ppc/pnv: add a PnvICPState object
[qemu.git] / gdbstub.c
1 /*
2 * gdb server stub
3 *
4 * Copyright (c) 2003-2005 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #include "qemu/error-report.h"
22 #include "qemu/cutils.h"
23 #include "cpu.h"
24 #ifdef CONFIG_USER_ONLY
25 #include "qemu.h"
26 #else
27 #include "monitor/monitor.h"
28 #include "sysemu/char.h"
29 #include "sysemu/sysemu.h"
30 #include "exec/gdbstub.h"
31 #endif
32
33 #define MAX_PACKET_LENGTH 4096
34
35 #include "qemu/sockets.h"
36 #include "sysemu/hw_accel.h"
37 #include "sysemu/kvm.h"
38 #include "exec/semihost.h"
39 #include "exec/exec-all.h"
40
41 #ifdef CONFIG_USER_ONLY
42 #define GDB_ATTACHED "0"
43 #else
44 #define GDB_ATTACHED "1"
45 #endif
46
47 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
48 uint8_t *buf, int len, bool is_write)
49 {
50 CPUClass *cc = CPU_GET_CLASS(cpu);
51
52 if (cc->memory_rw_debug) {
53 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
54 }
55 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
56 }
57
58 enum {
59 GDB_SIGNAL_0 = 0,
60 GDB_SIGNAL_INT = 2,
61 GDB_SIGNAL_QUIT = 3,
62 GDB_SIGNAL_TRAP = 5,
63 GDB_SIGNAL_ABRT = 6,
64 GDB_SIGNAL_ALRM = 14,
65 GDB_SIGNAL_IO = 23,
66 GDB_SIGNAL_XCPU = 24,
67 GDB_SIGNAL_UNKNOWN = 143
68 };
69
70 #ifdef CONFIG_USER_ONLY
71
72 /* Map target signal numbers to GDB protocol signal numbers and vice
73 * versa. For user emulation's currently supported systems, we can
74 * assume most signals are defined.
75 */
76
77 static int gdb_signal_table[] = {
78 0,
79 TARGET_SIGHUP,
80 TARGET_SIGINT,
81 TARGET_SIGQUIT,
82 TARGET_SIGILL,
83 TARGET_SIGTRAP,
84 TARGET_SIGABRT,
85 -1, /* SIGEMT */
86 TARGET_SIGFPE,
87 TARGET_SIGKILL,
88 TARGET_SIGBUS,
89 TARGET_SIGSEGV,
90 TARGET_SIGSYS,
91 TARGET_SIGPIPE,
92 TARGET_SIGALRM,
93 TARGET_SIGTERM,
94 TARGET_SIGURG,
95 TARGET_SIGSTOP,
96 TARGET_SIGTSTP,
97 TARGET_SIGCONT,
98 TARGET_SIGCHLD,
99 TARGET_SIGTTIN,
100 TARGET_SIGTTOU,
101 TARGET_SIGIO,
102 TARGET_SIGXCPU,
103 TARGET_SIGXFSZ,
104 TARGET_SIGVTALRM,
105 TARGET_SIGPROF,
106 TARGET_SIGWINCH,
107 -1, /* SIGLOST */
108 TARGET_SIGUSR1,
109 TARGET_SIGUSR2,
110 #ifdef TARGET_SIGPWR
111 TARGET_SIGPWR,
112 #else
113 -1,
114 #endif
115 -1, /* SIGPOLL */
116 -1,
117 -1,
118 -1,
119 -1,
120 -1,
121 -1,
122 -1,
123 -1,
124 -1,
125 -1,
126 -1,
127 #ifdef __SIGRTMIN
128 __SIGRTMIN + 1,
129 __SIGRTMIN + 2,
130 __SIGRTMIN + 3,
131 __SIGRTMIN + 4,
132 __SIGRTMIN + 5,
133 __SIGRTMIN + 6,
134 __SIGRTMIN + 7,
135 __SIGRTMIN + 8,
136 __SIGRTMIN + 9,
137 __SIGRTMIN + 10,
138 __SIGRTMIN + 11,
139 __SIGRTMIN + 12,
140 __SIGRTMIN + 13,
141 __SIGRTMIN + 14,
142 __SIGRTMIN + 15,
143 __SIGRTMIN + 16,
144 __SIGRTMIN + 17,
145 __SIGRTMIN + 18,
146 __SIGRTMIN + 19,
147 __SIGRTMIN + 20,
148 __SIGRTMIN + 21,
149 __SIGRTMIN + 22,
150 __SIGRTMIN + 23,
151 __SIGRTMIN + 24,
152 __SIGRTMIN + 25,
153 __SIGRTMIN + 26,
154 __SIGRTMIN + 27,
155 __SIGRTMIN + 28,
156 __SIGRTMIN + 29,
157 __SIGRTMIN + 30,
158 __SIGRTMIN + 31,
159 -1, /* SIGCANCEL */
160 __SIGRTMIN,
161 __SIGRTMIN + 32,
162 __SIGRTMIN + 33,
163 __SIGRTMIN + 34,
164 __SIGRTMIN + 35,
165 __SIGRTMIN + 36,
166 __SIGRTMIN + 37,
167 __SIGRTMIN + 38,
168 __SIGRTMIN + 39,
169 __SIGRTMIN + 40,
170 __SIGRTMIN + 41,
171 __SIGRTMIN + 42,
172 __SIGRTMIN + 43,
173 __SIGRTMIN + 44,
174 __SIGRTMIN + 45,
175 __SIGRTMIN + 46,
176 __SIGRTMIN + 47,
177 __SIGRTMIN + 48,
178 __SIGRTMIN + 49,
179 __SIGRTMIN + 50,
180 __SIGRTMIN + 51,
181 __SIGRTMIN + 52,
182 __SIGRTMIN + 53,
183 __SIGRTMIN + 54,
184 __SIGRTMIN + 55,
185 __SIGRTMIN + 56,
186 __SIGRTMIN + 57,
187 __SIGRTMIN + 58,
188 __SIGRTMIN + 59,
189 __SIGRTMIN + 60,
190 __SIGRTMIN + 61,
191 __SIGRTMIN + 62,
192 __SIGRTMIN + 63,
193 __SIGRTMIN + 64,
194 __SIGRTMIN + 65,
195 __SIGRTMIN + 66,
196 __SIGRTMIN + 67,
197 __SIGRTMIN + 68,
198 __SIGRTMIN + 69,
199 __SIGRTMIN + 70,
200 __SIGRTMIN + 71,
201 __SIGRTMIN + 72,
202 __SIGRTMIN + 73,
203 __SIGRTMIN + 74,
204 __SIGRTMIN + 75,
205 __SIGRTMIN + 76,
206 __SIGRTMIN + 77,
207 __SIGRTMIN + 78,
208 __SIGRTMIN + 79,
209 __SIGRTMIN + 80,
210 __SIGRTMIN + 81,
211 __SIGRTMIN + 82,
212 __SIGRTMIN + 83,
213 __SIGRTMIN + 84,
214 __SIGRTMIN + 85,
215 __SIGRTMIN + 86,
216 __SIGRTMIN + 87,
217 __SIGRTMIN + 88,
218 __SIGRTMIN + 89,
219 __SIGRTMIN + 90,
220 __SIGRTMIN + 91,
221 __SIGRTMIN + 92,
222 __SIGRTMIN + 93,
223 __SIGRTMIN + 94,
224 __SIGRTMIN + 95,
225 -1, /* SIGINFO */
226 -1, /* UNKNOWN */
227 -1, /* DEFAULT */
228 -1,
229 -1,
230 -1,
231 -1,
232 -1,
233 -1
234 #endif
235 };
236 #else
237 /* In system mode we only need SIGINT and SIGTRAP; other signals
238 are not yet supported. */
239
240 enum {
241 TARGET_SIGINT = 2,
242 TARGET_SIGTRAP = 5
243 };
244
245 static int gdb_signal_table[] = {
246 -1,
247 -1,
248 TARGET_SIGINT,
249 -1,
250 -1,
251 TARGET_SIGTRAP
252 };
253 #endif
254
255 #ifdef CONFIG_USER_ONLY
256 static int target_signal_to_gdb (int sig)
257 {
258 int i;
259 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
260 if (gdb_signal_table[i] == sig)
261 return i;
262 return GDB_SIGNAL_UNKNOWN;
263 }
264 #endif
265
266 static int gdb_signal_to_target (int sig)
267 {
268 if (sig < ARRAY_SIZE (gdb_signal_table))
269 return gdb_signal_table[sig];
270 else
271 return -1;
272 }
273
274 //#define DEBUG_GDB
275
276 typedef struct GDBRegisterState {
277 int base_reg;
278 int num_regs;
279 gdb_reg_cb get_reg;
280 gdb_reg_cb set_reg;
281 const char *xml;
282 struct GDBRegisterState *next;
283 } GDBRegisterState;
284
285 enum RSState {
286 RS_INACTIVE,
287 RS_IDLE,
288 RS_GETLINE,
289 RS_CHKSUM1,
290 RS_CHKSUM2,
291 };
292 typedef struct GDBState {
293 CPUState *c_cpu; /* current CPU for step/continue ops */
294 CPUState *g_cpu; /* current CPU for other ops */
295 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
296 enum RSState state; /* parsing state */
297 char line_buf[MAX_PACKET_LENGTH];
298 int line_buf_index;
299 int line_csum;
300 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
301 int last_packet_len;
302 int signal;
303 #ifdef CONFIG_USER_ONLY
304 int fd;
305 int running_state;
306 #else
307 CharBackend chr;
308 Chardev *mon_chr;
309 #endif
310 char syscall_buf[256];
311 gdb_syscall_complete_cb current_syscall_cb;
