4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
20 #include "qemu/osdep.h"
21 #include "qemu-common.h"
22 #include "qapi/error.h"
23 #include "qemu/error-report.h"
24 #include "qemu/ctype.h"
25 #include "qemu/cutils.h"
26 #include "qemu/module.h"
27 #include "trace-root.h"
28 #ifdef CONFIG_USER_ONLY
31 #include "monitor/monitor.h"
32 #include "chardev/char.h"
33 #include "chardev/char-fe.h"
34 #include "sysemu/sysemu.h"
35 #include "exec/gdbstub.h"
36 #include "hw/cpu/cluster.h"
39 #define MAX_PACKET_LENGTH 4096
41 #include "qemu/sockets.h"
42 #include "sysemu/hw_accel.h"
43 #include "sysemu/kvm.h"
44 #include "hw/semihosting/semihost.h"
45 #include "exec/exec-all.h"
47 #ifdef CONFIG_USER_ONLY
48 #define GDB_ATTACHED "0"
50 #define GDB_ATTACHED "1"
53 static inline int target_memory_rw_debug(CPUState
*cpu
, target_ulong addr
,
54 uint8_t *buf
, int len
, bool is_write
)
56 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
58 if (cc
->memory_rw_debug
) {
59 return cc
->memory_rw_debug(cpu
, addr
, buf
, len
, is_write
);
61 return cpu_memory_rw_debug(cpu
, addr
, buf
, len
, is_write
);
64 /* Return the GDB index for a given vCPU state.
66 * For user mode this is simply the thread id. In system mode GDB
67 * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
69 static inline int cpu_gdb_index(CPUState
*cpu
)
71 #if defined(CONFIG_USER_ONLY)
72 TaskState
*ts
= (TaskState
*) cpu
->opaque
;
75 return cpu
->cpu_index
+ 1;
88 GDB_SIGNAL_UNKNOWN
= 143
91 #ifdef CONFIG_USER_ONLY
93 /* Map target signal numbers to GDB protocol signal numbers and vice
94 * versa. For user emulation's currently supported systems, we can
95 * assume most signals are defined.
98 static int gdb_signal_table
[] = {
258 /* In system mode we only need SIGINT and SIGTRAP; other signals
259 are not yet supported. */
266 static int gdb_signal_table
[] = {
276 #ifdef CONFIG_USER_ONLY
277 static int target_signal_to_gdb (int sig
)
280 for (i
= 0; i
< ARRAY_SIZE (gdb_signal_table
); i
++)
281 if (gdb_signal_table
[i
] == sig
)
283 return GDB_SIGNAL_UNKNOWN
;
287 static int gdb_signal_to_target (int sig
)
289 if (sig
< ARRAY_SIZE (gdb_signal_table
))
290 return gdb_signal_table
[sig
];
295 typedef struct GDBRegisterState
{
301 struct GDBRegisterState
*next
;
304 typedef struct GDBProcess
{
308 char target_xml
[1024];
320 typedef struct GDBState
{
321 CPUState
*c_cpu
; /* current CPU for step/continue ops */
322 CPUState
*g_cpu
; /* current CPU for other ops */
323 CPUState
*query_cpu
; /* for q{f|s}ThreadInfo */
324 enum RSState state
; /* parsing state */
325 char line_buf
[MAX_PACKET_LENGTH
];
327 int line_sum
; /* running checksum */
328 int line_csum
; /* checksum at the end of the packet */
329 uint8_t last_packet
[MAX_PACKET_LENGTH
+ 4];
332 #ifdef CONFIG_USER_ONLY
340 GDBProcess
*processes
;
342 char syscall_buf
[256];
343 gdb_syscall_complete_cb current_syscall_cb
;
346 /* By default use no IRQs and no timers while single stepping so as to
347 * make single stepping like an ICE HW step.
349 static int sstep_flags
= SSTEP_ENABLE
|SSTEP_NOIRQ
|SSTEP_NOTIMER
;
351 static GDBState
*gdbserver_state
;
355 #ifdef CONFIG_USER_ONLY
356 /* XXX: This is not thread safe. Do we care? */
357 static int gdbserver_fd
= -1;
359 static int get_char(GDBState
*s
)
365 ret
= qemu_recv(s
->fd
, &ch
, 1, 0);
367 if (errno
== ECONNRESET
)
371 } else if (ret
== 0) {
389 /* Decide if either remote gdb syscalls or native file IO should be used. */
390 int use_gdb_syscalls(void)
392 SemihostingTarget target
= semihosting_get_target();
393 if (target
== SEMIHOSTING_TARGET_NATIVE
) {
394 /* -semihosting-config target=native */
396 } else if (target
== SEMIHOSTING_TARGET_GDB
) {
397 /* -semihosting-config target=gdb */
401 /* -semihosting-config target=auto */
402 /* On the first call check if gdb is connected and remember. */
403 if (gdb_syscall_mode
== GDB_SYS_UNKNOWN
) {
404 gdb_syscall_mode
= (gdbserver_state
? GDB_SYS_ENABLED
407 return gdb_syscall_mode
== GDB_SYS_ENABLED
;
410 /* Resume execution. */
411 static inline void gdb_continue(GDBState
*s
)
414 #ifdef CONFIG_USER_ONLY
415 s
->running_state
= 1;
416 trace_gdbstub_op_continue();
418 if (!runstate_needs_reset()) {
419 trace_gdbstub_op_continue();
426 * Resume execution, per CPU actions. For user-mode emulation it's
427 * equivalent to gdb_continue.
429 static int gdb_continue_partial(GDBState
*s
, char *newstates
)
433 #ifdef CONFIG_USER_ONLY
435 * This is not exactly accurate, but it's an improvement compared to the
436 * previous situation, where only one CPU would be single-stepped.
