LXR qemu/gdbstub.c

   1/*
   2 * gdb server stub
   3 *
   4 * Copyright (c) 2003-2005 Fabrice Bellard
   5 *
   6 * This library is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU Lesser General Public
   8 * License as published by the Free Software Foundation; either
   9 * version 2 of the License, or (at your option) any later version.
  10 *
  11 * This library is distributed in the hope that it will be useful,
  12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14 * Lesser General Public License for more details.
  15 *
  16 * You should have received a copy of the GNU Lesser General Public
  17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  18 */
  19#include "config.h"
  20#include "qemu-common.h"
  21#ifdef CONFIG_USER_ONLY
  22#include <stdlib.h>
  23#include <stdio.h>
  24#include <stdarg.h>
  25#include <string.h>
  26#include <errno.h>
  27#include <unistd.h>
  28#include <fcntl.h>
  29
  30#include "qemu.h"
  31#else
  32#include "monitor.h"
  33#include "qemu-char.h"
  34#include "sysemu.h"
  35#include "gdbstub.h"
  36#endif
  37
  38#define MAX_PACKET_LENGTH 4096
  39
  40#include "qemu_socket.h"
  41#include "kvm.h"
  42
  43
  44enum {
  45    GDB_SIGNAL_0 = 0,
  46    GDB_SIGNAL_INT = 2,
  47    GDB_SIGNAL_TRAP = 5,
  48    GDB_SIGNAL_UNKNOWN = 143
  49};
  50
  51#ifdef CONFIG_USER_ONLY
  52
  53/* Map target signal numbers to GDB protocol signal numbers and vice
  54 * versa.  For user emulation's currently supported systems, we can
  55 * assume most signals are defined.
  56 */
  57
  58static int gdb_signal_table[] = {
  59    0,
  60    TARGET_SIGHUP,
  61    TARGET_SIGINT,
  62    TARGET_SIGQUIT,
  63    TARGET_SIGILL,
  64    TARGET_SIGTRAP,
  65    TARGET_SIGABRT,
  66    -1, /* SIGEMT */
  67    TARGET_SIGFPE,
  68    TARGET_SIGKILL,
  69    TARGET_SIGBUS,
  70    TARGET_SIGSEGV,
  71    TARGET_SIGSYS,
  72    TARGET_SIGPIPE,
  73    TARGET_SIGALRM,
  74    TARGET_SIGTERM,
  75    TARGET_SIGURG,
  76    TARGET_SIGSTOP,
  77    TARGET_SIGTSTP,
  78    TARGET_SIGCONT,
  79    TARGET_SIGCHLD,
  80    TARGET_SIGTTIN,
  81    TARGET_SIGTTOU,
  82    TARGET_SIGIO,
  83    TARGET_SIGXCPU,
  84    TARGET_SIGXFSZ,
  85    TARGET_SIGVTALRM,
  86    TARGET_SIGPROF,
  87    TARGET_SIGWINCH,
  88    -1, /* SIGLOST */
  89    TARGET_SIGUSR1,
  90    TARGET_SIGUSR2,
  91#ifdef TARGET_SIGPWR
  92    TARGET_SIGPWR,
  93#else
  94    -1,
  95#endif
  96    -1, /* SIGPOLL */
  97    -1,
  98    -1,
  99    -1,
 100    -1,
 101    -1,
 102    -1,
 103    -1,
 104    -1,
 105    -1,
 106    -1,
 107    -1,
 108#ifdef __SIGRTMIN
 109    __SIGRTMIN + 1,
 110    __SIGRTMIN + 2,
 111    __SIGRTMIN + 3,
 112    __SIGRTMIN + 4,
 113    __SIGRTMIN + 5,
 114    __SIGRTMIN + 6,
 115    __SIGRTMIN + 7,
 116    __SIGRTMIN + 8,
 117    __SIGRTMIN + 9,
 118    __SIGRTMIN + 10,
 119    __SIGRTMIN + 11,
 120    __SIGRTMIN + 12,
 121    __SIGRTMIN + 13,
 122    __SIGRTMIN + 14,
 123    __SIGRTMIN + 15,
 124    __SIGRTMIN + 16,
 125    __SIGRTMIN + 17,
 126    __SIGRTMIN + 18,
 127    __SIGRTMIN + 19,
 128    __SIGRTMIN + 20,
 129    __SIGRTMIN + 21,
 130    __SIGRTMIN + 22,
 131    __SIGRTMIN + 23,
 132    __SIGRTMIN + 24,
 133    __SIGRTMIN + 25,
 134    __SIGRTMIN + 26,
 135    __SIGRTMIN + 27,
 136    __SIGRTMIN + 28,
 137    __SIGRTMIN + 29,
 138    __SIGRTMIN + 30,
 139    __SIGRTMIN + 31,
 140    -1, /* SIGCANCEL */
 141    __SIGRTMIN,
 142    __SIGRTMIN + 32,
 143    __SIGRTMIN + 33,
 144    __SIGRTMIN + 34,
 145    __SIGRTMIN + 35,
 146    __SIGRTMIN + 36,
 147    __SIGRTMIN + 37,
 148    __SIGRTMIN + 38,
 149    __SIGRTMIN + 39,
 150    __SIGRTMIN + 40,
 151    __SIGRTMIN + 41,
 152    __SIGRTMIN + 42,
 153    __SIGRTMIN + 43,
 154    __SIGRTMIN + 44,
 155    __SIGRTMIN + 45,
 156    __SIGRTMIN + 46,
 157    __SIGRTMIN + 47,
 158    __SIGRTMIN + 48,
 159    __SIGRTMIN + 49,
 160    __SIGRTMIN + 50,
 161    __SIGRTMIN + 51,
 162    __SIGRTMIN + 52,
 163    __SIGRTMIN + 53,
 164    __SIGRTMIN + 54,
 165    __SIGRTMIN + 55,
 166    __SIGRTMIN + 56,
 167    __SIGRTMIN + 57,
 168    __SIGRTMIN + 58,
 169    __SIGRTMIN + 59,
 170    __SIGRTMIN + 60,
 171    __SIGRTMIN + 61,
 172    __SIGRTMIN + 62,
 173    __SIGRTMIN + 63,
 174    __SIGRTMIN + 64,
 175    __SIGRTMIN + 65,
 176    __SIGRTMIN + 66,
 177    __SIGRTMIN + 67,
 178    __SIGRTMIN + 68,
 179    __SIGRTMIN + 69,
 180    __SIGRTMIN + 70,
 181    __SIGRTMIN + 71,
 182    __SIGRTMIN + 72,
 183    __SIGRTMIN + 73,
 184    __SIGRTMIN + 74,
 185    __SIGRTMIN + 75,
 186    __SIGRTMIN + 76,
 187    __SIGRTMIN + 77,
 188    __SIGRTMIN + 78,
 189    __SIGRTMIN + 79,
 190    __SIGRTMIN + 80,
 191    __SIGRTMIN + 81,
 192    __SIGRTMIN + 82,
 193    __SIGRTMIN + 83,
 194    __SIGRTMIN + 84,
 195    __SIGRTMIN + 85,
 196    __SIGRTMIN + 86,
 197    __SIGRTMIN + 87,
 198    __SIGRTMIN + 88,
 199    __SIGRTMIN + 89,
 200    __SIGRTMIN + 90,
 201    __SIGRTMIN + 91,
 202    __SIGRTMIN + 92,
 203    __SIGRTMIN + 93,
 204    __SIGRTMIN + 94,
 205    __SIGRTMIN + 95,
 206    -1, /* SIGINFO */
 207    -1, /* UNKNOWN */
 208    -1, /* DEFAULT */
 209    -1,
 210    -1,
 211    -1,
 212    -1,
 213    -1,
 214    -1
 215#endif
 216};
 217#else
 218/* In system mode we only need SIGINT and SIGTRAP; other signals
 219   are not yet supported.  */
 220
 221enum {
 222    TARGET_SIGINT = 2,
 223    TARGET_SIGTRAP = 5
 224};
 225
 226static int gdb_signal_table[] = {
 227    -1,
 228    -1,
 229    TARGET_SIGINT,
 230    -1,
 231    -1,
 232    TARGET_SIGTRAP
 233};
 234#endif
 235
 236#ifdef CONFIG_USER_ONLY
 237static int target_signal_to_gdb (int sig)
 238{
 239    int i;
 240    for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
 241        if (gdb_signal_table[i] == sig)
 242            return i;
 243    return GDB_SIGNAL_UNKNOWN;
 244}
 245#endif
 246
 247static int gdb_signal_to_target (int sig)
 248{
 249    if (sig < ARRAY_SIZE (gdb_signal_table))
 250        return gdb_signal_table[sig];
 251    else
 252        return -1;
 253}
 254
 255//#define DEBUG_GDB
 256
 257typedef struct GDBRegisterState {
 258    int base_reg;
 259    int num_regs;
 260    gdb_reg_cb get_reg;
 261    gdb_reg_cb set_reg;
 262    const char *xml;
 263    struct GDBRegisterState *next;
 264} GDBRegisterState;
 265
 266enum RSState {
 267    RS_INACTIVE,
 268    RS_IDLE,
 269    RS_GETLINE,
 270    RS_CHKSUM1,
 271    RS_CHKSUM2,
 272    RS_SYSCALL,
 273};
 274typedef struct GDBState {
 275    CPUState *c_cpu; /* current CPU for step/continue ops */
 276    CPUState *g_cpu; /* current CPU for other ops */
 277    CPUState *query_cpu; /* for q{f|s}ThreadInfo */
 278    enum RSState state; /* parsing state */
 279    char line_buf[MAX_PACKET_LENGTH];
 280    int line_buf_index;
 281    int line_csum;
 282    uint8_t last_packet[MAX_PACKET_LENGTH + 4];
 283    int last_packet_len;
 284    int signal;
 285#ifdef CONFIG_USER_ONLY
 286    int fd;
 287    int running_state;
 288#else
 289    CharDriverState *chr;
 290    CharDriverState *mon_chr;
 291#endif
 292} GDBState;
 293
 294/* By default use no IRQs and no timers while single stepping so as to
 295 * make single stepping like an ICE HW step.
 296 */
 297static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
 298
 299static GDBState *gdbserver_state;
 300
 301/* This is an ugly hack to cope with both new and old gdb.
