4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
20 #include "qemu-common.h"
21 #ifdef CONFIG_USER_ONLY
32 #include "monitor/monitor.h"
33 #include "sysemu/char.h"
34 #include "sysemu/sysemu.h"
35 #include "exec/gdbstub.h"
38 #define MAX_PACKET_LENGTH 4096
41 #include "qemu/sockets.h"
42 #include "sysemu/kvm.h"
44 static inline int target_memory_rw_debug(CPUState
*cpu
, target_ulong addr
,
45 uint8_t *buf
, int len
, bool is_write
)
47 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
49 if (cc
->memory_rw_debug
) {
50 return cc
->memory_rw_debug(cpu
, addr
, buf
, len
, is_write
);
52 return cpu_memory_rw_debug(cpu
, addr
, buf
, len
, is_write
);
64 GDB_SIGNAL_UNKNOWN
= 143
67 #ifdef CONFIG_USER_ONLY
69 /* Map target signal numbers to GDB protocol signal numbers and vice
70 * versa. For user emulation's currently supported systems, we can
71 * assume most signals are defined.
74 static int gdb_signal_table
[] = {
234 /* In system mode we only need SIGINT and SIGTRAP; other signals
235 are not yet supported. */
242 static int gdb_signal_table
[] = {
252 #ifdef CONFIG_USER_ONLY
253 static int target_signal_to_gdb (int sig
)
256 for (i
= 0; i
< ARRAY_SIZE (gdb_signal_table
); i
++)
257 if (gdb_signal_table
[i
] == sig
)
259 return GDB_SIGNAL_UNKNOWN
;
263 static int gdb_signal_to_target (int sig
)
265 if (sig
< ARRAY_SIZE (gdb_signal_table
))
266 return gdb_signal_table
[sig
];
273 typedef struct GDBRegisterState
{
279 struct GDBRegisterState
*next
;
289 typedef struct GDBState
{
290 CPUState
*c_cpu
; /* current CPU for step/continue ops */
291 CPUState
*g_cpu
; /* current CPU for other ops */
292 CPUState
*query_cpu
; /* for q{f|s}ThreadInfo */
293 enum RSState state
; /* parsing state */
294 char line_buf
[MAX_PACKET_LENGTH
];
297 uint8_t last_packet
[MAX_PACKET_LENGTH
+ 4];
300 #ifdef CONFIG_USER_ONLY
304 CharDriverState
*chr
;
305 CharDriverState
*mon_chr
;
307 char syscall_buf
[256];
308 gdb_syscall_complete_cb current_syscall_cb
;
311 /* By default use no IRQs and no timers while single stepping so as to
312 * make single stepping like an ICE HW step.
314 static int sstep_flags
= SSTEP_ENABLE
|SSTEP_NOIRQ
|SSTEP_NOTIMER
;
316 static GDBState
*gdbserver_state
;
320 #ifdef CONFIG_USER_ONLY
321 /* XXX: This is not thread safe. Do we care? */
322 static int gdbserver_fd
= -1;
324 static int get_char(GDBState
*s
)
330 ret
= qemu_recv(s
->fd
, &ch
, 1, 0);
332 if (errno
== ECONNRESET
)
334 if (errno
!= EINTR
&& errno
!= EAGAIN
)
336 } else if (ret
== 0) {
354 /* If gdb is connected when the first semihosting syscall occurs then use
355 remote gdb syscalls. Otherwise use native file IO. */
356 int use_gdb_syscalls(void)
358 if (gdb_syscall_mode
== GDB_SYS_UNKNOWN
) {
359 gdb_syscall_mode
= (gdbserver_state
? GDB_SYS_ENABLED
362 return gdb_syscall_mode
== GDB_SYS_ENABLED
;
365 /* Resume execution. */
366 static inline void gdb_continue(GDBState
*s
)
368 #ifdef CONFIG_USER_ONLY
369 s
->running_state
= 1;
371 if (runstate_check(RUN_STATE_GUEST_PANICKED
)) {
372 runstate_set(RUN_STATE_DEBUG
);
374 if (!runstate_needs_reset()) {
380 static void put_buffer(GDBState
*s
, const uint8_t *buf
, int len
)
382 #ifdef CONFIG_USER_ONLY
386 ret
= send(s
->fd
, buf
, len
, 0);
388 if (errno
!= EINTR
&& errno
!= EAGAIN
)
396 qemu_chr_fe_write(s
->chr
, buf
, len
);
400 static inline int fromhex(int v
)
402 if (v
>= '0' && v
<= '9')
404 else if (v