312 } GDBState;
313
314 /* By default use no IRQs and no timers while single stepping so as to
315 * make single stepping like an ICE HW step.
316 */
317 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
318
319 static GDBState *gdbserver_state;
320
321 bool gdb_has_xml;
322
323 #ifdef CONFIG_USER_ONLY
324 /* XXX: This is not thread safe. Do we care? */
325 static int gdbserver_fd = -1;
326
327 static int get_char(GDBState *s)
328 {
329 uint8_t ch;
330 int ret;
331
332 for(;;) {
333 ret = qemu_recv(s->fd, &ch, 1, 0);
334 if (ret < 0) {
335 if (errno == ECONNRESET)
336 s->fd = -1;
337 if (errno != EINTR)
338 return -1;
339 } else if (ret == 0) {
340 close(s->fd);
341 s->fd = -1;
342 return -1;
343 } else {
344 break;
345 }
346 }
347 return ch;
348 }
349 #endif
350
351 static enum {
352 GDB_SYS_UNKNOWN,
353 GDB_SYS_ENABLED,
354 GDB_SYS_DISABLED,
355 } gdb_syscall_mode;
356
357 /* Decide if either remote gdb syscalls or native file IO should be used. */
358 int use_gdb_syscalls(void)
359 {
360 SemihostingTarget target = semihosting_get_target();
361 if (target == SEMIHOSTING_TARGET_NATIVE) {
362 /* -semihosting-config target=native */
363 return false;
364 } else if (target == SEMIHOSTING_TARGET_GDB) {
365 /* -semihosting-config target=gdb */
366 return true;
367 }
368
369 /* -semihosting-config target=auto */
370 /* On the first call check if gdb is connected and remember. */
371 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
372 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
373 : GDB_SYS_DISABLED);
374 }
375 return gdb_syscall_mode == GDB_SYS_ENABLED;
376 }
377
378 /* Resume execution. */
379 static inline void gdb_continue(GDBState *s)
380 {
381 #ifdef CONFIG_USER_ONLY
382 s->running_state = 1;
383 #else
384 if (!runstate_needs_reset()) {
385 vm_start();
386 }
387 #endif
388 }
389
390 /*
391 * Resume execution, per CPU actions. For user-mode emulation it's
392 * equivalent to gdb_continue.
393 */
394 static int gdb_continue_partial(GDBState *s, char *newstates)
395 {
396 CPUState *cpu;
397 int res = 0;
398 #ifdef CONFIG_USER_ONLY
399 /*
400 * This is not exactly accurate, but it's an improvement compared to the
401 * previous situation, where only one CPU would be single-stepped.
402 */
403 CPU_FOREACH(cpu) {
404 if (newstates[cpu->cpu_index] == 's') {
405 cpu_single_step(cpu, sstep_flags);
406 }
407 }
408 s->running_state = 1;
409 #else
410 int flag = 0;
411
412 if (!runstate_needs_reset()) {
413 if (vm_prepare_start()) {
414 return 0;
415 }
416
417 CPU_FOREACH(cpu) {
418 switch (newstates[cpu->cpu_index]) {
419 case 0:
420 case 1:
421 break; /* nothing to do here */
422 case 's':
423 cpu_single_step(cpu, sstep_flags);
424 cpu_resume(cpu);
425 flag = 1;
426 break;
427 case 'c':
428 cpu_resume(cpu);
429 flag = 1;
430 break;
431 default:
432 res = -1;
433 break;
434 }
435 }
436 }
437 if (flag) {
438 qemu_clock_enable(QEMU_CLOCK_VIRTUAL, true);
439 }
440 #endif
441 return res;
442 }
443
444 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
445 {
446 #ifdef CONFIG_USER_ONLY
447 int ret;
448
449 while (len > 0) {
450 ret = send(s->fd, buf, len, 0);
451 if (ret < 0) {
452 if (errno != EINTR)
453 return;
454 } else {
455 buf += ret;
456 len -= ret;
457 }
458 }
459 #else
460 /* XXX this blocks entire thread. Rewrite to use
461 * qemu_chr_fe_write and background I/O callbacks */
462 qemu_chr_fe_write_all(&s->chr, buf, len);
463 #endif
464 }
465
466 static inline int fromhex(int v)
467 {
468 if (v >= '0' && v <= '9')
469 return v - '0';
470 else if (v >= 'A' && v <= 'F')
471 return v - 'A' + 10;
472 else if (v >= 'a' && v <= 'f')
473 return v - 'a' + 10;
474 else
475 return 0;
476 }
477
478 static inline int tohex(int v)
479 {
480 if (v < 10)
481 return v + '0';
482 else
483 return v - 10 + 'a';
484 }
485
486 static void memtohex(char *buf, const uint8_t *mem, int len)
487 {
488 int i, c;
489 char *q;
490 q = buf;
491 for(i = 0; i < len; i++) {
492 c = mem[i];
493 *q++ = tohex(c >> 4);
494 *q++ = tohex(c & 0xf);
495 }
496 *q = '\0';
497 }
498
499 static void hextomem(uint8_t *mem, const char *buf, int len)
500 {
501 int i;
502
503 for(i = 0; i < len; i++) {
504 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
505 buf += 2;
506 }
507 }
508
509 /* return -1 if error, 0 if OK */
510 static int put_packet_binary(GDBState *s, const char *buf, int len)
511 {
512 int csum, i;
513 uint8_t *p;
514
515 for(;;) {
516 p = s->last_packet;
517 *(p++) = '$';
518 memcpy(p, buf, len);
519 p += len;
520 csum = 0;
521 for(i = 0; i < len; i++) {
522 csum += buf[i];
523 }
524 *(p++) = '#';
525 *(p++) = tohex((csum >> 4) & 0xf);
526 *(p++) = tohex((csum) & 0xf);
527
528 s->last_packet_len = p - s->last_packet;
529 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
530
531 #ifdef CONFIG_USER_ONLY
532 i = get_char(s);
533 if (i < 0)
534 return -1;
535 if (i == '+')
536 break;
537 #else
538 break;
539 #endif
540 }
541 return 0;
542 }
543
544 /* return -1 if error, 0 if OK */
545 static int put_packet(GDBState *s, const char *buf)
546 {
547 #ifdef DEBUG_GDB
548 printf("reply='%s'\n", buf);
549 #endif
550
551 return put_packet_binary(s, buf, strlen(buf));
552 }
553
554 /* Encode data using the encoding for 'x' packets. */
555 static int memtox(char *buf, const char *mem, int len)
556 {
557 char *p = buf;
558 char c;
559
560 while (len--) {
561 c = *(mem++);
562 switch (c) {
563 case '#': case '$': case '*': case '}':
564 *(p++) = '}';
565 *(p++) = c ^ 0x20;
566 break;
567 default:
568 *(p++) = c;
569 break;
570 }
571 }
572 return p - buf;
573 }
574
575 static const char *get_feature_xml(const char *p, const char **newp,
576 CPUClass *cc)
577 {
578 size_t len;
579 int i;
580 const char *name;
581 static char target_xml[1024];
582
583 len = 0;
584 while (p[len] && p[len] != ':')
585 len++;
586 *newp = p + len;
587
588 name = NULL;
589 if (strncmp(p, "target.xml", len) == 0) {
590 /* Generate the XML description for this CPU. */
591 if (!target_xml[0]) {
592 GDBRegisterState *r;
593 CPUState *cpu = first_cpu;
594
595 pstrcat(target_xml, sizeof(target_xml),
596 "<?xml version=\"1.0\"?>"
597 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
