1 /* 2 * gdb server stub - softmmu specific bits 3 * 4 * Debug integration depends on support from the individual 5 * accelerators so most of this involves calling the ops helpers. 6 * 7 * Copyright (c) 2003-2005 Fabrice Bellard 8 * Copyright (c) 2022 Linaro Ltd 9 * 10 * SPDX-License-Identifier: LGPL-2.0+ 11 */ 12 13 #include "qemu/osdep.h" 14 #include "qapi/error.h" 15 #include "qemu/error-report.h" 16 #include "qemu/cutils.h" 17 #include "exec/gdbstub.h" 18 #include "gdbstub/syscalls.h" 19 #include "exec/hwaddr.h" 20 #include "exec/tb-flush.h" 21 #include "sysemu/cpus.h" 22 #include "sysemu/runstate.h" 23 #include "sysemu/replay.h" 24 #include "hw/core/cpu.h" 25 #include "hw/cpu/cluster.h" 26 #include "hw/boards.h" 27 #include "chardev/char.h" 28 #include "chardev/char-fe.h" 29 #include "monitor/monitor.h" 30 #include "trace.h" 31 #include "internals.h" 32 33 /* System emulation specific state */ 34 typedef struct { 35 CharBackend chr; 36 Chardev *mon_chr; 37 } GDBSystemState; 38 39 GDBSystemState gdbserver_system_state; 40 41 static void reset_gdbserver_state(void) 42 { 43 g_free(gdbserver_state.processes); 44 gdbserver_state.processes = NULL; 45 gdbserver_state.process_num = 0; 46 } 47 48 /* 49 * Return the GDB index for a given vCPU state. 50 * 51 * In system mode GDB numbers CPUs from 1 as 0 is reserved as an "any 52 * cpu" index. 53 */ 54 int gdb_get_cpu_index(CPUState *cpu) 55 { 56 return cpu->cpu_index + 1; 57 } 58 59 /* 60 * We check the status of the last message in the chardev receive code 61 */ 62 bool gdb_got_immediate_ack(void) 63 { 64 return true; 65 } 66 67 /* 68 * GDB Connection management. For system emulation we do all of this 69 * via our existing Chardev infrastructure which allows us to support 70 * network and unix sockets. 71 */ 72 73 void gdb_put_buffer(const uint8_t *buf, int len) 74 { 75 /* 76 * XXX this blocks entire thread. Rewrite to use 77 * qemu_chr_fe_write and background I/O callbacks 78 */ 79 qemu_chr_fe_write_all(&gdbserver_system_state.chr, buf, len); 80 } 81 82 static void gdb_chr_event(void *opaque, QEMUChrEvent event) 83 { 84 int i; 85 GDBState *s = (GDBState *) opaque; 86 87 switch (event) { 88 case CHR_EVENT_OPENED: 89 /* Start with first process attached, others detached */ 90 for (i = 0; i < s->process_num; i++) { 91 s->processes[i].attached = !i; 92 } 93 94 s->c_cpu = gdb_first_attached_cpu(); 95 s->g_cpu = s->c_cpu; 96 97 vm_stop(RUN_STATE_PAUSED); 98 replay_gdb_attached(); 99 gdb_has_xml = false; 100 break; 101 default: 102 break; 103 } 104 } 105 106 static void gdb_vm_state_change(void *opaque, bool running, RunState state) 107 { 108 CPUState *cpu = gdbserver_state.c_cpu; 109 g_autoptr(GString) buf = g_string_new(NULL); 110 g_autoptr(GString) tid = g_string_new(NULL); 111 const char *type; 112 int ret; 113 114 if (running || gdbserver_state.state == RS_INACTIVE) { 115 return; 116 } 117 118 /* Is there a GDB syscall waiting to be sent? */ 119 if (gdb_handled_syscall()) { 120 return; 121 } 122 123 