>= 'A' && v
<= 'F')
406 else if (v
>= 'a' && v
<= 'f')
412 static inline int tohex(int v
)
420 static void memtohex(char *buf
, const uint8_t *mem
, int len
)
425 for(i
= 0; i
< len
; i
++) {
427 *q
++ = tohex(c
>> 4);
428 *q
++ = tohex(c
& 0xf);
433 static void hextomem(uint8_t *mem
, const char *buf
, int len
)
437 for(i
= 0; i
< len
; i
++) {
438 mem
[i
] = (fromhex(buf
[0]) << 4) | fromhex(buf
[1]);
443 /* return -1 if error, 0 if OK */
444 static int put_packet_binary(GDBState
*s
, const char *buf
, int len
)
455 for(i
= 0; i
< len
; i
++) {
459 *(p
++) = tohex((csum
>> 4) & 0xf);
460 *(p
++) = tohex((csum
) & 0xf);
462 s
->last_packet_len
= p
- s
->last_packet
;
463 put_buffer(s
, (uint8_t *)s
->last_packet
, s
->last_packet_len
);
465 #ifdef CONFIG_USER_ONLY
478 /* return -1 if error, 0 if OK */
479 static int put_packet(GDBState
*s
, const char *buf
)
482 printf("reply='%s'\n", buf
);
485 return put_packet_binary(s
, buf
, strlen(buf
));
488 #if defined(TARGET_PPC)
490 #if defined (TARGET_PPC64)
491 #define GDB_CORE_XML "power64-core.xml"
493 #define GDB_CORE_XML "power-core.xml"
496 #elif defined (TARGET_ARM)
498 #define GDB_CORE_XML "arm-core.xml"
500 #elif defined (TARGET_M68K)
502 #define GDB_CORE_XML "cf-core.xml"
507 /* Encode data using the encoding for 'x' packets. */
508 static int memtox(char *buf
, const char *mem
, int len
)
516 case '#': case '$': case '*': case '}':
528 static const char *get_feature_xml(const char *p
, const char **newp
)
533 static char target_xml
[1024];
536 while (p
[len
] && p
[len
] != ':')
541 if (strncmp(p
, "target.xml", len
) == 0) {
542 /* Generate the XML description for this CPU. */
543 if (!target_xml
[0]) {
545 CPUState
*cpu
= first_cpu
;
547 snprintf(target_xml
, sizeof(target_xml
),
548 "<?xml version=\"1.0\"?>"
549 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
551 "<xi:include href=\"%s\"/>",
554 for (r
= cpu
->gdb_regs
; r
; r
= r
->next
) {
555 pstrcat(target_xml
, sizeof(target_xml
), "<xi:include href=\"");
556 pstrcat(target_xml
, sizeof(target_xml
), r
->xml
);
557 pstrcat(target_xml
, sizeof(target_xml
), "\"/>");
559 pstrcat(target_xml
, sizeof(target_xml
), "</target>");
564 name
= xml_builtin
[i
][0];
565 if (!name
|| (strncmp(name
, p
, len
) == 0 && strlen(name
) == len
))
568 return name
? xml_builtin
[i
][1] : NULL
;
572 static int gdb_read_register(CPUState
*cpu
, uint8_t *mem_buf
, int reg
)
574 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
575 CPUArchState
*env
= cpu
->env_ptr
;
578 if (reg
< cc
->gdb_num_core_regs
) {
579 return cc
->gdb_read_register(cpu
, mem_buf
, reg
);
582 for (r
= cpu
->gdb_regs
; r
; r
= r
->next
) {
583 if (r
->base_reg
<= reg
&& reg
< r
->base_reg
+ r
->num_regs
) {
584 return r
->get_reg(env
, mem_buf
, reg
- r
->base_reg
);
590 static int gdb_write_register(CPUState
*cpu
, uint8_t *mem_buf
, int reg
)
592 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
593 CPUArchState
*env
= cpu
->env_ptr
;
596 if (reg
< cc
->gdb_num_core_regs
) {
597 return cc
->gdb_write_register(cpu
, mem_buf
, reg
);
600 for (r
= cpu
->gdb_regs
; r
; r
= r
->next
) {
601 if (r
->base_reg
<= reg
&& reg
< r
->base_reg
+ r
->num_regs
) {
602 return r
->set_reg(env
, mem_buf
, reg
- r
->base_reg
);
608 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
609 specifies the first register number and these registers are included in
