]> git.proxmox.com Git - mirror_qemu.git/blame - gdbstub.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gdbstub.c: fix GDB connection segfault caused by empty machines
[mirror_qemu.git] / gdbstub.c
CommitLineData
b4608c04
FB		 1/*
2 * gdb server stub
5fafdf24 3 *
3475187d 4 * Copyright (c) 2003-2005 Fabrice Bellard
b4608c04
FB		 5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
b4608c04 18 */
d38ea87a 19#include "qemu/osdep.h"
da34e65c 20#include "qapi/error.h"
508b4ecc 21#include "qemu/error-report.h"
f348b6d1 22#include "qemu/cutils.h"
33c11879 23#include "cpu.h"
f348b6d1 24#ifdef CONFIG_USER_ONLY
1fddef4b
FB		 25#include "qemu.h"
26#else
83c9089e 27#include "monitor/monitor.h"
dccfcd0e 28#include "sysemu/char.h"
9c17d615 29#include "sysemu/sysemu.h"
022c62cb 30#include "exec/gdbstub.h"
1fddef4b 31#endif
67b915a5 32
56aebc89
PB		 33#define MAX_PACKET_LENGTH 4096
34
1de7afc9 35#include "qemu/sockets.h"
b3946626 36#include "sysemu/hw_accel.h"
9c17d615 37#include "sysemu/kvm.h"
cfe67cef 38#include "exec/semihost.h"
63c91552 39#include "exec/exec-all.h"
ca587a8e 40
a3919386
JK		 41#ifdef CONFIG_USER_ONLY
42#define GDB_ATTACHED "0"
43#else
44#define GDB_ATTACHED "1"
45#endif
46
f3659eee
AF		 47static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
48 uint8_t *buf, int len, bool is_write)
44520db1 49{
f3659eee
AF		 50 CPUClass *cc = CPU_GET_CLASS(cpu);
51
52 if (cc->memory_rw_debug) {
53 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
54 }
55 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
44520db1 56}
ca587a8e
AJ		 57
58enum {
59 GDB_SIGNAL_0 = 0,
60 GDB_SIGNAL_INT = 2,
425189a8 61 GDB_SIGNAL_QUIT = 3,
ca587a8e 62 GDB_SIGNAL_TRAP = 5,
425189a8
JK		 63 GDB_SIGNAL_ABRT = 6,
64 GDB_SIGNAL_ALRM = 14,
65 GDB_SIGNAL_IO = 23,
66 GDB_SIGNAL_XCPU = 24,
ca587a8e
AJ		 67 GDB_SIGNAL_UNKNOWN = 143
68};
69
70#ifdef CONFIG_USER_ONLY
71
72/* Map target signal numbers to GDB protocol signal numbers and vice
73 * versa. For user emulation's currently supported systems, we can
74 * assume most signals are defined.
75 */
76
77static int gdb_signal_table[] = {
78 0,
79 TARGET_SIGHUP,
80 TARGET_SIGINT,
81 TARGET_SIGQUIT,
82 TARGET_SIGILL,
83 TARGET_SIGTRAP,
84 TARGET_SIGABRT,
85 -1, /* SIGEMT */
86 TARGET_SIGFPE,
87 TARGET_SIGKILL,
88 TARGET_SIGBUS,
89 TARGET_SIGSEGV,
90 TARGET_SIGSYS,
91 TARGET_SIGPIPE,
92 TARGET_SIGALRM,
93 TARGET_SIGTERM,
94 TARGET_SIGURG,
95 TARGET_SIGSTOP,
96 TARGET_SIGTSTP,
97 TARGET_SIGCONT,
98 TARGET_SIGCHLD,
99 TARGET_SIGTTIN,
100 TARGET_SIGTTOU,
101 TARGET_SIGIO,
102 TARGET_SIGXCPU,
103 TARGET_SIGXFSZ,
104 TARGET_SIGVTALRM,
105 TARGET_SIGPROF,
106 TARGET_SIGWINCH,
107 -1, /* SIGLOST */
108 TARGET_SIGUSR1,
109 TARGET_SIGUSR2,
c72d5bf8 110#ifdef TARGET_SIGPWR
ca587a8e 111 TARGET_SIGPWR,
c72d5bf8
BS		 112#else
113 -1,
114#endif
ca587a8e
AJ		 115 -1, /* SIGPOLL */
116 -1,
117 -1,
118 -1,
119 -1,
120 -1,
121 -1,
122 -1,
123 -1,
124 -1,
125 -1,
126 -1,
c72d5bf8 127#ifdef __SIGRTMIN
ca587a8e
AJ		 128 __SIGRTMIN + 1,
129 __SIGRTMIN + 2,
130 __SIGRTMIN + 3,
131 __SIGRTMIN + 4,
132 __SIGRTMIN + 5,
133 __SIGRTMIN + 6,
134 __SIGRTMIN + 7,
135 __SIGRTMIN + 8,
136 __SIGRTMIN + 9,
137 __SIGRTMIN + 10,
138 __SIGRTMIN + 11,
139 __SIGRTMIN + 12,
140 __SIGRTMIN + 13,
141 __SIGRTMIN + 14,
142 __SIGRTMIN + 15,
143 __SIGRTMIN + 16,
144 __SIGRTMIN + 17,
145 __SIGRTMIN + 18,
146 __SIGRTMIN + 19,
147 __SIGRTMIN + 20,
148 __SIGRTMIN + 21,
149 __SIGRTMIN + 22,
150 __SIGRTMIN + 23,
151 __SIGRTMIN + 24,
152 __SIGRTMIN + 25,
153 __SIGRTMIN + 26,
154 __SIGRTMIN + 27,
155 __SIGRTMIN + 28,
156 __SIGRTMIN + 29,
157 __SIGRTMIN + 30,
158 __SIGRTMIN + 31,
159 -1, /* SIGCANCEL */
160 __SIGRTMIN,
161 __SIGRTMIN + 32,
162 __SIGRTMIN + 33,
163 __SIGRTMIN + 34,
164 __SIGRTMIN + 35,
165 __SIGRTMIN + 36,
166 __SIGRTMIN + 37,
167 __SIGRTMIN + 38,
168 __SIGRTMIN + 39,
169 __SIGRTMIN + 40,
170 __SIGRTMIN + 41,
171 __SIGRTMIN + 42,
172 __SIGRTMIN + 43,
173 __SIGRTMIN + 44,
174 __SIGRTMIN + 45,
175 __SIGRTMIN + 46,
176 __SIGRTMIN + 47,
177 __SIGRTMIN + 48,
178 __SIGRTMIN + 49,
179 __SIGRTMIN + 50,
180 __SIGRTMIN + 51,
181 __SIGRTMIN + 52,
182 __SIGRTMIN + 53,
183 __SIGRTMIN + 54,
184 __SIGRTMIN + 55,
185 __SIGRTMIN + 56,
186 __SIGRTMIN + 57,
187 __SIGRTMIN + 58,
188 __SIGRTMIN + 59,
189 __SIGRTMIN + 60,
190 __SIGRTMIN + 61,
191 __SIGRTMIN + 62,
192 __SIGRTMIN + 63,
193 __SIGRTMIN + 64,
194 __SIGRTMIN + 65,
195 __SIGRTMIN + 66,
196 __SIGRTMIN + 67,
197 __SIGRTMIN + 68,
198 __SIGRTMIN + 69,
199 __SIGRTMIN + 70,
200 __SIGRTMIN + 71,
201 __SIGRTMIN + 72,
202 __SIGRTMIN + 73,
203 __SIGRTMIN + 74,
204 __SIGRTMIN + 75,
205 __SIGRTMIN + 76,
206 __SIGRTMIN + 77,
207 __SIGRTMIN + 78,
208 __SIGRTMIN + 79,
209 __SIGRTMIN + 80,
210 __SIGRTMIN + 81,
211 __SIGRTMIN + 82,
212 __SIGRTMIN + 83,
213 __SIGRTMIN + 84,
214 __SIGRTMIN + 85,
215 __SIGRTMIN + 86,
216 __SIGRTMIN + 87,
217 __SIGRTMIN + 88,
218 __SIGRTMIN + 89,
219 __SIGRTMIN + 90,
220 __SIGRTMIN + 91,
221 __SIGRTMIN + 92,
222 __SIGRTMIN + 93,
223 __SIGRTMIN + 94,
224 __SIGRTMIN + 95,
225 -1, /* SIGINFO */
226 -1, /* UNKNOWN */
227 -1, /* DEFAULT */
228 -1,
229 -1,
230 -1,
231 -1,
232 -1,
233 -1
c72d5bf8 234#endif
ca587a8e 235};
8f447cc7 236#else
ca587a8e
AJ		 237/* In system mode we only need SIGINT and SIGTRAP; other signals
238 are not yet supported. */
239
240enum {
241 TARGET_SIGINT = 2,
242 TARGET_SIGTRAP = 5
243};
244
245static int gdb_signal_table[] = {
246 -1,
247 -1,
248 TARGET_SIGINT,
249 -1,
250 -1,
251 TARGET_SIGTRAP
252};
253#endif
254
255#ifdef CONFIG_USER_ONLY
256static int target_signal_to_gdb (int sig)
257{
258 int i;
259 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
260 if (gdb_signal_table[i] == sig)
261 return i;
262 return GDB_SIGNAL_UNKNOWN;
263}
8f447cc7 264#endif
b4608c04 265
ca587a8e
AJ		 266static int gdb_signal_to_target (int sig)
267{
268 if (sig < ARRAY_SIZE (gdb_signal_table))
269 return gdb_signal_table[sig];
270 else
271 return -1;
272}
273
4abe615b 274//#define DEBUG_GDB
b4608c04 275
56aebc89
PB		 276typedef struct GDBRegisterState {
277 int base_reg;