439 if (newstates
[cpu
->cpu_index
] == 's') {
440 trace_gdbstub_op_stepping(cpu
->cpu_index
);
441 cpu_single_step(cpu
, sstep_flags
);
444 s
->running_state
= 1;
448 if (!runstate_needs_reset()) {
449 if (vm_prepare_start()) {
454 switch (newstates
[cpu
->cpu_index
]) {
457 break; /* nothing to do here */
459 trace_gdbstub_op_stepping(cpu
->cpu_index
);
460 cpu_single_step(cpu
, sstep_flags
);
465 trace_gdbstub_op_continue_cpu(cpu
->cpu_index
);
476 qemu_clock_enable(QEMU_CLOCK_VIRTUAL
, true);
482 static void put_buffer(GDBState
*s
, const uint8_t *buf
, int len
)
484 #ifdef CONFIG_USER_ONLY
488 ret
= send(s
->fd
, buf
, len
, 0);
498 /* XXX this blocks entire thread. Rewrite to use
499 * qemu_chr_fe_write and background I/O callbacks */
500 qemu_chr_fe_write_all(&s
->chr
, buf
, len
);
504 static inline int fromhex(int v
)
506 if (v
>= '0' && v
<= '9')
508 else if (v
>= 'A' && v
<= 'F')
510 else if (v
>= 'a' && v
<= 'f')
516 static inline int tohex(int v
)
524 /* writes 2*len+1 bytes in buf */
525 static void memtohex(char *buf
, const uint8_t *mem
, int len
)
530 for(i
= 0; i
< len
; i
++) {
532 *q
++ = tohex(c
>> 4);
533 *q
++ = tohex(c
& 0xf);
538 static void hextomem(uint8_t *mem
, const char *buf
, int len
)
542 for(i
= 0; i
< len
; i
++) {
543 mem
[i
] = (fromhex(buf
[0]) << 4) | fromhex(buf
[1]);
548 static void hexdump(const char *buf
, int len
,
549 void (*trace_fn
)(size_t ofs
, char const *text
))
551 char line_buffer
[3 * 16 + 4 + 16 + 1];
554 for (i
= 0; i
< len
|| (i
& 0xF); ++i
) {
555 size_t byte_ofs
= i
& 15;
558 memset(line_buffer
, ' ', 3 * 16 + 4 + 16);
559 line_buffer
[3 * 16 + 4 + 16] = 0;
562 size_t col_group
= (i
>> 2) & 3;
563 size_t hex_col
= byte_ofs
* 3 + col_group
;
564 size_t txt_col
= 3 * 16 + 4 + byte_ofs
;
569 line_buffer
[hex_col
+ 0] = tohex((value
>> 4) & 0xF);
570 line_buffer
[hex_col
+ 1] = tohex((value
>> 0) & 0xF);
571 line_buffer
[txt_col
+ 0] = (value
>= ' ' && value
< 127)
577 trace_fn(i
& -16, line_buffer
);
581 /* return -1 if error, 0 if OK */
582 static int put_packet_binary(GDBState
*s
, const char *buf
, int len
, bool dump
)
587 if (dump
&& trace_event_get_state_backends(TRACE_GDBSTUB_IO_BINARYREPLY
)) {
588 hexdump(buf
, len
, trace_gdbstub_io_binaryreply
);
597 for(i
= 0; i
< len
; i
++) {
601 *(p
++) = tohex((csum
>> 4) & 0xf);
602 *(p
++) = tohex((csum
) & 0xf);
604 s
->last_packet_len
= p
- s
->last_packet
;
605 put_buffer(s
, (uint8_t *)s
->last_packet
, s
->last_packet_len
);
607 #ifdef CONFIG_USER_ONLY
620 /* return -1 if error, 0 if OK */
621 static int put_packet(GDBState
*s
, const char *buf
)
623 trace_gdbstub_io_reply(buf
);
625 return put_packet_binary(s
, buf
, strlen(buf
), false);
628 /* Encode data using the encoding for 'x' packets. */
629 static int memtox(char *buf
, const char *mem
, int len
)
637 case '#': case '$': case '*': case '}':
649 static uint32_t gdb_get_cpu_pid(const GDBState
*s
, CPUState
*cpu
)
651 /* TODO: In user mode, we should use the task state PID */
652 if (cpu
->cluster_index
== UNASSIGNED_CLUSTER_INDEX
) {
653 /* Return the default process' PID */
654 return s
->processes
[s
->process_num
- 1].pid
;
656 return cpu
->cluster_index
+ 1;
659 static GDBProcess
*gdb_get_process(const GDBState
*s
, uint32_t pid
)
664 /* 0 means any process, we take the first one */
665 return &s
->processes
[0];
668 for (i
= 0; i
< s
->process_num
; i
++) {
669 if (s
->processes
[i
].pid
== pid
) {
670 return &s
->processes
[i
];
677 static GDBProcess
*gdb_get_cpu_process(const GDBState
*s
, CPUState
*cpu
)
679 return gdb_get_process(s
, gdb_get_cpu_pid(s
, cpu
));
682 static CPUState
*find_cpu(uint32_t thread_id
)
687 if (cpu_gdb_index(cpu
) == thread_id
) {
695 static CPUState
*get_first_cpu_in_process(const GDBState
*s
,
701 if (gdb_get_cpu_pid(s
, cpu
) == process
->pid
) {
709 static CPUState
*gdb_next_cpu_in_process(const GDBState
*s
, CPUState
*cpu
)
711 uint32_t pid
= gdb_get_cpu_pid(s
, cpu
);
715 if (gdb_get_cpu_pid(s
, cpu
) == pid
) {
725 /* Return the cpu following @cpu, while ignoring unattached processes. */
726 static CPUState
*gdb_next_attached_cpu(const GDBState
*s
, CPUState
*cpu
)
731 if (gdb_get_cpu_process(s
, cpu
)->attached
) {
741 /* Return the first attached cpu */
742 static CPUState
*gdb_first_attached_cpu(const GDBState
*s
)
744 CPUState
*cpu
= first_cpu
;
745 GDBProcess
*process
= gdb_get_cpu_process(s
, cpu
);
747 if (!process
->attached
) {
748 return gdb_next_attached_cpu(s
, cpu
);
754 static CPUState
*gdb_get_cpu(const GDBState
*s
, uint32_t pid
, uint32_t tid
)
760 /* 0 means any process/thread, we take the first attached one */
761 return gdb_first_attached_cpu(s
);
762 } else if (pid
&& !tid
) {
763 /* any thread in a specific process */
764 process
= gdb_get_process(s
, pid
);
766 if (process
== NULL
) {
770 if (!process
->attached
) {
774 return get_first_cpu_in_process(s
, process
);
776 /* a specific thread */
783 process
= gdb_get_cpu_process(s
, cpu
);
785 if (pid
&& process
->pid
!= pid
) {
789 if (!process
->attached
) {
797 static const char *get_feature_xml(const GDBState
*s
, const char *p
,
798 const char **newp
, GDBProcess
*process
)
803 CPUState
*cpu
= get_first_cpu_in_process(s
, process
);
804 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
807 while (p
[len
] && p
[len
] != ':')
812 if (strncmp(p
, "target.xml", len
) == 0) {
813 char *buf
= process
->target_xml
;
814 const size_t buf_sz
= sizeof(process
->target_xml
);
816 /* Generate the XML description for this CPU. */
821 "<?xml version=\"1.0\"?>"
822 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
824 if (cc
->gdb_arch_name
) {
825 gchar
*arch
= cc
->gdb_arch_name(cpu
);
826 pstrcat(buf
, buf_sz
, "<architecture>");
827 pstrcat(buf
, buf_sz
, arch
);
828 pstrcat(buf
, buf_sz
, "</architecture>");
831 pstrcat(buf
, buf_sz
, "<xi:include href=\"");
832 pstrcat(buf
, buf_sz
, cc
->gdb_core_xml_file
);
833 pstrcat(buf
, buf_sz
, "\"/>");
834 for (r
= cpu
->gdb_regs
; r
; r
= r
->next
) {
835 pstrcat(buf
, buf_sz
, "<xi:include href=\"");
836 pstrcat(buf
, buf_sz
, r
->xml
);
837 pstrcat(buf
, buf_sz
, "\"/>");
839 pstrcat(buf
, buf_sz
, "</target>");
843 if (cc
->gdb_get_dynamic_xml
) {
844 char *xmlname
= g_strndup(p
, len
