monitor: Fix tracepoint crash on JSON syntax error
[qemu/armbru.git] / gdbstub.c
blobd6ab95006c46d71aa800868a11919875da2a3bd4
1 /*
2 * gdb server stub
4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #include "qemu/error-report.h"
22 #include "qemu/cutils.h"
23 #include "cpu.h"
24 #include "trace-root.h"
25 #ifdef CONFIG_USER_ONLY
26 #include "qemu.h"
27 #else
28 #include "monitor/monitor.h"
29 #include "chardev/char.h"
30 #include "chardev/char-fe.h"
31 #include "sysemu/sysemu.h"
32 #include "exec/gdbstub.h"
33 #endif
35 #define MAX_PACKET_LENGTH 4096
37 #include "qemu/sockets.h"
38 #include "sysemu/hw_accel.h"
39 #include "sysemu/kvm.h"
40 #include "exec/semihost.h"
41 #include "exec/exec-all.h"
43 #ifdef CONFIG_USER_ONLY
44 #define GDB_ATTACHED "0"
45 #else
46 #define GDB_ATTACHED "1"
47 #endif
49 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
50 uint8_t *buf, int len, bool is_write)
52 CPUClass *cc = CPU_GET_CLASS(cpu);
54 if (cc->memory_rw_debug) {
55 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
57 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
60 /* Return the GDB index for a given vCPU state.
62 * For user mode this is simply the thread id. In system mode GDB
63 * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
65 static inline int cpu_gdb_index(CPUState *cpu)
67 #if defined(CONFIG_USER_ONLY)
68 TaskState *ts = (TaskState *) cpu->opaque;
69 return ts->ts_tid;
70 #else
71 return cpu->cpu_index + 1;
72 #endif
75 enum {
76 GDB_SIGNAL_0 = 0,
77 GDB_SIGNAL_INT = 2,
78 GDB_SIGNAL_QUIT = 3,
79 GDB_SIGNAL_TRAP = 5,
80 GDB_SIGNAL_ABRT = 6,
81 GDB_SIGNAL_ALRM = 14,
82 GDB_SIGNAL_IO = 23,
83 GDB_SIGNAL_XCPU = 24,
84 GDB_SIGNAL_UNKNOWN = 143
87 #ifdef CONFIG_USER_ONLY
89 /* Map target signal numbers to GDB protocol signal numbers and vice
90 * versa. For user emulation's currently supported systems, we can
91 * assume most signals are defined.
94 static int gdb_signal_table[] = {
96 TARGET_SIGHUP,
97 TARGET_SIGINT,
98 TARGET_SIGQUIT,
99 TARGET_SIGILL,
100 TARGET_SIGTRAP,
101 TARGET_SIGABRT,
102 -1, /* SIGEMT */
103 TARGET_SIGFPE,
104 TARGET_SIGKILL,
105 TARGET_SIGBUS,
106 TARGET_SIGSEGV,
107 TARGET_SIGSYS,
108 TARGET_SIGPIPE,
109 TARGET_SIGALRM,
110 TARGET_SIGTERM,
111 TARGET_SIGURG,
112 TARGET_SIGSTOP,
113 TARGET_SIGTSTP,
114 TARGET_SIGCONT,
115 TARGET_SIGCHLD,
116 TARGET_SIGTTIN,
117 TARGET_SIGTTOU,
118 TARGET_SIGIO,
119 TARGET_SIGXCPU,
120 TARGET_SIGXFSZ,
121 TARGET_SIGVTALRM,
122 TARGET_SIGPROF,
123 TARGET_SIGWINCH,
124 -1, /* SIGLOST */
125 TARGET_SIGUSR1,
126 TARGET_SIGUSR2,
127 #ifdef TARGET_SIGPWR
128 TARGET_SIGPWR,
129 #else
131 #endif
132 -1, /* SIGPOLL */
144 #ifdef __SIGRTMIN
145 __SIGRTMIN + 1,
146 __SIGRTMIN + 2,
147 __SIGRTMIN + 3,
148 __SIGRTMIN + 4,
149 __SIGRTMIN + 5,
150 __SIGRTMIN + 6,
151 __SIGRTMIN + 7,
152 __SIGRTMIN + 8,
153 __SIGRTMIN + 9,
154 __SIGRTMIN + 10,
155 __SIGRTMIN + 11,
156 __SIGRTMIN + 12,
157 __SIGRTMIN + 13,
158 __SIGRTMIN + 14,
159 __SIGRTMIN + 15,
160 __SIGRTMIN + 16,
161 __SIGRTMIN + 17,
162 __SIGRTMIN + 18,
163 __SIGRTMIN + 19,
164 __SIGRTMIN + 20,
165 __SIGRTMIN + 21,
166 __SIGRTMIN + 22,
167 __SIGRTMIN + 23,
168 __SIGRTMIN + 24,
169 __SIGRTMIN + 25,
170 __SIGRTMIN + 26,
171 __SIGRTMIN + 27,
172 __SIGRTMIN + 28,
173 __SIGRTMIN + 29,
174 __SIGRTMIN + 30,
175 __SIGRTMIN + 31,
176 -1, /* SIGCANCEL */
177 __SIGRTMIN,
178 __SIGRTMIN + 32,
179 __SIGRTMIN + 33,
180 __SIGRTMIN + 34,
181 __SIGRTMIN + 35,
182 __SIGRTMIN + 36,
183 __SIGRTMIN + 37,
184 __SIGRTMIN + 38,
185 __SIGRTMIN + 39,
186 __SIGRTMIN + 40,
187 __SIGRTMIN + 41,
188 __SIGRTMIN + 42,
189 __SIGRTMIN + 43,
190 __SIGRTMIN + 44,
191 __SIGRTMIN + 45,
192 __SIGRTMIN + 46,
193 __SIGRTMIN + 47,
194 __SIGRTMIN + 48,
195 __SIGRTMIN + 49,
196 __SIGRTMIN + 50,
197 __SIGRTMIN + 51,
198 __SIGRTMIN + 52,
199 __SIGRTMIN + 53,
200 __SIGRTMIN + 54,
201 __SIGRTMIN + 55,
202 __SIGRTMIN + 56,
203 __SIGRTMIN + 57,
204 __SIGRTMIN + 58,
205 __SIGRTMIN + 59,
206 __SIGRTMIN + 60,
207 __SIGRTMIN + 61,
208 __SIGRTMIN + 62,
209 __SIGRTMIN + 63,
210 __SIGRTMIN + 64,
211 __SIGRTMIN + 65,
212 __SIGRTMIN + 66,
213 __SIGRTMIN + 67,
214 __SIGRTMIN + 68,
215 __SIGRTMIN + 69,
216 __SIGRTMIN + 70,
217 __SIGRTMIN + 71,
218 __SIGRTMIN + 72,
219 __SIGRTMIN + 73,
220 __SIGRTMIN + 74,
221 __SIGRTMIN + 75,
222 __SIGRTMIN + 76,
223 __SIGRTMIN + 77,
224 __SIGRTMIN + 78,
225 __SIGRTMIN + 79,
226 __SIGRTMIN + 80,
227 __SIGRTMIN + 81,
228 __SIGRTMIN + 82,
229 __SIGRTMIN + 83,
230 __SIGRTMIN + 84,
231 __SIGRTMIN + 85,
232 __SIGRTMIN + 86,
233 __SIGRTMIN + 87,
234 __SIGRTMIN + 88,
235 __SIGRTMIN + 89,
236 __SIGRTMIN + 90,
237 __SIGRTMIN + 91,
238 __SIGRTMIN + 92,
239 __SIGRTMIN + 93,
240 __SIGRTMIN + 94,
241 __SIGRTMIN + 95,
242 -1, /* SIGINFO */
243 -1, /* UNKNOWN */
244 -1, /* DEFAULT */
251 #endif
253 #else
254 /* In system mode we only need SIGINT and SIGTRAP; other signals
255 are not yet supported. */
257 enum {
258 TARGET_SIGINT = 2,
259 TARGET_SIGTRAP = 5
262 static int gdb_signal_table[] = {
265 TARGET_SIGINT,
268 TARGET_SIGTRAP
270 #endif
272 #ifdef CONFIG_USER_ONLY
273 static int target_signal_to_gdb (int sig)
275 int i;
276 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
277 if (gdb_signal_table[i] == sig)
278 return i;
279 return GDB_SIGNAL_UNKNOWN;
281 #endif
283 static int gdb_signal_to_target (int sig)
285 if (sig < ARRAY_SIZE (gdb_signal_table))
286 return gdb_signal_table[sig];
287 else
288 return -1;
291 typedef struct GDBRegisterState {
292 int base_reg;
293 int num_regs;
294 gdb_reg_cb get_reg;
295 gdb_reg_cb set_reg;
296 const char *xml;
297 struct GDBRegisterState *next;
298 } GDBRegisterState;
300 enum RSState {
301 RS_INACTIVE,
302 RS_IDLE,
303 RS_GETLINE,
304 RS_GETLINE_ESC,
305 RS_GETLINE_RLE,
306 RS_CHKSUM1,
307 RS_CHKSUM2,
309 typedef struct GDBState {
310 CPUState *c_cpu; /* current CPU for step/continue ops */
311 CPUState *g_cpu; /* current CPU for other ops */
312 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
313 enum RSState state; /* parsing state */
314 char line_buf[MAX_PACKET_LENGTH];
315 int line_buf_index;
316 int line_sum; /* running checksum */
317 int line_csum; /* checksum at the end of the packet */
318 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
319 int last_packet_len;
320 int signal;
321 #ifdef CONFIG_USER_ONLY
322 int fd;
323 int running_state;
324 #else
325 CharBackend chr;
326 Chardev *mon_chr;
327 #endif
328 char syscall_buf[256];
