4 * Copyright (c) 2003-2005 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #include "qemu/error-report.h"
22 #include "qemu/cutils.h"
24 #ifdef CONFIG_USER_ONLY
27 #include "monitor/monitor.h"
28 #include "chardev/char.h"
29 #include "chardev/char-fe.h"
30 #include "sysemu/sysemu.h"
31 #include "exec/gdbstub.h"
34 #define MAX_PACKET_LENGTH 4096
36 #include "qemu/sockets.h"
37 #include "sysemu/hw_accel.h"
38 #include "sysemu/kvm.h"
39 #include "exec/semihost.h"
40 #include "exec/exec-all.h"
42 #ifdef CONFIG_USER_ONLY
43 #define GDB_ATTACHED "0"
45 #define GDB_ATTACHED "1"
48 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
49 uint8_t *buf, int len, bool is_write)
51 CPUClass *cc = CPU_GET_CLASS(cpu);
53 if (cc->memory_rw_debug) {
54 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
56 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
68 GDB_SIGNAL_UNKNOWN = 143
71 #ifdef CONFIG_USER_ONLY
73 /* Map target signal numbers to GDB protocol signal numbers and vice
74 * versa. For user emulation's currently supported systems, we can
75 * assume most signals are defined.
78 static int gdb_signal_table[] = {
238 /* In system mode we only need SIGINT and SIGTRAP; other signals
239 are not yet supported. */
246 static int gdb_signal_table[] = {
256 #ifdef CONFIG_USER_ONLY
257 static int target_signal_to_gdb (int sig)
260 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
261 if (gdb_signal_table[i] == sig)
263 return GDB_SIGNAL_UNKNOWN;
267 static int gdb_signal_to_target (int sig)
269 if (sig < ARRAY_SIZE (gdb_signal_table))
270 return gdb_signal_table[sig];
277 typedef struct GDBRegisterState {
283 struct GDBRegisterState *next;
295 typedef struct GDBState {
296 CPUState *c_cpu; /* current CPU for step/continue ops */
297 CPUState *g_cpu; /* current CPU for other ops */
298 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
299 enum RSState state; /* parsing state */
300 char line_buf[MAX_PACKET_LENGTH];
302 int line_sum; /* running checksum */
303 int line_csum; /* checksum at the end of the packet */
304 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
307 #ifdef CONFIG_USER_ONLY
314 char syscall_buf[256];
315 gdb_syscall_complete_cb current_syscall_cb;
318 /* By default use no IRQs and no timers while single stepping so as to
319 * make single stepping like an ICE HW step.
321 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
323 static GDBState *gdbserver_state;
327 #ifdef CONFIG_USER_ONLY
328 /* XXX: This is not thread safe. Do we care? */
329 static int gdbserver_fd = -1;
331 static int get_char(GDBState *s)
337 ret = qemu_recv(s->fd, &ch, 1, 0);
339 if (errno == ECONNRESET)
343 } else if (ret == 0) {
361 /* Decide if either remote gdb syscalls or native file IO should be used. */
362 int use_gdb_syscalls(void)
364 SemihostingTarget target = semihosting_get_target();
365 if (target == SEMIHOSTING_TARGET_NATIVE) {
366 /* -semihosting-config target=native */
368 } else if (target == SEMIHOSTING_TARGET_GDB) {
369 /* -semihosting-config target=gdb */
373 /* -semihosting-config target=auto */
374 /* On the first call check if gdb is connected and remember. */
375 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
376 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
379 return gdb_syscall_mode == GDB_SYS_ENABLED;
382 /* Resume execution. */
383 static inline void gdb_continue(GDBState *s)
385 #ifdef CONFIG_USER_ONLY
386 s->running_state = 1;
388 if (!runstate_needs_reset()) {
395 * Resume execution, per CPU actions. For user-mode emulation it's
396 * equivalent to gdb_continue.
398 static int gdb_continue_partial(GDBState *s, char *newstates)
402 #ifdef CONFIG_USER_ONLY
404 * This is not exactly accurate, but it's an improvement compared to the
405 * previous situation, where only one CPU would be single-stepped.