);
845 const char *xml
= cc
->gdb_get_dynamic_xml(cpu
, xmlname
);
853 name
= xml_builtin
[i
][0];
854 if (!name
|| (strncmp(name
, p
, len
) == 0 && strlen(name
) == len
))
857 return name
? xml_builtin
[i
][1] : NULL
;
860 static int gdb_read_register(CPUState
*cpu
, uint8_t *mem_buf
, int reg
)
862 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
863 CPUArchState
*env
= cpu
->env_ptr
;
866 if (reg
< cc
->gdb_num_core_regs
) {
867 return cc
->gdb_read_register(cpu
, mem_buf
, reg
);
870 for (r
= cpu
->gdb_regs
; r
; r
= r
->next
) {
871 if (r
->base_reg
<= reg
&& reg
< r
->base_reg
+ r
->num_regs
) {
872 return r
->get_reg(env
, mem_buf
, reg
- r
->base_reg
);
878 static int gdb_write_register(CPUState
*cpu
, uint8_t *mem_buf
, int reg
)
880 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
881 CPUArchState
*env
= cpu
->env_ptr
;
884 if (reg
< cc
->gdb_num_core_regs
) {
885 return cc
->gdb_write_register(cpu
, mem_buf
, reg
);
888 for (r
= cpu
->gdb_regs
; r
; r
= r
->next
) {
889 if (r
->base_reg
<= reg
&& reg
< r
->base_reg
+ r
->num_regs
) {
890 return r
->set_reg(env
, mem_buf
, reg
- r
->base_reg
);
896 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
897 specifies the first register number and these registers are included in
898 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
899 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
902 void gdb_register_coprocessor(CPUState
*cpu
,
903 gdb_reg_cb get_reg
, gdb_reg_cb set_reg
,
904 int num_regs
, const char *xml
, int g_pos
)
907 GDBRegisterState
**p
;
911 /* Check for duplicates. */
912 if (strcmp((*p
)->xml
, xml
) == 0)
917 s
= g_new0(GDBRegisterState
, 1);
918 s
->base_reg
= cpu
->gdb_num_regs
;
919 s
->num_regs
= num_regs
;
920 s
->get_reg
= get_reg
;
921 s
->set_reg
= set_reg
;
924 /* Add to end of list. */
925 cpu
->gdb_num_regs
+= num_regs
;
928 if (g_pos
!= s
->base_reg
) {
929 error_report("Error: Bad gdb register numbering for '%s', "
930 "expected %d got %d", xml
, g_pos
, s
->base_reg
);
932 cpu
->gdb_num_g_regs
= cpu
->gdb_num_regs
;
937 #ifndef CONFIG_USER_ONLY
938 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
939 static inline int xlat_gdb_type(CPUState
*cpu
, int gdbtype
)
941 static const int xlat
[] = {
942 [GDB_WATCHPOINT_WRITE
] = BP_GDB
| BP_MEM_WRITE
,
943 [GDB_WATCHPOINT_READ
] = BP_GDB
| BP_MEM_READ
,
944 [GDB_WATCHPOINT_ACCESS
] = BP_GDB
| BP_MEM_ACCESS
,
947 CPUClass
*cc
= CPU_GET_CLASS(cpu
);
948 int cputype
= xlat
[gdbtype
];
950 if (cc
->gdb_stop_before_watchpoint
) {
951 cputype
|= BP_STOP_BEFORE_ACCESS
;
957 static int gdb_breakpoint_insert(target_ulong addr
, target_ulong len
, int type
)
963 return kvm_insert_breakpoint(gdbserver_state
->c_cpu
, addr
, len
, type
);
967 case GDB_BREAKPOINT_SW
:
968 case GDB_BREAKPOINT_HW
:
970 err
= cpu_breakpoint_insert(cpu
, addr
, BP_GDB
, NULL
);
976 #ifndef CONFIG_USER_ONLY
977 case GDB_WATCHPOINT_WRITE
:
978 case GDB_WATCHPOINT_READ
:
979 case GDB_WATCHPOINT_ACCESS
:
981 err
= cpu_watchpoint_insert(cpu
, addr
, len
,
982 xlat_gdb_type(cpu
, type
), NULL
);
994 static int gdb_breakpoint_remove(target_ulong addr
, target_ulong len
, int type
)
1000 return kvm_remove_breakpoint(gdbserver_state
->c_cpu
, addr
, len
, type
);
1004 case GDB_BREAKPOINT_SW
:
1005 case GDB_BREAKPOINT_HW
:
1007 err
= cpu_breakpoint_remove(cpu
, addr
, BP_GDB
);
1013 #ifndef CONFIG_USER_ONLY
1014 case GDB_WATCHPOINT_WRITE
:
1015 case GDB_WATCHPOINT_READ
:
1016 case GDB_WATCHPOINT_ACCESS
:
1018 err
= cpu_watchpoint_remove(cpu
, addr
, len
,
1019 xlat_gdb_type(cpu
, type
));
1030 static inline void gdb_cpu_breakpoint_remove_all(CPUState
*cpu
)
1032 cpu_breakpoint_remove_all(cpu
, BP_GDB
);
1033 #ifndef CONFIG_USER_ONLY
1034 cpu_watchpoint_remove_all(cpu
, BP_GDB
);
1038 static void gdb_process_breakpoint_remove_all(const GDBState
*s
, GDBProcess
*p
)
1040 CPUState
*cpu
= get_first_cpu_in_process(s
, p
);
1043 gdb_cpu_breakpoint_remove_all(cpu
);
1044 cpu
= gdb_next_cpu_in_process(s
, cpu
);
1048 static void gdb_breakpoint_remove_all(void)
1052 if (kvm_enabled()) {
1053 kvm_remove_all_breakpoints(gdbserver_state
->c_cpu
);
1058 gdb_cpu_breakpoint_remove_all(cpu
);
1062 static void gdb_set_cpu_pc(GDBState
*s
, target_ulong pc
)
1064 CPUState
*cpu
= s
->c_cpu
;
1066 cpu_synchronize_state(cpu
);
1067 cpu_set_pc(cpu
, pc
);
1070 static char *gdb_fmt_thread_id(const GDBState
*s
, CPUState
*cpu
,
1071 char *buf
, size_t buf_size
)
1073 if (s
->multiprocess
) {
1074 snprintf(buf
, buf_size
, "p%02x.%02x",
1075 gdb_get_cpu_pid(s
, cpu
), cpu_gdb_index(cpu
));
1077 snprintf(buf
, buf_size
, "%02x", cpu_gdb_index(cpu
));
1083 typedef enum GDBThreadIdKind
{
1085 GDB_ALL_THREADS
, /* One process, all threads */
1090 static GDBThreadIdKind
read_thread_id(const char *buf
, const char **end_buf
,
1091 uint32_t *pid
, uint32_t *tid
)
1098 ret
= qemu_strtoul(buf
, &buf
, 16, &p
);
1101 return GDB_READ_THREAD_ERR
;
1110 ret
= qemu_strtoul(buf
, &buf
, 16, &t
);
1113 return GDB_READ_THREAD_ERR
;
1119 return GDB_ALL_PROCESSES
;
1127 return GDB_ALL_THREADS
;
1134 return GDB_ONE_THREAD
;
1137 static int is_query_packet(const char *p
, const char *query
, char separator
)
1139 unsigned int query_len
= strlen(query
);
1141 return strncmp(p
, query
, query_len
) == 0 &&
1142 (p
[query_len
] == '\0' || p
[query_len
] == separator
);
1146 * gdb_handle_vcont - Parses and handles a vCont packet.
1147 * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
1148 * a format error, 0 on success.
1150 static int gdb_handle_vcont(GDBState
*s
, const char *p
)
1152 int res
, signal
= 0;
1157 GDBProcess
*process
;
1159 GDBThreadIdKind kind
;
1160 #ifdef CONFIG_USER_ONLY
1161 int max_cpus
= 1; /* global variable max_cpus exists only in system mode */
1164 max_cpus
= max_cpus
<= cpu
->cpu_index
? cpu
->cpu_index
+ 1 : max_cpus
;
1167 /* uninitialised CPUs stay 0 */
1168 newstates
= g_new0(char, max_cpus
);
1170 /* mark valid CPUs with 1 */
1172 newstates
[cpu
->cpu_index
] = 1;
1176 * res keeps track of what error we are returning, with -ENOTSUP meaning
1177 * that the command is unknown or unsupported, thus returning an empty
1178 * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
1179 * or incorrect parameters passed.
