1 /*
2 * gdb server stub - system specific bits
3 *
4 * Debug integration depends on support from the individual
5 * accelerators so most of this involves calling the ops helpers.
6 *
7 * Copyright (c) 2003-2005 Fabrice Bellard
8 * Copyright (c) 2022 Linaro Ltd
9 *
10 * SPDX-License-Identifier: LGPL-2.0-or-later
11 */
12
13 #include "qemu/osdep.h"
14 #include "qapi/error.h"
15 #include "qemu/error-report.h"
16 #include "qemu/cutils.h"
17 #include "exec/gdbstub.h"
18 #include "gdbstub/syscalls.h"
19 #include "gdbstub/commands.h"
20 #include "exec/hwaddr.h"
21 #include "exec/tb-flush.h"
22 #include "system/accel-ops.h"
23 #include "system/cpus.h"
24 #include "system/runstate.h"
25 #include "system/replay.h"
26 #include "system/tcg.h"
27 #include "hw/core/cpu.h"
28 #include "hw/cpu/cluster.h"
29 #include "hw/boards.h"
30 #include "chardev/char.h"
31 #include "chardev/char-fe.h"
32 #include "monitor/monitor.h"
33 #include "trace.h"
34 #include "internals.h"
35
36 /* System emulation specific state */
37 typedef struct {
38 CharBackend chr;
39 Chardev *mon_chr;
40 } GDBSystemState;
41
42 GDBSystemState gdbserver_system_state;
43
reset_gdbserver_state(void)44 static void reset_gdbserver_state(void)
45 {
46 g_free(gdbserver_state.processes);
47 gdbserver_state.processes = NULL;
48 gdbserver_state.process_num = 0;
49 gdbserver_state.allow_stop_reply = false;
50 }
51
52 /*
53 * Return the GDB index for a given vCPU state.
54 *
55 * In system mode GDB numbers CPUs from 1 as 0 is reserved as an "any
56 * cpu" index.
57 */
gdb_get_cpu_index(CPUState * cpu)58 int gdb_get_cpu_index(CPUState *cpu)
59 {
60 return cpu->cpu_index + 1;
61 }
62
63 /*
64 * We check the status of the last message in the chardev receive code
65 */
gdb_got_immediate_ack(void)66 bool gdb_got_immediate_ack(void)
67 {
68 return true;
69 }
70
71 /*
72 * GDB Connection management. For system emulation we do all of this
73 * via our existing Chardev infrastructure which allows us to support
74 * network and unix sockets.
75 */
76
gdb_put_buffer(const uint8_t * buf,int len)77 void gdb_put_buffer(const uint8_t *buf, int len)
78 {
79 /*
80 * XXX this blocks entire thread. Rewrite to use
81 * qemu_chr_fe_write and background I/O callbacks
82 */
83 qemu_chr_fe_write_all(&gdbserver_system_state.chr, buf, len);
84 }
85
gdb_chr_event(void * opaque,QEMUChrEvent event)86 static void gdb_chr_event(void *opaque, QEMUChrEvent event)
87 {
88 int i;
89 GDBState *s = (GDBState *) opaque;
90
91 switch (event) {
92 case CHR_EVENT_OPENED:
93 /* Start with first process attached, others detached */
94 for (i = 0; i < s->process_num; i++) {
95 s->processes[i].attached = !i;
96 }
97
98 s->c_cpu = gdb_first_attached_cpu();
99 s->g_cpu = s->c_cpu;
100
101 vm_stop(RUN_STATE_PAUSED);
102 replay_gdb_attached();
103 break;
104 default:
105 break;
106 }
107 }
108
109 /*
110 * In system-mode we stop the VM and wait to send the syscall packet
111 * until notification that the CPU has stopped. This must be done
112 * because if the packet is sent now the reply from the syscall
113 * request could be received while the CPU is still in the running
114 * state, which can cause packets to be dropped and state transition
115 * 'T' packets to be sent while the syscall is still being processed.
