1 /* 2 * gdb server stub - system specific bits 3 * 4 * Debug integration depends on support from the individual 5 * accelerators so most of this involves calling the ops helpers. 6 * 7 * Copyright (c) 2003-2005 Fabrice Bellard 8 * Copyright (c) 2022 Linaro Ltd 9 * 10 * SPDX-License-Identifier: LGPL-2.0-or-later 11 */ 12 13 #include "qemu/osdep.h" 14 #include "qapi/error.h" 15 #include "qemu/error-report.h" 16 #include "qemu/cutils.h" 17 #include "exec/gdbstub.h" 18 #include "gdbstub/syscalls.h" 19 #include "gdbstub/commands.h" 20 #include "exec/hwaddr.h" 21 #include "exec/tb-flush.h" 22 #include "system/cpus.h" 23 #include "system/runstate.h" 24 #include "system/replay.h" 25 #include "system/tcg.h" 26 #include "hw/core/cpu.h" 27 #include "hw/cpu/cluster.h" 28 #include "hw/boards.h" 29 #include "chardev/char.h" 30 #include "chardev/char-fe.h" 31 #include "monitor/monitor.h" 32 #include "trace.h" 33 #include "internals.h" 34 35 /* System emulation specific state */ 36 typedef struct { 37 CharBackend chr; 38 Chardev *mon_chr; 39 } GDBSystemState; 40 41 GDBSystemState gdbserver_system_state; 42 43 static void reset_gdbserver_state(void) 44 { 45 g_free(gdbserver_state.processes); 46 gdbserver_state.processes = NULL; 47 gdbserver_state.process_num = 0; 48 gdbserver_state.allow_stop_reply = false; 49 } 50 51 /* 52 * Return the GDB index for a given vCPU state. 53 * 54 * In system mode GDB numbers CPUs from 1 as 0 is reserved as an "any 55 * cpu" index. 56 */ 57 int gdb_get_cpu_index(CPUState *cpu) 58 { 59 return cpu->cpu_index + 1; 60 } 61 62 /* 63 * We check the status of the last message in the chardev receive code 64 */ 65 bool gdb_got_immediate_ack(void) 66 { 67 return true; 68 } 69 70 /* 71 * GDB Connection management. For system emulation we do all of this 72 * via our existing Chardev infrastructure which allows us to support 73 * network and unix sockets. 74 */ 75 76 void gdb_put_buffer(const uint8_t *buf, int len) 77 { 78 /* 79 * XXX this blocks entire thread. Rewrite to use 80 * qemu_chr_fe_write and background I/O callbacks 81 */ 82 qemu_chr_fe_write_all(&gdbserver_system_state.chr, buf, len); 83 } 84 85 static void gdb_chr_event(void *opaque, QEMUChrEvent event) 86 { 87 int i; 88 GDBState *s = (GDBState *) opaque; 89 90 switch (event) { 91 case CHR_EVENT_OPENED: 92 /* Start with first process attached, others detached */ 93 for (i = 0; i < s->process_num; i++) { 94 s->processes[i].attached = !i; 95 } 96 97 s->c_cpu = gdb_first_attached_cpu(); 98 s->g_cpu = s->c_cpu; 99 100 vm_stop(RUN_STATE_PAUSED); 101 replay_gdb_attached(); 102 break; 103 default: 104 break; 105 } 106 } 107 108 /* 109 * In system-mode we stop the VM and wait to send the syscall packet 110 * until notification that the CPU has stopped. This must be done 111 * because if the packet is sent now the reply from the syscall 112 * request could be received while the CPU is still in the running 113 * state, which can cause packets to be dropped and state transition 114 * 'T' packets to be sent while the syscall is still being processed. 