scsi: pvscsi: check command descriptor ring buffer size (CVE-2016-4952)
[qemu.git] / gdbstub.c
1 /*
2 * gdb server stub
3 *
4 * Copyright (c) 2003-2005 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #include "qemu/cutils.h"
22 #include "cpu.h"
23 #ifdef CONFIG_USER_ONLY
24 #include "qemu.h"
25 #else
26 #include "monitor/monitor.h"
27 #include "sysemu/char.h"
28 #include "sysemu/sysemu.h"
29 #include "exec/gdbstub.h"
30 #endif
31
32 #define MAX_PACKET_LENGTH 4096
33
34 #include "cpu.h"
35 #include "qemu/sockets.h"
36 #include "sysemu/kvm.h"
37 #include "exec/semihost.h"
38 #include "exec/exec-all.h"
39
40 #ifdef CONFIG_USER_ONLY
41 #define GDB_ATTACHED "0"
42 #else
43 #define GDB_ATTACHED "1"
44 #endif
45
46 static inline int target_memory_rw_debug(CPUState *cpu, target_ulong addr,
47 uint8_t *buf, int len, bool is_write)
48 {
49 CPUClass *cc = CPU_GET_CLASS(cpu);
50
51 if (cc->memory_rw_debug) {
52 return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
53 }
54 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
55 }
56
57 enum {
58 GDB_SIGNAL_0 = 0,
59 GDB_SIGNAL_INT = 2,
60 GDB_SIGNAL_QUIT = 3,
61 GDB_SIGNAL_TRAP = 5,
62 GDB_SIGNAL_ABRT = 6,
63 GDB_SIGNAL_ALRM = 14,
64 GDB_SIGNAL_IO = 23,
65 GDB_SIGNAL_XCPU = 24,
66 GDB_SIGNAL_UNKNOWN = 143
67 };
68
69 #ifdef CONFIG_USER_ONLY
70
71 /* Map target signal numbers to GDB protocol signal numbers and vice
72 * versa. For user emulation's currently supported systems, we can
73 * assume most signals are defined.
74 */
75
76 static int gdb_signal_table[] = {
77 0,
78 TARGET_SIGHUP,
79 TARGET_SIGINT,
80 TARGET_SIGQUIT,
81 TARGET_SIGILL,
82 TARGET_SIGTRAP,
83 TARGET_SIGABRT,
84 -1, /* SIGEMT */
85 TARGET_SIGFPE,
86 TARGET_SIGKILL,
87 TARGET_SIGBUS,
88 TARGET_SIGSEGV,
89 TARGET_SIGSYS,
90 TARGET_SIGPIPE,
91 TARGET_SIGALRM,
92 TARGET_SIGTERM,
93 TARGET_SIGURG,
94 TARGET_SIGSTOP,
95 TARGET_SIGTSTP,
96 TARGET_SIGCONT,
97 TARGET_SIGCHLD,
98 TARGET_SIGTTIN,
99 TARGET_SIGTTOU,
100 TARGET_SIGIO,
101 TARGET_SIGXCPU,
102 TARGET_SIGXFSZ,
103 TARGET_SIGVTALRM,
104 TARGET_SIGPROF,
105 TARGET_SIGWINCH,
106 -1, /* SIGLOST */
107 TARGET_SIGUSR1,
108 TARGET_SIGUSR2,
109 #ifdef TARGET_SIGPWR
110 TARGET_SIGPWR,
111 #else
112 -1,
113 #endif
114 -1, /* SIGPOLL */
115 -1,
116 -1,
117 -1,
118 -1,
119 -1,
120 -1,
121 -1,
122 -1,
123 -1,
124 -1,
125 -1,
126 #ifdef __SIGRTMIN
127 __SIGRTMIN + 1,
128 __SIGRTMIN + 2,
129 __SIGRTMIN + 3,
130 __SIGRTMIN + 4,
131 __SIGRTMIN + 5,
132 __SIGRTMIN + 6,
133 __SIGRTMIN + 7,
134 __SIGRTMIN + 8,
135 __SIGRTMIN + 9,
136 __SIGRTMIN + 10,
137 __SIGRTMIN + 11,
138 __SIGRTMIN + 12,
139 __SIGRTMIN + 13,
140 __SIGRTMIN + 14,
141 __SIGRTMIN + 15,
142 __SIGRTMIN + 16,
143 __SIGRTMIN + 17,
144 __SIGRTMIN + 18,
145 __SIGRTMIN + 19,
146 __SIGRTMIN + 20,
147 __SIGRTMIN + 21,
148 __SIGRTMIN + 22,
149 __SIGRTMIN + 23,
150 __SIGRTMIN + 24,
151 __SIGRTMIN + 25,
152 __SIGRTMIN + 26,
153 __SIGRTMIN + 27,
154 __SIGRTMIN + 28,
155 __SIGRTMIN + 29,
156 __SIGRTMIN + 30,
157 __SIGRTMIN + 31,
158 -1, /* SIGCANCEL */
159 __SIGRTMIN,
160 __SIGRTMIN + 32,
161 __SIGRTMIN + 33,
162 __SIGRTMIN + 34,
163 __SIGRTMIN + 35,
164 __SIGRTMIN + 36,
165 __SIGRTMIN + 37,
166 __SIGRTMIN + 38,
167 __SIGRTMIN + 39,
168 __SIGRTMIN + 40,
169 __SIGRTMIN + 41,
170 __SIGRTMIN + 42,
171 __SIGRTMIN + 43,
172 __SIGRTMIN + 44,
173 __SIGRTMIN + 45,
174 __SIGRTMIN + 46,
175 __SIGRTMIN + 47,
176 __SIGRTMIN + 48,
177 __SIGRTMIN + 49,
178 __SIGRTMIN + 50,
179 __SIGRTMIN + 51,
180 __SIGRTMIN + 52,
181 __SIGRTMIN + 53,
182 __SIGRTMIN + 54,
183 __SIGRTMIN + 55,
184 __SIGRTMIN + 56,
185 __SIGRTMIN + 57,
186 __SIGRTMIN + 58,
187 __SIGRTMIN + 59,
188 __SIGRTMIN + 60,
189 __SIGRTMIN + 61,
190 __SIGRTMIN + 62,
191 __SIGRTMIN + 63,
192 __SIGRTMIN + 64,
193 __SIGRTMIN + 65,
194 __SIGRTMIN + 66,
195 __SIGRTMIN + 67,
196 __SIGRTMIN + 68,
197 __SIGRTMIN + 69,
198 __SIGRTMIN + 70,
199 __SIGRTMIN + 71,
200 __SIGRTMIN + 72,
201 __SIGRTMIN + 73,
202 __SIGRTMIN + 74,
203 __SIGRTMIN + 75,
204 __SIGRTMIN + 76,
205 __SIGRTMIN + 77,
206 __SIGRTMIN + 78,
207 __SIGRTMIN + 79,
208 __SIGRTMIN + 80,
209 __SIGRTMIN + 81,
210 __SIGRTMIN + 82,
211 __SIGRTMIN + 83,
212 __SIGRTMIN + 84,
213 __SIGRTMIN + 85,
214 __SIGRTMIN + 86,
215 __SIGRTMIN + 87,
216 __SIGRTMIN + 88,
217 __SIGRTMIN + 89,
218 __SIGRTMIN + 90,
219 __SIGRTMIN + 91,
220 __SIGRTMIN + 92,
221 __SIGRTMIN + 93,
222 __SIGRTMIN + 94,
223 __SIGRTMIN + 95,
224 -1, /* SIGINFO */
225 -1, /* UNKNOWN */
226 -1, /* DEFAULT */
227 -1,
228 -1,
229 -1,
230 -1,
231 -1,
232 -1
233 #endif
234 };
235 #else
236 /* In system mode we only need SIGINT and SIGTRAP; other signals
237 are not yet supported. */
238
239 enum {
240 TARGET_SIGINT = 2,
241 TARGET_SIGTRAP = 5
242 };
243
244 static int gdb_signal_table[] = {
245 -1,
246 -1,
247 TARGET_SIGINT,
248 -1,
249 -1,
250 TARGET_SIGTRAP
251 };
252 #endif
253
254 #ifdef CONFIG_USER_ONLY
255 static int target_signal_to_gdb (int sig)
256 {
257 int i;
258 for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
259 if (gdb_signal_table[i] == sig)
260 return i;
261 return GDB_SIGNAL_UNKNOWN;
262 }
263 #endif
264
265 static int gdb_signal_to_target (int sig)