1189 if (cur_action
== 'C' || cur_action
== 'S') {
1190 cur_action
= qemu_tolower(cur_action
);
1191 res
= qemu_strtoul(p
+ 1, &p
, 16, &tmp
);
1195 signal
= gdb_signal_to_target(tmp
);
1196 } else if (cur_action
!= 'c' && cur_action
!= 's') {
1197 /* unknown/invalid/unsupported command */
1202 if (*p
== '\0' || *p
== ';') {
1204 * No thread specifier, action is on "all threads". The
1205 * specification is unclear regarding the process to act on. We
1206 * choose all processes.
1208 kind
= GDB_ALL_PROCESSES
;
1209 } else if (*p
++ == ':') {
1210 kind
= read_thread_id(p
, &p
, &pid
, &tid
);
1217 case GDB_READ_THREAD_ERR
:
1221 case GDB_ALL_PROCESSES
:
1222 cpu
= gdb_first_attached_cpu(s
);
1224 if (newstates
[cpu
->cpu_index
] == 1) {
1225 newstates
[cpu
->cpu_index
] = cur_action
;
1228 cpu
= gdb_next_attached_cpu(s
, cpu
);
1232 case GDB_ALL_THREADS
:
1233 process
= gdb_get_process(s
, pid
);
1235 if (!process
->attached
) {
1240 cpu
= get_first_cpu_in_process(s
, process
);
1242 if (newstates
[cpu
->cpu_index
] == 1) {
1243 newstates
[cpu
->cpu_index
] = cur_action
;
1246 cpu
= gdb_next_cpu_in_process(s
, cpu
);
1250 case GDB_ONE_THREAD
:
1251 cpu
= gdb_get_cpu(s
, pid
, tid
);
1253 /* invalid CPU/thread specified */
1259 /* only use if no previous match occourred */
1260 if (newstates
[cpu
->cpu_index
] == 1) {
1261 newstates
[cpu
->cpu_index
] = cur_action
;
1267 gdb_continue_partial(s
, newstates
);
1275 static int gdb_handle_packet(GDBState
*s
, const char *line_buf
)
1278 GDBProcess
*process
;
1282 int ch
, reg_size
, type
, res
;
1283 uint8_t mem_buf
[MAX_PACKET_LENGTH
];
1284 char buf
[sizeof(mem_buf
) + 1 /* trailing NUL */];
1287 target_ulong addr
, len
;
1288 GDBThreadIdKind thread_kind
;
1290 trace_gdbstub_io_command(line_buf
);
1296 put_packet(s
, "OK");
1299 /* TODO: Make this return the correct value for user-mode. */
1300 snprintf(buf
, sizeof(buf
), "T%02xthread:%s;", GDB_SIGNAL_TRAP
,
1301 gdb_fmt_thread_id(s
, s
->c_cpu
, thread_id
, sizeof(thread_id
)));
1303 /* Remove all the breakpoints when this query is issued,
1304 * because gdb is doing and initial connect and the state
1305 * should be cleaned up.
1307 gdb_breakpoint_remove_all();
1311 addr
= strtoull(p
, (char **)&p
, 16);
1312 gdb_set_cpu_pc(s
, addr
);
1318 s
->signal
= gdb_signal_to_target (strtoul(p
, (char **)&p
, 16));
1319 if (s
->signal
== -1)
1324 if (strncmp(p
, "Cont", 4) == 0) {
1327 put_packet(s
, "vCont;c;C;s;S");
1331 res
= gdb_handle_vcont(s
, p
);
1334 if ((res
== -EINVAL
) || (res
== -ERANGE
)) {
1335 put_packet(s
, "E22");
1338 goto unknown_command
;
1341 } else if (strncmp(p
, "Attach;", 7) == 0) {
1346 if (qemu_strtoul(p
, &p
, 16, &pid
)) {
1347 put_packet(s
, "E22");
1351 process
= gdb_get_process(s
, pid
);
1353 if (process
== NULL
) {
1354 put_packet(s
, "E22");
1358 cpu
= get_first_cpu_in_process(s
, process
);
1361 /* Refuse to attach an empty process */
1362 put_packet(s
, "E22");
1366 process
->attached
= true;
1371 snprintf(buf
, sizeof(buf
), "T%02xthread:%s;", GDB_SIGNAL_TRAP
,
1372 gdb_fmt_thread_id(s
, cpu
, thread_id
, sizeof(thread_id
)));
1376 } else if (strncmp(p
, "Kill;", 5) == 0) {
1377 /* Kill the target */
1378 put_packet(s
, "OK");
1379 error_report("QEMU: Terminated via GDBstub");
1382 goto unknown_command
;
1385 /* Kill the target */
1386 error_report("QEMU: Terminated via GDBstub");
1392 if (s
->multiprocess
) {
1395 put_packet(s
, "E22");
1399 if (qemu_strtoul(p
+ 1, &p
, 16, &lpid
)) {
1400 put_packet(s
, "E22");
1407 process
= gdb_get_process(s
, pid
);
1408 gdb_process_breakpoint_remove_all(s
, process
);
1409 process
->attached
= false;
1411 if (pid
== gdb_get_cpu_pid(s
, s
->c_cpu
)) {
1412 s
->c_cpu
= gdb_first_attached_cpu(s
);
1415 if (pid
== gdb_get_cpu_pid(s
, s
->g_cpu
)) {
1416 s
->g_cpu
= gdb_first_attached_cpu(s
);
1419 if (s
->c_cpu
== NULL
) {
1420 /* No more process attached */
1421 gdb_syscall_mode
= GDB_SYS_DISABLED
;
1424 put_packet(s
, "OK");
1428 addr
= strtoull(p
, (char **)&p
, 16);
1429 gdb_set_cpu_pc(s
, addr
);
1431 cpu_single_step(s
->c_cpu
, sstep_flags
);
1439 ret
= strtoull(p
, (char **)&p
, 16);
1442 err
= strtoull(p
, (char **)&p
, 16);
1449 if (s
->current_syscall_cb
) {
1450 s
->current_syscall_cb(s
->c_cpu
, ret
, err
);
1451 s
->current_syscall_cb
= NULL
;
1454 put_packet(s
, "T02");
1461 cpu_synchronize_state(s
->g_cpu
);
1463 for (addr
= 0; addr
< s
->g_cpu
->gdb_num_g_regs
; addr
++) {
1464 reg_size
= gdb_read_register(s
->g_cpu
, mem_buf
+ len
, addr
);
1467 memtohex(buf
, mem_buf
, len
);
1471 cpu_synchronize_state(s
->g_cpu
);
1472 registers
= mem_buf
;
1473 len
= strlen(p
) / 2;
1474 hextomem((uint8_t *)registers
, p
, len
);
1475 for (addr
= 0; addr
< s
->g_cpu
->gdb_num_g_regs
&& len
> 0; addr
++) {
1476 reg_size
= gdb_write_register(s
->g_cpu
, registers
, addr
);
1478 registers
+= reg_size
;
1480 put_packet(s
, "OK");
1483 addr
= strtoull(p
, (char **)&p
, 16);
1486 len
= strtoull(p
, NULL
, 16);
1488 /* memtohex() doubles the required space */
1489 if (len
> MAX_PACKET_LENGTH
/ 2) {
1490 put_packet (s
, "E22");
1494 if (target_memory_rw_debug(s
->g_cpu
, addr
, mem_buf
, len
, false) != 0) {
1495 put_packet (s
, "E14");
1497 memtohex(buf
, mem_buf
, len
);
1502 addr
= strtoull(p
, (char **)&p
, 16);
1505 len
= strtoull(p
, (char **)&p
, 16);
1509 /* hextomem() reads 2*len bytes */
1510 if (len
> strlen(p
) / 2) {
1511 put_packet (s
, "E22");
1514 hextomem(mem_buf
, p
, len
);
1515 if (target_memory_rw_debug(s
->g_cpu
, addr
, mem_buf
, len
,
1517 put_packet(s
, "E14");
1519 put_packet(s
, "OK");
1523 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1524 This works, but can be very slow. Anything new enough to
1525 understand XML also knows how to use this properly. */