408 if (newstates[cpu->cpu_index] == 's') {
409 cpu_single_step(cpu, sstep_flags);
412 s->running_state = 1;
416 if (!runstate_needs_reset()) {
417 if (vm_prepare_start()) {
422 switch (newstates[cpu->cpu_index]) {
425 break; /* nothing to do here */
427 cpu_single_step(cpu, sstep_flags);
442 qemu_clock_enable(QEMU_CLOCK_VIRTUAL, true);
448 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
450 #ifdef CONFIG_USER_ONLY
454 ret = send(s->fd, buf, len, 0);
464 /* XXX this blocks entire thread. Rewrite to use
465 * qemu_chr_fe_write and background I/O callbacks */
466 qemu_chr_fe_write_all(&s->chr, buf, len);
470 static inline int fromhex(int v)
472 if (v >= '0' && v <= '9')
474 else if (v >= 'A' && v <= 'F')
476 else if (v >= 'a' && v <= 'f')
482 static inline int tohex(int v)
490 static void memtohex(char *buf, const uint8_t *mem, int len)
495 for(i = 0; i < len; i++) {
497 *q++ = tohex(c >> 4);
498 *q++ = tohex(c & 0xf);
503 static void hextomem(uint8_t *mem, const char *buf, int len)
507 for(i = 0; i < len; i++) {
508 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
513 /* return -1 if error, 0 if OK */
514 static int put_packet_binary(GDBState *s, const char *buf, int len)
525 for(i = 0; i < len; i++) {
529 *(p++) = tohex((csum >> 4) & 0xf);
530 *(p++) = tohex((csum) & 0xf);
532 s->last_packet_len = p - s->last_packet;
533 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
535 #ifdef CONFIG_USER_ONLY
548 /* return -1 if error, 0 if OK */
549 static int put_packet(GDBState *s, const char *buf)
552 printf("reply='%s'\n", buf);
555 return put_packet_binary(s, buf, strlen(buf));
558 /* Encode data using the encoding for 'x' packets. */
559 static int memtox(char *buf, const char *mem, int len)
567 case '#': case '$': case '*': case '}':
579 static const char *get_feature_xml(const char *p, const char **newp,
585 static char target_xml[1024];
588 while (p[len] && p[len] != ':')
593 if (strncmp(p, "target.xml", len) == 0) {
594 /* Generate the XML description for this CPU. */
595 if (!target_xml[0]) {
597 CPUState *cpu = first_cpu;
599 pstrcat(target_xml, sizeof(target_xml),
600 "<?xml version=\"1.0\"?>"
601 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
603 if (cc->gdb_arch_name) {
604 gchar *arch = cc->gdb_arch_name(cpu);
605 pstrcat(target_xml, sizeof(target_xml), "<architecture>");
606 pstrcat(target_xml, sizeof(target_xml), arch);
607 pstrcat(target_xml, sizeof(target_xml), "</architecture>");
610 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
611 pstrcat(target_xml, sizeof(target_xml), cc->gdb_core_xml_file);
612 pstrcat(target_xml, sizeof(target_xml), "\"/>");
613 for (r = cpu->gdb_regs; r; r = r->next) {
614 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
615 pstrcat(target_xml, sizeof(target_xml), r->xml);
616 pstrcat(target_xml, sizeof(target_xml), "\"/>");
618 pstrcat(target_xml, sizeof(target_xml), "</target>");
623 name = xml_builtin[i][0];
624 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
627 return name ? xml_builtin[i][1] : NULL;
630 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
632 CPUClass *cc = CPU_GET_CLASS(cpu);
633 CPUArchState *env = cpu->env_ptr;
636 if (reg < cc->gdb_num_core_regs) {
637 return cc->gdb_read_register(cpu, mem_buf, reg);
640 for (r = cpu->gdb_regs; r; r = r->next) {
641 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
642 return r->get_reg(env, mem_buf, reg - r->base_reg);
648 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
650 CPUClass *cc = CPU_GET_CLASS(cpu);
651 CPUArchState *env = cpu->env_ptr;
654 if (reg < cc->gdb_num_core_regs) {
655 return cc->gdb_write_register(cpu, mem_buf, reg);
658 for (r = cpu->gdb_regs; r; r = r->next) {
659 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
660 return r->set_reg(env, mem_buf, reg - r->base_reg);
666 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
667 specifies the first register number and these registers are included in
668 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
669 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
672 void gdb_register_coprocessor(CPUState *cpu,
673 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
674 int num_regs, const char *xml, int g_pos)
677 GDBRegisterState **p;