598 "<target>");
599 if (cc->gdb_arch_name) {
600 gchar *arch = cc->gdb_arch_name(cpu);
601 pstrcat(target_xml, sizeof(target_xml), "<architecture>");
602 pstrcat(target_xml, sizeof(target_xml), arch);
603 pstrcat(target_xml, sizeof(target_xml), "</architecture>");
604 g_free(arch);
605 }
606 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
607 pstrcat(target_xml, sizeof(target_xml), cc->gdb_core_xml_file);
608 pstrcat(target_xml, sizeof(target_xml), "\"/>");
609 for (r = cpu->gdb_regs; r; r = r->next) {
610 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
611 pstrcat(target_xml, sizeof(target_xml), r->xml);
612 pstrcat(target_xml, sizeof(target_xml), "\"/>");
613 }
614 pstrcat(target_xml, sizeof(target_xml), "</target>");
615 }
616 return target_xml;
617 }
618 for (i = 0; ; i++) {
619 name = xml_builtin[i][0];
620 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
621 break;
622 }
623 return name ? xml_builtin[i][1] : NULL;
624 }
625
626 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
627 {
628 CPUClass *cc = CPU_GET_CLASS(cpu);
629 CPUArchState *env = cpu->env_ptr;
630 GDBRegisterState *r;
631
632 if (reg < cc->gdb_num_core_regs) {
633 return cc->gdb_read_register(cpu, mem_buf, reg);
634 }
635
636 for (r = cpu->gdb_regs; r; r = r->next) {
637 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
638 return r->get_reg(env, mem_buf, reg - r->base_reg);
639 }
640 }
641 return 0;
642 }
643
644 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
645 {
646 CPUClass *cc = CPU_GET_CLASS(cpu);
647 CPUArchState *env = cpu->env_ptr;
648 GDBRegisterState *r;
649
650 if (reg < cc->gdb_num_core_regs) {
651 return cc->gdb_write_register(cpu, mem_buf, reg);
652 }
653
654 for (r = cpu->gdb_regs; r; r = r->next) {
655 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
656 return r->set_reg(env, mem_buf, reg - r->base_reg);
657 }
658 }
659 return 0;
660 }
661
662 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
663 specifies the first register number and these registers are included in
664 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
665 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
666 */
667
668 void gdb_register_coprocessor(CPUState *cpu,
669 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
670 int num_regs, const char *xml, int g_pos)
671 {
672 GDBRegisterState *s;
673 GDBRegisterState **p;
674
675 p = &cpu->gdb_regs;
676 while (*p) {
677 /* Check for duplicates. */
678 if (strcmp((*p)->xml, xml) == 0)
679 return;
680 p = &(*p)->next;
681 }
682
683 s = g_new0(GDBRegisterState, 1);
684 s->base_reg = cpu->gdb_num_regs;
685 s->num_regs = num_regs;
686 s->get_reg = get_reg;
687 s->set_reg = set_reg;
688 s->xml = xml;
689
690 /* Add to end of list. */
691 cpu->gdb_num_regs += num_regs;
692 *p = s;
693 if (g_pos) {
694 if (g_pos != s->base_reg) {
695 error_report("Error: Bad gdb register numbering for '%s', "
696 "expected %d got %d", xml, g_pos, s->base_reg);
697 } else {
698 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
699 }
700 }
701 }
702
703 #ifndef CONFIG_USER_ONLY
704 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
705 static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
706 {
707 static const int xlat[] = {
708 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
709 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
710 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
711 };
712
713 CPUClass *cc = CPU_GET_CLASS(cpu);
714 int cputype = xlat[gdbtype];
715
716 if (cc->gdb_stop_before_watchpoint) {
717 cputype |= BP_STOP_BEFORE_ACCESS;
718 }
719 return cputype;
720 }
721 #endif
722
723 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
724 {
725 CPUState *cpu;
726 int err = 0;
727
728 if (kvm_enabled()) {
729 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
730 }
731
732 switch (type) {
733 case GDB_BREAKPOINT_SW:
734 case GDB_BREAKPOINT_HW:
735 CPU_FOREACH(cpu) {
736 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
737 if (err) {
738 break;
739 }
740 }
741 return err;
742 #ifndef CONFIG_USER_ONLY
743 case GDB_WATCHPOINT_WRITE:
744 case GDB_WATCHPOINT_READ:
745 case GDB_WATCHPOINT_ACCESS:
746 CPU_FOREACH(cpu) {
747 err = cpu_watchpoint_insert(cpu, addr, len,
748 xlat_gdb_type(cpu, type), NULL);
749 if (err) {
750 break;
751 }
752 }
753 return err;
754 #endif
755 default:
756 return -ENOSYS;
757 }
758 }
759
760 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
761 {
762 CPUState *cpu;
763 int err = 0;
764
765 if (kvm_enabled()) {
766 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
767 }
768
769 switch (type) {
770 case GDB_BREAKPOINT_SW:
771 case GDB_BREAKPOINT_HW:
772 CPU_FOREACH(cpu) {
773 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
774 if (err) {
775 break;
776 }
777 }
778 return err;
779 #ifndef CONFIG_USER_ONLY
780 case GDB_WATCHPOINT_WRITE:
781 case GDB_WATCHPOINT_READ:
782 case GDB_WATCHPOINT_ACCESS:
783 CPU_FOREACH(cpu) {
784 err = cpu_watchpoint_remove(cpu, addr, len,
785 xlat_gdb_type(cpu, type));
786 if (err)
787 break;
788 }
789 return err;
790 #endif
791 default:
792 return -ENOSYS;
793 }
794 }
795
796 static void gdb_breakpoint_remove_all(void)
797 {
798 CPUState *cpu;
799
800 if (kvm_enabled()) {
801 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
802 return;
803 }
804
805 CPU_FOREACH(cpu) {
806 cpu_breakpoint_remove_all(cpu, BP_GDB);
807 #ifndef CONFIG_USER_ONLY
808 cpu_watchpoint_remove_all(cpu, BP_GDB);
809 #endif
810 }
811 }
812
813 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
814 {
815 CPUState *cpu = s->c_cpu;
816
817 cpu_synchronize_state(cpu);
818 cpu_set_pc(cpu, pc);
819 }
820
821 static CPUState *find_cpu(uint32_t thread_id)
822 {
823 CPUState *cpu;
824
825 CPU_FOREACH(cpu) {
826 if (cpu_index(cpu) == thread_id) {
827 return cpu;
828 }
829 }
830
831 return NULL;
832 }
833
834 static int is_query_packet(const char *p, const char *query, char separator)
835 {
836 unsigned int query_len = strlen(query);
837
838 return strncmp(p, query, query_len) == 0 &&
839 (p[query_len] == '\0' || p[query_len] == separator);
840 }
841
842 /**
843 * gdb_handle_vcont - Parses and handles a vCont packet.