1527 goto unknown_command
;
1528 addr
= strtoull(p
, (char **)&p
, 16);
1529 reg_size
= gdb_read_register(s
->g_cpu
, mem_buf
, addr
);
1531 memtohex(buf
, mem_buf
, reg_size
);
1534 put_packet(s
, "E14");
1539 goto unknown_command
;
1540 addr
= strtoull(p
, (char **)&p
, 16);
1543 reg_size
= strlen(p
) / 2;
1544 hextomem(mem_buf
, p
, reg_size
);
1545 gdb_write_register(s
->g_cpu
, mem_buf
, addr
);
1546 put_packet(s
, "OK");
1550 type
= strtoul(p
, (char **)&p
, 16);
1553 addr
= strtoull(p
, (char **)&p
, 16);
1556 len
= strtoull(p
, (char **)&p
, 16);
1558 res
= gdb_breakpoint_insert(addr
, len
, type
);
1560 res
= gdb_breakpoint_remove(addr
, len
, type
);
1562 put_packet(s
, "OK");
1563 else if (res
== -ENOSYS
)
1566 put_packet(s
, "E22");
1571 thread_kind
= read_thread_id(p
, &p
, &pid
, &tid
);
1572 if (thread_kind
== GDB_READ_THREAD_ERR
) {
1573 put_packet(s
, "E22");
1577 if (thread_kind
!= GDB_ONE_THREAD
) {
1578 put_packet(s
, "OK");
1581 cpu
= gdb_get_cpu(s
, pid
, tid
);
1583 put_packet(s
, "E22");
1589 put_packet(s
, "OK");
1593 put_packet(s
, "OK");
1596 put_packet(s
, "E22");
1601 thread_kind
= read_thread_id(p
, &p
, &pid
, &tid
);
1602 if (thread_kind
== GDB_READ_THREAD_ERR
) {
1603 put_packet(s
, "E22");
1606 cpu
= gdb_get_cpu(s
, pid
, tid
);
1609 put_packet(s
, "OK");
1611 put_packet(s
, "E22");
1616 /* parse any 'q' packets here */
1617 if (!strcmp(p
,"qemu.sstepbits")) {
1618 /* Query Breakpoint bit definitions */
1619 snprintf(buf
, sizeof(buf
), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1625 } else if (is_query_packet(p
, "qemu.sstep", '=')) {
1626 /* Display or change the sstep_flags */
1629 /* Display current setting */
1630 snprintf(buf
, sizeof(buf
), "0x%x", sstep_flags
);
1635 type
= strtoul(p
, (char **)&p
, 16);
1637 put_packet(s
, "OK");
1639 } else if (strcmp(p
,"C") == 0) {
1641 * "Current thread" remains vague in the spec, so always return
1642 * the first thread of the current process (gdb returns the
1645 cpu
= get_first_cpu_in_process(s
, gdb_get_cpu_process(s
, s
->g_cpu
));
1646 snprintf(buf
, sizeof(buf
), "QC%s",
1647 gdb_fmt_thread_id(s
, cpu
, thread_id
, sizeof(thread_id
)));
1650 } else if (strcmp(p
,"fThreadInfo") == 0) {
1651 s
->query_cpu
= gdb_first_attached_cpu(s
);
1652 goto report_cpuinfo
;
1653 } else if (strcmp(p
,"sThreadInfo") == 0) {
1656 snprintf(buf
, sizeof(buf
), "m%s",
1657 gdb_fmt_thread_id(s
, s
->query_cpu
,
1658 thread_id
, sizeof(thread_id
)));
1660 s
->query_cpu
= gdb_next_attached_cpu(s
, s
->query_cpu
);
1664 } else if (strncmp(p
,"ThreadExtraInfo,", 16) == 0) {
1665 if (read_thread_id(p
+ 16, &p
, &pid
, &tid
) == GDB_READ_THREAD_ERR
) {
1666 put_packet(s
, "E22");
1669 cpu
= gdb_get_cpu(s
, pid
, tid
);
1671 cpu_synchronize_state(cpu
);
1673 if (s
->multiprocess
&& (s
->process_num
> 1)) {
1674 /* Print the CPU model and name in multiprocess mode */
1675 ObjectClass
*oc
= object_get_class(OBJECT(cpu
));
1676 const char *cpu_model
= object_class_get_name(oc
);
1678 object_get_canonical_path_component(OBJECT(cpu
));
1679 len
= snprintf((char *)mem_buf
, sizeof(buf
) / 2,
1680 "%s %s [%s]", cpu_model
, cpu_name
,
1681 cpu
->halted
? "halted " : "running");
1684 /* memtohex() doubles the required space */
1685 len
= snprintf((char *)mem_buf
, sizeof(buf
) / 2,
1686 "CPU#%d [%s]", cpu
->cpu_index
,
1687 cpu
->halted
? "halted " : "running");
1689 trace_gdbstub_op_extra_info((char *)mem_buf
);
1690 memtohex(buf
, mem_buf
, len
);
1695 #ifdef CONFIG_USER_ONLY
1696 else if (strcmp(p
, "Offsets") == 0) {
1697 TaskState
*ts
= s
->c_cpu
->opaque
;
1699 snprintf(buf
, sizeof(buf
),
1700 "Text=" TARGET_ABI_FMT_lx
";Data=" TARGET_ABI_FMT_lx
1701 ";Bss=" TARGET_ABI_FMT_lx
,
1702 ts
->info
->code_offset
,
1703 ts
->info
->data_offset
,
1704 ts
->info
->data_offset
);
1708 #else /* !CONFIG_USER_ONLY */
1709 else if (strncmp(p
, "Rcmd,", 5) == 0) {
1710 int len
= strlen(p
+ 5);
1712 if ((len
% 2) != 0) {
1713 put_packet(s
, "E01");
1717 hextomem(mem_buf
, p
+ 5, len
);
1719 qemu_chr_be_write(s
->mon_chr
, mem_buf
, len
);
1720 put_packet(s
, "OK");
1723 #endif /* !CONFIG_USER_ONLY */
1724 if (is_query_packet(p
, "Supported", ':')) {
1725 snprintf(buf
, sizeof(buf
), "PacketSize=%x", MAX_PACKET_LENGTH
);
1726 cc
= CPU_GET_CLASS(first_cpu
);
1727 if (cc
->gdb_core_xml_file
!= NULL
) {
1728 pstrcat(buf
, sizeof(buf
), ";qXfer:features:read+");
1731 if (strstr(p
, "multiprocess+")) {
1732 s
->multiprocess
= true;
1734 pstrcat(buf
, sizeof(buf
), ";multiprocess+");
1739 if (strncmp(p
, "Xfer:features:read:", 19) == 0) {
1741 target_ulong total_len
;
1743 process
= gdb_get_cpu_process(s
, s
->g_cpu
);
1744 cc
= CPU_GET_CLASS(s
->g_cpu
);
1745 if (cc
->gdb_core_xml_file
== NULL
) {
1746 goto unknown_command
;
1751 xml
= get_feature_xml(s
, p
, &p
, process
);
1753 snprintf(buf
, sizeof(buf
), "E00");
1760 addr
= strtoul(p
, (char **)&p
, 16);
1763 len
= strtoul(p
, (char **)&p
, 16);
1765 total_len
= strlen(xml
);
1766 if (addr
> total_len
) {
1767 snprintf(buf
, sizeof(buf
), "E00");
1771 if (len
> (MAX_PACKET_LENGTH
- 5) / 2)
1772 len
= (MAX_PACKET_LENGTH
- 5) / 2;
1773 if (len
< total_len
- addr
) {
1775 len
= memtox(buf
+ 1, xml
+ addr
, len
);
1778 len
= memtox(buf
+ 1, xml
+ addr
, total_len
- addr
);
1780 put_packet_binary(s
, buf
, len
+ 1, true);
1783 if (is_query_packet(p
, "Attached", ':')) {
1784 put_packet(s
, GDB_ATTACHED
);
1787 /* Unrecognised 'q' command. */
1788 goto unknown_command
;
1792 /* put empty packet */
1800 void gdb_set_stop_cpu(CPUState
*cpu
)
1802 GDBProcess
*p
= gdb_get_cpu_process(gdbserver_state
, cpu
);
1806 * Having a stop CPU corresponding to a process that is not attached
1807 * confuses GDB. So we ignore the request.
