2
* gdb server stub - system specific bits
4
* Debug integration depends on support from the individual
5
* accelerators so most of this involves calling the ops helpers.
7
* Copyright (c) 2003-2005 Fabrice Bellard
8
* Copyright (c) 2022 Linaro Ltd
10
* SPDX-License-Identifier: LGPL-2.0+
13
#include "qemu/osdep.h"
14
#include "qapi/error.h"
15
#include "qemu/error-report.h"
16
#include "qemu/cutils.h"
17
#include "exec/gdbstub.h"
18
#include "gdbstub/syscalls.h"
19
#include "gdbstub/commands.h"
20
#include "exec/hwaddr.h"
21
#include "exec/tb-flush.h"
22
#include "sysemu/cpus.h"
23
#include "sysemu/runstate.h"
24
#include "sysemu/replay.h"
25
#include "hw/core/cpu.h"
26
#include "hw/cpu/cluster.h"
28
#include "chardev/char.h"
29
#include "chardev/char-fe.h"
30
#include "monitor/monitor.h"
34
/* System emulation specific state */
40
GDBSystemState gdbserver_system_state;
42
static void reset_gdbserver_state(void)
44
g_free(gdbserver_state.processes);
45
gdbserver_state.processes = NULL;
46
gdbserver_state.process_num = 0;
47
gdbserver_state.allow_stop_reply = false;
51
* Return the GDB index for a given vCPU state.
53
* In system mode GDB numbers CPUs from 1 as 0 is reserved as an "any
56
int gdb_get_cpu_index(CPUState *cpu)
58
return cpu->cpu_index + 1;
62
* We check the status of the last message in the chardev receive code
64
bool gdb_got_immediate_ack(void)
70
* GDB Connection management. For system emulation we do all of this
71
* via our existing Chardev infrastructure which allows us to support
72
* network and unix sockets.
75
void gdb_put_buffer(const uint8_t *buf, int len)
78
* XXX this blocks entire thread. Rewrite to use
79
* qemu_chr_fe_write and background I/O callbacks
81
qemu_chr_fe_write_all(&gdbserver_system_state.chr, buf, len);
84
static void gdb_chr_event(void *opaque, QEMUChrEvent event)
87
GDBState *s = (GDBState *) opaque;
90
case CHR_EVENT_OPENED:
91
/* Start with first process attached, others detached */
92
for (i = 0; i < s->process_num; i++) {93
s->processes[i].attached = !i;
96
s->c_cpu = gdb_first_attached_cpu();
99
vm_stop(RUN_STATE_PAUSED);
100
replay_gdb_attached();
108
* In system-mode we stop the VM and wait to send the syscall packet
109
* until notification that the CPU has stopped. This must be done
110
* because if the packet is sent now the reply from the syscall
111
* request could be received while the CPU is still in the running
112
* state, which can cause packets to be dropped and state transition
113
* 'T' packets to be sent while the syscall is still being processed.
115
void gdb_syscall_handling(const char *syscall_packet)
117
vm_stop(RUN_STATE_DEBUG);
118
qemu_cpu_kick(gdbserver_state.c_cpu);
121
static void gdb_vm_state_change(void *opaque, bool running, RunState state)
123
CPUState *cpu = gdbserver_state.c_cpu;
124
g_autoptr(GString) buf = g_string_new(NULL);
125
g_autoptr(GString) tid = g_string_new(NULL);
129
if (running || gdbserver_state.state == RS_INACTIVE) {133
/* Is there a GDB syscall waiting to be sent? */
134
if (gdb_handled_syscall()) {139
/* No process attached */
143
if (!gdbserver_state.allow_stop_reply) {147
gdb_append_thread_id(cpu, tid);
150
case RUN_STATE_DEBUG:
151
if (cpu->watchpoint_hit) {152
switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {163
trace_gdbstub_hit_watchpoint(type,
164
gdb_get_cpu_index(cpu),
165
cpu->watchpoint_hit->vaddr);
166
g_string_printf(buf, "T%02xthread:%s;%swatch:%" VADDR_PRIx ";",
167
GDB_SIGNAL_TRAP, tid->str, type,
168
cpu->watchpoint_hit->vaddr);
169
cpu->watchpoint_hit = NULL;
172
trace_gdbstub_hit_break();
175
ret = GDB_SIGNAL_TRAP;
177
case RUN_STATE_PAUSED:
178
trace_gdbstub_hit_paused();
179
ret = GDB_SIGNAL_INT;
181
case RUN_STATE_SHUTDOWN:
182
trace_gdbstub_hit_shutdown();
183
ret = GDB_SIGNAL_QUIT;
185
case RUN_STATE_IO_ERROR:
186
