File:  [Qemu by Fabrice Bellard] / qemu / gdbstub.c
Revision 1.1.1.13 (vendor branch): download - view: text, annotated - select for diffs
Tue Apr 24 19:16:34 2018 UTC (3 years, 1 month ago) by root
Branches: qemu, MAIN
CVS tags: qemu1001, HEAD
qemu 1.0.1

    1: /*
    2:  * gdb server stub
    3:  *
    4:  * Copyright (c) 2003-2005 Fabrice Bellard
    5:  *
    6:  * This library is free software; you can redistribute it and/or
    7:  * modify it under the terms of the GNU Lesser General Public
    8:  * License as published by the Free Software Foundation; either
    9:  * version 2 of the License, or (at your option) any later version.
   10:  *
   11:  * This library is distributed in the hope that it will be useful,
   12:  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   13:  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   14:  * Lesser General Public License for more details.
   15:  *
   16:  * You should have received a copy of the GNU Lesser General Public
   17:  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
   18:  */
   19: #include "config.h"
   20: #include "qemu-common.h"
   21: #ifdef CONFIG_USER_ONLY
   22: #include <stdlib.h>
   23: #include <stdio.h>
   24: #include <stdarg.h>
   25: #include <string.h>
   26: #include <errno.h>
   27: #include <unistd.h>
   28: #include <fcntl.h>
   29: 
   30: #include "qemu.h"
   31: #else
   32: #include "monitor.h"
   33: #include "qemu-char.h"
   34: #include "sysemu.h"
   35: #include "gdbstub.h"
   36: #endif
   37: 
   38: #define MAX_PACKET_LENGTH 4096
   39: 
   40: #include "cpu.h"
   41: #include "qemu_socket.h"
   42: #include "kvm.h"
   43: 
   44: #ifndef TARGET_CPU_MEMORY_RW_DEBUG
   45: static inline int target_memory_rw_debug(CPUState *env, target_ulong addr,
   46:                                          uint8_t *buf, int len, int is_write)
   47: {
   48:     return cpu_memory_rw_debug(env, addr, buf, len, is_write);
   49: }
   50: #else
   51: /* target_memory_rw_debug() defined in cpu.h */
   52: #endif
   53: 
   54: enum {
   55:     GDB_SIGNAL_0 = 0,
   56:     GDB_SIGNAL_INT = 2,
   57:     GDB_SIGNAL_QUIT = 3,
   58:     GDB_SIGNAL_TRAP = 5,
   59:     GDB_SIGNAL_ABRT = 6,
   60:     GDB_SIGNAL_ALRM = 14,
   61:     GDB_SIGNAL_IO = 23,
   62:     GDB_SIGNAL_XCPU = 24,
   63:     GDB_SIGNAL_UNKNOWN = 143
   64: };
   65: 
   66: #ifdef CONFIG_USER_ONLY
   67: 
   68: /* Map target signal numbers to GDB protocol signal numbers and vice
   69:  * versa.  For user emulation's currently supported systems, we can
   70:  * assume most signals are defined.
   71:  */
   72: 
   73: static int gdb_signal_table[] = {
   74:     0,
   75:     TARGET_SIGHUP,
   76:     TARGET_SIGINT,
   77:     TARGET_SIGQUIT,
   78:     TARGET_SIGILL,
   79:     TARGET_SIGTRAP,
   80:     TARGET_SIGABRT,
   81:     -1, /* SIGEMT */
   82:     TARGET_SIGFPE,
   83:     TARGET_SIGKILL,
   84:     TARGET_SIGBUS,
   85:     TARGET_SIGSEGV,
   86:     TARGET_SIGSYS,
   87:     TARGET_SIGPIPE,
   88:     TARGET_SIGALRM,
   89:     TARGET_SIGTERM,
   90:     TARGET_SIGURG,
   91:     TARGET_SIGSTOP,
   92:     TARGET_SIGTSTP,
   93:     TARGET_SIGCONT,
   94:     TARGET_SIGCHLD,
   95:     TARGET_SIGTTIN,
   96:     TARGET_SIGTTOU,
   97:     TARGET_SIGIO,
   98:     TARGET_SIGXCPU,
   99:     TARGET_SIGXFSZ,
  100:     TARGET_SIGVTALRM,
  101:     TARGET_SIGPROF,
  102:     TARGET_SIGWINCH,
  103:     -1, /* SIGLOST */
  104:     TARGET_SIGUSR1,
  105:     TARGET_SIGUSR2,
  106: #ifdef TARGET_SIGPWR
  107:     TARGET_SIGPWR,
  108: #else
  109:     -1,
  110: #endif
  111:     -1, /* SIGPOLL */
  112:     -1,
  113:     -1,
  114:     -1,
  115:     -1,
  116:     -1,
  117:     -1,
  118:     -1,
  119:     -1,
  120:     -1,
  121:     -1,
  122:     -1,
  123: #ifdef __SIGRTMIN
  124:     __SIGRTMIN + 1,
  125:     __SIGRTMIN + 2,
  126:     __SIGRTMIN + 3,
  127:     __SIGRTMIN + 4,
  128:     __SIGRTMIN + 5,
  129:     __SIGRTMIN + 6,
  130:     __SIGRTMIN + 7,
  131:     __SIGRTMIN + 8,
  132:     __SIGRTMIN + 9,
  133:     __SIGRTMIN + 10,
  134:     __SIGRTMIN + 11,
  135:     __SIGRTMIN + 12,
  136:     __SIGRTMIN + 13,
  137:     __SIGRTMIN + 14,
  138:     __SIGRTMIN + 15,
  139:     __SIGRTMIN + 16,
  140:     __SIGRTMIN + 17,
  141:     __SIGRTMIN + 18,
  142:     __SIGRTMIN + 19,
  143:     __SIGRTMIN + 20,
  144:     __SIGRTMIN + 21,
  145:     __SIGRTMIN + 22,
  146:     __SIGRTMIN + 23,
  147:     __SIGRTMIN + 24,
  148:     __SIGRTMIN + 25,
  149:     __SIGRTMIN + 26,
  150:     __SIGRTMIN + 27,
  151:     __SIGRTMIN + 28,
  152:     __SIGRTMIN + 29,
  153:     __SIGRTMIN + 30,
  154:     __SIGRTMIN + 31,
  155:     -1, /* SIGCANCEL */
  156:     __SIGRTMIN,
  157:     __SIGRTMIN + 32,
  158:     __SIGRTMIN + 33,
  159:     __SIGRTMIN + 34,
  160:     __SIGRTMIN + 35,
  161:     __SIGRTMIN + 36,
  162:     __SIGRTMIN + 37,
  163:     __SIGRTMIN + 38,
  164:     __SIGRTMIN + 39,
  165:     __SIGRTMIN + 40,
  166:     __SIGRTMIN + 41,
  167:     __SIGRTMIN + 42,
  168:     __SIGRTMIN + 43,
  169:     __SIGRTMIN + 44,
  170:     __SIGRTMIN + 45,
  171:     __SIGRTMIN + 46,
  172:     __SIGRTMIN + 47,
  173:     __SIGRTMIN + 48,
  174:     __SIGRTMIN + 49,
  175:     __SIGRTMIN + 50,
  176:     __SIGRTMIN + 51,
  177:     __SIGRTMIN + 52,
  178:     __SIGRTMIN + 53,
  179:     __SIGRTMIN + 54,
  180:     __SIGRTMIN + 55,
  181:     __SIGRTMIN + 56,
  182:     __SIGRTMIN + 57,
  183:     __SIGRTMIN + 58,
  184:     __SIGRTMIN + 59,
  185:     __SIGRTMIN + 60,
  186:     __SIGRTMIN + 61,
  187:     __SIGRTMIN + 62,
  188:     __SIGRTMIN + 63,
  189:     __SIGRTMIN + 64,
  190:     __SIGRTMIN + 65,
  191:     __SIGRTMIN + 66,
  192:     __SIGRTMIN + 67,
  193:     __SIGRTMIN + 68,
  194:     __SIGRTMIN + 69,
  195:     __SIGRTMIN + 70,
  196:     __SIGRTMIN + 71,
  197:     __SIGRTMIN + 72,
  198:     __SIGRTMIN + 73,
  199:     __SIGRTMIN + 74,
  200:     __SIGRTMIN + 75,
  201:     __SIGRTMIN + 76,
  202:     __SIGRTMIN + 77,
  203:     __SIGRTMIN + 78,
  204:     __SIGRTMIN + 79,
  205:     __SIGRTMIN + 80,
  206:     __SIGRTMIN + 81,
  207:     __SIGRTMIN + 82,
  208:     __SIGRTMIN + 83,
  209:     __SIGRTMIN + 84,
  210:     __SIGRTMIN + 85,
  211:     __SIGRTMIN + 86,
  212:     __SIGRTMIN + 87,
  213:     __SIGRTMIN + 88,
  214:     __SIGRTMIN + 89,
  215:     __SIGRTMIN + 90,
  216:     __SIGRTMIN + 91,
  217:     __SIGRTMIN + 92,
  218:     __SIGRTMIN + 93,
  219:     __SIGRTMIN + 94,
  220:     __SIGRTMIN + 95,
  221:     -1, /* SIGINFO */
  222:     -1, /* UNKNOWN */
  223:     -1, /* DEFAULT */
  224:     -1,
  225:     -1,
  226:     -1,
  227:     -1,
  228:     -1,
  229:     -1
  230: #endif
  231: };
  232: #else
  233: /* In system mode we only need SIGINT and SIGTRAP; other signals
  234:    are not yet supported.  */
  235: 
  236: enum {
  237:     TARGET_SIGINT = 2,
  238:     TARGET_SIGTRAP = 5
  239: };
  240: 
  241: static int gdb_signal_table[] = {
  242:     -1,
  243:     -1,
  244:     TARGET_SIGINT,
  245:     -1,
  246:     -1,
  247:     TARGET_SIGTRAP
  248: };
  249: #endif
  250: 
  251: #ifdef CONFIG_USER_ONLY
  252: static int target_signal_to_gdb (int sig)
  253: {
  254:     int i;
  255:     for (i = 0; i < ARRAY_SIZE (gdb_signal_table); i++)
  256:         if (gdb_signal_table[i] == sig)
  257:             return i;
  258:     return GDB_SIGNAL_UNKNOWN;
  259: }
  260: #endif
  261: 
  262: static int gdb_signal_to_target (int sig)
  263: {
  264:     if (sig < ARRAY_SIZE (gdb_signal_table))
  265:         return gdb_signal_table[sig];
  266:     else
  267:         return -1;
  268: }
  269: 
  270: //#define DEBUG_GDB
  271: 
  272: typedef struct GDBRegisterState {
  273:     int base_reg;
  274:     int num_regs;
  275:     gdb_reg_cb get_reg;
  276:     gdb_reg_cb set_reg;
  277:     const char *xml;
  278:     struct GDBRegisterState *next;
  279: } GDBRegisterState;
  280: 
  281: enum RSState {
  282:     RS_INACTIVE,
  283:     RS_IDLE,
  284:     RS_GETLINE,
  285:     RS_CHKSUM1,
  286:     RS_CHKSUM2,
  287:     RS_SYSCALL,
  288: };
  289: typedef struct GDBState {
  290:     CPUState *c_cpu; /* current CPU for step/continue ops */
  291:     CPUState *g_cpu; /* current CPU for other ops */
  292:     CPUState *query_cpu; /* for q{f|s}ThreadInfo */
  293:     enum RSState state; /* parsing state */
  294:     char line_buf[MAX_PACKET_LENGTH];
  295:     int line_buf_index;
  296:     int line_csum;
  297:     uint8_t last_packet[MAX_PACKET_LENGTH + 4];
  298:     int last_packet_len;
  299:     int signal;
  300: #ifdef CONFIG_USER_ONLY
  301:     int fd;
  302:     int running_state;
  303: #else
  304:     CharDriverState *chr;
  305:     CharDriverState *mon_chr;
  306: #endif
  307: } GDBState;
  308: 
  309: /* By default use no IRQs and no timers while single stepping so as to
  310:  * make single stepping like an ICE HW step.