681 /* Check for duplicates. */
682 if (strcmp((*p)->xml, xml) == 0)
687 s = g_new0(GDBRegisterState, 1);
688 s->base_reg = cpu->gdb_num_regs;
689 s->num_regs = num_regs;
690 s->get_reg = get_reg;
691 s->set_reg = set_reg;
694 /* Add to end of list. */
695 cpu->gdb_num_regs += num_regs;
698 if (g_pos != s->base_reg) {
699 error_report("Error: Bad gdb register numbering for '%s', "
700 "expected %d got %d", xml, g_pos, s->base_reg);
702 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
707 #ifndef CONFIG_USER_ONLY
708 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
709 static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
711 static const int xlat[] = {
712 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
713 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
714 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
717 CPUClass *cc = CPU_GET_CLASS(cpu);
718 int cputype = xlat[gdbtype];
720 if (cc->gdb_stop_before_watchpoint) {
721 cputype |= BP_STOP_BEFORE_ACCESS;
727 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
733 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
737 case GDB_BREAKPOINT_SW:
738 case GDB_BREAKPOINT_HW:
740 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
746 #ifndef CONFIG_USER_ONLY
747 case GDB_WATCHPOINT_WRITE:
748 case GDB_WATCHPOINT_READ:
749 case GDB_WATCHPOINT_ACCESS:
751 err = cpu_watchpoint_insert(cpu, addr, len,
752 xlat_gdb_type(cpu, type), NULL);
764 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
770 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
774 case GDB_BREAKPOINT_SW:
775 case GDB_BREAKPOINT_HW:
777 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
783 #ifndef CONFIG_USER_ONLY
784 case GDB_WATCHPOINT_WRITE:
785 case GDB_WATCHPOINT_READ:
786 case GDB_WATCHPOINT_ACCESS:
788 err = cpu_watchpoint_remove(cpu, addr, len,
789 xlat_gdb_type(cpu, type));
800 static void gdb_breakpoint_remove_all(void)
805 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
810 cpu_breakpoint_remove_all(cpu, BP_GDB);
811 #ifndef CONFIG_USER_ONLY
812 cpu_watchpoint_remove_all(cpu, BP_GDB);
817 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
819 CPUState *cpu = s->c_cpu;
821 cpu_synchronize_state(cpu);
825 static CPUState *find_cpu(uint32_t thread_id)
830 if (cpu_index(cpu) == thread_id) {
838 static int is_query_packet(const char *p, const char *query, char separator)
840 unsigned int query_len = strlen(query);
842 return strncmp(p, query, query_len) == 0 &&
843 (p[query_len] == '\0' || p[query_len] == separator);
847 * gdb_handle_vcont - Parses and handles a vCont packet.
848 * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
849 * a format error, 0 on success.
851 static int gdb_handle_vcont(GDBState *s, const char *p)
853 int res, idx, signal = 0;
858 #ifdef CONFIG_USER_ONLY
859 int max_cpus = 1; /* global variable max_cpus exists only in system mode */
862 max_cpus = max_cpus <= cpu->cpu_index ? cpu->cpu_index + 1 : max_cpus;
865 /* uninitialised CPUs stay 0 */
866 newstates = g_new0(char, max_cpus);
868 /* mark valid CPUs with 1 */
870 newstates[cpu->cpu_index] = 1;
874 * res keeps track of what error we are returning, with -ENOTSUP meaning
875 * that the command is unknown or unsupported, thus returning an empty
876 * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
877 * or incorrect parameters passed.
887 if (cur_action == 'C' || cur_action == 'S') {
888 cur_action = tolower(cur_action);
889 res = qemu_strtoul(p + 1, &p, 16, &tmp);
893 signal = gdb_signal_to_target(tmp);
894 } else if (cur_action != 'c' && cur_action != 's') {
895 /* unknown/invalid/unsupported command */
899 /* thread specification. special values: (none), -1 = all; 0 = any */
900 if ((p[0] == ':' && p[1] == '-' && p[2] == '1') || (p[0] != ':')) {
904 for (idx = 0; idx < max_cpus; idx++) {
905 if (newstates[idx] == 1) {
906 newstates[idx] = cur_action;
909 } else if (*p == ':') {
911 res = qemu_strtoul(p, &p, 16, &tmp);
916 /* 0 means any thread, so we pick the first valid CPU */
918 idx = cpu_index(first_cpu);
922 * If we are in user mode, the thread specified is actually a
923 * thread id, and not an index. We need to find the actual
924 * CPU first, and only then we can use its index.