266 {
267 if (sig < ARRAY_SIZE (gdb_signal_table))
268 return gdb_signal_table[sig];
269 else
270 return -1;
271 }
272
273 //#define DEBUG_GDB
274
275 typedef struct GDBRegisterState {
276 int base_reg;
277 int num_regs;
278 gdb_reg_cb get_reg;
279 gdb_reg_cb set_reg;
280 const char *xml;
281 struct GDBRegisterState *next;
282 } GDBRegisterState;
283
284 enum RSState {
285 RS_INACTIVE,
286 RS_IDLE,
287 RS_GETLINE,
288 RS_CHKSUM1,
289 RS_CHKSUM2,
290 };
291 typedef struct GDBState {
292 CPUState *c_cpu; /* current CPU for step/continue ops */
293 CPUState *g_cpu; /* current CPU for other ops */
294 CPUState *query_cpu; /* for q{f|s}ThreadInfo */
295 enum RSState state; /* parsing state */
296 char line_buf[MAX_PACKET_LENGTH];
297 int line_buf_index;
298 int line_csum;
299 uint8_t last_packet[MAX_PACKET_LENGTH + 4];
300 int last_packet_len;
301 int signal;
302 #ifdef CONFIG_USER_ONLY
303 int fd;
304 int running_state;
305 #else
306 CharDriverState *chr;
307 CharDriverState *mon_chr;
308 #endif
309 char syscall_buf[256];
310 gdb_syscall_complete_cb current_syscall_cb;
311 } GDBState;
312
313 /* By default use no IRQs and no timers while single stepping so as to
314 * make single stepping like an ICE HW step.
315 */
316 static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
317
318 static GDBState *gdbserver_state;
319
320 bool gdb_has_xml;
321
322 #ifdef CONFIG_USER_ONLY
323 /* XXX: This is not thread safe. Do we care? */
324 static int gdbserver_fd = -1;
325
326 static int get_char(GDBState *s)
327 {
328 uint8_t ch;
329 int ret;
330
331 for(;;) {
332 ret = qemu_recv(s->fd, &ch, 1, 0);
333 if (ret < 0) {
334 if (errno == ECONNRESET)
335 s->fd = -1;
336 if (errno != EINTR && errno != EAGAIN)
337 return -1;
338 } else if (ret == 0) {
339 close(s->fd);
340 s->fd = -1;
341 return -1;
342 } else {
343 break;
344 }
345 }
346 return ch;
347 }
348 #endif
349
350 static enum {
351 GDB_SYS_UNKNOWN,
352 GDB_SYS_ENABLED,
353 GDB_SYS_DISABLED,
354 } gdb_syscall_mode;
355
356 /* Decide if either remote gdb syscalls or native file IO should be used. */
357 int use_gdb_syscalls(void)
358 {
359 SemihostingTarget target = semihosting_get_target();
360 if (target == SEMIHOSTING_TARGET_NATIVE) {
361 /* -semihosting-config target=native */
362 return false;
363 } else if (target == SEMIHOSTING_TARGET_GDB) {
364 /* -semihosting-config target=gdb */
365 return true;
366 }
367
368 /* -semihosting-config target=auto */
369 /* On the first call check if gdb is connected and remember. */
370 if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
371 gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
372 : GDB_SYS_DISABLED);
373 }
374 return gdb_syscall_mode == GDB_SYS_ENABLED;
375 }
376
377 /* Resume execution. */
378 static inline void gdb_continue(GDBState *s)
379 {
380 #ifdef CONFIG_USER_ONLY
381 s->running_state = 1;
382 #else
383 if (!runstate_needs_reset()) {
384 vm_start();
385 }
386 #endif
387 }
388
389 static void put_buffer(GDBState *s, const uint8_t *buf, int len)
390 {
391 #ifdef CONFIG_USER_ONLY
392 int ret;
393
394 while (len > 0) {
395 ret = send(s->fd, buf, len, 0);
396 if (ret < 0) {
397 if (errno != EINTR && errno != EAGAIN)
398 return;
399 } else {
400 buf += ret;
401 len -= ret;
402 }
403 }
404 #else
405 qemu_chr_fe_write(s->chr, buf, len);
406 #endif
407 }
408
409 static inline int fromhex(int v)
410 {
411 if (v >= '0' && v <= '9')
412 return v - '0';
413 else if (v >= 'A' && v <= 'F')
414 return v - 'A' + 10;
415 else if (v >= 'a' && v <= 'f')
416 return v - 'a' + 10;
417 else
418 return 0;
419 }
420
421 static inline int tohex(int v)
422 {
423 if (v < 10)
424 return v + '0';
425 else
426 return v - 10 + 'a';
427 }
428
429 static void memtohex(char *buf, const uint8_t *mem, int len)
430 {
431 int i, c;
432 char *q;
433 q = buf;
434 for(i = 0; i < len; i++) {
435 c = mem[i];
436 *q++ = tohex(c >> 4);
437 *q++ = tohex(c & 0xf);
438 }
439 *q = '\0';
440 }
441
442 static void hextomem(uint8_t *mem, const char *buf, int len)
443 {
444 int i;
445
446 for(i = 0; i < len; i++) {
447 mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
448 buf += 2;
449 }
450 }
451
452 /* return -1 if error, 0 if OK */
453 static int put_packet_binary(GDBState *s, const char *buf, int len)
454 {
455 int csum, i;
456 uint8_t *p;
457
458 for(;;) {
459 p = s->last_packet;
460 *(p++) = '$';
461 memcpy(p, buf, len);
462 p += len;
463 csum = 0;
464 for(i = 0; i < len; i++) {
465 csum += buf[i];
466 }
467 *(p++) = '#';
468 *(p++) = tohex((csum >> 4) & 0xf);
469 *(p++) = tohex((csum) & 0xf);
470
471 s->last_packet_len = p - s->last_packet;
472 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
473
474 #ifdef CONFIG_USER_ONLY
475 i = get_char(s);
476 if (i < 0)
477 return -1;
478 if (i == '+')
479 break;
480 #else
481 break;
482 #endif
483 }
484 return 0;
485 }
486
487 /* return -1 if error, 0 if OK */
488 static int put_packet(GDBState *s, const char *buf)
489 {
490 #ifdef DEBUG_GDB
491 printf("reply='%s'\n", buf);
492 #endif
493
494 return put_packet_binary(s, buf, strlen(buf));
495 }
496