329 gdb_syscall_complete_cb current_syscall_cb;
330 } GDBState;
332 /* By default use no IRQs and no timers while single stepping so as to
333 * make single stepping like an ICE HW step.
335 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
337 static GDBState *gdbserver_state;
339 bool gdb_has_xml;
341 #ifdef CONFIG_USER_ONLY
342 /* XXX: This is not thread safe. Do we care? */
343 static int gdbserver_fd = -1;
345 static int get_char(GDBState *s)
347 uint8_t ch;
348 int ret;
350 for(;;) {
351 ret = qemu_recv(s->fd, &ch, 1, 0);
352 if (ret < 0) {
353 if (errno == ECONNRESET)
354 s->fd = -1;
355 if (errno != EINTR)
356 return -1;
357 } else if (ret == 0) {
358 close(s->fd);
359 s->fd = -1;
360 return -1;
361 } else {
362 break;
365 return ch;
367 #endif
369 static enum {
370 GDB_SYS_UNKNOWN,
371 GDB_SYS_ENABLED,
372 GDB_SYS_DISABLED,
373 } gdb_syscall_mode;
375 /* Decide if either remote gdb syscalls or native file IO should be used. */
376 int use_gdb_syscalls(void)
378 SemihostingTarget target = semihosting_get_target();
379 if (target == SEMIHOSTING_TARGET_NATIVE) {
380 /* -semihosting-config target=native */
381 return false;
382 } else if (target == SEMIHOSTING_TARGET_GDB) {
383 /* -semihosting-config target=gdb */
384 return true;
387 /* -semihosting-config target=auto */
388 /* On the first call check if gdb is connected and remember. */
389 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
390 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
391 : GDB_SYS_DISABLED);
393 return gdb_syscall_mode == GDB_SYS_ENABLED;
396 /* Resume execution. */
397 static inline void gdb_continue(GDBState *s)
400 #ifdef CONFIG_USER_ONLY
401 s->running_state = 1;
402 trace_gdbstub_op_continue();
403 #else
404 if (!runstate_needs_reset()) {
405 trace_gdbstub_op_continue();
406 vm_start();
408 #endif
412 * Resume execution, per CPU actions. For user-mode emulation it's
413 * equivalent to gdb_continue.
415 static int gdb_continue_partial(GDBState *s, char *newstates)
417 CPUState *cpu;
418 int res = 0;
419 #ifdef CONFIG_USER_ONLY
421 * This is not exactly accurate, but it's an improvement compared to the
422 * previous situation, where only one CPU would be single-stepped.
424 CPU_FOREACH(cpu) {
425 if (newstates[cpu->cpu_index] == 's') {
426 trace_gdbstub_op_stepping(cpu->cpu_index);
427 cpu_single_step(cpu, sstep_flags);
430 s->running_state = 1;
431 #else
432 int flag = 0;
434 if (!runstate_needs_reset()) {
435 if (vm_prepare_start()) {
436 return 0;
439 CPU_FOREACH(cpu) {
440 switch (newstates[cpu->cpu_index]) {
441 case 0:
442 case 1:
443 break; /* nothing to do here */
444 case 's':
445 trace_gdbstub_op_stepping(cpu->cpu_index);
446 cpu_single_step(cpu, sstep_flags);
447 cpu_resume(cpu);
448 flag = 1;
449 break;
450 case 'c':
451 trace_gdbstub_op_continue_cpu(cpu->cpu_index);
452 cpu_resume(cpu);
453 flag = 1;
454 break;
455 default:
456 res = -1;
457 break;
461 if (flag) {
462 qemu_clock_enable(QEMU_CLOCK_VIRTUAL, true);
464 #endif
465 return res;
468 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
470 #ifdef CONFIG_USER_ONLY
471 int ret;
473 while (len > 0) {
474 ret = send(s->fd, buf, len, 0);
475 if (ret < 0) {
476 if (errno != EINTR)
477 return;
478 } else {
479 buf += ret;
480 len -= ret;
483 #else
484 /* XXX this blocks entire thread. Rewrite to use
485 * qemu_chr_fe_write and background I/O callbacks */
486 qemu_chr_fe_write_all(&s->chr, buf, len);
487 #endif
490 static inline int fromhex(int v)
492 if (v >= '0' && v <= '9')
493 return v - '0';
494 else if (v >= 'A' && v <= 'F')
495 return v - 'A' + 10;
496 else if (v >= 'a' && v <= 'f')
497 return v - 'a' + 10;
498 else
499 return 0;
502 static inline int tohex(int v)
504 if (v < 10)
505 return v + '0';
506 else
507 return v - 10 + 'a';
510 /* writes 2*len+1 bytes in buf */
511 static void memtohex(char *buf, const uint8_t *mem, int len)
513 int i, c;
514 char *q;
515 q = buf;
516 for(i = 0; i < len; i++) {
517 c = mem[i];
518 *q++ = tohex(c >> 4);
519 *q++ = tohex(c & 0xf);
521 *q = '\0';
524 static void hextomem(uint8_t *mem, const char *buf, int len)
526 int i;
528 for(i = 0; i < len; i++) {
529 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
530 buf += 2;
534 static void hexdump(const char *buf, int len,
535 void (*trace_fn)(size_t ofs, char const *text))
537 char line_buffer[3 * 16 + 4 + 16 + 1];
539 size_t i;
540 for (i = 0; i < len || (i & 0xF); ++i) {
541 size_t byte_ofs = i & 15;
543 if (byte_ofs == 0) {
544 memset(line_buffer, ' ', 3 * 16 + 4 + 16);
545 line_buffer[3 * 16 + 4 + 16] = 0;
548 size_t col_group = (i >> 2) & 3;
549 size_t hex_col = byte_ofs * 3 + col_group;
550 size_t txt_col = 3 * 16 + 4 + byte_ofs;
552 if (i < len) {
553 char value = buf[i];
555 line_buffer[hex_col + 0] = tohex((value >> 4) & 0xF);
556 line_buffer[hex_col + 1] = tohex((value >> 0) & 0xF);
557 line_buffer[txt_col + 0] = (value >= ' ' && value < 127)
558 ? value
559 : '.';
562 if (byte_ofs == 0xF)
563 trace_fn(i & -16, line_buffer);
567 /* return -1 if error, 0 if OK */
568 static int put_packet_binary(GDBState *s, const char *buf, int len, bool dump)
570 int csum, i;
571 uint8_t *p;
573 if (dump && trace_event_get_state_backends(TRACE_GDBSTUB_IO_BINARYREPLY)) {
574 hexdump(buf, len, trace_gdbstub_io_binaryreply);
577 for(;;) {
578 p = s->last_packet;
579 *(p++) = '$';
580 memcpy(p, buf, len);
581 p += len;
582 csum = 0;
583 for(i = 0; i < len; i++) {
584 csum += buf[i];
586 *(p++) = '#';
587 *(p++) = tohex((csum >> 4) & 0xf);
588 *(p++) = tohex((csum) & 0xf);
590 s->last_packet_len = p - s->last_packet;
591 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
593 #ifdef CONFIG_USER_ONLY
594 i = get_char(s);
595 if (i < 0)
596 return -1;
597 if (i == '+')
598 break;
599 #else
600 break;
601 #endif
603 return 0;
606 /* return -1 if error, 0 if OK */
607 static int put_packet(GDBState *s, const char *buf)
609 trace_gdbstub_io_reply(buf);
611 return put_packet_binary(s, buf, strlen(buf), false);
614 /* Encode data using the encoding for 'x' packets. */
615 static int memtox(char *buf, const char *mem, int len)
617 char *p = buf;
618 char c;
620 while (len--) {
621 c = *(mem++);
622 switch (c) {
623 case '#': case '$': case '*': case '}':
624 *(p++) = '}';
625 *(p++) = c ^ 0x20;
626 break;
627 default:
628 *(p++) = c;
629 break;
632 return p - buf;
635 static const char *get_feature_xml(const char *p, const char **newp,
636 CPUClass *cc)