610 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
611 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
614 void gdb_register_coprocessor(CPUState
*cpu
,
615 gdb_reg_cb get_reg
, gdb_reg_cb set_reg
,
616 int num_regs
, const char *xml
, int g_pos
)
619 GDBRegisterState
**p
;
623 /* Check for duplicates. */
624 if (strcmp((*p
)->xml
, xml
) == 0)
629 s
= g_new0(GDBRegisterState
, 1);
630 s
->base_reg
= cpu
->gdb_num_regs
;
631 s
->num_regs
= num_regs
;
632 s
->get_reg
= get_reg
;
633 s
->set_reg
= set_reg
;
636 /* Add to end of list. */
637 cpu
->gdb_num_regs
+= num_regs
;
640 if (g_pos
!= s
->base_reg
) {
641 fprintf(stderr
, "Error: Bad gdb register numbering for '%s'\n"
642 "Expected %d got %d\n", xml
, g_pos
, s
->base_reg
);
647 #ifndef CONFIG_USER_ONLY
648 static const int xlat_gdb_type
[] = {
649 [GDB_WATCHPOINT_WRITE
] = BP_GDB
| BP_MEM_WRITE
,
650 [GDB_WATCHPOINT_READ
] = BP_GDB
| BP_MEM_READ
,
651 [GDB_WATCHPOINT_ACCESS
] = BP_GDB
| BP_MEM_ACCESS
,
655 static int gdb_breakpoint_insert(target_ulong addr
, target_ulong len
, int type
)
662 return kvm_insert_breakpoint(gdbserver_state
->c_cpu
, addr
, len
, type
);
666 case GDB_BREAKPOINT_SW
:
667 case GDB_BREAKPOINT_HW
:
668 for (cpu
= first_cpu
; cpu
!= NULL
; cpu
= cpu
->next_cpu
) {
670 err
= cpu_breakpoint_insert(env
, addr
, BP_GDB
, NULL
);
675 #ifndef CONFIG_USER_ONLY
676 case GDB_WATCHPOINT_WRITE
:
677 case GDB_WATCHPOINT_READ
:
678 case GDB_WATCHPOINT_ACCESS
:
679 for (cpu
= first_cpu
; cpu
!= NULL
; cpu
= cpu
->next_cpu
) {
681 err
= cpu_watchpoint_insert(env
, addr
, len
, xlat_gdb_type
[type
],
693 static int gdb_breakpoint_remove(target_ulong addr
, target_ulong len
, int type
)
700 return kvm_remove_breakpoint(gdbserver_state
->c_cpu
, addr
, len
, type
);
704 case GDB_BREAKPOINT_SW
:
705 case GDB_BREAKPOINT_HW
:
706 for (cpu
= first_cpu
; cpu
!= NULL
; cpu
= cpu
->next_cpu
) {
708 err
= cpu_breakpoint_remove(env
, addr
, BP_GDB
);
713 #ifndef CONFIG_USER_ONLY
714 case GDB_WATCHPOINT_WRITE
:
715 case GDB_WATCHPOINT_READ
:
716 case GDB_WATCHPOINT_ACCESS
:
717 for (cpu
= first_cpu
; cpu
!= NULL
; cpu
= cpu
->next_cpu
) {
719 err
= cpu_watchpoint_remove(env
, addr
, len
, xlat_gdb_type
[type
]);
730 static void gdb_breakpoint_remove_all(void)
736 kvm_remove_all_breakpoints(gdbserver_state
->c_cpu
);
740 for (cpu
= first_cpu
; cpu
!= NULL
; cpu
= cpu
->next_cpu
) {
742 cpu_breakpoint_remove_all(env
, BP_GDB
);
743 #ifndef CONFIG_USER_ONLY
744 cpu_watchpoint_remove_all(env
, BP_GDB
);
749 static void gdb_set_cpu_pc(GDBState
*s
, target_ulong pc
)
751 CPUState
*cpu
= s
->c_cpu
;
752 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
754 cpu_synchronize_state(cpu
);
760 static CPUState
*find_cpu(uint32_t thread_id
)
764 for (cpu
= first_cpu
; cpu
!= NULL
; cpu
= cpu
->next_cpu
) {
765 if (cpu_index(cpu
) == thread_id
) {
773 static int gdb_handle_packet(GDBState
*s
, const char *line_buf
)
778 int ch
, reg_size
, type
, res
;
779 char buf
[MAX_PACKET_LENGTH
];
780 uint8_t mem_buf
[MAX_PACKET_LENGTH
];
782 target_ulong addr
, len
;
785 printf("command='%s'\n", line_buf
);
791 /* TODO: Make this return the correct value for user-mode. */
792 snprintf(buf
, sizeof(buf
), "T%02xthread:%02x;", GDB_SIGNAL_TRAP
,
793 cpu_index(s
->c_cpu
));
795 /* Remove all the breakpoints when this query is issued,
796 * because gdb is doing and initial connect and the state
797 * should be cleaned up.