  311:  */
  312: static int sstep_flags = SSTEP_ENABLE|SSTEP_NOIRQ|SSTEP_NOTIMER;
  313: 
  314: static GDBState *gdbserver_state;
  315: 
  316: /* This is an ugly hack to cope with both new and old gdb.
  317:    If gdb sends qXfer:features:read then assume we're talking to a newish
  318:    gdb that understands target descriptions.  */
  319: static int gdb_has_xml;
  320: 
  321: #ifdef CONFIG_USER_ONLY
  322: /* XXX: This is not thread safe.  Do we care?  */
  323: static int gdbserver_fd = -1;
  324: 
  325: static int get_char(GDBState *s)
  326: {
  327:     uint8_t ch;
  328:     int ret;
  329: 
  330:     for(;;) {
  331:         ret = qemu_recv(s->fd, &ch, 1, 0);
  332:         if (ret < 0) {
  333:             if (errno == ECONNRESET)
  334:                 s->fd = -1;
  335:             if (errno != EINTR && errno != EAGAIN)
  336:                 return -1;
  337:         } else if (ret == 0) {
  338:             close(s->fd);
  339:             s->fd = -1;
  340:             return -1;
  341:         } else {
  342:             break;
  343:         }
  344:     }
  345:     return ch;
  346: }
  347: #endif
  348: 
  349: static gdb_syscall_complete_cb gdb_current_syscall_cb;
  350: 
  351: static enum {
  352:     GDB_SYS_UNKNOWN,
  353:     GDB_SYS_ENABLED,
  354:     GDB_SYS_DISABLED,
  355: } gdb_syscall_mode;
  356: 
  357: /* If gdb is connected when the first semihosting syscall occurs then use
  358:    remote gdb syscalls.  Otherwise use native file IO.  */
  359: int use_gdb_syscalls(void)
  360: {
  361:     if (gdb_syscall_mode == GDB_SYS_UNKNOWN) {
  362:         gdb_syscall_mode = (gdbserver_state ? GDB_SYS_ENABLED
  363:                                             : GDB_SYS_DISABLED);
  364:     }
  365:     return gdb_syscall_mode == GDB_SYS_ENABLED;
  366: }
  367: 
  368: /* Resume execution.  */
  369: static inline void gdb_continue(GDBState *s)
  370: {
  371: #ifdef CONFIG_USER_ONLY
  372:     s->running_state = 1;
  373: #else
  374:     vm_start();
  375: #endif
  376: }
  377: 
  378: static void put_buffer(GDBState *s, const uint8_t *buf, int len)
  379: {
  380: #ifdef CONFIG_USER_ONLY
  381:     int ret;
  382: 
  383:     while (len > 0) {
  384:         ret = send(s->fd, buf, len, 0);
  385:         if (ret < 0) {
  386:             if (errno != EINTR && errno != EAGAIN)
  387:                 return;
  388:         } else {
  389:             buf += ret;
  390:             len -= ret;
  391:         }
  392:     }
  393: #else
  394:     qemu_chr_fe_write(s->chr, buf, len);
  395: #endif
  396: }
  397: 
  398: static inline int fromhex(int v)
  399: {
  400:     if (v >= '0' && v <= '9')
  401:         return v - '0';
  402:     else if (v >= 'A' && v <= 'F')
  403:         return v - 'A' + 10;
  404:     else if (v >= 'a' && v <= 'f')
  405:         return v - 'a' + 10;
  406:     else
  407:         return 0;
  408: }
  409: 
  410: static inline int tohex(int v)
  411: {
  412:     if (v < 10)
  413:         return v + '0';
  414:     else
  415:         return v - 10 + 'a';
  416: }
  417: 
  418: static void memtohex(char *buf, const uint8_t *mem, int len)
  419: {
  420:     int i, c;
  421:     char *q;
  422:     q = buf;
  423:     for(i = 0; i < len; i++) {
  424:         c = mem[i];
  425:         *q++ = tohex(c >> 4);
  426:         *q++ = tohex(c & 0xf);
  427:     }
  428:     *q = '\0';
  429: }
  430: 
  431: static void hextomem(uint8_t *mem, const char *buf, int len)
  432: {
  433:     int i;
  434: 
  435:     for(i = 0; i < len; i++) {
  436:         mem[i] = (fromhex(buf[0]) << 4) | fromhex(buf[1]);
  437:         buf += 2;
  438:     }
  439: }
  440: 
  441: /* return -1 if error, 0 if OK */
  442: static int put_packet_binary(GDBState *s, const char *buf, int len)
  443: {
  444:     int csum, i;
  445:     uint8_t *p;
  446: 
  447:     for(;;) {
  448:         p = s->last_packet;
  449:         *(p++) = '$';
  450:         memcpy(p, buf, len);
  451:         p += len;
  452:         csum = 0;
  453:         for(i = 0; i < len; i++) {
  454:             csum += buf[i];
  455:         }
  456:         *(p++) = '#';
  457:         *(p++) = tohex((csum >> 4) & 0xf);
  458:         *(p++) = tohex((csum) & 0xf);
  459: 
  460:         s->last_packet_len = p - s->last_packet;
  461:         put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
  462: 
  463: #ifdef CONFIG_USER_ONLY
  464:         i = get_char(s);
  465:         if (i < 0)
  466:             return -1;
  467:         if (i == '+')
  468:             break;
  469: #else
  470:         break;
  471: #endif
  472:     }
  473:     return 0;
  474: }
  475: 
  476: /* return -1 if error, 0 if OK */
  477: static int put_packet(GDBState *s, const char *buf)
  478: {
  479: #ifdef DEBUG_GDB
  480:     printf("reply='%s'\n", buf);
  481: #endif
  482: 
  483:     return put_packet_binary(s, buf, strlen(buf));
  484: }
  485: 
  486: /* The GDB remote protocol transfers values in target byte order.  This means
  487:    we can use the raw memory access routines to access the value buffer.
  488:    Conveniently, these also handle the case where the buffer is mis-aligned.
  489:  */
  490: #define GET_REG8(val) do { \
  491:     stb_p(mem_buf, val); \
  492:     return 1; \
  493:     } while(0)
  494: #define GET_REG16(val) do { \
  495:     stw_p(mem_buf, val); \
  496:     return 2; \
  497:     } while(0)
  498: #define GET_REG32(val) do { \
  499:     stl_p(mem_buf, val); \
  500:     return 4; \
  501:     } while(0)
  502: #define GET_REG64(val) do { \
  503:     stq_p(mem_buf, val); \
  504:     return 8; \
  505:     } while(0)
  506: 
  507: #if TARGET_LONG_BITS == 64
  508: #define GET_REGL(val) GET_REG64(val)
  509: #define ldtul_p(addr) ldq_p(addr)
  510: #else
  511: #define GET_REGL(val) GET_REG32(val)
  512: #define ldtul_p(addr) ldl_p(addr)
  513: #endif
  514: 
  515: #if defined(TARGET_I386)
  516: 
  517: #ifdef TARGET_X86_64
  518: static const int gpr_map[16] = {
  519:     R_EAX, R_EBX, R_ECX, R_EDX, R_ESI, R_EDI, R_EBP, R_ESP,
  520:     8, 9, 10, 11, 12, 13, 14, 15
  521: };
  522: #else
  523: #define gpr_map gpr_map32
  524: #endif
  525: static const int gpr_map32[8] = { 0, 1, 2, 3, 4, 5, 6, 7 };
  526: 
  527: #define NUM_CORE_REGS (CPU_NB_REGS * 2 + 25)
  528: 
  529: #define IDX_IP_REG      CPU_NB_REGS
  530: #define IDX_FLAGS_REG   (IDX_IP_REG + 1)
  531: #define IDX_SEG_REGS    (IDX_FLAGS_REG + 1)
  532: #define IDX_FP_REGS     (IDX_SEG_REGS + 6)
  533: #define IDX_XMM_REGS    (IDX_FP_REGS + 16)
  534: #define IDX_MXCSR_REG   (IDX_XMM_REGS + CPU_NB_REGS)
  535: 
  536: static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
  537: {
  538:     if (n < CPU_NB_REGS) {
  539:         if (TARGET_LONG_BITS == 64 && env->hflags & HF_CS64_MASK) {
  540:             GET_REG64(env->regs[gpr_map[n]]);
  541:         } else if (n < CPU_NB_REGS32) {
  542:             GET_REG32(env->regs[gpr_map32[n]]);
  543:         }
  544:     } else if (n >= IDX_FP_REGS && n < IDX_FP_REGS + 8) {
  545: #ifdef USE_X86LDOUBLE
  546:         /* FIXME: byteswap float values - after fixing fpregs layout. */
  547:         memcpy(mem_buf, &env->fpregs[n - IDX_FP_REGS], 10);
  548: #else
  549:         memset(mem_buf, 0, 10);
  550: #endif
  551:         return 10;
  552:     } else if (n >= IDX_XMM_REGS && n < IDX_XMM_REGS + CPU_NB_REGS) {
  553:         n -= IDX_XMM_REGS;
  554:         if (n < CPU_NB_REGS32 ||
  555:             (TARGET_LONG_BITS == 64 && env->hflags & HF_CS64_MASK)) {
  556:             stq_p(mem_buf, env->xmm_regs[n].XMM_Q(0));
  557:             stq_p(mem_buf + 8, env->xmm_regs[n].XMM_Q(1));
  558:             return 16;
  559:         }
  560:     } else {
  561:         switch (n) {
  562:         case IDX_IP_REG:
  563:             if (TARGET_LONG_BITS == 64 && env->hflags & HF_CS64_MASK) {
  564:                 GET_REG64(env->eip);
  565:             } else {
  566:                 GET_REG32(env->eip);
  567:             }
  568:         case IDX_FLAGS_REG: GET_REG32(env->eflags);
  569: 
  570:         case IDX_SEG_REGS:     GET_REG32(env->segs[R_CS].selector);
  571:         case IDX_SEG_REGS + 1: GET_REG32(env->segs[R_SS].selector);
  572:         case IDX_SEG_REGS + 2: GET_REG32(env->segs[R_DS].selector);
  573:         case IDX_SEG_REGS + 3: GET_REG32(env->segs[R_ES].selector);
  574:         case IDX_SEG_REGS + 4: GET_REG32(env->segs[R_FS].selector);
  575:         case IDX_SEG_REGS + 5: GET_REG32(env->segs[R_GS].selector);
  576: 
  577:         case IDX_FP_REGS + 8:  GET_REG32(env->fpuc);
  578:         case IDX_FP_REGS + 9:  GET_REG32((env->fpus & ~0x3800) |
  579:                                          (env->fpstt & 0x7) << 11);
  580:         case IDX_FP_REGS + 10: GET_REG32(0); /* ftag */
  581:         case IDX_FP_REGS + 11: GET_REG32(0); /* fiseg */
  582:         case IDX_FP_REGS + 12: GET_REG32(0); /* fioff */
  583:         case IDX_FP_REGS + 13: GET_REG32(0); /* foseg */
  584:         case IDX_FP_REGS + 14: GET_REG32(0); /* fooff */
  585:         case IDX_FP_REGS + 15: GET_REG32(0); /* fop */