638 size_t len;
639 int i;
640 const char *name;
641 static char target_xml[1024];
643 len = 0;
644 while (p[len] && p[len] != ':')
645 len++;
646 *newp = p + len;
648 name = NULL;
649 if (strncmp(p, "target.xml", len) == 0) {
650 /* Generate the XML description for this CPU. */
651 if (!target_xml[0]) {
652 GDBRegisterState *r;
653 CPUState *cpu = first_cpu;
655 pstrcat(target_xml, sizeof(target_xml),
656 "<?xml version=\"1.0\"?>"
657 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
658 "<target>");
659 if (cc->gdb_arch_name) {
660 gchar *arch = cc->gdb_arch_name(cpu);
661 pstrcat(target_xml, sizeof(target_xml), "<architecture>");
662 pstrcat(target_xml, sizeof(target_xml), arch);
663 pstrcat(target_xml, sizeof(target_xml), "</architecture>");
664 g_free(arch);
666 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
667 pstrcat(target_xml, sizeof(target_xml), cc->gdb_core_xml_file);
668 pstrcat(target_xml, sizeof(target_xml), "\"/>");
669 for (r = cpu->gdb_regs; r; r = r->next) {
670 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
671 pstrcat(target_xml, sizeof(target_xml), r->xml);
672 pstrcat(target_xml, sizeof(target_xml), "\"/>");
674 pstrcat(target_xml, sizeof(target_xml), "</target>");
676 return target_xml;
678 if (cc->gdb_get_dynamic_xml) {
679 CPUState *cpu = first_cpu;
680 char *xmlname = g_strndup(p, len);
681 const char *xml = cc->gdb_get_dynamic_xml(cpu, xmlname);
683 g_free(xmlname);
684 if (xml) {
685 return xml;
688 for (i = 0; ; i++) {
689 name = xml_builtin[i][0];
690 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
691 break;
693 return name ? xml_builtin[i][1] : NULL;
696 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
698 CPUClass *cc = CPU_GET_CLASS(cpu);
699 CPUArchState *env = cpu->env_ptr;
700 GDBRegisterState *r;
702 if (reg < cc->gdb_num_core_regs) {
703 return cc->gdb_read_register(cpu, mem_buf, reg);
706 for (r = cpu->gdb_regs; r; r = r->next) {
707 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
708 return r->get_reg(env, mem_buf, reg - r->base_reg);
711 return 0;
714 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
716 CPUClass *cc = CPU_GET_CLASS(cpu);
717 CPUArchState *env = cpu->env_ptr;
718 GDBRegisterState *r;
720 if (reg < cc->gdb_num_core_regs) {
721 return cc->gdb_write_register(cpu, mem_buf, reg);
724 for (r = cpu->gdb_regs; r; r = r->next) {
725 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
726 return r->set_reg(env, mem_buf, reg - r->base_reg);
729 return 0;
732 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
733 specifies the first register number and these registers are included in
734 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
735 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
738 void gdb_register_coprocessor(CPUState *cpu,
739 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
740 int num_regs, const char *xml, int g_pos)
742 GDBRegisterState *s;
743 GDBRegisterState **p;
745 p = &cpu->gdb_regs;
746 while (*p) {
747 /* Check for duplicates. */
748 if (strcmp((*p)->xml, xml) == 0)
749 return;
750 p = &(*p)->next;
753 s = g_new0(GDBRegisterState, 1);
754 s->base_reg = cpu->gdb_num_regs;
755 s->num_regs = num_regs;
756 s->get_reg = get_reg;
757 s->set_reg = set_reg;
758 s->xml = xml;
760 /* Add to end of list. */
761 cpu->gdb_num_regs += num_regs;
762 *p = s;
763 if (g_pos) {
764 if (g_pos != s->base_reg) {
765 error_report("Error: Bad gdb register numbering for '%s', "
766 "expected %d got %d", xml, g_pos, s->base_reg);
767 } else {
768 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
773 #ifndef CONFIG_USER_ONLY
774 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
775 static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
777 static const int xlat[] = {
778 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
779 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
780 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
783 CPUClass *cc = CPU_GET_CLASS(cpu);
784 int cputype = xlat[gdbtype];
786 if (cc->gdb_stop_before_watchpoint) {
787 cputype |= BP_STOP_BEFORE_ACCESS;
789 return cputype;
791 #endif
793 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
795 CPUState *cpu;
796 int err = 0;
798 if (kvm_enabled()) {
799 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
802 switch (type) {
803 case GDB_BREAKPOINT_SW:
804 case GDB_BREAKPOINT_HW:
805 CPU_FOREACH(cpu) {
806 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
807 if (err) {
808 break;
811 return err;
812 #ifndef CONFIG_USER_ONLY
813 case GDB_WATCHPOINT_WRITE:
814 case GDB_WATCHPOINT_READ:
815 case GDB_WATCHPOINT_ACCESS:
816 CPU_FOREACH(cpu) {
817 err = cpu_watchpoint_insert(cpu, addr, len,
818 xlat_gdb_type(cpu, type), NULL);
819 if (err) {
820 break;
823 return err;
824 #endif
825 default:
826 return -ENOSYS;
830 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
832 CPUState *cpu;
833 int err = 0;
835 if (kvm_enabled()) {
836 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
839 switch (type) {
840 case GDB_BREAKPOINT_SW:
841 case GDB_BREAKPOINT_HW:
842 CPU_FOREACH(cpu) {
843 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
844 if (err) {
845 break;
848 return err;
849 #ifndef CONFIG_USER_ONLY
850 case GDB_WATCHPOINT_WRITE:
851 case GDB_WATCHPOINT_READ:
852 case GDB_WATCHPOINT_ACCESS:
853 CPU_FOREACH(cpu) {
854 err = cpu_watchpoint_remove(cpu, addr, len,
855 xlat_gdb_type(cpu, type));
856 if (err)
857 break;
859 return err;
860 #endif
861 default:
862 return -ENOSYS;
866 static void gdb_breakpoint_remove_all(void)
868 CPUState *cpu;
870 if (kvm_enabled()) {
871 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
872 return;
875 CPU_FOREACH(cpu) {
876 cpu_breakpoint_remove_all(cpu, BP_GDB);
877 #ifndef CONFIG_USER_ONLY
878 cpu_watchpoint_remove_all(cpu, BP_GDB);
879 #endif
883 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
885 CPUState *cpu = s->c_cpu;
887 cpu_synchronize_state(cpu);
888 cpu_set_pc(cpu, pc);
891 static CPUState *find_cpu(uint32_t thread_id)
893 CPUState *cpu;
895 CPU_FOREACH(cpu) {
896 if (cpu_gdb_index(cpu) == thread_id) {
897 return cpu;
901 return NULL;
904 static int is_query_packet(const char *p, const char *query, char separator)
906 unsigned int query_len = strlen(query);
908 return strncmp(p, query, query_len) == 0 &&
909 (p[query_len] == '\0' || p[query_len] == separator);
913 * gdb_handle_vcont - Parses and handles a vCont packet.