1812 gdbserver_state
->c_cpu
= cpu
;
1813 gdbserver_state
->g_cpu
= cpu
;
1816 #ifndef CONFIG_USER_ONLY
1817 static void gdb_vm_state_change(void *opaque
, int running
, RunState state
)
1819 GDBState
*s
= gdbserver_state
;
1820 CPUState
*cpu
= s
->c_cpu
;
1826 if (running
|| s
->state
== RS_INACTIVE
) {
1829 /* Is there a GDB syscall waiting to be sent? */
1830 if (s
->current_syscall_cb
) {
1831 put_packet(s
, s
->syscall_buf
);
1836 /* No process attached */
1840 gdb_fmt_thread_id(s
, cpu
, thread_id
, sizeof(thread_id
));
1843 case RUN_STATE_DEBUG
:
1844 if (cpu
->watchpoint_hit
) {
1845 switch (cpu
->watchpoint_hit
->flags
& BP_MEM_ACCESS
) {
1856 trace_gdbstub_hit_watchpoint(type
, cpu_gdb_index(cpu
),
1857 (target_ulong
)cpu
->watchpoint_hit
->vaddr
);
1858 snprintf(buf
, sizeof(buf
),
1859 "T%02xthread:%s;%swatch:" TARGET_FMT_lx
";",
1860 GDB_SIGNAL_TRAP
, thread_id
, type
,
1861 (target_ulong
)cpu
->watchpoint_hit
->vaddr
);
1862 cpu
->watchpoint_hit
= NULL
;
1865 trace_gdbstub_hit_break();
1868 ret
= GDB_SIGNAL_TRAP
;
1870 case RUN_STATE_PAUSED
:
1871 trace_gdbstub_hit_paused();
1872 ret
= GDB_SIGNAL_INT
;
1874 case RUN_STATE_SHUTDOWN
:
1875 trace_gdbstub_hit_shutdown();
1876 ret
= GDB_SIGNAL_QUIT
;
1878 case RUN_STATE_IO_ERROR
:
1879 trace_gdbstub_hit_io_error();
1880 ret
= GDB_SIGNAL_IO
;
1882 case RUN_STATE_WATCHDOG
:
1883 trace_gdbstub_hit_watchdog();
1884 ret
= GDB_SIGNAL_ALRM
;
1886 case RUN_STATE_INTERNAL_ERROR
:
1887 trace_gdbstub_hit_internal_error();
1888 ret
= GDB_SIGNAL_ABRT
;
1890 case RUN_STATE_SAVE_VM
:
1891 case RUN_STATE_RESTORE_VM
:
1893 case RUN_STATE_FINISH_MIGRATE
:
1894 ret
= GDB_SIGNAL_XCPU
;
1897 trace_gdbstub_hit_unknown(state
);
1898 ret
= GDB_SIGNAL_UNKNOWN
;
1901 gdb_set_stop_cpu(cpu
);
1902 snprintf(buf
, sizeof(buf
), "T%02xthread:%s;", ret
, thread_id
);
1907 /* disable single step if it was enabled */
1908 cpu_single_step(cpu
, 0);
1912 /* Send a gdb syscall request.
1913 This accepts limited printf-style format specifiers, specifically:
1914 %x - target_ulong argument printed in hex.
1915 %lx - 64-bit argument printed in hex.
1916 %s - string pointer (target_ulong) and length (int) pair. */
1917 void gdb_do_syscallv(gdb_syscall_complete_cb cb
, const char *fmt
, va_list va
)
1925 s
= gdbserver_state
;
1928 s
->current_syscall_cb
= cb
;
1929 #ifndef CONFIG_USER_ONLY
1930 vm_stop(RUN_STATE_DEBUG
);
1933 p_end
= &s
->syscall_buf
[sizeof(s
->syscall_buf
)];
1940 addr
= va_arg(va
, target_ulong
);
1941 p
+= snprintf(p
, p_end
- p
, TARGET_FMT_lx
, addr
);
1944 if (*(fmt
++) != 'x')
1946 i64
= va_arg(va
, uint64_t);
1947 p
+= snprintf(p
, p_end
- p
, "%" PRIx64
, i64
);
1950 addr
= va_arg(va
, target_ulong
);
1951 p
+= snprintf(p
, p_end
- p
, TARGET_FMT_lx
"/%x",
1952 addr
, va_arg(va
, int));
1956 error_report("gdbstub: Bad syscall format string '%s'",
1965 #ifdef CONFIG_USER_ONLY
1966 put_packet(s
, s
->syscall_buf
);
1967 /* Return control to gdb for it to process the syscall request.
1968 * Since the protocol requires that gdb hands control back to us
1969 * using a "here are the results" F packet, we don't need to check
1970 * gdb_handlesig's return value (which is the signal to deliver if
1971 * execution was resumed via a continue packet).
1973 gdb_handlesig(s
->c_cpu
, 0);
1975 /* In this case wait to send the syscall packet until notification that
1976 the CPU has stopped. This must be done because if the packet is sent
1977 now the reply from the syscall request could be received while the CPU
1978 is still in the running state, which can cause packets to be dropped
1979 and state transition 'T' packets to be sent while the syscall is still
1981 qemu_cpu_kick(s
->c_cpu
);
1985 void gdb_do_syscall(gdb_syscall_complete_cb cb
, const char *fmt
, ...)
1990 gdb_do_syscallv(cb
, fmt
, va
);
1994 static void gdb_read_byte(GDBState
*s
, uint8_t ch
)
1998 #ifndef CONFIG_USER_ONLY
1999 if (s
->last_packet_len
) {
2000 /* Waiting for a response to the last packet. If we see the start
2001 of a new command then abandon the previous response. */
2003 trace_gdbstub_err_got_nack();
2004 put_buffer(s
, (uint8_t *)s
->last_packet
, s
->last_packet_len
);
2005 } else if (ch
== '+') {
2006 trace_gdbstub_io_got_ack();
2008 trace_gdbstub_io_got_unexpected(ch
);
2011 if (ch
== '+' || ch
== '$')
2012 s
->last_packet_len
= 0;
2016 if (runstate_is_running()) {
2017 /* when the CPU is running, we cannot do anything except stop
2018 it when receiving a char */
2019 vm_stop(RUN_STATE_PAUSED
);
2026 /* start of command packet */
2027 s
->line_buf_index
= 0;
2029 s
->state
= RS_GETLINE
;
2031 trace_gdbstub_err_garbage(ch
);
2036 /* start escape sequence */
2037 s
->state
= RS_GETLINE_ESC
;
2039 } else if (ch
== '*') {
2040 /* start run length encoding sequence */
2041 s
->state
= RS_GETLINE_RLE
;
2043 } else if (ch
== '#') {
2044 /* end of command, start of checksum*/
2045 s
->state
= RS_CHKSUM1
;
2046 } else if (s
->line_buf_index
>= sizeof(s
->line_buf
) - 1) {
2047 trace_gdbstub_err_overrun();
2050 /* unescaped command character */
2051 s
->line_buf
[s
->line_buf_index
++] = ch
;
2055 case RS_GETLINE_ESC
:
2057 /* unexpected end of command in escape sequence */
2058 s
->state
= RS_CHKSUM1
;
2059 } else if (s
->line_buf_index
>= sizeof(s
->line_buf
) - 1) {
2060 /* command buffer overrun */
2061 trace_gdbstub_err_overrun();
2064 /* parse escaped character and leave escape state */
2065 s
->line_buf
[s
->line_buf_index
++] = ch
^ 0x20;
2067 s
->state
= RS_GETLINE
;
2070 case RS_GETLINE_RLE
:
2072 * Run-length encoding is explained in "Debugging with GDB /
2073 * Appendix E GDB Remote Serial Protocol / Overview".