799 gdb_breakpoint_remove_all();
803 addr
= strtoull(p
, (char **)&p
, 16);
804 gdb_set_cpu_pc(s
, addr
);
810 s
->signal
= gdb_signal_to_target (strtoul(p
, (char **)&p
, 16));
816 if (strncmp(p
, "Cont", 4) == 0) {
817 int res_signal
, res_thread
;
821 put_packet(s
, "vCont;c;C;s;S");
836 if (action
== 'C' || action
== 'S') {
837 signal
= strtoul(p
, (char **)&p
, 16);
838 } else if (action
!= 'c' && action
!= 's') {
844 thread
= strtoull(p
+1, (char **)&p
, 16);
846 action
= tolower(action
);
847 if (res
== 0 || (res
== 'c' && action
== 's')) {
854 if (res_thread
!= -1 && res_thread
!= 0) {
855 cpu
= find_cpu(res_thread
);
857 put_packet(s
, "E22");
863 cpu_single_step(s
->c_cpu
, sstep_flags
);
865 s
->signal
= res_signal
;
871 goto unknown_command
;
874 #ifdef CONFIG_USER_ONLY
875 /* Kill the target */
876 fprintf(stderr
, "\nQEMU: Terminated via GDBstub\n");
881 gdb_breakpoint_remove_all();
882 gdb_syscall_mode
= GDB_SYS_DISABLED
;
888 addr
= strtoull(p
, (char **)&p
, 16);
889 gdb_set_cpu_pc(s
, addr
);
891 cpu_single_step(s
->c_cpu
, sstep_flags
);
899 ret
= strtoull(p
, (char **)&p
, 16);
902 err
= strtoull(p
, (char **)&p
, 16);
909 if (s
->current_syscall_cb
) {
910 s
->current_syscall_cb(s
->c_cpu
, ret
, err
);
911 s
->current_syscall_cb
= NULL
;
914 put_packet(s
, "T02");
921 cpu_synchronize_state(s
->g_cpu
);
923 for (addr
= 0; addr
< s
->g_cpu
->gdb_num_regs
; addr
++) {
924 reg_size
= gdb_read_register(s
->g_cpu
, mem_buf
+ len
, addr
);
927 memtohex(buf
, mem_buf
, len
);
931 cpu_synchronize_state(s
->g_cpu
);
934 hextomem((uint8_t *)registers
, p
, len
);
935 for (addr
= 0; addr
< s
->g_cpu
->gdb_num_regs
&& len
> 0; addr
++) {
936 reg_size
= gdb_write_register(s
->g_cpu
, registers
, addr
);
938 registers
+= reg_size
;
943 addr
= strtoull(p
, (char **)&p
, 16);
946 len
= strtoull(p
, NULL
, 16);
947 if (target_memory_rw_debug(s
->g_cpu
, addr
, mem_buf
, len
, false) != 0) {
948 put_packet (s
, "E14");
950 memtohex(buf
, mem_buf
, len
);
955 addr
= strtoull(p
, (char **)&p
, 16);
958 len
= strtoull(p
, (char **)&p
, 16);
961 hextomem(mem_buf
, p
, len
);
962 if (target_memory_rw_debug(s
->g_cpu
, addr
, mem_buf
, len
,
964 put_packet(s
, "E14");
970 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
971 This works, but can be very slow. Anything new enough to
972 understand XML also knows how to use this properly. */
974 goto unknown_command
;
975 addr
= strtoull(p
, (char **)&p
, 16);
976 reg_size
= gdb_read_register(s
->g_cpu
, mem_buf
, addr
);
978 memtohex(buf
, mem_buf
, reg_size
);
981 put_packet(s
, "E14");
986 goto unknown_command
;
987 addr
= strtoull(p
, (char **)&p
, 16);
990 reg_size
= strlen(p
) / 2;
991 hextomem(mem_buf
, p
, reg_size
);
992 gdb_write_register(s
->g_cpu
, mem_buf
, addr
);
997 type
= strtoul(p
, (char **)&p
, 16);
1000 addr
= strtoull(p
, (char **)&p
, 16);
1003 len
= strtoull(p
, (char **)&p
, 16);
1005 res
= gdb_breakpoint_insert(addr
, len
, type
);
1007 res
= gdb_breakpoint_remove(addr
, len
, type
);
1009 put_packet(s
, "OK");
1010 else if (res
== -ENOSYS
)
1013 put_packet(s
, "E22");
1017 thread
= strtoull(p
, (char **)&p
, 16);
1018 if (thread
== -1 || thread
== 0) {
1019 put_packet(s
, "OK");
1022 cpu
= find_cpu(thread
);
1024 put_packet(s
, "E22");
1030 put_packet(s
, "OK");
1034 put_packet(s
, "OK");
1037 put_packet(s
, "E22");
1042 thread