914 * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
915 * a format error, 0 on success.
917 static int gdb_handle_vcont(GDBState *s, const char *p)
919 int res, idx, signal = 0;
920 char cur_action;
921 char *newstates;
922 unsigned long tmp;
923 CPUState *cpu;
924 #ifdef CONFIG_USER_ONLY
925 int max_cpus = 1; /* global variable max_cpus exists only in system mode */
927 CPU_FOREACH(cpu) {
928 max_cpus = max_cpus <= cpu->cpu_index ? cpu->cpu_index + 1 : max_cpus;
930 #endif
931 /* uninitialised CPUs stay 0 */
932 newstates = g_new0(char, max_cpus);
934 /* mark valid CPUs with 1 */
935 CPU_FOREACH(cpu) {
936 newstates[cpu->cpu_index] = 1;
940 * res keeps track of what error we are returning, with -ENOTSUP meaning
941 * that the command is unknown or unsupported, thus returning an empty
942 * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
943 * or incorrect parameters passed.
945 res = 0;
946 while (*p) {
947 if (*p++ != ';') {
948 res = -ENOTSUP;
949 goto out;
952 cur_action = *p++;
953 if (cur_action == 'C' || cur_action == 'S') {
954 cur_action = qemu_tolower(cur_action);
955 res = qemu_strtoul(p + 1, &p, 16, &tmp);
956 if (res) {
957 goto out;
959 signal = gdb_signal_to_target(tmp);
960 } else if (cur_action != 'c' && cur_action != 's') {
961 /* unknown/invalid/unsupported command */
962 res = -ENOTSUP;
963 goto out;
965 /* thread specification. special values: (none), -1 = all; 0 = any */
966 if ((p[0] == ':' && p[1] == '-' && p[2] == '1') || (p[0] != ':')) {
967 if (*p == ':') {
968 p += 3;
970 for (idx = 0; idx < max_cpus; idx++) {
971 if (newstates[idx] == 1) {
972 newstates[idx] = cur_action;
975 } else if (*p == ':') {
976 p++;
977 res = qemu_strtoul(p, &p, 16, &tmp);
978 if (res) {
979 goto out;
982 /* 0 means any thread, so we pick the first valid CPU */
983 cpu = tmp ? find_cpu(tmp) : first_cpu;
985 /* invalid CPU/thread specified */
986 if (!cpu) {
987 res = -EINVAL;
988 goto out;
991 /* only use if no previous match occourred */
992 if (newstates[cpu->cpu_index] == 1) {
993 newstates[cpu->cpu_index] = cur_action;
997 s->signal = signal;
998 gdb_continue_partial(s, newstates);
1000 out:
1001 g_free(newstates);
1003 return res;
1006 static int gdb_handle_packet(GDBState *s, const char *line_buf)
1008 CPUState *cpu;
1009 CPUClass *cc;
1010 const char *p;
1011 uint32_t thread;
1012 int ch, reg_size, type, res;
1013 uint8_t mem_buf[MAX_PACKET_LENGTH];
1014 char buf[sizeof(mem_buf) + 1 /* trailing NUL */];
1015 uint8_t *registers;
1016 target_ulong addr, len;
1018 trace_gdbstub_io_command(line_buf);
1020 p = line_buf;
1021 ch = *p++;
1022 switch(ch) {
1023 case '?':
1024 /* TODO: Make this return the correct value for user-mode. */
1025 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
1026 cpu_gdb_index(s->c_cpu));
1027 put_packet(s, buf);
1028 /* Remove all the breakpoints when this query is issued,
1029 * because gdb is doing and initial connect and the state
1030 * should be cleaned up.