844 * returns -ENOTSUP if a command is unsupported, -EINVAL or -ERANGE if there is
845 * a format error, 0 on success.
846 */
847 static int gdb_handle_vcont(GDBState *s, const char *p)
848 {
849 int res, idx, signal = 0;
850 char cur_action;
851 char *newstates;
852 unsigned long tmp;
853 CPUState *cpu;
854 #ifdef CONFIG_USER_ONLY
855 int max_cpus = 1; /* global variable max_cpus exists only in system mode */
856
857 CPU_FOREACH(cpu) {
858 max_cpus = max_cpus <= cpu->cpu_index ? cpu->cpu_index + 1 : max_cpus;
859 }
860 #endif
861 /* uninitialised CPUs stay 0 */
862 newstates = g_new0(char, max_cpus);
863
864 /* mark valid CPUs with 1 */
865 CPU_FOREACH(cpu) {
866 newstates[cpu->cpu_index] = 1;
867 }
868
869 /*
870 * res keeps track of what error we are returning, with -ENOTSUP meaning
871 * that the command is unknown or unsupported, thus returning an empty
872 * packet, while -EINVAL and -ERANGE cause an E22 packet, due to invalid,
873 * or incorrect parameters passed.
874 */
875 res = 0;
876 while (*p) {
877 if (*p++ != ';') {
878 res = -ENOTSUP;
879 goto out;
880 }
881
882 cur_action = *p++;
883 if (cur_action == 'C' || cur_action == 'S') {
884 cur_action = tolower(cur_action);
885 res = qemu_strtoul(p + 1, &p, 16, &tmp);
886 if (res) {
887 goto out;
888 }
889 signal = gdb_signal_to_target(tmp);
890 } else if (cur_action != 'c' && cur_action != 's') {
891 /* unknown/invalid/unsupported command */
892 res = -ENOTSUP;
893 goto out;
894 }
895 /* thread specification. special values: (none), -1 = all; 0 = any */
896 if ((p[0] == ':' && p[1] == '-' && p[2] == '1') || (p[0] != ':')) {
897 if (*p == ':') {
898 p += 3;
899 }
900 for (idx = 0; idx < max_cpus; idx++) {
901 if (newstates[idx] == 1) {
902 newstates[idx] = cur_action;
903 }
904 }
905 } else if (*p == ':') {
906 p++;
907 res = qemu_strtoul(p, &p, 16, &tmp);
908 if (res) {
909 goto out;
910 }
911 idx = tmp;
912 /* 0 means any thread, so we pick the first valid CPU */
913 if (!idx) {
914 idx = cpu_index(first_cpu);
915 }
916
917 /*
918 * If we are in user mode, the thread specified is actually a
919 * thread id, and not an index. We need to find the actual
920 * CPU first, and only then we can use its index.
921 */
922 cpu = find_cpu(idx);
923 /* invalid CPU/thread specified */
924 if (!idx || !cpu) {
925 res = -EINVAL;
926 goto out;
927 }
928 /* only use if no previous match occourred */
929 if (newstates[cpu->cpu_index] == 1) {
930 newstates[cpu->cpu_index] = cur_action;
931 }
932 }
933 }
934 s->signal = signal;
935 gdb_continue_partial(s, newstates);
936
937 out:
938 g_free(newstates);
939
940 return res;
941 }
942
943 static int gdb_handle_packet(GDBState *s, const char *line_buf)
944 {
945 CPUState *cpu;
946 CPUClass *cc;
947 const char *p;
948 uint32_t thread;
949 int ch, reg_size, type, res;
950 char buf[MAX_PACKET_LENGTH];
951 uint8_t mem_buf[MAX_PACKET_LENGTH];
952 uint8_t *registers;
953 target_ulong addr, len;
954
955 #ifdef DEBUG_GDB
956 printf("command='%s'\n", line_buf);
957 #endif
958 p = line_buf;
959 ch = *p++;
960 switch(ch) {
961 case '?':
962 /* TODO: Make this return the correct value for user-mode. */
963 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
964 cpu_index(s->c_cpu));
965 put_packet(s, buf);
966 /* Remove all the breakpoints when this query is issued,
967 * because gdb is doing and initial connect and the state
968 * should be cleaned up.