2075 if (ch
< ' ' || ch
== '#' || ch
== '$' || ch
> 126) {
2076 /* invalid RLE count encoding */
2077 trace_gdbstub_err_invalid_repeat(ch
);
2078 s
->state
= RS_GETLINE
;
2080 /* decode repeat length */
2081 int repeat
= ch
- ' ' + 3;
2082 if (s
->line_buf_index
+ repeat
>= sizeof(s
->line_buf
) - 1) {
2083 /* that many repeats would overrun the command buffer */
2084 trace_gdbstub_err_overrun();
2086 } else if (s
->line_buf_index
< 1) {
2087 /* got a repeat but we have nothing to repeat */
2088 trace_gdbstub_err_invalid_rle();
2089 s
->state
= RS_GETLINE
;
2091 /* repeat the last character */
2092 memset(s
->line_buf
+ s
->line_buf_index
,
2093 s
->line_buf
[s
->line_buf_index
- 1], repeat
);
2094 s
->line_buf_index
+= repeat
;
2096 s
->state
= RS_GETLINE
;
2101 /* get high hex digit of checksum */
2102 if (!isxdigit(ch
)) {
2103 trace_gdbstub_err_checksum_invalid(ch
);
2104 s
->state
= RS_GETLINE
;
2107 s
->line_buf
[s
->line_buf_index
] = '\0';
2108 s
->line_csum
= fromhex(ch
) << 4;
2109 s
->state
= RS_CHKSUM2
;
2112 /* get low hex digit of checksum */
2113 if (!isxdigit(ch
)) {
2114 trace_gdbstub_err_checksum_invalid(ch
);
2115 s
->state
= RS_GETLINE
;
2118 s
->line_csum
|= fromhex(ch
);
2120 if (s
->line_csum
!= (s
->line_sum
& 0xff)) {
2121 trace_gdbstub_err_checksum_incorrect(s
->line_sum
, s
->line_csum
);
2122 /* send NAK reply */
2124 put_buffer(s
, &reply
, 1);
2127 /* send ACK reply */
2129 put_buffer(s
, &reply
, 1);
2130 s
->state
= gdb_handle_packet(s
, s
->line_buf
);
2139 /* Tell the remote gdb that the process has exited. */
2140 void gdb_exit(CPUArchState
*env
, int code
)
2145 s
= gdbserver_state
;
2149 #ifdef CONFIG_USER_ONLY
2150 if (gdbserver_fd
< 0 || s
->fd
< 0) {
2155 trace_gdbstub_op_exiting((uint8_t)code
);
2157 snprintf(buf
, sizeof(buf
), "W%02x", (uint8_t)code
);
2160 #ifndef CONFIG_USER_ONLY
2161 qemu_chr_fe_deinit(&s
->chr
, true);
2166 * Create the process that will contain all the "orphan" CPUs (that are not
2167 * part of a CPU cluster). Note that if this process contains no CPUs, it won't
2168 * be attachable and thus will be invisible to the user.
2170 static void create_default_process(GDBState
*s
)
2172 GDBProcess
*process
;
2175 if (s
->process_num
) {
2176 max_pid
= s
->processes
[s
->process_num
- 1].pid
;
2179 s
->processes
= g_renew(GDBProcess
, s
->processes
, ++s
->process_num
);
2180 process
= &s
->processes
[s
->process_num
- 1];
2182 /* We need an available PID slot for this process */
2183 assert(max_pid
< UINT32_MAX
);
2185 process
->pid
= max_pid
+ 1;
2186 process
->attached
= false;
2187 process
->target_xml
[0] = '\0';
2190 #ifdef CONFIG_USER_ONLY
2192 gdb_handlesig(CPUState
*cpu
, int sig
)
2198 s
= gdbserver_state
;
2199 if (gdbserver_fd
< 0 || s
->fd
< 0) {
2203 /* disable single step if it was enabled */
2204 cpu_single_step(cpu
, 0);
2208 snprintf(buf
, sizeof(buf
), "S%02x", target_signal_to_gdb(sig
));
2211 /* put_packet() might have detected that the peer terminated the
2219 s
->running_state
= 0;
2220 while (s
->running_state
== 0) {
2221 n
= read(s
->fd
, buf
, 256);
2225 for (i
= 0; i
< n
; i
++) {
2226 gdb_read_byte(s
, buf
[i
]);
2229 /* XXX: Connection closed. Should probably wait for another
2230 connection before continuing. */
2243 /* Tell the remote gdb that the process has exited due to SIG. */
2244 void gdb_signalled(CPUArchState
*env
, int sig
)
2249 s
= gdbserver_state
;
2250 if (gdbserver_fd
< 0 || s
->fd
< 0) {
2254 snprintf(buf
, sizeof(buf
), "X%02x", target_signal_to_gdb(sig
));
2258 static bool gdb_accept(void)
2261 struct sockaddr_in sockaddr
;
2266 len
= sizeof(sockaddr
);
2267 fd
= accept(gdbserver_fd
, (struct sockaddr
*)&sockaddr
, &len
);
2268 if (fd
< 0 && errno
!= EINTR
) {
2271 } else if (fd
>= 0) {
2272 qemu_set_cloexec(fd
);
2277 /* set short latency */
2278 if (socket_set_nodelay(fd
)) {
2279 perror("setsockopt");
2284 s
= g_malloc0(sizeof(GDBState
));
2285 create_default_process(s
);
2286 s
->processes
[0].attached
= true;
2287 s
->c_cpu
= gdb_first_attached_cpu(s
);
2288 s
->g_cpu
= s
->c_cpu
;
2290 gdb_has_xml
= false;
2292 gdbserver_state
= s
;
2296 static int gdbserver_open(int port
)
2298 struct sockaddr_in sockaddr
;
2301 fd
= socket(PF_INET
, SOCK_STREAM
, 0);
2306 qemu_set_cloexec(fd
);
2308 socket_set_fast_reuse(fd
);
2310 sockaddr
.sin_family
= AF_INET
;
2311 sockaddr
.sin_port
= htons(port
);
2312 sockaddr
.sin_addr
.s_addr
= 0;
2313 ret
= bind(fd
, (struct sockaddr
*)&sockaddr
, sizeof(sockaddr
));
2319 ret
= listen(fd
, 1);
2328 int gdbserver_start(int port
)
2330 gdbserver_fd
= gdbserver_open(port
);
2331 if (gdbserver_fd
< 0)
2333 /* accept connections */
2334 if (!gdb_accept()) {
2335 close(gdbserver_fd
);
2342 /* Disable gdb stub for child processes. */
2343 void gdbserver_fork(CPUState
*cpu
)
2345 GDBState
*s
= gdbserver_state
;
2347 if (gdbserver_fd
< 0 || s
->fd
< 0) {
2352 cpu_breakpoint_remove_all(cpu
, BP_GDB
);
2353 cpu_watchpoint_remove_all(cpu
, BP_GDB
);
2356 static int gdb_chr_can_receive(void *opaque
)
2358 /* We can handle an arbitrarily large amount of data.