1032 gdb_breakpoint_remove_all();
1033 break;
1034 case 'c':
1035 if (*p != '\0') {
1036 addr = strtoull(p, (char **)&p, 16);
1037 gdb_set_cpu_pc(s, addr);
1039 s->signal = 0;
1040 gdb_continue(s);
1041 return RS_IDLE;
1042 case 'C':
1043 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
1044 if (s->signal == -1)
1045 s->signal = 0;
1046 gdb_continue(s);
1047 return RS_IDLE;
1048 case 'v':
1049 if (strncmp(p, "Cont", 4) == 0) {
1050 p += 4;
1051 if (*p == '?') {
1052 put_packet(s, "vCont;c;C;s;S");
1053 break;
1056 res = gdb_handle_vcont(s, p);
1058 if (res) {
1059 if ((res == -EINVAL) || (res == -ERANGE)) {
1060 put_packet(s, "E22");
1061 break;
1063 goto unknown_command;
1065 break;
1066 } else {
1067 goto unknown_command;
1069 case 'k':
1070 /* Kill the target */
1071 error_report("QEMU: Terminated via GDBstub");
1072 exit(0);
1073 case 'D':
1074 /* Detach packet */
1075 gdb_breakpoint_remove_all();
1076 gdb_syscall_mode = GDB_SYS_DISABLED;
1077 gdb_continue(s);
1078 put_packet(s, "OK");
1079 break;
1080 case 's':
1081 if (*p != '\0') {
1082 addr = strtoull(p, (char **)&p, 16);
1083 gdb_set_cpu_pc(s, addr);
1085 cpu_single_step(s->c_cpu, sstep_flags);
1086 gdb_continue(s);
1087 return RS_IDLE;
1088 case 'F':
1090 target_ulong ret;
1091 target_ulong err;
1093 ret = strtoull(p, (char **)&p, 16);
1094 if (*p == ',') {
1095 p++;
1096 err = strtoull(p, (char **)&p, 16);
1097 } else {
1098 err = 0;
1100 if (*p == ',')
1101 p++;
1102 type = *p;
1103 if (s->current_syscall_cb) {
1104 s->current_syscall_cb(s->c_cpu, ret, err);
1105 s->current_syscall_cb = NULL;
1107 if (type == 'C') {
1108 put_packet(s, "T02");
1109 } else {
1110 gdb_continue(s);
1113 break;
1114 case 'g':
1115 cpu_synchronize_state(s->g_cpu);
1116 len = 0;
1117 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs; addr++) {
1118 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
1119 len += reg_size;
1121 memtohex(buf, mem_buf, len);
1122 put_packet(s, buf);
1123 break;
1124 case 'G':
1125 cpu_synchronize_state(s->g_cpu);
1126 registers = mem_buf;
1127 len = strlen(p) / 2;
1128 hextomem((uint8_t *)registers, p, len);
1129 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs && len > 0; addr++) {
1130 reg_size = gdb_write_register(s->g_cpu, registers, addr);
1131 len -= reg_size;
1132 registers += reg_size;
1134 put_packet(s, "OK");
1135 break;
1136 case 'm':
1137 addr = strtoull(p, (char **)&p, 16);
1138 if (*p == ',')
1139 p++;
1140 len = strtoull(p, NULL, 16);
1142 /* memtohex() doubles the required space */
1143 if (len > MAX_PACKET_LENGTH / 2) {
1144 put_packet (s, "E22");
1145 break;
1148 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
1149 put_packet (s, "E14");
1150 } else {
1151 memtohex(buf, mem_buf, len);
1152 put_packet(s, buf);
1154 break;
1155 case 'M':
1156 addr = strtoull(p, (char **)&p, 16);
1157 if (*p == ',')
1158 p++;
1159 len = strtoull(p, (char **)&p, 16);
1160 if (*p == ':')
1161 p++;
1163 /* hextomem() reads 2*len bytes */
1164 if (len > strlen(p) / 2) {
1165 put_packet (s, "E22");
1166 break;
1168 hextomem(mem_buf, p, len);
1169 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
1170 true) != 0) {
1171 put_packet(s, "E14");
1172 } else {
1173 put_packet(s, "OK");
1175 break;
1176 case 'p':
1177 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1178 This works, but can be very slow. Anything new enough to
1179 understand XML also knows how to use this properly. */
1180 if (!gdb_has_xml)
1181 goto unknown_command;
1182 addr = strtoull(p, (char **)&p, 16);
1183 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1184 if (reg_size) {
1185 memtohex(buf, mem_buf, reg_size);
1186 put_packet(s, buf);
1187 } else {
1188 put_packet(s, "E14");
1190 break;
1191 case 'P':
1192 if (!gdb_has_xml)
1193 goto unknown_command;
1194 addr = strtoull(p, (char **)&p, 16);
1195 if (*p == '=')
1196 p++;
1197 reg_size = strlen(p) / 2;
1198 hextomem(mem_buf, p, reg_size);
1199 gdb_write_register(s->g_cpu, mem_buf, addr);
1200 put_packet(s, "OK");
1201 break;
1202 case 'Z':
1203 case 'z':
1204 type = strtoul(p, (char **)&p, 16);
1205 if (*p == ',')
1206 p++;
1207 addr = strtoull(p, (char **)&p, 16);
1208 if (*p == ',')
1209 p++;
1210 len = strtoull(p, (char **)&p, 16);
1211 if (ch == 'Z')
1212 res = gdb_breakpoint_insert(addr, len, type);
1213 else
1214 res = gdb_breakpoint_remove(addr, len, type);
1215 if (res >= 0)
1216 put_packet(s, "OK");
1217 else if (res == -ENOSYS)
1218 put_packet(s, "");
1219 else
1220 put_packet(s, "E22");
1221 break;
1222 case 'H':
1223 type = *p++;
1224 thread = strtoull(p, (char **)&p, 16);
1225 if (thread == -1 || thread == 0) {
1226 put_packet(s, "OK");
1227 break;
1229 cpu = find_cpu(thread);
1230 if (cpu == NULL) {
1231 put_packet(s, "E22");
1232 break;
1234 switch (type) {
1235 case 'c':
1236 s->c_cpu = cpu;
1237 put_packet(s, "OK");
1238 break;
1239 case 'g':
1240 s->g_cpu = cpu;
1241 put_packet(s, "OK");
1242 break;
1243 default:
1244 put_packet(s, "E22");
1245 break;
1247 break;
1248 case 'T':
1249 thread = strtoull(p, (char **)&p, 16);
1250 cpu = find_cpu(thread);
1252 if (cpu != NULL) {
1253 put_packet(s, "OK");
1254 } else {
1255 put_packet(s, "E22");
1257 break;
1258 case 'q':
1259 case 'Q':
1260 /* parse any 'q' packets here */
1261 if (!strcmp(p,"qemu.sstepbits")) {
1262 /* Query Breakpoint bit definitions */
1263 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1264 SSTEP_ENABLE,
1265 SSTEP_NOIRQ,
1266 SSTEP_NOTIMER);
1267 put_packet(s, buf);
1268 break;
1269 } else if (is_query_packet(p, "qemu.sstep", '=')) {
1270 /* Display or change the sstep_flags */
1271 p += 10;
1272 if (*p != '=') {
1273 /* Display current setting */
1274 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1275 put_packet(s, buf);
1276 break;
1278 p++;
1279 type = strtoul(p, (char **)&p, 16);
1280 sstep_flags = type;
1281 put_packet(s, "OK");
1282 break;
1283 } else if (strcmp(p,"C") == 0) {
1284 /* "Current thread" remains vague in the spec, so always return
1285 * the first CPU (gdb returns the first thread). */
1286 put_packet(s, "QC1");
1287 break;
1288 } else if (strcmp(p,"fThreadInfo") == 0) {
1289 s->query_cpu = first_cpu;
1290 goto report_cpuinfo;
1291 } else if (strcmp(p,"sThreadInfo") == 0) {
1292 report_cpuinfo:
1293 if (s->query_cpu) {
1294 snprintf(buf, sizeof(buf), "m%x", cpu_gdb_index(s->query_cpu));
1295 put_packet(s, buf);
1296 s->query_cpu = CPU_NEXT(s->query_cpu);
1297 } else
1298 put_packet(s, "l");
1299 break;
1300 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1301 thread = strtoull(p+16, (char **)&p, 16);
1302 cpu = find_cpu(thread);
1303 if (cpu != NULL) {
1304 cpu_synchronize_state(cpu);
1305 /* memtohex() doubles the required space */