278 int num_regs;
279 gdb_reg_cb get_reg;
280 gdb_reg_cb set_reg;
281 const char *xml;
282 struct GDBRegisterState *next;
283} GDBRegisterState;
284
858693c6 285enum RSState {
36556b20 286 RS_INACTIVE,
858693c6
FB		 287 RS_IDLE,
288 RS_GETLINE,
289 RS_CHKSUM1,
290 RS_CHKSUM2,
291};
858693c6 292typedef struct GDBState {
2e0f2cfb
AF		 293 CPUState *c_cpu; /* current CPU for step/continue ops */
294 CPUState *g_cpu; /* current CPU for other ops */
52f34623 295 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
41625033 296 enum RSState state; /* parsing state */
56aebc89 297 char line_buf[MAX_PACKET_LENGTH];
858693c6
FB		 298 int line_buf_index;
299 int line_csum;
56aebc89 300 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
4046d913 301 int last_packet_len;
1f487ee9 302 int signal;
41625033 303#ifdef CONFIG_USER_ONLY
4046d913 304 int fd;
41625033 305 int running_state;
4046d913 306#else
32a6ebec 307 CharBackend chr;
8a34a0fb 308 CharDriverState *mon_chr;
41625033 309#endif
cdb432b2
MI		 310 char syscall_buf[256];
311 gdb_syscall_complete_cb current_syscall_cb;
858693c6 312} GDBState;
b4608c04 313
60897d36
EI		 314/* By default use no IRQs and no timers while single stepping so as to
315 * make single stepping like an ICE HW step.
316 */
317static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
318
880a7578
AL		 319static GDBState *gdbserver_state;
320
5b50e790 321bool gdb_has_xml;
56aebc89 322
1fddef4b 323#ifdef CONFIG_USER_ONLY
4046d913
PB		 324/* XXX: This is not thread safe. Do we care? */
325static int gdbserver_fd = -1;
326
858693c6 327static int get_char(GDBState *s)
b4608c04
FB		 328{
329 uint8_t ch;
330 int ret;
331
332 for(;;) {
00aa0040 333 ret = qemu_recv(s->fd, &ch, 1, 0);
b4608c04 334 if (ret < 0) {
1f487ee9
EI		 335 if (errno == ECONNRESET)
336 s->fd = -1;
5819e3e0 337 if (errno != EINTR)
b4608c04
FB		 338 return -1;
339 } else if (ret == 0) {
1f487ee9
EI		 340 close(s->fd);
341 s->fd = -1;
b4608c04
FB		 342 return -1;
343 } else {
344 break;
345 }
346 }
347 return ch;
348}
4046d913 349#endif
b4608c04 350
654efcf3 351static enum {
a2d1ebaf
PB		 352 GDB_SYS_UNKNOWN,
353 GDB_SYS_ENABLED,
354 GDB_SYS_DISABLED,
355} gdb_syscall_mode;
356
a38bb079 357/* Decide if either remote gdb syscalls or native file IO should be used. */
a2d1ebaf
PB		 358int use_gdb_syscalls(void)
359{
cfe67cef
LA		 360 SemihostingTarget target = semihosting_get_target();
361 if (target == SEMIHOSTING_TARGET_NATIVE) {
a38bb079
LI		 362 /* -semihosting-config target=native */
363 return false;
cfe67cef 364 } else if (target == SEMIHOSTING_TARGET_GDB) {
a38bb079
LI		 365 /* -semihosting-config target=gdb */
366 return true;
367 }
368
369 /* -semihosting-config target=auto */
370 /* On the first call check if gdb is connected and remember. */
a2d1ebaf 371 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
880a7578
AL		 372 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
373 : GDB_SYS_DISABLED);
a2d1ebaf
PB		 374 }
375 return gdb_syscall_mode == GDB_SYS_ENABLED;
376}
377
ba70a624
EI		 378/* Resume execution. */
379static inline void gdb_continue(GDBState *s)
380{
381#ifdef CONFIG_USER_ONLY
382 s->running_state = 1;
383#else
26ac7a31 384 if (!runstate_needs_reset()) {
87f25c12
PB		 385 vm_start();
386 }
ba70a624
EI		 387#endif
388}
389
858693c6 390static void put_buffer(GDBState *s, const uint8_t *buf, int len)
b4608c04 391{
4046d913 392#ifdef CONFIG_USER_ONLY
b4608c04
FB		 393 int ret;
394
395 while (len > 0) {
8f447cc7 396 ret = send(s->fd, buf, len, 0);
b4608c04 397 if (ret < 0) {
5819e3e0 398 if (errno != EINTR)
b4608c04
FB		 399 return;
400 } else {
401 buf += ret;
402 len -= ret;
403 }
404 }
4046d913 405#else
6ab3fc32
DB		 406 /* XXX this blocks entire thread. Rewrite to use
407 * qemu_chr_fe_write and background I/O callbacks */
5345fdb4 408 qemu_chr_fe_write_all(&s->chr, buf, len);
4046d913 409#endif
b4608c04
FB		 410}
411
412static inline int fromhex(int v)
413{
414 if (v >= '0' && v <= '9')
415 return v - '0';
416 else if (v >= 'A' && v <= 'F')
417 return v - 'A' + 10;
418 else if (v >= 'a' && v <= 'f')
419 return v - 'a' + 10;
420 else
421 return 0;
422}
423
424static inline int tohex(int v)
425{
426 if (v < 10)
427 return v + '0';
428 else
429 return v - 10 + 'a';
430}
431
432static void memtohex(char *buf, const uint8_t *mem, int len)
433{
434 int i, c;
435 char *q;
436 q = buf;
437 for(i = 0; i < len; i++) {
438 c = mem[i];
439 *q++ = tohex(c >> 4);
440 *q++ = tohex(c & 0xf);
441 }
442 *q = '\0';
443}
444
445static void hextomem(uint8_t *mem, const char *buf, int len)
446{
447 int i;
448
449 for(i = 0; i < len; i++) {
450 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
451 buf += 2;
452 }
453}
454
b4608c04 455/* return -1 if error, 0 if OK */
56aebc89 456static int put_packet_binary(GDBState *s, const char *buf, int len)
b4608c04 457{
56aebc89 458 int csum, i;
60fe76f3 459 uint8_t *p;
b4608c04 460
b4608c04 461 for(;;) {
4046d913
PB		 462 p = s->last_packet;
463 *(p++) = '$';
4046d913
PB		 464 memcpy(p, buf, len);
465 p += len;
b4608c04
FB		 466 csum = 0;
467 for(i = 0; i < len; i++) {
468 csum += buf[i];
469 }
4046d913
PB		 470 *(p++) = '#';
471 *(p++) = tohex((csum >> 4) & 0xf);
472 *(p++) = tohex((csum) & 0xf);
b4608c04 473
4046d913 474 s->last_packet_len = p - s->last_packet;
ffe8ab83 475 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
b4608c04 476
4046d913
PB		 477#ifdef CONFIG_USER_ONLY
478 i = get_char(s);
479 if (i < 0)
b4608c04 480 return -1;
4046d913 481 if (i == '+')
b4608c04 482 break;
4046d913
PB		 483#else
484 break;
485#endif
b4608c04
FB		 486 }
487 return 0;
488}
489
56aebc89
PB		 490/* return -1 if error, 0 if OK */
491static int put_packet(GDBState *s, const char *buf)
492{
493#ifdef DEBUG_GDB
494 printf("reply='%s'\n", buf);
495#endif
79808573 496
56aebc89
PB		 497 return put_packet_binary(s, buf, strlen(buf));
498}
499
56aebc89
PB		 500/* Encode data using the encoding for 'x' packets. */
501static int memtox(char *buf, const char *mem, int len)
502{
503 char *p = buf;