969 */
970 gdb_breakpoint_remove_all();
971 break;
972 case 'c':
973 if (*p != '\0') {
974 addr = strtoull(p, (char **)&p, 16);
975 gdb_set_cpu_pc(s, addr);
976 }
977 s->signal = 0;
978 gdb_continue(s);
979 return RS_IDLE;
980 case 'C':
981 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
982 if (s->signal == -1)
983 s->signal = 0;
984 gdb_continue(s);
985 return RS_IDLE;
986 case 'v':
987 if (strncmp(p, "Cont", 4) == 0) {
988 p += 4;
989 if (*p == '?') {
990 put_packet(s, "vCont;c;C;s;S");
991 break;
992 }
993
994 res = gdb_handle_vcont(s, p);
995
996 if (res) {
997 if ((res == -EINVAL) || (res == -ERANGE)) {
998 put_packet(s, "E22");
999 break;
1000 }
1001 goto unknown_command;
1002 }
1003 break;
1004 } else {
1005 goto unknown_command;
1006 }
1007 case 'k':
1008 /* Kill the target */
1009 error_report("QEMU: Terminated via GDBstub");
1010 exit(0);
1011 case 'D':
1012 /* Detach packet */
1013 gdb_breakpoint_remove_all();
1014 gdb_syscall_mode = GDB_SYS_DISABLED;
1015 gdb_continue(s);
1016 put_packet(s, "OK");
1017 break;
1018 case 's':
1019 if (*p != '\0') {
1020 addr = strtoull(p, (char **)&p, 16);
1021 gdb_set_cpu_pc(s, addr);
1022 }
1023 cpu_single_step(s->c_cpu, sstep_flags);
1024 gdb_continue(s);
1025 return RS_IDLE;
1026 case 'F':
1027 {
1028 target_ulong ret;
1029 target_ulong err;
1030
1031 ret = strtoull(p, (char **)&p, 16);
1032 if (*p == ',') {
1033 p++;
1034 err = strtoull(p, (char **)&p, 16);
1035 } else {
1036 err = 0;
1037 }
1038 if (*p == ',')
1039 p++;
1040 type = *p;
1041 if (s->current_syscall_cb) {
1042 s->current_syscall_cb(s->c_cpu, ret, err);
1043 s->current_syscall_cb = NULL;
1044 }
1045 if (type == 'C') {
1046 put_packet(s, "T02");
1047 } else {
1048 gdb_continue(s);
1049 }
1050 }
1051 break;
1052 case 'g':
1053 cpu_synchronize_state(s->g_cpu);
1054 len = 0;
1055 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs; addr++) {
1056 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
1057 len += reg_size;
1058 }
1059 memtohex(buf, mem_buf, len);
1060 put_packet(s, buf);
1061 break;
1062 case 'G':
1063 cpu_synchronize_state(s->g_cpu);
1064 registers = mem_buf;
1065 len = strlen(p) / 2;
1066 hextomem((uint8_t *)registers, p, len);
1067 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs && len > 0; addr++) {
1068 reg_size = gdb_write_register(s->g_cpu, registers, addr);
1069 len -= reg_size;
1070 registers += reg_size;
1071 }
1072 put_packet(s, "OK");
1073 break;
1074 case 'm':
1075 addr = strtoull(p, (char **)&p, 16);
1076 if (*p == ',')
1077 p++;
1078 len = strtoull(p, NULL, 16);
1079
1080 /* memtohex() doubles the required space */
1081 if (len > MAX_PACKET_LENGTH / 2) {
1082 put_packet (s, "E22");
1083 break;
1084 }
1085
1086 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
1087 put_packet (s, "E14");
1088 } else {
1089 memtohex(buf, mem_buf, len);
1090 put_packet(s, buf);
1091 }
1092 break;
1093 case 'M':
1094 addr = strtoull(p, (char **)&p, 16);
1095 if (*p == ',')
1096 p++;
1097 len = strtoull(p, (char **)&p, 16);
1098 if (*p == ':')
1099 p++;
1100
1101 /* hextomem() reads 2*len bytes */
1102 if (len > strlen(p) / 2) {
1103 put_packet (s, "E22");
1104 break;
1105 }
1106 hextomem(mem_buf, p, len);
1107 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
1108 true) != 0) {
1109 put_packet(s, "E14");
1110 } else {
1111 put_packet(s, "OK");
1112 }
1113 break;
1114 case 'p':
1115 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1116 This works, but can be very slow. Anything new enough to
1117 understand XML also knows how to use this properly. */
1118 if (!gdb_has_xml)
1119 goto unknown_command;
1120 addr = strtoull(p, (char **)&p, 16);
1121 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1122 if (reg_size) {
1123 memtohex(buf, mem_buf, reg_size);
1124 put_packet(s, buf);
1125 } else {
1126 put_packet(s, "E14");
1127 }
1128 break;
1129 case 'P':
1130 if (!gdb_has_xml)
1131 goto unknown_command;
1132 addr = strtoull(p, (char **)&p, 16);
1133 if (*p == '=')
1134 p++;
1135 reg_size = strlen(p) / 2;
1136 hextomem(mem_buf, p, reg_size);
1137 gdb_write_register(s->g_cpu, mem_buf, addr);
1138 put_packet(s, "OK");
1139 break;
1140 case 'Z':
1141 case 'z':
1142 type = strtoul(p, (char **)&p, 16);
1143 if (*p == ',')
1144 p++;
1145 addr = strtoull(p, (char **)&p, 16);
1146 if (*p == ',')
1147 p++;
1148 len = strtoull(p, (char **)&p, 16);
1149 if (ch == 'Z')
1150 res = gdb_breakpoint_insert(addr, len, type);
1151 else
1152 res = gdb_breakpoint_remove(addr, len, type);
1153 if (res >= 0)
1154 put_packet(s, "OK");
1155 else if (res == -ENOSYS)
1156 put_packet(s, "");
1157 else
1158 put_packet(s, "E22");
1159 break;
1160 case 'H':
1161 type = *p++;
1162 thread = strtoull(p, (char **)&p, 16);
1163 if (thread == -1 || thread == 0) {
1164 put_packet(s, "OK");
1165 break;
1166 }
1167 cpu = find_cpu(thread);
1168 if (cpu == NULL) {
1169 put_packet(s, "E22");
1170 break;
1171 }
1172 switch (type) {
1173 case 'c':
1174 s->c_cpu = cpu;
1175 put_packet(s, "OK");
1176 break;
1177 case 'g':
1178 s->g_cpu = cpu;
1179 put_packet(s, "OK");
1180 break;
1181 default:
1182 put_packet(s, "E22");
1183 break;
1184 }
1185 break;
1186 case 'T':
1187 thread = strtoull(p, (char **)&p, 16);
1188 cpu = find_cpu(thread);
1189
1190 if (cpu != NULL) {
1191 put_packet(s, "OK");
1192 } else {
1193 put_packet(s, "E22");
1194 }
1195 break;
1196 case 'q':
1197 case 'Q':
1198 /* parse any 'q' packets here */
1199 if (!strcmp(p,"qemu.sstepbits")) {
1200 /* Query Breakpoint bit definitions */
1201 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1202 SSTEP_ENABLE,
1203 SSTEP_NOIRQ,
1204 SSTEP_NOTIMER);
1205 put_packet(s, buf);
1206 break;
1207 } else if (is_query_packet(p, "qemu.sstep", '=')) {
1208 /* Display or change the sstep_flags */
1209 p += 10;
1210 if (*p != '=') {
1211 /* Display current setting */
1212 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1213 put_packet(s, buf);