1306 len = snprintf((char *)mem_buf, sizeof(buf) / 2,
1307 "CPU#%d [%s]", cpu->cpu_index,
1308 cpu->halted ? "halted " : "running");
1309 trace_gdbstub_op_extra_info((char *)mem_buf);
1310 memtohex(buf, mem_buf, len);
1311 put_packet(s, buf);
1313 break;
1315 #ifdef CONFIG_USER_ONLY
1316 else if (strcmp(p, "Offsets") == 0) {
1317 TaskState *ts = s->c_cpu->opaque;
1319 snprintf(buf, sizeof(buf),
1320 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1321 ";Bss=" TARGET_ABI_FMT_lx,
1322 ts->info->code_offset,
1323 ts->info->data_offset,
1324 ts->info->data_offset);
1325 put_packet(s, buf);
1326 break;
1328 #else /* !CONFIG_USER_ONLY */
1329 else if (strncmp(p, "Rcmd,", 5) == 0) {
1330 int len = strlen(p + 5);
1332 if ((len % 2) != 0) {
1333 put_packet(s, "E01");
1334 break;
1336 len = len / 2;
1337 hextomem(mem_buf, p + 5, len);
1338 mem_buf[len++] = 0;
1339 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1340 put_packet(s, "OK");
1341 break;
1343 #endif /* !CONFIG_USER_ONLY */
1344 if (is_query_packet(p, "Supported", ':')) {
1345 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1346 cc = CPU_GET_CLASS(first_cpu);
1347 if (cc->gdb_core_xml_file != NULL) {
1348 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1350 put_packet(s, buf);
1351 break;
1353 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1354 const char *xml;
1355 target_ulong total_len;
1357 cc = CPU_GET_CLASS(first_cpu);
1358 if (cc->gdb_core_xml_file == NULL) {
1359 goto unknown_command;
1362 gdb_has_xml = true;
1363 p += 19;
1364 xml = get_feature_xml(p, &p, cc);
1365 if (!xml) {
1366 snprintf(buf, sizeof(buf), "E00");
1367 put_packet(s, buf);
1368 break;
1371 if (*p == ':')
1372 p++;
1373 addr = strtoul(p, (char **)&p, 16);
1374 if (*p == ',')
1375 p++;
1376 len = strtoul(p, (char **)&p, 16);
1378 total_len = strlen(xml);
1379 if (addr > total_len) {
1380 snprintf(buf, sizeof(buf), "E00");
1381 put_packet(s, buf);
1382 break;
1384 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1385 len = (MAX_PACKET_LENGTH - 5) / 2;
1386 if (len < total_len - addr) {
1387 buf[0] = 'm';
1388 len = memtox(buf + 1, xml + addr, len);
1389 } else {
1390 buf[0] = 'l';
1391 len = memtox(buf + 1, xml + addr, total_len - addr);
1393 put_packet_binary(s, buf, len + 1, true);
1394 break;
1396 if (is_query_packet(p, "Attached", ':')) {
1397 put_packet(s, GDB_ATTACHED);
1398 break;
1400 /* Unrecognised 'q' command. */
1401 goto unknown_command;
1403 default:
1404 unknown_command:
1405 /* put empty packet */
1406 buf[0] = '\0';
1407 put_packet(s, buf);
1408 break;
1410 return RS_IDLE;
1413 void gdb_set_stop_cpu(CPUState *cpu)
1415 gdbserver_state->c_cpu = cpu;
1416 gdbserver_state->g_cpu = cpu;
1419 #ifndef CONFIG_USER_ONLY
1420 static void gdb_vm_state_change(void *opaque, int running, RunState state)
1422 GDBState *s = gdbserver_state;
1423 CPUState *cpu = s->c_cpu;
1424 char buf[256];
1425 const char *type;
1426 int ret;
1428 if (running || s->state == RS_INACTIVE) {
1429 return;
1431 /* Is there a GDB syscall waiting to be sent? */
1432 if (s->current_syscall_cb) {
1433 put_packet(s, s->syscall_buf);
1434 return;
1436 switch (state) {
1437 case RUN_STATE_DEBUG:
1438 if (cpu->watchpoint_hit) {
1439 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
1440 case BP_MEM_READ:
1441 type = "r";
1442 break;
1443 case BP_MEM_ACCESS:
1444 type = "a";
1445 break;
1446 default:
1447 type = "";
1448 break;
1450 trace_gdbstub_hit_watchpoint(type, cpu_gdb_index(cpu),
1451 (target_ulong)cpu->watchpoint_hit->vaddr);
1452 snprintf(buf, sizeof(buf),
1453 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
1454 GDB_SIGNAL_TRAP, cpu_gdb_index(cpu), type,
1455 (target_ulong)cpu->watchpoint_hit->vaddr);
1456 cpu->watchpoint_hit = NULL;
1457 goto send_packet;
1458 } else {
1459 trace_gdbstub_hit_break();
1461 tb_flush(cpu);
1462 ret = GDB_SIGNAL_TRAP;
1463 break;
1464 case RUN_STATE_PAUSED:
1465 trace_gdbstub_hit_paused();
1466 ret = GDB_SIGNAL_INT;
1467 break;
1468 case RUN_STATE_SHUTDOWN:
1469 trace_gdbstub_hit_shutdown();
1470 ret = GDB_SIGNAL_QUIT;
1471 break;
1472 case RUN_STATE_IO_ERROR:
1473 trace_gdbstub_hit_io_error();
1474 ret = GDB_SIGNAL_IO;
1475 break;
1476 case RUN_STATE_WATCHDOG:
1477 trace_gdbstub_hit_watchdog();
1478 ret = GDB_SIGNAL_ALRM;
1479 break;
1480 case RUN_STATE_INTERNAL_ERROR:
1481 trace_gdbstub_hit_internal_error();
1482 ret = GDB_SIGNAL_ABRT;
1483 break;
1484 case RUN_STATE_SAVE_VM:
1485 case RUN_STATE_RESTORE_VM:
1486 return;
1487 case RUN_STATE_FINISH_MIGRATE:
1488 ret = GDB_SIGNAL_XCPU;
1489 break;
1490 default:
1491 trace_gdbstub_hit_unknown(state);
1492 ret = GDB_SIGNAL_UNKNOWN;
1493 break;
1495 gdb_set_stop_cpu(cpu);
1496 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_gdb_index(cpu));
1498 send_packet:
1499 put_packet(s, buf);
1501 /* disable single step if it was enabled */
1502 cpu_single_step(cpu, 0);
1504 #endif
1506 /* Send a gdb syscall request.
1507 This accepts limited printf-style format specifiers, specifically:
1508 %x - target_ulong argument printed in hex.
1509 %lx - 64-bit argument printed in hex.
1510 %s - string pointer (target_ulong) and length (int) pair. */
1511 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
1513 char *p;
1514 char *p_end;
1515 target_ulong addr;
1516 uint64_t i64;
1517 GDBState *s;
1519 s = gdbserver_state;
1520 if (!s)
1521 return;
1522 s->current_syscall_cb = cb;
1523 #ifndef CONFIG_USER_ONLY
1524 vm_stop(RUN_STATE_DEBUG);
1525 #endif
1526 p = s->syscall_buf;
1527 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
1528 *(p++) = 'F';
1529 while (*fmt) {
1530 if (*fmt == '%') {
1531 fmt++;
1532 switch (*fmt++) {
1533 case 'x':
1534 addr = va_arg(va, target_ulong);
1535 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
1536 break;
1537 case 'l':
1538 if (*(fmt++) != 'x')
1539 goto bad_format;
1540 i64 = va_arg(va, uint64_t);
1541 p += snprintf(p, p_end - p, "%" PRIx64, i64);
1542 break;
1543 case 's':
1544 addr = va_arg(va, target_ulong);
1545 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
1546 addr, va_arg(va, int));
1547 break;
1548 default:
1549 bad_format:
1550 error_report("gdbstub: Bad syscall format string '%s'",
1551 fmt - 1);
1552 break;
1554 } else {
1555 *(p++) = *(fmt++);
1558 *p = 0;
1559 #ifdef CONFIG_USER_ONLY
1560 put_packet(s, s->syscall_buf);
1561 /* Return control to gdb for it to process the syscall request.
1562 * Since the protocol requires that gdb hands control back to us
1563 * using a "here are the results" F packet, we don't need to check
1564 * gdb_handlesig's return value (which is the signal to deliver if
1565 * execution was resumed via a continue packet).