 302   If gdb sends qXfer:features:read then assume we're talking to a newish
 303   gdb that understands target descriptions.  */
 304static int gdb_has_xml;
 305
 306#ifdef CONFIG_USER_ONLY
 307/* XXX: This is not thread safe.  Do we care?  */
 308static int gdbserver_fd = -1;
 309
 310static int get_char(GDBState *s)
 311{
 312    uint8_t ch;
 313    int ret;
 314
 315    for(;;) {
 316        ret = recv(s->fd, &ch, 1, 0);
 317        if (ret < 0) {
 318            if (errno == ECONNRESET)
 319                s->fd = -1;
 320            if (errno != EINTR && errno != EAGAIN)
 321                return -1;
 322        } else if (ret == 0) {
 323            close(s->fd);
 324            s->fd = -1;
 325            return -1;
 326        } else {
 327            break;
 328        }
 329    }
 330    return ch;
 331}
 332#endif
 333
 334static gdb_syscall_complete_cb gdb_current_syscall_cb;
 335
 336static enum {
 337    GDB_SYS_UNKNOWN,
 338    GDB_SYS_ENABLED,
 339    GDB_SYS_DISABLED,
 340} gdb_syscall_mode;
 341
 342/* If gdb is connected when the first semihosting syscall occurs then use
 343   remote gdb syscalls.  Otherwise use native file IO.  */
 344int use_gdb_syscalls(void)
 345{
 346    if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
 347        gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
 348                                            : GDB_SYS_DISABLED);
 349    }
 350    return gdb_syscall_mode == GDB_SYS_ENABLED;
 351}
 352
 353/* Resume execution.  */
 354static inline void gdb_continue(GDBState *s)
 355{
 356#ifdef CONFIG_USER_ONLY
 357    s->running_state = 1;
 358#else
 359    vm_start();
 360#endif
 361}
 362
 363static void put_buffer(GDBState *s, const uint8_t *buf, int len)
 364{
 365#ifdef CONFIG_USER_ONLY
 366    int ret;
 367
 368    while (len > 0) {
 369        ret = send(s->fd, buf, len, 0);
 370        if (ret < 0) {
 371            if (errno != EINTR && errno != EAGAIN)
 372                return;
 373        } else {
 374            buf += ret;
 375            len -= ret;
 376        }
 377    }
 378#else
 379    qemu_chr_write(s->chr, buf, len);
 380#endif
 381}
 382
 383static inline int fromhex(int v)
 384{
 385    if (v >= '0' && v <= '9')
 386        return v - '0';
 387    else if (v >= 'A' && v <= 'F')
 388        return v - 'A' + 10;
 389    else if (v >= 'a' && v <= 'f')
 390        return v - 'a' + 10;
 391    else
 392        return 0;
 393}
 394
 395static inline int tohex(int v)
 396{
 397    if (v < 10)
 398        return v + '0';
 399    else
 400        return v - 10 + 'a';
 401}
 402
 403static void memtohex(char *buf, const uint8_t *mem, int len)
 404{
 405    int i, c;
 406    char *q;
 407    q = buf;
 408    for(i = 0; i < len; i++) {
 409        c = mem[i];
 410        *q++ = tohex(c >> 4);
 411        *q++ = tohex(c & 0xf);
 412    }
 413    *q = '\0';
 414}
 415
 416static void hextomem(uint8_t *mem, const char *buf, int len)
 417{
 418    int i;
 419
 420    for(i = 0; i < len; i++) {
 421        mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
 422        buf += 2;
 423    }
 424}
 425
 426/* return -1 if error, 0 if OK */
 427static int put_packet_binary(GDBState *s, const char *buf, int len)
 428{
 429    int csum, i;
 430    uint8_t *p;
 431
 432    for(;;) {
 433        p = s->last_packet;
 434        *(p++) = '$';
 435        memcpy(p, buf, len);
 436        p += len;
 437        csum = 0;
 438        for(i = 0; i < len; i++) {
 439            csum += buf[i];
 440        }
 441        *(p++) = '#';
 442        *(p++) = tohex((csum >> 4) & 0xf);
 443        *(p++) = tohex((csum) & 0xf);
 444
 445        s->last_packet_len = p - s->last_packet;
 446        put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
 447
 448#ifdef CONFIG_USER_ONLY
 449        i = get_char(s);
 450        if (i < 0)
 451            return -1;
 452        if (i == '+')
 453            break;
 454#else
 455        break;
 456#endif
 457    }
 458    return 0;
 459}
 460
 461/* return -1 if error, 0 if OK */
 462static int put_packet(GDBState *s, const char *buf)
 463{
 464#ifdef DEBUG_GDB
 465    printf("reply='%s'\n", buf);
 466#endif
 467
 468    return put_packet_binary(s, buf, strlen(buf));
 469}
 470
 471/* The GDB remote protocol transfers values in target byte order.  This means
 472   we can use the raw memory access routines to access the value buffer.
 473   Conveniently, these also handle the case where the buffer is mis-aligned.
 474 */
 475#define GET_REG8(val) do { \
 476    stb_p(mem_buf, val); \
 477    return 1; \
 478    } while(0)
 479#define GET_REG16(val) do { \
 480    stw_p(mem_buf, val); \
 481    return 2; \
 482    } while(0)
 483#define GET_REG32(val) do { \
 484    stl_p(mem_buf, val); \
 485    return 4; \
 486    } while(0)
 487#define GET_REG64(val) do { \
 488    stq_p(mem_buf, val); \
 489    return 8; \
 490    } while(0)
 491
 492#if TARGET_LONG_BITS == 64
 493#define GET_REGL(val) GET_REG64(val)
 494#define ldtul_p(addr) ldq_p(addr)
 495#else
 496#define GET_REGL(val) GET_REG32(val)
 497#define ldtul_p(addr) ldl_p(addr)
 498#endif
 499
 500#if defined(TARGET_I386)
 501
 502#ifdef TARGET_X86_64
 503static const int gpr_map[16] = {
 504    R_EAX, R_EBX, R_ECX, R_EDX, R_ESI, R_EDI, R_EBP, R_ESP,
 505    8, 9, 10, 11, 12, 13, 14, 15
 506};
 507#else
 508#define gpr_map gpr_map32
 509#endif
 510static const int gpr_map32[8] = { 0, 1, 2, 3, 4, 5, 6, 7 };
 511
 512#define NUM_CORE_REGS (CPU_NB_REGS * 2 + 25)
 513
 514#define IDX_IP_REG      CPU_NB_REGS
 515#define IDX_FLAGS_REG   (IDX_IP_REG + 1)
 516#define IDX_SEG_REGS    (IDX_FLAGS_REG + 1)
 517#define IDX_FP_REGS     (IDX_SEG_REGS + 6)
 518#define IDX_XMM_REGS    (IDX_FP_REGS + 16)
 519#define IDX_MXCSR_REG   (IDX_XMM_REGS + CPU_NB_REGS)
 520
 521static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
 522{
 523    if (n < CPU_NB_REGS) {
 524        if (TARGET_LONG_BITS == 64 && env->hflags & HF_CS64_MASK) {
 525            GET_REG64(env->regs[gpr_map[n]]);
 526        } else if (n < CPU_NB_REGS32) {
 527            GET_REG32(env->regs[gpr_map32[n]]);
 528        }
 529    } else if (n >= IDX_FP_REGS && n < IDX_FP_REGS + 8) {
 530#ifdef USE_X86LDOUBLE
 531        /* FIXME: byteswap float values - after fixing fpregs layout. */
 532        memcpy(mem_buf, &env->fpregs[n - IDX_FP_REGS], 10);
 533#else
 534        memset(mem_buf, 0, 10);
 535#endif
 536        return 10;
 537    } else if (n >= IDX_XMM_REGS && n < IDX_XMM_REGS + CPU_NB_REGS) {
 538        n -= IDX_XMM_REGS;
 539        if (n < CPU_NB_REGS32 ||
 540            (TARGET_LONG_BITS == 64 && env->hflags & HF_CS64_MASK)) {
 541            stq_p(mem_buf, env->xmm_regs[n].XMM_Q(0));
 542            stq_p(mem_buf + 8, env->xmm_regs[n].XMM_Q(1));
 543            return 16;
 544        }
 545    } else {
 546        switch (n) {
 547        case IDX_IP_REG:
 548            if (TARGET_LONG_BITS == 64 && env->hflags & HF_CS64_MASK) {
 549                GET_REG64(env->eip);
 550            } else {
 551                GET_REG32(env->eip);
 552            }
 553        case IDX_FLAGS_REG: GET_REG32(env->eflags);
 554
 555        case IDX_SEG_REGS:     GET_REG32(env->segs[R_CS].selector);
 556        case IDX_SEG_REGS + 1: GET_REG32(env->segs[R_SS].selector);
 557        case IDX_SEG_REGS + 2: GET_REG32(env->segs[R_DS].selector);
 558        case IDX_SEG_REGS + 3: GET_REG32(env->segs[R_ES].selector);
 559        case IDX_SEG_REGS + 4: GET_REG32(env->segs[R_FS].selector);
 560        case IDX_SEG_REGS + 5: GET_REG32(env->segs[R_GS].selector);
 561
 562        case IDX_FP_REGS + 8:  GET_REG32(env->fpuc);
 563        case IDX_FP_REGS + 9:  GET_REG32((env->fpus & ~0x3800) |
 564                                         (env->fpstt & 0x7) << 11);
 565        case IDX_FP_REGS + 10: GET_REG32(0); /* ftag */
 566        case IDX_FP_REGS + 11: GET_REG32(0); /* fiseg */
 567        case IDX_FP_REGS + 12: GET_REG32(0); /* fioff */
 568        case IDX_FP_REGS + 13: GET_REG32(0); /* foseg */
 569        case IDX_FP_REGS + 14: GET_REG32(0); /* fooff */
 570        case IDX_FP_REGS + 15: GET_REG32(0); /* fop */
 571
 572        case IDX_MXCSR_REG: GET_REG32(env->mxcsr);
 573        }
 574    }
 575    return 0;
 576}
 577
 578static int cpu_x86_gdb_load_seg(CPUState *env, int sreg, uint8_t *mem_buf)
 579{
 580    uint16_t selector = ldl_p(mem_buf);
 581
 582    if (selector != env->segs[sreg].selector) {
 583#if defined(CONFIG_USER_ONLY)
 584        cpu_x86_load_seg(env, sreg, selector);
 585#else
 586        unsigned int limit, flags;
 587        target_ulong base;
 588
 589        if (!(env->cr[0] & CR0_PE_MASK) || (env->eflags & VM_MASK)) {
 590            base = selector << 4;
 591            limit = 0xffff;
 592            flags = 0;
 593        } else {
 594            if (!cpu_x86_get_descr_debug(env, selector, &base, &limit, &flags))
 595                return 4;
 596        }
 597        cpu_x86_load_seg_cache(env, sreg, selector, base, limit, flags);
 598#endif
 599    }
 600    return 4;
 601}
 602
 603static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
 604{
 605    uint32_t tmp;
 606
 607    if (n < CPU_NB_REGS) {
 608        if (TARGET_LONG_BITS == 64 && env->hflags & HF_CS64_MASK) {
 609            env->regs[gpr_map[n]] = ldtul_p(mem_buf);
 610            return sizeof(target_ulong);
 611        } else if (n < CPU_NB_REGS32) {
 612            n = gpr_map32[n];
 613            env->regs[n] &= ~0xffffffffUL;
 614            env->regs[n] |= (uint32_t)ldl_p(mem_buf);
 615            return 4;
 616        }
 617    } else if (n >= IDX_FP_REGS && n < IDX_FP_REGS + 8) {
 618#ifdef USE_X86LDOUBLE
 619        /* FIXME: byteswap float values - after fixing fpregs layout. */