504 char c;
505
506 while (len--) {
507 c = *(mem++);
508 switch (c) {
509 case '#': case '$': case '*': case '}':
510 *(p++) = '}';
511 *(p++) = c ^ 0x20;
512 break;
513 default:
514 *(p++) = c;
515 break;
516 }
517 }
518 return p - buf;
519}
f1ccf904 520
5b24c641
AF		 521static const char *get_feature_xml(const char *p, const char **newp,
522 CPUClass *cc)
56aebc89 523{
56aebc89
PB		 524 size_t len;
525 int i;
526 const char *name;
527 static char target_xml[1024];
528
529 len = 0;
530 while (p[len] && p[len] != ':')
531 len++;
532 *newp = p + len;
533
534 name = NULL;
535 if (strncmp(p, "target.xml", len) == 0) {
536 /* Generate the XML description for this CPU. */
537 if (!target_xml[0]) {
538 GDBRegisterState *r;
eac8b355 539 CPUState *cpu = first_cpu;
56aebc89 540
b3820e6c
DH		 541 pstrcat(target_xml, sizeof(target_xml),
542 "<?xml version=\"1.0\"?>"
543 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
544 "<target>");
545 if (cc->gdb_arch_name) {
546 gchar *arch = cc->gdb_arch_name(cpu);
547 pstrcat(target_xml, sizeof(target_xml), "<architecture>");
548 pstrcat(target_xml, sizeof(target_xml), arch);
549 pstrcat(target_xml, sizeof(target_xml), "</architecture>");
550 g_free(arch);
551 }
552 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
553 pstrcat(target_xml, sizeof(target_xml), cc->gdb_core_xml_file);
554 pstrcat(target_xml, sizeof(target_xml), "\"/>");
eac8b355 555 for (r = cpu->gdb_regs; r; r = r->next) {
2dc766da
BS		 556 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
557 pstrcat(target_xml, sizeof(target_xml), r->xml);
558 pstrcat(target_xml, sizeof(target_xml), "\"/>");
56aebc89 559 }
2dc766da 560 pstrcat(target_xml, sizeof(target_xml), "</target>");
56aebc89
PB		 561 }
562 return target_xml;
563 }
564 for (i = 0; ; i++) {
565 name = xml_builtin[i][0];
566 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
567 break;
568 }
569 return name ? xml_builtin[i][1] : NULL;
570}
f1ccf904 571
385b9f0e 572static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
56aebc89 573{
a0e372f0 574 CPUClass *cc = CPU_GET_CLASS(cpu);
385b9f0e 575 CPUArchState *env = cpu->env_ptr;
56aebc89 576 GDBRegisterState *r;
f1ccf904 577
a0e372f0 578 if (reg < cc->gdb_num_core_regs) {
5b50e790 579 return cc->gdb_read_register(cpu, mem_buf, reg);
a0e372f0 580 }
f1ccf904 581
eac8b355 582 for (r = cpu->gdb_regs; r; r = r->next) {
56aebc89
PB		 583 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
584 return r->get_reg(env, mem_buf, reg - r->base_reg);
585 }
586 }
587 return 0;
f1ccf904
TS		 588}
589
385b9f0e 590static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
f1ccf904 591{
a0e372f0 592 CPUClass *cc = CPU_GET_CLASS(cpu);
385b9f0e 593 CPUArchState *env = cpu->env_ptr;
56aebc89 594 GDBRegisterState *r;
f1ccf904 595
a0e372f0 596 if (reg < cc->gdb_num_core_regs) {
5b50e790 597 return cc->gdb_write_register(cpu, mem_buf, reg);
a0e372f0 598 }
56aebc89 599
eac8b355 600 for (r = cpu->gdb_regs; r; r = r->next) {
56aebc89
PB		 601 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
602 return r->set_reg(env, mem_buf, reg - r->base_reg);
603 }
604 }
6da41eaf
FB		 605 return 0;
606}
607
56aebc89
PB		 608/* Register a supplemental set of CPU registers. If g_pos is nonzero it
609 specifies the first register number and these registers are included in
610 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
611 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
612 */
613
22169d41
AF		 614void gdb_register_coprocessor(CPUState *cpu,
615 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
616 int num_regs, const char *xml, int g_pos)
6da41eaf 617{
56aebc89
PB		 618 GDBRegisterState *s;
619 GDBRegisterState **p;
56aebc89 620
eac8b355 621 p = &cpu->gdb_regs;
56aebc89
PB		 622 while (*p) {
623 /* Check for duplicates. */
624 if (strcmp((*p)->xml, xml) == 0)
625 return;
626 p = &(*p)->next;
627 }
9643c25f
SW		 628
629 s = g_new0(GDBRegisterState, 1);
a0e372f0 630 s->base_reg = cpu->gdb_num_regs;
9643c25f
SW		 631 s->num_regs = num_regs;
632 s->get_reg = get_reg;
633 s->set_reg = set_reg;
634 s->xml = xml;
635
56aebc89 636 /* Add to end of list. */
a0e372f0 637 cpu->gdb_num_regs += num_regs;
56aebc89
PB		 638 *p = s;
639 if (g_pos) {
640 if (g_pos != s->base_reg) {
641 fprintf(stderr, "Error: Bad gdb register numbering for '%s'\n"
642 "Expected %d got %d\n", xml, g_pos, s->base_reg);
35143f01
AF		 643 } else {
644 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
56aebc89
PB		 645 }
646 }
6da41eaf
FB		 647}
648
a1d1bb31 649#ifndef CONFIG_USER_ONLY
2472b6c0
PM		 650/* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
651static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
652{
653 static const int xlat[] = {
654 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
655 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
656 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
657 };
658
659 CPUClass *cc = CPU_GET_CLASS(cpu);
660 int cputype = xlat[gdbtype];
661
662 if (cc->gdb_stop_before_watchpoint) {
663 cputype |= BP_STOP_BEFORE_ACCESS;
664 }
665 return cputype;
666}
a1d1bb31
AL		 667#endif
668
880a7578 669static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
a1d1bb31 670{
182735ef 671 CPUState *cpu;
880a7578
AL		 672 int err = 0;
673
62278814 674 if (kvm_enabled()) {
2e0f2cfb 675 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
62278814 676 }
e22a25c9 677
a1d1bb31
AL		 678 switch (type) {
679 case GDB_BREAKPOINT_SW:
680 case GDB_BREAKPOINT_HW:
bdc44640 681 CPU_FOREACH(cpu) {
b3310ab3
AF		 682 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
683 if (err) {
880a7578 684 break;
b3310ab3 685 }
880a7578
AL		 686 }
687 return err;
a1d1bb31
AL		 688#ifndef CONFIG_USER_ONLY
689 case GDB_WATCHPOINT_WRITE:
690 case GDB_WATCHPOINT_READ:
691 case GDB_WATCHPOINT_ACCESS:
bdc44640 692 CPU_FOREACH(cpu) {
2472b6c0
PM		 693 err = cpu_watchpoint_insert(cpu, addr, len,
694 xlat_gdb_type(cpu, type), NULL);
695 if (err) {
880a7578 696 break;
2472b6c0 697 }
880a7578
AL		 698 }
699 return err;
a1d1bb31
