4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #include "qemu/error-report.h"
22 #include "qemu/cutils.h"
24 #include "trace-root.h"
25 #ifdef CONFIG_USER_ONLY
28 #include "monitor/monitor.h"
29 #include "chardev/char.h"
30 #include "chardev/char-fe.h"
31 #include "sysemu/sysemu.h"
32 #include "exec/gdbstub.h"
35 #define MAX_PACKET_LENGTH 4096
37 #include "qemu/sockets.h"
38 #include "sysemu/hw_accel.h"
39 #include "sysemu/kvm.h"
40 #include "exec/semihost.h"
41 #include "exec/exec-all.h"
43 #ifdef CONFIG_USER_ONLY
44 #define GDB_ATTACHED "0"
46 #define GDB_ATTACHED "1"
49 static inline int target_memory_rw_debug(CPUState
*cpu
, target_ulong addr
,
50 uint8_t *buf
, int len
, bool is_write
)
52 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
54 if (cc
->memory_rw_debug
) {
55 return cc
->memory_rw_debug(cpu
, addr
, buf
, len
, is_write
);
57 return cpu_memory_rw_debug(cpu
, addr
, buf
, len
, is_write
);
60 /* Return the GDB index for a given vCPU state.
62 * For user mode this is simply the thread id. In system mode GDB
63 * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
65 static inline int cpu_gdb_index(CPUState
*cpu
)
67 #if defined(CONFIG_USER_ONLY)
68 TaskState
*ts
= (TaskState
*) cpu
->opaque
;
71 return cpu
->cpu_index
+ 1;
84 GDB_SIGNAL_UNKNOWN
= 143
87 #ifdef CONFIG_USER_ONLY
89 /* Map target signal numbers to GDB protocol signal numbers and vice
90 * versa. For user emulation's currently supported systems, we can
91 * assume most signals are defined.
94 static int gdb_signal_table
[] = {
254 /* In system mode we only need SIGINT and SIGTRAP; other signals
255 are not yet supported. */
262 static int gdb_signal_table
[] = {
272 #ifdef CONFIG_USER_ONLY
273 static int target_signal_to_gdb (int sig
)
276 for (i
= 0; i
< ARRAY_SIZE (gdb_signal_table
); i
++)
277 if (gdb_signal_table
[i
] == sig
)
279 return GDB_SIGNAL_UNKNOWN
;
283 static int gdb_signal_to_target (int sig
)
285 if (sig
< ARRAY_SIZE (gdb_signal_table
))
286 return gdb_signal_table
[sig
];
291 typedef struct GDBRegisterState
{
297 struct GDBRegisterState
*next
;
309 typedef struct GDBState
{
310 CPUState
*c_cpu
; /* current CPU for step/continue ops */
311 CPUState
*g_cpu
; /* current CPU for other ops */
312 CPUState
*query_cpu
; /* for q{f|s}ThreadInfo */
313 enum RSState state
; /* parsing state */
314 char line_buf
[MAX_PACKET_LENGTH
];
316 int line_sum
; /* running checksum */
317 int line_csum
; /* checksum at the end of the packet */
318 uint8_t last_packet
[MAX_PACKET_LENGTH
+ 4];
321 #ifdef CONFIG_USER_ONLY
328 char syscall_buf
[256];
329 gdb_syscall_complete_cb current_syscall_cb
;
332 /* By default use no IRQs and no timers while single stepping so as to
333 * make single stepping like an ICE HW step.
335 static int sstep_flags
= SSTEP_ENABLE
|SSTEP_NOIRQ
|SSTEP_NOTIMER
;
337 static GDBState
*gdbserver_state
;
341 #ifdef CONFIG_USER_ONLY
342 /* XXX: This is not thread safe. Do we care? */
343 static int gdbserver_fd
= -1;
345 static int get_char(GDBState
*s
)
351 ret
= qemu_recv(s
->fd
, &ch
, 1, 0);
353 if (errno
== ECONNRESET
)
357 } else if (ret
== 0) {
375 /* Decide if either remote gdb syscalls or native file IO should be used. */
376 int use_gdb_syscalls(void)
378 SemihostingTarget target
= semihosting_get_target();
379 if (target
== SEMIHOSTING_TARGET_NATIVE
) {
380 /* -semihosting-config target=native */
382 } else if (target
== SEMIHOSTING_TARGET_GDB
) {
383 /* -semihosting-config target=gdb */
387 /* -semihosting-config target=auto */
388 /* On the first call check if gdb is connected and remember. */
389 if (gdb_syscall_mode
== GDB_SYS_UNKNOWN
) {
390 gdb_syscall_mode
= (gdbserver_state
? GDB_SYS_ENABLED
393 return gdb_syscall_mode
== GDB_SYS_ENABLED
;
396 /* Resume execution. */
397 static inline void gdb_continue(GDBState
*s
)
400 #ifdef CONFIG_USER_ONLY
401 s
->running_state
= 1;
402 trace_gdbstub_op_continue();
404 if (!runstate_needs_reset()) {
405 trace_gdbstub_op_continue();
412 * Resume execution, per CPU actions. For user-mode emulation it's
413 * equivalent to gdb_continue.
415 static int gdb_continue_partial(GDBState
*s
, char *newstates
)
419 #ifdef CONFIG_USER_ONLY
421 * This is not exactly accurate, but it's an improvement compared to the
422 * previous situation, where only one CPU would be single-stepped.