 620        memcpy(&env->fpregs[n - IDX_FP_REGS], mem_buf, 10);
 621#endif
 622        return 10;
 623    } else if (n >= IDX_XMM_REGS && n < IDX_XMM_REGS + CPU_NB_REGS) {
 624        n -= IDX_XMM_REGS;
 625        if (n < CPU_NB_REGS32 ||
 626            (TARGET_LONG_BITS == 64 && env->hflags & HF_CS64_MASK)) {
 627            env->xmm_regs[n].XMM_Q(0) = ldq_p(mem_buf);
 628            env->xmm_regs[n].XMM_Q(1) = ldq_p(mem_buf + 8);
 629            return 16;
 630        }
 631    } else {
 632        switch (n) {
 633        case IDX_IP_REG:
 634            if (TARGET_LONG_BITS == 64 && env->hflags & HF_CS64_MASK) {
 635                env->eip = ldq_p(mem_buf);
 636                return 8;
 637            } else {
 638                env->eip &= ~0xffffffffUL;
 639                env->eip |= (uint32_t)ldl_p(mem_buf);
 640                return 4;
 641            }
 642        case IDX_FLAGS_REG:
 643            env->eflags = ldl_p(mem_buf);
 644            return 4;
 645
 646        case IDX_SEG_REGS:     return cpu_x86_gdb_load_seg(env, R_CS, mem_buf);
 647        case IDX_SEG_REGS + 1: return cpu_x86_gdb_load_seg(env, R_SS, mem_buf);
 648        case IDX_SEG_REGS + 2: return cpu_x86_gdb_load_seg(env, R_DS, mem_buf);
 649        case IDX_SEG_REGS + 3: return cpu_x86_gdb_load_seg(env, R_ES, mem_buf);
 650        case IDX_SEG_REGS + 4: return cpu_x86_gdb_load_seg(env, R_FS, mem_buf);
 651        case IDX_SEG_REGS + 5: return cpu_x86_gdb_load_seg(env, R_GS, mem_buf);
 652
 653        case IDX_FP_REGS + 8:
 654            env->fpuc = ldl_p(mem_buf);
 655            return 4;
 656        case IDX_FP_REGS + 9:
 657            tmp = ldl_p(mem_buf);
 658            env->fpstt = (tmp >> 11) & 7;
 659            env->fpus = tmp & ~0x3800;
 660            return 4;
 661        case IDX_FP_REGS + 10: /* ftag */  return 4;
 662        case IDX_FP_REGS + 11: /* fiseg */ return 4;
 663        case IDX_FP_REGS + 12: /* fioff */ return 4;
 664        case IDX_FP_REGS + 13: /* foseg */ return 4;
 665        case IDX_FP_REGS + 14: /* fooff */ return 4;
 666        case IDX_FP_REGS + 15: /* fop */   return 4;
 667
 668        case IDX_MXCSR_REG:
 669            env->mxcsr = ldl_p(mem_buf);
 670            return 4;
 671        }
 672    }
 673    /* Unrecognised register.  */
 674    return 0;
 675}
 676
 677#elif defined (TARGET_PPC)
 678
 679/* Old gdb always expects FP registers.  Newer (xml-aware) gdb only
 680   expects whatever the target description contains.  Due to a
 681   historical mishap the FP registers appear in between core integer
 682   regs and PC, MSR, CR, and so forth.  We hack round this by giving the
 683   FP regs zero size when talking to a newer gdb.  */
 684#define NUM_CORE_REGS 71
 685#if defined (TARGET_PPC64)
 686#define GDB_CORE_XML "power64-core.xml"
 687#else
 688#define GDB_CORE_XML "power-core.xml"
 689#endif
 690
 691static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
 692{
 693    if (n < 32) {
 694        /* gprs */
 695        GET_REGL(env->gpr[n]);
 696    } else if (n < 64) {
 697        /* fprs */
 698        if (gdb_has_xml)
 699            return 0;
 700        stfq_p(mem_buf, env->fpr[n-32]);
 701        return 8;
 702    } else {
 703        switch (n) {
 704        case 64: GET_REGL(env->nip);
 705        case 65: GET_REGL(env->msr);
 706        case 66:
 707            {
 708                uint32_t cr = 0;
 709                int i;
 710                for (i = 0; i < 8; i++)
 711                    cr |= env->crf[i] << (32 - ((i + 1) * 4));
 712                GET_REG32(cr);
 713            }
 714        case 67: GET_REGL(env->lr);
 715        case 68: GET_REGL(env->ctr);
 716        case 69: GET_REGL(env->xer);
 717        case 70:
 718            {
 719                if (gdb_has_xml)
 720                    return 0;
 721                GET_REG32(0); /* fpscr */
 722            }
 723        }
 724    }
 725    return 0;
 726}
 727
 728static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
 729{
 730    if (n < 32) {
 731        /* gprs */
 732        env->gpr[n] = ldtul_p(mem_buf);
 733        return sizeof(target_ulong);
 734    } else if (n < 64) {
 735        /* fprs */
 736        if (gdb_has_xml)
 737            return 0;
 738        env->fpr[n-32] = ldfq_p(mem_buf);
 739        return 8;
 740    } else {
 741        switch (n) {
 742        case 64:
 743            env->nip = ldtul_p(mem_buf);
 744            return sizeof(target_ulong);
 745        case 65:
 746            ppc_store_msr(env, ldtul_p(mem_buf));
 747            return sizeof(target_ulong);
 748        case 66:
 749            {
 750                uint32_t cr = ldl_p(mem_buf);
 751                int i;
 752                for (i = 0; i < 8; i++)
 753                    env->crf[i] = (cr >> (32 - ((i + 1) * 4))) & 0xF;
 754                return 4;
 755            }
 756        case 67:
 757            env->lr = ldtul_p(mem_buf);
 758            return sizeof(target_ulong);
 759        case 68:
 760            env->ctr = ldtul_p(mem_buf);
 761            return sizeof(target_ulong);
 762        case 69:
 763            env->xer = ldtul_p(mem_buf);
 764            return sizeof(target_ulong);
 765        case 70:
 766            /* fpscr */
 767            if (gdb_has_xml)
 768                return 0;
 769            return 4;
 770        }
 771    }
 772    return 0;
 773}
 774
 775#elif defined (TARGET_SPARC)
 776
 777#if defined(TARGET_SPARC64) && !defined(TARGET_ABI32)
 778#define NUM_CORE_REGS 86
 779#else
 780#define NUM_CORE_REGS 72
 781#endif
 782
 783#ifdef TARGET_ABI32
 784#define GET_REGA(val) GET_REG32(val)
 785#else
 786#define GET_REGA(val) GET_REGL(val)
 787#endif
 788
 789static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
 790{
 791    if (n < 8) {
 792        /* g0..g7 */
 793        GET_REGA(env->gregs[n]);
 794    }
 795    if (n < 32) {
 796        /* register window */
 797        GET_REGA(env->regwptr[n - 8]);
 798    }
 799#if defined(TARGET_ABI32) || !defined(TARGET_SPARC64)
 800    if (n < 64) {
 801        /* fprs */
 802        GET_REG32(*((uint32_t *)&env->fpr[n - 32]));
 803    }
 804    /* Y, PSR, WIM, TBR, PC, NPC, FPSR, CPSR */
 805    switch (n) {
 806    case 64: GET_REGA(env->y);
 807    case 65: GET_REGA(GET_PSR(env));
 808    case 66: GET_REGA(env->wim);
 809    case 67: GET_REGA(env->tbr);
 810    case 68: GET_REGA(env->pc);
 811    case 69: GET_REGA(env->npc);
 812    case 70: GET_REGA(env->fsr);
 813    case 71: GET_REGA(0); /* csr */
 814    default: GET_REGA(0);
 815    }
 816#else
 817    if (n < 64) {
 818        /* f0-f31 */
 819        GET_REG32(*((uint32_t *)&env->fpr[n - 32]));
 820    }
 821    if (n < 80) {
 822        /* f32-f62 (double width, even numbers only) */
 823        uint64_t val;
 824
 825        val = (uint64_t)*((uint32_t *)&env->fpr[(n - 64) * 2 + 32]) << 32;
 826        val |= *((uint32_t *)&env->fpr[(n - 64) * 2 + 33]);
 827        GET_REG64(val);
 828    }
 829    switch (n) {
 830    case 80: GET_REGL(env->pc);
 831    case 81: GET_REGL(env->npc);
 832    case 82: GET_REGL(((uint64_t)GET_CCR(env) << 32) |
 833                           ((env->asi & 0xff) << 24) |
 834                           ((env->pstate & 0xfff) << 8) |
 835                           GET_CWP64(env));
 836    case 83: GET_REGL(env->fsr);
 837    case 84: GET_REGL(env->fprs);
 838    case 85: GET_REGL(env->y);
 839    }
 840#endif
 841    return 0;
 842}
 843
 844static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
 845{
 846#if defined(TARGET_ABI32)
 847    abi_ulong tmp;
 848
 849    tmp = ldl_p(mem_buf);
 850#else
 851    target_ulong tmp;
 852
 853    tmp = ldtul_p(mem_buf);
 854#endif
 855
 856    if (n < 8) {
 857        /* g0..g7 */
 858        env->gregs[n] = tmp;
 859    } else if (n < 32) {
 860        /* register window */
 861        env->regwptr[n - 8] = tmp;
 862    }
 863#if defined(TARGET_ABI32) || !defined(TARGET_SPARC64)
 864    else if (n < 64) {
 865        /* fprs */
 866        *((uint32_t *)&env->fpr[n - 32]) = tmp;
 867    } else {
 868        /* Y, PSR, WIM, TBR, PC, NPC, FPSR, CPSR */
 869        switch (n) {
 870        case 64: env->y = tmp; break;
 871        case 65: PUT_PSR(env, tmp); break;
 872        case 66: env->wim = tmp; break;
 873        case 67: env->tbr = tmp; break;
 874        case 68: env->pc = tmp; break;
 875        case 69: env->npc = tmp; break;
 876        case 70: env->fsr = tmp; break;
 877        default: return 0;
 878        }
 879    }
 880    return 4;
 881#else
 882    else if (n < 64) {
 883        /* f0-f31 */
 884        env->fpr[n] = ldfl_p(mem_buf);
 885        return 4;
 886    } else if (n < 80) {
 887        /* f32-f62 (double width, even numbers only) */
 888        *((uint32_t *)&env->fpr[(n - 64) * 2 + 32]) = tmp >> 32;
 889        *((uint32_t *)&env->fpr[(n - 64) * 2 + 33]) = tmp;
 890    } else {
 891        switch (n) {
 892        case 80: env->pc = tmp; break;
 893        case 81: env->npc = tmp; break;
 894        case 82:
 895            PUT_CCR(env, tmp >> 32);
 896            env->asi = (tmp >> 24) & 0xff;
 897            env->pstate = (tmp >> 8) & 0xfff;
 898            PUT_CWP64(env, tmp & 0xff);
 899            break;
 900        case 83: env->fsr = tmp; break;
 901        case 84: env->fprs = tmp; break;
 902        case 85: env->y = tmp; break;
 903        default: return 0;
 904        }
 905    }
 906    return 8;
 907#endif
 908}
 909#elif defined (TARGET_ARM)
 910
 911/* Old gdb always expect FPA registers.  Newer (xml-aware) gdb only expect
 912   whatever the target description contains.  Due to a historical mishap
 913   the FPA registers appear in between core integer regs and the CPSR.
