LXR qemu/gdbstub.c

   1/*
   2 * gdb server stub
   3 *
   4 * Copyright (c) 2003-2005 Fabrice Bellard
   5 *
   6 * This library is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU Lesser General Public
   8 * License as published by the Free Software Foundation; either
   9 * version 2 of the License, or (at your option) any later version.
  10 *
  11 * This library is distributed in the hope that it will be useful,
  12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14 * Lesser General Public License for more details.
  15 *
  16 * You should have received a copy of the GNU Lesser General Public
  17 * License along with this library; if not, write to the Free Software
  18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA  02110-1301 USA
  19 */
  20#include "config.h"
  21#include "qemu-common.h"
  22#ifdef CONFIG_USER_ONLY
  23#include <stdlib.h>
  24#include <stdio.h>
  25#include <stdarg.h>
  26#include <string.h>
  27#include <errno.h>
  28#include <unistd.h>
  29#include <fcntl.h>
  30
  31#include "qemu.h"
  32#else
  33#include "qemu-char.h"
  34#include "sysemu.h"
  35#include "gdbstub.h"
  36#endif
  37
  38#define MAX_PACKET_LENGTH 4096
  39
  40#include "qemu_socket.h"
  41
  42
  43enum {
  44    GDB_SIGNAL_0 = 0,
  45    GDB_SIGNAL_INT = 2,
  46    GDB_SIGNAL_TRAP = 5,
  47    GDB_SIGNAL_UNKNOWN = 143
  48};
  49
  50#ifdef CONFIG_USER_ONLY
  51
  52/* Map target signal numbers to GDB protocol signal numbers and vice
  53 * versa.  For user emulation's currently supported systems, we can
  54 * assume most signals are defined.
  55 */
  56
  57static int gdb_signal_table[] = {
  58    0,
  59    TARGET_SIGHUP,
  60    TARGET_SIGINT,
  61    TARGET_SIGQUIT,
  62    TARGET_SIGILL,
  63    TARGET_SIGTRAP,
  64    TARGET_SIGABRT,
  65    -1, /* SIGEMT */
  66    TARGET_SIGFPE,
  67    TARGET_SIGKILL,
  68    TARGET_SIGBUS,
  69    TARGET_SIGSEGV,
  70    TARGET_SIGSYS,
  71    TARGET_SIGPIPE,
  72    TARGET_SIGALRM,
  73    TARGET_SIGTERM,
  74    TARGET_SIGURG,
  75    TARGET_SIGSTOP,
  76    TARGET_SIGTSTP,
  77    TARGET_SIGCONT,
  78    TARGET_SIGCHLD,
  79    TARGET_SIGTTIN,
  80    TARGET_SIGTTOU,
  81    TARGET_SIGIO,
  82    TARGET_SIGXCPU,
  83    TARGET_SIGXFSZ,
  84    TARGET_SIGVTALRM,
  85    TARGET_SIGPROF,
  86    TARGET_SIGWINCH,
  87    -1, /* SIGLOST */
  88    TARGET_SIGUSR1,
  89    TARGET_SIGUSR2,
  90#ifdef TARGET_SIGPWR
  91    TARGET_SIGPWR,
  92#else
  93    -1,
  94#endif
  95    -1, /* SIGPOLL */
  96    -1,
  97    -1,
  98    -1,
  99    -1,
 100    -1,
 101    -1,
 102    -1,
 103    -1,
 104    -1,
 105    -1,
 106    -1,
 107#ifdef __SIGRTMIN
 108    __SIGRTMIN + 1,
 109    __SIGRTMIN + 2,
 110    __SIGRTMIN + 3,
 111    __SIGRTMIN + 4,
 112    __SIGRTMIN + 5,
 113    __SIGRTMIN + 6,
 114    __SIGRTMIN + 7,
 115    __SIGRTMIN + 8,
 116    __SIGRTMIN + 9,
 117    __SIGRTMIN + 10,
 118    __SIGRTMIN + 11,
 119    __SIGRTMIN + 12,
 120    __SIGRTMIN + 13,
 121    __SIGRTMIN + 14,
 122    __SIGRTMIN + 15,
 123    __SIGRTMIN + 16,
 124    __SIGRTMIN + 17,
 125    __SIGRTMIN + 18,
 126    __SIGRTMIN + 19,
 127    __SIGRTMIN + 20,
 128    __SIGRTMIN + 21,
 129    __SIGRTMIN + 22,
 130    __SIGRTMIN + 23,
 131    __SIGRTMIN + 24,
 132    __SIGRTMIN + 25,
 133    __SIGRTMIN + 26,
 134    __SIGRTMIN + 27,
 135    __SIGRTMIN + 28,
 136    __SIGRTMIN + 29,
 137    __SIGRTMIN + 30,
 138    __SIGRTMIN + 31,
 139    -1, /* SIGCANCEL */
 140    __SIGRTMIN,
 141    __SIGRTMIN + 32,
 142    __SIGRTMIN + 33,
 143    __SIGRTMIN + 34,
 144    __SIGRTMIN + 35,
 145    __SIGRTMIN + 36,
 146    __SIGRTMIN + 37,
 147    __SIGRTMIN + 38,
 148    __SIGRTMIN + 39,
 149    __SIGRTMIN + 40,
 150    __SIGRTMIN + 41,
 151    __SIGRTMIN + 42,
 152    __SIGRTMIN + 43,
 153    __SIGRTMIN + 44,
 154    __SIGRTMIN + 45,
 155    __SIGRTMIN + 46,
 156    __SIGRTMIN + 47,
 157    __SIGRTMIN + 48,
 158    __SIGRTMIN + 49,
 159    __SIGRTMIN + 50,
 160    __SIGRTMIN + 51,
 161    __SIGRTMIN + 52,
 162    __SIGRTMIN + 53,
 163    __SIGRTMIN + 54,
 164    __SIGRTMIN + 55,
 165    __SIGRTMIN + 56,
 166    __SIGRTMIN + 57,
 167    __SIGRTMIN + 58,
 168    __SIGRTMIN + 59,
 169    __SIGRTMIN + 60,
 170    __SIGRTMIN + 61,
 171    __SIGRTMIN + 62,
 172    __SIGRTMIN + 63,
 173    __SIGRTMIN + 64,
 174    __SIGRTMIN + 65,
 175    __SIGRTMIN + 66,
 176    __SIGRTMIN + 67,
 177    __SIGRTMIN + 68,
 178    __SIGRTMIN + 69,
 179    __SIGRTMIN + 70,
 180    __SIGRTMIN + 71,
 181    __SIGRTMIN + 72,
 182    __SIGRTMIN + 73,
 183    __SIGRTMIN + 74,
 184    __SIGRTMIN + 75,
 185    __SIGRTMIN + 76,
 186    __SIGRTMIN + 77,
 187    __SIGRTMIN + 78,
 188    __SIGRTMIN + 79,
 189    __SIGRTMIN + 80,
 190    __SIGRTMIN + 81,
 191    __SIGRTMIN + 82,
 192    __SIGRTMIN + 83,
 193    __SIGRTMIN + 84,
 194    __SIGRTMIN + 85,
 195    __SIGRTMIN + 86,
 196    __SIGRTMIN + 87,
 197    __SIGRTMIN + 88,
 198    __SIGRTMIN + 89,
 199    __SIGRTMIN + 90,
 200    __SIGRTMIN + 91,
 201    __SIGRTMIN + 92,
 202    __SIGRTMIN + 93,
 203    __SIGRTMIN + 94,
 204    __SIGRTMIN + 95,
 205    -1, /* SIGINFO */
 206    -1, /* UNKNOWN */
 207    -1, /* DEFAULT */
 208    -1,
 209    -1,
 210    -1,
 211    -1,
 212    -1,
 213    -1
 214#endif
 215};
 216#else
 217/* In system mode we only need SIGINT and SIGTRAP; other signals
 218   are not yet supported.  */
 219
 220enum {
 221    TARGET_SIGINT = 2,
 222    TARGET_SIGTRAP = 5
 223};
 224
 225static int gdb_signal_table[] = {
 226    -1,
 227    -1,
 228    TARGET_SIGINT,
 229    -1,
 230    -1,
 231    TARGET_SIGTRAP
 232};
 233#endif
 234
 235#ifdef CONFIG_USER_ONLY
 236static int target_signal_to_gdb (int sig)
 237{
 238    int i;
 239    for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
 240        if (gdb_signal_table[i] == sig)
 241            return i;
 242    return GDB_SIGNAL_UNKNOWN;
 243}
 244#endif
 245
 246static int gdb_signal_to_target (int sig)
 247{
 248    if (sig < ARRAY_SIZE (gdb_signal_table))
 249        return gdb_signal_table[sig];
 250    else
 251        return -1;
 252}
 253
 254//#define DEBUG_GDB
 255
 256typedef struct GDBRegisterState {
 257    int base_reg;
 258    int num_regs;
 259    gdb_reg_cb get_reg;
 260    gdb_reg_cb set_reg;
 261    const char *xml;
 262    struct GDBRegisterState *next;
 263} GDBRegisterState;
 264
 265enum RSState {
 266    RS_IDLE,
 267    RS_GETLINE,
 268    RS_CHKSUM1,
 269    RS_CHKSUM2,
 270    RS_SYSCALL,
 271};
 272typedef struct GDBState {
 273    CPUState *c_cpu; /* current CPU for step/continue ops */
 274    CPUState *g_cpu; /* current CPU for other ops */
 275    CPUState *query_cpu; /* for q{f|s}ThreadInfo */
 276    enum RSState state; /* parsing state */
 277    char line_buf[MAX_PACKET_LENGTH];
 278    int line_buf_index;
 279    int line_csum;
 280    uint8_t last_packet[MAX_PACKET_LENGTH + 4];
 281    int last_packet_len;
 282    int signal;
 283#ifdef CONFIG_USER_ONLY
 284    int fd;
 285    int running_state;
 286#else
 287    CharDriverState *chr;
 288#endif
 289} GDBState;
 290
 291/* By default use no IRQs and no timers while single stepping so as to
 292 * make single stepping like an ICE HW step.