1214 break;
1215 }
1216 p++;
1217 type = strtoul(p, (char **)&p, 16);
1218 sstep_flags = type;
1219 put_packet(s, "OK");
1220 break;
1221 } else if (strcmp(p,"C") == 0) {
1222 /* "Current thread" remains vague in the spec, so always return
1223 * the first CPU (gdb returns the first thread). */
1224 put_packet(s, "QC1");
1225 break;
1226 } else if (strcmp(p,"fThreadInfo") == 0) {
1227 s->query_cpu = first_cpu;
1228 goto report_cpuinfo;
1229 } else if (strcmp(p,"sThreadInfo") == 0) {
1230 report_cpuinfo:
1231 if (s->query_cpu) {
1232 snprintf(buf, sizeof(buf), "m%x", cpu_index(s->query_cpu));
1233 put_packet(s, buf);
1234 s->query_cpu = CPU_NEXT(s->query_cpu);
1235 } else
1236 put_packet(s, "l");
1237 break;
1238 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1239 thread = strtoull(p+16, (char **)&p, 16);
1240 cpu = find_cpu(thread);
1241 if (cpu != NULL) {
1242 cpu_synchronize_state(cpu);
1243 /* memtohex() doubles the required space */
1244 len = snprintf((char *)mem_buf, sizeof(buf) / 2,
1245 "CPU#%d [%s]", cpu->cpu_index,
1246 cpu->halted ? "halted " : "running");
1247 memtohex(buf, mem_buf, len);
1248 put_packet(s, buf);
1249 }
1250 break;
1251 }
1252 #ifdef CONFIG_USER_ONLY
1253 else if (strcmp(p, "Offsets") == 0) {
1254 TaskState *ts = s->c_cpu->opaque;
1255
1256 snprintf(buf, sizeof(buf),
1257 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1258 ";Bss=" TARGET_ABI_FMT_lx,
1259 ts->info->code_offset,
1260 ts->info->data_offset,
1261 ts->info->data_offset);
1262 put_packet(s, buf);
1263 break;
1264 }
1265 #else /* !CONFIG_USER_ONLY */
1266 else if (strncmp(p, "Rcmd,", 5) == 0) {
1267 int len = strlen(p + 5);
1268
1269 if ((len % 2) != 0) {
1270 put_packet(s, "E01");
1271 break;
1272 }
1273 len = len / 2;
1274 hextomem(mem_buf, p + 5, len);
1275 mem_buf[len++] = 0;
1276 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1277 put_packet(s, "OK");
1278 break;
1279 }
1280 #endif /* !CONFIG_USER_ONLY */
1281 if (is_query_packet(p, "Supported", ':')) {
1282 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1283 cc = CPU_GET_CLASS(first_cpu);
1284 if (cc->gdb_core_xml_file != NULL) {
1285 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1286 }
1287 put_packet(s, buf);
1288 break;
1289 }
1290 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1291 const char *xml;
1292 target_ulong total_len;
1293
1294 cc = CPU_GET_CLASS(first_cpu);
1295 if (cc->gdb_core_xml_file == NULL) {
1296 goto unknown_command;
1297 }
1298
1299 gdb_has_xml = true;
1300 p += 19;
1301 xml = get_feature_xml(p, &p, cc);
1302 if (!xml) {
1303 snprintf(buf, sizeof(buf), "E00");
1304 put_packet(s, buf);
1305 break;
1306 }
1307
1308 if (*p == ':')
1309 p++;
1310 addr = strtoul(p, (char **)&p, 16);
1311 if (*p == ',')
1312 p++;
1313 len = strtoul(p, (char **)&p, 16);
1314
1315 total_len = strlen(xml);
1316 if (addr > total_len) {
1317 snprintf(buf, sizeof(buf), "E00");
1318 put_packet(s, buf);
1319 break;
1320 }
1321 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1322 len = (MAX_PACKET_LENGTH - 5) / 2;
1323 if (len < total_len - addr) {
1324 buf[0] = 'm';
1325 len = memtox(buf + 1, xml + addr, len);
1326 } else {
1327 buf[0] = 'l';
1328 len = memtox(buf + 1, xml + addr, total_len - addr);
1329 }
1330 put_packet_binary(s, buf, len + 1);
1331 break;
1332 }
1333 if (is_query_packet(p, "Attached", ':')) {
1334 put_packet(s, GDB_ATTACHED);
1335 break;
1336 }
1337 /* Unrecognised 'q' command. */
1338 goto unknown_command;
1339
1340 default:
1341 unknown_command:
1342 /* put empty packet */
1343 buf[0] = '\0';
1344 put_packet(s, buf);
1345 break;
1346 }
1347 return RS_IDLE;
1348 }
1349
1350 void gdb_set_stop_cpu(CPUState *cpu)
1351 {
1352 gdbserver_state->c_cpu = cpu;
1353 gdbserver_state->g_cpu = cpu;
1354 }
1355
1356 #ifndef CONFIG_USER_ONLY
1357 static void gdb_vm_state_change(void *opaque, int running, RunState state)
1358 {
1359 GDBState *s = gdbserver_state;
1360 CPUState *cpu = s->c_cpu;
1361 char buf[256];
1362 const char *type;
1363 int ret;
1364
1365 if (running || s->state == RS_INACTIVE) {
1366 return;
1367 }
1368 /* Is there a GDB syscall waiting to be sent? */
1369 if (s->current_syscall_cb) {
1370 put_packet(s, s->syscall_buf);
1371 return;
1372 }
1373 switch (state) {
1374 case RUN_STATE_DEBUG:
1375 if (cpu->watchpoint_hit) {
1376 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
1377 case BP_MEM_READ:
1378 type = "r";
1379 break;
1380 case BP_MEM_ACCESS:
1381 type = "a";
1382 break;
1383 default:
1384 type = "";
1385 break;
1386 }
1387 snprintf(buf, sizeof(buf),
1388 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
1389 GDB_SIGNAL_TRAP, cpu_index(cpu), type,
1390 (target_ulong)cpu->watchpoint_hit->vaddr);
1391 cpu->watchpoint_hit = NULL;
1392 goto send_packet;
1393 }
1394 tb_flush(cpu);
1395 ret = GDB_SIGNAL_TRAP;
1396 break;
1397 case RUN_STATE_PAUSED:
1398 ret = GDB_SIGNAL_INT;
1399 break;
1400 case RUN_STATE_SHUTDOWN:
1401 ret = GDB_SIGNAL_QUIT;
1402 break;
1403 case RUN_STATE_IO_ERROR:
1404 ret = GDB_SIGNAL_IO;
1405 break;
1406 case RUN_STATE_WATCHDOG:
1407 ret = GDB_SIGNAL_ALRM;
1408 break;
1409 case RUN_STATE_INTERNAL_ERROR:
1410 ret = GDB_SIGNAL_ABRT;
1411 break;
1412 case RUN_STATE_SAVE_VM:
1413 case RUN_STATE_RESTORE_VM:
1414 return;
1415 case RUN_STATE_FINISH_MIGRATE:
1416 ret = GDB_SIGNAL_XCPU;
1417 break;
1418 default:
1419 ret = GDB_SIGNAL_UNKNOWN;
1420 break;
1421 }
1422 gdb_set_stop_cpu(cpu);
1423 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_index(cpu));
1424
1425 send_packet:
1426 put_packet(s, buf);
1427
1428 /* disable single step if it was enabled */
1429 cpu_single_step(cpu, 0);
1430 }
1431 #endif
1432
1433 /* Send a gdb syscall request.
1434 This accepts limited printf-style format specifiers, specifically:
1435 %x - target_ulong argument printed in hex.
1436 %lx - 64-bit argument printed in hex.