 914   We hack round this by giving the FPA regs zero size when talking to a
 915   newer gdb.  */
 916#define NUM_CORE_REGS 26
 917#define GDB_CORE_XML "arm-core.xml"
 918
 919static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
 920{
 921    if (n < 16) {
 922        /* Core integer register.  */
 923        GET_REG32(env->regs[n]);
 924    }
 925    if (n < 24) {
 926        /* FPA registers.  */
 927        if (gdb_has_xml)
 928            return 0;
 929        memset(mem_buf, 0, 12);
 930        return 12;
 931    }
 932    switch (n) {
 933    case 24:
 934        /* FPA status register.  */
 935        if (gdb_has_xml)
 936            return 0;
 937        GET_REG32(0);
 938    case 25:
 939        /* CPSR */
 940        GET_REG32(cpsr_read(env));
 941    }
 942    /* Unknown register.  */
 943    return 0;
 944}
 945
 946static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
 947{
 948    uint32_t tmp;
 949
 950    tmp = ldl_p(mem_buf);
 951
 952    /* Mask out low bit of PC to workaround gdb bugs.  This will probably
 953       cause problems if we ever implement the Jazelle DBX extensions.  */
 954    if (n == 15)
 955        tmp &= ~1;
 956
 957    if (n < 16) {
 958        /* Core integer register.  */
 959        env->regs[n] = tmp;
 960        return 4;
 961    }
 962    if (n < 24) { /* 16-23 */
 963        /* FPA registers (ignored).  */
 964        if (gdb_has_xml)
 965            return 0;
 966        return 12;
 967    }
 968    switch (n) {
 969    case 24:
 970        /* FPA status register (ignored).  */
 971        if (gdb_has_xml)
 972            return 0;
 973        return 4;
 974    case 25:
 975        /* CPSR */
 976        cpsr_write (env, tmp, 0xffffffff);
 977        return 4;
 978    }
 979    /* Unknown register.  */
 980    return 0;
 981}
 982
 983#elif defined (TARGET_M68K)
 984
 985#define NUM_CORE_REGS 18
 986
 987#define GDB_CORE_XML "cf-core.xml"
 988
 989static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
 990{
 991    if (n < 8) {
 992        /* D0-D7 */
 993        GET_REG32(env->dregs[n]);
 994    } else if (n < 16) {
 995        /* A0-A7 */
 996        GET_REG32(env->aregs[n - 8]);
 997    } else {
 998        switch (n) {
 999        case 16: GET_REG32(env->sr);
1000        case 17: GET_REG32(env->pc);

1001        }
1002    }
1003    /* FP registers not included here because they vary between
1004       ColdFire and m68k.  Use XML bits for these.  */
1005    return 0;
1006}
1007
1008static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
1009{
1010    uint32_t tmp;
1011
1012    tmp = ldl_p(mem_buf);
1013
1014    if (n < 8) {
1015        /* D0-D7 */
1016        env->dregs[n] = tmp;
1017    } else if (n < 8) {
1018        /* A0-A7 */
1019        env->aregs[n - 8] = tmp;
1020    } else {
1021        switch (n) {
1022        case 16: env->sr = tmp; break;
1023        case 17: env->pc = tmp; break;
1024        default: return 0;
1025        }
1026    }
1027    return 4;
1028}
1029#elif defined (TARGET_MIPS)
1030
1031#define NUM_CORE_REGS 73
1032
1033static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
1034{
1035    if (n < 32) {
1036        GET_REGL(env->active_tc.gpr[n]);
1037    }
1038    if (env->CP0_Config1 & (1 << CP0C1_FP)) {
1039        if (n >= 38 && n < 70) {
1040            if (env->CP0_Status & (1 << CP0St_FR))
1041                GET_REGL(env->active_fpu.fpr[n - 38].d);
1042            else
1043                GET_REGL(env->active_fpu.fpr[n - 38].w[FP_ENDIAN_IDX]);
1044        }
1045        switch (n) {
1046        case 70: GET_REGL((int32_t)env->active_fpu.fcr31);
1047        case 71: GET_REGL((int32_t)env->active_fpu.fcr0);
1048        }
1049    }
1050    switch (n) {
1051    case 32: GET_REGL((int32_t)env->CP0_Status);
1052    case 33: GET_REGL(env->active_tc.LO[0]);
1053    case 34: GET_REGL(env->active_tc.HI[0]);
1054    case 35: GET_REGL(env->CP0_BadVAddr);
1055    case 36: GET_REGL((int32_t)env->CP0_Cause);
1056    case 37: GET_REGL(env->active_tc.PC);
1057    case 72: GET_REGL(0); /* fp */
1058    case 89: GET_REGL((int32_t)env->CP0_PRid);
1059    }
1060    if (n >= 73 && n <= 88) {
1061        /* 16 embedded regs.  */
1062        GET_REGL(0);
1063    }
1064
1065    return 0;
1066}
1067
1068/* convert MIPS rounding mode in FCR31 to IEEE library */
1069static unsigned int ieee_rm[] =
1070  {
1071    float_round_nearest_even,
1072    float_round_to_zero,
1073    float_round_up,
1074    float_round_down
1075  };
1076#define RESTORE_ROUNDING_MODE \
1077    set_float_rounding_mode(ieee_rm[env->active_fpu.fcr31 & 3], &env->active_fpu.fp_status)
1078
1079static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
1080{
1081    target_ulong tmp;
1082
1083    tmp = ldtul_p(mem_buf);
1084
1085    if (n < 32) {
1086        env->active_tc.gpr[n] = tmp;
1087        return sizeof(target_ulong);
1088    }
1089    if (env->CP0_Config1 & (1 << CP0C1_FP)
1090            && n >= 38 && n < 73) {
1091        if (n < 70) {
1092            if (env->CP0_Status & (1 << CP0St_FR))
1093              env->active_fpu.fpr[n - 38].d = tmp;
1094            else
1095              env->active_fpu.fpr[n - 38].w[FP_ENDIAN_IDX] = tmp;
1096        }
1097        switch (n) {
1098        case 70:
1099            env->active_fpu.fcr31 = tmp & 0xFF83FFFF;
1100            /* set rounding mode */
1101            RESTORE_ROUNDING_MODE;
1102#ifndef CONFIG_SOFTFLOAT
1103            /* no floating point exception for native float */
1104            SET_FP_ENABLE(env->active_fpu.fcr31, 0);
1105#endif
1106            break;
1107        case 71: env->active_fpu.fcr0 = tmp; break;
1108        }
1109        return sizeof(target_ulong);
1110    }
1111    switch (n) {
1112    case 32: env->CP0_Status = tmp; break;
1113    case 33: env->active_tc.LO[0] = tmp; break;
1114    case 34: env->active_tc.HI[0] = tmp; break;
1115    case 35: env->CP0_BadVAddr = tmp; break;
1116    case 36: env->CP0_Cause = tmp; break;
1117    case 37: env->active_tc.PC = tmp; break;
1118    case 72: /* fp, ignored */ break;
1119    default: 
1120        if (n > 89)
1121            return 0;
1122        /* Other registers are readonly.  Ignore writes.  */
1123        break;
1124    }
1125
1126    return sizeof(target_ulong);
1127}
1128#elif defined (TARGET_SH4)
1129
1130/* Hint: Use "set architecture sh4" in GDB to see fpu registers */
1131/* FIXME: We should use XML for this.  */
1132
1133#define NUM_CORE_REGS 59
1134
1135static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
1136{
1137    if (n < 8) {
1138        if ((env->sr & (SR_MD | SR_RB)) == (SR_MD | SR_RB)) {
1139            GET_REGL(env->gregs[n + 16]);
1140        } else {
1141            GET_REGL(env->gregs[n]);
1142        }
1143    } else if (n < 16) {
1144        GET_REGL(env->gregs[n - 8]);
1145    } else if (n >= 25 && n < 41) {
1146        GET_REGL(env->fregs[(n - 25) + ((env->fpscr & FPSCR_FR) ? 16 : 0)]);
1147    } else if (n >= 43 && n < 51) {
1148        GET_REGL(env->gregs[n - 43]);
1149    } else if (n >= 51 && n < 59) {
1150        GET_REGL(env->gregs[n - (51 - 16)]);
1151    }
1152    switch (n) {
1153    case 16: GET_REGL(env->pc);
1154    case 17: GET_REGL(env->pr);
1155    case 18: GET_REGL(env->gbr);
1156    case 19: GET_REGL(env->vbr);
1157    case 20: GET_REGL(env->mach);
1158    case 21: GET_REGL(env->macl);
1159    case 22: GET_REGL(env->sr);
1160    case 23: GET_REGL(env->fpul);
1161    case 24: GET_REGL(env->fpscr);
1162    case 41: GET_REGL(env->ssr);
1163    case 42: GET_REGL(env->spc);
1164    }
1165
1166    return 0;
1167}
1168
1169static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
1170{
1171    uint32_t tmp;
1172
1173    tmp = ldl_p(mem_buf);
1174
1175    if (n < 8) {
1176        if ((env->sr & (SR_MD | SR_RB)) == (SR_MD | SR_RB)) {
1177            env->gregs[n + 16] = tmp;
1178        } else {
1179            env->gregs[n] = tmp;
1180        }
1181        return 4;
1182    } else if (n < 16) {
1183        env->gregs[n - 8] = tmp;
1184        return 4;
1185    } else if (n >= 25 && n < 41) {
1186        env->fregs[(n - 25) + ((env->fpscr & FPSCR_FR) ? 16 : 0)] = tmp;
1187    } else if (n >= 43 && n < 51) {
1188        env->gregs[n - 43] = tmp;
1189        return 4;
1190    } else if (n >= 51 && n < 59) {
1191        env->gregs[n - (51 - 16)] = tmp;
1192        return 4;
1193    }
1194    switch (n) {
1195    case 16: env->pc = tmp;
1196    case 17: env->pr = tmp;
1197    case 18: env->gbr = tmp;
1198    case 19: env->vbr = tmp;
1199    case 20: env->mach = tmp;
1200    case 21: env->macl = tmp;
1201    case 22: env->sr = tmp;
1202    case 23: env->fpul = tmp;
1203    case 24: env->fpscr = tmp;
1204    case 41: env->ssr = tmp;
1205    case 42: env->spc = tmp;
1206    default: return 0;
1207    }
1208
1209    return 4;
1210}
1211#elif defined (TARGET_MICROBLAZE)
1212
1213#define NUM_CORE_REGS (32 + 5)
1214
1215static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
1216{
1217    if (n < 32) {
1218        GET_REG32(env->regs[n]);
1219    } else {
1220        GET_REG32(env->sregs[n - 32]);
1221    }
1222    return 0;
1223}
1224
1225static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
1226{
1227    uint32_t tmp;
1228
1229    if (n > NUM_CORE_REGS)
1230        return 0;
1231
1232    tmp = ldl_p(mem_buf);
1233
1234    if (n < 32) {
1235        env->regs[n] = tmp;
1236    } else {
1237        env->sregs[n - 32] = tmp;
1238    }
1239    return 4;
1240}
1241#elif defined (TARGET_CRIS)
1242
1243#define NUM_CORE_REGS 49
1244
1245static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
1246{
1247    uint8_t srs;
1248
1249    srs = env->pregs[PR_SRS];
1250    if (n < 16) {
1251        GET_REG32(env->regs[n]);