116 */
gdb_syscall_handling(const char * syscall_packet)117 void gdb_syscall_handling(const char *syscall_packet)
118 {
119 vm_stop(RUN_STATE_DEBUG);
120 qemu_cpu_kick(gdbserver_state.c_cpu);
121 }
122
gdb_vm_state_change(void * opaque,bool running,RunState state)123 static void gdb_vm_state_change(void *opaque, bool running, RunState state)
124 {
125 CPUState *cpu = gdbserver_state.c_cpu;
126 g_autoptr(GString) buf = g_string_new(NULL);
127 g_autoptr(GString) tid = g_string_new(NULL);
128 const char *type;
129 int ret;
130
131 if (running || gdbserver_state.state == RS_INACTIVE) {
132 return;
133 }
134
135 /* Is there a GDB syscall waiting to be sent? */
136 if (gdb_handled_syscall()) {
137 return;
138 }
139
140 if (cpu == NULL) {
141 /* No process attached */
142 return;
143 }
144
145 if (!gdbserver_state.allow_stop_reply) {
146 return;
147 }
148
149 gdb_append_thread_id(cpu, tid);
150
151 switch (state) {
152 case RUN_STATE_DEBUG:
153 if (cpu->watchpoint_hit) {
154 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) {
155 case BP_MEM_READ:
156 type = "r";
157 break;
158 case BP_MEM_ACCESS:
159 type = "a";
160 break;
161 default:
162 type = "";
163 break;
164 }
165 trace_gdbstub_hit_watchpoint(type,
166 gdb_get_cpu_index(cpu),
167 cpu->watchpoint_hit->vaddr);
168 g_string_printf(buf, "T%02xthread:%s;%swatch:%" VADDR_PRIx ";",
169 GDB_SIGNAL_TRAP, tid->str, type,
170 cpu->watchpoint_hit->vaddr);
171 cpu->watchpoint_hit = NULL;
172 goto send_packet;
173 } else {
174 trace_gdbstub_hit_break();
175 }
176 if (tcg_enabled()) {
177 tb_flush(cpu);
178 }
179 ret = GDB_SIGNAL_TRAP;
180 break;
181 case RUN_STATE_PAUSED:
182 trace_gdbstub_hit_paused();
183 ret = GDB_SIGNAL_INT;
184 break;
185 case RUN_STATE_SHUTDOWN:
186 trace_gdbstub_hit_shutdown();
187 ret = GDB_SIGNAL_QUIT;
188 break;
189 case RUN_STATE_IO_ERROR:
190 trace_gdbstub_hit_io_error();
191 ret = GDB_SIGNAL_STOP;
192 break;
193 case RUN_STATE_WATCHDOG:
194 trace_gdbstub_hit_watchdog();
195 ret = GDB_SIGNAL_ALRM;
196 break;
197 case RUN_STATE_INTERNAL_ERROR:
198 trace_gdbstub_hit_internal_error();
199 ret = GDB_SIGNAL_ABRT;
200 break;
201 case RUN_STATE_SAVE_VM:
202 case RUN_STATE_RESTORE_VM:
203 return;
204 case RUN_STATE_FINISH_MIGRATE:
205 ret = GDB_SIGNAL_XCPU;
206 break;
207 default:
208 trace_gdbstub_hit_unknown(state);
209 ret = GDB_SIGNAL_UNKNOWN;
210 break;
211 }
212 gdb_set_stop_cpu(cpu);
213 g_string_printf(buf, "T%02xthread:%s;", ret, tid->str);
214
215 send_packet:
216 gdb_put_packet(buf->str);
217 gdbserver_state.allow_stop_reply = false;
218
219 /* disable single step if it was enabled */
220 cpu_single_step(cpu, 0);
221 }
222
223 #ifndef _WIN32
gdb_sigterm_handler(int signal)224 static void gdb_sigterm_handler(int signal)
225 {
226 if (runstate_is_running()) {
227 vm_stop(RUN_STATE_PAUSED);
228 }
229 }
230 #endif
231
gdb_monitor_write(Chardev * chr,const uint8_t * buf,int len)232 static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len)
233 {
234 g_autoptr(GString) hex_buf = g_string_new("O");
235 gdb_memtohex(hex_buf, buf, len);
236 gdb_put_packet(hex_buf->str);
237 return len;
238 }
239
gdb_monitor_open(Chardev * chr,ChardevBackend * backend,bool * be_opened,Error ** errp)240 static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend,
241 bool *be_opened, Error **errp)
242 {
243 *be_opened = false;
244 }
245
char_gdb_class_init(ObjectClass * oc,const void * data)246 static void char_gdb_class_init(ObjectClass *oc, const void *data)
247 {
248 ChardevClass *cc = CHARDEV_CLASS(oc);
249
250 cc->internal = true;
251 cc->open = gdb_monitor_open;
252 cc->chr_write = gdb_monitor_write;
253 }
254
255 #define TYPE_CHARDEV_GDB "chardev-gdb"
256
257 static const TypeInfo char_gdb_type_info = {
258 .name = TYPE_CHARDEV_GDB,
259 .parent = TYPE_CHARDEV,
260 .class_init = char_gdb_class_init,
261 };
262
gdb_chr_can_receive(void * opaque)263 static int gdb_chr_can_receive(void *opaque)
264 {
265 /*
266 * We can handle an arbitrarily large amount of data.