 293 */
 294static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
 295
 296static GDBState *gdbserver_state;
 297
 298/* This is an ugly hack to cope with both new and old gdb.
 299   If gdb sends qXfer:features:read then assume we're talking to a newish
 300   gdb that understands target descriptions.  */
 301static int gdb_has_xml;
 302
 303#ifdef CONFIG_USER_ONLY
 304/* XXX: This is not thread safe.  Do we care?  */
 305static int gdbserver_fd = -1;
 306
 307static int get_char(GDBState *s)
 308{
 309    uint8_t ch;
 310    int ret;
 311
 312    for(;;) {
 313        ret = recv(s->fd, &ch, 1, 0);
 314        if (ret < 0) {
 315            if (errno == ECONNRESET)
 316                s->fd = -1;
 317            if (errno != EINTR && errno != EAGAIN)
 318                return -1;
 319        } else if (ret == 0) {
 320            close(s->fd);
 321            s->fd = -1;
 322            return -1;
 323        } else {
 324            break;
 325        }
 326    }
 327    return ch;
 328}
 329#endif
 330
 331static gdb_syscall_complete_cb gdb_current_syscall_cb;
 332
 333enum {
 334    GDB_SYS_UNKNOWN,
 335    GDB_SYS_ENABLED,
 336    GDB_SYS_DISABLED,
 337} gdb_syscall_mode;
 338
 339/* If gdb is connected when the first semihosting syscall occurs then use
 340   remote gdb syscalls.  Otherwise use native file IO.  */
 341int use_gdb_syscalls(void)
 342{
 343    if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
 344        gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
 345                                            : GDB_SYS_DISABLED);
 346    }
 347    return gdb_syscall_mode == GDB_SYS_ENABLED;
 348}
 349
 350/* Resume execution.  */
 351static inline void gdb_continue(GDBState *s)
 352{
 353#ifdef CONFIG_USER_ONLY
 354    s->running_state = 1;
 355#else
 356    vm_start();
 357#endif
 358}
 359
 360static void put_buffer(GDBState *s, const uint8_t *buf, int len)
 361{
 362#ifdef CONFIG_USER_ONLY
 363    int ret;
 364
 365    while (len > 0) {
 366        ret = send(s->fd, buf, len, 0);
 367        if (ret < 0) {
 368            if (errno != EINTR && errno != EAGAIN)
 369                return;
 370        } else {
 371            buf += ret;
 372            len -= ret;
 373        }
 374    }
 375#else
 376    qemu_chr_write(s->chr, buf, len);
 377#endif
 378}
 379
 380static inline int fromhex(int v)
 381{
 382    if (v >= '0' && v <= '9')
 383        return v - '0';
 384    else if (v >= 'A' && v <= 'F')
 385        return v - 'A' + 10;
 386    else if (v >= 'a' && v <= 'f')
 387        return v - 'a' + 10;
 388    else
 389        return 0;
 390}
 391
 392static inline int tohex(int v)
 393{
 394    if (v < 10)
 395        return v + '0';
 396    else
 397        return v - 10 + 'a';
 398}
 399
 400static void memtohex(char *buf, const uint8_t *mem, int len)
 401{
 402    int i, c;
 403    char *q;
 404    q = buf;
 405    for(i = 0; i < len; i++) {
 406        c = mem[i];
 407        *q++ = tohex(c >> 4);
 408        *q++ = tohex(c & 0xf);
 409    }
 410    *q = '\0';
 411}
 412
 413static void hextomem(uint8_t *mem, const char *buf, int len)
 414{
 415    int i;
 416
 417    for(i = 0; i < len; i++) {
 418        mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
 419        buf += 2;
 420    }
 421}
 422
 423/* return -1 if error, 0 if OK */
 424static int put_packet_binary(GDBState *s, const char *buf, int len)
 425{
 426    int csum, i;
 427    uint8_t *p;
 428
 429    for(;;) {
 430        p = s->last_packet;
 431        *(p++) = '$';
 432        memcpy(p, buf, len);
 433        p += len;
 434        csum = 0;
 435        for(i = 0; i < len; i++) {
 436            csum += buf[i];
 437        }
 438        *(p++) = '#';
 439        *(p++) = tohex((csum >> 4) & 0xf);
 440        *(p++) = tohex((csum) & 0xf);
 441
 442        s->last_packet_len = p - s->last_packet;
 443        put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
 444
 445#ifdef CONFIG_USER_ONLY
 446        i = get_char(s);
 447        if (i < 0)
 448            return -1;
 449        if (i == '+')
 450            break;
 451#else
 452        break;
 453#endif
 454    }
 455    return 0;
 456}
 457
 458/* return -1 if error, 0 if OK */
 459static int put_packet(GDBState *s, const char *buf)
 460{
 461#ifdef DEBUG_GDB
 462    printf("reply='%s'\n", buf);
 463#endif
 464
 465    return put_packet_binary(s, buf, strlen(buf));
 466}
 467
 468/* The GDB remote protocol transfers values in target byte order.  This means
 469   we can use the raw memory access routines to access the value buffer.
 470   Conveniently, these also handle the case where the buffer is mis-aligned.
 471 */
 472#define GET_REG8(val) do { \
 473    stb_p(mem_buf, val); \
 474    return 1; \
 475    } while(0)
 476#define GET_REG16(val) do { \
 477    stw_p(mem_buf, val); \
 478    return 2; \
 479    } while(0)
 480#define GET_REG32(val) do { \
 481    stl_p(mem_buf, val); \
 482    return 4; \
 483    } while(0)
 484#define GET_REG64(val) do { \
 485    stq_p(mem_buf, val); \
 486    return 8; \
 487    } while(0)
 488
 489#if TARGET_LONG_BITS == 64
 490#define GET_REGL(val) GET_REG64(val)
 491#define ldtul_p(addr) ldq_p(addr)
 492#else
 493#define GET_REGL(val) GET_REG32(val)
 494#define ldtul_p(addr) ldl_p(addr)
 495#endif
 496
 497#if defined(TARGET_I386)
 498
 499#ifdef TARGET_X86_64
 500static const int gpr_map[16] = {
 501    R_EAX, R_EBX, R_ECX, R_EDX, R_ESI, R_EDI, R_EBP, R_ESP,
 502    8, 9, 10, 11, 12, 13, 14, 15
 503};
 504#else
 505static const int gpr_map[8] = {0, 1, 2, 3, 4, 5, 6, 7};
 506#endif
 507
 508#define NUM_CORE_REGS (CPU_NB_REGS * 2 + 25)
 509
 510static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
 511{
 512    if (n < CPU_NB_REGS) {
 513        GET_REGL(env->regs[gpr_map[n]]);
 514    } else if (n >= CPU_NB_REGS + 8 && n < CPU_NB_REGS + 16) {
 515        /* FIXME: byteswap float values.  */
 516#ifdef USE_X86LDOUBLE
 517        memcpy(mem_buf, &env->fpregs[n - (CPU_NB_REGS + 8)], 10);
 518#else
 519        memset(mem_buf, 0, 10);
 520#endif
 521        return 10;
 522    } else if (n >= CPU_NB_REGS + 24) {
 523        n -= CPU_NB_REGS + 24;
 524        if (n < CPU_NB_REGS) {
 525            stq_p(mem_buf, env->xmm_regs[n].XMM_Q(0));
 526            stq_p(mem_buf + 8, env->xmm_regs[n].XMM_Q(1));
 527            return 16;
 528        } else if (n == CPU_NB_REGS) {
 529            GET_REG32(env->mxcsr);
 530        } 
 531    } else {
 532        n -= CPU_NB_REGS;
 533        switch (n) {
 534        case 0: GET_REGL(env->eip);
 535        case 1: GET_REG32(env->eflags);
 536        case 2: GET_REG32(env->segs[R_CS].selector);
 537        case 3: GET_REG32(env->segs[R_SS].selector);
 538        case 4: GET_REG32(env->segs[R_DS].selector);
 539        case 5: GET_REG32(env->segs[R_ES].selector);
 540        case 6: GET_REG32(env->segs[R_FS].selector);
 541        case 7: GET_REG32(env->segs[R_GS].selector);
 542        /* 8...15 x87 regs.  */
 543        case 16: GET_REG32(env->fpuc);
 544        case 17: GET_REG32((env->fpus & ~0x3800) | (env->fpstt & 0x7) << 11);
 545        case 18: GET_REG32(0); /* ftag */
 546        case 19: GET_REG32(0); /* fiseg */
 547        case 20: GET_REG32(0); /* fioff */
 548        case 21: GET_REG32(0); /* foseg */
 549        case 22: GET_REG32(0); /* fooff */
 550        case 23: GET_REG32(0); /* fop */
 551        /* 24+ xmm regs.  */
 552        }
 553    }
 554    return 0;
 555}
 556
 557static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int i)
 558{
 559    uint32_t tmp;
 560
 561    if (i < CPU_NB_REGS) {
 562        env->regs[gpr_map[i]] = ldtul_p(mem_buf);
 563        return sizeof(target_ulong);
 564    } else if (i >= CPU_NB_REGS + 8 && i < CPU_NB_REGS + 16) {
 565        i -= CPU_NB_REGS + 8;
 566#ifdef USE_X86LDOUBLE
 567        memcpy(&env->fpregs[i], mem_buf, 10);
 568#endif
 569        return 10;
 570    } else if (i >= CPU_NB_REGS + 24) {
 571        i -= CPU_NB_REGS + 24;
 572        if (i < CPU_NB_REGS) {
 573            env->xmm_regs[i].XMM_Q(0) = ldq_p(mem_buf);
 574            env->xmm_regs[i].XMM_Q(1) = ldq_p(mem_buf + 8);
 575            return 16;
 576        } else if (i == CPU_NB_REGS) {
 577            env->mxcsr = ldl_p(mem_buf);
 578            return 4;
 579        }
 580    } else {
 581        i -= CPU_NB_REGS;
 582        switch (i) {
 583        case 0: env->eip = ldtul_p(mem_buf); return sizeof(target_ulong);
 584        case 1: env->eflags = ldl_p(mem_buf); return 4;
 585#if defined(CONFIG_USER_ONLY)
 586#define LOAD_SEG(index, sreg)\
 587            tmp = ldl_p(mem_buf);\