  586: 
  587:         case IDX_MXCSR_REG: GET_REG32(env->mxcsr);
  588:         }
  589:     }
  590:     return 0;
  591: }
  592: 
  593: static int cpu_x86_gdb_load_seg(CPUState *env, int sreg, uint8_t *mem_buf)
  594: {
  595:     uint16_t selector = ldl_p(mem_buf);
  596: 
  597:     if (selector != env->segs[sreg].selector) {
  598: #if defined(CONFIG_USER_ONLY)
  599:         cpu_x86_load_seg(env, sreg, selector);
  600: #else
  601:         unsigned int limit, flags;
  602:         target_ulong base;
  603: 
  604:         if (!(env->cr[0] & CR0_PE_MASK) || (env->eflags & VM_MASK)) {
  605:             base = selector << 4;
  606:             limit = 0xffff;
  607:             flags = 0;
  608:         } else {
  609:             if (!cpu_x86_get_descr_debug(env, selector, &base, &limit, &flags))
  610:                 return 4;
  611:         }
  612:         cpu_x86_load_seg_cache(env, sreg, selector, base, limit, flags);
  613: #endif
  614:     }
  615:     return 4;
  616: }
  617: 
  618: static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
  619: {
  620:     uint32_t tmp;
  621: 
  622:     if (n < CPU_NB_REGS) {
  623:         if (TARGET_LONG_BITS == 64 && env->hflags & HF_CS64_MASK) {
  624:             env->regs[gpr_map[n]] = ldtul_p(mem_buf);
  625:             return sizeof(target_ulong);
  626:         } else if (n < CPU_NB_REGS32) {
  627:             n = gpr_map32[n];
  628:             env->regs[n] &= ~0xffffffffUL;
  629:             env->regs[n] |= (uint32_t)ldl_p(mem_buf);
  630:             return 4;
  631:         }
  632:     } else if (n >= IDX_FP_REGS && n < IDX_FP_REGS + 8) {
  633: #ifdef USE_X86LDOUBLE
  634:         /* FIXME: byteswap float values - after fixing fpregs layout. */
  635:         memcpy(&env->fpregs[n - IDX_FP_REGS], mem_buf, 10);
  636: #endif
  637:         return 10;
  638:     } else if (n >= IDX_XMM_REGS && n < IDX_XMM_REGS + CPU_NB_REGS) {
  639:         n -= IDX_XMM_REGS;
  640:         if (n < CPU_NB_REGS32 ||
  641:             (TARGET_LONG_BITS == 64 && env->hflags & HF_CS64_MASK)) {
  642:             env->xmm_regs[n].XMM_Q(0) = ldq_p(mem_buf);
  643:             env->xmm_regs[n].XMM_Q(1) = ldq_p(mem_buf + 8);
  644:             return 16;
  645:         }
  646:     } else {
  647:         switch (n) {
  648:         case IDX_IP_REG:
  649:             if (TARGET_LONG_BITS == 64 && env->hflags & HF_CS64_MASK) {
  650:                 env->eip = ldq_p(mem_buf);
  651:                 return 8;
  652:             } else {
  653:                 env->eip &= ~0xffffffffUL;
  654:                 env->eip |= (uint32_t)ldl_p(mem_buf);
  655:                 return 4;
  656:             }
  657:         case IDX_FLAGS_REG:
  658:             env->eflags = ldl_p(mem_buf);
  659:             return 4;
  660: 
  661:         case IDX_SEG_REGS:     return cpu_x86_gdb_load_seg(env, R_CS, mem_buf);
  662:         case IDX_SEG_REGS + 1: return cpu_x86_gdb_load_seg(env, R_SS, mem_buf);
  663:         case IDX_SEG_REGS + 2: return cpu_x86_gdb_load_seg(env, R_DS, mem_buf);
  664:         case IDX_SEG_REGS + 3: return cpu_x86_gdb_load_seg(env, R_ES, mem_buf);
  665:         case IDX_SEG_REGS + 4: return cpu_x86_gdb_load_seg(env, R_FS, mem_buf);
  666:         case IDX_SEG_REGS + 5: return cpu_x86_gdb_load_seg(env, R_GS, mem_buf);
  667: 
  668:         case IDX_FP_REGS + 8:
  669:             env->fpuc = ldl_p(mem_buf);
  670:             return 4;
  671:         case IDX_FP_REGS + 9:
  672:             tmp = ldl_p(mem_buf);
  673:             env->fpstt = (tmp >> 11) & 7;
  674:             env->fpus = tmp & ~0x3800;
  675:             return 4;
  676:         case IDX_FP_REGS + 10: /* ftag */  return 4;
  677:         case IDX_FP_REGS + 11: /* fiseg */ return 4;
  678:         case IDX_FP_REGS + 12: /* fioff */ return 4;
  679:         case IDX_FP_REGS + 13: /* foseg */ return 4;
  680:         case IDX_FP_REGS + 14: /* fooff */ return 4;
  681:         case IDX_FP_REGS + 15: /* fop */   return 4;
  682: 
  683:         case IDX_MXCSR_REG:
  684:             env->mxcsr = ldl_p(mem_buf);
  685:             return 4;
  686:         }
  687:     }
  688:     /* Unrecognised register.  */
  689:     return 0;
  690: }
  691: 
  692: #elif defined (TARGET_PPC)
  693: 
  694: /* Old gdb always expects FP registers.  Newer (xml-aware) gdb only
  695:    expects whatever the target description contains.  Due to a
  696:    historical mishap the FP registers appear in between core integer
  697:    regs and PC, MSR, CR, and so forth.  We hack round this by giving the
  698:    FP regs zero size when talking to a newer gdb.  */
  699: #define NUM_CORE_REGS 71
  700: #if defined (TARGET_PPC64)
  701: #define GDB_CORE_XML "power64-core.xml"
  702: #else
  703: #define GDB_CORE_XML "power-core.xml"
  704: #endif
  705: 
  706: static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
  707: {
  708:     if (n < 32) {
  709:         /* gprs */
  710:         GET_REGL(env->gpr[n]);
  711:     } else if (n < 64) {
  712:         /* fprs */
  713:         if (gdb_has_xml)
  714:             return 0;
  715:         stfq_p(mem_buf, env->fpr[n-32]);
  716:         return 8;
  717:     } else {
  718:         switch (n) {
  719:         case 64: GET_REGL(env->nip);
  720:         case 65: GET_REGL(env->msr);
  721:         case 66:
  722:             {
  723:                 uint32_t cr = 0;
  724:                 int i;
  725:                 for (i = 0; i < 8; i++)
  726:                     cr |= env->crf[i] << (32 - ((i + 1) * 4));
  727:                 GET_REG32(cr);
  728:             }
  729:         case 67: GET_REGL(env->lr);
  730:         case 68: GET_REGL(env->ctr);
  731:         case 69: GET_REGL(env->xer);
  732:         case 70:
  733:             {
  734:                 if (gdb_has_xml)
  735:                     return 0;
  736:                 GET_REG32(env->fpscr);
  737:             }
  738:         }
  739:     }
  740:     return 0;
  741: }
  742: 
  743: static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
  744: {
  745:     if (n < 32) {
  746:         /* gprs */
  747:         env->gpr[n] = ldtul_p(mem_buf);
  748:         return sizeof(target_ulong);
  749:     } else if (n < 64) {
  750:         /* fprs */
  751:         if (gdb_has_xml)
  752:             return 0;
  753:         env->fpr[n-32] = ldfq_p(mem_buf);
  754:         return 8;
  755:     } else {
  756:         switch (n) {
  757:         case 64:
  758:             env->nip = ldtul_p(mem_buf);
  759:             return sizeof(target_ulong);
  760:         case 65:
  761:             ppc_store_msr(env, ldtul_p(mem_buf));
  762:             return sizeof(target_ulong);
  763:         case 66:
  764:             {
  765:                 uint32_t cr = ldl_p(mem_buf);
  766:                 int i;
  767:                 for (i = 0; i < 8; i++)
  768:                     env->crf[i] = (cr >> (32 - ((i + 1) * 4))) & 0xF;
  769:                 return 4;
  770:             }
  771:         case 67:
  772:             env->lr = ldtul_p(mem_buf);
  773:             return sizeof(target_ulong);
  774:         case 68:
  775:             env->ctr = ldtul_p(mem_buf);
  776:             return sizeof(target_ulong);
  777:         case 69:
  778:             env->xer = ldtul_p(mem_buf);
  779:             return sizeof(target_ulong);
  780:         case 70:
  781:             /* fpscr */
  782:             if (gdb_has_xml)
  783:                 return 0;
  784:             return 4;
  785:         }
  786:     }
  787:     return 0;
  788: }
  789: 
  790: #elif defined (TARGET_SPARC)
  791: 
  792: #if defined(TARGET_SPARC64) && !defined(TARGET_ABI32)
  793: #define NUM_CORE_REGS 86
  794: #else
  795: #define NUM_CORE_REGS 72
  796: #endif
  797: 
  798: #ifdef TARGET_ABI32
  799: #define GET_REGA(val) GET_REG32(val)
  800: #else
  801: #define GET_REGA(val) GET_REGL(val)
  802: #endif
  803: 
  804: static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
  805: {
  806:     if (n < 8) {
  807:         /* g0..g7 */
  808:         GET_REGA(env->gregs[n]);
  809:     }
  810:     if (n < 32) {
  811:         /* register window */
  812:         GET_REGA(env->regwptr[n - 8]);
  813:     }
  814: #if defined(TARGET_ABI32) || !defined(TARGET_SPARC64)
  815:     if (n < 64) {
  816:         /* fprs */
  817:         if (n & 1) {
  818:             GET_REG32(env->fpr[(n - 32) / 2].l.lower);
  819:         } else {
  820:             GET_REG32(env->fpr[(n - 32) / 2].l.upper);
  821:         }
  822:     }
  823:     /* Y, PSR, WIM, TBR, PC, NPC, FPSR, CPSR */
  824:     switch (n) {
  825:     case 64: GET_REGA(env->y);
  826:     case 65: GET_REGA(cpu_get_psr(env));
  827:     case 66: GET_REGA(env->wim);
  828:     case 67: GET_REGA(env->tbr);
  829:     case 68: GET_REGA(env->pc);
  830:     case 69: GET_REGA(env->npc);
  831:     case 70: GET_REGA(env->fsr);
  832:     case 71: GET_REGA(0); /* csr */
  833:     default: GET_REGA(0);
  834:     }
  835: #else
  836:     if (n < 64) {