497 /* Encode data using the encoding for 'x' packets. */
498 static int memtox(char *buf, const char *mem, int len)
499 {
500 char *p = buf;
501 char c;
502
503 while (len--) {
504 c = *(mem++);
505 switch (c) {
506 case '#': case '$': case '*': case '}':
507 *(p++) = '}';
508 *(p++) = c ^ 0x20;
509 break;
510 default:
511 *(p++) = c;
512 break;
513 }
514 }
515 return p - buf;
516 }
517
518 static const char *get_feature_xml(const char *p, const char **newp,
519 CPUClass *cc)
520 {
521 size_t len;
522 int i;
523 const char *name;
524 static char target_xml[1024];
525
526 len = 0;
527 while (p[len] && p[len] != ':')
528 len++;
529 *newp = p + len;
530
531 name = NULL;
532 if (strncmp(p, "target.xml", len) == 0) {
533 /* Generate the XML description for this CPU. */
534 if (!target_xml[0]) {
535 GDBRegisterState *r;
536 CPUState *cpu = first_cpu;
537
538 pstrcat(target_xml, sizeof(target_xml),
539 "<?xml version=\"1.0\"?>"
540 "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
541 "<target>");
542 if (cc->gdb_arch_name) {
543 gchar *arch = cc->gdb_arch_name(cpu);
544 pstrcat(target_xml, sizeof(target_xml), "<architecture>");
545 pstrcat(target_xml, sizeof(target_xml), arch);
546 pstrcat(target_xml, sizeof(target_xml), "</architecture>");
547 g_free(arch);
548 }
549 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
550 pstrcat(target_xml, sizeof(target_xml), cc->gdb_core_xml_file);
551 pstrcat(target_xml, sizeof(target_xml), "\"/>");
552 for (r = cpu->gdb_regs; r; r = r->next) {
553 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
554 pstrcat(target_xml, sizeof(target_xml), r->xml);
555 pstrcat(target_xml, sizeof(target_xml), "\"/>");
556 }
557 pstrcat(target_xml, sizeof(target_xml), "</target>");
558 }
559 return target_xml;
560 }
561 for (i = 0; ; i++) {
562 name = xml_builtin[i][0];
563 if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
564 break;
565 }
566 return name ? xml_builtin[i][1] : NULL;
567 }
568
569 static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg)
570 {
571 CPUClass *cc = CPU_GET_CLASS(cpu);
572 CPUArchState *env = cpu->env_ptr;
573 GDBRegisterState *r;
574
575 if (reg < cc->gdb_num_core_regs) {
576 return cc->gdb_read_register(cpu, mem_buf, reg);
577 }
578
579 for (r = cpu->gdb_regs; r; r = r->next) {
580 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
581 return r->get_reg(env, mem_buf, reg - r->base_reg);
582 }
583 }
584 return 0;
585 }
586
587 static int gdb_write_register(CPUState *cpu, uint8_t *mem_buf, int reg)
588 {
589 CPUClass *cc = CPU_GET_CLASS(cpu);
590 CPUArchState *env = cpu->env_ptr;
591 GDBRegisterState *r;
592
593 if (reg < cc->gdb_num_core_regs) {
594 return cc->gdb_write_register(cpu, mem_buf, reg);
595 }
596
597 for (r = cpu->gdb_regs; r; r = r->next) {
598 if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
599 return r->set_reg(env, mem_buf, reg - r->base_reg);
600 }
601 }
602 return 0;
603 }
604
605 /* Register a supplemental set of CPU registers. If g_pos is nonzero it
606 specifies the first register number and these registers are included in
607 a standard "g" packet. Direction is relative to gdb, i.e. get_reg is
608 gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
609 */
610
611 void gdb_register_coprocessor(CPUState *cpu,
612 gdb_reg_cb get_reg, gdb_reg_cb set_reg,
613 int num_regs, const char *xml, int g_pos)
614 {
615 GDBRegisterState *s;
616 GDBRegisterState **p;
617
618 p = &cpu->gdb_regs;
619 while (*p) {
620 /* Check for duplicates. */
621 if (strcmp((*p)->xml, xml) == 0)
622 return;
623 p = &(*p)->next;
624 }
625
626 s = g_new0(GDBRegisterState, 1);
627 s->base_reg = cpu->gdb_num_regs;
628 s->num_regs = num_regs;
629 s->get_reg = get_reg;
630 s->set_reg = set_reg;
631 s->xml = xml;
632
633 /* Add to end of list. */
634 cpu->gdb_num_regs += num_regs;
635 *p = s;
636 if (g_pos) {
637 if (g_pos != s->base_reg) {
638 fprintf(stderr, "Error: Bad gdb register numbering for '%s'\n"
639 "Expected %d got %d\n", xml, g_pos, s->base_reg);
640 } else {
641 cpu->gdb_num_g_regs = cpu->gdb_num_regs;
642 }
643 }
644 }
645
646 #ifndef CONFIG_USER_ONLY
647 /* Translate GDB watchpoint type to a flags value for cpu_watchpoint_* */
648 static inline int xlat_gdb_type(CPUState *cpu, int gdbtype)
649 {
650 static const int xlat[] = {
651 [GDB_WATCHPOINT_WRITE] = BP_GDB | BP_MEM_WRITE,
652 [GDB_WATCHPOINT_READ] = BP_GDB | BP_MEM_READ,
653 [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
654 };
655
656 CPUClass *cc = CPU_GET_CLASS(cpu);
657 int cputype = xlat[gdbtype];
658
659 if (cc->gdb_stop_before_watchpoint) {
660 cputype |= BP_STOP_BEFORE_ACCESS;
661 }
662 return cputype;
663 }
664 #endif
665
666 static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
667 {
668 CPUState *cpu;
669 int err = 0;
670
671 if (kvm_enabled()) {
672 return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
673 }
674
675 switch (type) {
676 case GDB_BREAKPOINT_SW:
677 case GDB_BREAKPOINT_HW:
678 CPU_FOREACH(cpu) {
679 err = cpu_breakpoint_insert(cpu, addr, BP_GDB, NULL);
680 if (err) {
681 break;
682 }
683 }
684 return err;
685 #ifndef CONFIG_USER_ONLY