425 if (newstates
[cpu
->cpu_index
] == 's') {
426 trace_gdbstub_op_stepping(cpu
->cpu_index
);
427 cpu_single_step(cpu
, sstep_flags
);
430 s
->running_state
= 1;
434 if (!runstate_needs_reset()) {
435 if (vm_prepare_start()) {
440 switch (newstates
[cpu
->cpu_index
]) {
443 break; /* nothing to do here */
445 trace_gdbstub_op_stepping(cpu
->cpu_index
);
446 cpu_single_step(cpu
, sstep_flags
);
451 trace_gdbstub_op_continue_cpu(cpu
->cpu_index
);
462 qemu_clock_enable(QEMU_CLOCK_VIRTUAL
, true);
468 static void put_buffer(GDBState
*s
, const uint8_t *buf
, int len
)
470 #ifdef CONFIG_USER_ONLY
474 ret
= send(s
->fd
, buf
, len
, 0);
484 /* XXX this blocks entire thread. Rewrite to use
485 * qemu_chr_fe_write and background I/O callbacks */
486 qemu_chr_fe_write_all(&s
->chr
, buf
, len
);
490 static inline int fromhex(int v
)
492 if (v
>= '0' && v
<= '9')
494 else if (v
>= 'A' && v
<= 'F')
496 else if (v
>= 'a' && v
<= 'f')
502 static inline int tohex(int v
)
510 /* writes 2*len+1 bytes in buf */
511 static void memtohex(char *buf
, const uint8_t *mem
, int len
)
516 for(i
= 0; i
< len
; i
++) {
518 *q
++ = tohex(c
>> 4);
519 *q
++ = tohex(c
& 0xf);
524 static void hextomem(uint8_t *mem
, const char *buf
, int len
)
528 for(i
= 0; i
< len
; i
++) {
529 mem
[i
] = (fromhex(buf
[0]) << 4) | fromhex(buf
[1]);
534 static void hexdump(const char *buf
, int len
,
535 void (*trace_fn
)(size_t ofs
, char const *text
))
537 char line_buffer
[3 * 16 + 4 + 16 + 1];
540 for (i
= 0; i
< len
|| (i
& 0xF); ++i
) {
541 size_t byte_ofs
= i
& 15;
544 memset(line_buffer
, ' ', 3 * 16 + 4 + 16);
545 line_buffer
[3 * 16 + 4 + 16] = 0;
548 size_t col_group
= (i
>> 2) & 3;
549 size_t hex_col
= byte_ofs
* 3 + col_group
;
550 size_t txt_col
= 3 * 16 + 4 + byte_ofs
;
555 line_buffer
[hex_col
+ 0] = tohex((value
>> 4) & 0xF);
556 line_buffer
[hex_col
+ 1] = tohex((value
>> 0) & 0xF);
557 line_buffer
[txt_col
+ 0] = (value
>= ' ' && value
< 127)
563 trace_fn(i
& -16, line_buffer
);
567 /* return -1 if error, 0 if OK */
568 static int put_packet_binary(GDBState
*s
, const char *buf
, int len
, bool dump
)
573 if (dump
&& trace_event_get_state_backends(TRACE_GDBSTUB_IO_BINARYREPLY
)) {
574 hexdump(buf
, len
, trace_gdbstub_io_binaryreply
);
583 for(i
= 0; i
< len
; i
++) {
587 *(p
++) = tohex((csum
>> 4) & 0xf);
588 *(p
++) = tohex((csum
) & 0xf);
590 s
->last_packet_len
= p
- s
->last_packet
;
591 put_buffer(s
, (uint8_t *)s
->last_packet
, s
->last_packet_len
);
593 #ifdef CONFIG_USER_ONLY
606 /* return -1 if error, 0 if OK */
607 static int put_packet(GDBState
*s
, const char *buf
)
609 trace_gdbstub_io_reply(buf
);
611 return put_packet_binary(s
, buf
, strlen(buf
), false);
614 /* Encode data using the encoding for 'x' packets. */
615 static int memtox(char *buf
, const char *mem
, int len
)
623 case '#': case '$': case '*': case '}':
635 static const char *get_feature_xml(const char *p
, const char **newp
,
641 static char target_xml
[1024];
644 while (p
[len
] && p
[len
] != ':')
649 if (strncmp(p
, "target.xml", len
) == 0) {
650 /* Generate the XML description for this CPU. */
651 if (!target_xml
[0]) {
653 CPUState
*cpu
= first_cpu
;
655 pstrcat(target_xml
, sizeof(target_xml
),
656 "<?xml version=\"1.0\"?>"
657 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
659 if (cc
->gdb_arch_name
) {
660 gchar
*arch
= cc
->gdb_arch_name(cpu
);
661 pstrcat(target_xml
, sizeof(target_xml
), "<architecture>");
662 pstrcat(target_xml
, sizeof(target_xml
), arch
);
663 pstrcat(target_xml
, sizeof(target_xml
), "</architecture>");
666 pstrcat(target_xml
, sizeof(target_xml
), "<xi:include href=\"");
667 pstrcat(target_xml
, sizeof(target_xml
), cc
->gdb_core_xml_file
);
668 pstrcat(target_xml
, sizeof(target_xml
), "\"/>");
669 for (r
= cpu
->gdb_regs
; r
; r
= r
->next
) {
670 pstrcat(target_xml
, sizeof(target_xml
), "<xi:include href=\"");
671 pstrcat(target_xml
, sizeof(target_xml
), r
->xml
);
672 pstrcat(target_xml
, sizeof(target_xml
), "\"/>");
674 pstrcat(target_xml
, sizeof(target_xml
), "</target>");
678 if (cc
->gdb_get_dynamic_xml
) {
679 CPUState
*cpu
= first_cpu
;
680 char *xmlname
= g_strndup(p
, len
);
681 const char *xml
= cc
->gdb_get_dynamic_xml(cpu
, xmlname
);
689 name
= xml_builtin
[i
][0];
690 if (!name
|| (strncmp(name
, p
, len
) == 0 && strlen(name
) == len
))
693 return name
? xml_builtin
[i
][1] : NULL
;
696 static int gdb_read_register(CPUState
*cpu
, uint8_t *mem_buf
, int reg
)
698 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
699 CPUArchState
*env
= cpu
->env_ptr
;
702 if (reg
< cc
->gdb_num_core_regs
) {
703 return cc
->gdb_read_register(cpu