= strtoull(p
, (char **)&p
, 16);
1043 cpu
= find_cpu(thread
);
1046 put_packet(s
, "OK");
1048 put_packet(s
, "E22");
1053 /* parse any 'q' packets here */
1054 if (!strcmp(p
,"qemu.sstepbits")) {
1055 /* Query Breakpoint bit definitions */
1056 snprintf(buf
, sizeof(buf
), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1062 } else if (strncmp(p
,"qemu.sstep",10) == 0) {
1063 /* Display or change the sstep_flags */
1066 /* Display current setting */
1067 snprintf(buf
, sizeof(buf
), "0x%x", sstep_flags
);
1072 type
= strtoul(p
, (char **)&p
, 16);
1074 put_packet(s
, "OK");
1076 } else if (strcmp(p
,"C") == 0) {
1077 /* "Current thread" remains vague in the spec, so always return
1078 * the first CPU (gdb returns the first thread). */
1079 put_packet(s
, "QC1");
1081 } else if (strcmp(p
,"fThreadInfo") == 0) {
1082 s
->query_cpu
= first_cpu
;
1083 goto report_cpuinfo
;
1084 } else if (strcmp(p
,"sThreadInfo") == 0) {
1087 snprintf(buf
, sizeof(buf
), "m%x", cpu_index(s
->query_cpu
));
1089 s
->query_cpu
= s
->query_cpu
->next_cpu
;
1093 } else if (strncmp(p
,"ThreadExtraInfo,", 16) == 0) {
1094 thread
= strtoull(p
+16, (char **)&p
, 16);
1095 cpu
= find_cpu(thread
);
1097 cpu_synchronize_state(cpu
);
1098 len
= snprintf((char *)mem_buf
, sizeof(mem_buf
),
1099 "CPU#%d [%s]", cpu
->cpu_index
,
1100 cpu
->halted
? "halted " : "running");
1101 memtohex(buf
, mem_buf
, len
);
1106 #ifdef CONFIG_USER_ONLY
1107 else if (strncmp(p
, "Offsets", 7) == 0) {
1108 CPUArchState
*env
= s
->c_cpu
->env_ptr
;
1109 TaskState
*ts
= env
->opaque
;
1111 snprintf(buf
, sizeof(buf
),
1112 "Text=" TARGET_ABI_FMT_lx
";Data=" TARGET_ABI_FMT_lx
1113 ";Bss=" TARGET_ABI_FMT_lx
,
1114 ts
->info
->code_offset
,
1115 ts
->info
->data_offset
,
1116 ts
->info
->data_offset
);
1120 #else /* !CONFIG_USER_ONLY */
1121 else if (strncmp(p
, "Rcmd,", 5) == 0) {
1122 int len
= strlen(p
+ 5);
1124 if ((len
% 2) != 0) {
1125 put_packet(s
, "E01");
1128 hextomem(mem_buf
, p
+ 5, len
);
1131 qemu_chr_be_write(s
->mon_chr
, mem_buf
, len
);
1132 put_packet(s
, "OK");
1135 #endif /* !CONFIG_USER_ONLY */
1136 if (strncmp(p
, "Supported", 9) == 0) {
1137 snprintf(buf
, sizeof(buf
), "PacketSize=%x", MAX_PACKET_LENGTH
);
1139 pstrcat(buf
, sizeof(buf
), ";qXfer:features:read+");
1145 if (strncmp(p
, "Xfer:features:read:", 19) == 0) {
1147 target_ulong total_len
;
1151 xml
= get_feature_xml(p
, &p
);
1153 snprintf(buf
, sizeof(buf
), "E00");
1160 addr
= strtoul(p
, (char **)&p
, 16);
1163 len
= strtoul(p
, (char **)&p
, 16);
1165 total_len
= strlen(xml
);
1166 if (addr
> total_len
) {
1167 snprintf(buf
, sizeof(buf
), "E00");
1171 if (len
> (MAX_PACKET_LENGTH
- 5) / 2)
1172 len
= (MAX_PACKET_LENGTH
- 5) / 2;
1173 if (len
< total_len
- addr
) {
1175 len
= memtox(buf
+ 1, xml
+ addr
, len
);
1178 len
= memtox(buf
+ 1, xml
+ addr
, total_len
- addr
);
1180 put_packet_binary(s
, buf
, len
+ 1);
1184 /* Unrecognised 'q' command. */
1185 goto unknown_command
;
1189 /* put empty packet */
1197 void gdb_set_stop_cpu(CPUState
*cpu
)
1199 gdbserver_state
->c_cpu
= cpu
;
1200 gdbserver_state
->g_cpu
= cpu
;
1203 #ifndef CONFIG_USER_ONLY
1204 static void gdb_vm_state_change(void *opaque
, int running
, RunState state
)
1206 GDBState
*s
= gdbserver_state
;
1207 CPUArchState
*env
= s
->c_cpu
->env_ptr
;
1208 CPUState
*cpu
= s
->c_cpu
;
1213 if (running
|| s
->state
