(fd, F_SETFL, O_NONBLOCK);
1553 static int gdbserver_open(int port)
1555 struct sockaddr_in sockaddr;
1558 fd = socket(PF_INET, SOCK_STREAM, 0);
1564 fcntl(fd, F_SETFD, FD_CLOEXEC);
1567 socket_set_fast_reuse(fd);
1569 sockaddr.sin_family = AF_INET;
1570 sockaddr.sin_port = htons(port);
1571 sockaddr.sin_addr.s_addr = 0;
1572 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
1578 ret = listen(fd, 0);
1587 int gdbserver_start(int port)
1589 gdbserver_fd = gdbserver_open(port);
1590 if (gdbserver_fd < 0)
1592 /* accept connections */
1597 /* Disable gdb stub for child processes. */
1598 void gdbserver_fork(CPUArchState *env)
1600 GDBState *s = gdbserver_state;
1601 if (gdbserver_fd < 0 || s->fd < 0)
1605 cpu_breakpoint_remove_all(env, BP_GDB);
1606 cpu_watchpoint_remove_all(env, BP_GDB);
1609 static int gdb_chr_can_receive(void *opaque)
1611 /* We can handle an arbitrarily large amount of data.
1612 Pick the maximum packet size, which is as good as anything. */
1613 return MAX_PACKET_LENGTH;
1616 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
1620 for (i = 0; i < size; i++) {
1621 gdb_read_byte(gdbserver_state, buf[i]);
1625 static void gdb_chr_event(void *opaque, int event)
1628 case CHR_EVENT_OPENED:
1629 vm_stop(RUN_STATE_PAUSED);
1630 gdb_has_xml = false;
1637 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
1639 char buf[MAX_PACKET_LENGTH];
1642 if (len > (MAX_PACKET_LENGTH/2) - 1)
1643 len = (MAX_PACKET_LENGTH/2) - 1;
1644 memtohex(buf + 1, (uint8_t *)msg, len);
1648 static int gdb_monitor_write(CharDriverState *chr, const uint8_t *buf, int len)
1650 const char *p = (const char *)buf;
1653 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
1655 if (len <= max_sz) {
1656 gdb_monitor_output(gdbserver_state, p, len);
1659 gdb_monitor_output(gdbserver_state, p, max_sz);
1667 static void gdb_sigterm_handler(int signal)
1669 if (runstate_is_running()) {
1670 vm_stop(RUN_STATE_PAUSED);
1675 int gdbserver_start(const char *device)
1678 char gdbstub_device_name[128];
1679 CharDriverState *chr = NULL;
1680 CharDriverState *mon_chr;
1684 if (strcmp(device, "none") != 0) {
1685 if (strstart(device, "tcp:", NULL)) {
1686 /* enforce required TCP attributes */
1687 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
1688 "%s,nowait,nodelay,server", device);
1689 device = gdbstub_device_name;
1692 else if (strcmp(device, "stdio") == 0) {
1693 struct sigaction act;
1695 memset(&act, 0, sizeof(act));
1696 act.sa_handler = gdb_sigterm_handler;
1697 sigaction(SIGINT, &act, NULL);
1700 chr = qemu_chr_new("gdb", device, NULL);
1704 qemu_chr_fe_claim_no_fail(chr);
1705 qemu_chr_add_handlers(chr, gdb_chr_can_receive, gdb_chr_receive,
1706 gdb_chr_event, NULL);
1709 s = gdbserver_state;
1711 s = g_malloc0(sizeof(GDBState));
1712 gdbserver_state = s;
1714 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
1716 /* Initialize a monitor terminal for gdb */
1717 mon_chr = g_malloc0(sizeof(*mon_chr));
1718 mon_chr->chr_write = gdb_monitor_write;
1719 monitor_init(mon_chr, 0);
1722 qemu_chr_delete(s->chr);
1723 mon_chr = s->mon_chr;
1724 memset(s, 0, sizeof(GDBState));
1726 s->c_cpu = first_cpu;
1727 s->g_cpu = first_cpu;
1729 s->state = chr ? RS_IDLE : RS_INACTIVE;
1730 s->mon_chr = mon_chr;
1731 s->current_syscall_cb = NULL;