AL		 700#endif
701 default:
702 return -ENOSYS;
703 }
704}
705
880a7578 706static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
a1d1bb31 707{
182735ef 708 CPUState *cpu;
880a7578
AL		 709 int err = 0;
710
62278814 711 if (kvm_enabled()) {
2e0f2cfb 712 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
62278814 713 }
e22a25c9 714
a1d1bb31
AL		 715 switch (type) {
716 case GDB_BREAKPOINT_SW:
717 case GDB_BREAKPOINT_HW:
bdc44640 718 CPU_FOREACH(cpu) {
b3310ab3
AF		 719 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
720 if (err) {
880a7578 721 break;
b3310ab3 722 }
880a7578
AL		 723 }
724 return err;
a1d1bb31
AL		 725#ifndef CONFIG_USER_ONLY
726 case GDB_WATCHPOINT_WRITE:
727 case GDB_WATCHPOINT_READ:
728 case GDB_WATCHPOINT_ACCESS:
bdc44640 729 CPU_FOREACH(cpu) {
2472b6c0
PM		 730 err = cpu_watchpoint_remove(cpu, addr, len,
731 xlat_gdb_type(cpu, type));
880a7578
AL		 732 if (err)
733 break;
734 }
735 return err;
a1d1bb31
AL		 736#endif
737 default:
738 return -ENOSYS;
739 }
740}
741
880a7578 742static void gdb_breakpoint_remove_all(void)
a1d1bb31 743{
182735ef 744 CPUState *cpu;
880a7578 745
e22a25c9 746 if (kvm_enabled()) {
2e0f2cfb 747 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
e22a25c9
AL		 748 return;
749 }
750
bdc44640 751 CPU_FOREACH(cpu) {
b3310ab3 752 cpu_breakpoint_remove_all(cpu, BP_GDB);
a1d1bb31 753#ifndef CONFIG_USER_ONLY
75a34036 754 cpu_watchpoint_remove_all(cpu, BP_GDB);
a1d1bb31 755#endif
880a7578 756 }
a1d1bb31
AL		 757}
758
fab9d284
AJ		 759static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
760{
2e0f2cfb 761 CPUState *cpu = s->c_cpu;
f45748f1
AF		 762
763 cpu_synchronize_state(cpu);
4a2b24ed 764 cpu_set_pc(cpu, pc);
fab9d284
AJ		 765}
766
2e0f2cfb 767static CPUState *find_cpu(uint32_t thread_id)
1e9fa730 768{
0d34282f 769 CPUState *cpu;
1e9fa730 770
bdc44640 771 CPU_FOREACH(cpu) {
aa48dd93 772 if (cpu_index(cpu) == thread_id) {
2e0f2cfb 773 return cpu;
aa48dd93 774 }
1e9fa730 775 }
aa48dd93
AF		 776
777 return NULL;
1e9fa730
NF		 778}
779
4dabe747
JK		 780static int is_query_packet(const char *p, const char *query, char separator)
781{
782 unsigned int query_len = strlen(query);
783
784 return strncmp(p, query, query_len) == 0 &&
785 (p[query_len] == '\0' || p[query_len] == separator);
786}
787
880a7578 788static int gdb_handle_packet(GDBState *s, const char *line_buf)
b4608c04 789{
2e0f2cfb 790 CPUState *cpu;
5b24c641 791 CPUClass *cc;
b4608c04 792 const char *p;
1e9fa730
NF		 793 uint32_t thread;
794 int ch, reg_size, type, res;
56aebc89
PB		 795 char buf[MAX_PACKET_LENGTH];
796 uint8_t mem_buf[MAX_PACKET_LENGTH];
797 uint8_t *registers;
9d9754a3 798 target_ulong addr, len;
3b46e624 799
858693c6
FB		 800#ifdef DEBUG_GDB
801 printf("command='%s'\n", line_buf);
802#endif
803 p = line_buf;
804 ch = *p++;
805 switch(ch) {
806 case '?':
1fddef4b 807 /* TODO: Make this return the correct value for user-mode. */
ca587a8e 808 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
2e0f2cfb 809 cpu_index(s->c_cpu));
858693c6 810 put_packet(s, buf);
7d03f82f
EI		 811 /* Remove all the breakpoints when this query is issued,
812 * because gdb is doing and initial connect and the state
813 * should be cleaned up.
814 */
880a7578 815 gdb_breakpoint_remove_all();
858693c6
FB		 816 break;
817 case 'c':
818 if (*p != '\0') {
9d9754a3 819 addr = strtoull(p, (char **)&p, 16);
fab9d284 820 gdb_set_cpu_pc(s, addr);
858693c6 821 }
ca587a8e 822 s->signal = 0;
ba70a624 823 gdb_continue(s);
41625033 824 return RS_IDLE;
1f487ee9 825 case 'C':
ca587a8e
AJ		 826 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
827 if (s->signal == -1)
828 s->signal = 0;
1f487ee9
EI		 829 gdb_continue(s);
830 return RS_IDLE;
dd32aa10
JK		 831 case 'v':
832 if (strncmp(p, "Cont", 4) == 0) {
833 int res_signal, res_thread;
834
835 p += 4;
836 if (*p == '?') {
837 put_packet(s, "vCont;c;C;s;S");
838 break;
839 }
840 res = 0;
841 res_signal = 0;
842 res_thread = 0;
843 while (*p) {
844 int action, signal;
845
846 if (*p++ != ';') {
847 res = 0;
848 break;
849 }
850 action = *p++;
851 signal = 0;
852 if (action == 'C' || action == 'S') {
f17b0690
MS		 853 signal = gdb_signal_to_target(strtoul(p, (char **)&p, 16));
854 if (signal == -1) {
855 signal = 0;
856 }
dd32aa10
JK		 857 } else if (action != 'c' && action != 's') {
858 res = 0;
859 break;
860 }
861 thread = 0;
862 if (*p == ':') {
863 thread = strtoull(p+1, (char **)&p, 16);
864 }
865 action = tolower(action);
866 if (res == 0 || (res == 'c' && action == 's')) {
867 res = action;
868 res_signal = signal;
869 res_thread = thread;
870 }
871 }
872 if (res) {
873 if (res_thread != -1 && res_thread != 0) {
2e0f2cfb
AF		 874 cpu = find_cpu(res_thread);
875 if (cpu == NULL) {
dd32aa10
JK		 876 put_packet(s, "E22");
877 break;
878 }
2e0f2cfb 879 s->c_cpu = cpu;
dd32aa10
JK		 880 }
881 if (res == 's') {
2e0f2cfb 882 cpu_single_step(s->c_cpu, sstep_flags);
dd32aa10
JK		 883 }
884 s->signal = res_signal;
885 gdb_continue(s);
886 return RS_IDLE;
887 }
888 break;
889 } else {
890 goto unknown_command;
891 }
7d03f82f
EI		 892 case 'k':
893 /* Kill the target */
894 fprintf(stderr, "\nQEMU: Terminated via GDBstub\n");
895 exit(0);
896 case 'D':
897 /* Detach packet */
880a7578 898 gdb_breakpoint_remove_all();
7ea06da3 899 gdb_syscall_mode = GDB_SYS_DISABLED;
7d03f82f
EI		 900 gdb_continue(s);
901 put_packet(s, "OK");
902 break;
858693c6
FB		 903 case 's':
904 if (*p != '\0') {
8fac5803 905 addr = strtoull(p, (char **)&p, 16);
fab9d284 906 gdb_set_cpu_pc(s, addr);
858693c6 907 }
2e0f2cfb 908 cpu_single_step(s->c_cpu, sstep_flags);
ba70a624 909 gdb_continue(s);
41625033 910 return RS_IDLE;
a2d1ebaf
PB		 911 case 'F':
912 {
913 target_ulong ret;
914 target_ulong err;
915
916 ret = strtoull(p, (char **)&p, 16);
917 if (*p == ',') {
918 p++;
919 err = strtoull(p, (char **)&p, 16);
920 } else {
921 err = 0;
922 }
923 if (*p == ',')
924 p++;
925 type = *p;
cdb432b2 926 if (s->current_syscall_cb) {
2e0f2cfb 927 s->current_syscall_cb(s->c_cpu, ret, err);
cdb432b2