 588            if (tmp != env->segs[sreg].selector)\
 589                cpu_x86_load_seg(env, sreg, tmp);
 590#else
 591/* FIXME: Honor segment registers.  Needs to avoid raising an exception
 592   when the selector is invalid.  */
 593#define LOAD_SEG(index, sreg) do {} while(0)
 594#endif
 595        case 2: LOAD_SEG(10, R_CS); return 4;
 596        case 3: LOAD_SEG(11, R_SS); return 4;
 597        case 4: LOAD_SEG(12, R_DS); return 4;
 598        case 5: LOAD_SEG(13, R_ES); return 4;
 599        case 6: LOAD_SEG(14, R_FS); return 4;
 600        case 7: LOAD_SEG(15, R_GS); return 4;
 601        /* 8...15 x87 regs.  */
 602        case 16: env->fpuc = ldl_p(mem_buf); return 4;
 603        case 17:
 604                 tmp = ldl_p(mem_buf);
 605                 env->fpstt = (tmp >> 11) & 7;
 606                 env->fpus = tmp & ~0x3800;
 607                 return 4;
 608        case 18: /* ftag */ return 4;
 609        case 19: /* fiseg */ return 4;
 610        case 20: /* fioff */ return 4;
 611        case 21: /* foseg */ return 4;
 612        case 22: /* fooff */ return 4;
 613        case 23: /* fop */ return 4;
 614        /* 24+ xmm regs.  */
 615        }
 616    }
 617    /* Unrecognised register.  */
 618    return 0;
 619}
 620
 621#elif defined (TARGET_PPC)
 622
 623/* Old gdb always expects FP registers.  Newer (xml-aware) gdb only
 624   expects whatever the target description contains.  Due to a
 625   historical mishap the FP registers appear in between core integer
 626   regs and PC, MSR, CR, and so forth.  We hack round this by giving the
 627   FP regs zero size when talking to a newer gdb.  */
 628#define NUM_CORE_REGS 71
 629#if defined (TARGET_PPC64)
 630#define GDB_CORE_XML "power64-core.xml"
 631#else
 632#define GDB_CORE_XML "power-core.xml"
 633#endif
 634
 635static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
 636{
 637    if (n < 32) {
 638        /* gprs */
 639        GET_REGL(env->gpr[n]);
 640    } else if (n < 64) {
 641        /* fprs */
 642        if (gdb_has_xml)
 643            return 0;
 644        stfq_p(mem_buf, env->fpr[n-32]);
 645        return 8;
 646    } else {
 647        switch (n) {
 648        case 64: GET_REGL(env->nip);
 649        case 65: GET_REGL(env->msr);
 650        case 66:
 651            {
 652                uint32_t cr = 0;
 653                int i;
 654                for (i = 0; i < 8; i++)
 655                    cr |= env->crf[i] << (32 - ((i + 1) * 4));
 656                GET_REG32(cr);
 657            }
 658        case 67: GET_REGL(env->lr);
 659        case 68: GET_REGL(env->ctr);
 660        case 69: GET_REGL(env->xer);
 661        case 70:
 662            {
 663                if (gdb_has_xml)
 664                    return 0;
 665                GET_REG32(0); /* fpscr */
 666            }
 667        }
 668    }
 669    return 0;
 670}
 671
 672static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
 673{
 674    if (n < 32) {
 675        /* gprs */
 676        env->gpr[n] = ldtul_p(mem_buf);
 677        return sizeof(target_ulong);
 678    } else if (n < 64) {
 679        /* fprs */
 680        if (gdb_has_xml)
 681            return 0;
 682        env->fpr[n-32] = ldfq_p(mem_buf);
 683        return 8;
 684    } else {
 685        switch (n) {
 686        case 64:
 687            env->nip = ldtul_p(mem_buf);
 688            return sizeof(target_ulong);
 689        case 65:
 690            ppc_store_msr(env, ldtul_p(mem_buf));
 691            return sizeof(target_ulong);
 692        case 66:
 693            {
 694                uint32_t cr = ldl_p(mem_buf);
 695                int i;
 696                for (i = 0; i < 8; i++)
 697                    env->crf[i] = (cr >> (32 - ((i + 1) * 4))) & 0xF;
 698                return 4;
 699            }
 700        case 67:
 701            env->lr = ldtul_p(mem_buf);
 702            return sizeof(target_ulong);
 703        case 68:
 704            env->ctr = ldtul_p(mem_buf);
 705            return sizeof(target_ulong);
 706        case 69:
 707            env->xer = ldtul_p(mem_buf);
 708            return sizeof(target_ulong);
 709        case 70:
 710            /* fpscr */
 711            if (gdb_has_xml)
 712                return 0;
 713            return 4;
 714        }
 715    }
 716    return 0;
 717}
 718
 719#elif defined (TARGET_SPARC)
 720
 721#if defined(TARGET_SPARC64) && !defined(TARGET_ABI32)
 722#define NUM_CORE_REGS 86
 723#else
 724#define NUM_CORE_REGS 72
 725#endif
 726
 727#ifdef TARGET_ABI32
 728#define GET_REGA(val) GET_REG32(val)
 729#else
 730#define GET_REGA(val) GET_REGL(val)
 731#endif
 732
 733static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
 734{
 735    if (n < 8) {
 736        /* g0..g7 */
 737        GET_REGA(env->gregs[n]);
 738    }
 739    if (n < 32) {
 740        /* register window */
 741        GET_REGA(env->regwptr[n - 8]);
 742    }
 743#if defined(TARGET_ABI32) || !defined(TARGET_SPARC64)
 744    if (n < 64) {
 745        /* fprs */
 746        GET_REG32(*((uint32_t *)&env->fpr[n - 32]));
 747    }
 748    /* Y, PSR, WIM, TBR, PC, NPC, FPSR, CPSR */
 749    switch (n) {
 750    case 64: GET_REGA(env->y);
 751    case 65: GET_REGA(GET_PSR(env));
 752    case 66: GET_REGA(env->wim);
 753    case 67: GET_REGA(env->tbr);
 754    case 68: GET_REGA(env->pc);
 755    case 69: GET_REGA(env->npc);
 756    case 70: GET_REGA(env->fsr);
 757    case 71: GET_REGA(0); /* csr */
 758    default: GET_REGA(0);
 759    }
 760#else
 761    if (n < 64) {
 762        /* f0-f31 */
 763        GET_REG32(*((uint32_t *)&env->fpr[n - 32]));
 764    }
 765    if (n < 80) {
 766        /* f32-f62 (double width, even numbers only) */
 767        uint64_t val;
 768
 769        val = (uint64_t)*((uint32_t *)&env->fpr[(n - 64) * 2 + 32]) << 32;
 770        val |= *((uint32_t *)&env->fpr[(n - 64) * 2 + 33]);
 771        GET_REG64(val);
 772    }
 773    switch (n) {
 774    case 80: GET_REGL(env->pc);
 775    case 81: GET_REGL(env->npc);
 776    case 82: GET_REGL(((uint64_t)GET_CCR(env) << 32) |
 777                           ((env->asi & 0xff) << 24) |
 778                           ((env->pstate & 0xfff) << 8) |
 779                           GET_CWP64(env));
 780    case 83: GET_REGL(env->fsr);
 781    case 84: GET_REGL(env->fprs);
 782    case 85: GET_REGL(env->y);
 783    }
 784#endif
 785    return 0;
 786}
 787
 788static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
 789{
 790#if defined(TARGET_ABI32)
 791    abi_ulong tmp;
 792
 793    tmp = ldl_p(mem_buf);
 794#else
 795    target_ulong tmp;
 796
 797    tmp = ldtul_p(mem_buf);
 798#endif
 799
 800    if (n < 8) {
 801        /* g0..g7 */
 802        env->gregs[n] = tmp;
 803    } else if (n < 32) {
 804        /* register window */
 805        env->regwptr[n - 8] = tmp;
 806    }
 807#if defined(TARGET_ABI32) || !defined(TARGET_SPARC64)
 808    else if (n < 64) {
 809        /* fprs */
 810        *((uint32_t *)&env->fpr[n - 32]) = tmp;
 811    } else {
 812        /* Y, PSR, WIM, TBR, PC, NPC, FPSR, CPSR */
 813        switch (n) {
 814        case 64: env->y = tmp; break;
 815        case 65: PUT_PSR(env, tmp); break;
 816        case 66: env->wim = tmp; break;
 817        case 67: env->tbr = tmp; break;
 818        case 68: env->pc = tmp; break;
 819        case 69: env->npc = tmp; break;
 820        case 70: env->fsr = tmp; break;
 821        default: return 0;
 822        }
 823    }
 824    return 4;
 825#else
 826    else if (n < 64) {
 827        /* f0-f31 */
 828        env->fpr[n] = ldfl_p(mem_buf);
 829        return 4;
 830    } else if (n < 80) {
 831        /* f32-f62 (double width, even numbers only) */
 832        *((uint32_t *)&env->fpr[(n - 64) * 2 + 32]) = tmp >> 32;
 833        *((uint32_t *)&env->fpr[(n - 64) * 2 + 33]) = tmp;
 834    } else {
 835        switch (n) {
 836        case 80: env->pc = tmp; break;
 837        case 81: env->npc = tmp; break;
 838        case 82:
 839            PUT_CCR(env, tmp >> 32);
 840            env->asi = (tmp >> 24) & 0xff;
 841            env->pstate = (tmp >> 8) & 0xfff;
 842            PUT_CWP64(env, tmp & 0xff);
 843            break;
 844        case 83: env->fsr = tmp; break;
 845        case 84: env->fprs = tmp; break;
 846        case 85: env->y = tmp; break;
 847        default: return 0;
 848        }
 849    }
 850    return 8;
 851#endif
 852}
 853#elif defined (TARGET_ARM)
 854
 855/* Old gdb always expect FPA registers.  Newer (xml-aware) gdb only expect
 856   whatever the target description contains.  Due to a historical mishap
 857   the FPA registers appear in between core integer regs and the CPSR.