, mem_buf
, reg
);
706 for (r
= cpu
->gdb_regs
; r
; r
= r
->next
) {
707 if (r
->base_reg
<= reg
&& reg
< r
->base_reg
+ r
->num_regs
) {
708 return r
->get_reg(env
, mem_buf
, reg
- r
->base_reg
);
714 static int gdb_write_register(CPUState
*cpu
, uint8_t *mem_buf
, int reg
)
716 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
717 CPUArchState
*env
= cpu
->env_ptr
;
720 if (reg
< cc
->gdb_num_core_regs
) {
721 return cc
->gdb_write_register(cpu
, mem_buf
, reg
);
724 for (r
= cpu
->gdb_regs
; r
; r
= r
->next
) {
725 if (r
->base_reg
<= reg
&& reg
< r
->base_reg
+ r
->num_regs
) {
726 return r
->set_reg(env
, mem_buf
, reg
- r
->base_reg
);
732 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
733 specifies the first register number and these registers are included in
734 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
735 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
738 void gdb_register_coprocessor(CPUState
*cpu
,
739 gdb_reg_cb get_reg
, gdb_reg_cb set_reg
,
740 int num_regs
, const char *xml
, int g_pos
)
743 GDBRegisterState
**p
;
747 /* Check for duplicates. */
748 if (strcmp((*p
)->xml
, xml
) == 0)
753 s
= g_new0(GDBRegisterState
, 1);
754 s
->base_reg
= cpu
->gdb_num_regs
;
755 s
->num_regs
= num_regs
;
756 s
->get_reg
= get_reg
;
757 s
->set_reg
= set_reg
;
760 /* Add to end of list. */
761 cpu
->gdb_num_regs
+= num_regs
;
764 if (g_pos
!= s
->base_reg
) {
765 error_report("Error: Bad gdb register numbering for '%s', "
766 "expected %d got %d", xml
, g_pos
, s
->base_reg
);
768 cpu
->gdb_num_g_regs
= cpu
->gdb_num_regs
;
773 #ifndef CONFIG_USER_ONLY
774 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
775 static inline int xlat_gdb_type(CPUState
*cpu
, int gdbtype
)
777 static const int xlat
[] = {
778 [GDB_WATCHPOINT_WRITE
] = BP_GDB
| BP_MEM_WRITE
,
779 [GDB_WATCHPOINT_READ
] = BP_GDB
| BP_MEM_READ
,
780 [GDB_WATCHPOINT_ACCESS
] = BP_GDB
| BP_MEM_ACCESS
,
783 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
784 int cputype
= xlat
[gdbtype
];
786 if (cc
->gdb_stop_before_watchpoint
) {
787 cputype
|= BP_STOP_BEFORE_ACCESS
;
793 static int gdb_breakpoint_insert(target_ulong addr
, target_ulong len
, int type
)
799 return kvm_insert_breakpoint(gdbserver_state
->c_cpu
, addr
, len
, type
);
803 case GDB_BREAKPOINT_SW
:
804 case GDB_BREAKPOINT_HW
:
806 err
= cpu_breakpoint_insert(cpu
, addr
, BP_GDB
, NULL
);
812 #ifndef CONFIG_USER_ONLY
813 case GDB_WATCHPOINT_WRITE
:
814 case GDB_WATCHPOINT_READ
:
815 case GDB_WATCHPOINT_ACCESS
:
817 err
= cpu_watchpoint_insert(cpu
, addr
, len
,
818 xlat_gdb_type(cpu
, type
), NULL
);
830 static int gdb_breakpoint_remove(target_ulong addr
, target_ulong len
, int type
)
836 return kvm_remove_breakpoint(gdbserver_state
->c_cpu
, addr
, len
, type
);
840 case GDB_BREAKPOINT_SW
:
841 case GDB_BREAKPOINT_HW
:
843 err
= cpu_breakpoint_remove(cpu
, addr
, BP_GDB
);
849 #ifndef CONFIG_USER_ONLY
850 case GDB_WATCHPOINT_WRITE
:
851 case GDB_WATCHPOINT_READ
:
852 case GDB_WATCHPOINT_ACCESS
:
854 err
= cpu_watchpoint_remove(cpu
, addr
, len
,
855 xlat_gdb_type(cpu
, type
));
866 static void gdb_breakpoint_remove_all(void)
871 kvm_remove_all_breakpoints(gdbserver_state
->c_cpu
);
876 cpu_breakpoint_remove_all(cpu
, BP_GDB
);
877 #ifndef CONFIG_USER_ONLY
878 cpu_watchpoint_remove_all(cpu
, BP_GDB
);
883 static void gdb_set_cpu_pc(GDBState
*s
, target_ulong pc
)
885 CPUState
*cpu
= s
->c_cpu
;
887 cpu_synchronize_state(cpu
);
891 static CPUState
*find_cpu(uint32_t thread_id
)
896 if (cpu_gdb_index(cpu
) == thread_id
) {
904 static int is_query_packet(const char *p
, const char *query
, char separator
)
906 unsigned int query_len
= strlen(query
);
908 return strncmp(p
, query
, query_len
) == 0 &&
909 (p
[query_len
] == '\0' || p
[query_len
] == separator
);
913 * gdb_handle_vcont - Parses and handles a vCont packet.
914 * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
915 * a format error, 0 on success.
917 static int gdb_handle_vcont(GDBState
*s
, const char *p
)
919 int res
, idx
, signal
= 0;
924 #ifdef CONFIG_USER_ONLY
925 int max_cpus
= 1; /* global variable max_cpus exists only in system mode */
928 max_cpus
= max_cpus
<= cpu
->cpu_index
? cpu
->cpu_index
+ 1 : max_cpus
;
931 /* uninitialised CPUs stay 0 */
932 newstates
= g_new0(char, max_cpus
);
934 /* mark valid CPUs with 1 */
936 newstates
[cpu
->cpu_index
] = 1;
940 * res keeps track of what error we are returning, with -ENOTSUP meaning
941 * that the command is unknown or unsupported, thus returning an empty
942 * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
943 * or incorrect parameters passed.