MI		 928 s->current_syscall_cb = NULL;
929 }
a2d1ebaf
PB		 930 if (type == 'C') {
931 put_packet(s, "T02");
932 } else {
ba70a624 933 gdb_continue(s);
a2d1ebaf
PB		 934 }
935 }
936 break;
858693c6 937 case 'g':
2e0f2cfb 938 cpu_synchronize_state(s->g_cpu);
56aebc89 939 len = 0;
35143f01 940 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs; addr++) {
2e0f2cfb 941 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
56aebc89
PB		 942 len += reg_size;
943 }
944 memtohex(buf, mem_buf, len);
858693c6
FB		 945 put_packet(s, buf);
946 break;
947 case 'G':
2e0f2cfb 948 cpu_synchronize_state(s->g_cpu);
56aebc89 949 registers = mem_buf;
858693c6
FB		 950 len = strlen(p) / 2;
951 hextomem((uint8_t *)registers, p, len);
35143f01 952 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs && len > 0; addr++) {
2e0f2cfb 953 reg_size = gdb_write_register(s->g_cpu, registers, addr);
56aebc89
PB		 954 len -= reg_size;
955 registers += reg_size;
956 }
858693c6
FB		 957 put_packet(s, "OK");
958 break;
959 case 'm':
9d9754a3 960 addr = strtoull(p, (char **)&p, 16);
858693c6
FB		 961 if (*p == ',')
962 p++;
9d9754a3 963 len = strtoull(p, NULL, 16);
5accecb3
KW		 964
965 /* memtohex() doubles the required space */
966 if (len > MAX_PACKET_LENGTH / 2) {
967 put_packet (s, "E22");
968 break;
969 }
970
2e0f2cfb 971 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
6f970bd9
FB		 972 put_packet (s, "E14");
973 } else {
974 memtohex(buf, mem_buf, len);
975 put_packet(s, buf);
976 }
858693c6
FB		 977 break;
978 case 'M':
9d9754a3 979 addr = strtoull(p, (char **)&p, 16);
858693c6
FB		 980 if (*p == ',')
981 p++;
9d9754a3 982 len = strtoull(p, (char **)&p, 16);
b328f873 983 if (*p == ':')
858693c6 984 p++;
5accecb3
KW		 985
986 /* hextomem() reads 2*len bytes */
987 if (len > strlen(p) / 2) {
988 put_packet (s, "E22");
989 break;
990 }
858693c6 991 hextomem(mem_buf, p, len);
2e0f2cfb 992 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
f3659eee 993 true) != 0) {
905f20b1 994 put_packet(s, "E14");
44520db1 995 } else {
858693c6 996 put_packet(s, "OK");
44520db1 997 }
858693c6 998 break;
56aebc89
PB		 999 case 'p':
1000 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1001 This works, but can be very slow. Anything new enough to
1002 understand XML also knows how to use this properly. */
1003 if (!gdb_has_xml)
1004 goto unknown_command;
1005 addr = strtoull(p, (char **)&p, 16);
2e0f2cfb 1006 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
56aebc89
PB		 1007 if (reg_size) {
1008 memtohex(buf, mem_buf, reg_size);
1009 put_packet(s, buf);
1010 } else {
1011 put_packet(s, "E14");
1012 }
1013 break;
1014 case 'P':
1015 if (!gdb_has_xml)
1016 goto unknown_command;
1017 addr = strtoull(p, (char **)&p, 16);
1018 if (*p == '=')
1019 p++;
1020 reg_size = strlen(p) / 2;
1021 hextomem(mem_buf, p, reg_size);
2e0f2cfb 1022 gdb_write_register(s->g_cpu, mem_buf, addr);
56aebc89
PB		 1023 put_packet(s, "OK");
1024 break;
858693c6 1025 case 'Z':
858693c6
FB		 1026 case 'z':
1027 type = strtoul(p, (char **)&p, 16);
1028 if (*p == ',')
1029 p++;
9d9754a3 1030 addr = strtoull(p, (char **)&p, 16);
858693c6
FB		 1031 if (*p == ',')
1032 p++;
9d9754a3 1033 len = strtoull(p, (char **)&p, 16);
a1d1bb31 1034 if (ch == 'Z')
880a7578 1035 res = gdb_breakpoint_insert(addr, len, type);
a1d1bb31 1036 else
880a7578 1037 res = gdb_breakpoint_remove(addr, len, type);
a1d1bb31
AL		 1038 if (res >= 0)
1039 put_packet(s, "OK");
1040 else if (res == -ENOSYS)
0f459d16 1041 put_packet(s, "");
a1d1bb31
AL		 1042 else
1043 put_packet(s, "E22");
858693c6 1044 break;
880a7578
AL		 1045 case 'H':
1046 type = *p++;
1047 thread = strtoull(p, (char **)&p, 16);
1048 if (thread == -1 || thread == 0) {
1049 put_packet(s, "OK");
1050 break;
1051 }
2e0f2cfb
AF		 1052 cpu = find_cpu(thread);
1053 if (cpu == NULL) {
880a7578
AL		 1054 put_packet(s, "E22");
1055 break;
1056 }
1057 switch (type) {
1058 case 'c':
2e0f2cfb 1059 s->c_cpu = cpu;
880a7578
AL		 1060 put_packet(s, "OK");
1061 break;
1062 case 'g':
2e0f2cfb 1063 s->g_cpu = cpu;
880a7578
AL		 1064 put_packet(s, "OK");
1065 break;
1066 default:
1067 put_packet(s, "E22");
1068 break;
1069 }
1070 break;
1071 case 'T':
1072 thread = strtoull(p, (char **)&p, 16);
2e0f2cfb 1073 cpu = find_cpu(thread);
1e9fa730 1074
2e0f2cfb 1075 if (cpu != NULL) {
1e9fa730
NF		 1076 put_packet(s, "OK");
1077 } else {
880a7578 1078 put_packet(s, "E22");
1e9fa730 1079 }
880a7578 1080 break;
978efd6a 1081 case 'q':
60897d36
EI		 1082 case 'Q':
1083 /* parse any 'q' packets here */
1084 if (!strcmp(p,"qemu.sstepbits")) {
1085 /* Query Breakpoint bit definitions */
363a37d5
BS		 1086 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1087 SSTEP_ENABLE,
1088 SSTEP_NOIRQ,
1089 SSTEP_NOTIMER);
60897d36
EI		 1090 put_packet(s, buf);
1091 break;
4dabe747 1092 } else if (is_query_packet(p, "qemu.sstep", '=')) {
60897d36
EI		 1093 /* Display or change the sstep_flags */
1094 p += 10;
1095 if (*p != '=') {
1096 /* Display current setting */
363a37d5 1097 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
60897d36
EI		 1098 put_packet(s, buf);
1099 break;
1100 }
1101 p++;
1102 type = strtoul(p, (char **)&p, 16);
1103 sstep_flags = type;
1104 put_packet(s, "OK");
1105 break;
880a7578
AL		 1106 } else if (strcmp(p,"C") == 0) {
1107 /* "Current thread" remains vague in the spec, so always return
1108 * the first CPU (gdb returns the first thread). */
1109 put_packet(s, "QC1");
1110 break;
1111 } else if (strcmp(p,"fThreadInfo") == 0) {
52f34623 1112 s->query_cpu = first_cpu;
880a7578
AL		 1113 goto report_cpuinfo;
1114 } else if (strcmp(p,"sThreadInfo") == 0) {
1115 report_cpuinfo:
1116 if (s->query_cpu) {
52f34623 1117 snprintf(buf, sizeof(buf), "m%x", cpu_index(s->query_cpu));
880a7578 1118 put_packet(s, buf);
bdc44640 1119 s->query_cpu = CPU_NEXT(s->query_cpu);
880a7578
AL		 1120 } else
1121 put_packet(s, "l");
1122 break;
1123 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1124 thread = strtoull(p+16, (char **)&p, 16);
2e0f2cfb
AF		 1125 cpu = find_cpu(thread);