 858   We hack round this by giving the FPA regs zero size when talking to a
 859   newer gdb.  */
 860#define NUM_CORE_REGS 26
 861#define GDB_CORE_XML "arm-core.xml"
 862
 863static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
 864{
 865    if (n < 16) {
 866        /* Core integer register.  */
 867        GET_REG32(env->regs[n]);
 868    }
 869    if (n < 24) {
 870        /* FPA registers.  */
 871        if (gdb_has_xml)
 872            return 0;
 873        memset(mem_buf, 0, 12);
 874        return 12;
 875    }
 876    switch (n) {
 877    case 24:
 878        /* FPA status register.  */
 879        if (gdb_has_xml)
 880            return 0;
 881        GET_REG32(0);
 882    case 25:
 883        /* CPSR */
 884        GET_REG32(cpsr_read(env));
 885    }
 886    /* Unknown register.  */
 887    return 0;
 888}
 889
 890static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
 891{
 892    uint32_t tmp;
 893
 894    tmp = ldl_p(mem_buf);
 895
 896    /* Mask out low bit of PC to workaround gdb bugs.  This will probably
 897       cause problems if we ever implement the Jazelle DBX extensions.  */
 898    if (n == 15)
 899        tmp &= ~1;
 900
 901    if (n < 16) {
 902        /* Core integer register.  */
 903        env->regs[n] = tmp;
 904        return 4;
 905    }
 906    if (n < 24) { /* 16-23 */
 907        /* FPA registers (ignored).  */
 908        if (gdb_has_xml)
 909            return 0;
 910        return 12;
 911    }
 912    switch (n) {
 913    case 24:
 914        /* FPA status register (ignored).  */
 915        if (gdb_has_xml)
 916            return 0;
 917        return 4;
 918    case 25:
 919        /* CPSR */
 920        cpsr_write (env, tmp, 0xffffffff);
 921        return 4;
 922    }
 923    /* Unknown register.  */
 924    return 0;
 925}
 926
 927#elif defined (TARGET_M68K)
 928
 929#define NUM_CORE_REGS 18
 930
 931#define GDB_CORE_XML "cf-core.xml"
 932
 933static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
 934{
 935    if (n < 8) {
 936        /* D0-D7 */
 937        GET_REG32(env->dregs[n]);
 938    } else if (n < 16) {
 939        /* A0-A7 */
 940        GET_REG32(env->aregs[n - 8]);
 941    } else {
 942        switch (n) {
 943        case 16: GET_REG32(env->sr);
 944        case 17: GET_REG32(env->pc);
 945        }
 946    }
 947    /* FP registers not included here because they vary between
 948       ColdFire and m68k.  Use XML bits for these.  */
 949    return 0;
 950}
 951
 952static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
 953{
 954    uint32_t tmp;
 955
 956    tmp = ldl_p(mem_buf);
 957
 958    if (n < 8) {
 959        /* D0-D7 */
 960        env->dregs[n] = tmp;
 961    } else if (n < 8) {
 962        /* A0-A7 */
 963        env->aregs[n - 8] = tmp;
 964    } else {
 965        switch (n) {
 966        case 16: env->sr = tmp; break;
 967        case 17: env->pc = tmp; break;
 968        default: return 0;
 969        }
 970    }
 971    return 4;
 972}
 973#elif defined (TARGET_MIPS)
 974
 975#define NUM_CORE_REGS 73
 976
 977static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
 978{
 979    if (n < 32) {
 980        GET_REGL(env->active_tc.gpr[n]);
 981    }
 982    if (env->CP0_Config1 & (1 << CP0C1_FP)) {
 983        if (n >= 38 && n < 70) {
 984            if (env->CP0_Status & (1 << CP0St_FR))
 985                GET_REGL(env->active_fpu.fpr[n - 38].d);
 986            else
 987                GET_REGL(env->active_fpu.fpr[n - 38].w[FP_ENDIAN_IDX]);
 988        }
 989        switch (n) {
 990        case 70: GET_REGL((int32_t)env->active_fpu.fcr31);
 991        case 71: GET_REGL((int32_t)env->active_fpu.fcr0);
 992        }
 993    }
 994    switch (n) {
 995    case 32: GET_REGL((int32_t)env->CP0_Status);
 996    case 33: GET_REGL(env->active_tc.LO[0]);
 997    case 34: GET_REGL(env->active_tc.HI[0]);
 998    case 35: GET_REGL(env->CP0_BadVAddr);
 999    case 36: GET_REGL((int32_t)env->CP0_Cause);
1000    case 37: GET_REGL(env->active_tc.PC);

1001    case 72: GET_REGL(0); /* fp */
1002    case 89: GET_REGL((int32_t)env->CP0_PRid);
1003    }
1004    if (n >= 73 && n <= 88) {
1005        /* 16 embedded regs.  */
1006        GET_REGL(0);
1007    }
1008
1009    return 0;
1010}
1011
1012/* convert MIPS rounding mode in FCR31 to IEEE library */
1013static unsigned int ieee_rm[] =
1014  {
1015    float_round_nearest_even,
1016    float_round_to_zero,
1017    float_round_up,
1018    float_round_down
1019  };
1020#define RESTORE_ROUNDING_MODE \
1021    set_float_rounding_mode(ieee_rm[env->active_fpu.fcr31 & 3], &env->active_fpu.fp_status)
1022
1023static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
1024{
1025    target_ulong tmp;
1026
1027    tmp = ldtul_p(mem_buf);
1028
1029    if (n < 32) {
1030        env->active_tc.gpr[n] = tmp;
1031        return sizeof(target_ulong);
1032    }
1033    if (env->CP0_Config1 & (1 << CP0C1_FP)
1034            && n >= 38 && n < 73) {
1035        if (n < 70) {
1036            if (env->CP0_Status & (1 << CP0St_FR))
1037              env->active_fpu.fpr[n - 38].d = tmp;
1038            else
1039              env->active_fpu.fpr[n - 38].w[FP_ENDIAN_IDX] = tmp;
1040        }
1041        switch (n) {
1042        case 70:
1043            env->active_fpu.fcr31 = tmp & 0xFF83FFFF;
1044            /* set rounding mode */
1045            RESTORE_ROUNDING_MODE;
1046#ifndef CONFIG_SOFTFLOAT
1047            /* no floating point exception for native float */
1048            SET_FP_ENABLE(env->active_fpu.fcr31, 0);
1049#endif
1050            break;
1051        case 71: env->active_fpu.fcr0 = tmp; break;
1052        }
1053        return sizeof(target_ulong);
1054    }
1055    switch (n) {
1056    case 32: env->CP0_Status = tmp; break;
1057    case 33: env->active_tc.LO[0] = tmp; break;
1058    case 34: env->active_tc.HI[0] = tmp; break;
1059    case 35: env->CP0_BadVAddr = tmp; break;
1060    case 36: env->CP0_Cause = tmp; break;
1061    case 37: env->active_tc.PC = tmp; break;
1062    case 72: /* fp, ignored */ break;
1063    default: 
1064        if (n > 89)
1065            return 0;
1066        /* Other registers are readonly.  Ignore writes.  */
1067        break;
1068    }
1069
1070    return sizeof(target_ulong);
1071}
1072#elif defined (TARGET_SH4)
1073
1074/* Hint: Use "set architecture sh4" in GDB to see fpu registers */
1075/* FIXME: We should use XML for this.  */
1076
1077#define NUM_CORE_REGS 59
1078
1079static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
1080{
1081    if (n < 8) {
1082        if ((env->sr & (SR_MD | SR_RB)) == (SR_MD | SR_RB)) {
1083            GET_REGL(env->gregs[n + 16]);
1084        } else {
1085            GET_REGL(env->gregs[n]);
1086        }
1087    } else if (n < 16) {
1088        GET_REGL(env->gregs[n - 8]);
1089    } else if (n >= 25 && n < 41) {
1090        GET_REGL(env->fregs[(n - 25) + ((env->fpscr & FPSCR_FR) ? 16 : 0)]);
1091    } else if (n >= 43 && n < 51) {
1092        GET_REGL(env->gregs[n - 43]);
1093    } else if (n >= 51 && n < 59) {
1094        GET_REGL(env->gregs[n - (51 - 16)]);
1095    }
1096    switch (n) {
1097    case 16: GET_REGL(env->pc);
1098    case 17: GET_REGL(env->pr);
1099    case 18: GET_REGL(env->gbr);
1100    case 19: GET_REGL(env->vbr);
1101    case 20: GET_REGL(env->mach);
1102    case 21: GET_REGL(env->macl);
1103    case 22: GET_REGL(env->sr);
1104    case 23: GET_REGL(env->fpul);
1105    case 24: GET_REGL(env->fpscr);
1106    case 41: GET_REGL(env->ssr);
1107    case 42: GET_REGL(env->spc);
1108    }
1109
1110    return 0;
1111}
1112
1113static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
1114{
1115    uint32_t tmp;
1116
1117    tmp = ldl_p(mem_buf);
1118
1119    if (n < 8) {
1120        if ((env->sr & (SR_MD | SR_RB)) == (SR_MD | SR_RB)) {
1121            env->gregs[n + 16] = tmp;
1122        } else {
1123            env->gregs[n] = tmp;
1124        }
1125        return 4;
1126    } else if (n < 16) {
1127        env->gregs[n - 8] = tmp;
1128        return 4;
1129    } else if (n >= 25 && n < 41) {
1130        env->fregs[(n - 25) + ((env->fpscr & FPSCR_FR) ? 16 : 0)] = tmp;
1131    } else if (n >= 43 && n < 51) {
1132        env->gregs[n - 43] = tmp;
1133        return 4;
1134    } else if (n >= 51 && n < 59) {
1135        env->gregs[n - (51 - 16)] = tmp;
1136        return 4;
1137    }
1138    switch (n) {