953 if (cur_action
== 'C' || cur_action
== 'S') {
954 cur_action
= qemu_tolower(cur_action
);
955 res
= qemu_strtoul(p
+ 1, &p
, 16, &tmp
);
959 signal
= gdb_signal_to_target(tmp
);
960 } else if (cur_action
!= 'c' && cur_action
!= 's') {
961 /* unknown/invalid/unsupported command */
965 /* thread specification. special values: (none), -1 = all; 0 = any */
966 if ((p
[0] == ':' && p
[1] == '-' && p
[2] == '1') || (p
[0] != ':')) {
970 for (idx
= 0; idx
< max_cpus
; idx
++) {
971 if (newstates
[idx
] == 1) {
972 newstates
[idx
] = cur_action
;
975 } else if (*p
== ':') {
977 res
= qemu_strtoul(p
, &p
, 16, &tmp
);
982 /* 0 means any thread, so we pick the first valid CPU */
983 cpu
= tmp
? find_cpu(tmp
) : first_cpu
;
985 /* invalid CPU/thread specified */
991 /* only use if no previous match occourred */
992 if (newstates
[cpu
->cpu_index
] == 1) {
993 newstates
[cpu
->cpu_index
] = cur_action
;
998 gdb_continue_partial(s
, newstates
);
1006 static int gdb_handle_packet(GDBState
*s
, const char *line_buf
)
1012 int ch
, reg_size
, type
, res
;
1013 uint8_t mem_buf
[MAX_PACKET_LENGTH
];
1014 char buf
[sizeof(mem_buf
) + 1 /* trailing NUL */];
1016 target_ulong addr
, len
;
1018 trace_gdbstub_io_command(line_buf
);
1024 /* TODO: Make this return the correct value for user-mode. */
1025 snprintf(buf
, sizeof(buf
), "T%02xthread:%02x;", GDB_SIGNAL_TRAP
,
1026 cpu_gdb_index(s
->c_cpu
));
1028 /* Remove all the breakpoints when this query is issued,
1029 * because gdb is doing and initial connect and the state
1030 * should be cleaned up.
1032 gdb_breakpoint_remove_all();
1036 addr
= strtoull(p
, (char **)&p
, 16);
1037 gdb_set_cpu_pc(s
, addr
);
1043 s
->signal
= gdb_signal_to_target (strtoul(p
, (char **)&p
, 16));
1044 if (s
->signal
== -1)
1049 if (strncmp(p
, "Cont", 4) == 0) {
1052 put_packet(s
, "vCont;c;C;s;S");
1056 res
= gdb_handle_vcont(s
, p
);
1059 if ((res
== -EINVAL
) || (res
== -ERANGE
)) {
1060 put_packet(s
, "E22");
1063 goto unknown_command
;
1067 goto unknown_command
;
1070 /* Kill the target */
1071 error_report("QEMU: Terminated via GDBstub");
1075 gdb_breakpoint_remove_all();
1076 gdb_syscall_mode
= GDB_SYS_DISABLED
;
1078 put_packet(s
, "OK");
1082 addr
= strtoull(p
, (char **)&p
, 16);
1083 gdb_set_cpu_pc(s
, addr
);
1085 cpu_single_step(s
->c_cpu
, sstep_flags
);
1093 ret
= strtoull(p
, (char **)&p
, 16);
1096 err
= strtoull(p
, (char **)&p
, 16);
1103 if (s
->current_syscall_cb
) {
1104 s
->current_syscall_cb(s
->c_cpu
, ret
, err
);
1105 s
->current_syscall_cb
= NULL
;
1108 put_packet(s
, "T02");
1115 cpu_synchronize_state(s
->g_cpu
);
1117 for (addr
= 0; addr
< s
->g_cpu
->gdb_num_g_regs
; addr
++) {
1118 reg_size
= gdb_read_register(s
->g_cpu
, mem_buf
+ len
, addr
);
1121 memtohex(buf
, mem_buf
, len
);
1125 cpu_synchronize_state(s
->g_cpu
);
1126 registers
= mem_buf
;
1127 len
= strlen(p
) / 2;
1128 hextomem((uint8_t *)registers
, p
, len
);
1129 for (addr
= 0; addr
< s
->g_cpu
->gdb_num_g_regs
&& len
> 0; addr
++) {
1130 reg_size
= gdb_write_register(s
->g_cpu
, registers
, addr
);
1132 registers
+= reg_size
;
1134 put_packet(s
, "OK");
1137 addr
= strtoull(p
, (char **)&p
, 16);
1140 len
= strtoull(p
, NULL
, 16);
1142 /* memtohex() doubles the required space */
1143 if (len
> MAX_PACKET_LENGTH
/ 2) {
1144 put_packet (s
, "E22");
1148 if (target_memory_rw_debug(s
->g_cpu
, addr
, mem_buf
, len
, false) != 0) {
1149 put_packet (s
, "E14");
1151 memtohex(buf
, mem_buf
, len
);
1156 addr
= strtoull(p
, (char **)&p
, 16);
1159 len
= strtoull(p
, (char **)&p
, 16);
1163 /* hextomem() reads 2*len bytes */
1164 if (len
> strlen(p
) / 2) {
1165 put_packet (s
, "E22");
1168 hextomem(mem_buf
, p
, len
);
1169 if (target_memory_rw_debug(s
->g_cpu
, addr
, mem_buf
, len
,
1171 put_packet(s
, "E14");
1173 put_packet(s
, "OK");
1177 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1178 This works, but can be very slow. Anything new enough to
1179 understand XML also knows how to use this properly. */
1181 goto unknown_command
;
1182 addr