1126 if (cpu != NULL) {
cb446eca 1127 cpu_synchronize_state(cpu);
5accecb3
KW		 1128 /* memtohex() doubles the required space */
1129 len = snprintf((char *)mem_buf, sizeof(buf) / 2,
55e5c285 1130 "CPU#%d [%s]", cpu->cpu_index,
259186a7 1131 cpu->halted ? "halted " : "running");
1e9fa730
NF		 1132 memtohex(buf, mem_buf, len);
1133 put_packet(s, buf);
1134 }
880a7578 1135 break;
60897d36 1136 }
0b8a988c 1137#ifdef CONFIG_USER_ONLY
070949f3 1138 else if (strcmp(p, "Offsets") == 0) {
0429a971 1139 TaskState *ts = s->c_cpu->opaque;
978efd6a 1140
363a37d5
BS		 1141 snprintf(buf, sizeof(buf),
1142 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1143 ";Bss=" TARGET_ABI_FMT_lx,
1144 ts->info->code_offset,
1145 ts->info->data_offset,
1146 ts->info->data_offset);
978efd6a
PB		 1147 put_packet(s, buf);
1148 break;
1149 }
0b8a988c 1150#else /* !CONFIG_USER_ONLY */
8a34a0fb
AL		 1151 else if (strncmp(p, "Rcmd,", 5) == 0) {
1152 int len = strlen(p + 5);
1153
1154 if ((len % 2) != 0) {
1155 put_packet(s, "E01");
1156 break;
1157 }
8a34a0fb 1158 len = len / 2;
5accecb3 1159 hextomem(mem_buf, p + 5, len);
8a34a0fb 1160 mem_buf[len++] = 0;
fa5efccb 1161 qemu_chr_be_write(s->mon_chr, mem_buf, len);
8a34a0fb
AL		 1162 put_packet(s, "OK");
1163 break;
1164 }
0b8a988c 1165#endif /* !CONFIG_USER_ONLY */
4dabe747 1166 if (is_query_packet(p, "Supported", ':')) {
5b3715bf 1167 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
5b24c641
AF		 1168 cc = CPU_GET_CLASS(first_cpu);
1169 if (cc->gdb_core_xml_file != NULL) {
1170 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1171 }
56aebc89
PB		 1172 put_packet(s, buf);
1173 break;
1174 }
56aebc89
PB		 1175 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1176 const char *xml;
1177 target_ulong total_len;
1178
5b24c641
AF		 1179 cc = CPU_GET_CLASS(first_cpu);
1180 if (cc->gdb_core_xml_file == NULL) {
1181 goto unknown_command;
1182 }
1183
5b50e790 1184 gdb_has_xml = true;
56aebc89 1185 p += 19;
5b24c641 1186 xml = get_feature_xml(p, &p, cc);
56aebc89 1187 if (!xml) {
5b3715bf 1188 snprintf(buf, sizeof(buf), "E00");
56aebc89
PB		 1189 put_packet(s, buf);
1190 break;
1191 }
1192
1193 if (*p == ':')
1194 p++;
1195 addr = strtoul(p, (char **)&p, 16);
1196 if (*p == ',')
1197 p++;
1198 len = strtoul(p, (char **)&p, 16);
1199
1200 total_len = strlen(xml);
1201 if (addr > total_len) {
5b3715bf 1202 snprintf(buf, sizeof(buf), "E00");
56aebc89
PB		 1203 put_packet(s, buf);
1204 break;
1205 }
1206 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1207 len = (MAX_PACKET_LENGTH - 5) / 2;
1208 if (len < total_len - addr) {
1209 buf[0] = 'm';
1210 len = memtox(buf + 1, xml + addr, len);
1211 } else {
1212 buf[0] = 'l';
1213 len = memtox(buf + 1, xml + addr, total_len - addr);
1214 }
1215 put_packet_binary(s, buf, len + 1);
1216 break;
1217 }
a3919386
JK		 1218 if (is_query_packet(p, "Attached", ':')) {
1219 put_packet(s, GDB_ATTACHED);
1220 break;
1221 }
56aebc89
PB		 1222 /* Unrecognised 'q' command. */
1223 goto unknown_command;
1224
858693c6 1225 default:
56aebc89 1226 unknown_command:
858693c6
FB		 1227 /* put empty packet */
1228 buf[0] = '\0';
1229 put_packet(s, buf);
1230 break;
1231 }
1232 return RS_IDLE;
1233}
1234
64f6b346 1235void gdb_set_stop_cpu(CPUState *cpu)
880a7578 1236{
2e0f2cfb
AF		 1237 gdbserver_state->c_cpu = cpu;
1238 gdbserver_state->g_cpu = cpu;
880a7578
AL		 1239}
1240
1fddef4b 1241#ifndef CONFIG_USER_ONLY
1dfb4dd9 1242static void gdb_vm_state_change(void *opaque, int running, RunState state)
858693c6 1243{
880a7578 1244 GDBState *s = gdbserver_state;
2e0f2cfb 1245 CPUState *cpu = s->c_cpu;
858693c6 1246 char buf[256];
d6fc1b39 1247 const char *type;
858693c6
FB		 1248 int ret;
1249
cdb432b2
MI		 1250 if (running || s->state == RS_INACTIVE) {
1251 return;
1252 }
1253 /* Is there a GDB syscall waiting to be sent? */
1254 if (s->current_syscall_cb) {
1255 put_packet(s, s->syscall_buf);
a2d1ebaf 1256 return;
e07bbac5 1257 }
1dfb4dd9 1258 switch (state) {
0461d5a6 1259 case RUN_STATE_DEBUG:
ff4700b0
AF		 1260 if (cpu->watchpoint_hit) {
1261 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
a1d1bb31 1262 case BP_MEM_READ:
d6fc1b39
AL		 1263 type = "r";
1264 break;
a1d1bb31 1265 case BP_MEM_ACCESS:
d6fc1b39
AL		 1266 type = "a";
1267 break;
1268 default:
1269 type = "";
1270 break;
1271 }
880a7578
AL		 1272 snprintf(buf, sizeof(buf),
1273 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
0d34282f 1274 GDB_SIGNAL_TRAP, cpu_index(cpu), type,
ff4700b0
AF		 1275 (target_ulong)cpu->watchpoint_hit->vaddr);
1276 cpu->watchpoint_hit = NULL;
425189a8 1277 goto send_packet;
6658ffb8 1278 }
bbd77c18 1279 tb_flush(cpu);
ca587a8e 1280 ret = GDB_SIGNAL_TRAP;
425189a8 1281 break;
0461d5a6 1282 case RUN_STATE_PAUSED:
9781e040 1283 ret = GDB_SIGNAL_INT;
425189a8 1284 break;
0461d5a6 1285 case RUN_STATE_SHUTDOWN:
425189a8
JK		 1286 ret = GDB_SIGNAL_QUIT;
1287 break;
0461d5a6 1288 case RUN_STATE_IO_ERROR:
425189a8
JK		 1289 ret = GDB_SIGNAL_IO;
1290 break;
0461d5a6 1291 case RUN_STATE_WATCHDOG:
425189a8
JK		 1292 ret = GDB_SIGNAL_ALRM;
1293 break;
0461d5a6 1294 case RUN_STATE_INTERNAL_ERROR:
425189a8
JK		 1295 ret = GDB_SIGNAL_ABRT;
1296 break;
0461d5a6
LC		 1297 case RUN_STATE_SAVE_VM:
1298 case RUN_STATE_RESTORE_VM:
425189a8 1299 return;
0461d5a6 1300 case RUN_STATE_FINISH_MIGRATE:
425189a8
JK		 1301 ret = GDB_SIGNAL_XCPU;
1302 break;
1303 default:
1304 ret = GDB_SIGNAL_UNKNOWN;
1305 break;
bbeb7b5c 1306 }
226d007d 1307 gdb_set_stop_cpu(cpu);
0d34282f 1308 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_index(cpu));
425189a8
JK		 1309
1310send_packet:
858693c6 1311 put_packet(s, buf);
425189a8
JK		 1312
1313 /* disable single step if it was enabled */
3825b28f 1314 cpu_single_step(cpu, 0);
858693c6 1315}
1fddef4b 1316#endif
858693c6 1317
a2d1ebaf
PB		 1318/* Send a gdb syscall request.
1319 This accepts limited printf-style format specifiers, specifically:
a87295e8
PB		 1320 %x - target_ulong argument printed in hex.
1321 %lx - 64-bit argument printed in hex.