1252    }
1253
1254    if (n >= 21 && n < 32) {
1255        GET_REG32(env->pregs[n - 16]);
1256    }
1257    if (n >= 33 && n < 49) {
1258        GET_REG32(env->sregs[srs][n - 33]);
1259    }
1260    switch (n) {
1261    case 16: GET_REG8(env->pregs[0]);
1262    case 17: GET_REG8(env->pregs[1]);
1263    case 18: GET_REG32(env->pregs[2]);
1264    case 19: GET_REG8(srs);
1265    case 20: GET_REG16(env->pregs[4]);
1266    case 32: GET_REG32(env->pc);
1267    }
1268
1269    return 0;
1270}
1271
1272static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
1273{
1274    uint32_t tmp;
1275
1276    if (n > 49)
1277        return 0;
1278
1279    tmp = ldl_p(mem_buf);
1280
1281    if (n < 16) {
1282        env->regs[n] = tmp;
1283    }
1284
1285    if (n >= 21 && n < 32) {
1286        env->pregs[n - 16] = tmp;
1287    }
1288
1289    /* FIXME: Should support function regs be writable?  */
1290    switch (n) {
1291    case 16: return 1;
1292    case 17: return 1;
1293    case 18: env->pregs[PR_PID] = tmp; break;
1294    case 19: return 1;
1295    case 20: return 2;
1296    case 32: env->pc = tmp; break;
1297    }
1298
1299    return 4;
1300}
1301#elif defined (TARGET_ALPHA)
1302
1303#define NUM_CORE_REGS 65
1304
1305static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
1306{
1307    if (n < 31) {
1308       GET_REGL(env->ir[n]);
1309    }
1310    else if (n == 31) {
1311       GET_REGL(0);
1312    }
1313    else if (n<63) {
1314       uint64_t val;
1315
1316       val = *((uint64_t *)&env->fir[n-32]);
1317       GET_REGL(val);
1318    }
1319    else if (n==63) {
1320       GET_REGL(env->fpcr);
1321    }
1322    else if (n==64) {
1323       GET_REGL(env->pc);
1324    }
1325    else {
1326       GET_REGL(0);
1327    }
1328
1329    return 0;
1330}
1331
1332static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
1333{
1334    target_ulong tmp;
1335    tmp = ldtul_p(mem_buf);
1336
1337    if (n < 31) {
1338        env->ir[n] = tmp;
1339    }
1340
1341    if (n > 31 && n < 63) {
1342        env->fir[n - 32] = ldfl_p(mem_buf);
1343    }
1344
1345    if (n == 64 ) {
1346       env->pc=tmp;
1347    }
1348
1349    return 8;
1350}
1351#elif defined (TARGET_S390X)
1352
1353#define NUM_CORE_REGS S390_NUM_TOTAL_REGS
1354
1355static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
1356{
1357    switch (n) {
1358        case S390_PSWM_REGNUM: GET_REGL(env->psw.mask); break;
1359        case S390_PSWA_REGNUM: GET_REGL(env->psw.addr); break;
1360        case S390_R0_REGNUM ... S390_R15_REGNUM:
1361            GET_REGL(env->regs[n-S390_R0_REGNUM]); break;
1362        case S390_A0_REGNUM ... S390_A15_REGNUM:
1363            GET_REG32(env->aregs[n-S390_A0_REGNUM]); break;
1364        case S390_FPC_REGNUM: GET_REG32(env->fpc); break;
1365        case S390_F0_REGNUM ... S390_F15_REGNUM:
1366            /* XXX */
1367            break;
1368        case S390_PC_REGNUM: GET_REGL(env->psw.addr); break;
1369        case S390_CC_REGNUM: GET_REG32(env->cc); break;
1370    }
1371
1372    return 0;
1373}
1374
1375static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
1376{
1377    target_ulong tmpl;
1378    uint32_t tmp32;
1379    int r = 8;
1380    tmpl = ldtul_p(mem_buf);
1381    tmp32 = ldl_p(mem_buf);
1382
1383    switch (n) {
1384        case S390_PSWM_REGNUM: env->psw.mask = tmpl; break;
1385        case S390_PSWA_REGNUM: env->psw.addr = tmpl; break;
1386        case S390_R0_REGNUM ... S390_R15_REGNUM:
1387            env->regs[n-S390_R0_REGNUM] = tmpl; break;
1388        case S390_A0_REGNUM ... S390_A15_REGNUM:
1389            env->aregs[n-S390_A0_REGNUM] = tmp32; r=4; break;
1390        case S390_FPC_REGNUM: env->fpc = tmp32; r=4; break;
1391        case S390_F0_REGNUM ... S390_F15_REGNUM:
1392            /* XXX */
1393            break;
1394        case S390_PC_REGNUM: env->psw.addr = tmpl; break;
1395        case S390_CC_REGNUM: env->cc = tmp32; r=4; break;
1396    }
1397
1398    return r;
1399}
1400#else
1401
1402#define NUM_CORE_REGS 0
1403
1404static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
1405{
1406    return 0;
1407}
1408
1409static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
1410{
1411    return 0;
1412}
1413
1414#endif
1415
1416static int num_g_regs = NUM_CORE_REGS;
1417
1418#ifdef GDB_CORE_XML
1419/* Encode data using the encoding for 'x' packets.  */
1420static int memtox(char *buf, const char *mem, int len)
1421{
1422    char *p = buf;
1423    char c;
1424
1425    while (len--) {
1426        c = *(mem++);
1427        switch (c) {
1428        case '#': case '$': case '*': case '}':
1429            *(p++) = '}';
1430            *(p++) = c ^ 0x20;
1431            break;
1432        default:
1433            *(p++) = c;
1434            break;
1435        }
1436    }
1437    return p - buf;
1438}
1439
1440static const char *get_feature_xml(const char *p, const char **newp)
1441{
1442    extern const char *const xml_builtin[][2];
1443    size_t len;
1444    int i;
1445    const char *name;
1446    static char target_xml[1024];
1447
1448    len = 0;
1449    while (p[len] && p[len] != ':')
1450        len++;
1451    *newp = p + len;
1452
1453    name = NULL;
1454    if (strncmp(p, "target.xml", len) == 0) {
1455        /* Generate the XML description for this CPU.  */
1456        if (!target_xml[0]) {
1457            GDBRegisterState *r;
1458
1459            snprintf(target_xml, sizeof(target_xml),
1460                     "<?xml version=\"1.0\"?>"
1461                     "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
1462                     "<target>"
1463                     "<xi:include href=\"%s\"/>",
1464                     GDB_CORE_XML);
1465
1466            for (r = first_cpu->gdb_regs; r; r = r->next) {
1467                pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
1468                pstrcat(target_xml, sizeof(target_xml), r->xml);
1469                pstrcat(target_xml, sizeof(target_xml), "\"/>");
1470            }
1471            pstrcat(target_xml, sizeof(target_xml), "</target>");
1472        }
1473        return target_xml;
1474    }
1475    for (i = 0; ; i++) {
1476        name = xml_builtin[i][0];
1477        if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
1478            break;
1479    }
1480    return name ? xml_builtin[i][1] : NULL;
1481}
1482#endif
1483
1484static int gdb_read_register(CPUState *env, uint8_t *mem_buf, int reg)
1485{
1486    GDBRegisterState *r;
1487
1488    if (reg < NUM_CORE_REGS)
1489        return cpu_gdb_read_register(env, mem_buf, reg);
1490
1491    for (r = env->gdb_regs; r; r = r->next) {
1492        if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
1493            return r->get_reg(env, mem_buf, reg - r->base_reg);
1494        }
1495    }
1496    return 0;
1497}
1498
1499static int gdb_write_register(CPUState *env, uint8_t *mem_buf, int reg)
1500{
1501    GDBRegisterState *r;
1502
1503    if (reg < NUM_CORE_REGS)
1504        return cpu_gdb_write_register(env, mem_buf, reg);
1505
1506    for (r = env->gdb_regs; r; r = r->next) {
1507        if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
1508            return r->set_reg(env, mem_buf, reg - r->base_reg);
1509        }
1510    }
1511    return 0;
1512}
1513
1514/* Register a supplemental set of CPU registers.  If g_pos is nonzero it
1515   specifies the first register number and these registers are included in
1516   a standard "g" packet.  Direction is relative to gdb, i.e. get_reg is
1517   gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
1518 */
1519
1520void gdb_register_coprocessor(CPUState * env,
1521                             gdb_reg_cb get_reg, gdb_reg_cb set_reg,
1522                             int num_regs, const char *xml, int g_pos)
1523{
1524    GDBRegisterState *s;
1525    GDBRegisterState **p;
1526    static int last_reg = NUM_CORE_REGS;
1527
1528    s = (GDBRegisterState *)qemu_mallocz(sizeof(GDBRegisterState));
1529    s->base_reg = last_reg;
1530    s->num_regs = num_regs;
1531    s->get_reg = get_reg;
1532    s->set_reg = set_reg;
1533    s->xml = xml;
1534    p = &env->gdb_regs;
1535    while (*p) {
1536        /* Check for duplicates.  */
1537        if (strcmp((*p)->xml, xml) == 0)
1538            return;
1539        p = &(*p)->next;
1540    }
1541    /* Add to end of list.  */
1542    last_reg += num_regs;
1543    *p = s;
1544    if (g_pos) {
1545        if (g_pos != s->base_reg) {
1546            fprintf(stderr, "Error: Bad gdb register numbering for '%s'\n"
1547                    "Expected %d got %d\n", xml, g_pos, s->base_reg);
1548        } else {
1549            num_g_regs = last_reg;
1550        }
1551    }
1552}
1553
1554#ifndef CONFIG_USER_ONLY
1555static const int xlat_gdb_type[] = {
1556    [GDB_WATCHPOINT_WRITE]  = BP_GDB | BP_MEM_WRITE,
1557    [GDB_WATCHPOINT_READ]   = BP_GDB | BP_MEM_READ,
1558    [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
1559};
1560#endif
1561
1562static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
1563{
1564    CPUState *env;
1565    int err = 0;
1566
1567    if (kvm_enabled())
1568        return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
1569
1570    switch (type) {
1571    case GDB_BREAKPOINT_SW:
1572    case GDB_BREAKPOINT_HW:
1573        for (env = first_cpu; env != NULL; env = env->next_cpu) {
1574            err = cpu_breakpoint_insert(env, addr, BP_GDB, NULL);
1575            if (err)
1576                break;
1577        }
1578        return err;
1579#ifndef CONFIG_USER_ONLY
1580    case GDB_WATCHPOINT_WRITE:
1581    case GDB_WATCHPOINT_READ:
1582    case GDB_WATCHPOINT_ACCESS:
1583        for (env = first_cpu; env != NULL; env = env->next_cpu) {