686 case GDB_WATCHPOINT_WRITE:
687 case GDB_WATCHPOINT_READ:
688 case GDB_WATCHPOINT_ACCESS:
689 CPU_FOREACH(cpu) {
690 err = cpu_watchpoint_insert(cpu, addr, len,
691 xlat_gdb_type(cpu, type), NULL);
692 if (err) {
693 break;
694 }
695 }
696 return err;
697 #endif
698 default:
699 return -ENOSYS;
700 }
701 }
702
703 static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
704 {
705 CPUState *cpu;
706 int err = 0;
707
708 if (kvm_enabled()) {
709 return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
710 }
711
712 switch (type) {
713 case GDB_BREAKPOINT_SW:
714 case GDB_BREAKPOINT_HW:
715 CPU_FOREACH(cpu) {
716 err = cpu_breakpoint_remove(cpu, addr, BP_GDB);
717 if (err) {
718 break;
719 }
720 }
721 return err;
722 #ifndef CONFIG_USER_ONLY
723 case GDB_WATCHPOINT_WRITE:
724 case GDB_WATCHPOINT_READ:
725 case GDB_WATCHPOINT_ACCESS:
726 CPU_FOREACH(cpu) {
727 err = cpu_watchpoint_remove(cpu, addr, len,
728 xlat_gdb_type(cpu, type));
729 if (err)
730 break;
731 }
732 return err;
733 #endif
734 default:
735 return -ENOSYS;
736 }
737 }
738
739 static void gdb_breakpoint_remove_all(void)
740 {
741 CPUState *cpu;
742
743 if (kvm_enabled()) {
744 kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
745 return;
746 }
747
748 CPU_FOREACH(cpu) {
749 cpu_breakpoint_remove_all(cpu, BP_GDB);
750 #ifndef CONFIG_USER_ONLY
751 cpu_watchpoint_remove_all(cpu, BP_GDB);
752 #endif
753 }
754 }
755
756 static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
757 {
758 CPUState *cpu = s->c_cpu;
759
760 cpu_synchronize_state(cpu);
761 cpu_set_pc(cpu, pc);
762 }
763
764 static CPUState *find_cpu(uint32_t thread_id)
765 {
766 CPUState *cpu;
767
768 CPU_FOREACH(cpu) {
769 if (cpu_index(cpu) == thread_id) {
770 return cpu;
771 }
772 }
773
774 return NULL;
775 }
776
777 static int is_query_packet(const char *p, const char *query, char separator)
778 {
779 unsigned int query_len = strlen(query);
780
781 return strncmp(p, query, query_len) == 0 &&
782 (p[query_len] == '\0' || p[query_len] == separator);
783 }
784
785 static int gdb_handle_packet(GDBState *s, const char *line_buf)
786 {
787 CPUState *cpu;
788 CPUClass *cc;
789 const char *p;
790 uint32_t thread;
791 int ch, reg_size, type, res;
792 char buf[MAX_PACKET_LENGTH];
793 uint8_t mem_buf[MAX_PACKET_LENGTH];
794 uint8_t *registers;
795 target_ulong addr, len;
796
797 #ifdef DEBUG_GDB
798 printf("command='%s'\n", line_buf);
799 #endif
800 p = line_buf;
801 ch = *p++;
802 switch(ch) {
803 case '?':
804 /* TODO: Make this return the correct value for user-mode. */
805 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
806 cpu_index(s->c_cpu));
807 put_packet(s, buf);
808 /* Remove all the breakpoints when this query is issued,
809 * because gdb is doing and initial connect and the state
810 * should be cleaned up.
811 */
812 gdb_breakpoint_remove_all();
813 break;
814 case 'c':
815 if (*p != '\0') {
816 addr = strtoull(p, (char **)&p, 16);
817 gdb_set_cpu_pc(s, addr);
818 }
819 s->signal = 0;
820 gdb_continue(s);
821 return RS_IDLE;
822 case 'C':
823 s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
824 if (s->signal == -1)
825 s->signal = 0;
826 gdb_continue(s);
827 return RS_IDLE;
828 case 'v':
829 if (strncmp(p, "Cont", 4) == 0) {
830 int res_signal, res_thread;
831
832 p += 4;
833 if (*p == '?') {
834 put_packet(s, "vCont;c;C;s;S");
835 break;
836 }
837 res = 0;
838 res_signal = 0;
839 res_thread = 0;
840 while (*p) {
841 int action, signal;
842
843 if (*p++ != ';') {
844 res = 0;
845 break;
846 }
847 action = *p++;
848 signal = 0;
849 if (action == 'C' || action == 'S') {
850 signal = gdb_signal_to_target(strtoul(p, (char **)&p, 16));
851 if (signal == -1) {
852 signal = 0;
853 }
854 } else if (action != 'c' && action != 's') {
855 res = 0;
856 break;
857 }
858 thread = 0;
859 if (*p == ':') {
860 thread = strtoull(p+1, (char **)&p, 16);
861 }
862 action = tolower(action);
863 if (res == 0 || (res == 'c' && action == 's')) {
864 res = action;
865 res_signal = signal;
866 res_thread = thread;
867 }
868 }
869 if (res) {
870 if (res_thread != -1 && res_thread != 0) {
871 cpu = find_cpu(res_thread);
872 if (cpu == NULL) {
873 put_packet(s, "E22");
874 break;
875 }
876 s->c_cpu = cpu;
877 }
878 if (res == 's') {
879 cpu_single_step(s->c_cpu, sstep_flags);
880 }
881 s->signal = res_signal;
882 gdb_continue(s);
883 return RS_IDLE;
884 }
885 break;
886 } else {
887 goto unknown_command;
888 }
889 case 'k':
890 /* Kill the target */
891 fprintf(stderr, "\nQEMU: Terminated via GDBstub\n");
892 exit(0);
893 case 'D':
894 /* Detach packet */
895 gdb_breakpoint_remove_all();
896 gdb_syscall_mode = GDB_SYS_DISABLED;
897 gdb_continue(s);
898 put_packet(s, "OK");
899 break;
900 case 's':
901 if (*p != '\0') {
902 addr = strtoull(p, (char **)&p, 16);
903 gdb_set_cpu_pc(s, addr);
904 }
905 cpu_single_step(s->c_cpu, sstep_flags);
906 gdb_continue(s);
907 return RS_IDLE;
908 case 'F':
909 {
910 target_ulong ret;
911 target_ulong err;
912
913 ret = strtoull(p, (char **)&p, 16);
914 if (*p == ',') {
915 p++;
916 err = strtoull(p, (char **)&p, 16);
917 } else {
918 err = 0;
919 }
920 if (*p == ',')