1322 %s - string pointer (target_ulong) and length (int) pair. */
19239b39 1323void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
a2d1ebaf 1324{
a2d1ebaf 1325 char *p;
cdb432b2 1326 char *p_end;
a2d1ebaf 1327 target_ulong addr;
a87295e8 1328 uint64_t i64;
a2d1ebaf
PB		 1329 GDBState *s;
1330
880a7578 1331 s = gdbserver_state;
a2d1ebaf
PB		 1332 if (!s)
1333 return;
cdb432b2 1334 s->current_syscall_cb = cb;
a2d1ebaf 1335#ifndef CONFIG_USER_ONLY
0461d5a6 1336 vm_stop(RUN_STATE_DEBUG);
a2d1ebaf 1337#endif
cdb432b2
MI		 1338 p = s->syscall_buf;
1339 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
a2d1ebaf
PB		 1340 *(p++) = 'F';
1341 while (*fmt) {
1342 if (*fmt == '%') {
1343 fmt++;
1344 switch (*fmt++) {
1345 case 'x':
1346 addr = va_arg(va, target_ulong);
cdb432b2 1347 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
a2d1ebaf 1348 break;
a87295e8
PB		 1349 case 'l':
1350 if (*(fmt++) != 'x')
1351 goto bad_format;
1352 i64 = va_arg(va, uint64_t);
cdb432b2 1353 p += snprintf(p, p_end - p, "%" PRIx64, i64);
a87295e8 1354 break;
a2d1ebaf
PB		 1355 case 's':
1356 addr = va_arg(va, target_ulong);
cdb432b2 1357 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
363a37d5 1358 addr, va_arg(va, int));
a2d1ebaf
PB		 1359 break;
1360 default:
a87295e8 1361 bad_format:
a2d1ebaf
PB		 1362 fprintf(stderr, "gdbstub: Bad syscall format string '%s'\n",
1363 fmt - 1);
1364 break;
1365 }
1366 } else {
1367 *(p++) = *(fmt++);
1368 }
1369 }
8a93e02a 1370 *p = 0;
a2d1ebaf 1371#ifdef CONFIG_USER_ONLY
cdb432b2 1372 put_packet(s, s->syscall_buf);
2e0f2cfb 1373 gdb_handlesig(s->c_cpu, 0);
a2d1ebaf 1374#else
cdb432b2
MI		 1375 /* In this case wait to send the syscall packet until notification that
1376 the CPU has stopped. This must be done because if the packet is sent
1377 now the reply from the syscall request could be received while the CPU
1378 is still in the running state, which can cause packets to be dropped
1379 and state transition 'T' packets to be sent while the syscall is still
1380 being processed. */
9102deda 1381 qemu_cpu_kick(s->c_cpu);
a2d1ebaf
PB		 1382#endif
1383}
1384
19239b39
PM		 1385void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1386{
1387 va_list va;
1388
1389 va_start(va, fmt);
1390 gdb_do_syscallv(cb, fmt, va);
1391 va_end(va);
1392}
1393
6a00d601 1394static void gdb_read_byte(GDBState *s, int ch)
858693c6
FB		 1395{
1396 int i, csum;
60fe76f3 1397 uint8_t reply;
858693c6 1398
1fddef4b 1399#ifndef CONFIG_USER_ONLY
4046d913
PB		 1400 if (s->last_packet_len) {
1401 /* Waiting for a response to the last packet. If we see the start
1402 of a new command then abandon the previous response. */
1403 if (ch == '-') {
1404#ifdef DEBUG_GDB
1405 printf("Got NACK, retransmitting\n");
1406#endif
ffe8ab83 1407 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
4046d913
PB		 1408 }
1409#ifdef DEBUG_GDB
1410 else if (ch == '+')
1411 printf("Got ACK\n");
1412 else
1413 printf("Got '%c' when expecting ACK/NACK\n", ch);
1414#endif
1415 if (ch == '+' || ch == '$')
1416 s->last_packet_len = 0;
1417 if (ch != '$')
1418 return;
1419 }
1354869c 1420 if (runstate_is_running()) {
858693c6
FB		 1421 /* when the CPU is running, we cannot do anything except stop
1422 it when receiving a char */
0461d5a6 1423 vm_stop(RUN_STATE_PAUSED);
5fafdf24 1424 } else
1fddef4b 1425#endif
41625033 1426 {
858693c6
FB		 1427 switch(s->state) {
1428 case RS_IDLE:
1429 if (ch == '$') {
1430 s->line_buf_index = 0;
1431 s->state = RS_GETLINE;
c33a346e 1432 }
b4608c04 1433 break;
858693c6
FB		 1434 case RS_GETLINE:
1435 if (ch == '#') {
1436 s->state = RS_CHKSUM1;
1437 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1438 s->state = RS_IDLE;
4c3a88a2 1439 } else {
858693c6 1440 s->line_buf[s->line_buf_index++] = ch;
4c3a88a2
FB		 1441 }
1442 break;
858693c6
FB		 1443 case RS_CHKSUM1:
1444 s->line_buf[s->line_buf_index] = '\0';
1445 s->line_csum = fromhex(ch) << 4;
1446 s->state = RS_CHKSUM2;
1447 break;
1448 case RS_CHKSUM2:
1449 s->line_csum |= fromhex(ch);
1450 csum = 0;
1451 for(i = 0; i < s->line_buf_index; i++) {
1452 csum += s->line_buf[i];
1453 }
1454 if (s->line_csum != (csum & 0xff)) {
60fe76f3
TS		 1455 reply = '-';
1456 put_buffer(s, &reply, 1);
858693c6 1457 s->state = RS_IDLE;
4c3a88a2 1458 } else {
60fe76f3
TS		 1459 reply = '+';
1460 put_buffer(s, &reply, 1);
880a7578 1461 s->state = gdb_handle_packet(s, s->line_buf);
4c3a88a2
FB		 1462 }
1463 break;
a2d1ebaf
PB		 1464 default:
1465 abort();
858693c6
FB		 1466 }
1467 }
1468}
1469
0e1c9c54 1470/* Tell the remote gdb that the process has exited. */
9349b4f9 1471void gdb_exit(CPUArchState *env, int code)
0e1c9c54
PB		 1472{
1473 GDBState *s;
1474 char buf[4];
5345fdb4
MAL		 1475#ifndef CONFIG_USER_ONLY
1476 CharDriverState *chr;
1477#endif
0e1c9c54
PB		 1478
1479 s = gdbserver_state;
1480 if (!s) {
1481 return;
1482 }
1483#ifdef CONFIG_USER_ONLY
1484 if (gdbserver_fd < 0 || s->fd < 0) {
1485 return;
1486 }
3d0f4418 1487#else
5345fdb4
MAL		 1488 chr = qemu_chr_fe_get_driver(&s->chr);
1489 if (!chr) {
3d0f4418
PB		 1490 return;
1491 }
0e1c9c54
PB		 1492#endif
1493
1494 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
1495 put_packet(s, buf);
e2af15b2
FC		 1496
1497#ifndef CONFIG_USER_ONLY
c39860e6 1498 qemu_chr_fe_deinit(&s->chr);
5345fdb4 1499 qemu_chr_delete(chr);
e2af15b2 1500#endif
0e1c9c54
PB		 1501}
1502
1fddef4b
FB		 1503#ifdef CONFIG_USER_ONLY
1504int
db6b81d4 1505gdb_handlesig(CPUState *cpu, int sig)
1fddef4b 1506{
5ca666c7
AF		 1507 GDBState *s;
1508 char buf[256];
1509 int n;
1fddef4b 1510
5ca666c7
AF		 1511 s = gdbserver_state;
1512 if (gdbserver_fd < 0 || s->fd < 0) {
1513 return sig;
1514 }
1fddef4b 1515
5ca666c7 1516 /* disable single step if it was enabled */
3825b28f 1517 cpu_single_step(cpu, 0);
bbd77c18 1518 tb_flush(cpu);
1fddef4b 1519
5ca666c7
AF		 1520 if (sig != 0) {
1521 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
1522 put_packet(s, buf);
1523 }
1524 /* put_packet() might have detected that the peer terminated the
1525 connection. */
1526 if (s->fd < 0) {
1527 return sig;
1528 }
1fddef4b 1529
5ca666c7
AF		 1530 sig = 0;
1531 s->state = RS_IDLE;
1532 s->running_state = 0;
1533 while (s->running_state == 0) {
1534 n = read(s->fd, buf, 256);
1535 if (n > 0) {
1536 int i;
1537
1538 for (i = 0; i < n; i++) {
1539 gdb_read_byte(s, buf[i]);
1540 }
5819e3e0 1541 } else {
5ca666c7
AF		 1542 /* XXX: Connection closed. Should probably wait for another
1543 connection before continuing. */
5819e3e0
PW		 1544 if (n == 0) {
1545 close(s->fd);
1546 }
1547 s->fd = -1;
5ca666c7 1548 return sig;
1fddef4b 1549 }
5ca666c7
AF		 1550 }
1551 sig = s->signal;
1552 s->signal = 0;
1553 return sig;
1fddef4b 1554}
e9009676 1555
ca587a8e 1556/* Tell the remote gdb that the process has exited due to SIG. */
9349b4f9 1557void gdb_signalled(CPUArchState *env, int sig)