115 */ 116 void gdb_syscall_handling(const char *syscall_packet) 117 { 118 vm_stop(RUN_STATE_DEBUG); 119 qemu_cpu_kick(gdbserver_state.c_cpu); 120 } 121 122 static void gdb_vm_state_change(void *opaque, bool running, RunState state) 123 { 124 CPUState *cpu = gdbserver_state.c_cpu; 125 g_autoptr(GString) buf = g_string_new(NULL); 126 g_autoptr(GString) tid = g_string_new(NULL); 127 const char *type; 128 int ret; 129 130 if (running || gdbserver_state.state == RS_INACTIVE) { 131 return; 132 } 133 134 /* Is there a GDB syscall waiting to be sent? */ 135 if (gdb_handled_syscall()) { 136 return; 137 } 138 139 if (cpu == NULL) { 140 /* No process attached */ 141 return; 142 } 143 144 if (!gdbserver_state.allow_stop_reply) { 145 return; 146 } 147 148 gdb_append_thread_id(cpu, tid); 149 150 switch (state) { 151 case RUN_STATE_DEBUG: 152 if (cpu->watchpoint_hit) { 153 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) { 154 case BP_MEM_READ: 155 type = "r"; 156 break; 157 case BP_MEM_ACCESS: 158 type = "a"; 159 break; 160 default: 161 type = ""; 162 break; 163 } 164 trace_gdbstub_hit_watchpoint(type, 165 gdb_get_cpu_index(cpu), 166 cpu->watchpoint_hit->vaddr); 167 g_string_printf(buf, "T%02xthread:%s;%swatch:%" VADDR_PRIx ";", 168 GDB_SIGNAL_TRAP, tid->str, type, 169 cpu->watchpoint_hit->vaddr); 170 cpu->watchpoint_hit = NULL; 171 goto send_packet; 172 } else { 173 trace_gdbstub_hit_break(); 174 } 175 if (tcg_enabled()) { 176 tb_flush(cpu); 177 } 178 ret = GDB_SIGNAL_TRAP; 179 break; 180 case RUN_STATE_PAUSED: 181 trace_gdbstub_hit_paused(); 182 ret = GDB_SIGNAL_INT; 183 break; 184 case RUN_STATE_SHUTDOWN: 185 trace_gdbstub_hit_shutdown(); 186 ret = GDB_SIGNAL_QUIT; 187 break; 188 case RUN_STATE_IO_ERROR: 189 trace_gdbstub_hit_io_error(); 190 ret = GDB_SIGNAL_STOP; 191 break; 192 case RUN_STATE_WATCHDOG: 193 trace_gdbstub_hit_watchdog(); 194 ret = GDB_SIGNAL_ALRM; 195 break; 196 case RUN_STATE_INTERNAL_ERROR: 197 trace_gdbstub_hit_internal_error(); 198 ret = GDB_SIGNAL_ABRT; 199 break; 200 case RUN_STATE_SAVE_VM: 201 case RUN_STATE_RESTORE_VM: 202 return; 203 case RUN_STATE_FINISH_MIGRATE: 204 ret = GDB_SIGNAL_XCPU; 205 break; 206 default: 207 trace_gdbstub_hit_unknown(state); 208 ret = GDB_SIGNAL_UNKNOWN; 209 break; 210 } 211 gdb_set_stop_cpu(cpu); 212 g_string_printf(buf, "T%02xthread:%s;", ret, tid->str); 213 214 send_packet: 215 gdb_put_packet(buf->str); 216 gdbserver_state.allow_stop_reply = false; 217 218 /* disable single step if it was enabled */ 219 cpu_single_step(cpu, 0); 220 } 221 222 #ifndef _WIN32 223 static void gdb_sigterm_handler(int signal) 224 { 225 if (runstate_is_running()) { 226 vm_stop(RUN_STATE_PAUSED); 227 } 228 } 229 #endif 230 231 static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len) 232 { 233 g_autoptr(GString) hex_buf = g_string_new("O"); 234 gdb_memtohex(hex_buf, buf, len); 235 gdb_put_packet(hex_buf->str); 236 return len; 237 } 238 239 static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend, 240 bool *be_opened, Error **errp) 241 { 242 *be_opened = false; 243 } 244 245 static void char_gdb_class_init(ObjectClass *oc, void *data) 246 { 247 ChardevClass *cc = CHARDEV_CLASS(oc); 248 249 cc->internal = true; 250 cc->open = gdb_monitor_open; 251 cc->chr_write = gdb_monitor_write; 252 } 253 254 #define TYPE_CHARDEV_GDB "chardev-gdb" 255 256 static const TypeInfo char_gdb_type_info = { 257 .name = TYPE_CHARDEV_GDB, 258 .parent = TYPE_CHARDEV, 259 .class_init = char_gdb_class_init, 260 }; 261 262 static int gdb_chr_can_receive(void *opaque) 263 { 264 /* 265 * We can handle an arbitrarily large amount of data. 266 * Pick the maximum packet size, which is as good as anything. 