trace_gdbstub_hit_io_error();
187
ret = GDB_SIGNAL_STOP;
189
case RUN_STATE_WATCHDOG:
190
trace_gdbstub_hit_watchdog();
191
ret = GDB_SIGNAL_ALRM;
193
case RUN_STATE_INTERNAL_ERROR:
194
trace_gdbstub_hit_internal_error();
195
ret = GDB_SIGNAL_ABRT;
197
case RUN_STATE_SAVE_VM:
198
case RUN_STATE_RESTORE_VM:
200
case RUN_STATE_FINISH_MIGRATE:
201
ret = GDB_SIGNAL_XCPU;
204
trace_gdbstub_hit_unknown(state);
205
ret = GDB_SIGNAL_UNKNOWN;
208
gdb_set_stop_cpu(cpu);
209
g_string_printf(buf, "T%02xthread:%s;", ret, tid->str);
212
gdb_put_packet(buf->str);
213
gdbserver_state.allow_stop_reply = false;
215
/* disable single step if it was enabled */
216
cpu_single_step(cpu, 0);
220
static void gdb_sigterm_handler(int signal)
222
if (runstate_is_running()) {223
vm_stop(RUN_STATE_PAUSED);
228
static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len)
230
g_autoptr(GString) hex_buf = g_string_new("O");231
gdb_memtohex(hex_buf, buf, len);
232
gdb_put_packet(hex_buf->str);
236
static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend,
237
bool *be_opened, Error **errp)
242
static void char_gdb_class_init(ObjectClass *oc, void *data)
244
ChardevClass *cc = CHARDEV_CLASS(oc);
247
cc->open = gdb_monitor_open;
248
cc->chr_write = gdb_monitor_write;
251
#define TYPE_CHARDEV_GDB "chardev-gdb"
253
static const TypeInfo char_gdb_type_info = {254
.name = TYPE_CHARDEV_GDB,
255
.parent = TYPE_CHARDEV,
256
.class_init = char_gdb_class_init,
259
static int gdb_chr_can_receive(void *opaque)
262
* We can handle an arbitrarily large amount of data.
263
* Pick the maximum packet size, which is as good as anything.
265
return MAX_PACKET_LENGTH;
268
static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
272
for (i = 0; i < size; i++) {273
gdb_read_byte(buf[i]);
277
static int find_cpu_clusters(Object *child, void *opaque)
279
if (object_dynamic_cast(child, TYPE_CPU_CLUSTER)) {280
GDBState *s = (GDBState *) opaque;
281
CPUClusterState *cluster = CPU_CLUSTER(child);
284
s->processes = g_renew(GDBProcess, s->processes, ++s->process_num);
286
process = &s->processes[s->process_num - 1];
289
* GDB process IDs -1 and 0 are reserved. To avoid subtle errors at
290
* runtime, we enforce here that the machine does not use a cluster ID
291
* that would lead to PID 0.
293
assert(cluster->cluster_id != UINT32_MAX);
294
process->pid = cluster->cluster_id + 1;
295
process->attached = false;
296
process->target_xml = NULL;
301
return object_child_foreach(child, find_cpu_clusters, opaque);
304
static int pid_order(const void *a, const void *b)
306
GDBProcess *pa = (GDBProcess *) a;
307
GDBProcess *pb = (GDBProcess *) b;
309
if (pa->pid < pb->pid) {311
} else if (pa->pid > pb->pid) {318
static void create_processes(GDBState *s)
320
object_child_foreach(object_get_root(), find_cpu_clusters, s);
322
if (gdbserver_state.processes) {324
qsort(gdbserver_state.processes,
325
gdbserver_state.process_num,
326
sizeof(gdbserver_state.processes[0]),
330
gdb_create_default_process(s);
333
int gdbserver_start(const char *device)
337
g_autoptr(GString) cs = g_string_new(device);
340
error_report("gdbstub: meaningless to attach gdb to a "341
"machine without any CPU.");
345
if (!gdb_supports_guest_debug()) {346
error_report("gdbstub: current accelerator doesn't "347
"support guest debugging");
355
trace_gdbstub_op_start(cs->str);
357
if (g_strcmp0(cs->str, "none") != 0) {358
if (g_str_has_prefix(cs->str, "tcp:")) {359
/* enforce required TCP attributes */
360
g_string_append_printf(cs, ",wait=off,nodelay=on,server=on");
363
else if (strcmp(device, "stdio") == 0) {364
struct sigaction act;
366
memset(&act, 0, sizeof(act));
367
act.sa_handler = gdb_sigterm_handler;
368
sigaction(SIGINT, &act, NULL);
372
* FIXME: it's a bit weird to allow using a mux chardev here
373
* and implicitly setup a monitor. We may want to break this.