= strtoull(p
, (char **)&p
, 16);
1183 reg_size
= gdb_read_register(s
->g_cpu
, mem_buf
, addr
);
1185 memtohex(buf
, mem_buf
, reg_size
);
1188 put_packet(s
, "E14");
1193 goto unknown_command
;
1194 addr
= strtoull(p
, (char **)&p
, 16);
1197 reg_size
= strlen(p
) / 2;
1198 hextomem(mem_buf
, p
, reg_size
);
1199 gdb_write_register(s
->g_cpu
, mem_buf
, addr
);
1200 put_packet(s
, "OK");
1204 type
= strtoul(p
, (char **)&p
, 16);
1207 addr
= strtoull(p
, (char **)&p
, 16);
1210 len
= strtoull(p
, (char **)&p
, 16);
1212 res
= gdb_breakpoint_insert(addr
, len
, type
);
1214 res
= gdb_breakpoint_remove(addr
, len
, type
);
1216 put_packet(s
, "OK");
1217 else if (res
== -ENOSYS
)
1220 put_packet(s
, "E22");
1224 thread
= strtoull(p
, (char **)&p
, 16);
1225 if (thread
== -1 || thread
== 0) {
1226 put_packet(s
, "OK");
1229 cpu
= find_cpu(thread
);
1231 put_packet(s
, "E22");
1237 put_packet(s
, "OK");
1241 put_packet(s
, "OK");
1244 put_packet(s
, "E22");
1249 thread
= strtoull(p
, (char **)&p
, 16);
1250 cpu
= find_cpu(thread
);
1253 put_packet(s
, "OK");
1255 put_packet(s
, "E22");
1260 /* parse any 'q' packets here */
1261 if (!strcmp(p
,"qemu.sstepbits")) {
1262 /* Query Breakpoint bit definitions */
1263 snprintf(buf
, sizeof(buf
), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1269 } else if (is_query_packet(p
, "qemu.sstep", '=')) {
1270 /* Display or change the sstep_flags */
1273 /* Display current setting */
1274 snprintf(buf
, sizeof(buf
), "0x%x", sstep_flags
);
1279 type
= strtoul(p
, (char **)&p
, 16);
1281 put_packet(s
, "OK");
1283 } else if (strcmp(p
,"C") == 0) {
1284 /* "Current thread" remains vague in the spec, so always return
1285 * the first CPU (gdb returns the first thread). */
1286 put_packet(s
, "QC1");
1288 } else if (strcmp(p
,"fThreadInfo") == 0) {
1289 s
->query_cpu
= first_cpu
;
1290 goto report_cpuinfo
;
1291 } else if (strcmp(p
,"sThreadInfo") == 0) {
1294 snprintf(buf
, sizeof(buf
), "m%x", cpu_gdb_index(s
->query_cpu
));
1296 s
->query_cpu
= CPU_NEXT(s
->query_cpu
);
1300 } else if (strncmp(p
,"ThreadExtraInfo,", 16) == 0) {
1301 thread
= strtoull(p
+16, (char **)&p
, 16);
1302 cpu
= find_cpu(thread
);
1304 cpu_synchronize_state(cpu
);
1305 /* memtohex() doubles the required space */
1306 len
= snprintf((char *)mem_buf
, sizeof(buf
) / 2,
1307 "CPU#%d [%s]", cpu
->cpu_index
,
1308 cpu
->halted
? "halted " : "running");
1309 trace_gdbstub_op_extra_info((char *)mem_buf
);
1310 memtohex(buf
, mem_buf
, len
);
1315 #ifdef CONFIG_USER_ONLY
1316 else if (strcmp(p
, "Offsets") == 0) {
1317 TaskState
*ts
= s
->c_cpu
->opaque
;
1319 snprintf(buf
, sizeof(buf
),
1320 "Text=" TARGET_ABI_FMT_lx
";Data=" TARGET_ABI_FMT_lx
1321 ";Bss=" TARGET_ABI_FMT_lx
,
1322 ts
->info
->code_offset
,
1323 ts
->info
->data_offset
,
1324 ts
->info
->data_offset
);
1328 #else /* !CONFIG_USER_ONLY */
1329 else if (strncmp(p
, "Rcmd,", 5) == 0) {
1330 int len
= strlen(p
+ 5);
1332 if ((len
% 2) != 0) {
1333 put_packet(s
, "E01");
1337 hextomem(mem_buf
, p
+ 5, len
);
1339 qemu_chr_be_write(s
->mon_chr
, mem_buf
, len
);
1340 put_packet(s
, "OK");
1343 #endif /* !CONFIG_USER_ONLY */
1344 if (is_query_packet(p
, "Supported", ':')) {
1345 snprintf(buf
, sizeof(buf
), "PacketSize=%x", MAX_PACKET_LENGTH
);
1346 cc
= CPU_GET_CLASS(first_cpu
);
1347 if (cc
->gdb_core_xml_file
!= NULL
) {
1348 pstrcat(buf
, sizeof(buf
), ";qXfer:features:read+");
1353 if (strncmp(p
, "Xfer:features:read:", 19) == 0) {
1355 target_ulong total_len
;
1357 cc
= CPU_GET_CLASS(first_cpu
);
1358 if (cc
->gdb_core_xml_file
== NULL
) {
1359 goto unknown_command
;
1364 xml
= get_feature_xml(p
, &p
, cc
);
1366 snprintf(buf
, sizeof(buf
), "E00");
1373 addr
= strtoul(p
, (char **)&p
, 16);
1376 len
= strtoul(p
, (char **)&p
, 16);
1378 total_len
= strlen(xml
);
1379 if (addr
> total_len
) {
1380 snprintf(buf
, sizeof(buf
), "E00");
1384 if (len
> (MAX_PACKET_LENGTH
- 5) / 2)
1385 len
= (MAX_PACKET_LENGTH
- 5) / 2;
1386 if (len
< total_len
- addr
) {
1388 len
= memtox(buf
+ 1, xml
+ addr
, len