267 */ 268 return MAX_PACKET_LENGTH; 269 } 270 271 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size) 272 { 273 int i; 274 275 for (i = 0; i < size; i++) { 276 gdb_read_byte(buf[i]); 277 } 278 } 279 280 static int find_cpu_clusters(Object *child, void *opaque) 281 { 282 if (object_dynamic_cast(child, TYPE_CPU_CLUSTER)) { 283 GDBState *s = (GDBState *) opaque; 284 CPUClusterState *cluster = CPU_CLUSTER(child); 285 GDBProcess *process; 286 287 s->processes = g_renew(GDBProcess, s->processes, ++s->process_num); 288 289 process = &s->processes[s->process_num - 1]; 290 291 /* 292 * GDB process IDs -1 and 0 are reserved. To avoid subtle errors at 293 * runtime, we enforce here that the machine does not use a cluster ID 294 * that would lead to PID 0. 295 */ 296 assert(cluster->cluster_id != UINT32_MAX); 297 process->pid = cluster->cluster_id + 1; 298 process->attached = false; 299 process->target_xml = NULL; 300 301 return 0; 302 } 303 304 return object_child_foreach(child, find_cpu_clusters, opaque); 305 } 306 307 static int pid_order(const void *a, const void *b) 308 { 309 GDBProcess *pa = (GDBProcess *) a; 310 GDBProcess *pb = (GDBProcess *) b; 311 312 if (pa->pid < pb->pid) { 313 return -1; 314 } else if (pa->pid > pb->pid) { 315 return 1; 316 } else { 317 return 0; 318 } 319 } 320 321 static void create_processes(GDBState *s) 322 { 323 object_child_foreach(object_get_root(), find_cpu_clusters, s); 324 325 if (gdbserver_state.processes) { 326 /* Sort by PID */ 327 qsort(gdbserver_state.processes, 328 gdbserver_state.process_num, 329 sizeof(gdbserver_state.processes[0]), 330 pid_order); 331 } 332 333 gdb_create_default_process(s); 334 } 335 336 bool gdbserver_start(const char *device, Error **errp) 337 { 338 Chardev *chr = NULL; 339 Chardev *mon_chr; 340 g_autoptr(GString) cs = g_string_new(device); 341 342 if (!first_cpu) { 343 error_setg(errp, "gdbstub: meaningless to attach gdb to a " 344 "machine without any CPU."); 345 return false; 346 } 347 348 if (!gdb_supports_guest_debug()) { 349 error_setg(errp, "gdbstub: current accelerator doesn't " 350 "support guest debugging"); 351 return false; 352 } 353 354 if (cs->len == 0) { 355 error_setg(errp, "gdbstub: missing connection string"); 356 return false; 357 } 358 359 trace_gdbstub_op_start(cs->str); 360 361 if (g_strcmp0(cs->str, "none") != 0) { 362 if (g_str_has_prefix(cs->str, "tcp:")) { 363 /* enforce required TCP attributes */ 364 g_string_append_printf(cs, ",wait=off,nodelay=on,server=on"); 365 } 366 #ifndef _WIN32 367 else if (strcmp(device, "stdio") == 0) { 368 struct sigaction act; 369 370 memset(&act, 0, sizeof(act)); 371 act.sa_handler = gdb_sigterm_handler; 372 sigaction(SIGINT, &act, NULL); 373 } 374 #endif 375 /* 376 * FIXME: it's a bit weird to allow using a mux chardev here 377 * and implicitly setup a monitor. We may want to break this. 378 */ 379 chr = qemu_chr_new_noreplay("gdb", cs->str, true, NULL); 380 if (!chr) { 381 