1139    case 16: env->pc = tmp;
1140    case 17: env->pr = tmp;
1141    case 18: env->gbr = tmp;
1142    case 19: env->vbr = tmp;
1143    case 20: env->mach = tmp;
1144    case 21: env->macl = tmp;
1145    case 22: env->sr = tmp;
1146    case 23: env->fpul = tmp;
1147    case 24: env->fpscr = tmp;
1148    case 41: env->ssr = tmp;
1149    case 42: env->spc = tmp;
1150    default: return 0;
1151    }
1152
1153    return 4;
1154}
1155#elif defined (TARGET_CRIS)
1156
1157#define NUM_CORE_REGS 49
1158
1159static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
1160{
1161    uint8_t srs;
1162
1163    srs = env->pregs[PR_SRS];
1164    if (n < 16) {
1165        GET_REG32(env->regs[n]);
1166    }
1167
1168    if (n >= 21 && n < 32) {
1169        GET_REG32(env->pregs[n - 16]);
1170    }
1171    if (n >= 33 && n < 49) {
1172        GET_REG32(env->sregs[srs][n - 33]);
1173    }
1174    switch (n) {
1175    case 16: GET_REG8(env->pregs[0]);
1176    case 17: GET_REG8(env->pregs[1]);
1177    case 18: GET_REG32(env->pregs[2]);
1178    case 19: GET_REG8(srs);
1179    case 20: GET_REG16(env->pregs[4]);
1180    case 32: GET_REG32(env->pc);
1181    }
1182
1183    return 0;
1184}
1185
1186static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
1187{
1188    uint32_t tmp;
1189
1190    if (n > 49)
1191        return 0;
1192
1193    tmp = ldl_p(mem_buf);
1194
1195    if (n < 16) {
1196        env->regs[n] = tmp;
1197    }
1198
1199    if (n >= 21 && n < 32) {
1200        env->pregs[n - 16] = tmp;
1201    }
1202
1203    /* FIXME: Should support function regs be writable?  */
1204    switch (n) {
1205    case 16: return 1;
1206    case 17: return 1;
1207    case 18: env->pregs[PR_PID] = tmp; break;
1208    case 19: return 1;
1209    case 20: return 2;
1210    case 32: env->pc = tmp; break;
1211    }
1212
1213    return 4;
1214}
1215#elif defined (TARGET_ALPHA)
1216
1217#define NUM_CORE_REGS 65
1218
1219static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
1220{
1221    if (n < 31) {
1222       GET_REGL(env->ir[n]);
1223    }
1224    else if (n == 31) {
1225       GET_REGL(0);
1226    }
1227    else if (n<63) {
1228       uint64_t val;
1229
1230       val=*((uint64_t *)&env->fir[n-32]);
1231       GET_REGL(val);
1232    }
1233    else if (n==63) {
1234       GET_REGL(env->fpcr);
1235    }
1236    else if (n==64) {
1237       GET_REGL(env->pc);
1238    }
1239    else {
1240       GET_REGL(0);
1241    }
1242
1243    return 0;
1244}
1245
1246static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
1247{
1248    target_ulong tmp;
1249    tmp = ldtul_p(mem_buf);
1250
1251    if (n < 31) {
1252        env->ir[n] = tmp;
1253    }
1254
1255    if (n > 31 && n < 63) {
1256        env->fir[n - 32] = ldfl_p(mem_buf);
1257    }
1258
1259    if (n == 64 ) {
1260       env->pc=tmp;
1261    }
1262
1263    return 8;
1264}
1265#else
1266
1267#define NUM_CORE_REGS 0
1268
1269static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
1270{
1271    return 0;
1272}
1273
1274static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
1275{
1276    return 0;
1277}
1278
1279#endif
1280
1281static int num_g_regs = NUM_CORE_REGS;
1282
1283#ifdef GDB_CORE_XML
1284/* Encode data using the encoding for 'x' packets.  */
1285static int memtox(char *buf, const char *mem, int len)
1286{
1287    char *p = buf;
1288    char c;
1289
1290    while (len--) {
1291        c = *(mem++);
1292        switch (c) {
1293        case '#': case '$': case '*': case '}':
1294            *(p++) = '}';
1295            *(p++) = c ^ 0x20;
1296            break;
1297        default:
1298            *(p++) = c;
1299            break;
1300        }
1301    }
1302    return p - buf;
1303}
1304
1305static const char *get_feature_xml(const char *p, const char **newp)
1306{
1307    extern const char *const xml_builtin[][2];
1308    size_t len;
1309    int i;
1310    const char *name;
1311    static char target_xml[1024];
1312
1313    len = 0;
1314    while (p[len] && p[len] != ':')
1315        len++;
1316    *newp = p + len;
1317
1318    name = NULL;
1319    if (strncmp(p, "target.xml", len) == 0) {
1320        /* Generate the XML description for this CPU.  */
1321        if (!target_xml[0]) {
1322            GDBRegisterState *r;
1323
1324            snprintf(target_xml, sizeof(target_xml),
1325                     "<?xml version=\"1.0\"?>"
1326                     "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
1327                     "<target>"
1328                     "<xi:include href=\"%s\"/>",
1329                     GDB_CORE_XML);
1330
1331            for (r = first_cpu->gdb_regs; r; r = r->next) {
1332                strcat(target_xml, "<xi:include href=\"");
1333                strcat(target_xml, r->xml);
1334                strcat(target_xml, "\"/>");
1335            }
1336            strcat(target_xml, "</target>");
1337        }
1338        return target_xml;
1339    }
1340    for (i = 0; ; i++) {
1341        name = xml_builtin[i][0];
1342        if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
1343            break;
1344    }
1345    return name ? xml_builtin[i][1] : NULL;
1346}
1347#endif
1348
1349static int gdb_read_register(CPUState *env, uint8_t *mem_buf, int reg)
1350{
1351    GDBRegisterState *r;
1352
1353    if (reg < NUM_CORE_REGS)
1354        return cpu_gdb_read_register(env, mem_buf, reg);
1355
1356    for (r = env->gdb_regs; r; r = r->next) {
1357        if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
1358            return r->get_reg(env, mem_buf, reg - r->base_reg);
1359        }
1360    }
1361    return 0;
1362}
1363
1364static int gdb_write_register(CPUState *env, uint8_t *mem_buf, int reg)
1365{
1366    GDBRegisterState *r;
1367
1368    if (reg < NUM_CORE_REGS)
1369        return cpu_gdb_write_register(env, mem_buf, reg);
1370
1371    for (r = env->gdb_regs; r; r = r->next) {
1372        if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
1373            return r->set_reg(env, mem_buf, reg - r->base_reg);
1374        }
1375    }
1376    return 0;
1377}
1378
1379/* Register a supplemental set of CPU registers.  If g_pos is nonzero it
1380   specifies the first register number and these registers are included in
1381   a standard "g" packet.  Direction is relative to gdb, i.e. get_reg is
1382   gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
1383 */
1384
1385void gdb_register_coprocessor(CPUState * env,
1386                             gdb_reg_cb get_reg, gdb_reg_cb set_reg,
1387                             int num_regs, const char *xml, int g_pos)
1388{
1389    GDBRegisterState *s;
1390    GDBRegisterState **p;
1391    static int last_reg = NUM_CORE_REGS;
1392
1393    s = (GDBRegisterState *)qemu_mallocz(sizeof(GDBRegisterState));
1394    s->base_reg = last_reg;
1395    s->num_regs = num_regs;
1396    s->get_reg = get_reg;
1397    s->set_reg = set_reg;
1398    s->xml = xml;
1399    p = &env->gdb_regs;
1400    while (*p) {
1401        /* Check for duplicates.  */
1402        if (strcmp((*p)->xml, xml) == 0)
1403            return;
1404        p = &(*p)->next;
1405    }
1406    /* Add to end of list.  */
1407    last_reg += num_regs;
1408    *p = s;
1409    if (g_pos) {
1410        if (g_pos != s->base_reg) {
1411            fprintf(stderr, "Error: Bad gdb register numbering for '%s'\n"
1412                    "Expected %d got %d\n", xml, g_pos, s->base_reg);
1413        } else {
1414            num_g_regs = last_reg;
1415        }
1416    }
1417}
1418
1419/* GDB breakpoint/watchpoint types */
1420#define GDB_BREAKPOINT_SW        0
1421#define GDB_BREAKPOINT_HW        1
1422#define GDB_WATCHPOINT_WRITE     2
1423#define GDB_WATCHPOINT_READ      3
1424#define GDB_WATCHPOINT_ACCESS    4
1425
1426#ifndef CONFIG_USER_ONLY
1427static const int xlat_gdb_type[] = {
1428    [GDB_WATCHPOINT_WRITE]  = BP_GDB | BP_MEM_WRITE,
1429    [GDB_WATCHPOINT_READ]   = BP_GDB | BP_MEM_READ,
1430    [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
1431};
1432#endif
1433
1434static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
1435{
1436    CPUState *env;
1437    int err = 0;
1438
1439    switch (type) {
1440    case GDB_BREAKPOINT_SW:
1441    case GDB_BREAKPOINT_HW:
1442        for (env = first_cpu; env != NULL; env = env->next_cpu) {
1443            err = cpu_breakpoint_insert(env, addr, BP_GDB, NULL);
1444            if (err)