);
1391 len
= memtox(buf
+ 1, xml
+ addr
, total_len
- addr
);
1393 put_packet_binary(s
, buf
, len
+ 1, true);
1396 if (is_query_packet(p
, "Attached", ':')) {
1397 put_packet(s
, GDB_ATTACHED
);
1400 /* Unrecognised 'q' command. */
1401 goto unknown_command
;
1405 /* put empty packet */
1413 void gdb_set_stop_cpu(CPUState
*cpu
)
1415 gdbserver_state
->c_cpu
= cpu
;
1416 gdbserver_state
->g_cpu
= cpu
;
1419 #ifndef CONFIG_USER_ONLY
1420 static void gdb_vm_state_change(void *opaque
, int running
, RunState state
)
1422 GDBState
*s
= gdbserver_state
;
1423 CPUState
*cpu
= s
->c_cpu
;
1428 if (running
|| s
->state
== RS_INACTIVE
) {
1431 /* Is there a GDB syscall waiting to be sent? */
1432 if (s
->current_syscall_cb
) {
1433 put_packet(s
, s
->syscall_buf
);
1437 case RUN_STATE_DEBUG
:
1438 if (cpu
->watchpoint_hit
) {
1439 switch (cpu
->watchpoint_hit
->flags
& BP_MEM_ACCESS
) {
1450 trace_gdbstub_hit_watchpoint(type
, cpu_gdb_index(cpu
),
1451 (target_ulong
)cpu
->watchpoint_hit
->vaddr
);
1452 snprintf(buf
, sizeof(buf
),
1453 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx
";",
1454 GDB_SIGNAL_TRAP
, cpu_gdb_index(cpu
), type
,
1455 (target_ulong
)cpu
->watchpoint_hit
->vaddr
);
1456 cpu
->watchpoint_hit
= NULL
;
1459 trace_gdbstub_hit_break();
1462 ret
= GDB_SIGNAL_TRAP
;
1464 case RUN_STATE_PAUSED
:
1465 trace_gdbstub_hit_paused();
1466 ret
= GDB_SIGNAL_INT
;
1468 case RUN_STATE_SHUTDOWN
:
1469 trace_gdbstub_hit_shutdown();
1470 ret
= GDB_SIGNAL_QUIT
;
1472 case RUN_STATE_IO_ERROR
:
1473 trace_gdbstub_hit_io_error();
1474 ret
= GDB_SIGNAL_IO
;
1476 case RUN_STATE_WATCHDOG
:
1477 trace_gdbstub_hit_watchdog();
1478 ret
= GDB_SIGNAL_ALRM
;
1480 case RUN_STATE_INTERNAL_ERROR
:
1481 trace_gdbstub_hit_internal_error();
1482 ret
= GDB_SIGNAL_ABRT
;
1484 case RUN_STATE_SAVE_VM
:
1485 case RUN_STATE_RESTORE_VM
:
1487 case RUN_STATE_FINISH_MIGRATE
:
1488 ret
= GDB_SIGNAL_XCPU
;
1491 trace_gdbstub_hit_unknown(state
);
1492 ret
= GDB_SIGNAL_UNKNOWN
;
1495 gdb_set_stop_cpu(cpu
);
1496 snprintf(buf
, sizeof(buf
), "T%02xthread:%02x;", ret
, cpu_gdb_index(cpu
));
1501 /* disable single step if it was enabled */
1502 cpu_single_step(cpu
, 0);
1506 /* Send a gdb syscall request.
1507 This accepts limited printf-style format specifiers, specifically:
1508 %x - target_ulong argument printed in hex.
1509 %lx - 64-bit argument printed in hex.
1510 %s - string pointer (target_ulong) and length (int) pair. */
1511 void gdb_do_syscallv(gdb_syscall_complete_cb cb
, const char *fmt
, va_list va
)
1519 s
= gdbserver_state
;
1522 s
->current_syscall_cb
= cb
;
1523 #ifndef CONFIG_USER_ONLY
1524 vm_stop(RUN_STATE_DEBUG
);
1527 p_end
= &s
->syscall_buf
[sizeof(s
->syscall_buf
)];
1534 addr
= va_arg(va
, target_ulong
);
1535 p
+= snprintf(p
, p_end
- p
, TARGET_FMT_lx
, addr
);
1538 if (*(fmt
++) != 'x')
1540 i64
= va_arg(va
, uint64_t);
1541 p
+= snprintf(p
, p_end
- p
, "%" PRIx64
, i64
);
1544 addr
= va_arg(va
, target_ulong
);
1545 p
+= snprintf(p
, p_end
- p
, TARGET_FMT_lx
"/%x",
1546 addr
, va_arg(va
, int));
1550 error_report("gdbstub: Bad syscall format string '%s'",
1559 #ifdef CONFIG_USER_ONLY
1560 put_packet(s
, s
->syscall_buf
);
1561 /* Return control to gdb for it to process the syscall request.
1562 * Since the protocol requires that gdb hands control back to us
1563 * using a "here are the results" F packet, we don't need to check
1564 * gdb_handlesig's return value (which is the signal to deliver if
1565 * execution was resumed via a continue packet).
1567 gdb_handlesig(s
->c_cpu
, 0);
1569 /* In this case wait to send the syscall packet until notification that
1570 the CPU has stopped. This must be done because if the packet is sent
1571 now the reply from the syscall request could be received while the CPU
1572 is still in the running state, which can cause packets to be dropped
1573 and state transition 'T' packets to be sent while the syscall is still
1575 qemu_cpu_kick(s
->c_cpu
);
1579 void gdb_do_syscall(gdb_syscall_complete_cb cb
, const char *fmt
, ...)