921 p++;
922 type = *p;
923 if (s->current_syscall_cb) {
924 s->current_syscall_cb(s->c_cpu, ret, err);
925 s->current_syscall_cb = NULL;
926 }
927 if (type == 'C') {
928 put_packet(s, "T02");
929 } else {
930 gdb_continue(s);
931 }
932 }
933 break;
934 case 'g':
935 cpu_synchronize_state(s->g_cpu);
936 len = 0;
937 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs; addr++) {
938 reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
939 len += reg_size;
940 }
941 memtohex(buf, mem_buf, len);
942 put_packet(s, buf);
943 break;
944 case 'G':
945 cpu_synchronize_state(s->g_cpu);
946 registers = mem_buf;
947 len = strlen(p) / 2;
948 hextomem((uint8_t *)registers, p, len);
949 for (addr = 0; addr < s->g_cpu->gdb_num_g_regs && len > 0; addr++) {
950 reg_size = gdb_write_register(s->g_cpu, registers, addr);
951 len -= reg_size;
952 registers += reg_size;
953 }
954 put_packet(s, "OK");
955 break;
956 case 'm':
957 addr = strtoull(p, (char **)&p, 16);
958 if (*p == ',')
959 p++;
960 len = strtoull(p, NULL, 16);
961
962 /* memtohex() doubles the required space */
963 if (len > MAX_PACKET_LENGTH / 2) {
964 put_packet (s, "E22");
965 break;
966 }
967
968 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, false) != 0) {
969 put_packet (s, "E14");
970 } else {
971 memtohex(buf, mem_buf, len);
972 put_packet(s, buf);
973 }
974 break;
975 case 'M':
976 addr = strtoull(p, (char **)&p, 16);
977 if (*p == ',')
978 p++;
979 len = strtoull(p, (char **)&p, 16);
980 if (*p == ':')
981 p++;
982
983 /* hextomem() reads 2*len bytes */
984 if (len > strlen(p) / 2) {
985 put_packet (s, "E22");
986 break;
987 }
988 hextomem(mem_buf, p, len);
989 if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len,
990 true) != 0) {
991 put_packet(s, "E14");
992 } else {
993 put_packet(s, "OK");
994 }
995 break;
996 case 'p':
997 /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
998 This works, but can be very slow. Anything new enough to
999 understand XML also knows how to use this properly. */
1000 if (!gdb_has_xml)
1001 goto unknown_command;
1002 addr = strtoull(p, (char **)&p, 16);
1003 reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1004 if (reg_size) {
1005 memtohex(buf, mem_buf, reg_size);
1006 put_packet(s, buf);
1007 } else {
1008 put_packet(s, "E14");
1009 }
1010 break;
1011 case 'P':
1012 if (!gdb_has_xml)
1013 goto unknown_command;
1014 addr = strtoull(p, (char **)&p, 16);
1015 if (*p == '=')
1016 p++;
1017 reg_size = strlen(p) / 2;
1018 hextomem(mem_buf, p, reg_size);
1019 gdb_write_register(s->g_cpu, mem_buf, addr);
1020 put_packet(s, "OK");
1021 break;
1022 case 'Z':
1023 case 'z':
1024 type = strtoul(p, (char **)&p, 16);
1025 if (*p == ',')
1026 p++;
1027 addr = strtoull(p, (char **)&p, 16);
1028 if (*p == ',')
1029 p++;
1030 len = strtoull(p, (char **)&p, 16);
1031 if (ch == 'Z')
1032 res = gdb_breakpoint_insert(addr, len, type);
1033 else
1034 res = gdb_breakpoint_remove(addr, len, type);
1035 if (res >= 0)
1036 put_packet(s, "OK");
1037 else if (res == -ENOSYS)
1038 put_packet(s, "");
1039 else
1040 put_packet(s, "E22");
1041 break;
1042 case 'H':
1043 type = *p++;
1044 thread = strtoull(p, (char **)&p, 16);
1045 if (thread == -1 || thread == 0) {
1046 put_packet(s, "OK");
1047 break;
1048 }
1049 cpu = find_cpu(thread);
1050 if (cpu == NULL) {
1051 put_packet(s, "E22");
1052 break;
1053 }
1054 switch (type) {
1055 case 'c':
1056 s->c_cpu = cpu;
1057 put_packet(s, "OK");
1058 break;
1059 case 'g':
1060 s->g_cpu = cpu;
1061 put_packet(s, "OK");
1062 break;
1063 default:
1064 put_packet(s, "E22");
1065 break;
1066 }
1067 break;
1068 case 'T':
1069 thread = strtoull(p, (char **)&p, 16);
1070 cpu = find_cpu(thread);
1071
1072 if (cpu != NULL) {
1073 put_packet(s, "OK");
1074 } else {
1075 put_packet(s, "E22");
1076 }
1077 break;
1078 case 'q':
1079 case 'Q':
1080 /* parse any 'q' packets here */
1081 if (!strcmp(p,"qemu.sstepbits")) {
1082 /* Query Breakpoint bit definitions */
1083 snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1084 SSTEP_ENABLE,
1085 SSTEP_NOIRQ,
1086 SSTEP_NOTIMER);
1087 put_packet(s, buf);
1088 break;
1089 } else if (is_query_packet(p, "qemu.sstep", '=')) {
1090 /* Display or change the sstep_flags */
1091 p += 10;
1092 if (*p != '=') {
1093 /* Display current setting */
1094 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1095 put_packet(s, buf);
1096 break;
1097 }
1098 p++;
1099 type = strtoul(p, (char **)&p, 16);
1100 sstep_flags = type;
1101 put_packet(s, "OK");
1102 break;
1103 } else if (strcmp(p,"C") == 0) {
1104 /* "Current thread" remains vague in the spec, so always return
1105 * the first CPU (gdb returns the first thread). */
1106 put_packet(s, "QC1");
1107 break;
1108 } else if (strcmp(p,"fThreadInfo") == 0) {
1109 s->query_cpu = first_cpu;
1110 goto report_cpuinfo;
1111 } else if (strcmp(p,"sThreadInfo") == 0) {
1112 report_cpuinfo:
1113 if (s->query_cpu) {
1114 snprintf(buf, sizeof(buf), "m%x", cpu_index(s->query_cpu));
1115 put_packet(s, buf);
1116 s->query_cpu = CPU_NEXT(s->query_cpu);
1117 } else
1118 put_packet(s, "l");
1119 break;