ca587a8e 1558{
5ca666c7
AF		 1559 GDBState *s;
1560 char buf[4];
ca587a8e 1561
5ca666c7
AF		 1562 s = gdbserver_state;
1563 if (gdbserver_fd < 0 || s->fd < 0) {
1564 return;
1565 }
ca587a8e 1566
5ca666c7
AF		 1567 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
1568 put_packet(s, buf);
ca587a8e 1569}
1fddef4b 1570
880a7578 1571static void gdb_accept(void)
858693c6
FB		 1572{
1573 GDBState *s;
1574 struct sockaddr_in sockaddr;
1575 socklen_t len;
bf1c852a 1576 int fd;
858693c6
FB		 1577
1578 for(;;) {
1579 len = sizeof(sockaddr);
1580 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
1581 if (fd < 0 && errno != EINTR) {
1582 perror("accept");
1583 return;
1584 } else if (fd >= 0) {
40ff6d7e
KW		 1585#ifndef _WIN32
1586 fcntl(fd, F_SETFD, FD_CLOEXEC);
1587#endif
b4608c04
FB		 1588 break;
1589 }
1590 }
858693c6
FB		 1591
1592 /* set short latency */
bf1c852a 1593 socket_set_nodelay(fd);
3b46e624 1594
7267c094 1595 s = g_malloc0(sizeof(GDBState));
2e0f2cfb
AF		 1596 s->c_cpu = first_cpu;
1597 s->g_cpu = first_cpu;
858693c6 1598 s->fd = fd;
5b50e790 1599 gdb_has_xml = false;
858693c6 1600
880a7578 1601 gdbserver_state = s;
858693c6
FB		 1602}
1603
1604static int gdbserver_open(int port)
1605{
1606 struct sockaddr_in sockaddr;
6669ca13 1607 int fd, ret;
858693c6
FB		 1608
1609 fd = socket(PF_INET, SOCK_STREAM, 0);
1610 if (fd < 0) {
1611 perror("socket");
1612 return -1;
1613 }
40ff6d7e
KW		 1614#ifndef _WIN32
1615 fcntl(fd, F_SETFD, FD_CLOEXEC);
1616#endif
858693c6 1617
6669ca13 1618 socket_set_fast_reuse(fd);
858693c6
FB		 1619
1620 sockaddr.sin_family = AF_INET;
1621 sockaddr.sin_port = htons(port);
1622 sockaddr.sin_addr.s_addr = 0;
1623 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
1624 if (ret < 0) {
1625 perror("bind");
bb16172c 1626 close(fd);
858693c6
FB		 1627 return -1;
1628 }
96165b9e 1629 ret = listen(fd, 1);
858693c6
FB		 1630 if (ret < 0) {
1631 perror("listen");
bb16172c 1632 close(fd);
858693c6
FB		 1633 return -1;
1634 }
858693c6
FB		 1635 return fd;
1636}
1637
1638int gdbserver_start(int port)
1639{
1640 gdbserver_fd = gdbserver_open(port);
1641 if (gdbserver_fd < 0)
1642 return -1;
1643 /* accept connections */
880a7578 1644 gdb_accept();
4046d913
PB		 1645 return 0;
1646}
2b1319c8
AJ		 1647
1648/* Disable gdb stub for child processes. */
f7ec7f7b 1649void gdbserver_fork(CPUState *cpu)
2b1319c8
AJ		 1650{
1651 GDBState *s = gdbserver_state;
75a34036
AF		 1652
1653 if (gdbserver_fd < 0 || s->fd < 0) {
1654 return;
1655 }
2b1319c8
AJ		 1656 close(s->fd);
1657 s->fd = -1;
b3310ab3 1658 cpu_breakpoint_remove_all(cpu, BP_GDB);
75a34036 1659 cpu_watchpoint_remove_all(cpu, BP_GDB);
2b1319c8 1660}
1fddef4b 1661#else
aa1f17c1 1662static int gdb_chr_can_receive(void *opaque)
4046d913 1663{
56aebc89
PB		 1664 /* We can handle an arbitrarily large amount of data.
1665 Pick the maximum packet size, which is as good as anything. */
1666 return MAX_PACKET_LENGTH;
4046d913
PB		 1667}
1668
aa1f17c1 1669static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
4046d913 1670{
4046d913
PB		 1671 int i;
1672
1673 for (i = 0; i < size; i++) {
880a7578 1674 gdb_read_byte(gdbserver_state, buf[i]);
4046d913
PB		 1675 }
1676}
1677
1678static void gdb_chr_event(void *opaque, int event)
1679{
1680 switch (event) {
b6b8df56 1681 case CHR_EVENT_OPENED:
0461d5a6 1682 vm_stop(RUN_STATE_PAUSED);
5b50e790 1683 gdb_has_xml = false;
4046d913
PB		 1684 break;
1685 default:
1686 break;
1687 }
1688}
1689
8a34a0fb
AL		 1690static void gdb_monitor_output(GDBState *s, const char *msg, int len)
1691{
1692 char buf[MAX_PACKET_LENGTH];
1693
1694 buf[0] = 'O';
1695 if (len > (MAX_PACKET_LENGTH/2) - 1)
1696 len = (MAX_PACKET_LENGTH/2) - 1;
1697 memtohex(buf + 1, (uint8_t *)msg, len);
1698 put_packet(s, buf);
1699}
1700
1701static int gdb_monitor_write(CharDriverState *chr, const uint8_t *buf, int len)
1702{
1703 const char *p = (const char *)buf;
1704 int max_sz;
1705
1706 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
1707 for (;;) {
1708 if (len <= max_sz) {
1709 gdb_monitor_output(gdbserver_state, p, len);
1710 break;
1711 }
1712 gdb_monitor_output(gdbserver_state, p, max_sz);
1713 p += max_sz;
1714 len -= max_sz;
1715 }
1716 return len;
1717}
1718
59030a8c
AL		 1719#ifndef _WIN32
1720static void gdb_sigterm_handler(int signal)
1721{
1354869c 1722 if (runstate_is_running()) {
0461d5a6 1723 vm_stop(RUN_STATE_PAUSED);
e07bbac5 1724 }
59030a8c
AL		 1725}
1726#endif
1727
1728int gdbserver_start(const char *device)
4046d913
PB		 1729{
1730 GDBState *s;
59030a8c 1731 char gdbstub_device_name[128];
36556b20
AL		 1732 CharDriverState *chr = NULL;
1733 CharDriverState *mon_chr;
d0d7708b 1734 ChardevCommon common = { 0 };
cfc3475a 1735
508b4ecc
ZY		 1736 if (!first_cpu) {
1737 error_report("gdbstub: meaningless to attach gdb to a "
1738 "machine without any CPU.");
1739 return -1;
1740 }
1741
59030a8c
AL		 1742 if (!device)
1743 return -1;
1744 if (strcmp(device, "none") != 0) {
1745 if (strstart(device, "tcp:", NULL)) {
1746 /* enforce required TCP attributes */
1747 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
1748 "%s,nowait,nodelay,server", device);
1749 device = gdbstub_device_name;
36556b20 1750 }
59030a8c
AL		 1751#ifndef _WIN32
1752 else if (strcmp(device, "stdio") == 0) {
1753 struct sigaction act;
4046d913 1754
59030a8c
AL		 1755 memset(&act, 0, sizeof(act));
1756 act.sa_handler = gdb_sigterm_handler;
1757 sigaction(SIGINT, &act, NULL);
1758 }
1759#endif
b4948be9 1760 chr = qemu_chr_new_noreplay("gdb", device);
36556b20
AL		 1761 if (!chr)
1762 return -1;
cfc3475a
PB		 1763 }
1764
36556b20
AL		 1765 s = gdbserver_state;
1766 if (!s) {
7267c094 1767 s = g_malloc0(sizeof(GDBState));
36556b20 1768 gdbserver_state = s;
4046d913 1769
36556b20
AL		 1770 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
1771
1772 /* Initialize a monitor terminal for gdb */
d0d7708b 1773 mon_chr = qemu_chr_alloc(&common, &error_abort);
36556b20
AL		 1774 mon_chr->chr_write = gdb_monitor_write;
1775 monitor_init(mon_chr, 0);
1776 } else {
5345fdb4
MAL		 1777 if (qemu_chr_fe_get_driver(&s->chr)) {
1778 qemu_chr_delete(qemu_chr_fe_get_driver(&s->chr));
32a6ebec 1779 }
36556b20
AL		 1780 mon_chr = s->mon_chr;
1781 memset(s, 0, sizeof(GDBState));
32a6ebec 1782 s->mon_chr = mon_chr;
36556b20 1783 }
2e0f2cfb
AF		 1784 s->c_cpu = first_cpu;
1785 s->g_cpu = first_cpu;
32a6ebec
MAL		 1786 if (chr) {
1787 qemu_chr_fe_init(&s->chr, chr, &error_abort);
5345fdb4 1788 qemu_chr_fe_set_handlers(&s->chr, gdb_chr_can_receive, gdb_chr_receive,
39ab61c6 1789 gdb_chr_event, NULL, NULL, true);
32a6ebec 1790 }
36556b20
AL		 1791 s->state = chr ? RS_IDLE : RS_INACTIVE;
1792 s->mon_chr = mon_chr;
cdb432b2 1793 s->current_syscall_cb = NULL;
8a34a0fb 1794
b4608c04
FB		 1795 return 0;
1796}
4046d913 1797#endif
QEMU mirror