1584 gdb_do_syscallv(cb
, fmt
, va
);
1588 static void gdb_read_byte(GDBState
*s
, int ch
)
1592 #ifndef CONFIG_USER_ONLY
1593 if (s
->last_packet_len
) {
1594 /* Waiting for a response to the last packet. If we see the start
1595 of a new command then abandon the previous response. */
1597 trace_gdbstub_err_got_nack();
1598 put_buffer(s
, (uint8_t *)s
->last_packet
, s
->last_packet_len
);
1599 } else if (ch
== '+') {
1600 trace_gdbstub_io_got_ack();
1602 trace_gdbstub_io_got_unexpected((uint8_t)ch
);
1605 if (ch
== '+' || ch
== '$')
1606 s
->last_packet_len
= 0;
1610 if (runstate_is_running()) {
1611 /* when the CPU is running, we cannot do anything except stop
1612 it when receiving a char */
1613 vm_stop(RUN_STATE_PAUSED
);
1620 /* start of command packet */
1621 s
->line_buf_index
= 0;
1623 s
->state
= RS_GETLINE
;
1625 trace_gdbstub_err_garbage((uint8_t)ch
);
1630 /* start escape sequence */
1631 s
->state
= RS_GETLINE_ESC
;
1633 } else if (ch
== '*') {
1634 /* start run length encoding sequence */
1635 s
->state
= RS_GETLINE_RLE
;
1637 } else if (ch
== '#') {
1638 /* end of command, start of checksum*/
1639 s
->state
= RS_CHKSUM1
;
1640 } else if (s
->line_buf_index
>= sizeof(s
->line_buf
) - 1) {
1641 trace_gdbstub_err_overrun();
1644 /* unescaped command character */
1645 s
->line_buf
[s
->line_buf_index
++] = ch
;
1649 case RS_GETLINE_ESC
:
1651 /* unexpected end of command in escape sequence */
1652 s
->state
= RS_CHKSUM1
;
1653 } else if (s
->line_buf_index
>= sizeof(s
->line_buf
) - 1) {
1654 /* command buffer overrun */
1655 trace_gdbstub_err_overrun();
1658 /* parse escaped character and leave escape state */
1659 s
->line_buf
[s
->line_buf_index
++] = ch
^ 0x20;
1661 s
->state
= RS_GETLINE
;
1664 case RS_GETLINE_RLE
:
1666 /* invalid RLE count encoding */
1667 trace_gdbstub_err_invalid_repeat((uint8_t)ch
);
1668 s
->state
= RS_GETLINE
;
1670 /* decode repeat length */
1671 int repeat
= (unsigned char)ch
- ' ' + 3;
1672 if (s
->line_buf_index
+ repeat
>= sizeof(s
->line_buf
) - 1) {
1673 /* that many repeats would overrun the command buffer */
1674 trace_gdbstub_err_overrun();
1676 } else if (s
->line_buf_index
< 1) {
1677 /* got a repeat but we have nothing to repeat */
1678 trace_gdbstub_err_invalid_rle();
1679 s
->state
= RS_GETLINE
;
1681 /* repeat the last character */
1682 memset(s
->line_buf
+ s
->line_buf_index
,
1683 s
->line_buf
[s
->line_buf_index
- 1], repeat
);
1684 s
->line_buf_index
+= repeat
;
1686 s
->state
= RS_GETLINE
;
1691 /* get high hex digit of checksum */
1692 if (!isxdigit(ch
)) {
1693 trace_gdbstub_err_checksum_invalid((uint8_t)ch
);
1694 s
->state
= RS_GETLINE
;
1697 s
->line_buf
[s
->line_buf_index
] = '\0';
1698 s
->line_csum
= fromhex(ch
) << 4;
1699 s
->state
= RS_CHKSUM2
;
1702 /* get low hex digit of checksum */
1703 if (!isxdigit(ch
)) {
1704 trace_gdbstub_err_checksum_invalid((uint8_t)ch
);
1705 s
->state
= RS_GETLINE
;
1708 s
->line_csum
|= fromhex(ch
);
1710 if (s
->line_csum
!= (s
->line_sum
& 0xff)) {
1711 trace_gdbstub_err_checksum_incorrect(s
->line_sum
, s
->line_csum
);
1712 /* send NAK reply */
1714 put_buffer(s
, &reply
, 1);
1717 /* send ACK reply */
1719 put_buffer(s
, &reply
, 1);
1720 s
->state
= gdb_handle_packet(s
, s
->line_buf
);
1729 /* Tell the remote gdb that the process has exited. */
1730 void gdb_exit(CPUArchState
*env
, int code
)
1735 s
= gdbserver_state
;
1739 #ifdef CONFIG_USER_ONLY
1740 if (gdbserver_fd
< 0 || s
->fd
< 0) {
1745 trace_gdbstub_op_exiting((uint8_t)code
);
1747 snprintf(buf
, sizeof(buf
), "W%02x", (uint8_t)code
);
1750 #ifndef CONFIG_USER_ONLY
1751 qemu_chr_fe_deinit(&s
->chr
, true);
1755 #ifdef CONFIG_USER_ONLY
1757 gdb_handlesig(CPUState
*cpu
, int sig
)
1763 s
= gdbserver_state
;
1764 if (gdbserver_fd
< 0 || s
->fd
< 0) {
1768 /* disable single step if it was enabled */
1769 cpu_single_step(cpu
, 0);
1773 snprintf(buf
, sizeof(buf
), "S%02x", target_signal_to_gdb(sig
));
1776 /* put_packet() might have detected that the peer terminated the
1784 s
->running_state
= 0;
1785 while (s
->running_state
== 0) {
1786 n
= read(s
->fd
, buf
, 256);
1790 for (i
= 0; i
< n
; i
++) {
1791 gdb_read_byte(s
, buf
[i
]);
1794 /* XXX: Connection closed. Should probably wait for another
1795 connection before continuing. */
1808 /* Tell the remote gdb that the process has exited due to SIG. */
1809 void gdb_signalled(CPUArchState
*env
, int sig
)
1814 s
= gdbserver_state
;
1815 if (gdbserver_fd
< 0 || s
->fd
< 0) {
1819 snprintf(buf
, sizeof(buf
), "X%02x", target_signal_to_gdb(sig
));
1823 static bool gdb_accept(void)
1826 struct sockaddr_in sockaddr
;
1831 len
= sizeof(sockaddr
);
1832 fd
= accept(gdbserver_fd
, (struct sockaddr
*)&sockaddr
, &len
);
1833 if (fd
< 0 && errno
!= EINTR
) {
1836 } else if (fd
>= 0) {
1837 qemu_set_cloexec(fd
);
1842 /* set short latency */
1843 if (socket_set_nodelay(fd
)) {
1844 perror("setsockopt");
1849 s
= g_malloc0(sizeof(GDBState
));
1850 s
->c_cpu
= first_cpu
;
1851 s
->g_cpu
= first_cpu
;
1853 gdb_has_xml
= false;
1855 gdbserver_state
= s
;
1859 static int gdbserver_open(int port
)
1861 struct sockaddr_in sockaddr
;
1864 fd
= socket(PF_INET
, SOCK_STREAM
, 0);
1869 qemu_set_cloexec(fd
);
1871 socket_set_fast_reuse(fd
);
1873 sockaddr
.sin_family
= AF_INET
;
1874 sockaddr
.sin_port
= htons(port
);
1875 sockaddr
.sin_addr
.s_addr
= 0;
1876 ret
= bind(fd
, (struct sockaddr
*)&sockaddr
, sizeof(sockaddr
));
1882 ret
= listen(fd
, 1);
1891 int gdbserver_start(int port
)
1893 gdbserver_fd
= gdbserver_open(port
);
1894 if (gdbserver_fd
< 0)
1896 /* accept connections */
1897 if (!gdb_accept()) {
1898 close(gdbserver_fd
);
1905 /* Disable gdb stub for child processes. */
1906 void gdbserver_fork(CPUState
*cpu
)
1908 GDBState
*s
= gdbserver_state
;
1910 if (gdbserver_fd
< 0 || s
->fd
< 0) {
1915 cpu_breakpoint_remove_all(cpu
, BP_GDB
);
1916 cpu_watchpoint_remove_all(cpu
, BP_GDB
);
1919 static int gdb_chr_can_receive(void *opaque
)
1921 /* We can handle an arbitrarily large amount of data.