1120 } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1121 thread = strtoull(p+16, (char **)&p, 16);
1122 cpu = find_cpu(thread);
1123 if (cpu != NULL) {
1124 cpu_synchronize_state(cpu);
1125 /* memtohex() doubles the required space */
1126 len = snprintf((char *)mem_buf, sizeof(buf) / 2,
1127 "CPU#%d [%s]", cpu->cpu_index,
1128 cpu->halted ? "halted " : "running");
1129 memtohex(buf, mem_buf, len);
1130 put_packet(s, buf);
1131 }
1132 break;
1133 }
1134 #ifdef CONFIG_USER_ONLY
1135 else if (strcmp(p, "Offsets") == 0) {
1136 TaskState *ts = s->c_cpu->opaque;
1137
1138 snprintf(buf, sizeof(buf),
1139 "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1140 ";Bss=" TARGET_ABI_FMT_lx,
1141 ts->info->code_offset,
1142 ts->info->data_offset,
1143 ts->info->data_offset);
1144 put_packet(s, buf);
1145 break;
1146 }
1147 #else /* !CONFIG_USER_ONLY */
1148 else if (strncmp(p, "Rcmd,", 5) == 0) {
1149 int len = strlen(p + 5);
1150
1151 if ((len % 2) != 0) {
1152 put_packet(s, "E01");
1153 break;
1154 }
1155 len = len / 2;
1156 hextomem(mem_buf, p + 5, len);
1157 mem_buf[len++] = 0;
1158 qemu_chr_be_write(s->mon_chr, mem_buf, len);
1159 put_packet(s, "OK");
1160 break;
1161 }
1162 #endif /* !CONFIG_USER_ONLY */
1163 if (is_query_packet(p, "Supported", ':')) {
1164 snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1165 cc = CPU_GET_CLASS(first_cpu);
1166 if (cc->gdb_core_xml_file != NULL) {
1167 pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
1168 }
1169 put_packet(s, buf);
1170 break;
1171 }
1172 if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1173 const char *xml;
1174 target_ulong total_len;
1175
1176 cc = CPU_GET_CLASS(first_cpu);
1177 if (cc->gdb_core_xml_file == NULL) {
1178 goto unknown_command;
1179 }
1180
1181 gdb_has_xml = true;
1182 p += 19;
1183 xml = get_feature_xml(p, &p, cc);
1184 if (!xml) {
1185 snprintf(buf, sizeof(buf), "E00");
1186 put_packet(s, buf);
1187 break;
1188 }
1189
1190 if (*p == ':')
1191 p++;
1192 addr = strtoul(p, (char **)&p, 16);
1193 if (*p == ',')
1194 p++;
1195 len = strtoul(p, (char **)&p, 16);
1196
1197 total_len = strlen(xml);
1198 if (addr > total_len) {
1199 snprintf(buf, sizeof(buf), "E00");
1200 put_packet(s, buf);
1201 break;
1202 }
1203 if (len > (MAX_PACKET_LENGTH - 5) / 2)
1204 len = (MAX_PACKET_LENGTH - 5) / 2;
1205 if (len < total_len - addr) {
1206 buf[0] = 'm';
1207 len = memtox(buf + 1, xml + addr, len);
1208 } else {
1209 buf[0] = 'l';
1210 len = memtox(buf + 1, xml + addr, total_len - addr);
1211 }
1212 put_packet_binary(s, buf, len + 1);
1213 break;
1214 }
1215 if (is_query_packet(p, "Attached", ':')) {
1216 put_packet(s, GDB_ATTACHED);
1217 break;
1218 }
1219 /* Unrecognised 'q' command. */
1220 goto unknown_command;
1221
1222 default:
1223 unknown_command:
1224 /* put empty packet */
1225 buf[0] = '\0';
1226 put_packet(s, buf);
1227 break;
1228 }
1229 return RS_IDLE;
1230 }
1231
1232 void gdb_set_stop_cpu(CPUState *cpu)
1233 {
1234 gdbserver_state->c_cpu = cpu;
1235 gdbserver_state->g_cpu = cpu;
1236 }
1237
1238 #ifndef CONFIG_USER_ONLY
1239 static void gdb_vm_state_change(void *opaque, int running, RunState state)
1240 {
1241 GDBState *s = gdbserver_state;
1242 CPUState *cpu = s->c_cpu;
1243 char buf[256];
1244 const char *type;
1245 int ret;
1246
1247 if (running || s->state == RS_INACTIVE) {
1248 return;
1249 }
1250 /* Is there a GDB syscall waiting to be sent? */
1251 if (s->current_syscall_cb) {
1252 put_packet(s, s->syscall_buf);
1253 return;
1254 }
1255 switch (state) {
1256 case RUN_STATE_DEBUG:
1257 if (cpu->watchpoint_hit) {
1258 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
1259 case BP_MEM_READ:
1260 type = "r";
1261 break;
1262 case BP_MEM_ACCESS:
1263 type = "a";
1264 break;
1265 default:
1266 type = "";
1267 break;
1268 }
1269 snprintf(buf, sizeof(buf),
1270 "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
1271 GDB_SIGNAL_TRAP, cpu_index(cpu), type,
1272 (target_ulong)cpu->watchpoint_hit->vaddr);
1273 cpu->watchpoint_hit = NULL;
1274 goto send_packet;
1275 }
1276 tb_flush(cpu);
1277 ret = GDB_SIGNAL_TRAP;
1278 break;
1279 case RUN_STATE_PAUSED:
1280 ret = GDB_SIGNAL_INT;
1281 break;
1282 case RUN_STATE_SHUTDOWN:
1283 ret = GDB_SIGNAL_QUIT;
1284 break;
1285 case RUN_STATE_IO_ERROR:
1286 ret = GDB_SIGNAL_IO;
1287 break;
1288 case RUN_STATE_WATCHDOG:
1289 ret = GDB_SIGNAL_ALRM;
1290 break;
1291 case RUN_STATE_INTERNAL_ERROR:
1292 ret = GDB_SIGNAL_ABRT;
1293 break;
1294 case RUN_STATE_SAVE_VM:
1295 case RUN_STATE_RESTORE_VM:
1296 return;
1297 case RUN_STATE_FINISH_MIGRATE:
1298 ret = GDB_SIGNAL_XCPU;
1299 break;
1300 default:
1301 ret = GDB_SIGNAL_UNKNOWN;
1302 break;
1303 }
1304 gdb_set_stop_cpu(cpu);
1305 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_index(cpu));
1306
1307 send_packet:
1308 put_packet(s, buf);
1309
1310 /* disable single step if it was enabled */
1311 cpu_single_step(cpu, 0);
1312 }
1313 #endif
1314
1315 /* Send a gdb syscall request.
1316 This accepts limited printf-style format specifiers, specifically:
1317 %x - target_ulong argument printed in hex.
1318 %lx - 64-bit argument printed in hex.