if (cpu == NULL) { 124 /* No process attached */ 125 return; 126 } 127 128 gdb_append_thread_id(cpu, tid); 129 130 switch (state) { 131 case RUN_STATE_DEBUG: 132 if (cpu->watchpoint_hit) { 133 switch (cpu->watchpoint_hit->flags & BP_MEM_ACCESS) { 134 case BP_MEM_READ: 135 type = "r"; 136 break; 137 case BP_MEM_ACCESS: 138 type = "a"; 139 break; 140 default: 141 type = ""; 142 break; 143 } 144 trace_gdbstub_hit_watchpoint(type, 145 gdb_get_cpu_index(cpu), 146 cpu->watchpoint_hit->vaddr); 147 g_string_printf(buf, "T%02xthread:%s;%swatch:%" VADDR_PRIx ";", 148 GDB_SIGNAL_TRAP, tid->str, type, 149 cpu->watchpoint_hit->vaddr); 150 cpu->watchpoint_hit = NULL; 151 goto send_packet; 152 } else { 153 trace_gdbstub_hit_break(); 154 } 155 tb_flush(cpu); 156 ret = GDB_SIGNAL_TRAP; 157 break; 158 case RUN_STATE_PAUSED: 159 trace_gdbstub_hit_paused(); 160 ret = GDB_SIGNAL_INT; 161 break; 162 case RUN_STATE_SHUTDOWN: 163 trace_gdbstub_hit_shutdown(); 164 ret = GDB_SIGNAL_QUIT; 165 break; 166 case RUN_STATE_IO_ERROR: 167 trace_gdbstub_hit_io_error(); 168 ret = GDB_SIGNAL_IO; 169 break; 170 case RUN_STATE_WATCHDOG: 171 trace_gdbstub_hit_watchdog(); 172 ret = GDB_SIGNAL_ALRM; 173 break; 174 case RUN_STATE_INTERNAL_ERROR: 175 trace_gdbstub_hit_internal_error(); 176 ret = GDB_SIGNAL_ABRT; 177 break; 178 case RUN_STATE_SAVE_VM: 179 case RUN_STATE_RESTORE_VM: 180 return; 181 case RUN_STATE_FINISH_MIGRATE: 182 ret = GDB_SIGNAL_XCPU; 183 break; 184 default: 185 trace_gdbstub_hit_unknown(state); 186 ret = GDB_SIGNAL_UNKNOWN; 187 break; 188 } 189 gdb_set_stop_cpu(cpu); 190 g_string_printf(buf, "T%02xthread:%s;", ret, tid->str); 191 192 send_packet: 193 gdb_put_packet(buf->str); 194 195 /* disable single step if it was enabled */ 196 cpu_single_step(cpu, 0); 197 } 198 199 #ifndef _WIN32 200 static void gdb_sigterm_handler(int signal) 201 { 202 if (runstate_is_running()) { 203 vm_stop(RUN_STATE_PAUSED); 204 } 205 } 206 #endif 207 208 static int gdb_monitor_write(Chardev *chr, const uint8_t *buf, int len) 209 { 210 g_autoptr(GString) hex_buf = g_string_new("O"); 211 gdb_memtohex(hex_buf, buf, len); 212 gdb_put_packet(hex_buf->str); 213 return len; 214 } 215 216 static void gdb_monitor_open(Chardev *chr, ChardevBackend *backend, 217 bool *be_opened, Error **errp) 218 { 219 *be_opened = false; 220 } 221 222 static void char_gdb_class_init(ObjectClass *oc, void *data) 223 { 224 ChardevClass *cc = CHARDEV_CLASS(oc); 225 226 cc->internal = true; 227 cc->open = gdb_monitor_open; 228 cc->chr_write = gdb_monitor_write; 229 } 230 231 #define TYPE_CHARDEV_GDB "chardev-gdb" 232 233 static const TypeInfo char_gdb_type_info = { 234 .name = TYPE_CHARDEV_GDB, 235 .parent = TYPE_CHARDEV, 236 .class_init = char_gdb_class_init, 237 }; 238 239 static int gdb_chr_can_receive(void *opaque) 240 { 241 /* 242 * We can handle an arbitrarily large amount of data. 243 * Pick the maximum packet size, which is as good as anything. 