927 /* invalid CPU/thread specified */
932 /* only use if no previous match occourred */
933 if (newstates[cpu->cpu_index] == 1) {
934 newstates[cpu->cpu_index] = cur_action;
939 gdb_continue_partial(s, newstates);
947 static int gdb_handle_packet(GDBState *s, const char *line_buf)
953 int ch, reg_size, type, res;
954 char buf[MAX_PACKET_LENGTH];
955 uint8_t mem_buf[MAX_PACKET_LENGTH];
957 target_ulong addr, len;
960 printf("command='%s'\n", line_buf);
966 /* TODO: Make this return the correct value for user-mode. */
967 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
968 cpu_index(s->c_cpu));
970 /* Remove all the breakpoints when this query is issued,
971 * because gdb is doing and initial connect and the state
972 * should be cleaned up.
974 gdb_breakpoint_remove_all();
978 addr = strtoull(p, (char **)&p, 16);
979 gdb_set_cpu_pc(s, addr);
985 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
991 if (strncmp(p, "Cont", 4) == 0) {
994 put_packet(s, "vCont;c;C;s;S");
998 res = gdb_handle_vcont(s, p);
1001 if ((res == -EINVAL) || (res == -ERANGE)) {
1002 put_packet(s, "E22");
1005 goto unknown_command;
1009 goto unknown_command;
1012 /* Kill the target */
1013 error_report("QEMU: Terminated via GDBstub");
1017 gdb_breakpoint_remove_all();
1018 gdb_syscall_mode = GDB_SYS_DISABLED;
1020 put_packet(s, "OK");
1024 addr = strtoull(p, (char **)&p, 16);
1025 gdb_set_cpu_pc(s, addr);
1027 cpu_single_step(s->c_cpu, sstep_flags);
1035 ret = strtoull(p, (char **)&p, 16);
1038 err = strtoull(p, (char **)&p, 16);
1045 if (s->current_syscall_cb) {
1046 s->current_syscall_cb(s->c_cpu, ret, err);
1047 s->current_syscall_cb = NULL;
1050 put_packet(s, "T02");
1057 cpu_synchronize_state(s->g_cpu);
1059 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs; addr++) {
1060 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
1063 memtohex(buf, mem_buf, len);
1067 cpu_synchronize_state(s->g_cpu);
1068 registers = mem_buf;
1069 len = strlen(p) / 2;
1070 hextomem((uint8_t *)registers, p, len);
1071 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs && len > 0; addr++) {
1072 reg_size = gdb_write_register(s->g_cpu, registers, addr);
1074 registers += reg_size;
1076 put_packet(s, "OK");
1079 addr = strtoull(p, (char **)&p, 16);
1082 len = strtoull(p, NULL, 16);
1084 /* memtohex() doubles the required space */
1085 if (len > MAX_PACKET_LENGTH / 2) {
1086 put_packet (s, "E22");
1090 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
1091 put_packet (s, "E14");
1093 memtohex(buf, mem_buf, len);
1098 addr = strtoull(p, (char **)&p, 16);
1101 len = strtoull(p, (char **)&p, 16);
1105 /* hextomem() reads 2*len bytes */
1106 if (len > strlen(p) / 2) {
1107 put_packet (s, "E22");
1110 hextomem(mem_buf, p, len);
1111 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
1113 put_packet(s, "E14");
1115 put_packet(s, "OK");
1119 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1120 This works, but can be very slow. Anything new enough to
1121 understand XML also knows how to use this properly. */
1123 goto unknown_command;
1124 addr = strtoull(p, (char **)&p, 16);
1125 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1127 memtohex(buf, mem_buf, reg_size);
1130 put_packet(s, "E14");
1135 goto unknown_command;
1136 addr = strtoull(p, (char **)&p, 16);
1139 reg_size = strlen(p) / 2;
1140 hextomem(mem_buf, p, reg_size);
1141 gdb_write_register(s->g_cpu, mem_buf, addr);
1142 put_packet(s, "OK");
1146 type = strtoul(p, (char **)&p, 16);
1149 addr = strtoull(p, (char **)&p, 16);
1152 len = strtoull(p, (char **)&p, 16);
1154 res = gdb_breakpoint_insert(addr, len, type);
1156 res = gdb_breakpoint_remove(addr, len, type);
1158 put_packet(s, "OK");
1159 else if (res == -ENOSYS)
1162 put_packet(s, "E22");
1166 thread = strtoull(p, (char **)&p, 16);
1167 if (thread == -1 || thread == 0) {
1168 put_packet(s, "OK");
1171 cpu = find_cpu(thread);
1173 put_packet(s, "E22");
1179 put_packet(s, "OK");
1183 put_packet(s, "OK");
1186 put_packet(s, "E22");
1191 thread = strtoull(p, (char **)&p, 16);
1192 cpu = find_cpu(thread);
1195 put_packet(s, "OK");
1197 put_packet(s, "E22");
1202 /* parse any 'q' packets here */
1203 if (!strcmp(p,"qemu.sstepbits")) {
1204 /* Query Breakpoint bit definitions */
1205 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1211 } else if (is_query_packet(p, "qemu.sstep", '=')) {