1319 %s - string pointer (target_ulong) and length (int) pair. */
1320 void gdb_do_syscallv(gdb_syscall_complete_cb cb, const char *fmt, va_list va)
1321 {
1322 char *p;
1323 char *p_end;
1324 target_ulong addr;
1325 uint64_t i64;
1326 GDBState *s;
1327
1328 s = gdbserver_state;
1329 if (!s)
1330 return;
1331 s->current_syscall_cb = cb;
1332 #ifndef CONFIG_USER_ONLY
1333 vm_stop(RUN_STATE_DEBUG);
1334 #endif
1335 p = s->syscall_buf;
1336 p_end = &s->syscall_buf[sizeof(s->syscall_buf)];
1337 *(p++) = 'F';
1338 while (*fmt) {
1339 if (*fmt == '%') {
1340 fmt++;
1341 switch (*fmt++) {
1342 case 'x':
1343 addr = va_arg(va, target_ulong);
1344 p += snprintf(p, p_end - p, TARGET_FMT_lx, addr);
1345 break;
1346 case 'l':
1347 if (*(fmt++) != 'x')
1348 goto bad_format;
1349 i64 = va_arg(va, uint64_t);
1350 p += snprintf(p, p_end - p, "%" PRIx64, i64);
1351 break;
1352 case 's':
1353 addr = va_arg(va, target_ulong);
1354 p += snprintf(p, p_end - p, TARGET_FMT_lx "/%x",
1355 addr, va_arg(va, int));
1356 break;
1357 default:
1358 bad_format:
1359 fprintf(stderr, "gdbstub: Bad syscall format string '%s'\n",
1360 fmt - 1);
1361 break;
1362 }
1363 } else {
1364 *(p++) = *(fmt++);
1365 }
1366 }
1367 *p = 0;
1368 #ifdef CONFIG_USER_ONLY
1369 put_packet(s, s->syscall_buf);
1370 gdb_handlesig(s->c_cpu, 0);
1371 #else
1372 /* In this case wait to send the syscall packet until notification that
1373 the CPU has stopped. This must be done because if the packet is sent
1374 now the reply from the syscall request could be received while the CPU
1375 is still in the running state, which can cause packets to be dropped
1376 and state transition 'T' packets to be sent while the syscall is still
1377 being processed. */
1378 qemu_cpu_kick(s->c_cpu);
1379 #endif
1380 }
1381
1382 void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1383 {
1384 va_list va;
1385
1386 va_start(va, fmt);
1387 gdb_do_syscallv(cb, fmt, va);
1388 va_end(va);
1389 }
1390
1391 static void gdb_read_byte(GDBState *s, int ch)
1392 {
1393 int i, csum;
1394 uint8_t reply;
1395
1396 #ifndef CONFIG_USER_ONLY
1397 if (s->last_packet_len) {
1398 /* Waiting for a response to the last packet. If we see the start
1399 of a new command then abandon the previous response. */
1400 if (ch == '-') {
1401 #ifdef DEBUG_GDB
1402 printf("Got NACK, retransmitting\n");
1403 #endif
1404 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
1405 }
1406 #ifdef DEBUG_GDB
1407 else if (ch == '+')
1408 printf("Got ACK\n");
1409 else
1410 printf("Got '%c' when expecting ACK/NACK\n", ch);
1411 #endif
1412 if (ch == '+' || ch == '$')
1413 s->last_packet_len = 0;
1414 if (ch != '$')
1415 return;
1416 }
1417 if (runstate_is_running()) {
1418 /* when the CPU is running, we cannot do anything except stop
1419 it when receiving a char */
1420 vm_stop(RUN_STATE_PAUSED);
1421 } else
1422 #endif
1423 {
1424 switch(s->state) {
1425 case RS_IDLE:
1426 if (ch == '$') {
1427 s->line_buf_index = 0;
1428 s->state = RS_GETLINE;
1429 }
1430 break;
1431 case RS_GETLINE:
1432 if (ch == '#') {
1433 s->state = RS_CHKSUM1;
1434 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
1435 s->state = RS_IDLE;
1436 } else {
1437 s->line_buf[s->line_buf_index++] = ch;
1438 }
1439 break;
1440 case RS_CHKSUM1:
1441 s->line_buf[s->line_buf_index] = '\0';
1442 s->line_csum = fromhex(ch) << 4;
1443 s->state = RS_CHKSUM2;
1444 break;
1445 case RS_CHKSUM2:
1446 s->line_csum |= fromhex(ch);
1447 csum = 0;
1448 for(i = 0; i < s->line_buf_index; i++) {
1449 csum += s->line_buf[i];
1450 }
1451 if (s->line_csum != (csum & 0xff)) {
1452 reply = '-';
1453 put_buffer(s, &reply, 1);
1454 s->state = RS_IDLE;
1455 } else {
1456 reply = '+';
1457 put_buffer(s, &reply, 1);
1458 s->state = gdb_handle_packet(s, s->line_buf);
1459 }
1460 break;
1461 default:
1462 abort();
1463 }
1464 }
1465 }
1466
1467 /* Tell the remote gdb that the process has exited. */
1468 void gdb_exit(CPUArchState *env, int code)
1469 {
1470 GDBState *s;
1471 char buf[4];
1472
1473 s = gdbserver_state;
1474 if (!s) {
1475 return;
1476 }
1477 #ifdef CONFIG_USER_ONLY
1478 if (gdbserver_fd < 0 || s->fd < 0) {
1479 return;
1480 }
1481 #else
1482 if (!s->chr) {
1483 return;
1484 }
1485 #endif
1486
1487 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
1488 put_packet(s, buf);
1489
1490 #ifndef CONFIG_USER_ONLY
1491 qemu_chr_delete(s->chr);
1492 #endif
1493 }
1494
1495 #ifdef CONFIG_USER_ONLY
1496 int
1497 gdb_queuesig (void)
1498 {
1499 GDBState *s;
1500
1501 s = gdbserver_state;
1502
1503 if (gdbserver_fd < 0 || s->fd < 0)
1504 return 0;
1505 else
1506 return 1;
1507 }
1508
1509 int
1510 gdb_handlesig(CPUState *cpu, int sig)
1511 {
1512 GDBState *s;
1513 char buf[256];
1514 int n;
1515
1516 s = gdbserver_state;
1517 if (gdbserver_fd < 0 || s->fd < 0) {
1518 return sig;
1519 }
1520
1521 /* disable single step if it was enabled */
1522 cpu_single_step(cpu, 0);
1523 tb_flush(cpu);
1524
1525 if (sig != 0) {
1526 snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb(sig));
1527 put_packet(s, buf);
1528 }
1529 /* put_packet() might have detected that the peer terminated the
1530 connection. */
1531 if (s->fd < 0) {
1532 return sig;
1533 }
1534
1535 sig = 0;
1536 s->state = RS_IDLE;
1537 s->running_state = 0;
1538 while (s->running_state == 0) {
1539 n = read(s->fd, buf, 256);
1540 if (n > 0) {
1541 int i;
1542
1543 for (i = 0; i < n; i++) {
1544 gdb_read_byte(s, buf[i]);
1545 }
1546 } else if (n == 0 || errno != EAGAIN) {
1547 /* XXX: Connection closed. Should probably wait for another
1548 connection before continuing. */
1549 return sig;
1550 }
1551 }
1552 sig = s->signal;