267 * Pick the maximum packet size, which is as good as anything.
268 */
269 return MAX_PACKET_LENGTH;
270 }
271
gdb_chr_receive(void * opaque,const uint8_t * buf,int size)272 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
273 {
274 int i;
275
276 for (i = 0; i < size; i++) {
277 gdb_read_byte(buf[i]);
278 }
279 }
280
find_cpu_clusters(Object * child,void * opaque)281 static int find_cpu_clusters(Object *child, void *opaque)
282 {
283 if (object_dynamic_cast(child, TYPE_CPU_CLUSTER)) {
284 GDBState *s = (GDBState *) opaque;
285 CPUClusterState *cluster = CPU_CLUSTER(child);
286 GDBProcess *process;
287
288 s->processes = g_renew(GDBProcess, s->processes, ++s->process_num);
289
290 process = &s->processes[s->process_num - 1];
291
292 /*
293 * GDB process IDs -1 and 0 are reserved. To avoid subtle errors at
294 * runtime, we enforce here that the machine does not use a cluster ID
295 * that would lead to PID 0.
296 */
297 assert(cluster->cluster_id != UINT32_MAX);
298 process->pid = cluster->cluster_id + 1;
299 process->attached = false;
300 process->target_xml = NULL;
301
302 return 0;
303 }
304
305 return object_child_foreach(child, find_cpu_clusters, opaque);
306 }
307
pid_order(const void * a,const void * b)308 static int pid_order(const void *a, const void *b)
309 {
310 GDBProcess *pa = (GDBProcess *) a;
311 GDBProcess *pb = (GDBProcess *) b;
312
313 if (pa->pid < pb->pid) {
314 return -1;
315 } else if (pa->pid > pb->pid) {
316 return 1;
317 } else {
318 return 0;
319 }
320 }
321
create_processes(GDBState * s)322 static void create_processes(GDBState *s)
323 {
324 object_child_foreach(object_get_root(), find_cpu_clusters, s);
325
326 if (gdbserver_state.processes) {
327 /* Sort by PID */
328 qsort(gdbserver_state.processes,
329 gdbserver_state.process_num,
330 sizeof(gdbserver_state.processes[0]),
331 pid_order);
332 }
333
334 gdb_create_default_process(s);
335 }
336
gdbserver_start(const char * device,Error ** errp)337 bool gdbserver_start(const char *device, Error **errp)
338 {
339 Chardev *chr = NULL;
340 Chardev *mon_chr;
341 g_autoptr(GString) cs = g_string_new(device);
342
343 if (!first_cpu) {
344 error_setg(errp, "gdbstub: meaningless to attach gdb to a "
345 "machine without any CPU.");
346 return false;
347 }
348
349 if (!gdb_supports_guest_debug()) {
350 error_setg(errp, "gdbstub: current accelerator doesn't "
351 "support guest debugging");
352 return false;
353 }
354
355 if (cs->len == 0) {
356 error_setg(errp, "gdbstub: missing connection string");
357 return false;
358 }
359
360 trace_gdbstub_op_start(cs->str);
361
362 if (g_strcmp0(cs->str, "none") != 0) {
363 if (g_str_has_prefix(cs->str, "tcp:")) {
364 /* enforce required TCP attributes */
365 g_string_append_printf(cs, ",wait=off,nodelay=on,server=on");
366 }
367 #ifndef _WIN32
368 else if (strcmp(device, "stdio") == 0) {
369 struct sigaction act;
370
371 memset(&act, 0, sizeof(act));
372 act.sa_handler = gdb_sigterm_handler;
373 sigaction(SIGINT, &act, NULL);
374 }
375 #endif
376 /*
377 * FIXME: it's a bit weird to allow using a mux chardev here
378 * and implicitly setup a monitor. We may want to break this.