1212 /* Display or change the sstep_flags */
1215 /* Display current setting */
1216 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1221 type = strtoul(p, (char **)&p, 16);
1223 put_packet(s, "OK");
1225 } else if (strcmp(p,"C") == 0) {
1226 /* "Current thread" remains vague in the spec, so always return
1227 * the first CPU (gdb returns the first thread). */
1228 put_packet(s, "QC1");
1230 } else if (strcmp(p,"fThreadInfo") == 0) {
1231 s->query_cpu = first_cpu;
1232 goto report_cpuinfo;
1233 } else if (strcmp(p,"sThreadInfo") == 0) {
1236 snprintf(buf, sizeof(buf), "m%x", cpu_index(s->query_cpu));
1238 s->query_cpu = CPU_NEXT(s->query_cpu);
1242 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1243 thread = strtoull(p+16, (char **)&p, 16);
1244 cpu = find_cpu(thread);
1246 cpu_synchronize_state(cpu);
1247 /* memtohex() doubles the required space */
1248 len = snprintf((char *)mem_buf, sizeof(buf) / 2,
1249 "CPU#%d [%s]", cpu->cpu_index,
1250 cpu->halted ? "halted " : "running");
1251 memtohex(buf, mem_buf, len);
1256 #ifdef CONFIG_USER_ONLY
1257 else if (strcmp(p, "Offsets") == 0) {
1258 TaskState *ts = s->c_cpu->opaque;
1260 snprintf(buf, sizeof(buf),
1261 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1262 ";Bss=" TARGET_ABI_FMT_lx,
1263 ts->info->code_offset,
1264 ts->info->data_offset,
1265 ts->info->data_offset);
1269 #else /* !CONFIG_USER_ONLY */
1270 else if (strncmp(p, "Rcmd,", 5) == 0) {
1271 int len = strlen(p + 5);
1273 if ((len % 2) != 0) {
1274 put_packet(s, "E01");
1278 hextomem(mem_buf, p + 5, len);
1280 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1281 put_packet(s, "OK");
1284 #endif /* !CONFIG_USER_ONLY */
1285 if (is_query_packet(p, "Supported", ':')) {
1286 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1287 cc = CPU_GET_CLASS(first_cpu);
1288 if (cc->gdb_core_xml_file != NULL) {
1289 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1294 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1296 target_ulong total_len;
1298 cc = CPU_GET_CLASS(first_cpu);
1299 if (cc->gdb_core_xml_file == NULL) {
1300 goto unknown_command;
1305 xml = get_feature_xml(p, &p, cc);
1307 snprintf(buf, sizeof(buf), "E00");
1314 addr = strtoul(p, (char **)&p, 16);
1317 len = strtoul(p, (char **)&p, 16);
1319 total_len = strlen(xml);
1320 if (addr > total_len) {
1321 snprintf(buf, sizeof(buf), "E00");
1325 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1326 len = (MAX_PACKET_LENGTH - 5) / 2;
1327 if (len < total_len - addr) {
1329 len = memtox(buf + 1, xml + addr, len);
1332 len = memtox(buf + 1, xml + addr, total_len - addr);
1334 put_packet_binary(s, buf, len + 1);
1337 if (is_query_packet(p, "Attached", ':')) {
1338 put_packet(s, GDB_ATTACHED);
1341 /* Unrecognised 'q' command. */
1342 goto unknown_command;
1346 /* put empty packet */
1354 void gdb_set_stop_cpu(CPUState *cpu)
1356 gdbserver_state->c_cpu = cpu;
1357 gdbserver_state->g_cpu = cpu;
1360 #ifndef CONFIG_USER_ONLY
1361 static void gdb_vm_state_change(void *opaque, int running, RunState state)
1363 GDBState *s = gdbserver_state;
1364 CPUState *cpu = s->c_cpu;
1369 if (running || s->state == RS_INACTIVE) {
1372 /* Is there a GDB syscall waiting to be sent? */
1373 if (s->current_syscall_cb) {
1374 put_packet(s, s->syscall_buf);
1378 case RUN_STATE_DEBUG:
1379 if (cpu->watchpoint_hit) {
1380 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
1391 snprintf(buf, sizeof(buf),
1392 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
1393 GDB_SIGNAL_TRAP, cpu_index(cpu), type,
1394 (target_ulong)cpu->watchpoint_hit->vaddr);
1395 cpu->watchpoint_hit = NULL;
1399 ret = GDB_SIGNAL_TRAP;
1401 case RUN_STATE_PAUSED:
1402 ret = GDB_SIGNAL_INT;
1404 case RUN_STATE_SHUTDOWN:
1405 ret = GDB_SIGNAL_QUIT;
1407 case RUN_STATE_IO_ERROR:
1408 ret = GDB_SIGNAL_IO;
1410 case RUN_STATE_WATCHDOG:
1411 ret = GDB_SIGNAL_ALRM;
1413 case RUN_STATE_INTERNAL_ERROR:
1414 ret = GDB_SIGNAL_ABRT;
1416 case RUN_STATE_SAVE_VM:
1417 case RUN_STATE_RESTORE_VM:
1419 case RUN_STATE_FINISH_MIGRATE:
1420 ret = GDB_SIGNAL_XCPU;
1423 ret = GDB_SIGNAL_UNKNOWN;
1426 gdb_set_stop_cpu(cpu);
1427 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_index(cpu));
1432 /* disable single step if it was enabled */
1433 cpu_single_step(cpu, 0);
1437 /* Send a gdb syscall request.