244 */ 245 return MAX_PACKET_LENGTH; 246 } 247 248 static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size) 249 { 250 int i; 251 252 for (i = 0; i < size; i++) { 253 gdb_read_byte(buf[i]); 254 } 255 } 256 257 static int find_cpu_clusters(Object *child, void *opaque) 258 { 259 if (object_dynamic_cast(child, TYPE_CPU_CLUSTER)) { 260 GDBState *s = (GDBState *) opaque; 261 CPUClusterState *cluster = CPU_CLUSTER(child); 262 GDBProcess *process; 263 264 s->processes = g_renew(GDBProcess, s->processes, ++s->process_num); 265 266 process = &s->processes[s->process_num - 1]; 267 268 /* 269 * GDB process IDs -1 and 0 are reserved. To avoid subtle errors at 270 * runtime, we enforce here that the machine does not use a cluster ID 271 * that would lead to PID 0. 272 */ 273 assert(cluster->cluster_id != UINT32_MAX); 274 process->pid = cluster->cluster_id + 1; 275 process->attached = false; 276 process->target_xml[0] = '\0'; 277 278 return 0; 279 } 280 281 return object_child_foreach(child, find_cpu_clusters, opaque); 282 } 283 284 static int pid_order(const void *a, const void *b) 285 { 286 GDBProcess *pa = (GDBProcess *) a; 287 GDBProcess *pb = (GDBProcess *) b; 288 289 if (pa->pid < pb->pid) { 290 return -1; 291 } else if (pa->pid > pb->pid) { 292 return 1; 293 } else { 294 return 0; 295 } 296 } 297 298 static void create_processes(GDBState *s) 299 { 300 object_child_foreach(object_get_root(), find_cpu_clusters, s); 301 302 if (gdbserver_state.processes) { 303 /* Sort by PID */ 304 qsort(gdbserver_state.processes, 305 gdbserver_state.process_num, 306 sizeof(gdbserver_state.processes[0]), 307 pid_order); 308 } 309 310 gdb_create_default_process(s); 311 } 312 313 int gdbserver_start(const char *device) 314 { 315 trace_gdbstub_op_start(device); 316 317 char gdbstub_device_name[128]; 318 Chardev *chr = NULL; 319 Chardev *mon_chr; 320 321 if (!first_cpu) { 322 error_report("gdbstub: meaningless to attach gdb to a " 323 "machine without any CPU."); 324 return -1; 325 } 326 327 if (!gdb_supports_guest_debug()) { 328 error_report("gdbstub: current accelerator doesn't " 329 "support guest debugging"); 330 return -1; 331 } 332 333 if (!device) { 334 return -1; 335 } 336 if (strcmp(device, "none") != 0) { 337 if (strstart(device, "tcp:", NULL)) { 338 /* enforce required TCP attributes */ 339 snprintf(gdbstub_device_name, sizeof(gdbstub_device_name), 340 "%s,wait=off,nodelay=on,server=on", device); 341 device = gdbstub_device_name; 342 } 343 #ifndef _WIN32 344 else if (strcmp(device, "stdio") == 0) { 345 struct sigaction act; 346 347 memset(&act, 0, sizeof(act)); 348 act.sa_handler = gdb_sigterm_handler; 349 sigaction(SIGINT, &act, NULL); 350 } 351 #endif 352 /* 353 * FIXME: it's a bit weird to allow using a mux chardev here 354 * and implicitly setup a monitor. We may want to break this. 355 */ 356 chr = qemu_chr_new_noreplay("gdb", device, true, NULL); 357 if (!chr) { 358 return -1; 359 } 360 } 361 362 if (!gdbserver_state.init) { 363 gdb_init_gdbserver_state(); 364 365 qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL); 