1584            err = cpu_watchpoint_insert(env, addr, len, xlat_gdb_type[type],
1585                                        NULL);
1586            if (err)
1587                break;
1588        }
1589        return err;
1590#endif
1591    default:
1592        return -ENOSYS;
1593    }
1594}
1595
1596static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
1597{
1598    CPUState *env;
1599    int err = 0;
1600
1601    if (kvm_enabled())
1602        return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
1603
1604    switch (type) {
1605    case GDB_BREAKPOINT_SW:
1606    case GDB_BREAKPOINT_HW:
1607        for (env = first_cpu; env != NULL; env = env->next_cpu) {
1608            err = cpu_breakpoint_remove(env, addr, BP_GDB);
1609            if (err)
1610                break;
1611        }
1612        return err;
1613#ifndef CONFIG_USER_ONLY
1614    case GDB_WATCHPOINT_WRITE:
1615    case GDB_WATCHPOINT_READ:
1616    case GDB_WATCHPOINT_ACCESS:
1617        for (env = first_cpu; env != NULL; env = env->next_cpu) {
1618            err = cpu_watchpoint_remove(env, addr, len, xlat_gdb_type[type]);
1619            if (err)
1620                break;
1621        }
1622        return err;
1623#endif
1624    default:
1625        return -ENOSYS;
1626    }
1627}
1628
1629static void gdb_breakpoint_remove_all(void)
1630{
1631    CPUState *env;
1632
1633    if (kvm_enabled()) {
1634        kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
1635        return;
1636    }
1637
1638    for (env = first_cpu; env != NULL; env = env->next_cpu) {
1639        cpu_breakpoint_remove_all(env, BP_GDB);
1640#ifndef CONFIG_USER_ONLY
1641        cpu_watchpoint_remove_all(env, BP_GDB);
1642#endif
1643    }
1644}
1645
1646static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
1647{
1648#if defined(TARGET_I386)
1649    cpu_synchronize_state(s->c_cpu);
1650    s->c_cpu->eip = pc;
1651#elif defined (TARGET_PPC)
1652    s->c_cpu->nip = pc;
1653#elif defined (TARGET_SPARC)
1654    s->c_cpu->pc = pc;
1655    s->c_cpu->npc = pc + 4;
1656#elif defined (TARGET_ARM)
1657    s->c_cpu->regs[15] = pc;
1658#elif defined (TARGET_SH4)
1659    s->c_cpu->pc = pc;
1660#elif defined (TARGET_MIPS)
1661    s->c_cpu->active_tc.PC = pc;
1662#elif defined (TARGET_MICROBLAZE)
1663    s->c_cpu->sregs[SR_PC] = pc;
1664#elif defined (TARGET_CRIS)
1665    s->c_cpu->pc = pc;
1666#elif defined (TARGET_ALPHA)
1667    s->c_cpu->pc = pc;
1668#elif defined (TARGET_S390X)
1669    cpu_synchronize_state(s->c_cpu);
1670    s->c_cpu->psw.addr = pc;
1671#endif
1672}
1673
1674static inline int gdb_id(CPUState *env)
1675{
1676#if defined(CONFIG_USER_ONLY) && defined(CONFIG_USE_NPTL)
1677    return env->host_tid;
1678#else
1679    return env->cpu_index + 1;
1680#endif
1681}
1682
1683static CPUState *find_cpu(uint32_t thread_id)
1684{
1685    CPUState *env;
1686
1687    for (env = first_cpu; env != NULL; env = env->next_cpu) {
1688        if (gdb_id(env) == thread_id) {
1689            return env;
1690        }
1691    }
1692
1693    return NULL;
1694}
1695
1696static int gdb_handle_packet(GDBState *s, const char *line_buf)
1697{
1698    CPUState *env;
1699    const char *p;
1700    uint32_t thread;
1701    int ch, reg_size, type, res;
1702    char buf[MAX_PACKET_LENGTH];
1703    uint8_t mem_buf[MAX_PACKET_LENGTH];
1704    uint8_t *registers;
1705    target_ulong addr, len;
1706
1707#ifdef DEBUG_GDB
1708    printf("command='%s'\n", line_buf);
1709#endif
1710    p = line_buf;
1711    ch = *p++;
1712    switch(ch) {
1713    case '?':
1714        /* TODO: Make this return the correct value for user-mode.  */
1715        snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
1716                 gdb_id(s->c_cpu));
1717        put_packet(s, buf);
1718        /* Remove all the breakpoints when this query is issued,
1719         * because gdb is doing and initial connect and the state
1720         * should be cleaned up.
1721         */
1722        gdb_breakpoint_remove_all();
1723        break;
1724    case 'c':
1725        if (*p != '\0') {
1726            addr = strtoull(p, (char **)&p, 16);
1727            gdb_set_cpu_pc(s, addr);
1728        }
1729        s->signal = 0;
1730        gdb_continue(s);
1731        return RS_IDLE;
1732    case 'C':
1733        s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
1734        if (s->signal == -1)
1735            s->signal = 0;
1736        gdb_continue(s);
1737        return RS_IDLE;
1738    case 'v':
1739        if (strncmp(p, "Cont", 4) == 0) {
1740            int res_signal, res_thread;
1741
1742            p += 4;
1743            if (*p == '?') {
1744                put_packet(s, "vCont;c;C;s;S");
1745                break;
1746            }
1747            res = 0;
1748            res_signal = 0;
1749            res_thread = 0;
1750            while (*p) {
1751                int action, signal;
1752
1753                if (*p++ != ';') {
1754                    res = 0;
1755                    break;
1756                }
1757                action = *p++;
1758                signal = 0;
1759                if (action == 'C' || action == 'S') {
1760                    signal = strtoul(p, (char **)&p, 16);
1761                } else if (action != 'c' && action != 's') {
1762                    res = 0;
1763                    break;
1764                }
1765                thread = 0;
1766                if (*p == ':') {
1767                    thread = strtoull(p+1, (char **)&p, 16);
1768                }
1769                action = tolower(action);
1770                if (res == 0 || (res == 'c' && action == 's')) {
1771                    res = action;
1772                    res_signal = signal;
1773                    res_thread = thread;
1774                }
1775            }
1776            if (res) {
1777                if (res_thread != -1 && res_thread != 0) {
1778                    env = find_cpu(res_thread);
1779                    if (env == NULL) {
1780                        put_packet(s, "E22");
1781                        break;
1782                    }
1783                    s->c_cpu = env;
1784                }
1785                if (res == 's') {
1786                    cpu_single_step(s->c_cpu, sstep_flags);
1787                }
1788                s->signal = res_signal;
1789                gdb_continue(s);
1790                return RS_IDLE;
1791            }
1792            break;
1793        } else {
1794            goto unknown_command;
1795        }
1796    case 'k':
1797        /* Kill the target */
1798        fprintf(stderr, "\nQEMU: Terminated via GDBstub\n");
1799        exit(0);
1800    case 'D':
1801        /* Detach packet */
1802        gdb_breakpoint_remove_all();
1803        gdb_continue(s);
1804        put_packet(s, "OK");
1805        break;
1806    case 's':
1807        if (*p != '\0') {
1808            addr = strtoull(p, (char **)&p, 16);
1809            gdb_set_cpu_pc(s, addr);
1810        }
1811        cpu_single_step(s->c_cpu, sstep_flags);
1812        gdb_continue(s);
1813        return RS_IDLE;
1814    case 'F':
1815        {
1816            target_ulong ret;
1817            target_ulong err;
1818
1819            ret = strtoull(p, (char **)&p, 16);
1820            if (*p == ',') {
1821                p++;
1822                err = strtoull(p, (char **)&p, 16);
1823            } else {
1824                err = 0;
1825            }
1826            if (*p == ',')
1827                p++;
1828            type = *p;
1829            if (gdb_current_syscall_cb)
1830                gdb_current_syscall_cb(s->c_cpu, ret, err);
1831            if (type == 'C') {
1832                put_packet(s, "T02");
1833            } else {
1834                gdb_continue(s);
1835            }
1836        }
1837        break;
1838    case 'g':
1839        cpu_synchronize_state(s->g_cpu);
1840        len = 0;
1841        for (addr = 0; addr < num_g_regs; addr++) {
1842            reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
1843            len += reg_size;
1844        }
1845        memtohex(buf, mem_buf, len);
1846        put_packet(s, buf);
1847        break;
1848    case 'G':
1849        cpu_synchronize_state(s->g_cpu);
1850        registers = mem_buf;
1851        len = strlen(p) / 2;
1852        hextomem((uint8_t *)registers, p, len);
1853        for (addr = 0; addr < num_g_regs && len > 0; addr++) {
1854            reg_size = gdb_write_register(s->g_cpu, registers, addr);
1855            len -= reg_size;
1856            registers += reg_size;
1857        }
1858        put_packet(s, "OK");
1859        break;
1860    case 'm':
1861        addr = strtoull(p, (char **)&p, 16);
1862        if (*p == ',')
1863            p++;
1864        len = strtoull(p, NULL, 16);
1865        if (cpu_memory_rw_debug(s->g_cpu, addr, mem_buf, len, 0) != 0) {
1866            put_packet (s, "E14");
1867        } else {
1868            memtohex(buf, mem_buf, len);
1869            put_packet(s, buf);
1870        }
1871        break;
1872    case 'M':
1873        addr = strtoull(p, (char **)&p, 16);
1874        if (*p == ',')
1875            p++;
1876        len = strtoull(p, (char **)&p, 16);
1877        if (*p == ':')
1878            p++;
1879        hextomem(mem_buf, p, len);
1880        if (cpu_memory_rw_debug(s->g_cpu, addr, mem_buf, len, 1) != 0)
1881            put_packet(s, "E14");
1882        else
1883            put_packet(s, "OK");
1884        break;
1885    case 'p':
1886        /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
1887           This works, but can be very slow.  Anything new enough to
1888           understand XML also knows how to use this properly.  */