  837:         /* f0-f31 */
  838:         if (n & 1) {
  839:             GET_REG32(env->fpr[(n - 32) / 2].l.lower);
  840:         } else {
  841:             GET_REG32(env->fpr[(n - 32) / 2].l.upper);
  842:         }
  843:     }
  844:     if (n < 80) {
  845:         /* f32-f62 (double width, even numbers only) */
  846:         GET_REG64(env->fpr[(n - 32) / 2].ll);
  847:     }
  848:     switch (n) {
  849:     case 80: GET_REGL(env->pc);
  850:     case 81: GET_REGL(env->npc);
  851:     case 82: GET_REGL((cpu_get_ccr(env) << 32) |
  852:                       ((env->asi & 0xff) << 24) |
  853:                       ((env->pstate & 0xfff) << 8) |
  854:                       cpu_get_cwp64(env));
  855:     case 83: GET_REGL(env->fsr);
  856:     case 84: GET_REGL(env->fprs);
  857:     case 85: GET_REGL(env->y);
  858:     }
  859: #endif
  860:     return 0;
  861: }
  862: 
  863: static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
  864: {
  865: #if defined(TARGET_ABI32)
  866:     abi_ulong tmp;
  867: 
  868:     tmp = ldl_p(mem_buf);
  869: #else
  870:     target_ulong tmp;
  871: 
  872:     tmp = ldtul_p(mem_buf);
  873: #endif
  874: 
  875:     if (n < 8) {
  876:         /* g0..g7 */
  877:         env->gregs[n] = tmp;
  878:     } else if (n < 32) {
  879:         /* register window */
  880:         env->regwptr[n - 8] = tmp;
  881:     }
  882: #if defined(TARGET_ABI32) || !defined(TARGET_SPARC64)
  883:     else if (n < 64) {
  884:         /* fprs */
  885:         /* f0-f31 */
  886:         if (n & 1) {
  887:             env->fpr[(n - 32) / 2].l.lower = tmp;
  888:         } else {
  889:             env->fpr[(n - 32) / 2].l.upper = tmp;
  890:         }
  891:     } else {
  892:         /* Y, PSR, WIM, TBR, PC, NPC, FPSR, CPSR */
  893:         switch (n) {
  894:         case 64: env->y = tmp; break;
  895:         case 65: cpu_put_psr(env, tmp); break;
  896:         case 66: env->wim = tmp; break;
  897:         case 67: env->tbr = tmp; break;
  898:         case 68: env->pc = tmp; break;
  899:         case 69: env->npc = tmp; break;
  900:         case 70: env->fsr = tmp; break;
  901:         default: return 0;
  902:         }
  903:     }
  904:     return 4;
  905: #else
  906:     else if (n < 64) {
  907:         /* f0-f31 */
  908:         tmp = ldl_p(mem_buf);
  909:         if (n & 1) {
  910:             env->fpr[(n - 32) / 2].l.lower = tmp;
  911:         } else {
  912:             env->fpr[(n - 32) / 2].l.upper = tmp;
  913:         }
  914:         return 4;
  915:     } else if (n < 80) {
  916:         /* f32-f62 (double width, even numbers only) */
  917:         env->fpr[(n - 32) / 2].ll = tmp;
  918:     } else {
  919:         switch (n) {
  920:         case 80: env->pc = tmp; break;
  921:         case 81: env->npc = tmp; break;
  922:         case 82:
  923:             cpu_put_ccr(env, tmp >> 32);
  924: 	    env->asi = (tmp >> 24) & 0xff;
  925: 	    env->pstate = (tmp >> 8) & 0xfff;
  926:             cpu_put_cwp64(env, tmp & 0xff);
  927: 	    break;
  928:         case 83: env->fsr = tmp; break;
  929:         case 84: env->fprs = tmp; break;
  930:         case 85: env->y = tmp; break;
  931:         default: return 0;
  932:         }
  933:     }
  934:     return 8;
  935: #endif
  936: }
  937: #elif defined (TARGET_ARM)
  938: 
  939: /* Old gdb always expect FPA registers.  Newer (xml-aware) gdb only expect
  940:    whatever the target description contains.  Due to a historical mishap
  941:    the FPA registers appear in between core integer regs and the CPSR.
  942:    We hack round this by giving the FPA regs zero size when talking to a
  943:    newer gdb.  */
  944: #define NUM_CORE_REGS 26
  945: #define GDB_CORE_XML "arm-core.xml"
  946: 
  947: static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
  948: {
  949:     if (n < 16) {
  950:         /* Core integer register.  */
  951:         GET_REG32(env->regs[n]);
  952:     }
  953:     if (n < 24) {
  954:         /* FPA registers.  */
  955:         if (gdb_has_xml)
  956:             return 0;
  957:         memset(mem_buf, 0, 12);
  958:         return 12;
  959:     }
  960:     switch (n) {
  961:     case 24:
  962:         /* FPA status register.  */
  963:         if (gdb_has_xml)
  964:             return 0;
  965:         GET_REG32(0);
  966:     case 25:
  967:         /* CPSR */
  968:         GET_REG32(cpsr_read(env));
  969:     }
  970:     /* Unknown register.  */
  971:     return 0;
  972: }
  973: 
  974: static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
  975: {
  976:     uint32_t tmp;
  977: 
  978:     tmp = ldl_p(mem_buf);
  979: 
  980:     /* Mask out low bit of PC to workaround gdb bugs.  This will probably
  981:        cause problems if we ever implement the Jazelle DBX extensions.  */
  982:     if (n == 15)
  983:         tmp &= ~1;
  984: 
  985:     if (n < 16) {
  986:         /* Core integer register.  */
  987:         env->regs[n] = tmp;
  988:         return 4;
  989:     }
  990:     if (n < 24) { /* 16-23 */
  991:         /* FPA registers (ignored).  */
  992:         if (gdb_has_xml)
  993:             return 0;
  994:         return 12;
  995:     }
  996:     switch (n) {
  997:     case 24:
  998:         /* FPA status register (ignored).  */
  999:         if (gdb_has_xml)
 1000:             return 0;
 1001:         return 4;
 1002:     case 25:
 1003:         /* CPSR */
 1004:         cpsr_write (env, tmp, 0xffffffff);
 1005:         return 4;
 1006:     }
 1007:     /* Unknown register.  */
 1008:     return 0;
 1009: }
 1010: 
 1011: #elif defined (TARGET_M68K)
 1012: 
 1013: #define NUM_CORE_REGS 18
 1014: 
 1015: #define GDB_CORE_XML "cf-core.xml"
 1016: 
 1017: static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
 1018: {
 1019:     if (n < 8) {
 1020:         /* D0-D7 */
 1021:         GET_REG32(env->dregs[n]);
 1022:     } else if (n < 16) {
 1023:         /* A0-A7 */
 1024:         GET_REG32(env->aregs[n - 8]);
 1025:     } else {
 1026: 	switch (n) {
 1027:         case 16: GET_REG32(env->sr);
 1028:         case 17: GET_REG32(env->pc);
 1029:         }
 1030:     }
 1031:     /* FP registers not included here because they vary between
 1032:        ColdFire and m68k.  Use XML bits for these.  */
 1033:     return 0;
 1034: }
 1035: 
 1036: static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
 1037: {
 1038:     uint32_t tmp;
 1039: 
 1040:     tmp = ldl_p(mem_buf);
 1041: 
 1042:     if (n < 8) {
 1043:         /* D0-D7 */
 1044:         env->dregs[n] = tmp;
 1045:     } else if (n < 16) {
 1046:         /* A0-A7 */
 1047:         env->aregs[n - 8] = tmp;
 1048:     } else {
 1049:         switch (n) {
 1050:         case 16: env->sr = tmp; break;
 1051:         case 17: env->pc = tmp; break;
 1052:         default: return 0;
 1053:         }
 1054:     }
 1055:     return 4;
 1056: }
 1057: #elif defined (TARGET_MIPS)
 1058: 
 1059: #define NUM_CORE_REGS 73
 1060: 
 1061: static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
 1062: {
 1063:     if (n < 32) {
 1064:         GET_REGL(env->active_tc.gpr[n]);
 1065:     }
 1066:     if (env->CP0_Config1 & (1 << CP0C1_FP)) {
 1067:         if (n >= 38 && n < 70) {
 1068:             if (env->CP0_Status & (1 << CP0St_FR))
 1069: 		GET_REGL(env->active_fpu.fpr[n - 38].d);
 1070:             else
 1071: 		GET_REGL(env->active_fpu.fpr[n - 38].w[FP_ENDIAN_IDX]);
 1072:         }
 1073:         switch (n) {
 1074:         case 70: GET_REGL((int32_t)env->active_fpu.fcr31);
 1075:         case 71: GET_REGL((int32_t)env->active_fpu.fcr0);
 1076:         }
 1077:     }
 1078:     switch (n) {
 1079:     case 32: GET_REGL((int32_t)env->CP0_Status);
 1080:     case 33: GET_REGL(env->active_tc.LO[0]);
 1081:     case 34: GET_REGL(env->active_tc.HI[0]);
 1082:     case 35: GET_REGL(env->CP0_BadVAddr);
 1083:     case 36: GET_REGL((int32_t)env->CP0_Cause);
 1084:     case 37: GET_REGL(env->active_tc.PC | !!(env->hflags & MIPS_HFLAG_M16));
 1085:     case 72: GET_REGL(0); /* fp */
 1086:     case 89: GET_REGL((int32_t)env->CP0_PRid);
 1087:     }
 1088:     if (n >= 73 && n <= 88) {
 1089: 	/* 16 embedded regs.  */
 1090: 	GET_REGL(0);
 1091:     }
 1092: 
 1093:     return 0;
 1094: }
 1095: 
 1096: /* convert MIPS rounding mode in FCR31 to IEEE library */
 1097: static unsigned int ieee_rm[] =
 1098:   {
 1099:     float_round_nearest_even,
 1100:     float_round_to_zero,
 1101:     float_round_up,
 1102:     float_round_down
 1103:   };
 1104: #define RESTORE_ROUNDING_MODE \
 1105:     set_float_rounding_mode(ieee_rm[env->active_fpu.fcr31 & 3], &env->active_fpu.fp_status)
 1106: 
 1107: static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
 1108: {
 1109:     target_ulong tmp;
 1110: 
 1111:     tmp = ldtul_p(mem_buf);
 1112: 
 1113:     if (n < 32) {
 1114:         env->active_tc.gpr[n] = tmp;
 1115:         return sizeof(target_ulong);
 1116:     }
 1117:     if (env->CP0_Config1 & (1 << CP0C1_FP)
 1118:             && n >= 38 && n < 73) {
 1119:         if (n < 70) {