1445                break;
1446        }
1447        return err;
1448#ifndef CONFIG_USER_ONLY
1449    case GDB_WATCHPOINT_WRITE:
1450    case GDB_WATCHPOINT_READ:
1451    case GDB_WATCHPOINT_ACCESS:
1452        for (env = first_cpu; env != NULL; env = env->next_cpu) {
1453            err = cpu_watchpoint_insert(env, addr, len, xlat_gdb_type[type],
1454                                        NULL);
1455            if (err)
1456                break;
1457        }
1458        return err;
1459#endif
1460    default:
1461        return -ENOSYS;
1462    }
1463}
1464
1465static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
1466{
1467    CPUState *env;
1468    int err = 0;
1469
1470    switch (type) {
1471    case GDB_BREAKPOINT_SW:
1472    case GDB_BREAKPOINT_HW:
1473        for (env = first_cpu; env != NULL; env = env->next_cpu) {
1474            err = cpu_breakpoint_remove(env, addr, BP_GDB);
1475            if (err)
1476                break;
1477        }
1478        return err;
1479#ifndef CONFIG_USER_ONLY
1480    case GDB_WATCHPOINT_WRITE:
1481    case GDB_WATCHPOINT_READ:
1482    case GDB_WATCHPOINT_ACCESS:
1483        for (env = first_cpu; env != NULL; env = env->next_cpu) {
1484            err = cpu_watchpoint_remove(env, addr, len, xlat_gdb_type[type]);
1485            if (err)
1486                break;
1487        }
1488        return err;
1489#endif
1490    default:
1491        return -ENOSYS;
1492    }
1493}
1494
1495static void gdb_breakpoint_remove_all(void)
1496{
1497    CPUState *env;
1498
1499    for (env = first_cpu; env != NULL; env = env->next_cpu) {
1500        cpu_breakpoint_remove_all(env, BP_GDB);
1501#ifndef CONFIG_USER_ONLY
1502        cpu_watchpoint_remove_all(env, BP_GDB);
1503#endif
1504    }
1505}
1506
1507static int gdb_handle_packet(GDBState *s, const char *line_buf)
1508{
1509    CPUState *env;
1510    const char *p;
1511    int ch, reg_size, type, res, thread;
1512    char buf[MAX_PACKET_LENGTH];
1513    uint8_t mem_buf[MAX_PACKET_LENGTH];
1514    uint8_t *registers;
1515    target_ulong addr, len;
1516
1517#ifdef DEBUG_GDB
1518    printf("command='%s'\n", line_buf);
1519#endif
1520    p = line_buf;
1521    ch = *p++;
1522    switch(ch) {
1523    case '?':
1524        /* TODO: Make this return the correct value for user-mode.  */
1525        snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
1526                 s->c_cpu->cpu_index+1);
1527        put_packet(s, buf);
1528        /* Remove all the breakpoints when this query is issued,
1529         * because gdb is doing and initial connect and the state
1530         * should be cleaned up.
1531         */
1532        gdb_breakpoint_remove_all();
1533        break;
1534    case 'c':
1535        if (*p != '\0') {
1536            addr = strtoull(p, (char **)&p, 16);
1537#if defined(TARGET_I386)
1538            s->c_cpu->eip = addr;
1539#elif defined (TARGET_PPC)
1540            s->c_cpu->nip = addr;
1541#elif defined (TARGET_SPARC)
1542            s->c_cpu->pc = addr;
1543            s->c_cpu->npc = addr + 4;
1544#elif defined (TARGET_ARM)
1545            s->c_cpu->regs[15] = addr;
1546#elif defined (TARGET_SH4)
1547            s->c_cpu->pc = addr;
1548#elif defined (TARGET_MIPS)
1549            s->c_cpu->active_tc.PC = addr;
1550#elif defined (TARGET_CRIS)
1551            s->c_cpu->pc = addr;
1552#elif defined (TARGET_ALPHA)
1553            s->c_cpu->pc = addr;
1554#endif
1555        }
1556        s->signal = 0;
1557        gdb_continue(s);
1558        return RS_IDLE;
1559    case 'C':
1560        s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
1561        if (s->signal == -1)
1562            s->signal = 0;
1563        gdb_continue(s);
1564        return RS_IDLE;
1565    case 'k':
1566        /* Kill the target */
1567        fprintf(stderr, "\nQEMU: Terminated via GDBstub\n");
1568        exit(0);
1569    case 'D':
1570        /* Detach packet */
1571        gdb_breakpoint_remove_all();
1572        gdb_continue(s);
1573        put_packet(s, "OK");
1574        break;
1575    case 's':
1576        if (*p != '\0') {
1577            addr = strtoull(p, (char **)&p, 16);
1578#if defined(TARGET_I386)
1579            s->c_cpu->eip = addr;
1580#elif defined (TARGET_PPC)
1581            s->c_cpu->nip = addr;
1582#elif defined (TARGET_SPARC)
1583            s->c_cpu->pc = addr;
1584            s->c_cpu->npc = addr + 4;
1585#elif defined (TARGET_ARM)
1586            s->c_cpu->regs[15] = addr;
1587#elif defined (TARGET_SH4)
1588            s->c_cpu->pc = addr;
1589#elif defined (TARGET_MIPS)
1590            s->c_cpu->active_tc.PC = addr;
1591#elif defined (TARGET_CRIS)
1592            s->c_cpu->pc = addr;
1593#elif defined (TARGET_ALPHA)
1594            s->c_cpu->pc = addr;
1595#endif
1596        }
1597        cpu_single_step(s->c_cpu, sstep_flags);
1598        gdb_continue(s);
1599        return RS_IDLE;
1600    case 'F':
1601        {
1602            target_ulong ret;
1603            target_ulong err;
1604
1605            ret = strtoull(p, (char **)&p, 16);
1606            if (*p == ',') {
1607                p++;
1608                err = strtoull(p, (char **)&p, 16);
1609            } else {
1610                err = 0;
1611            }
1612            if (*p == ',')
1613                p++;
1614            type = *p;
1615            if (gdb_current_syscall_cb)
1616                gdb_current_syscall_cb(s->c_cpu, ret, err);
1617            if (type == 'C') {
1618                put_packet(s, "T02");
1619            } else {
1620                gdb_continue(s);
1621            }
1622        }
1623        break;
1624    case 'g':
1625        len = 0;
1626        for (addr = 0; addr < num_g_regs; addr++) {
1627            reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
1628            len += reg_size;
1629        }
1630        memtohex(buf, mem_buf, len);
1631        put_packet(s, buf);
1632        break;
1633    case 'G':
1634        registers = mem_buf;
1635        len = strlen(p) / 2;
1636        hextomem((uint8_t *)registers, p, len);
1637        for (addr = 0; addr < num_g_regs && len > 0; addr++) {
1638            reg_size = gdb_write_register(s->g_cpu, registers, addr);
1639            len -= reg_size;
1640            registers += reg_size;
1641        }
1642        put_packet(s, "OK");
1643        break;
1644    case 'm':
1645        addr = strtoull(p, (char **)&p, 16);
1646        if (*p == ',')
1647            p++;
1648        len = strtoull(p, NULL, 16);
1649        if (cpu_memory_rw_debug(s->g_cpu, addr, mem_buf, len, 0) != 0) {
1650            put_packet (s, "E14");
1651        } else {
1652            memtohex(buf, mem_buf, len);
1653            put_packet(s, buf);
1654        }
1655        break;
1656    case 'M':
1657        addr = strtoull(p, (char **)&p, 16);
1658        if (*p == ',')
1659            p++;
1660        len = strtoull(p, (char **)&p, 16);
1661        if (*p == ':')
1662            p++;
1663        hextomem(mem_buf, p, len);
1664        if (cpu_memory_rw_debug(s->g_cpu, addr, mem_buf, len, 1) != 0)
1665            put_packet(s, "E14");
1666        else
1667            put_packet(s, "OK");
1668        break;
1669    case 'p':
1670        /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1671           This works, but can be very slow.  Anything new enough to
1672           understand XML also knows how to use this properly.  */
1673        if (!gdb_has_xml)
1674            goto unknown_command;
1675        addr = strtoull(p, (char **)&p, 16);
1676        reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1677        if (reg_size) {
1678            memtohex(buf, mem_buf, reg_size);
1679            put_packet(s, buf);
1680        } else {
1681            put_packet(s, "E14");
1682        }
1683        break;
1684    case 'P':
1685        if (!gdb_has_xml)
1686            goto unknown_command;
1687        addr = strtoull(p, (char **)&p, 16);
1688        if (*p == '=')
1689            p++;
1690        reg_size = strlen(p) / 2;
1691        hextomem(mem_buf, p, reg_size);
1692        gdb_write_register(s->g_cpu, mem_buf, addr);
1693        put_packet(s, "OK");
1694        break;
1695    case 'Z':
1696    case 'z':
1697        type = strtoul(p, (char **)&p, 16);
1698        if (*p == ',')
1699            p++;
1700        addr = strtoull(p, (char **)&p, 16);
1701        if (*p == ',')