2359 Pick the maximum packet size, which is as good as anything. */
2360 return MAX_PACKET_LENGTH
;
2363 static void gdb_chr_receive(void *opaque
, const uint8_t *buf
, int size
)
2367 for (i
= 0; i
< size
; i
++) {
2368 gdb_read_byte(gdbserver_state
, buf
[i
]);
2372 static void gdb_chr_event(void *opaque
, int event
)
2375 GDBState
*s
= (GDBState
*) opaque
;
2378 case CHR_EVENT_OPENED
:
2379 /* Start with first process attached, others detached */
2380 for (i
= 0; i
< s
->process_num
; i
++) {
2381 s
->processes
[i
].attached
= !i
;
2384 s
->c_cpu
= gdb_first_attached_cpu(s
);
2385 s
->g_cpu
= s
->c_cpu
;
2387 vm_stop(RUN_STATE_PAUSED
);
2388 gdb_has_xml
= false;
2395 static void gdb_monitor_output(GDBState
*s
, const char *msg
, int len
)
2397 char buf
[MAX_PACKET_LENGTH
];
2400 if (len
> (MAX_PACKET_LENGTH
/2) - 1)
2401 len
= (MAX_PACKET_LENGTH
/2) - 1;
2402 memtohex(buf
+ 1, (uint8_t *)msg
, len
);
2406 static int gdb_monitor_write(Chardev
*chr
, const uint8_t *buf
, int len
)
2408 const char *p
= (const char *)buf
;
2411 max_sz
= (sizeof(gdbserver_state
->last_packet
) - 2) / 2;
2413 if (len
<= max_sz
) {
2414 gdb_monitor_output(gdbserver_state
, p
, len
);
2417 gdb_monitor_output(gdbserver_state
, p
, max_sz
);
2425 static void gdb_sigterm_handler(int signal
)
2427 if (runstate_is_running()) {
2428 vm_stop(RUN_STATE_PAUSED
);
2433 static void gdb_monitor_open(Chardev
*chr
, ChardevBackend
*backend
,
2434 bool *be_opened
, Error
**errp
)
2439 static void char_gdb_class_init(ObjectClass
*oc
, void *data
)
2441 ChardevClass
*cc
= CHARDEV_CLASS(oc
);
2443 cc
->internal
= true;
2444 cc
->open
= gdb_monitor_open
;
2445 cc
->chr_write
= gdb_monitor_write
;
2448 #define TYPE_CHARDEV_GDB "chardev-gdb"
2450 static const TypeInfo char_gdb_type_info
= {
2451 .name
= TYPE_CHARDEV_GDB
,
2452 .parent
= TYPE_CHARDEV
,
2453 .class_init
= char_gdb_class_init
,
2456 static int find_cpu_clusters(Object
*child
, void *opaque
)
2458 if (object_dynamic_cast(child
, TYPE_CPU_CLUSTER
)) {
2459 GDBState
*s
= (GDBState
*) opaque
;
2460 CPUClusterState
*cluster
= CPU_CLUSTER(child
);
2461 GDBProcess
*process
;
2463 s
->processes
= g_renew(GDBProcess
, s
->processes
, ++s
->process_num
);
2465 process
= &s
->processes
[s
->process_num
- 1];
2468 * GDB process IDs -1 and 0 are reserved. To avoid subtle errors at
2469 * runtime, we enforce here that the machine does not use a cluster ID
2470 * that would lead to PID 0.
2472 assert(cluster
->cluster_id
!= UINT32_MAX
);
2473 process
->pid
= cluster
->cluster_id
+ 1;
2474 process
->attached
= false;
2475 process
->target_xml
[0] = '\0';
2480 return object_child_foreach(child
, find_cpu_clusters
, opaque
);
2483 static int pid_order(const void *a
, const void *b
)
2485 GDBProcess
*pa
= (GDBProcess
*) a
;
2486 GDBProcess
*pb
= (GDBProcess
*) b
;
2488 if (pa
->pid
< pb
->pid
) {
2490 } else if (pa
->pid
> pb
->pid
) {
2497 static void create_processes(GDBState
*s
)
2499 object_child_foreach(object_get_root(), find_cpu_clusters
, s
);
2503 qsort(s
->processes
, s
->process_num
, sizeof(s
->processes
[0]), pid_order
);
2506 create_default_process(s
);
2509 static void cleanup_processes(GDBState
*s
)
2511 g_free(s
->processes
);
2513 s
->processes
= NULL
;
2516 int gdbserver_start(const char *device
)
2518 trace_gdbstub_op_start(device
);
2521 char gdbstub_device_name
[128];
2522 Chardev
*chr
= NULL
;
2526 error_report("gdbstub: meaningless to attach gdb to a "
2527 "machine without any CPU.");
2533 if (strcmp(device
, "none") != 0) {
2534 if (strstart(device
, "tcp:", NULL
)) {
2535 /* enforce required TCP attributes */
2536 snprintf(gdbstub_device_name
, sizeof(gdbstub_device_name
),
2537 "%s,nowait,nodelay,server", device
);
2538 device
= gdbstub_device_name
;
2541 else if (strcmp(device
, "stdio") == 0) {
2542 struct sigaction act
;
2544 memset(&act
, 0, sizeof(act
));
2545 act
.sa_handler
= gdb_sigterm_handler
;
2546 sigaction(SIGINT
, &act
, NULL
);
2550 * FIXME: it's a bit weird to allow using a mux chardev here
2551 * and implicitly setup a monitor. We may want to break this.
2553 chr
= qemu_chr_new_noreplay("gdb", device
, true, NULL
);
2558 s
= gdbserver_state
;
2560 s
= g_malloc0(sizeof(GDBState
));
2561 gdbserver_state
= s
;
2563 qemu_add_vm_change_state_handler(gdb_vm_state_change
, NULL
);
2565 /* Initialize a monitor terminal for gdb */
2566 mon_chr
= qemu_chardev_new(NULL
, TYPE_CHARDEV_GDB
,
2567 NULL
, NULL
, &error_abort
);
2568 monitor_init(mon_chr
, 0);
2570 qemu_chr_fe_deinit(&s
->chr
, true);
2571 mon_chr
= s
->mon_chr
;
2572 cleanup_processes(s
);
2573 memset(s
, 0, sizeof(GDBState
));
2574 s
->mon_chr
= mon_chr
;
2577 create_processes(s
);
2580 qemu_chr_fe_init(&s
->chr
, chr
, &error_abort
);
2581 qemu_chr_fe_set_handlers(&s
->chr
, gdb_chr_can_receive
, gdb_chr_receive
,
2582 gdb_chr_event
, NULL
, s
, NULL
, true);
2584 s
->state
= chr
? RS_IDLE
: RS_INACTIVE
;
2585 s
->mon_chr
= mon_chr
;
2586 s
->current_syscall_cb
= NULL
;
2591 void gdbserver_cleanup(void)
2593 if (gdbserver_state
) {
2594 put_packet(gdbserver_state
, "W00");
2598 static void register_types(void)
2600 type_register_static(&char_gdb_type_info
);
2603 type_init(register_types
);