1889        if (!gdb_has_xml)
1890            goto unknown_command;
1891        addr = strtoull(p, (char **)&p, 16);
1892        reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
1893        if (reg_size) {
1894            memtohex(buf, mem_buf, reg_size);
1895            put_packet(s, buf);
1896        } else {
1897            put_packet(s, "E14");
1898        }
1899        break;
1900    case 'P':
1901        if (!gdb_has_xml)
1902            goto unknown_command;
1903        addr = strtoull(p, (char **)&p, 16);
1904        if (*p == '=')
1905            p++;
1906        reg_size = strlen(p) / 2;
1907        hextomem(mem_buf, p, reg_size);
1908        gdb_write_register(s->g_cpu, mem_buf, addr);
1909        put_packet(s, "OK");
1910        break;
1911    case 'Z':
1912    case 'z':
1913        type = strtoul(p, (char **)&p, 16);
1914        if (*p == ',')
1915            p++;
1916        addr = strtoull(p, (char **)&p, 16);
1917        if (*p == ',')
1918            p++;
1919        len = strtoull(p, (char **)&p, 16);
1920        if (ch == 'Z')
1921            res = gdb_breakpoint_insert(addr, len, type);
1922        else
1923            res = gdb_breakpoint_remove(addr, len, type);
1924        if (res >= 0)
1925             put_packet(s, "OK");
1926        else if (res == -ENOSYS)
1927            put_packet(s, "");
1928        else
1929            put_packet(s, "E22");
1930        break;
1931    case 'H':
1932        type = *p++;
1933        thread = strtoull(p, (char **)&p, 16);
1934        if (thread == -1 || thread == 0) {
1935            put_packet(s, "OK");
1936            break;
1937        }
1938        env = find_cpu(thread);
1939        if (env == NULL) {
1940            put_packet(s, "E22");
1941            break;
1942        }
1943        switch (type) {
1944        case 'c':
1945            s->c_cpu = env;
1946            put_packet(s, "OK");
1947            break;
1948        case 'g':
1949            s->g_cpu = env;
1950            put_packet(s, "OK");
1951            break;
1952        default:
1953             put_packet(s, "E22");
1954             break;
1955        }
1956        break;
1957    case 'T':
1958        thread = strtoull(p, (char **)&p, 16);
1959        env = find_cpu(thread);
1960
1961        if (env != NULL) {
1962            put_packet(s, "OK");
1963        } else {
1964            put_packet(s, "E22");
1965        }
1966        break;
1967    case 'q':
1968    case 'Q':
1969        /* parse any 'q' packets here */
1970        if (!strcmp(p,"qemu.sstepbits")) {
1971            /* Query Breakpoint bit definitions */
1972            snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
1973                     SSTEP_ENABLE,
1974                     SSTEP_NOIRQ,
1975                     SSTEP_NOTIMER);
1976            put_packet(s, buf);
1977            break;
1978        } else if (strncmp(p,"qemu.sstep",10) == 0) {
1979            /* Display or change the sstep_flags */
1980            p += 10;
1981            if (*p != '=') {
1982                /* Display current setting */
1983                snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1984                put_packet(s, buf);
1985                break;
1986            }
1987            p++;
1988            type = strtoul(p, (char **)&p, 16);
1989            sstep_flags = type;
1990            put_packet(s, "OK");
1991            break;
1992        } else if (strcmp(p,"C") == 0) {
1993            /* "Current thread" remains vague in the spec, so always return
1994             *  the first CPU (gdb returns the first thread). */
1995            put_packet(s, "QC1");
1996            break;
1997        } else if (strcmp(p,"fThreadInfo") == 0) {
1998            s->query_cpu = first_cpu;
1999            goto report_cpuinfo;
2000        } else if (strcmp(p,"sThreadInfo") == 0) {

2001        report_cpuinfo:
2002            if (s->query_cpu) {
2003                snprintf(buf, sizeof(buf), "m%x", gdb_id(s->query_cpu));
2004                put_packet(s, buf);
2005                s->query_cpu = s->query_cpu->next_cpu;
2006            } else
2007                put_packet(s, "l");
2008            break;
2009        } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
2010            thread = strtoull(p+16, (char **)&p, 16);
2011            env = find_cpu(thread);
2012            if (env != NULL) {
2013                cpu_synchronize_state(env);
2014                len = snprintf((char *)mem_buf, sizeof(mem_buf),
2015                               "CPU#%d [%s]", env->cpu_index,
2016                               env->halted ? "halted " : "running");
2017                memtohex(buf, mem_buf, len);
2018                put_packet(s, buf);
2019            }
2020            break;
2021        }
2022#ifdef CONFIG_USER_ONLY
2023        else if (strncmp(p, "Offsets", 7) == 0) {
2024            TaskState *ts = s->c_cpu->opaque;
2025
2026            snprintf(buf, sizeof(buf),
2027                     "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
2028                     ";Bss=" TARGET_ABI_FMT_lx,
2029                     ts->info->code_offset,
2030                     ts->info->data_offset,
2031                     ts->info->data_offset);
2032            put_packet(s, buf);
2033            break;
2034        }
2035#else /* !CONFIG_USER_ONLY */
2036        else if (strncmp(p, "Rcmd,", 5) == 0) {
2037            int len = strlen(p + 5);
2038
2039            if ((len % 2) != 0) {
2040                put_packet(s, "E01");
2041                break;
2042            }
2043            hextomem(mem_buf, p + 5, len);
2044            len = len / 2;
2045            mem_buf[len++] = 0;
2046            qemu_chr_read(s->mon_chr, mem_buf, len);
2047            put_packet(s, "OK");
2048            break;
2049        }
2050#endif /* !CONFIG_USER_ONLY */
2051        if (strncmp(p, "Supported", 9) == 0) {
2052            snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
2053#ifdef GDB_CORE_XML
2054            pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
2055#endif
2056            put_packet(s, buf);
2057            break;
2058        }
2059#ifdef GDB_CORE_XML
2060        if (strncmp(p, "Xfer:features:read:", 19) == 0) {
2061            const char *xml;
2062            target_ulong total_len;
2063
2064            gdb_has_xml = 1;
2065            p += 19;
2066            xml = get_feature_xml(p, &p);
2067            if (!xml) {
2068                snprintf(buf, sizeof(buf), "E00");
2069                put_packet(s, buf);
2070                break;
2071            }
2072
2073            if (*p == ':')
2074                p++;
2075            addr = strtoul(p, (char **)&p, 16);
2076            if (*p == ',')
2077                p++;
2078            len = strtoul(p, (char **)&p, 16);
2079
2080            total_len = strlen(xml);
2081            if (addr > total_len) {
2082                snprintf(buf, sizeof(buf), "E00");
2083                put_packet(s, buf);
2084                break;
2085            }
2086            if (len > (MAX_PACKET_LENGTH - 5) / 2)
2087                len = (MAX_PACKET_LENGTH - 5) / 2;
2088            if (len < total_len - addr) {
2089                buf[0] = 'm';
2090                len = memtox(buf + 1, xml + addr, len);
2091            } else {
2092                buf[0] = 'l';
2093                len = memtox(buf + 1, xml + addr, total_len - addr);
2094            }
2095            put_packet_binary(s, buf, len + 1);
2096            break;
2097        }
2098#endif
2099        /* Unrecognised 'q' command.  */
2100        goto unknown_command;
2101
2102    default:
2103    unknown_command:
2104        /* put empty packet */
2105        buf[0] = '\0';
2106        put_packet(s, buf);
2107        break;
2108    }
2109    return RS_IDLE;
2110}
2111
2112void gdb_set_stop_cpu(CPUState *env)
2113{
2114    gdbserver_state->c_cpu = env;
2115    gdbserver_state->g_cpu = env;
2116}
2117
2118#ifndef CONFIG_USER_ONLY
2119static void gdb_vm_state_change(void *opaque, int running, int reason)
2120{
2121    GDBState *s = gdbserver_state;
2122    CPUState *env = s->c_cpu;
2123    char buf[256];
2124    const char *type;
2125    int ret;
2126
2127    if (running || (reason != EXCP_DEBUG && reason != EXCP_INTERRUPT) ||
2128        s->state == RS_INACTIVE || s->state == RS_SYSCALL)
2129        return;
2130
2131    /* disable single step if it was enable */
2132    cpu_single_step(env, 0);
2133
2134    if (reason == EXCP_DEBUG) {
2135        if (env->watchpoint_hit) {
2136            switch (env->watchpoint_hit->flags & BP_MEM_ACCESS) {
2137            case BP_MEM_READ:
2138                type = "r";
2139                break;
2140            case BP_MEM_ACCESS:
2141                type = "a";
2142                break;
2143            default:
2144                type = "";
2145                break;
2146            }
2147            snprintf(buf, sizeof(buf),
2148                     "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
2149                     GDB_SIGNAL_TRAP, gdb_id(env), type,
2150                     env->watchpoint_hit->vaddr);
2151            put_packet(s, buf);
2152            env->watchpoint_hit = NULL;
2153            return;
2154        }
2155        tb_flush(env);
2156        ret = GDB_SIGNAL_TRAP;
2157    } else {
2158        ret = GDB_SIGNAL_INT;
2159    }
2160    snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, gdb_id(env));
2161    put_packet(s, buf);
2162}
2163#endif
2164
2165/* Send a gdb syscall request.
2166   This accepts limited printf-style format specifiers, specifically:
2167    %x  - target_ulong argument printed in hex.
2168    %lx - 64-bit argument printed in hex.