 1120:             if (env->CP0_Status & (1 << CP0St_FR))
 1121:               env->active_fpu.fpr[n - 38].d = tmp;
 1122:             else
 1123:               env->active_fpu.fpr[n - 38].w[FP_ENDIAN_IDX] = tmp;
 1124:         }
 1125:         switch (n) {
 1126:         case 70:
 1127:             env->active_fpu.fcr31 = tmp & 0xFF83FFFF;
 1128:             /* set rounding mode */
 1129:             RESTORE_ROUNDING_MODE;
 1130:             break;
 1131:         case 71: env->active_fpu.fcr0 = tmp; break;
 1132:         }
 1133:         return sizeof(target_ulong);
 1134:     }
 1135:     switch (n) {
 1136:     case 32: env->CP0_Status = tmp; break;
 1137:     case 33: env->active_tc.LO[0] = tmp; break;
 1138:     case 34: env->active_tc.HI[0] = tmp; break;
 1139:     case 35: env->CP0_BadVAddr = tmp; break;
 1140:     case 36: env->CP0_Cause = tmp; break;
 1141:     case 37:
 1142:         env->active_tc.PC = tmp & ~(target_ulong)1;
 1143:         if (tmp & 1) {
 1144:             env->hflags |= MIPS_HFLAG_M16;
 1145:         } else {
 1146:             env->hflags &= ~(MIPS_HFLAG_M16);
 1147:         }
 1148:         break;
 1149:     case 72: /* fp, ignored */ break;
 1150:     default: 
 1151: 	if (n > 89)
 1152: 	    return 0;
 1153: 	/* Other registers are readonly.  Ignore writes.  */
 1154: 	break;
 1155:     }
 1156: 
 1157:     return sizeof(target_ulong);
 1158: }
 1159: #elif defined (TARGET_SH4)
 1160: 
 1161: /* Hint: Use "set architecture sh4" in GDB to see fpu registers */
 1162: /* FIXME: We should use XML for this.  */
 1163: 
 1164: #define NUM_CORE_REGS 59
 1165: 
 1166: static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
 1167: {
 1168:     if (n < 8) {
 1169:         if ((env->sr & (SR_MD | SR_RB)) == (SR_MD | SR_RB)) {
 1170:             GET_REGL(env->gregs[n + 16]);
 1171:         } else {
 1172:             GET_REGL(env->gregs[n]);
 1173:         }
 1174:     } else if (n < 16) {
 1175:         GET_REGL(env->gregs[n]);
 1176:     } else if (n >= 25 && n < 41) {
 1177: 	GET_REGL(env->fregs[(n - 25) + ((env->fpscr & FPSCR_FR) ? 16 : 0)]);
 1178:     } else if (n >= 43 && n < 51) {
 1179: 	GET_REGL(env->gregs[n - 43]);
 1180:     } else if (n >= 51 && n < 59) {
 1181: 	GET_REGL(env->gregs[n - (51 - 16)]);
 1182:     }
 1183:     switch (n) {
 1184:     case 16: GET_REGL(env->pc);
 1185:     case 17: GET_REGL(env->pr);
 1186:     case 18: GET_REGL(env->gbr);
 1187:     case 19: GET_REGL(env->vbr);
 1188:     case 20: GET_REGL(env->mach);
 1189:     case 21: GET_REGL(env->macl);
 1190:     case 22: GET_REGL(env->sr);
 1191:     case 23: GET_REGL(env->fpul);
 1192:     case 24: GET_REGL(env->fpscr);
 1193:     case 41: GET_REGL(env->ssr);
 1194:     case 42: GET_REGL(env->spc);
 1195:     }
 1196: 
 1197:     return 0;
 1198: }
 1199: 
 1200: static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
 1201: {
 1202:     uint32_t tmp;
 1203: 
 1204:     tmp = ldl_p(mem_buf);
 1205: 
 1206:     if (n < 8) {
 1207:         if ((env->sr & (SR_MD | SR_RB)) == (SR_MD | SR_RB)) {
 1208:             env->gregs[n + 16] = tmp;
 1209:         } else {
 1210:             env->gregs[n] = tmp;
 1211:         }
 1212: 	return 4;
 1213:     } else if (n < 16) {
 1214:         env->gregs[n] = tmp;
 1215: 	return 4;
 1216:     } else if (n >= 25 && n < 41) {
 1217: 	env->fregs[(n - 25) + ((env->fpscr & FPSCR_FR) ? 16 : 0)] = tmp;
 1218: 	return 4;
 1219:     } else if (n >= 43 && n < 51) {
 1220: 	env->gregs[n - 43] = tmp;
 1221: 	return 4;
 1222:     } else if (n >= 51 && n < 59) {
 1223: 	env->gregs[n - (51 - 16)] = tmp;
 1224: 	return 4;
 1225:     }
 1226:     switch (n) {
 1227:     case 16: env->pc = tmp; break;
 1228:     case 17: env->pr = tmp; break;
 1229:     case 18: env->gbr = tmp; break;
 1230:     case 19: env->vbr = tmp; break;
 1231:     case 20: env->mach = tmp; break;
 1232:     case 21: env->macl = tmp; break;
 1233:     case 22: env->sr = tmp; break;
 1234:     case 23: env->fpul = tmp; break;
 1235:     case 24: env->fpscr = tmp; break;
 1236:     case 41: env->ssr = tmp; break;
 1237:     case 42: env->spc = tmp; break;
 1238:     default: return 0;
 1239:     }
 1240: 
 1241:     return 4;
 1242: }
 1243: #elif defined (TARGET_MICROBLAZE)
 1244: 
 1245: #define NUM_CORE_REGS (32 + 5)
 1246: 
 1247: static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
 1248: {
 1249:     if (n < 32) {
 1250: 	GET_REG32(env->regs[n]);
 1251:     } else {
 1252: 	GET_REG32(env->sregs[n - 32]);
 1253:     }
 1254:     return 0;
 1255: }
 1256: 
 1257: static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
 1258: {
 1259:     uint32_t tmp;
 1260: 
 1261:     if (n > NUM_CORE_REGS)
 1262: 	return 0;
 1263: 
 1264:     tmp = ldl_p(mem_buf);
 1265: 
 1266:     if (n < 32) {
 1267: 	env->regs[n] = tmp;
 1268:     } else {
 1269: 	env->sregs[n - 32] = tmp;
 1270:     }
 1271:     return 4;
 1272: }
 1273: #elif defined (TARGET_CRIS)
 1274: 
 1275: #define NUM_CORE_REGS 49
 1276: 
 1277: static int
 1278: read_register_crisv10(CPUState *env, uint8_t *mem_buf, int n)
 1279: {
 1280:     if (n < 15) {
 1281:         GET_REG32(env->regs[n]);
 1282:     }
 1283: 
 1284:     if (n == 15) {
 1285:         GET_REG32(env->pc);
 1286:     }
 1287: 
 1288:     if (n < 32) {
 1289:         switch (n) {
 1290:         case 16:
 1291:             GET_REG8(env->pregs[n - 16]);
 1292:             break;
 1293:         case 17:
 1294:             GET_REG8(env->pregs[n - 16]);
 1295:             break;
 1296:         case 20:
 1297:         case 21:
 1298:             GET_REG16(env->pregs[n - 16]);
 1299:             break;
 1300:         default:
 1301:             if (n >= 23) {
 1302:                 GET_REG32(env->pregs[n - 16]);
 1303:             }
 1304:             break;
 1305:         }
 1306:     }
 1307:     return 0;
 1308: }
 1309: 
 1310: static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
 1311: {
 1312:     uint8_t srs;
 1313: 
 1314:     if (env->pregs[PR_VR] < 32)
 1315:         return read_register_crisv10(env, mem_buf, n);
 1316: 
 1317:     srs = env->pregs[PR_SRS];
 1318:     if (n < 16) {
 1319: 	GET_REG32(env->regs[n]);
 1320:     }
 1321: 
 1322:     if (n >= 21 && n < 32) {
 1323: 	GET_REG32(env->pregs[n - 16]);
 1324:     }
 1325:     if (n >= 33 && n < 49) {
 1326: 	GET_REG32(env->sregs[srs][n - 33]);
 1327:     }
 1328:     switch (n) {
 1329:     case 16: GET_REG8(env->pregs[0]);
 1330:     case 17: GET_REG8(env->pregs[1]);
 1331:     case 18: GET_REG32(env->pregs[2]);
 1332:     case 19: GET_REG8(srs);
 1333:     case 20: GET_REG16(env->pregs[4]);
 1334:     case 32: GET_REG32(env->pc);
 1335:     }
 1336: 
 1337:     return 0;
 1338: }
 1339: 
 1340: static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
 1341: {
 1342:     uint32_t tmp;
 1343: 
 1344:     if (n > 49)
 1345: 	return 0;
 1346: 
 1347:     tmp = ldl_p(mem_buf);
 1348: 
 1349:     if (n < 16) {
 1350: 	env->regs[n] = tmp;
 1351:     }
 1352: 
 1353:     if (n >= 21 && n < 32) {
 1354: 	env->pregs[n - 16] = tmp;
 1355:     }
 1356: 
 1357:     /* FIXME: Should support function regs be writable?  */
 1358:     switch (n) {
 1359:     case 16: return 1;
 1360:     case 17: return 1;
 1361:     case 18: env->pregs[PR_PID] = tmp; break;
 1362:     case 19: return 1;
 1363:     case 20: return 2;
 1364:     case 32: env->pc = tmp; break;
 1365:     }
 1366: 
 1367:     return 4;
 1368: }
 1369: #elif defined (TARGET_ALPHA)
 1370: 
 1371: #define NUM_CORE_REGS 67
 1372: 
 1373: static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
 1374: {
 1375:     uint64_t val;
 1376:     CPU_DoubleU d;
 1377: 
 1378:     switch (n) {
 1379:     case 0 ... 30:
 1380:         val = env->ir[n];
 1381:         break;
 1382:     case 32 ... 62:
 1383:         d.d = env->fir[n - 32];
 1384:         val = d.ll;
 1385:         break;
 1386:     case 63:
 1387:         val = cpu_alpha_load_fpcr(env);
 1388:         break;
 1389:     case 64:
 1390:         val = env->pc;
 1391:         break;
 1392:     case 66:
 1393:         val = env->unique;
 1394:         break;
 1395:     case 31:
 1396:     case 65:
 1397:         /* 31 really is the zero register; 65 is unassigned in the
 1398:            gdb protocol, but is still required to occupy 8 bytes. */
 1399:         val = 0;
 1400:         break;
 1401:     default:
 1402:         return 0;
 1403:     }
 1404:     GET_REGL(val);
 1405: }
 1406: 
 1407: static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
 1408: {
 1409:     target_ulong tmp = ldtul_p(mem_buf);
 1410:     CPU_DoubleU d;
 1411: 
 1412:     switch (n) {
 1413:     case 0 ... 30:
 1414:         env->ir[n] = tmp;
 1415:         break;
 1416:     case 32 ... 62:
 1417:         d.ll = tmp;
 1418:         env->fir[n - 32] = d.d;
 1419:         break;
 1420:     case 63:
 1421:         cpu_alpha_store_fpcr(env, tmp);
 1422:         break;
 1423:     case 64:
 1424:         env->pc = tmp;
 1425:         break;
 1426:     case 66:
 1427:         env->unique = tmp;
 1428:         break;
 1429:     case 31:
 1430:     case 65:
 1431:         /* 31 really is the zero register; 65 is unassigned in the