1437 %s - string pointer (target_ulong) and length (int) pair. */
1438 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
1439 {
1440 char *p;
1441 char *p_end;
1442 target_ulong addr;
1443 uint64_t i64;
1444 GDBState *s;
1445
1446 s = gdbserver_state;
1447 if (!s)
1448 return;
1449 s->current_syscall_cb = cb;
1450 #ifndef CONFIG_USER_ONLY
1451 vm_stop(RUN_STATE_DEBUG);
1452 #endif
1453 p = s->syscall_buf;
1454 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
1455 *(p++) = 'F';
1456 while (*fmt) {
1457 if (*fmt == '%') {
1458 fmt++;
1459 switch (*fmt++) {
1460 case 'x':
1461 addr = va_arg(va, target_ulong);
1462 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
1463 break;
1464 case 'l':
1465 if (*(fmt++) != 'x')
1466 goto bad_format;
1467 i64 = va_arg(va, uint64_t);
1468 p += snprintf(p, p_end - p, "%" PRIx64, i64);
1469 break;
1470 case 's':
1471 addr = va_arg(va, target_ulong);
1472 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
1473 addr, va_arg(va, int));
1474 break;
1475 default:
1476 bad_format:
1477 error_report("gdbstub: Bad syscall format string '%s'",
1478 fmt - 1);
1479 break;
1480 }
1481 } else {
1482 *(p++) = *(fmt++);
1483 }
1484 }
1485 *p = 0;
1486 #ifdef CONFIG_USER_ONLY
1487 put_packet(s, s->syscall_buf);
1488 gdb_handlesig(s->c_cpu, 0);
1489 #else
1490 /* In this case wait to send the syscall packet until notification that
1491 the CPU has stopped. This must be done because if the packet is sent
1492 now the reply from the syscall request could be received while the CPU
1493 is still in the running state, which can cause packets to be dropped
1494 and state transition 'T' packets to be sent while the syscall is still
1495 being processed. */
1496 qemu_cpu_kick(s->c_cpu);
1497 #endif
1498 }
1499
1500 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1501 {
1502 va_list va;
1503
1504 va_start(va, fmt);
1505 gdb_do_syscallv(cb, fmt, va);
1506 va_end(va);
1507 }
1508
1509 static void gdb_read_byte(GDBState *s, int ch)
1510 {
1511 int i, csum;
1512 uint8_t reply;
1513
1514 #ifndef CONFIG_USER_ONLY
1515 if (s->last_packet_len) {
1516 /* Waiting for a response to the last packet. If we see the start
1517 of a new command then abandon the previous response. */
1518 if (ch == '-') {
1519 #ifdef DEBUG_GDB
1520 printf("Got NACK, retransmitting\n");
1521 #endif
1522 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
1523 }
1524 #ifdef DEBUG_GDB
1525 else if (ch == '+')
1526 printf("Got ACK\n");
1527 else
1528 printf("Got '%c' when expecting ACK/NACK\n", ch);
1529 #endif
1530 if (ch == '+' || ch == '$')
1531 s->last_packet_len = 0;
1532 if (ch != '$')
1533 return;
1534 }
1535 if (runstate_is_running()) {
1536 /* when the CPU is running, we cannot do anything except stop
1537 it when receiving a char */
1538 vm_stop(RUN_STATE_PAUSED);
1539 } else
1540 #endif
1541 {
1542 switch(s->state) {
1543 case RS_IDLE:
1544 if (ch == '$') {
1545 s->line_buf_index = 0;
1546 s->state = RS_GETLINE;
1547 }
1548 break;
1549 case RS_GETLINE:
1550 if (ch == '#') {
1551 s->state = RS_CHKSUM1;
1552 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1553 s->state = RS_IDLE;
1554 } else {
1555 s->line_buf[s->line_buf_index++] = ch;
1556 }
1557 break;
1558 case RS_CHKSUM1:
1559 s->line_buf[s->line_buf_index] = '\0';
1560 s->line_csum = fromhex(ch) << 4;
1561 s->state = RS_CHKSUM2;
1562 break;
1563 case RS_CHKSUM2:
1564 s->line_csum |= fromhex(ch);
1565 csum = 0;
1566 for(i = 0; i < s->line_buf_index; i++) {
1567 csum += s->line_buf[i];
1568 }
1569 if (s->line_csum != (csum & 0xff)) {
1570 reply = '-';
1571 put_buffer(s, &reply, 1);
1572 s->state = RS_IDLE;
1573 } else {
1574 reply = '+';
1575 put_buffer(s, &reply, 1);
1576 s->state = gdb_handle_packet(s, s->line_buf);
1577 }
1578 break;
1579 default:
1580 abort();
1581 }
1582 }
1583 }
1584
1585 /* Tell the remote gdb that the process has exited. */
1586 void gdb_exit(CPUArchState *env, int code)
1587 {
1588 GDBState *s;
1589 char buf[4];
1590 #ifndef CONFIG_USER_ONLY
1591 Chardev *chr;
1592 #endif
1593
1594 s = gdbserver_state;
1595 if (!s) {
1596 return;
1597 }
1598 #ifdef CONFIG_USER_ONLY
1599 if (gdbserver_fd < 0 || s->fd < 0) {
1600 return;
1601 }
1602 #else
1603 chr = qemu_chr_fe_get_driver(&s->chr);
1604 if (!chr) {
1605 return;
1606 }
1607 #endif
1608
1609 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
1610 put_packet(s, buf);
1611
1612 #ifndef CONFIG_USER_ONLY
1613 qemu_chr_fe_deinit(&s->chr);
1614 qemu_chr_delete(chr);
1615 #endif
1616 }
1617
1618 #ifdef CONFIG_USER_ONLY
1619 int
1620 gdb_handlesig(CPUState *cpu, int sig)
1621 {
1622 GDBState *s;
1623 char buf[256];
1624 int n;
1625
1626 s = gdbserver_state;
1627 if (gdbserver_fd < 0 || s->fd < 0) {
1628 return sig;
1629 }
1630
1631 /* disable single step if it was enabled */
1632 cpu_single_step(cpu, 0);
1633 tb_flush(cpu);
1634
1635 if (sig != 0) {
1636 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
1637 put_packet(s, buf);
1638 }
1639 /* put_packet() might have detected that the peer terminated the
1640 connection. */
1641 if (s->fd < 0) {
1642 return sig;
1643 }
1644
1645 sig = 0;
1646 s->state = RS_IDLE;
1647 s->running_state = 0;
1648 while (s->running_state == 0) {
1649 n = read(s->fd, buf, 256);
1650 if (n > 0) {
1651 int i;
1652
1653 for (i = 0; i < n; i++) {
1654 gdb_read_byte(s, buf[i]);
1655 }
1656 } else {
1657 /* XXX: Connection closed. Should probably wait for another
1658 connection before continuing. */
1659 if (n == 0) {
1660 close(s->fd);
1661 }
1662 s->fd = -1;
1663 return sig;
1664 }
1665 }
1666 sig = s->signal;
1667 s->signal = 0;
1668 return sig;
1669 }
1670
1671 /* Tell the remote gdb that the process has exited due to SIG. */
1672 void gdb_signalled(CPUArchState *env, int sig)
1673 {
1674 GDBState *s;
1675 char buf[4];
1676
1677 s = gdbserver_state;
1678 if (gdbserver_fd < 0 || s->fd < 0) {
1679 return;
1680 }
1681
1682 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
1683 put_packet(s, buf);
1684 }
1685
1686 static void gdb_accept(void)
1687 {