1438 This accepts limited printf-style format specifiers, specifically:
1439 %x - target_ulong argument printed in hex.
1440 %lx - 64-bit argument printed in hex.
1441 %s - string pointer (target_ulong) and length (int) pair. */
1442 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
1450 s = gdbserver_state;
1453 s->current_syscall_cb = cb;
1454 #ifndef CONFIG_USER_ONLY
1455 vm_stop(RUN_STATE_DEBUG);
1458 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
1465 addr = va_arg(va, target_ulong);
1466 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
1469 if (*(fmt++) != 'x')
1471 i64 = va_arg(va, uint64_t);
1472 p += snprintf(p, p_end - p, "%" PRIx64, i64);
1475 addr = va_arg(va, target_ulong);
1476 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
1477 addr, va_arg(va, int));
1481 error_report("gdbstub: Bad syscall format string '%s'",
1490 #ifdef CONFIG_USER_ONLY
1491 put_packet(s, s->syscall_buf);
1492 gdb_handlesig(s->c_cpu, 0);
1494 /* In this case wait to send the syscall packet until notification that
1495 the CPU has stopped. This must be done because if the packet is sent
1496 now the reply from the syscall request could be received while the CPU
1497 is still in the running state, which can cause packets to be dropped
1498 and state transition 'T' packets to be sent while the syscall is still
1500 qemu_cpu_kick(s->c_cpu);
1504 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1509 gdb_do_syscallv(cb, fmt, va);
1513 static void gdb_read_byte(GDBState *s, int ch)
1517 #ifndef CONFIG_USER_ONLY
1518 if (s->last_packet_len) {
1519 /* Waiting for a response to the last packet. If we see the start
1520 of a new command then abandon the previous response. */
1523 printf("Got NACK, retransmitting\n");
1525 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
1529 printf("Got ACK\n");
1531 printf("Got '%c' when expecting ACK/NACK\n", ch);
1533 if (ch == '+' || ch == '$')
1534 s->last_packet_len = 0;
1538 if (runstate_is_running()) {
1539 /* when the CPU is running, we cannot do anything except stop
1540 it when receiving a char */
1541 vm_stop(RUN_STATE_PAUSED);
1548 /* start of command packet */
1549 s->line_buf_index = 0;
1551 s->state = RS_GETLINE;
1554 printf("gdbstub received garbage between packets: 0x%x\n", ch);
1560 /* start escape sequence */
1561 s->state = RS_GETLINE_ESC;
1563 } else if (ch == '*') {
1564 /* start run length encoding sequence */
1565 s->state = RS_GETLINE_RLE;
1567 } else if (ch == '#') {
1568 /* end of command, start of checksum*/
1569 s->state = RS_CHKSUM1;
1570 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1572 printf("gdbstub command buffer overrun, dropping command\n");
1576 /* unescaped command character */
1577 s->line_buf[s->line_buf_index++] = ch;
1581 case RS_GETLINE_ESC:
1583 /* unexpected end of command in escape sequence */
1584 s->state = RS_CHKSUM1;
1585 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1586 /* command buffer overrun */
1588 printf("gdbstub command buffer overrun, dropping command\n");
1592 /* parse escaped character and leave escape state */
1593 s->line_buf[s->line_buf_index++] = ch ^ 0x20;
1595 s->state = RS_GETLINE;
1598 case RS_GETLINE_RLE:
1600 /* invalid RLE count encoding */
1602 printf("gdbstub got invalid RLE count: 0x%x\n", ch);
1604 s->state = RS_GETLINE;
1606 /* decode repeat length */
1607 int repeat = (unsigned char)ch - ' ' + 3;
1608 if (s->line_buf_index + repeat >= sizeof(s->line_buf) - 1) {
1609 /* that many repeats would overrun the command buffer */
1611 printf("gdbstub command buffer overrun,"
1612 " dropping command\n");
1615 } else if (s->line_buf_index < 1) {