 1432:            gdb protocol, but is still required to occupy 8 bytes. */
 1433:         break;
 1434:     default:
 1435:         return 0;
 1436:     }
 1437:     return 8;
 1438: }
 1439: #elif defined (TARGET_S390X)
 1440: 
 1441: #define NUM_CORE_REGS S390_NUM_TOTAL_REGS
 1442: 
 1443: static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
 1444: {
 1445:     switch (n) {
 1446:         case S390_PSWM_REGNUM: GET_REGL(env->psw.mask); break;
 1447:         case S390_PSWA_REGNUM: GET_REGL(env->psw.addr); break;
 1448:         case S390_R0_REGNUM ... S390_R15_REGNUM:
 1449:             GET_REGL(env->regs[n-S390_R0_REGNUM]); break;
 1450:         case S390_A0_REGNUM ... S390_A15_REGNUM:
 1451:             GET_REG32(env->aregs[n-S390_A0_REGNUM]); break;
 1452:         case S390_FPC_REGNUM: GET_REG32(env->fpc); break;
 1453:         case S390_F0_REGNUM ... S390_F15_REGNUM:
 1454:             /* XXX */
 1455:             break;
 1456:         case S390_PC_REGNUM: GET_REGL(env->psw.addr); break;
 1457:         case S390_CC_REGNUM:
 1458:             env->cc_op = calc_cc(env, env->cc_op, env->cc_src, env->cc_dst,
 1459:                                  env->cc_vr);
 1460:             GET_REG32(env->cc_op);
 1461:             break;
 1462:     }
 1463: 
 1464:     return 0;
 1465: }
 1466: 
 1467: static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
 1468: {
 1469:     target_ulong tmpl;
 1470:     uint32_t tmp32;
 1471:     int r = 8;
 1472:     tmpl = ldtul_p(mem_buf);
 1473:     tmp32 = ldl_p(mem_buf);
 1474: 
 1475:     switch (n) {
 1476:         case S390_PSWM_REGNUM: env->psw.mask = tmpl; break;
 1477:         case S390_PSWA_REGNUM: env->psw.addr = tmpl; break;
 1478:         case S390_R0_REGNUM ... S390_R15_REGNUM:
 1479:             env->regs[n-S390_R0_REGNUM] = tmpl; break;
 1480:         case S390_A0_REGNUM ... S390_A15_REGNUM:
 1481:             env->aregs[n-S390_A0_REGNUM] = tmp32; r=4; break;
 1482:         case S390_FPC_REGNUM: env->fpc = tmp32; r=4; break;
 1483:         case S390_F0_REGNUM ... S390_F15_REGNUM:
 1484:             /* XXX */
 1485:             break;
 1486:         case S390_PC_REGNUM: env->psw.addr = tmpl; break;
 1487:         case S390_CC_REGNUM: env->cc_op = tmp32; r=4; break;
 1488:     }
 1489: 
 1490:     return r;
 1491: }
 1492: #elif defined (TARGET_LM32)
 1493: 
 1494: #include "hw/lm32_pic.h"
 1495: #define NUM_CORE_REGS (32 + 7)
 1496: 
 1497: static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
 1498: {
 1499:     if (n < 32) {
 1500:         GET_REG32(env->regs[n]);
 1501:     } else {
 1502:         switch (n) {
 1503:         case 32:
 1504:             GET_REG32(env->pc);
 1505:             break;
 1506:         /* FIXME: put in right exception ID */
 1507:         case 33:
 1508:             GET_REG32(0);
 1509:             break;
 1510:         case 34:
 1511:             GET_REG32(env->eba);
 1512:             break;
 1513:         case 35:
 1514:             GET_REG32(env->deba);
 1515:             break;
 1516:         case 36:
 1517:             GET_REG32(env->ie);
 1518:             break;
 1519:         case 37:
 1520:             GET_REG32(lm32_pic_get_im(env->pic_state));
 1521:             break;
 1522:         case 38:
 1523:             GET_REG32(lm32_pic_get_ip(env->pic_state));
 1524:             break;
 1525:         }
 1526:     }
 1527:     return 0;
 1528: }
 1529: 
 1530: static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
 1531: {
 1532:     uint32_t tmp;
 1533: 
 1534:     if (n > NUM_CORE_REGS) {
 1535:         return 0;
 1536:     }
 1537: 
 1538:     tmp = ldl_p(mem_buf);
 1539: 
 1540:     if (n < 32) {
 1541:         env->regs[n] = tmp;
 1542:     } else {
 1543:         switch (n) {
 1544:         case 32:
 1545:             env->pc = tmp;
 1546:             break;
 1547:         case 34:
 1548:             env->eba = tmp;
 1549:             break;
 1550:         case 35:
 1551:             env->deba = tmp;
 1552:             break;
 1553:         case 36:
 1554:             env->ie = tmp;
 1555:             break;
 1556:         case 37:
 1557:             lm32_pic_set_im(env->pic_state, tmp);
 1558:             break;
 1559:         case 38:
 1560:             lm32_pic_set_ip(env->pic_state, tmp);
 1561:             break;
 1562:         }
 1563:     }
 1564:     return 4;
 1565: }
 1566: #elif defined(TARGET_XTENSA)
 1567: 
 1568: /* Use num_core_regs to see only non-privileged registers in an unmodified gdb.
 1569:  * Use num_regs to see all registers. gdb modification is required for that:
 1570:  * reset bit 0 in the 'flags' field of the registers definitions in the
 1571:  * gdb/xtensa-config.c inside gdb source tree or inside gdb overlay.
 1572:  */
 1573: #define NUM_CORE_REGS (env->config->gdb_regmap.num_regs)
 1574: #define num_g_regs NUM_CORE_REGS
 1575: 
 1576: static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
 1577: {
 1578:     const XtensaGdbReg *reg = env->config->gdb_regmap.reg + n;
 1579: 
 1580:     if (n < 0 || n >= env->config->gdb_regmap.num_regs) {
 1581:         return 0;
 1582:     }
 1583: 
 1584:     switch (reg->type) {
 1585:     case 9: /*pc*/
 1586:         GET_REG32(env->pc);
 1587:         break;
 1588: 
 1589:     case 1: /*ar*/
 1590:         xtensa_sync_phys_from_window(env);
 1591:         GET_REG32(env->phys_regs[(reg->targno & 0xff) % env->config->nareg]);
 1592:         break;
 1593: 
 1594:     case 2: /*SR*/
 1595:         GET_REG32(env->sregs[reg->targno & 0xff]);
 1596:         break;
 1597: 
 1598:     case 3: /*UR*/
 1599:         GET_REG32(env->uregs[reg->targno & 0xff]);
 1600:         break;
 1601: 
 1602:     case 8: /*a*/
 1603:         GET_REG32(env->regs[reg->targno & 0x0f]);
 1604:         break;
 1605: 
 1606:     default:
 1607:         qemu_log("%s from reg %d of unsupported type %d\n",
 1608:                 __func__, n, reg->type);
 1609:         return 0;
 1610:     }
 1611: }
 1612: 
 1613: static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
 1614: {
 1615:     uint32_t tmp;
 1616:     const XtensaGdbReg *reg = env->config->gdb_regmap.reg + n;
 1617: 
 1618:     if (n < 0 || n >= env->config->gdb_regmap.num_regs) {
 1619:         return 0;
 1620:     }
 1621: 
 1622:     tmp = ldl_p(mem_buf);
 1623: 
 1624:     switch (reg->type) {
 1625:     case 9: /*pc*/
 1626:         env->pc = tmp;
 1627:         break;
 1628: 
 1629:     case 1: /*ar*/
 1630:         env->phys_regs[(reg->targno & 0xff) % env->config->nareg] = tmp;
 1631:         xtensa_sync_window_from_phys(env);
 1632:         break;
 1633: 
 1634:     case 2: /*SR*/
 1635:         env->sregs[reg->targno & 0xff] = tmp;
 1636:         break;
 1637: 
 1638:     case 3: /*UR*/
 1639:         env->uregs[reg->targno & 0xff] = tmp;
 1640:         break;
 1641: 
 1642:     case 8: /*a*/
 1643:         env->regs[reg->targno & 0x0f] = tmp;
 1644:         break;
 1645: 
 1646:     default:
 1647:         qemu_log("%s to reg %d of unsupported type %d\n",
 1648:                 __func__, n, reg->type);
 1649:         return 0;
 1650:     }
 1651: 
 1652:     return 4;
 1653: }
 1654: #else
 1655: 
 1656: #define NUM_CORE_REGS 0
 1657: 
 1658: static int cpu_gdb_read_register(CPUState *env, uint8_t *mem_buf, int n)
 1659: {
 1660:     return 0;
 1661: }
 1662: 
 1663: static int cpu_gdb_write_register(CPUState *env, uint8_t *mem_buf, int n)
 1664: {
 1665:     return 0;
 1666: }
 1667: 
 1668: #endif
 1669: 
 1670: #if !defined(TARGET_XTENSA)
 1671: static int num_g_regs = NUM_CORE_REGS;
 1672: #endif
 1673: 
 1674: #ifdef GDB_CORE_XML
 1675: /* Encode data using the encoding for 'x' packets.  */
 1676: static int memtox(char *buf, const char *mem, int len)
 1677: {
 1678:     char *p = buf;
 1679:     char c;
 1680: 
 1681:     while (len--) {
 1682:         c = *(mem++);
 1683:         switch (c) {
 1684:         case '#': case '$': case '*': case '}':
 1685:             *(p++) = '}';
 1686:             *(p++) = c ^ 0x20;
 1687:             break;
 1688:         default:
 1689:             *(p++) = c;
 1690:             break;
 1691:         }
 1692:     }
 1693:     return p - buf;
 1694: }
 1695: 
 1696: static const char *get_feature_xml(const char *p, const char **newp)
 1697: {
 1698:     size_t len;
 1699:     int i;
 1700:     const char *name;
 1701:     static char target_xml[1024];
 1702: 
 1703:     len = 0;
 1704:     while (p[len] && p[len] != ':')
 1705:         len++;
 1706:     *newp = p + len;
 1707: 
 1708:     name = NULL;
 1709:     if (strncmp(p, "target.xml", len) == 0) {
 1710:         /* Generate the XML description for this CPU.  */
 1711:         if (!target_xml[0]) {
 1712:             GDBRegisterState *r;
 1713: 
 1714:             snprintf(target_xml, sizeof(target_xml),
 1715:                      "<?xml version=\"1.0\"?>"
 1716:                      "<!DOCTYPE target SYSTEM \"gdb-target.dtd\">"
 1717:                      "<target>"
 1718:                      "<xi:include href=\"%s\"/>",
 1719:                      GDB_CORE_XML);
 1720: 