error_setg(errp, "gdbstub: couldn't create chardev"); 382 return false; 383 } 384 } 385 386 if (!gdbserver_state.init) { 387 gdb_init_gdbserver_state(); 388 389 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL); 390 391 /* Initialize a monitor terminal for gdb */ 392 mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB, 393 NULL, NULL, &error_abort); 394 monitor_init_hmp(mon_chr, false, &error_abort); 395 } else { 396 qemu_chr_fe_deinit(&gdbserver_system_state.chr, true); 397 mon_chr = gdbserver_system_state.mon_chr; 398 reset_gdbserver_state(); 399 } 400 401 create_processes(&gdbserver_state); 402 403 if (chr) { 404 qemu_chr_fe_init(&gdbserver_system_state.chr, chr, &error_abort); 405 qemu_chr_fe_set_handlers(&gdbserver_system_state.chr, 406 gdb_chr_can_receive, 407 gdb_chr_receive, gdb_chr_event, 408 NULL, &gdbserver_state, NULL, true); 409 } 410 gdbserver_state.state = chr ? RS_IDLE : RS_INACTIVE; 411 gdbserver_system_state.mon_chr = mon_chr; 412 gdb_syscall_reset(); 413 414 return true; 415 } 416 417 static void register_types(void) 418 { 419 type_register_static(&char_gdb_type_info); 420 } 421 422 type_init(register_types); 423 424 /* Tell the remote gdb that the process has exited. */ 425 void gdb_exit(int code) 426 { 427 char buf[4]; 428 429 if (!gdbserver_state.init) { 430 return; 431 } 432 433 trace_gdbstub_op_exiting((uint8_t)code); 434 435 if (gdbserver_state.allow_stop_reply) { 436 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code); 437 gdb_put_packet(buf); 438 gdbserver_state.allow_stop_reply = false; 439 } 440 441 qemu_chr_fe_deinit(&gdbserver_system_state.chr, true); 442 } 443 444 void gdb_qemu_exit(int code) 445 { 446 qemu_system_shutdown_request_with_code(SHUTDOWN_CAUSE_GUEST_SHUTDOWN, 447 code); 448 } 449 450 /* 451 * Memory access 452 */ 453 static int phy_memory_mode; 454 455 int gdb_target_memory_rw_debug(CPUState *cpu, hwaddr addr, 456 uint8_t *buf, int len, bool is_write) 457 { 458 CPUClass *cc; 459 460 if (phy_memory_mode) { 461 if (is_write) { 462 cpu_physical_memory_write(addr, buf, len); 463 } else { 464 cpu_physical_memory_read(addr, buf, len); 465 } 466 return 0; 467 } 468 469 cc = CPU_GET_CLASS(cpu); 470 if (cc->memory_rw_debug) { 471 return cc->memory_rw_debug(cpu, addr, buf, len, is_write); 472 } 473 474 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write); 475 } 476 477 /* 478 * cpu helpers 479 */ 480 481 unsigned int gdb_get_max_cpus(void) 482 { 483 MachineState *ms = MACHINE(qdev_get_machine()); 484 return ms->smp.max_cpus; 485 } 486 487 bool gdb_can_reverse(void) 488 { 489 return replay_mode == REPLAY_MODE_PLAY; 490 } 491 492 /* 493 * Softmmu specific command helpers 494 */ 495 496 void gdb_handle_query_qemu_phy_mem_mode(GArray *params, 497 void *ctx) 498 { 499 g_string_printf(gdbserver_state.str_buf, "%d", phy_memory_mode); 500 gdb_put_strbuf(); 501 } 502 503 void gdb_handle_set_qemu_phy_mem_mode(GArray *params, void *ctx) 504 { 505 if (!params->len) { 506 gdb_put_packet("E22"); 507 return; 508 } 509 510 if (!gdb_get_cmd_param(params, 0)->val_ul) { 511 phy_memory_mode = 0; 512 } else { 513 phy_memory_mode = 1; 514 } 515 gdb_put_packet("OK"); 516 } 517 518 void gdb_handle_query_rcmd(GArray *params, void *ctx) 