1616 /* got a repeat but we have nothing to repeat */
1618 printf("gdbstub got invalid RLE sequence\n");
1620 s->state = RS_GETLINE;
1622 /* repeat the last character */
1623 memset(s->line_buf + s->line_buf_index,
1624 s->line_buf[s->line_buf_index - 1], repeat);
1625 s->line_buf_index += repeat;
1627 s->state = RS_GETLINE;
1632 /* get high hex digit of checksum */
1633 if (!isxdigit(ch)) {
1635 printf("gdbstub got invalid command checksum digit\n");
1637 s->state = RS_GETLINE;
1640 s->line_buf[s->line_buf_index] = '\0';
1641 s->line_csum = fromhex(ch) << 4;
1642 s->state = RS_CHKSUM2;
1645 /* get low hex digit of checksum */
1646 if (!isxdigit(ch)) {
1648 printf("gdbstub got invalid command checksum digit\n");
1650 s->state = RS_GETLINE;
1653 s->line_csum |= fromhex(ch);
1655 if (s->line_csum != (s->line_sum & 0xff)) {
1656 /* send NAK reply */
1658 put_buffer(s, &reply, 1);
1660 printf("gdbstub got command packet with incorrect checksum\n");
1664 /* send ACK reply */
1666 put_buffer(s, &reply, 1);
1667 s->state = gdb_handle_packet(s, s->line_buf);
1676 /* Tell the remote gdb that the process has exited. */
1677 void gdb_exit(CPUArchState *env, int code)
1682 s = gdbserver_state;
1686 #ifdef CONFIG_USER_ONLY
1687 if (gdbserver_fd < 0 || s->fd < 0) {
1692 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
1695 #ifndef CONFIG_USER_ONLY
1696 qemu_chr_fe_deinit(&s->chr, true);
1700 #ifdef CONFIG_USER_ONLY
1702 gdb_handlesig(CPUState *cpu, int sig)
1708 s = gdbserver_state;
1709 if (gdbserver_fd < 0 || s->fd < 0) {
1713 /* disable single step if it was enabled */
1714 cpu_single_step(cpu, 0);
1718 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
1721 /* put_packet() might have detected that the peer terminated the
1729 s->running_state = 0;
1730 while (s->running_state == 0) {
1731 n = read(s->fd, buf, 256);
1735 for (i = 0; i < n; i++) {
1736 gdb_read_byte(s, buf[i]);
1739 /* XXX: Connection closed. Should probably wait for another
1740 connection before continuing. */
1753 /* Tell the remote gdb that the process has exited due to SIG. */
1754 void gdb_signalled(CPUArchState *env, int sig)
1759 s = gdbserver_state;
1760 if (gdbserver_fd < 0 || s->fd < 0) {
1764 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
1768 static void gdb_accept(void)
1771 struct sockaddr_in sockaddr;
1776 len = sizeof(sockaddr);
1777 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
1778 if (fd < 0 && errno != EINTR) {
1781 } else if (fd >= 0) {
1783 fcntl(fd, F_SETFD, FD_CLOEXEC);
1789 /* set short latency */
1790 socket_set_nodelay(fd);
1792 s = g_malloc0(sizeof(GDBState));
1793 s->c_cpu = first_cpu;
1794 s->g_cpu = first_cpu;
1796 gdb_has_xml = false;
1798 gdbserver_state = s;
1801 static int gdbserver_open(int port)
1803 struct sockaddr_in sockaddr;
1806 fd = socket(PF_INET, SOCK_STREAM, 0);
1812 fcntl(fd, F_SETFD, FD_CLOEXEC);
1815 socket_set_fast_reuse(fd);
1817 sockaddr.sin_family = AF_INET;
1818 sockaddr.sin_port = htons(port);
1819 sockaddr.sin_addr.s_addr = 0;
1820 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
1826 ret = listen(fd, 1);
1835 int gdbserver_start(int port)
1837 gdbserver_fd = gdbserver_open(port);
1838 if (gdbserver_fd < 0)
1840 /* accept connections */
1845 /* Disable gdb stub for child processes. */
1846 void gdbserver_fork(CPUState *cpu)
1848 GDBState *s = gdbserver_state;
1850 if (gdbserver_fd < 0 || s->fd < 0) {
1855 cpu_breakpoint_remove_all(cpu, BP_GDB);
1856 cpu_watchpoint_remove_all(cpu, BP_GDB);
1859 static int gdb_chr_can_receive(void *opaque)
1861 /* We can handle an arbitrarily large amount of data.