 1721:             for (r = first_cpu->gdb_regs; r; r = r->next) {
 1722:                 pstrcat(target_xml, sizeof(target_xml), "<xi:include href=\"");
 1723:                 pstrcat(target_xml, sizeof(target_xml), r->xml);
 1724:                 pstrcat(target_xml, sizeof(target_xml), "\"/>");
 1725:             }
 1726:             pstrcat(target_xml, sizeof(target_xml), "</target>");
 1727:         }
 1728:         return target_xml;
 1729:     }
 1730:     for (i = 0; ; i++) {
 1731:         name = xml_builtin[i][0];
 1732:         if (!name || (strncmp(name, p, len) == 0 && strlen(name) == len))
 1733:             break;
 1734:     }
 1735:     return name ? xml_builtin[i][1] : NULL;
 1736: }
 1737: #endif
 1738: 
 1739: static int gdb_read_register(CPUState *env, uint8_t *mem_buf, int reg)
 1740: {
 1741:     GDBRegisterState *r;
 1742: 
 1743:     if (reg < NUM_CORE_REGS)
 1744:         return cpu_gdb_read_register(env, mem_buf, reg);
 1745: 
 1746:     for (r = env->gdb_regs; r; r = r->next) {
 1747:         if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
 1748:             return r->get_reg(env, mem_buf, reg - r->base_reg);
 1749:         }
 1750:     }
 1751:     return 0;
 1752: }
 1753: 
 1754: static int gdb_write_register(CPUState *env, uint8_t *mem_buf, int reg)
 1755: {
 1756:     GDBRegisterState *r;
 1757: 
 1758:     if (reg < NUM_CORE_REGS)
 1759:         return cpu_gdb_write_register(env, mem_buf, reg);
 1760: 
 1761:     for (r = env->gdb_regs; r; r = r->next) {
 1762:         if (r->base_reg <= reg && reg < r->base_reg + r->num_regs) {
 1763:             return r->set_reg(env, mem_buf, reg - r->base_reg);
 1764:         }
 1765:     }
 1766:     return 0;
 1767: }
 1768: 
 1769: #if !defined(TARGET_XTENSA)
 1770: /* Register a supplemental set of CPU registers.  If g_pos is nonzero it
 1771:    specifies the first register number and these registers are included in
 1772:    a standard "g" packet.  Direction is relative to gdb, i.e. get_reg is
 1773:    gdb reading a CPU register, and set_reg is gdb modifying a CPU register.
 1774:  */
 1775: 
 1776: void gdb_register_coprocessor(CPUState * env,
 1777:                              gdb_reg_cb get_reg, gdb_reg_cb set_reg,
 1778:                              int num_regs, const char *xml, int g_pos)
 1779: {
 1780:     GDBRegisterState *s;
 1781:     GDBRegisterState **p;
 1782:     static int last_reg = NUM_CORE_REGS;
 1783: 
 1784:     p = &env->gdb_regs;
 1785:     while (*p) {
 1786:         /* Check for duplicates.  */
 1787:         if (strcmp((*p)->xml, xml) == 0)
 1788:             return;
 1789:         p = &(*p)->next;
 1790:     }
 1791: 
 1792:     s = g_new0(GDBRegisterState, 1);
 1793:     s->base_reg = last_reg;
 1794:     s->num_regs = num_regs;
 1795:     s->get_reg = get_reg;
 1796:     s->set_reg = set_reg;
 1797:     s->xml = xml;
 1798: 
 1799:     /* Add to end of list.  */
 1800:     last_reg += num_regs;
 1801:     *p = s;
 1802:     if (g_pos) {
 1803:         if (g_pos != s->base_reg) {
 1804:             fprintf(stderr, "Error: Bad gdb register numbering for '%s'\n"
 1805:                     "Expected %d got %d\n", xml, g_pos, s->base_reg);
 1806:         } else {
 1807:             num_g_regs = last_reg;
 1808:         }
 1809:     }
 1810: }
 1811: #endif
 1812: 
 1813: #ifndef CONFIG_USER_ONLY
 1814: static const int xlat_gdb_type[] = {
 1815:     [GDB_WATCHPOINT_WRITE]  = BP_GDB | BP_MEM_WRITE,
 1816:     [GDB_WATCHPOINT_READ]   = BP_GDB | BP_MEM_READ,
 1817:     [GDB_WATCHPOINT_ACCESS] = BP_GDB | BP_MEM_ACCESS,
 1818: };
 1819: #endif
 1820: 
 1821: static int gdb_breakpoint_insert(target_ulong addr, target_ulong len, int type)
 1822: {
 1823:     CPUState *env;
 1824:     int err = 0;
 1825: 
 1826:     if (kvm_enabled())
 1827:         return kvm_insert_breakpoint(gdbserver_state->c_cpu, addr, len, type);
 1828: 
 1829:     switch (type) {
 1830:     case GDB_BREAKPOINT_SW:
 1831:     case GDB_BREAKPOINT_HW:
 1832:         for (env = first_cpu; env != NULL; env = env->next_cpu) {
 1833:             err = cpu_breakpoint_insert(env, addr, BP_GDB, NULL);
 1834:             if (err)
 1835:                 break;
 1836:         }
 1837:         return err;
 1838: #ifndef CONFIG_USER_ONLY
 1839:     case GDB_WATCHPOINT_WRITE:
 1840:     case GDB_WATCHPOINT_READ:
 1841:     case GDB_WATCHPOINT_ACCESS:
 1842:         for (env = first_cpu; env != NULL; env = env->next_cpu) {
 1843:             err = cpu_watchpoint_insert(env, addr, len, xlat_gdb_type[type],
 1844:                                         NULL);
 1845:             if (err)
 1846:                 break;
 1847:         }
 1848:         return err;
 1849: #endif
 1850:     default:
 1851:         return -ENOSYS;
 1852:     }
 1853: }
 1854: 
 1855: static int gdb_breakpoint_remove(target_ulong addr, target_ulong len, int type)
 1856: {
 1857:     CPUState *env;
 1858:     int err = 0;
 1859: 
 1860:     if (kvm_enabled())
 1861:         return kvm_remove_breakpoint(gdbserver_state->c_cpu, addr, len, type);
 1862: 
 1863:     switch (type) {
 1864:     case GDB_BREAKPOINT_SW:
 1865:     case GDB_BREAKPOINT_HW:
 1866:         for (env = first_cpu; env != NULL; env = env->next_cpu) {
 1867:             err = cpu_breakpoint_remove(env, addr, BP_GDB);
 1868:             if (err)
 1869:                 break;
 1870:         }
 1871:         return err;
 1872: #ifndef CONFIG_USER_ONLY
 1873:     case GDB_WATCHPOINT_WRITE:
 1874:     case GDB_WATCHPOINT_READ:
 1875:     case GDB_WATCHPOINT_ACCESS:
 1876:         for (env = first_cpu; env != NULL; env = env->next_cpu) {
 1877:             err = cpu_watchpoint_remove(env, addr, len, xlat_gdb_type[type]);
 1878:             if (err)
 1879:                 break;
 1880:         }
 1881:         return err;
 1882: #endif
 1883:     default:
 1884:         return -ENOSYS;
 1885:     }
 1886: }
 1887: 
 1888: static void gdb_breakpoint_remove_all(void)
 1889: {
 1890:     CPUState *env;
 1891: 
 1892:     if (kvm_enabled()) {
 1893:         kvm_remove_all_breakpoints(gdbserver_state->c_cpu);
 1894:         return;
 1895:     }
 1896: 
 1897:     for (env = first_cpu; env != NULL; env = env->next_cpu) {
 1898:         cpu_breakpoint_remove_all(env, BP_GDB);
 1899: #ifndef CONFIG_USER_ONLY
 1900:         cpu_watchpoint_remove_all(env, BP_GDB);
 1901: #endif
 1902:     }
 1903: }
 1904: 
 1905: static void gdb_set_cpu_pc(GDBState *s, target_ulong pc)
 1906: {
 1907: #if defined(TARGET_I386)
 1908:     cpu_synchronize_state(s->c_cpu);
 1909:     s->c_cpu->eip = pc;
 1910: #elif defined (TARGET_PPC)
 1911:     s->c_cpu->nip = pc;
 1912: #elif defined (TARGET_SPARC)
 1913:     s->c_cpu->pc = pc;
 1914:     s->c_cpu->npc = pc + 4;
 1915: #elif defined (TARGET_ARM)
 1916:     s->c_cpu->regs[15] = pc;
 1917: #elif defined (TARGET_SH4)
 1918:     s->c_cpu->pc = pc;
 1919: #elif defined (TARGET_MIPS)
 1920:     s->c_cpu->active_tc.PC = pc & ~(target_ulong)1;
 1921:     if (pc & 1) {
 1922:         s->c_cpu->hflags |= MIPS_HFLAG_M16;
 1923:     } else {
 1924:         s->c_cpu->hflags &= ~(MIPS_HFLAG_M16);
 1925:     }
 1926: #elif defined (TARGET_MICROBLAZE)
 1927:     s->c_cpu->sregs[SR_PC] = pc;
 1928: #elif defined (TARGET_CRIS)
 1929:     s->c_cpu->pc = pc;
 1930: #elif defined (TARGET_ALPHA)
 1931:     s->c_cpu->pc = pc;
 1932: #elif defined (TARGET_S390X)
 1933:     cpu_synchronize_state(s->c_cpu);
 1934:     s->c_cpu->psw.addr = pc;
 1935: #elif defined (TARGET_LM32)
 1936:     s->c_cpu->pc = pc;
 1937: #elif defined(TARGET_XTENSA)
 1938:     s->c_cpu->pc = pc;
 1939: #endif
 1940: }
 1941: 
 1942: static inline int gdb_id(CPUState *env)
 1943: {
 1944: #if defined(CONFIG_USER_ONLY) && defined(CONFIG_USE_NPTL)
 1945:     return env->host_tid;
 1946: #else
 1947:     return env->cpu_index + 1;
 1948: #endif
 1949: }
 1950: 
 1951: static CPUState *find_cpu(uint32_t thread_id)
 1952: {
 1953:     CPUState *env;
 1954: 
 1955:     for (env = first_cpu; env != NULL; env = env->next_cpu) {
 1956:         if (gdb_id(env) == thread_id) {
 1957:             return env;
 1958:         }
 1959:     }
 1960: 
 1961:     return NULL;
 1962: }
 1963: 
 1964: static int gdb_handle_packet(GDBState *s, const char *line_buf)
 1965: {
 1966:     CPUState *env;
 1967:     const char *p;
 1968:     uint32_t thread;
 1969:     int ch, reg_size, type, res;
 1970:     char buf[MAX_PACKET_LENGTH];
 1971:     uint8_t mem_buf[MAX_PACKET_LENGTH];
 1972:     uint8_t *registers;
 1973:     target_ulong addr, len;
 1974: 
 1975: #ifdef DEBUG_GDB
 1976:     printf("command='%s'\n", line_buf);
 1977: #endif
 1978:     p = line_buf;
 1979:     ch = *p++;
 1980:     switch(ch) {
 1981:     case '?':
 1982:         /* TODO: Make this return the correct value for user-mode.  */
 1983:         snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
 1984:                  gdb_id(s->c_cpu));
 1985:         put_packet(s, buf);
 1986:         /* Remove all the breakpoints when this query is issued,
 1987:          * because gdb is doing and initial connect and the state
 1988:          * should be cleaned up.