375
chr = qemu_chr_new_noreplay("gdb", cs->str, true, NULL);381
if (!gdbserver_state.init) {382
gdb_init_gdbserver_state();
384
qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
386
/* Initialize a monitor terminal for gdb */
387
mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB,
388
NULL, NULL, &error_abort);
389
monitor_init_hmp(mon_chr, false, &error_abort);
391
qemu_chr_fe_deinit(&gdbserver_system_state.chr, true);
392
mon_chr = gdbserver_system_state.mon_chr;
393
reset_gdbserver_state();
396
create_processes(&gdbserver_state);
399
qemu_chr_fe_init(&gdbserver_system_state.chr, chr, &error_abort);
400
qemu_chr_fe_set_handlers(&gdbserver_system_state.chr,
402
gdb_chr_receive, gdb_chr_event,
403
NULL, &gdbserver_state, NULL, true);
405
gdbserver_state.state = chr ? RS_IDLE : RS_INACTIVE;
406
gdbserver_system_state.mon_chr = mon_chr;
412
static void register_types(void)
414
type_register_static(&char_gdb_type_info);
417
type_init(register_types);
419
/* Tell the remote gdb that the process has exited. */
420
void gdb_exit(int code)
424
if (!gdbserver_state.init) {428
trace_gdbstub_op_exiting((uint8_t)code);
430
if (gdbserver_state.allow_stop_reply) {431
snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
433
gdbserver_state.allow_stop_reply = false;
436
qemu_chr_fe_deinit(&gdbserver_system_state.chr, true);
439
void gdb_qemu_exit(int code)
441
qemu_system_shutdown_request_with_code(SHUTDOWN_CAUSE_GUEST_SHUTDOWN,
448
static int phy_memory_mode;
450
int gdb_target_memory_rw_debug(CPUState *cpu, hwaddr addr,
451
uint8_t *buf, int len, bool is_write)
455
if (phy_memory_mode) {457
cpu_physical_memory_write(addr, buf, len);
459
cpu_physical_memory_read(addr, buf, len);
464
cc = CPU_GET_CLASS(cpu);
465
if (cc->memory_rw_debug) {466
return cc->memory_rw_debug(cpu, addr, buf, len, is_write);
469
return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
476
unsigned int gdb_get_max_cpus(void)
478
MachineState *ms = MACHINE(qdev_get_machine());
479
return ms->smp.max_cpus;
482
bool gdb_can_reverse(void)
484
return replay_mode == REPLAY_MODE_PLAY;
488
* Softmmu specific command helpers
491
void gdb_handle_query_qemu_phy_mem_mode(GArray *params,
494
g_string_printf(gdbserver_state.str_buf, "%d", phy_memory_mode);
498
void gdb_handle_set_qemu_phy_mem_mode(GArray *params, void *ctx)
501
gdb_put_packet("E22");505
if (!gdb_get_cmd_param(params, 0)->val_ul) {510
gdb_put_packet("OK");513
void gdb_handle_query_rcmd(GArray *params, void *ctx)
515
const guint8 zero = 0;
519
gdb_put_packet("E22");523
len = strlen(gdb_get_cmd_param(params, 0)->data);
525
gdb_put_packet("E01");529
g_assert(gdbserver_state.mem_buf->len == 0);
531
gdb_hextomem(gdbserver_state.mem_buf, gdb_get_cmd_param(params, 0)->data, len);
532
g_byte_array_append(gdbserver_state.mem_buf, &zero, 1);
533
qemu_chr_be_write(gdbserver_system_state.mon_chr,
534
gdbserver_state.mem_buf->data,
535
gdbserver_state.mem_buf->len);
536
gdb_put_packet("OK");540
* Execution state helpers
543
void gdb_handle_query_attached(GArray *params, void *ctx)
548
void gdb_continue(void)
550
if (!runstate_needs_reset()) {551
trace_gdbstub_op_continue();
557
* Resume execution, per CPU actions.
559
int gdb_continue_partial(char *newstates)
565
if (!runstate_needs_reset()) {566
bool step_requested = false;
568
if (newstates[cpu->cpu_index] == 's') {569
step_requested = true;
574
if (vm_prepare_start(step_requested)) {579
switch (newstates[cpu->cpu_index]) {582
break; /* nothing to do here */
584
trace_gdbstub_op_stepping(cpu->cpu_index);
585
cpu_single_step(cpu, gdbserver_state.sstep_flags);
590
trace_gdbstub_op_continue_cpu(cpu->cpu_index);
601
qemu_clock_enable(QEMU_CLOCK_VIRTUAL, true);
607
* Signal Handling - in system mode we only need SIGINT and SIGTRAP; other
608
* signals are not yet supported.
616
int gdb_signal_to_target(int sig)
620
return TARGET_SIGINT;
622
return TARGET_SIGTRAP;
629
* Break/Watch point helpers
632
bool gdb_supports_guest_debug(void)
634
const AccelOpsClass *ops = cpus_get_accel();
635
if (ops->supports_guest_debug) {636
return ops->supports_guest_debug();
641
int gdb_breakpoint_insert(CPUState *cs, int type, vaddr addr, vaddr len)
643
const AccelOpsClass *ops = cpus_get_accel();
644
if (ops->insert_breakpoint) {645
return ops->insert_breakpoint(cs, type, addr, len);
650
int gdb_breakpoint_remove(CPUState *cs, int type, vaddr addr, vaddr len)
652
const AccelOpsClass *ops = cpus_get_accel();
653
if (ops->remove_breakpoint) {654
return ops->remove_breakpoint(cs, type, addr, len);
659
void gdb_breakpoint_remove_all(CPUState *cs)
661
const AccelOpsClass *ops = cpus_get_accel();
662
if (ops->remove_all_breakpoints) {663
ops->remove_all_breakpoints(cs);