1567 gdb_handlesig(s->c_cpu, 0);
1568 #else
1569 /* In this case wait to send the syscall packet until notification that
1570 the CPU has stopped. This must be done because if the packet is sent
1571 now the reply from the syscall request could be received while the CPU
1572 is still in the running state, which can cause packets to be dropped
1573 and state transition 'T' packets to be sent while the syscall is still
1574 being processed. */
1575 qemu_cpu_kick(s->c_cpu);
1576 #endif
1579 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1581 va_list va;
1583 va_start(va, fmt);
1584 gdb_do_syscallv(cb, fmt, va);
1585 va_end(va);
1588 static void gdb_read_byte(GDBState *s, int ch)
1590 uint8_t reply;
1592 #ifndef CONFIG_USER_ONLY
1593 if (s->last_packet_len) {
1594 /* Waiting for a response to the last packet. If we see the start
1595 of a new command then abandon the previous response. */
1596 if (ch == '-') {
1597 trace_gdbstub_err_got_nack();
1598 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
1599 } else if (ch == '+') {
1600 trace_gdbstub_io_got_ack();
1601 } else {
1602 trace_gdbstub_io_got_unexpected((uint8_t)ch);
1605 if (ch == '+' || ch == '$')
1606 s->last_packet_len = 0;
1607 if (ch != '$')
1608 return;
1610 if (runstate_is_running()) {
1611 /* when the CPU is running, we cannot do anything except stop
1612 it when receiving a char */
1613 vm_stop(RUN_STATE_PAUSED);
1614 } else
1615 #endif
1617 switch(s->state) {
1618 case RS_IDLE:
1619 if (ch == '$') {
1620 /* start of command packet */
1621 s->line_buf_index = 0;
1622 s->line_sum = 0;
1623 s->state = RS_GETLINE;
1624 } else {
1625 trace_gdbstub_err_garbage((uint8_t)ch);
1627 break;
1628 case RS_GETLINE:
1629 if (ch == '}') {
1630 /* start escape sequence */
1631 s->state = RS_GETLINE_ESC;
1632 s->line_sum += ch;
1633 } else if (ch == '*') {
1634 /* start run length encoding sequence */
1635 s->state = RS_GETLINE_RLE;
1636 s->line_sum += ch;
1637 } else if (ch == '#') {
1638 /* end of command, start of checksum*/
1639 s->state = RS_CHKSUM1;
1640 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1641 trace_gdbstub_err_overrun();
1642 s->state = RS_IDLE;
1643 } else {
1644 /* unescaped command character */
1645 s->line_buf[s->line_buf_index++] = ch;
1646 s->line_sum += ch;
1648 break;
1649 case RS_GETLINE_ESC:
1650 if (ch == '#') {
1651 /* unexpected end of command in escape sequence */
1652 s->state = RS_CHKSUM1;
1653 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1654 /* command buffer overrun */
1655 trace_gdbstub_err_overrun();
1656 s->state = RS_IDLE;
1657 } else {
1658 /* parse escaped character and leave escape state */
1659 s->line_buf[s->line_buf_index++] = ch ^ 0x20;
1660 s->line_sum += ch;
1661 s->state = RS_GETLINE;
1663 break;
1664 case RS_GETLINE_RLE:
1665 if (ch < ' ') {
1666 /* invalid RLE count encoding */
1667 trace_gdbstub_err_invalid_repeat((uint8_t)ch);
1668 s->state = RS_GETLINE;
1669 } else {
1670 /* decode repeat length */
1671 int repeat = (unsigned char)ch - ' ' + 3;
1672 if (s->line_buf_index + repeat >= sizeof(s->line_buf) - 1) {
1673 /* that many repeats would overrun the command buffer */
1674 trace_gdbstub_err_overrun();
1675 s->state = RS_IDLE;
1676 } else if (s->line_buf_index < 1) {
1677 /* got a repeat but we have nothing to repeat */
1678 trace_gdbstub_err_invalid_rle();
1679 s->state = RS_GETLINE;
1680 } else {
1681 /* repeat the last character */
1682 memset(s->line_buf + s->line_buf_index,
1683 s->line_buf[s->line_buf_index - 1], repeat);
1684 s->line_buf_index += repeat;
1685 s->line_sum += ch;
1686 s->state = RS_GETLINE;
1689 break;
1690 case RS_CHKSUM1:
1691 /* get high hex digit of checksum */
1692 if (!isxdigit(ch)) {
1693 trace_gdbstub_err_checksum_invalid((uint8_t)ch);
1694 s->state = RS_GETLINE;
1695 break;
1697 s->line_buf[s->line_buf_index] = '\0';
1698 s->line_csum = fromhex(ch) << 4;
1699 s->state = RS_CHKSUM2;
1700 break;
1701 case RS_CHKSUM2:
1702 /* get low hex digit of checksum */
1703 if (!isxdigit(ch)) {
1704 trace_gdbstub_err_checksum_invalid((uint8_t)ch);
1705 s->state = RS_GETLINE;
1706 break;
1708 s->line_csum |= fromhex(ch);
1710 if (s->line_csum != (s->line_sum & 0xff)) {
1711 trace_gdbstub_err_checksum_incorrect(s->line_sum, s->line_csum);
1712 /* send NAK reply */
1713 reply = '-';
1714 put_buffer(s, &reply, 1);
1715 s->state = RS_IDLE;
1716 } else {
1717 /* send ACK reply */
1718 reply = '+';
1719 put_buffer(s, &reply, 1);
1720 s->state = gdb_handle_packet(s, s->line_buf);
1722 break;
1723 default:
1724 abort();
1729 /* Tell the remote gdb that the process has exited. */
1730 void gdb_exit(CPUArchState *env, int code)
1732 GDBState *s;
1733 char buf[4];
1735 s = gdbserver_state;
1736 if (!s) {
1737 return;
1739 #ifdef CONFIG_USER_ONLY
1740 if (gdbserver_fd < 0 || s->fd < 0) {
1741 return;
1743 #endif
1745 trace_gdbstub_op_exiting((uint8_t)code);
1747 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
1748 put_packet(s, buf);
1750 #ifndef CONFIG_USER_ONLY
1751 qemu_chr_fe_deinit(&s->chr, true);
1752 #endif
1755 #ifdef CONFIG_USER_ONLY
1757 gdb_handlesig(CPUState *cpu, int sig)
1759 GDBState *s;
1760 char buf[256];
1761 int n;
1763 s = gdbserver_state;
1764 if (gdbserver_fd < 0 || s->fd < 0) {
1765 return sig;
1768 /* disable single step if it was enabled */
1769 cpu_single_step(cpu, 0);
1770 tb_flush(cpu);
1772 if (sig != 0) {
1773 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
1774 put_packet(s, buf);
1776 /* put_packet() might have detected that the peer terminated the
1777 connection. */
1778 if (s->fd < 0) {
1779 return sig;
1782 sig = 0;
1783 s->state = RS_IDLE;
1784 s->running_state = 0;
1785 while (s->running_state == 0) {
1786 n = read(s->fd, buf, 256);
1787 if (n > 0) {
1788 int i;
1790 for (i = 0; i < n; i++) {
1791 gdb_read_byte(s, buf[i]);
1793 } else {
1794 /* XXX: Connection closed. Should probably wait for another
1795 connection before continuing. */
1796 if (n == 0) {
1797 close(s->fd);
1799 s->fd = -1;
1800 return sig;
1803 sig = s->signal;
1804 s->signal = 0;
1805 return sig;