379 */
380 chr = qemu_chr_new_noreplay("gdb", cs->str, true, NULL);
381 if (!chr) {
382 error_setg(errp, "gdbstub: couldn't create chardev");
383 return false;
384 }
385 }
386
387 if (!gdbserver_state.init) {
388 gdb_init_gdbserver_state();
389
390 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
391
392 /* Initialize a monitor terminal for gdb */
393 mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB,
394 NULL, NULL, &error_abort);
395 monitor_init_hmp(mon_chr, false, &error_abort);
396 } else {
397 qemu_chr_fe_deinit(&gdbserver_system_state.chr, true);
398 mon_chr = gdbserver_system_state.mon_chr;
399 reset_gdbserver_state();
400 }
401
402 create_processes(&gdbserver_state);
403
404 if (chr) {
405 qemu_chr_fe_init(&gdbserver_system_state.chr, chr, &error_abort);
406 qemu_chr_fe_set_handlers(&gdbserver_system_state.chr,
407 gdb_chr_can_receive,
408 gdb_chr_receive, gdb_chr_event,
409 NULL, &gdbserver_state, NULL, true);
410 }
411 gdbserver_state.state = chr ? RS_IDLE : RS_INACTIVE;
412 gdbserver_system_state.mon_chr = mon_chr;
413 gdb_syscall_reset();
414
415 return true;
416 }
417
register_types(void)418 static void register_types(void)
419 {
420 type_register_static(&char_gdb_type_info);
421 }
422
423 type_init(register_types);
424
425 /* Tell the remote gdb that the process has exited. */
gdb_exit(int code)426 void gdb_exit(int code)
427 {
428 char buf[4];
429
430 if (!gdbserver_state.init) {
431 return;
432 }
433
434 trace_gdbstub_op_exiting((uint8_t)code);
435
436 if (gdbserver_state.allow_stop_reply) {
437 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
438 gdb_put_packet(buf);
439 gdbserver_state.allow_stop_reply = false;
440 }
441
442 qemu_chr_fe_deinit(&gdbserver_system_state.chr, true);
443 }
444
gdb_qemu_exit(int code)445 void gdb_qemu_exit(int code)
446 {
447 qemu_system_shutdown_request_with_code(SHUTDOWN_CAUSE_GUEST_SHUTDOWN,
448 code);
449 }
450
451 /*
452 * Memory access
453 */
454 static int phy_memory_mode;
455
gdb_target_memory_rw_debug(CPUState * cpu,hwaddr addr,uint8_t * buf,int len,bool is_write)456 int gdb_target_memory_rw_debug(CPUState *cpu, hwaddr addr,
457 uint8_t *buf, int len, bool is_write)
458 {
459 if (phy_memory_mode) {
460 if (is_write) {
461 cpu_physical_memory_write(addr, buf, len);
462 } else {
463 cpu_physical_memory_read(addr, buf, len);
464 }
465 return 0;
466 }
467
468 if (cpu->cc->memory_rw_debug) {
469 return cpu->cc->memory_rw_debug(cpu, addr, buf, len, is_write);
470 }
471
472 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
473 }
474
475 /*
476 * cpu helpers
477 */
478
gdb_get_max_cpus(void)479 unsigned int gdb_get_max_cpus(void)
480 {
481 MachineState *ms = MACHINE(qdev_get_machine());
482 return ms->smp.max_cpus;
483 }
484
gdb_can_reverse(void)485 bool gdb_can_reverse(void)
486 {
487 return replay_mode == REPLAY_MODE_PLAY;
488 }
489
490 /*
491 * Softmmu specific command helpers
492 */
493
gdb_handle_query_qemu_phy_mem_mode(GArray * params,void * ctx)494 void gdb_handle_query_qemu_phy_mem_mode(GArray *params,
495 void *ctx)
496 {
497 g_string_printf(gdbserver_state.str_buf, "%d", phy_memory_mode);
498 gdb_put_strbuf();
499 }
500
gdb_handle_set_qemu_phy_mem_mode(GArray * params,void * ctx)501 void gdb_handle_set_qemu_phy_mem_mode(GArray *params, void *ctx)
502 {
503 if (!params->len) {
504 gdb_put_packet("E22");
505 return;
506 }
507
508 if (!gdb_get_cmd_param(params, 0)->val_ul) {
509 phy_memory_mode = 0;
510 } else {
511 phy_memory_mode = 1;
512 }
513 gdb_put_packet("OK");
514 }
515
gdb_handle_query_rcmd(GArray * params,void * ctx)516 void gdb_handle_query_rcmd(GArray *params, void *ctx)
517 {
518 const guint8 zero = 0;
519 int len;
520
521 if (!params->len) {
522 gdb_put_packet("E22");
523 return;
524 }
525
526 len = strlen(gdb_get_cmd_param(params, 0)->data);
527 if (len % 2) {
528 gdb_put_packet("E01");
529 return;
530 }
531
532 g_assert(gdbserver_state.mem_buf->len == 0);
533 len = len / 2;
534 gdb_hextomem(gdbserver_state.mem_buf, gdb_get_cmd_param(params, 0)->data, len);
535 g_byte_array_append(gdbserver_state.mem_buf, &zero, 1);
536 qemu_chr_be_write(gdbserver_system_state.mon_chr,
537 gdbserver_state.mem_buf->data,
538 gdbserver_state.mem_buf->len);
539 gdb_put_packet("OK");
540 }
541
542 /*
543 * Execution state helpers
544 */
545
gdb_handle_query_attached(GArray * params,void * ctx)546 void gdb_handle_query_attached(GArray *params, void *ctx)
547 {
548 gdb_put_packet("1");
549 }
550
gdb_continue(void)551 void gdb_continue(void)
552 {
553 if (!runstate_needs_reset()) {
554 trace_gdbstub_op_continue();
555 vm_start();
556 }
557 }
558
559 /*
560 * Resume execution, per CPU actions.