== RS_INACTIVE
) {
1216 /* Is there a GDB syscall waiting to be sent? */
1217 if (s
->current_syscall_cb
) {
1218 put_packet(s
, s
->syscall_buf
);
1222 case RUN_STATE_DEBUG
:
1223 if (env
->watchpoint_hit
) {
1224 switch (env
->watchpoint_hit
->flags
& BP_MEM_ACCESS
) {
1235 snprintf(buf
, sizeof(buf
),
1236 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx
";",
1237 GDB_SIGNAL_TRAP
, cpu_index(cpu
), type
,
1238 env
->watchpoint_hit
->vaddr
);
1239 env
->watchpoint_hit
= NULL
;
1243 ret
= GDB_SIGNAL_TRAP
;
1245 case RUN_STATE_PAUSED
:
1246 ret
= GDB_SIGNAL_INT
;
1248 case RUN_STATE_SHUTDOWN
:
1249 ret
= GDB_SIGNAL_QUIT
;
1251 case RUN_STATE_IO_ERROR
:
1252 ret
= GDB_SIGNAL_IO
;
1254 case RUN_STATE_WATCHDOG
:
1255 ret
= GDB_SIGNAL_ALRM
;
1257 case RUN_STATE_INTERNAL_ERROR
:
1258 ret
= GDB_SIGNAL_ABRT
;
1260 case RUN_STATE_SAVE_VM
:
1261 case RUN_STATE_RESTORE_VM
:
1263 case RUN_STATE_FINISH_MIGRATE
:
1264 ret
= GDB_SIGNAL_XCPU
;
1267 ret
= GDB_SIGNAL_UNKNOWN
;
1270 snprintf(buf
, sizeof(buf
), "T%02xthread:%02x;", ret
, cpu_index(cpu
));
1275 /* disable single step if it was enabled */
1276 cpu_single_step(cpu
, 0);
1280 /* Send a gdb syscall request.
1281 This accepts limited printf-style format specifiers, specifically:
1282 %x - target_ulong argument printed in hex.
1283 %lx - 64-bit argument printed in hex.
1284 %s - string pointer (target_ulong) and length (int) pair. */
1285 void gdb_do_syscall(gdb_syscall_complete_cb cb
, const char *fmt
, ...)
1294 s
= gdbserver_state
;
1297 s
->current_syscall_cb
= cb
;
1298 #ifndef CONFIG_USER_ONLY
1299 vm_stop(RUN_STATE_DEBUG
);
1303 p_end
= &s
->syscall_buf
[sizeof(s
->syscall_buf
)];
1310 addr
= va_arg(va
, target_ulong
);
1311 p
+= snprintf(p
, p_end
- p
, TARGET_FMT_lx
, addr
);
1314 if (*(fmt
++) != 'x')
1316 i64
= va_arg(va
, uint64_t);
1317 p
+= snprintf(p
, p_end
- p
, "%" PRIx64
, i64
);
1320 addr
= va_arg(va
, target_ulong
);
1321 p
+= snprintf(p
, p_end
- p
, TARGET_FMT_lx
"/%x",
1322 addr
, va_arg(va
, int));
1326 fprintf(stderr
, "gdbstub: Bad syscall format string '%s'\n",
1336 #ifdef CONFIG_USER_ONLY
1337 put_packet(s
, s
->syscall_buf
);
1338 gdb_handlesig(s
->c_cpu
, 0);
1340 /* In this case wait to send the syscall packet until notification that
1341 the CPU has stopped. This must be done because if the packet is sent
1342 now the reply from the syscall request could be received while the CPU
1343 is still in the running state, which can cause packets to be dropped
1344 and state transition 'T' packets to be sent while the syscall is still
1350 static void gdb_read_byte(GDBState
*s
, int ch
)
1355 #ifndef CONFIG_USER_ONLY
1356 if (s
->last_packet_len
) {
1357 /* Waiting for a response to the last packet. If we see the start
1358 of a new command then abandon the previous response. */
1361 printf("Got NACK, retransmitting\n");
1363 put_buffer(s
, (uint8_t *)s
->last_packet
, s
->last_packet_len
);
1367 printf("Got ACK\n");
1369 printf("Got '%c' when expecting ACK/NACK\n", ch
);
1371 if (ch
== '+' || ch
== '$')
1372 s
->last_packet_len
= 0;
1376 if (runstate_is_running()) {
1377 /* when the CPU is running, we cannot do anything except stop
1378 it when receiving a char */
1379 vm_stop(RUN_STATE_PAUSED
);
1386 s
->line_buf_index
= 0;
1387 s
->state
= RS_GETLINE
;
1392 s
->state
= RS_CHKSUM1
;
1393 } else if (s
->line_buf_index
>= sizeof(s
->line_buf