1922 Pick the maximum packet size, which is as good as anything. */
1923 return MAX_PACKET_LENGTH
;
1926 static void gdb_chr_receive(void *opaque
, const uint8_t *buf
, int size
)
1930 for (i
= 0; i
< size
; i
++) {
1931 gdb_read_byte(gdbserver_state
, buf
[i
]);
1935 static void gdb_chr_event(void *opaque
, int event
)
1938 case CHR_EVENT_OPENED
:
1939 vm_stop(RUN_STATE_PAUSED
);
1940 gdb_has_xml
= false;
1947 static void gdb_monitor_output(GDBState
*s
, const char *msg
, int len
)
1949 char buf
[MAX_PACKET_LENGTH
];
1952 if (len
> (MAX_PACKET_LENGTH
/2) - 1)
1953 len
= (MAX_PACKET_LENGTH
/2) - 1;
1954 memtohex(buf
+ 1, (uint8_t *)msg
, len
);
1958 static int gdb_monitor_write(Chardev
*chr
, const uint8_t *buf
, int len
)
1960 const char *p
= (const char *)buf
;
1963 max_sz
= (sizeof(gdbserver_state
->last_packet
) - 2) / 2;
1965 if (len
<= max_sz
) {
1966 gdb_monitor_output(gdbserver_state
, p
, len
);
1969 gdb_monitor_output(gdbserver_state
, p
, max_sz
);
1977 static void gdb_sigterm_handler(int signal
)
1979 if (runstate_is_running()) {
1980 vm_stop(RUN_STATE_PAUSED
);
1985 static void gdb_monitor_open(Chardev
*chr
, ChardevBackend
*backend
,
1986 bool *be_opened
, Error
**errp
)
1991 static void char_gdb_class_init(ObjectClass
*oc
, void *data
)
1993 ChardevClass
*cc
= CHARDEV_CLASS(oc
);
1995 cc
->internal
= true;
1996 cc
->open
= gdb_monitor_open
;
1997 cc
->chr_write
= gdb_monitor_write
;
2000 #define TYPE_CHARDEV_GDB "chardev-gdb"
2002 static const TypeInfo char_gdb_type_info
= {
2003 .name
= TYPE_CHARDEV_GDB
,
2004 .parent
= TYPE_CHARDEV
,
2005 .class_init
= char_gdb_class_init
,
2008 int gdbserver_start(const char *device
)
2010 trace_gdbstub_op_start(device
);
2013 char gdbstub_device_name
[128];
2014 Chardev
*chr
= NULL
;
2018 error_report("gdbstub: meaningless to attach gdb to a "
2019 "machine without any CPU.");
2025 if (strcmp(device
, "none") != 0) {
2026 if (strstart(device
, "tcp:", NULL
)) {
2027 /* enforce required TCP attributes */
2028 snprintf(gdbstub_device_name
, sizeof(gdbstub_device_name
),
2029 "%s,nowait,nodelay,server", device
);
2030 device
= gdbstub_device_name
;
2033 else if (strcmp(device
, "stdio") == 0) {
2034 struct sigaction act
;
2036 memset(&act
, 0, sizeof(act
));
2037 act
.sa_handler
= gdb_sigterm_handler
;
2038 sigaction(SIGINT
, &act
, NULL
);
2042 * FIXME: it's a bit weird to allow using a mux chardev here
2043 * and implicitly setup a monitor. We may want to break this.
2045 chr
= qemu_chr_new_noreplay("gdb", device
, true);
2050 s
= gdbserver_state
;
2052 s
= g_malloc0(sizeof(GDBState
));
2053 gdbserver_state
= s
;
2055 qemu_add_vm_change_state_handler(gdb_vm_state_change
, NULL
);
2057 /* Initialize a monitor terminal for gdb */
2058 mon_chr
= qemu_chardev_new(NULL
, TYPE_CHARDEV_GDB
,
2059 NULL
, &error_abort
);
2060 monitor_init(mon_chr
, 0);
2062 qemu_chr_fe_deinit(&s
->chr
, true);
2063 mon_chr
= s
->mon_chr
;
2064 memset(s
, 0, sizeof(GDBState
));
2065 s
->mon_chr
= mon_chr
;
2067 s
->c_cpu
= first_cpu
;
2068 s
->g_cpu
= first_cpu
;
2070 qemu_chr_fe_init(&s
->chr
, chr
, &error_abort
);
2071 qemu_chr_fe_set_handlers(&s
->chr
, gdb_chr_can_receive
, gdb_chr_receive
,
2072 gdb_chr_event
, NULL
, NULL
, NULL
, true);
2074 s
->state
= chr
? RS_IDLE
: RS_INACTIVE
;
2075 s
->mon_chr
= mon_chr
;
2076 s
->current_syscall_cb
= NULL
;
2081 void gdbserver_cleanup(void)
2083 if (gdbserver_state
) {
2084 put_packet(gdbserver_state
, "W00");
2088 static void register_types(void)
2090 type_register_static(&char_gdb_type_info
);
2093 type_init(register_types
);