1808 /* Tell the remote gdb that the process has exited due to SIG. */
1809 void gdb_signalled(CPUArchState *env, int sig)
1811 GDBState *s;
1812 char buf[4];
1814 s = gdbserver_state;
1815 if (gdbserver_fd < 0 || s->fd < 0) {
1816 return;
1819 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
1820 put_packet(s, buf);
1823 static bool gdb_accept(void)
1825 GDBState *s;
1826 struct sockaddr_in sockaddr;
1827 socklen_t len;
1828 int fd;
1830 for(;;) {
1831 len = sizeof(sockaddr);
1832 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
1833 if (fd < 0 && errno != EINTR) {
1834 perror("accept");
1835 return false;
1836 } else if (fd >= 0) {
1837 qemu_set_cloexec(fd);
1838 break;
1842 /* set short latency */
1843 if (socket_set_nodelay(fd)) {
1844 perror("setsockopt");
1845 close(fd);
1846 return false;
1849 s = g_malloc0(sizeof(GDBState));
1850 s->c_cpu = first_cpu;
1851 s->g_cpu = first_cpu;
1852 s->fd = fd;
1853 gdb_has_xml = false;
1855 gdbserver_state = s;
1856 return true;
1859 static int gdbserver_open(int port)
1861 struct sockaddr_in sockaddr;
1862 int fd, ret;
1864 fd = socket(PF_INET, SOCK_STREAM, 0);
1865 if (fd < 0) {
1866 perror("socket");
1867 return -1;
1869 qemu_set_cloexec(fd);
1871 socket_set_fast_reuse(fd);
1873 sockaddr.sin_family = AF_INET;
1874 sockaddr.sin_port = htons(port);
1875 sockaddr.sin_addr.s_addr = 0;
1876 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
1877 if (ret < 0) {
1878 perror("bind");
1879 close(fd);
1880 return -1;
1882 ret = listen(fd, 1);
1883 if (ret < 0) {
1884 perror("listen");
1885 close(fd);
1886 return -1;
1888 return fd;
1891 int gdbserver_start(int port)
1893 gdbserver_fd = gdbserver_open(port);
1894 if (gdbserver_fd < 0)
1895 return -1;
1896 /* accept connections */
1897 if (!gdb_accept()) {
1898 close(gdbserver_fd);
1899 gdbserver_fd = -1;
1900 return -1;
1902 return 0;
1905 /* Disable gdb stub for child processes. */
1906 void gdbserver_fork(CPUState *cpu)
1908 GDBState *s = gdbserver_state;
1910 if (gdbserver_fd < 0 || s->fd < 0) {
1911 return;
1913 close(s->fd);
1914 s->fd = -1;
1915 cpu_breakpoint_remove_all(cpu, BP_GDB);
1916 cpu_watchpoint_remove_all(cpu, BP_GDB);
1918 #else
1919 static int gdb_chr_can_receive(void *opaque)
1921 /* We can handle an arbitrarily large amount of data.
1922 Pick the maximum packet size, which is as good as anything. */
1923 return MAX_PACKET_LENGTH;
1926 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
1928 int i;
1930 for (i = 0; i < size; i++) {
1931 gdb_read_byte(gdbserver_state, buf[i]);
1935 static void gdb_chr_event(void *opaque, int event)
1937 switch (event) {
1938 case CHR_EVENT_OPENED:
1939 vm_stop(RUN_STATE_PAUSED);
1940 gdb_has_xml = false;
1941 break;
1942 default:
1943 break;
1947 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
1949 char buf[MAX_PACKET_LENGTH];
1951 buf[0] = 'O';
1952 if (len > (MAX_PACKET_LENGTH/2) - 1)
1953 len = (MAX_PACKET_LENGTH/2) - 1;
1954 memtohex(buf + 1, (uint8_t *)msg, len);
1955 put_packet(s, buf);
1958 static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len)
1960 const char *p = (const char *)buf;
1961 int max_sz;
1963 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
1964 for (;;) {
1965 if (len <= max_sz) {
1966 gdb_monitor_output(gdbserver_state, p, len);
1967 break;
1969 gdb_monitor_output(gdbserver_state, p, max_sz);
1970 p += max_sz;
1971 len -= max_sz;
1973 return len;
1976 #ifndef _WIN32
1977 static void gdb_sigterm_handler(int signal)
1979 if (runstate_is_running()) {
1980 vm_stop(RUN_STATE_PAUSED);
1983 #endif
1985 static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend,
1986 bool *be_opened, Error **errp)
1988 *be_opened = false;
1991 static void char_gdb_class_init(ObjectClass *oc, void *data)
1993 ChardevClass *cc = CHARDEV_CLASS(oc);
1995 cc->internal = true;
1996 cc->open = gdb_monitor_open;
1997 cc->chr_write = gdb_monitor_write;
2000 #define TYPE_CHARDEV_GDB "chardev-gdb"
2002 static const TypeInfo char_gdb_type_info = {
2003 .name = TYPE_CHARDEV_GDB,
2004 .parent = TYPE_CHARDEV,
2005 .class_init = char_gdb_class_init,
2008 int gdbserver_start(const char *device)
2010 trace_gdbstub_op_start(device);
2012 GDBState *s;
2013 char gdbstub_device_name[128];
2014 Chardev *chr = NULL;
2015 Chardev *mon_chr;
2017 if (!first_cpu) {
2018 error_report("gdbstub: meaningless to attach gdb to a "
2019 "machine without any CPU.");
2020 return -1;
2023 if (!device)
2024 return -1;
2025 if (strcmp(device, "none") != 0) {
2026 if (strstart(device, "tcp:", NULL)) {
2027 /* enforce required TCP attributes */
2028 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
2029 "%s,nowait,nodelay,server", device);
2030 device = gdbstub_device_name;
2032 #ifndef _WIN32
2033 else if (strcmp(device, "stdio") == 0) {
2034 struct sigaction act;
2036 memset(&act, 0, sizeof(act));
2037 act.sa_handler = gdb_sigterm_handler;
2038 sigaction(SIGINT, &act, NULL);
2040 #endif
2041 chr = qemu_chr_new_noreplay("gdb", device);
2042 if (!chr)
2043 return -1;
2046 s = gdbserver_state;
2047 if (!s) {
2048 s = g_malloc0(sizeof(GDBState));
2049 gdbserver_state = s;
2051 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
2053 /* Initialize a monitor terminal for gdb */
2054 mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB,
2055 NULL, &error_abort);
2056 monitor_init(mon_chr, 0);
2057 } else {
2058 qemu_chr_fe_deinit(&s->chr, true);
2059 mon_chr = s->mon_chr;
2060 memset(s, 0, sizeof(GDBState));
2061 s->mon_chr = mon_chr;
2063 s->c_cpu = first_cpu;
2064 s->g_cpu = first_cpu;
2065 if (chr) {
2066 qemu_chr_fe_init(&s->chr, chr, &error_abort);
2067 qemu_chr_fe_set_handlers(&s->chr, gdb_chr_can_receive, gdb_chr_receive,
2068 gdb_chr_event, NULL, NULL, NULL, true);
2070 s->state = chr ? RS_IDLE : RS_INACTIVE;
2071 s->mon_chr = mon_chr;
2072 s->current_syscall_cb = NULL;
2074 return 0;
2077 void gdbserver_cleanup(void)
2079 if (gdbserver_state) {
2080 put_packet(gdbserver_state, "W00");
2084 static void register_types(void)
2086 type_register_static(&char_gdb_type_info);
2089 type_init(register_types);
2090 #endif