) - 1) {
1396 s
->line_buf
[s
->line_buf_index
++] = ch
;
1400 s
->line_buf
[s
->line_buf_index
] = '\0';
1401 s
->line_csum
= fromhex(ch
) << 4;
1402 s
->state
= RS_CHKSUM2
;
1405 s
->line_csum
|= fromhex(ch
);
1407 for(i
= 0; i
< s
->line_buf_index
; i
++) {
1408 csum
+= s
->line_buf
[i
];
1410 if (s
->line_csum
!= (csum
& 0xff)) {
1412 put_buffer(s
, &reply
, 1);
1416 put_buffer(s
, &reply
, 1);
1417 s
->state
= gdb_handle_packet(s
, s
->line_buf
);
1426 /* Tell the remote gdb that the process has exited. */
1427 void gdb_exit(CPUArchState
*env
, int code
)
1432 s
= gdbserver_state
;
1436 #ifdef CONFIG_USER_ONLY
1437 if (gdbserver_fd
< 0 || s
->fd
< 0) {
1442 snprintf(buf
, sizeof(buf
), "W%02x", (uint8_t)code
);
1445 #ifndef CONFIG_USER_ONLY
1447 qemu_chr_delete(s
->chr
);
1452 #ifdef CONFIG_USER_ONLY
1458 s
= gdbserver_state
;
1460 if (gdbserver_fd
< 0 || s
->fd
< 0)
1467 gdb_handlesig(CPUState
*cpu
, int sig
)
1469 CPUArchState
*env
= cpu
->env_ptr
;
1474 s
= gdbserver_state
;
1475 if (gdbserver_fd
< 0 || s
->fd
< 0) {
1479 /* disable single step if it was enabled */
1480 cpu_single_step(cpu
, 0);
1484 snprintf(buf
, sizeof(buf
), "S%02x", target_signal_to_gdb(sig
));
1487 /* put_packet() might have detected that the peer terminated the
1495 s
->running_state
= 0;
1496 while (s
->running_state
== 0) {
1497 n
= read(s
->fd
, buf
, 256);
1501 for (i
= 0; i
< n
; i
++) {
1502 gdb_read_byte(s
, buf
[i
]);
1504 } else if (n
== 0 || errno
!= EAGAIN
) {
1505 /* XXX: Connection closed. Should probably wait for another
1506 connection before continuing. */
1515 /* Tell the remote gdb that the process has exited due to SIG. */
1516 void gdb_signalled(CPUArchState
*env
, int sig
)
1521 s
= gdbserver_state
;
1522 if (gdbserver_fd
< 0 || s
->fd
< 0) {
1526 snprintf(buf
, sizeof(buf
), "X%02x", target_signal_to_gdb(sig
));
1530 static void gdb_accept(void)
1533 struct sockaddr_in sockaddr
;
1538 len
= sizeof(sockaddr
);
1539 fd
= accept(gdbserver_fd
, (struct sockaddr
*)&sockaddr
, &len
);
1540 if (fd
< 0 && errno
!= EINTR
) {
1543 } else if (fd
>= 0) {
1545 fcntl(fd
, F_SETFD
, FD_CLOEXEC
);
1551 /* set short latency */
1552 socket_set_nodelay(fd
);
1554 s
= g_malloc0(sizeof(GDBState
));
1555 s
->c_cpu
= first_cpu
;
1556 s
->g_cpu
= first_cpu
;
1558 gdb_has_xml
= false;
1560 gdbserver_state
= s
;
1562 fcntl(fd
, F_SETFL
, O_NONBLOCK
);
1565 static int gdbserver_open(int port
)
1567 struct sockaddr_in sockaddr
;
1570 fd
= socket(PF_INET
, SOCK_STREAM
, 0);
1576 fcntl(fd
, F_SETFD
, FD_CLOEXEC
);
1579 /* allow fast reuse */
1581 qemu_setsockopt(fd
, SOL_SOCKET
, SO_REUSEADDR
, &val
, sizeof(val
));
1583 sockaddr
.sin_family
= AF_INET
;
1584 sockaddr
.sin_port
= htons(port
);
1585 sockaddr
.sin_addr
.s_addr
= 0;
1586 ret
= bind(fd
, (struct sockaddr
*)&sockaddr
, sizeof(sockaddr
));
1592 ret
= listen(fd
, 0);
1601 int gdbserver_start(int port
)
1603 gdbserver_fd
= gdbserver_open(port
);
1604 if (gdbserver_fd
< 0)
1606 /* accept connections */
1611 /* Disable gdb stub for child processes. */
1612 void gdbserver_fork(CPUArchState
*env
)
1614 GDBState
*s
= gdbserver_state
;
1615 if (gdbserver_fd
< 0 || s
->fd
< 0)
1619 cpu_breakpoint_remove_all(env
, BP_GDB
);
1620 cpu_watchpoint_remove_all(env
, BP_GDB
);
1623 static int gdb_chr_can_receive(void *opaque
)
1625 /* We can handle an arbitrarily large amount of data.