1688 GDBState *s;
1689 struct sockaddr_in sockaddr;
1690 socklen_t len;
1691 int fd;
1692
1693 for(;;) {
1694 len = sizeof(sockaddr);
1695 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
1696 if (fd < 0 && errno != EINTR) {
1697 perror("accept");
1698 return;
1699 } else if (fd >= 0) {
1700 #ifndef _WIN32
1701 fcntl(fd, F_SETFD, FD_CLOEXEC);
1702 #endif
1703 break;
1704 }
1705 }
1706
1707 /* set short latency */
1708 socket_set_nodelay(fd);
1709
1710 s = g_malloc0(sizeof(GDBState));
1711 s->c_cpu = first_cpu;
1712 s->g_cpu = first_cpu;
1713 s->fd = fd;
1714 gdb_has_xml = false;
1715
1716 gdbserver_state = s;
1717 }
1718
1719 static int gdbserver_open(int port)
1720 {
1721 struct sockaddr_in sockaddr;
1722 int fd, ret;
1723
1724 fd = socket(PF_INET, SOCK_STREAM, 0);
1725 if (fd < 0) {
1726 perror("socket");
1727 return -1;
1728 }
1729 #ifndef _WIN32
1730 fcntl(fd, F_SETFD, FD_CLOEXEC);
1731 #endif
1732
1733 socket_set_fast_reuse(fd);
1734
1735 sockaddr.sin_family = AF_INET;
1736 sockaddr.sin_port = htons(port);
1737 sockaddr.sin_addr.s_addr = 0;
1738 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
1739 if (ret < 0) {
1740 perror("bind");
1741 close(fd);
1742 return -1;
1743 }
1744 ret = listen(fd, 1);
1745 if (ret < 0) {
1746 perror("listen");
1747 close(fd);
1748 return -1;
1749 }
1750 return fd;
1751 }
1752
1753 int gdbserver_start(int port)
1754 {
1755 gdbserver_fd = gdbserver_open(port);
1756 if (gdbserver_fd < 0)
1757 return -1;
1758 /* accept connections */
1759 gdb_accept();
1760 return 0;
1761 }
1762
1763 /* Disable gdb stub for child processes. */
1764 void gdbserver_fork(CPUState *cpu)
1765 {
1766 GDBState *s = gdbserver_state;
1767
1768 if (gdbserver_fd < 0 || s->fd < 0) {
1769 return;
1770 }
1771 close(s->fd);
1772 s->fd = -1;
1773 cpu_breakpoint_remove_all(cpu, BP_GDB);
1774 cpu_watchpoint_remove_all(cpu, BP_GDB);
1775 }
1776 #else
1777 static int gdb_chr_can_receive(void *opaque)
1778 {
1779 /* We can handle an arbitrarily large amount of data.
1780 Pick the maximum packet size, which is as good as anything. */
1781 return MAX_PACKET_LENGTH;
1782 }
1783
1784 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
1785 {
1786 int i;
1787
1788 for (i = 0; i < size; i++) {
1789 gdb_read_byte(gdbserver_state, buf[i]);
1790 }
1791 }
1792
1793 static void gdb_chr_event(void *opaque, int event)
1794 {
1795 switch (event) {
1796 case CHR_EVENT_OPENED:
1797 vm_stop(RUN_STATE_PAUSED);
1798 gdb_has_xml = false;
1799 break;
1800 default:
1801 break;
1802 }
1803 }
1804
1805 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
1806 {
1807 char buf[MAX_PACKET_LENGTH];
1808
1809 buf[0] = 'O';
1810 if (len > (MAX_PACKET_LENGTH/2) - 1)
1811 len = (MAX_PACKET_LENGTH/2) - 1;
1812 memtohex(buf + 1, (uint8_t *)msg, len);
1813 put_packet(s, buf);
1814 }
1815
1816 static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len)
1817 {
1818 const char *p = (const char *)buf;
1819 int max_sz;
1820
1821 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
1822 for (;;) {
1823 if (len <= max_sz) {
1824 gdb_monitor_output(gdbserver_state, p, len);
1825 break;
1826 }
1827 gdb_monitor_output(gdbserver_state, p, max_sz);
1828 p += max_sz;
1829 len -= max_sz;
1830 }
1831 return len;
1832 }
1833
1834 #ifndef _WIN32
1835 static void gdb_sigterm_handler(int signal)
1836 {
1837 if (runstate_is_running()) {
1838 vm_stop(RUN_STATE_PAUSED);
1839 }
1840 }
1841 #endif
1842
1843 static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend,
1844 bool *be_opened, Error **errp)
1845 {
1846 *be_opened = false;
1847 }
1848
1849 static void char_gdb_class_init(ObjectClass *oc, void *data)
1850 {
1851 ChardevClass *cc = CHARDEV_CLASS(oc);
1852
1853 cc->internal = true;
1854 cc->open = gdb_monitor_open;
1855 cc->chr_write = gdb_monitor_write;
1856 }
1857
1858 #define TYPE_CHARDEV_GDB "chardev-gdb"
1859
1860 static const TypeInfo char_gdb_type_info = {
1861 .name = TYPE_CHARDEV_GDB,
1862 .parent = TYPE_CHARDEV,
1863 .class_init = char_gdb_class_init,
1864 };
1865
1866 int gdbserver_start(const char *device)
1867 {
1868 GDBState *s;
1869 char gdbstub_device_name[128];
1870 Chardev *chr = NULL;
1871 Chardev *mon_chr;
1872
1873 if (!first_cpu) {
1874 error_report("gdbstub: meaningless to attach gdb to a "
1875 "machine without any CPU.");
1876 return -1;
1877 }
1878
1879 if (!device)
1880 return -1;
1881 if (strcmp(device, "none") != 0) {
1882 if (strstart(device, "tcp:", NULL)) {
1883 /* enforce required TCP attributes */
1884 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
1885 "%s,nowait,nodelay,server", device);
1886 device = gdbstub_device_name;
1887 }
1888 #ifndef _WIN32
1889 else if (strcmp(device, "stdio") == 0) {
1890 struct sigaction act;
1891
1892 memset(&act, 0, sizeof(act));
1893 act.sa_handler = gdb_sigterm_handler;
1894 sigaction(SIGINT, &act, NULL);
1895 }
1896 #endif
1897 chr = qemu_chr_new_noreplay("gdb", device);
1898 if (!chr)
1899 return -1;
1900 }
1901
1902 s = gdbserver_state;
1903 if (!s) {
1904 s = g_malloc0(sizeof(GDBState));
1905 gdbserver_state = s;
1906
1907 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
1908
1909 /* Initialize a monitor terminal for gdb */
1910 mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB,
1911 NULL, &error_abort);
1912 monitor_init(mon_chr, 0);
1913 } else {
1914 if (qemu_chr_fe_get_driver(&s->chr)) {
1915 qemu_chr_delete(qemu_chr_fe_get_driver(&s->chr));
1916 }
1917 mon_chr = s->mon_chr;
1918 memset(s, 0, sizeof(GDBState));
1919 s->mon_chr = mon_chr;
1920 }
1921 s->c_cpu = first_cpu;
1922 s->g_cpu = first_cpu;
1923 if (chr) {
1924 qemu_chr_fe_init(&s->chr, chr, &error_abort);
1925 qemu_chr_fe_set_handlers(&s->chr, gdb_chr_can_receive, gdb_chr_receive,
1926 gdb_chr_event, NULL, NULL, true);
1927 }
1928 s->state = chr ? RS_IDLE : RS_INACTIVE;
1929 s->mon_chr = mon_chr;
1930 s->current_syscall_cb = NULL;
1931
1932 return 0;
1933 }
1934
1935 static void register_types(void)
1936 {
1937 type_register_static(&char_gdb_type_info);
1938 }
1939
1940 type_init(register_types);
1941 #endif