366 367 /* Initialize a monitor terminal for gdb */ 368 mon_chr = qemu_chardev_new(NULL, TYPE_CHARDEV_GDB, 369 NULL, NULL, &error_abort); 370 monitor_init_hmp(mon_chr, false, &error_abort); 371 } else { 372 qemu_chr_fe_deinit(&gdbserver_system_state.chr, true); 373 mon_chr = gdbserver_system_state.mon_chr; 374 reset_gdbserver_state(); 375 } 376 377 create_processes(&gdbserver_state); 378 379 if (chr) { 380 qemu_chr_fe_init(&gdbserver_system_state.chr, chr, &error_abort); 381 qemu_chr_fe_set_handlers(&gdbserver_system_state.chr, 382 gdb_chr_can_receive, 383 gdb_chr_receive, gdb_chr_event, 384 NULL, &gdbserver_state, NULL, true); 385 } 386 gdbserver_state.state = chr ? RS_IDLE : RS_INACTIVE; 387 gdbserver_system_state.mon_chr = mon_chr; 388 gdb_syscall_reset(); 389 390 return 0; 391 } 392 393 static void register_types(void) 394 { 395 type_register_static(&char_gdb_type_info); 396 } 397 398 type_init(register_types); 399 400 /* Tell the remote gdb that the process has exited. */ 401 void gdb_exit(int code) 402 { 403 char buf[4]; 404 405 if (!gdbserver_state.init) { 406 return; 407 } 408 409 trace_gdbstub_op_exiting((uint8_t)code); 410 411 snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code); 412 gdb_put_packet(buf); 413 414 qemu_chr_fe_deinit(&gdbserver_system_state.chr, true); 415 } 416 417 /* 418 * Memory access 419 */ 420 static int phy_memory_mode; 421 422 int gdb_target_memory_rw_debug(CPUState *cpu, hwaddr addr, 423 uint8_t *buf, int len, bool is_write) 424 { 425 CPUClass *cc; 426 427 if (phy_memory_mode) { 428 if (is_write) { 429 cpu_physical_memory_write(addr, buf, len); 430 } else { 431 cpu_physical_memory_read(addr, buf, len); 432 } 433 return 0; 434 } 435 436 cc = CPU_GET_CLASS(cpu); 437 if (cc->memory_rw_debug) { 438 return cc->memory_rw_debug(cpu, addr, buf, len, is_write); 439 } 440 441 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write); 442 } 443 444 /* 445 * cpu helpers 446 */ 447 448 unsigned int gdb_get_max_cpus(void) 449 { 450 MachineState *ms = MACHINE(qdev_get_machine()); 451 return ms->smp.max_cpus; 452 } 453 454 bool gdb_can_reverse(void) 455 { 456 return replay_mode == REPLAY_MODE_PLAY; 457 } 458 459 /* 460 * Softmmu specific command helpers 461 */ 462 463 void gdb_handle_query_qemu_phy_mem_mode(GArray *params, 464 void *user_ctx) 465 { 466 g_string_printf(gdbserver_state.str_buf, "%d", phy_memory_mode); 467 gdb_put_strbuf(); 468 } 469 470 void gdb_handle_set_qemu_phy_mem_mode(GArray *params, void *user_ctx) 471 { 472 if (!params->len) { 473 gdb_put_packet("E22"); 474 return; 475 } 476 477 if (!get_param(params, 0)->val_ul) { 478 phy_memory_mode = 0; 479 } else { 480 phy_memory_mode = 1; 481 } 482 gdb_put_packet("OK"); 483 } 484 485 void gdb_handle_query_rcmd(GArray *params, void *user_ctx) 486 { 487 const guint8 zero = 0; 488 int len; 489 490 if (!params->len) { 491 gdb_put_packet("E22"); 492 return; 493 } 494 495 len = strlen(get_param(params, 0)->data); 496 if (len % 2) { 497 gdb_put_packet("E01"); 498 