2169    %s  - string pointer (target_ulong) and length (int) pair.  */
2170void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
2171{
2172    va_list va;
2173    char buf[256];
2174    char *p;
2175    target_ulong addr;
2176    uint64_t i64;
2177    GDBState *s;
2178
2179    s = gdbserver_state;
2180    if (!s)
2181        return;
2182    gdb_current_syscall_cb = cb;
2183    s->state = RS_SYSCALL;
2184#ifndef CONFIG_USER_ONLY
2185    vm_stop(EXCP_DEBUG);
2186#endif
2187    s->state = RS_IDLE;
2188    va_start(va, fmt);
2189    p = buf;
2190    *(p++) = 'F';
2191    while (*fmt) {
2192        if (*fmt == '%') {
2193            fmt++;
2194            switch (*fmt++) {
2195            case 'x':
2196                addr = va_arg(va, target_ulong);
2197                p += snprintf(p, &buf[sizeof(buf)] - p, TARGET_FMT_lx, addr);
2198                break;
2199            case 'l':
2200                if (*(fmt++) != 'x')
2201                    goto bad_format;
2202                i64 = va_arg(va, uint64_t);
2203                p += snprintf(p, &buf[sizeof(buf)] - p, "%" PRIx64, i64);
2204                break;
2205            case 's':
2206                addr = va_arg(va, target_ulong);
2207                p += snprintf(p, &buf[sizeof(buf)] - p, TARGET_FMT_lx "/%x",
2208                              addr, va_arg(va, int));
2209                break;
2210            default:
2211            bad_format:
2212                fprintf(stderr, "gdbstub: Bad syscall format string '%s'\n",
2213                        fmt - 1);
2214                break;
2215            }
2216        } else {
2217            *(p++) = *(fmt++);
2218        }
2219    }
2220    *p = 0;
2221    va_end(va);
2222    put_packet(s, buf);
2223#ifdef CONFIG_USER_ONLY
2224    gdb_handlesig(s->c_cpu, 0);
2225#else
2226    cpu_exit(s->c_cpu);
2227#endif
2228}
2229
2230static void gdb_read_byte(GDBState *s, int ch)
2231{
2232    int i, csum;
2233    uint8_t reply;
2234
2235#ifndef CONFIG_USER_ONLY
2236    if (s->last_packet_len) {
2237        /* Waiting for a response to the last packet.  If we see the start
2238           of a new command then abandon the previous response.  */
2239        if (ch == '-') {
2240#ifdef DEBUG_GDB
2241            printf("Got NACK, retransmitting\n");
2242#endif
2243            put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
2244        }
2245#ifdef DEBUG_GDB
2246        else if (ch == '+')
2247            printf("Got ACK\n");
2248        else
2249            printf("Got '%c' when expecting ACK/NACK\n", ch);
2250#endif
2251        if (ch == '+' || ch == '$')
2252            s->last_packet_len = 0;
2253        if (ch != '$')
2254            return;
2255    }
2256    if (vm_running) {
2257        /* when the CPU is running, we cannot do anything except stop
2258           it when receiving a char */
2259        vm_stop(EXCP_INTERRUPT);
2260    } else
2261#endif
2262    {
2263        switch(s->state) {
2264        case RS_IDLE:
2265            if (ch == '$') {
2266                s->line_buf_index = 0;
2267                s->state = RS_GETLINE;
2268            }
2269            break;
2270        case RS_GETLINE:
2271            if (ch == '#') {
2272            s->state = RS_CHKSUM1;
2273            } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
2274                s->state = RS_IDLE;
2275            } else {
2276            s->line_buf[s->line_buf_index++] = ch;
2277            }
2278            break;
2279        case RS_CHKSUM1:
2280            s->line_buf[s->line_buf_index] = '\0';
2281            s->line_csum = fromhex(ch) << 4;
2282            s->state = RS_CHKSUM2;
2283            break;
2284        case RS_CHKSUM2:
2285            s->line_csum |= fromhex(ch);
2286            csum = 0;
2287            for(i = 0; i < s->line_buf_index; i++) {
2288                csum += s->line_buf[i];
2289            }
2290            if (s->line_csum != (csum & 0xff)) {
2291                reply = '-';
2292                put_buffer(s, &reply, 1);
2293                s->state = RS_IDLE;
2294            } else {
2295                reply = '+';
2296                put_buffer(s, &reply, 1);
2297                s->state = gdb_handle_packet(s, s->line_buf);
2298            }
2299            break;
2300        default:
2301            abort();
2302        }
2303    }
2304}
2305
2306#ifdef CONFIG_USER_ONLY
2307int
2308gdb_queuesig (void)
2309{
2310    GDBState *s;
2311
2312    s = gdbserver_state;
2313
2314    if (gdbserver_fd < 0 || s->fd < 0)
2315        return 0;
2316    else
2317        return 1;
2318}
2319
2320int
2321gdb_handlesig (CPUState *env, int sig)
2322{
2323  GDBState *s;
2324  char buf[256];
2325  int n;
2326
2327  s = gdbserver_state;
2328  if (gdbserver_fd < 0 || s->fd < 0)
2329    return sig;
2330
2331  /* disable single step if it was enabled */
2332  cpu_single_step(env, 0);
2333  tb_flush(env);
2334
2335  if (sig != 0)
2336    {
2337      snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb (sig));
2338      put_packet(s, buf);
2339    }
2340  /* put_packet() might have detected that the peer terminated the 
2341     connection.  */
2342  if (s->fd < 0)
2343      return sig;
2344
2345  sig = 0;
2346  s->state = RS_IDLE;
2347  s->running_state = 0;
2348  while (s->running_state == 0) {
2349      n = read (s->fd, buf, 256);
2350      if (n > 0)
2351        {
2352          int i;
2353
2354          for (i = 0; i < n; i++)
2355            gdb_read_byte (s, buf[i]);
2356        }
2357      else if (n == 0 || errno != EAGAIN)
2358        {
2359          /* XXX: Connection closed.  Should probably wait for annother
2360             connection before continuing.  */
2361          return sig;
2362        }
2363  }
2364  sig = s->signal;
2365  s->signal = 0;
2366  return sig;
2367}
2368
2369/* Tell the remote gdb that the process has exited.  */
2370void gdb_exit(CPUState *env, int code)
2371{
2372  GDBState *s;
2373  char buf[4];
2374
2375  s = gdbserver_state;
2376  if (gdbserver_fd < 0 || s->fd < 0)
2377    return;
2378
2379  snprintf(buf, sizeof(buf), "W%02x", code);
2380  put_packet(s, buf);
2381}
2382
2383/* Tell the remote gdb that the process has exited due to SIG.  */
2384void gdb_signalled(CPUState *env, int sig)
2385{
2386  GDBState *s;
2387  char buf[4];
2388
2389  s = gdbserver_state;
2390  if (gdbserver_fd < 0 || s->fd < 0)
2391    return;
2392
2393  snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb (sig));
2394  put_packet(s, buf);
2395}
2396
2397static void gdb_accept(void)
2398{
2399    GDBState *s;
2400    struct sockaddr_in sockaddr;
2401    socklen_t len;
2402    int val, fd;
2403
2404    for(;;) {
2405        len = sizeof(sockaddr);
2406        fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
2407        if (fd < 0 && errno != EINTR) {
2408            perror("accept");
2409            return;
2410        } else if (fd >= 0) {
2411#ifndef _WIN32
2412            fcntl(fd, F_SETFD, FD_CLOEXEC);
2413#endif
2414            break;
2415        }
2416    }
2417
2418    /* set short latency */
2419    val = 1;
2420    setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, (char *)&val, sizeof(val));
2421
2422    s = qemu_mallocz(sizeof(GDBState));
2423    s->c_cpu = first_cpu;
2424    s->g_cpu = first_cpu;
2425    s->fd = fd;
2426    gdb_has_xml = 0;
2427
2428    gdbserver_state = s;
2429
2430    fcntl(fd, F_SETFL, O_NONBLOCK);
2431}
2432
2433static int gdbserver_open(int port)
2434{
2435    struct sockaddr_in sockaddr;
2436    int fd, val, ret;
2437
2438    fd = socket(PF_INET, SOCK_STREAM, 0);
2439    if (fd < 0) {
2440        perror("socket");
2441        return -1;
2442    }
2443#ifndef _WIN32
2444    fcntl(fd, F_SETFD, FD_CLOEXEC);
2445#endif
2446
2447    /* allow fast reuse */
2448    val = 1;
2449    setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)&val, sizeof(val));
2450
2451    sockaddr.sin_family = AF_INET;
2452    sockaddr.sin_port = htons(port);
2453    sockaddr.sin_addr.s_addr = 0;
2454    ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
2455    if (ret < 0) {
2456        perror("bind");
2457        return -1;
2458    }
2459    ret = listen(fd, 0);
2460    if (ret < 0) {
2461        perror("listen");
2462        return -1;
2463    }
2464    return fd;
2465}
2466
2467int gdbserver_start(int port)
2468{
2469    gdbserver_fd = gdbserver_open(port);
2470    if (gdbserver_fd < 0)
2471        return -1;
2472    /* accept connections */
2473    gdb_accept();
2474    return 0;
2475}
2476
2477/* Disable gdb stub for child processes.  */
2478void gdbserver_fork(CPUState *env)
2479{
2480    GDBState *s = gdbserver_state;
2481    if (gdbserver_fd < 0 || s->fd < 0)
2482      return;
2483    close(s->fd);
2484    s->fd = -1;
2485    cpu_breakpoint_remove_all(env, BP_GDB);
2486    cpu_watchpoint_remove_all(env, BP_GDB);
2487}
2488#else
2489static int gdb_chr_can_receive(void *opaque)
2490{
2491  /* We can handle an arbitrarily large amount of data.
2492   Pick the maximum packet size, which is as good as anything.  */
2493  return MAX_PACKET_LENGTH;
2494}
2495
2496static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
2497{
2498    int i;
2499
2500    for (i = 0; i < size; i++) {
2501        gdb_read_byte(gdbserver_state, buf[i]);
2502    }
2503}
2504
2505static void gdb_chr_event(void *opaque, int event)
2506{
2507    switch (event) {
2508    case CHR_EVENT_OPENED:
2509        vm_stop(EXCP_INTERRUPT);
2510        gdb_has_xml = 0;
2511        break;
2512    default:
2513        break;
2514    }
2515}
2516
2517static void gdb_monitor_output(GDBState *s, const char *msg, int len)
2518{
2519    char buf[MAX_PACKET_LENGTH];
2520
2521    buf[0] = 'O';
2522    if (len > (MAX_PACKET_LENGTH/2) - 1)
2523        len = (MAX_PACKET_LENGTH/2) - 1;
2524    memtohex(buf + 1, (uint8_t *)msg, len);
2525    put_packet(s, buf);
2526}
2527
2528static int gdb_monitor_write(CharDriverState *chr, const uint8_t *buf, int len)
2529{
2530    const char *p = (const char *)buf;
2531    int max_sz;
2532
2533    max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
2534    for (;;) {
2535        if (len <= max_sz) {
2536            gdb_monitor_output(gdbserver_state, p, len);
2537            break;
2538        }
2539        gdb_monitor_output(gdbserver_state, p, max_sz);
2540        p += max_sz;
2541        len -= max_sz;
2542    }
2543    return len;
2544}
2545
2546#ifndef _WIN32
2547static void gdb_sigterm_handler(int signal)
2548{
2549    if (vm_running)
2550        vm_stop(EXCP_INTERRUPT);
2551}
2552#endif
2553
2554int gdbserver_start(const char *device)
2555{
2556    GDBState *s;
2557    char gdbstub_device_name[128];
2558    CharDriverState *chr = NULL;
2559    CharDriverState *mon_chr;
2560
2561    if (!device)
2562        return -1;
2563    if (strcmp(device, "none") != 0) {
2564        if (strstart(device, "tcp:", NULL)) {
2565            /* enforce required TCP attributes */
2566            snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
2567                     "%s,nowait,nodelay,server", device);
2568            device = gdbstub_device_name;
2569        }
2570#ifndef _WIN32
2571        else if (strcmp(device, "stdio") == 0) {
2572            struct sigaction act;
2573
2574            memset(&act, 0, sizeof(act));
2575            act.sa_handler = gdb_sigterm_handler;
2576            sigaction(SIGINT, &act, NULL);
2577        }
2578#endif
2579        chr = qemu_chr_open("gdb", device, NULL);
2580        if (!chr)
2581            return -1;
2582
2583        qemu_chr_add_handlers(chr, gdb_chr_can_receive, gdb_chr_receive,
2584                              gdb_chr_event, NULL);
2585    }
2586
2587    s = gdbserver_state;
2588    if (!s) {
2589        s = qemu_mallocz(sizeof(GDBState));
2590        gdbserver_state = s;
2591
2592        qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
2593
2594        /* Initialize a monitor terminal for gdb */
2595        mon_chr = qemu_mallocz(sizeof(*mon_chr));
2596        mon_chr->chr_write = gdb_monitor_write;
2597        monitor_init(mon_chr, 0);
2598    } else {
2599        if (s->chr)
2600            qemu_chr_close(s->chr);
2601        mon_chr = s->mon_chr;
2602        memset(s, 0, sizeof(GDBState));
2603    }
2604    s->c_cpu = first_cpu;
2605    s->g_cpu = first_cpu;
2606    s->chr = chr;
2607    s->state = chr ? RS_IDLE : RS_INACTIVE;
2608    s->mon_chr = mon_chr;
2609
2610    return 0;
2611}
2612#endif
2613