1702            p++;
1703        len = strtoull(p, (char **)&p, 16);
1704        if (ch == 'Z')
1705            res = gdb_breakpoint_insert(addr, len, type);
1706        else
1707            res = gdb_breakpoint_remove(addr, len, type);
1708        if (res >= 0)
1709             put_packet(s, "OK");
1710        else if (res == -ENOSYS)
1711            put_packet(s, "");
1712        else
1713            put_packet(s, "E22");
1714        break;
1715    case 'H':
1716        type = *p++;
1717        thread = strtoull(p, (char **)&p, 16);
1718        if (thread == -1 || thread == 0) {
1719            put_packet(s, "OK");
1720            break;
1721        }
1722        for (env = first_cpu; env != NULL; env = env->next_cpu)
1723            if (env->cpu_index + 1 == thread)
1724                break;
1725        if (env == NULL) {
1726            put_packet(s, "E22");
1727            break;
1728        }
1729        switch (type) {
1730        case 'c':
1731            s->c_cpu = env;
1732            put_packet(s, "OK");
1733            break;
1734        case 'g':
1735            s->g_cpu = env;
1736            put_packet(s, "OK");
1737            break;
1738        default:
1739             put_packet(s, "E22");
1740             break;
1741        }
1742        break;
1743    case 'T':
1744        thread = strtoull(p, (char **)&p, 16);
1745#ifndef CONFIG_USER_ONLY
1746        if (thread > 0 && thread < smp_cpus + 1)
1747#else
1748        if (thread == 1)
1749#endif
1750             put_packet(s, "OK");
1751        else
1752            put_packet(s, "E22");
1753        break;
1754    case 'q':
1755    case 'Q':
1756        /* parse any 'q' packets here */
1757        if (!strcmp(p,"qemu.sstepbits")) {
1758            /* Query Breakpoint bit definitions */
1759            snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1760                     SSTEP_ENABLE,
1761                     SSTEP_NOIRQ,
1762                     SSTEP_NOTIMER);
1763            put_packet(s, buf);
1764            break;
1765        } else if (strncmp(p,"qemu.sstep",10) == 0) {
1766            /* Display or change the sstep_flags */
1767            p += 10;
1768            if (*p != '=') {
1769                /* Display current setting */
1770                snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1771                put_packet(s, buf);
1772                break;
1773            }
1774            p++;
1775            type = strtoul(p, (char **)&p, 16);
1776            sstep_flags = type;
1777            put_packet(s, "OK");
1778            break;
1779        } else if (strcmp(p,"C") == 0) {
1780            /* "Current thread" remains vague in the spec, so always return
1781             *  the first CPU (gdb returns the first thread). */
1782            put_packet(s, "QC1");
1783            break;
1784        } else if (strcmp(p,"fThreadInfo") == 0) {
1785            s->query_cpu = first_cpu;
1786            goto report_cpuinfo;
1787        } else if (strcmp(p,"sThreadInfo") == 0) {
1788        report_cpuinfo:
1789            if (s->query_cpu) {
1790                snprintf(buf, sizeof(buf), "m%x", s->query_cpu->cpu_index+1);
1791                put_packet(s, buf);
1792                s->query_cpu = s->query_cpu->next_cpu;
1793            } else
1794                put_packet(s, "l");
1795            break;
1796        } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
1797            thread = strtoull(p+16, (char **)&p, 16);
1798            for (env = first_cpu; env != NULL; env = env->next_cpu)
1799                if (env->cpu_index + 1 == thread) {
1800                    len = snprintf((char *)mem_buf, sizeof(mem_buf),
1801                                   "CPU#%d [%s]", env->cpu_index,
1802                                   env->halted ? "halted " : "running");
1803                    memtohex(buf, mem_buf, len);
1804                    put_packet(s, buf);
1805                    break;
1806                }
1807            break;
1808        }
1809#ifdef CONFIG_LINUX_USER
1810        else if (strncmp(p, "Offsets", 7) == 0) {
1811            TaskState *ts = s->c_cpu->opaque;
1812
1813            snprintf(buf, sizeof(buf),
1814                     "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
1815                     ";Bss=" TARGET_ABI_FMT_lx,
1816                     ts->info->code_offset,
1817                     ts->info->data_offset,
1818                     ts->info->data_offset);
1819            put_packet(s, buf);
1820            break;
1821        }
1822#endif
1823        if (strncmp(p, "Supported", 9) == 0) {
1824            snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
1825#ifdef GDB_CORE_XML
1826            strcat(buf, ";qXfer:features:read+");
1827#endif
1828            put_packet(s, buf);
1829            break;
1830        }
1831#ifdef GDB_CORE_XML
1832        if (strncmp(p, "Xfer:features:read:", 19) == 0) {
1833            const char *xml;
1834            target_ulong total_len;
1835
1836            gdb_has_xml = 1;
1837            p += 19;
1838            xml = get_feature_xml(p, &p);
1839            if (!xml) {
1840                snprintf(buf, sizeof(buf), "E00");
1841                put_packet(s, buf);
1842                break;
1843            }
1844
1845            if (*p == ':')
1846                p++;
1847            addr = strtoul(p, (char **)&p, 16);
1848            if (*p == ',')
1849                p++;
1850            len = strtoul(p, (char **)&p, 16);
1851
1852            total_len = strlen(xml);
1853            if (addr > total_len) {
1854                snprintf(buf, sizeof(buf), "E00");
1855                put_packet(s, buf);
1856                break;
1857            }
1858            if (len > (MAX_PACKET_LENGTH - 5) / 2)
1859                len = (MAX_PACKET_LENGTH - 5) / 2;
1860            if (len < total_len - addr) {
1861                buf[0] = 'm';
1862                len = memtox(buf + 1, xml + addr, len);
1863            } else {
1864                buf[0] = 'l';
1865                len = memtox(buf + 1, xml + addr, total_len - addr);
1866            }
1867            put_packet_binary(s, buf, len + 1);
1868            break;
1869        }
1870#endif
1871        /* Unrecognised 'q' command.  */
1872        goto unknown_command;
1873
1874    default:
1875    unknown_command:
1876        /* put empty packet */
1877        buf[0] = '\0';
1878        put_packet(s, buf);
1879        break;
1880    }
1881    return RS_IDLE;
1882}
1883
1884void gdb_set_stop_cpu(CPUState *env)
1885{
1886    gdbserver_state->c_cpu = env;
1887    gdbserver_state->g_cpu = env;
1888}
1889
1890#ifndef CONFIG_USER_ONLY
1891static void gdb_vm_state_change(void *opaque, int running, int reason)
1892{
1893    GDBState *s = gdbserver_state;
1894    CPUState *env = s->c_cpu;
1895    char buf[256];
1896    const char *type;
1897    int ret;
1898
1899    if (running || (reason != EXCP_DEBUG && reason != EXCP_INTERRUPT) ||
1900        s->state == RS_SYSCALL)
1901        return;
1902
1903    /* disable single step if it was enable */
1904    cpu_single_step(env, 0);
1905
1906    if (reason == EXCP_DEBUG) {
1907        if (env->watchpoint_hit) {
1908            switch (env->watchpoint_hit->flags & BP_MEM_ACCESS) {
1909            case BP_MEM_READ:
1910                type = "r";
1911                break;
1912            case BP_MEM_ACCESS:
1913                type = "a";
1914                break;
1915            default:
1916                type = "";
1917                break;
1918            }
1919            snprintf(buf, sizeof(buf),
1920                     "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
1921                     GDB_SIGNAL_TRAP, env->cpu_index+1, type,
1922                     env->watchpoint_hit->vaddr);
1923            put_packet(s, buf);
1924            env->watchpoint_hit = NULL;
1925            return;
1926        }
1927        tb_flush(env);
1928        ret = GDB_SIGNAL_TRAP;
1929    } else {
1930        ret = GDB_SIGNAL_INT;
1931    }
1932    snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, env->cpu_index+1);
1933    put_packet(s, buf);
1934}
1935#endif
1936
1937/* Send a gdb syscall request.
1938   This accepts limited printf-style format specifiers, specifically:
1939    %x  - target_ulong argument printed in hex.
1940    %lx - 64-bit argument printed in hex.