1553 s->signal = 0;
1554 return sig;
1555 }
1556
1557 /* Tell the remote gdb that the process has exited due to SIG. */
1558 void gdb_signalled(CPUArchState *env, int sig)
1559 {
1560 GDBState *s;
1561 char buf[4];
1562
1563 s = gdbserver_state;
1564 if (gdbserver_fd < 0 || s->fd < 0) {
1565 return;
1566 }
1567
1568 snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb(sig));
1569 put_packet(s, buf);
1570 }
1571
1572 static void gdb_accept(void)
1573 {
1574 GDBState *s;
1575 struct sockaddr_in sockaddr;
1576 socklen_t len;
1577 int fd;
1578
1579 for(;;) {
1580 len = sizeof(sockaddr);
1581 fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
1582 if (fd < 0 && errno != EINTR) {
1583 perror("accept");
1584 return;
1585 } else if (fd >= 0) {
1586 #ifndef _WIN32
1587 fcntl(fd, F_SETFD, FD_CLOEXEC);
1588 #endif
1589 break;
1590 }
1591 }
1592
1593 /* set short latency */
1594 socket_set_nodelay(fd);
1595
1596 s = g_malloc0(sizeof(GDBState));
1597 s->c_cpu = first_cpu;
1598 s->g_cpu = first_cpu;
1599 s->fd = fd;
1600 gdb_has_xml = false;
1601
1602 gdbserver_state = s;
1603
1604 fcntl(fd, F_SETFL, O_NONBLOCK);
1605 }
1606
1607 static int gdbserver_open(int port)
1608 {
1609 struct sockaddr_in sockaddr;
1610 int fd, ret;
1611
1612 fd = socket(PF_INET, SOCK_STREAM, 0);
1613 if (fd < 0) {
1614 perror("socket");
1615 return -1;
1616 }
1617 #ifndef _WIN32
1618 fcntl(fd, F_SETFD, FD_CLOEXEC);
1619 #endif
1620
1621 socket_set_fast_reuse(fd);
1622
1623 sockaddr.sin_family = AF_INET;
1624 sockaddr.sin_port = htons(port);
1625 sockaddr.sin_addr.s_addr = 0;
1626 ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
1627 if (ret < 0) {
1628 perror("bind");
1629 close(fd);
1630 return -1;
1631 }
1632 ret = listen(fd, 0);
1633 if (ret < 0) {
1634 perror("listen");
1635 close(fd);
1636 return -1;
1637 }
1638 return fd;
1639 }
1640
1641 int gdbserver_start(int port)
1642 {
1643 gdbserver_fd = gdbserver_open(port);
1644 if (gdbserver_fd < 0)
1645 return -1;
1646 /* accept connections */
1647 gdb_accept();
1648 return 0;
1649 }
1650
1651 /* Disable gdb stub for child processes. */
1652 void gdbserver_fork(CPUState *cpu)
1653 {
1654 GDBState *s = gdbserver_state;
1655
1656 if (gdbserver_fd < 0 || s->fd < 0) {
1657 return;
1658 }
1659 close(s->fd);
1660 s->fd = -1;
1661 cpu_breakpoint_remove_all(cpu, BP_GDB);
1662 cpu_watchpoint_remove_all(cpu, BP_GDB);
1663 }
1664 #else
1665 static int gdb_chr_can_receive(void *opaque)
1666 {
1667 /* We can handle an arbitrarily large amount of data.
1668 Pick the maximum packet size, which is as good as anything. */
1669 return MAX_PACKET_LENGTH;
1670 }
1671
1672 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
1673 {
1674 int i;
1675
1676 for (i = 0; i < size; i++) {
1677 gdb_read_byte(gdbserver_state, buf[i]);
1678 }
1679 }
1680
1681 static void gdb_chr_event(void *opaque, int event)
1682 {
1683 switch (event) {
1684 case CHR_EVENT_OPENED:
1685 vm_stop(RUN_STATE_PAUSED);
1686 gdb_has_xml = false;
1687 break;
1688 default:
1689 break;
1690 }
1691 }
1692
1693 static void gdb_monitor_output(GDBState *s, const char *msg, int len)
1694 {
1695 char buf[MAX_PACKET_LENGTH];
1696
1697 buf[0] = 'O';
1698 if (len > (MAX_PACKET_LENGTH/2) - 1)
1699 len = (MAX_PACKET_LENGTH/2) - 1;
1700 memtohex(buf + 1, (uint8_t *)msg, len);
1701 put_packet(s, buf);
1702 }
1703
1704 static int gdb_monitor_write(CharDriverState *chr, const uint8_t *buf, int len)
1705 {
1706 const char *p = (const char *)buf;
1707 int max_sz;
1708
1709 max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
1710 for (;;) {
1711 if (len <= max_sz) {
1712 gdb_monitor_output(gdbserver_state, p, len);
1713 break;
1714 }
1715 gdb_monitor_output(gdbserver_state, p, max_sz);
1716 p += max_sz;
1717 len -= max_sz;
1718 }
1719 return len;
1720 }
1721
1722 #ifndef _WIN32
1723 static void gdb_sigterm_handler(int signal)
1724 {
1725 if (runstate_is_running()) {
1726 vm_stop(RUN_STATE_PAUSED);
1727 }
1728 }
1729 #endif
1730
1731 int gdbserver_start(const char *device)
1732 {
1733 GDBState *s;
1734 char gdbstub_device_name[128];
1735 CharDriverState *chr = NULL;
1736 CharDriverState *mon_chr;
1737 ChardevCommon common = { 0 };
1738
1739 if (!device)
1740 return -1;
1741 if (strcmp(device, "none") != 0) {
1742 if (strstart(device, "tcp:", NULL)) {
1743 /* enforce required TCP attributes */
1744 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
1745 "%s,nowait,nodelay,server", device);
1746 device = gdbstub_device_name;
1747 }
1748 #ifndef _WIN32
1749 else if (strcmp(device, "stdio") == 0) {
1750 struct sigaction act;
1751
1752 memset(&act, 0, sizeof(act));
1753 act.sa_handler = gdb_sigterm_handler;
1754 sigaction(SIGINT, &act, NULL);
1755 }
1756 #endif
1757 chr = qemu_chr_new_noreplay("gdb", device, NULL);
1758 if (!chr)
1759 return -1;
1760
1761 qemu_chr_fe_claim_no_fail(chr);
1762 qemu_chr_add_handlers(chr, gdb_chr_can_receive, gdb_chr_receive,
1763 gdb_chr_event, NULL);
1764 }
1765
1766 s = gdbserver_state;
1767 if (!s) {
1768 s = g_malloc0(sizeof(GDBState));
1769 gdbserver_state = s;
1770
1771 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
1772
1773 /* Initialize a monitor terminal for gdb */
1774 mon_chr = qemu_chr_alloc(&common, &error_abort);
1775 mon_chr->chr_write = gdb_monitor_write;
1776 monitor_init(mon_chr, 0);
1777 } else {
1778 if (s->chr)
1779 qemu_chr_delete(s->chr);
1780 mon_chr = s->mon_chr;
1781 memset(s, 0, sizeof(GDBState));
1782 }
1783 s->c_cpu = first_cpu;
1784 s->g_cpu = first_cpu;
1785 s->chr = chr;
1786 s->state = chr ? RS_IDLE : RS_INACTIVE;
1787 s->mon_chr = mon_chr;
1788 s->current_syscall_cb = NULL;
1789
1790 return 0;
1791 }
1792 #endif