561 */
gdb_continue_partial(char * newstates)562 int gdb_continue_partial(char *newstates)
563 {
564 CPUState *cpu;
565 int res = 0;
566 int flag = 0;
567
568 if (!runstate_needs_reset()) {
569 bool step_requested = false;
570 CPU_FOREACH(cpu) {
571 if (newstates[cpu->cpu_index] == 's') {
572 step_requested = true;
573 break;
574 }
575 }
576
577 if (vm_prepare_start(step_requested)) {
578 return 0;
579 }
580
581 CPU_FOREACH(cpu) {
582 switch (newstates[cpu->cpu_index]) {
583 case 0:
584 case 1:
585 break; /* nothing to do here */
586 case 's':
587 trace_gdbstub_op_stepping(cpu->cpu_index);
588 cpu_single_step(cpu, gdbserver_state.sstep_flags);
589 cpu_resume(cpu);
590 flag = 1;
591 break;
592 case 'c':
593 trace_gdbstub_op_continue_cpu(cpu->cpu_index);
594 cpu_resume(cpu);
595 flag = 1;
596 break;
597 default:
598 res = -1;
599 break;
600 }
601 }
602 }
603 if (flag) {
604 qemu_clock_enable(QEMU_CLOCK_VIRTUAL, true);
605 }
606 return res;
607 }
608
609 /*
610 * Signal Handling - in system mode we only need SIGINT and SIGTRAP; other
611 * signals are not yet supported.
612 */
613
614 enum {
615 TARGET_SIGINT = 2,
616 TARGET_SIGTRAP = 5
617 };
618
gdb_signal_to_target(int sig)619 int gdb_signal_to_target(int sig)
620 {
621 switch (sig) {
622 case 2:
623 return TARGET_SIGINT;
624 case 5:
625 return TARGET_SIGTRAP;
626 default:
627 return -1;
628 }
629 }
630
631 /*
632 * Break/Watch point helpers
633 */
634
gdb_supports_guest_debug(void)635 bool gdb_supports_guest_debug(void)
636 {
637 const AccelOpsClass *ops = cpus_get_accel();
638 if (ops->supports_guest_debug) {
639 return ops->supports_guest_debug();
640 }
641 return false;
642 }
643
gdb_breakpoint_insert(CPUState * cs,int type,vaddr addr,vaddr len)644 int gdb_breakpoint_insert(CPUState *cs, int type, vaddr addr, vaddr len)
645 {
646 const AccelOpsClass *ops = cpus_get_accel();
647 if (ops->insert_breakpoint) {
648 return ops->insert_breakpoint(cs, type, addr, len);
649 }
650 return -ENOSYS;
651 }
652
gdb_breakpoint_remove(CPUState * cs,int type,vaddr addr,vaddr len)653 int gdb_breakpoint_remove(CPUState *cs, int type, vaddr addr, vaddr len)
654 {
655 const AccelOpsClass *ops = cpus_get_accel();
656 if (ops->remove_breakpoint) {
657 return ops->remove_breakpoint(cs, type, addr, len);
658 }
659 return -ENOSYS;
660 }
661
gdb_breakpoint_remove_all(CPUState * cs)662 void gdb_breakpoint_remove_all(CPUState *cs)
663 {
664 const AccelOpsClass *ops = cpus_get_accel();
665 if (ops->remove_all_breakpoints) {
666 ops->remove_all_breakpoints(cs);
667 }
668 }
669