519 { 520 const guint8 zero = 0; 521 int len; 522 523 if (!params->len) { 524 gdb_put_packet("E22"); 525 return; 526 } 527 528 len = strlen(gdb_get_cmd_param(params, 0)->data); 529 if (len % 2) { 530 gdb_put_packet("E01"); 531 return; 532 } 533 534 g_assert(gdbserver_state.mem_buf->len == 0); 535 len = len / 2; 536 gdb_hextomem(gdbserver_state.mem_buf, gdb_get_cmd_param(params, 0)->data, len); 537 g_byte_array_append(gdbserver_state.mem_buf, &zero, 1); 538 qemu_chr_be_write(gdbserver_system_state.mon_chr, 539 gdbserver_state.mem_buf->data, 540 gdbserver_state.mem_buf->len); 541 gdb_put_packet("OK"); 542 } 543 544 /* 545 * Execution state helpers 546 */ 547 548 void gdb_handle_query_attached(GArray *params, void *ctx) 549 { 550 gdb_put_packet("1"); 551 } 552 553 void gdb_continue(void) 554 { 555 if (!runstate_needs_reset()) { 556 trace_gdbstub_op_continue(); 557 vm_start(); 558 } 559 } 560 561 /* 562 * Resume execution, per CPU actions. 563 */ 564 int gdb_continue_partial(char *newstates) 565 { 566 CPUState *cpu; 567 int res = 0; 568 int flag = 0; 569 570 if (!runstate_needs_reset()) { 571 bool step_requested = false; 572 CPU_FOREACH(cpu) { 573 if (newstates[cpu->cpu_index] == 's') { 574 step_requested = true; 575 break; 576 } 577 } 578 579 if (vm_prepare_start(step_requested)) { 580 return 0; 581 } 582 583 CPU_FOREACH(cpu) { 584 switch (newstates[cpu->cpu_index]) { 585 case 0: 586 case 1: 587 break; /* nothing to do here */ 588 case 's': 589 trace_gdbstub_op_stepping(cpu->cpu_index); 590 cpu_single_step(cpu, gdbserver_state.sstep_flags); 591 cpu_resume(cpu); 592 flag = 1; 593 break; 594 case 'c': 595 trace_gdbstub_op_continue_cpu(cpu->cpu_index); 596 cpu_resume(cpu); 597 flag = 1; 598 break; 599 default: 600 res = -1; 601 break; 602 } 603 } 604 } 605 if (flag) { 606 qemu_clock_enable(QEMU_CLOCK_VIRTUAL, true); 607 } 608 return res; 609 } 610 611 /* 612 * Signal Handling - in system mode we only need SIGINT and SIGTRAP; other 613 * signals are not yet supported. 614 */ 615 616 enum { 617 TARGET_SIGINT = 2, 618 TARGET_SIGTRAP = 5 619 }; 620 621 int gdb_signal_to_target(int sig) 622 { 623 switch (sig) { 624 case 2: 625 return TARGET_SIGINT; 626 case 5: 627 return TARGET_SIGTRAP; 628 default: 629 return -1; 630 } 631 } 632 633 /* 634 * Break/Watch point helpers 635 */ 636 637 bool gdb_supports_guest_debug(void) 638 { 639 const AccelOpsClass *ops = cpus_get_accel(); 640 if (ops->supports_guest_debug) { 641 return ops->supports_guest_debug(); 642 } 643 return false; 644 } 645 646 int gdb_breakpoint_insert(CPUState *cs, int type, vaddr addr, vaddr len) 647 { 648 const AccelOpsClass *ops = cpus_get_accel(); 649 if (ops->insert_breakpoint) { 650 return ops->insert_breakpoint(cs, type, addr, len); 651 } 652 return -ENOSYS; 653 } 654 655 int gdb_breakpoint_remove(CPUState *cs, int type, vaddr addr, vaddr len) 656 { 657 const AccelOpsClass *ops = cpus_get_accel(); 658 if (ops->remove_breakpoint) { 659 return ops->remove_breakpoint(cs, type, addr, len); 660 } 661 return -ENOSYS; 662 } 663 664 void gdb_breakpoint_remove_all(CPUState *cs) 665 { 666 const AccelOpsClass *ops = cpus_get_accel(); 667 if (ops->remove_all_breakpoints) { 668 ops->remove_all_breakpoints(cs); 669 } 670 } 671