1941    %s  - string pointer (target_ulong) and length (int) pair.  */
1942void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
1943{
1944    va_list va;
1945    char buf[256];
1946    char *p;
1947    target_ulong addr;
1948    uint64_t i64;
1949    GDBState *s;
1950
1951    s = gdbserver_state;
1952    if (!s)
1953        return;
1954    gdb_current_syscall_cb = cb;
1955    s->state = RS_SYSCALL;
1956#ifndef CONFIG_USER_ONLY
1957    vm_stop(EXCP_DEBUG);
1958#endif
1959    s->state = RS_IDLE;
1960    va_start(va, fmt);
1961    p = buf;
1962    *(p++) = 'F';
1963    while (*fmt) {
1964        if (*fmt == '%') {
1965            fmt++;
1966            switch (*fmt++) {
1967            case 'x':
1968                addr = va_arg(va, target_ulong);
1969                p += snprintf(p, &buf[sizeof(buf)] - p, TARGET_FMT_lx, addr);
1970                break;
1971            case 'l':
1972                if (*(fmt++) != 'x')
1973                    goto bad_format;
1974                i64 = va_arg(va, uint64_t);
1975                p += snprintf(p, &buf[sizeof(buf)] - p, "%" PRIx64, i64);
1976                break;
1977            case 's':
1978                addr = va_arg(va, target_ulong);
1979                p += snprintf(p, &buf[sizeof(buf)] - p, TARGET_FMT_lx "/%x",
1980                              addr, va_arg(va, int));
1981                break;
1982            default:
1983            bad_format:
1984                fprintf(stderr, "gdbstub: Bad syscall format string '%s'\n",
1985                        fmt - 1);
1986                break;
1987            }
1988        } else {
1989            *(p++) = *(fmt++);
1990        }
1991    }
1992    *p = 0;
1993    va_end(va);
1994    put_packet(s, buf);
1995#ifdef CONFIG_USER_ONLY
1996    gdb_handlesig(s->c_cpu, 0);
1997#else
1998    cpu_interrupt(s->c_cpu, CPU_INTERRUPT_EXIT);
1999#endif
2000}

2001
2002static void gdb_read_byte(GDBState *s, int ch)
2003{
2004    int i, csum;
2005    uint8_t reply;
2006
2007#ifndef CONFIG_USER_ONLY
2008    if (s->last_packet_len) {
2009        /* Waiting for a response to the last packet.  If we see the start
2010           of a new command then abandon the previous response.  */
2011        if (ch == '-') {
2012#ifdef DEBUG_GDB
2013            printf("Got NACK, retransmitting\n");
2014#endif
2015            put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
2016        }
2017#ifdef DEBUG_GDB
2018        else if (ch == '+')
2019            printf("Got ACK\n");
2020        else
2021            printf("Got '%c' when expecting ACK/NACK\n", ch);
2022#endif
2023        if (ch == '+' || ch == '$')
2024            s->last_packet_len = 0;
2025        if (ch != '$')
2026            return;
2027    }
2028    if (vm_running) {
2029        /* when the CPU is running, we cannot do anything except stop
2030           it when receiving a char */
2031        vm_stop(EXCP_INTERRUPT);
2032    } else
2033#endif
2034    {
2035        switch(s->state) {
2036        case RS_IDLE:
2037            if (ch == '$') {
2038                s->line_buf_index = 0;
2039                s->state = RS_GETLINE;
2040            }
2041            break;
2042        case RS_GETLINE:
2043            if (ch == '#') {
2044            s->state = RS_CHKSUM1;
2045            } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
2046                s->state = RS_IDLE;
2047            } else {
2048            s->line_buf[s->line_buf_index++] = ch;
2049            }
2050            break;
2051        case RS_CHKSUM1:
2052            s->line_buf[s->line_buf_index] = '\0';
2053            s->line_csum = fromhex(ch) << 4;
2054            s->state = RS_CHKSUM2;
2055            break;
2056        case RS_CHKSUM2:
2057            s->line_csum |= fromhex(ch);
2058            csum = 0;
2059            for(i = 0; i < s->line_buf_index; i++) {
2060                csum += s->line_buf[i];
2061            }
2062            if (s->line_csum != (csum & 0xff)) {
2063                reply = '-';
2064                put_buffer(s, &reply, 1);
2065                s->state = RS_IDLE;
2066            } else {
2067                reply = '+';
2068                put_buffer(s, &reply, 1);
2069                s->state = gdb_handle_packet(s, s->line_buf);
2070            }
2071            break;
2072        default:
2073            abort();
2074        }
2075    }
2076}
2077
2078#ifdef CONFIG_USER_ONLY
2079int
2080gdb_queuesig (void)
2081{
2082    GDBState *s;
2083
2084    s = gdbserver_state;
2085
2086    if (gdbserver_fd < 0 || s->fd < 0)
2087        return 0;
2088    else
2089        return 1;
2090}
2091
2092int
2093gdb_handlesig (CPUState *env, int sig)
2094{
2095  GDBState *s;
2096  char buf[256];
2097  int n;
2098
2099  s = gdbserver_state;
2100  if (gdbserver_fd < 0 || s->fd < 0)
2101    return sig;
2102
2103  /* disable single step if it was enabled */
2104  cpu_single_step(env, 0);
2105  tb_flush(env);
2106
2107  if (sig != 0)
2108    {
2109      snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb (sig));
2110      put_packet(s, buf);
2111    }
2112  /* put_packet() might have detected that the peer terminated the 
2113     connection.  */
2114  if (s->fd < 0)
2115      return sig;
2116
2117  sig = 0;
2118  s->state = RS_IDLE;
2119  s->running_state = 0;
2120  while (s->running_state == 0) {
2121      n = read (s->fd, buf, 256);
2122      if (n > 0)
2123        {
2124          int i;
2125
2126          for (i = 0; i < n; i++)
2127            gdb_read_byte (s, buf[i]);
2128        }
2129      else if (n == 0 || errno != EAGAIN)
2130        {
2131          /* XXX: Connection closed.  Should probably wait for annother
2132             connection before continuing.  */
2133          return sig;
2134        }
2135  }
2136  sig = s->signal;
2137  s->signal = 0;
2138  return sig;
2139}
2140
2141/* Tell the remote gdb that the process has exited.  */
2142void gdb_exit(CPUState *env, int code)
2143{
2144  GDBState *s;
2145  char buf[4];
2146
2147  s = gdbserver_state;
2148  if (gdbserver_fd < 0 || s->fd < 0)
2149    return;
2150
2151  snprintf(buf, sizeof(buf), "W%02x", code);
2152  put_packet(s, buf);
2153}
2154
2155/* Tell the remote gdb that the process has exited due to SIG.  */
2156void gdb_signalled(CPUState *env, int sig)
2157{
2158  GDBState *s;
2159  char buf[4];
2160
2161  s = gdbserver_state;
2162  if (gdbserver_fd < 0 || s->fd < 0)
2163    return;
2164
2165  snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb (sig));
2166  put_packet(s, buf);
2167}
2168
2169static void gdb_accept(void)
2170{
2171    GDBState *s;
2172    struct sockaddr_in sockaddr;
2173    socklen_t len;
2174    int val, fd;
2175
2176    for(;;) {
2177        len = sizeof(sockaddr);
2178        fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
2179        if (fd < 0 && errno != EINTR) {
2180            perror("accept");
2181            return;
2182        } else if (fd >= 0) {
2183            break;
2184        }
2185    }
2186
2187    /* set short latency */
2188    val = 1;
2189    setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, (char *)&val, sizeof(val));
2190
2191    s = qemu_mallocz(sizeof(GDBState));
2192
2193    memset (s, 0, sizeof (GDBState));
2194    s->c_cpu = first_cpu;
2195    s->g_cpu = first_cpu;
2196    s->fd = fd;
2197    gdb_has_xml = 0;
2198
2199    gdbserver_state = s;
2200
2201    fcntl(fd, F_SETFL, O_NONBLOCK);
2202}
2203
2204static int gdbserver_open(int port)
2205{
2206    struct sockaddr_in sockaddr;
2207    int fd, val, ret;
2208
2209    fd = socket(PF_INET, SOCK_STREAM, 0);
2210    if (fd < 0) {
2211        perror("socket");
2212        return -1;
2213    }
2214
2215    /* allow fast reuse */
2216    val = 1;
2217    setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)&val, sizeof(val));
2218
2219    sockaddr.sin_family = AF_INET;
2220    sockaddr.sin_port = htons(port);
2221    sockaddr.sin_addr.s_addr = 0;
2222    ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
2223    if (ret < 0) {
2224        perror("bind");
2225        return -1;
2226    }
2227    ret = listen(fd, 0);
2228    if (ret < 0) {
2229        perror("listen");
2230        return -1;
2231    }
2232    return fd;
2233}
2234
2235int gdbserver_start(int port)
2236{
2237    gdbserver_fd = gdbserver_open(port);
2238    if (gdbserver_fd < 0)
2239        return -1;
2240    /* accept connections */
2241    gdb_accept();
2242    return 0;
2243}
2244
2245/* Disable gdb stub for child processes.  */
2246void gdbserver_fork(CPUState *env)
2247{
2248    GDBState *s = gdbserver_state;
2249    if (gdbserver_fd < 0 || s->fd < 0)
2250      return;
2251    close(s->fd);
2252    s->fd = -1;
2253    cpu_breakpoint_remove_all(env, BP_GDB);
2254    cpu_watchpoint_remove_all(env, BP_GDB);
2255}
2256#else
2257static int gdb_chr_can_receive(void *opaque)
2258{
2259  /* We can handle an arbitrarily large amount of data.
2260   Pick the maximum packet size, which is as good as anything.  */
2261  return MAX_PACKET_LENGTH;
2262}
2263
2264static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
2265{
2266    int i;
2267
2268    for (i = 0; i < size; i++) {
2269        gdb_read_byte(gdbserver_state, buf[i]);
2270    }
2271}
2272
2273static void gdb_chr_event(void *opaque, int event)
2274{
2275    switch (event) {
2276    case CHR_EVENT_RESET:
2277        vm_stop(EXCP_INTERRUPT);
2278        gdb_has_xml = 0;
2279        break;
2280    default:
2281        break;
2282    }
2283}
2284
2285int gdbserver_start(const char *port)
2286{
2287    GDBState *s;
2288    char gdbstub_port_name[128];
2289    int port_num;
2290    char *p;
2291    CharDriverState *chr;
2292
2293    if (!port || !*port)
2294      return -1;
2295
2296    port_num = strtol(port, &p, 10);
2297    if (*p == 0) {
2298        /* A numeric value is interpreted as a port number.  */
2299        snprintf(gdbstub_port_name, sizeof(gdbstub_port_name),
2300                 "tcp::%d,nowait,nodelay,server", port_num);
2301        port = gdbstub_port_name;
2302    }
2303
2304    chr = qemu_chr_open("gdb", port, NULL);
2305    if (!chr)
2306        return -1;
2307
2308    s = qemu_mallocz(sizeof(GDBState));
2309    s->c_cpu = first_cpu;
2310    s->g_cpu = first_cpu;
2311    s->chr = chr;
2312    gdbserver_state = s;
2313    qemu_chr_add_handlers(chr, gdb_chr_can_receive, gdb_chr_receive,
2314                          gdb_chr_event, NULL);
2315    qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
2316    return 0;
2317}
2318#endif
2319