return; 499 } 500 501 g_assert(gdbserver_state.mem_buf->len == 0); 502 len = len / 2; 503 gdb_hextomem(gdbserver_state.mem_buf, get_param(params, 0)->data, len); 504 g_byte_array_append(gdbserver_state.mem_buf, &zero, 1); 505 qemu_chr_be_write(gdbserver_system_state.mon_chr, 506 gdbserver_state.mem_buf->data, 507 gdbserver_state.mem_buf->len); 508 gdb_put_packet("OK"); 509 } 510 511 /* 512 * Execution state helpers 513 */ 514 515 void gdb_handle_query_attached(GArray *params, void *user_ctx) 516 { 517 gdb_put_packet("1"); 518 } 519 520 void gdb_continue(void) 521 { 522 if (!runstate_needs_reset()) { 523 trace_gdbstub_op_continue(); 524 vm_start(); 525 } 526 } 527 528 /* 529 * Resume execution, per CPU actions. 530 */ 531 int gdb_continue_partial(char *newstates) 532 { 533 CPUState *cpu; 534 int res = 0; 535 int flag = 0; 536 537 if (!runstate_needs_reset()) { 538 bool step_requested = false; 539 CPU_FOREACH(cpu) { 540 if (newstates[cpu->cpu_index] == 's') { 541 step_requested = true; 542 break; 543 } 544 } 545 546 if (vm_prepare_start(step_requested)) { 547 return 0; 548 } 549 550 CPU_FOREACH(cpu) { 551 switch (newstates[cpu->cpu_index]) { 552 case 0: 553 case 1: 554 break; /* nothing to do here */ 555 case 's': 556 trace_gdbstub_op_stepping(cpu->cpu_index); 557 cpu_single_step(cpu, gdbserver_state.sstep_flags); 558 cpu_resume(cpu); 559 flag = 1; 560 break; 561 case 'c': 562 trace_gdbstub_op_continue_cpu(cpu->cpu_index); 563 cpu_resume(cpu); 564 flag = 1; 565 break; 566 default: 567 res = -1; 568 break; 569 } 570 } 571 } 572 if (flag) { 573 qemu_clock_enable(QEMU_CLOCK_VIRTUAL, true); 574 } 575 return res; 576 } 577 578 /* 579 * Signal Handling - in system mode we only need SIGINT and SIGTRAP; other 580 * signals are not yet supported. 581 */ 582 583 enum { 584 TARGET_SIGINT = 2, 585 TARGET_SIGTRAP = 5 586 }; 587 588 int gdb_signal_to_target(int sig) 589 { 590 switch (sig) { 591 case 2: 592 return TARGET_SIGINT; 593 case 5: 594 return TARGET_SIGTRAP; 595 default: 596 return -1; 597 } 598 } 599 600 /* 601 * Break/Watch point helpers 602 */ 603 604 bool gdb_supports_guest_debug(void) 605 { 606 const AccelOpsClass *ops = cpus_get_accel(); 607 if (ops->supports_guest_debug) { 608 return ops->supports_guest_debug(); 609 } 610 return false; 611 } 612 613 int gdb_breakpoint_insert(CPUState *cs, int type, vaddr addr, vaddr len) 614 { 615 const AccelOpsClass *ops = cpus_get_accel(); 616 if (ops->insert_breakpoint) { 617 return ops->insert_breakpoint(cs, type, addr, len); 618 } 619 return -ENOSYS; 620 } 621 622 int gdb_breakpoint_remove(CPUState *cs, int type, vaddr addr, vaddr len) 623 { 624 const AccelOpsClass *ops = cpus_get_accel(); 625 if (ops->remove_breakpoint) { 626 return ops->remove_breakpoint(cs, type, addr, len); 627 } 628 return -ENOSYS; 629 } 630 631 void gdb_breakpoint_remove_all(CPUState *cs) 632 { 633 const AccelOpsClass *ops = cpus_get_accel(); 634 if (ops->remove_all_breakpoints) { 635 ops->remove_all_breakpoints(cs); 636 } 637 } 638