1862 Pick the maximum packet size, which is as good as anything. */
1863 return MAX_PACKET_LENGTH;
1866 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
1870 for (i = 0; i < size; i++) {
1871 gdb_read_byte(gdbserver_state, buf[i]);
1875 static void gdb_chr_event(void *opaque, int event)
1878 case CHR_EVENT_OPENED:
1879 vm_stop(RUN_STATE_PAUSED);
1880 gdb_has_xml = false;
1887 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
1889 char buf[MAX_PACKET_LENGTH];
1892 if (len > (MAX_PACKET_LENGTH/2) - 1)
1893 len = (MAX_PACKET_LENGTH/2) - 1;
1894 memtohex(buf + 1, (uint8_t *)msg, len);
1898 static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len)
1900 const char *p = (const char *)buf;
1903 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
1905 if (len <= max_sz) {
1906 gdb_monitor_output(gdbserver_state, p, len);
1909 gdb_monitor_output(gdbserver_state, p, max_sz);
1917 static void gdb_sigterm_handler(int signal)
1919 if (runstate_is_running()) {
1920 vm_stop(RUN_STATE_PAUSED);
1925 static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend,
1926 bool *be_opened, Error **errp)
1931 static void char_gdb_class_init(ObjectClass *oc, void *data)
1933 ChardevClass *cc = CHARDEV_CLASS(oc);
1935 cc->internal = true;
1936 cc->open = gdb_monitor_open;
1937 cc->chr_write = gdb_monitor_write;
1940 #define TYPE_CHARDEV_GDB "chardev-gdb"
1942 static const TypeInfo char_gdb_type_info = {
1943 .name = TYPE_CHARDEV_GDB,
1944 .parent = TYPE_CHARDEV,
1945 .class_init = char_gdb_class_init,
1948 int gdbserver_start(const char *device)
1951 char gdbstub_device_name[128];
1952 Chardev *chr = NULL;
1956 error_report("gdbstub: meaningless to attach gdb to a "
1957 "machine without any CPU.");
1963 if (strcmp(device, "none") != 0) {
1964 if (strstart(device, "tcp:", NULL)) {
1965 /* enforce required TCP attributes */
1966 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
1967 "%s,nowait,nodelay,server", device);
1968 device = gdbstub_device_name;
1971 else if (strcmp(device, "stdio") == 0) {
1972 struct sigaction act;
1974 memset(&act, 0, sizeof(act));
1975 act.sa_handler = gdb_sigterm_handler;
1976 sigaction(SIGINT, &act, NULL);
1979 chr = qemu_chr_new_noreplay("gdb", device);
1984 s = gdbserver_state;
1986 s = g_malloc0(sizeof(GDBState));
1987 gdbserver_state = s;
1989 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
1991 /* Initialize a monitor terminal for gdb */
1992 mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB,
1993 NULL, &error_abort);
1994 monitor_init(mon_chr, 0);
1996 qemu_chr_fe_deinit(&s->chr, true);
1997 mon_chr = s->mon_chr;
1998 memset(s, 0, sizeof(GDBState));
1999 s->mon_chr = mon_chr;
2001 s->c_cpu = first_cpu;
2002 s->g_cpu = first_cpu;
2004 qemu_chr_fe_init(&s->chr, chr, &error_abort);
2005 qemu_chr_fe_set_handlers(&s->chr, gdb_chr_can_receive, gdb_chr_receive,
2006 gdb_chr_event, NULL, NULL, true);
2008 s->state = chr ? RS_IDLE : RS_INACTIVE;
2009 s->mon_chr = mon_chr;
2010 s->current_syscall_cb = NULL;
2015 static void register_types(void)
2017 type_register_static(&char_gdb_type_info);
2020 type_init(register_types);
OSDN Git Service