1626 Pick the maximum packet size, which is as good as anything. */
1627 return MAX_PACKET_LENGTH
;
1630 static void gdb_chr_receive(void *opaque
, const uint8_t *buf
, int size
)
1634 for (i
= 0; i
< size
; i
++) {
1635 gdb_read_byte(gdbserver_state
, buf
[i
]);
1639 static void gdb_chr_event(void *opaque
, int event
)
1642 case CHR_EVENT_OPENED
:
1643 vm_stop(RUN_STATE_PAUSED
);
1644 gdb_has_xml
= false;
1651 static void gdb_monitor_output(GDBState
*s
, const char *msg
, int len
)
1653 char buf
[MAX_PACKET_LENGTH
];
1656 if (len
> (MAX_PACKET_LENGTH
/2) - 1)
1657 len
= (MAX_PACKET_LENGTH
/2) - 1;
1658 memtohex(buf
+ 1, (uint8_t *)msg
, len
);
1662 static int gdb_monitor_write(CharDriverState
*chr
, const uint8_t *buf
, int len
)
1664 const char *p
= (const char *)buf
;
1667 max_sz
= (sizeof(gdbserver_state
->last_packet
) - 2) / 2;
1669 if (len
<= max_sz
) {
1670 gdb_monitor_output(gdbserver_state
, p
, len
);
1673 gdb_monitor_output(gdbserver_state
, p
, max_sz
);
1681 static void gdb_sigterm_handler(int signal
)
1683 if (runstate_is_running()) {
1684 vm_stop(RUN_STATE_PAUSED
);
1689 int gdbserver_start(const char *device
)
1692 char gdbstub_device_name
[128];
1693 CharDriverState
*chr
= NULL
;
1694 CharDriverState
*mon_chr
;
1698 if (strcmp(device
, "none") != 0) {
1699 if (strstart(device
, "tcp:", NULL
)) {
1700 /* enforce required TCP attributes */
1701 snprintf(gdbstub_device_name
, sizeof(gdbstub_device_name
),
1702 "%s,nowait,nodelay,server", device
);
1703 device
= gdbstub_device_name
;
1706 else if (strcmp(device
, "stdio") == 0) {
1707 struct sigaction act
;
1709 memset(&act
, 0, sizeof(act
));
1710 act
.sa_handler
= gdb_sigterm_handler
;
1711 sigaction(SIGINT
, &act
, NULL
);
1714 chr
= qemu_chr_new("gdb", device
, NULL
);
1718 qemu_chr_fe_claim_no_fail(chr
);
1719 qemu_chr_add_handlers(chr
, gdb_chr_can_receive
, gdb_chr_receive
,
1720 gdb_chr_event
, NULL
);
1723 s
= gdbserver_state
;
1725 s
= g_malloc0(sizeof(GDBState
));
1726 gdbserver_state
= s
;
1728 qemu_add_vm_change_state_handler(gdb_vm_state_change
, NULL
);
1730 /* Initialize a monitor terminal for gdb */
1731 mon_chr
= g_malloc0(sizeof(*mon_chr
));
1732 mon_chr
->chr_write
= gdb_monitor_write
;
1733 monitor_init(mon_chr
, 0);
1736 qemu_chr_delete(s
->chr
);
1737 mon_chr
= s
->mon_chr
;
1738 memset(s
, 0, sizeof(GDBState
));
1740 s
->c_cpu
= first_cpu
;
1741 s
->g_cpu
= first_cpu
;
1743 s
->state
= chr
? RS_IDLE
: RS_INACTIVE
;
1744 s
->mon_chr
= mon_chr
;
1745 s
->current_syscall_cb
= NULL
;