 1989:          */
 1990:         gdb_breakpoint_remove_all();
 1991:         break;
 1992:     case 'c':
 1993:         if (*p != '\0') {
 1994:             addr = strtoull(p, (char **)&p, 16);
 1995:             gdb_set_cpu_pc(s, addr);
 1996:         }
 1997:         s->signal = 0;
 1998:         gdb_continue(s);
 1999: 	return RS_IDLE;
 2000:     case 'C':
 2001:         s->signal = gdb_signal_to_target (strtoul(p, (char **)&p, 16));
 2002:         if (s->signal == -1)
 2003:             s->signal = 0;
 2004:         gdb_continue(s);
 2005:         return RS_IDLE;
 2006:     case 'v':
 2007:         if (strncmp(p, "Cont", 4) == 0) {
 2008:             int res_signal, res_thread;
 2009: 
 2010:             p += 4;
 2011:             if (*p == '?') {
 2012:                 put_packet(s, "vCont;c;C;s;S");
 2013:                 break;
 2014:             }
 2015:             res = 0;
 2016:             res_signal = 0;
 2017:             res_thread = 0;
 2018:             while (*p) {
 2019:                 int action, signal;
 2020: 
 2021:                 if (*p++ != ';') {
 2022:                     res = 0;
 2023:                     break;
 2024:                 }
 2025:                 action = *p++;
 2026:                 signal = 0;
 2027:                 if (action == 'C' || action == 'S') {
 2028:                     signal = strtoul(p, (char **)&p, 16);
 2029:                 } else if (action != 'c' && action != 's') {
 2030:                     res = 0;
 2031:                     break;
 2032:                 }
 2033:                 thread = 0;
 2034:                 if (*p == ':') {
 2035:                     thread = strtoull(p+1, (char **)&p, 16);
 2036:                 }
 2037:                 action = tolower(action);
 2038:                 if (res == 0 || (res == 'c' && action == 's')) {
 2039:                     res = action;
 2040:                     res_signal = signal;
 2041:                     res_thread = thread;
 2042:                 }
 2043:             }
 2044:             if (res) {
 2045:                 if (res_thread != -1 && res_thread != 0) {
 2046:                     env = find_cpu(res_thread);
 2047:                     if (env == NULL) {
 2048:                         put_packet(s, "E22");
 2049:                         break;
 2050:                     }
 2051:                     s->c_cpu = env;
 2052:                 }
 2053:                 if (res == 's') {
 2054:                     cpu_single_step(s->c_cpu, sstep_flags);
 2055:                 }
 2056:                 s->signal = res_signal;
 2057:                 gdb_continue(s);
 2058:                 return RS_IDLE;
 2059:             }
 2060:             break;
 2061:         } else {
 2062:             goto unknown_command;
 2063:         }
 2064:     case 'k':
 2065:         /* Kill the target */
 2066:         fprintf(stderr, "\nQEMU: Terminated via GDBstub\n");
 2067:         exit(0);
 2068:     case 'D':
 2069:         /* Detach packet */
 2070:         gdb_breakpoint_remove_all();
 2071:         gdb_syscall_mode = GDB_SYS_DISABLED;
 2072:         gdb_continue(s);
 2073:         put_packet(s, "OK");
 2074:         break;
 2075:     case 's':
 2076:         if (*p != '\0') {
 2077:             addr = strtoull(p, (char **)&p, 16);
 2078:             gdb_set_cpu_pc(s, addr);
 2079:         }
 2080:         cpu_single_step(s->c_cpu, sstep_flags);
 2081:         gdb_continue(s);
 2082: 	return RS_IDLE;
 2083:     case 'F':
 2084:         {
 2085:             target_ulong ret;
 2086:             target_ulong err;
 2087: 
 2088:             ret = strtoull(p, (char **)&p, 16);
 2089:             if (*p == ',') {
 2090:                 p++;
 2091:                 err = strtoull(p, (char **)&p, 16);
 2092:             } else {
 2093:                 err = 0;
 2094:             }
 2095:             if (*p == ',')
 2096:                 p++;
 2097:             type = *p;
 2098:             if (gdb_current_syscall_cb)
 2099:                 gdb_current_syscall_cb(s->c_cpu, ret, err);
 2100:             if (type == 'C') {
 2101:                 put_packet(s, "T02");
 2102:             } else {
 2103:                 gdb_continue(s);
 2104:             }
 2105:         }
 2106:         break;
 2107:     case 'g':
 2108:         cpu_synchronize_state(s->g_cpu);
 2109:         env = s->g_cpu;
 2110:         len = 0;
 2111:         for (addr = 0; addr < num_g_regs; addr++) {
 2112:             reg_size = gdb_read_register(s->g_cpu, mem_buf + len, addr);
 2113:             len += reg_size;
 2114:         }
 2115:         memtohex(buf, mem_buf, len);
 2116:         put_packet(s, buf);
 2117:         break;
 2118:     case 'G':
 2119:         cpu_synchronize_state(s->g_cpu);
 2120:         env = s->g_cpu;
 2121:         registers = mem_buf;
 2122:         len = strlen(p) / 2;
 2123:         hextomem((uint8_t *)registers, p, len);
 2124:         for (addr = 0; addr < num_g_regs && len > 0; addr++) {
 2125:             reg_size = gdb_write_register(s->g_cpu, registers, addr);
 2126:             len -= reg_size;
 2127:             registers += reg_size;
 2128:         }
 2129:         put_packet(s, "OK");
 2130:         break;
 2131:     case 'm':
 2132:         addr = strtoull(p, (char **)&p, 16);
 2133:         if (*p == ',')
 2134:             p++;
 2135:         len = strtoull(p, NULL, 16);
 2136:         if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, 0) != 0) {
 2137:             put_packet (s, "E14");
 2138:         } else {
 2139:             memtohex(buf, mem_buf, len);
 2140:             put_packet(s, buf);
 2141:         }
 2142:         break;
 2143:     case 'M':
 2144:         addr = strtoull(p, (char **)&p, 16);
 2145:         if (*p == ',')
 2146:             p++;
 2147:         len = strtoull(p, (char **)&p, 16);
 2148:         if (*p == ':')
 2149:             p++;
 2150:         hextomem(mem_buf, p, len);
 2151:         if (target_memory_rw_debug(s->g_cpu, addr, mem_buf, len, 1) != 0) {
 2152:             put_packet(s, "E14");
 2153:         } else {
 2154:             put_packet(s, "OK");
 2155:         }
 2156:         break;
 2157:     case 'p':
 2158:         /* Older gdb are really dumb, and don't use 'g' if 'p' is avaialable.
 2159:            This works, but can be very slow.  Anything new enough to
 2160:            understand XML also knows how to use this properly.  */
 2161:         if (!gdb_has_xml)
 2162:             goto unknown_command;
 2163:         addr = strtoull(p, (char **)&p, 16);
 2164:         reg_size = gdb_read_register(s->g_cpu, mem_buf, addr);
 2165:         if (reg_size) {
 2166:             memtohex(buf, mem_buf, reg_size);
 2167:             put_packet(s, buf);
 2168:         } else {
 2169:             put_packet(s, "E14");
 2170:         }
 2171:         break;
 2172:     case 'P':
 2173:         if (!gdb_has_xml)
 2174:             goto unknown_command;
 2175:         addr = strtoull(p, (char **)&p, 16);
 2176:         if (*p == '=')
 2177:             p++;
 2178:         reg_size = strlen(p) / 2;
 2179:         hextomem(mem_buf, p, reg_size);
 2180:         gdb_write_register(s->g_cpu, mem_buf, addr);
 2181:         put_packet(s, "OK");
 2182:         break;
 2183:     case 'Z':
 2184:     case 'z':
 2185:         type = strtoul(p, (char **)&p, 16);
 2186:         if (*p == ',')
 2187:             p++;
 2188:         addr = strtoull(p, (char **)&p, 16);
 2189:         if (*p == ',')
 2190:             p++;
 2191:         len = strtoull(p, (char **)&p, 16);
 2192:         if (ch == 'Z')
 2193:             res = gdb_breakpoint_insert(addr, len, type);
 2194:         else
 2195:             res = gdb_breakpoint_remove(addr, len, type);
 2196:         if (res >= 0)
 2197:              put_packet(s, "OK");
 2198:         else if (res == -ENOSYS)
 2199:             put_packet(s, "");
 2200:         else
 2201:             put_packet(s, "E22");
 2202:         break;
 2203:     case 'H':
 2204:         type = *p++;
 2205:         thread = strtoull(p, (char **)&p, 16);
 2206:         if (thread == -1 || thread == 0) {
 2207:             put_packet(s, "OK");
 2208:             break;
 2209:         }
 2210:         env = find_cpu(thread);
 2211:         if (env == NULL) {
 2212:             put_packet(s, "E22");
 2213:             break;
 2214:         }
 2215:         switch (type) {
 2216:         case 'c':
 2217:             s->c_cpu = env;
 2218:             put_packet(s, "OK");
 2219:             break;
 2220:         case 'g':
 2221:             s->g_cpu = env;
 2222:             put_packet(s, "OK");
 2223:             break;
 2224:         default:
 2225:              put_packet(s, "E22");
 2226:              break;
 2227:         }
 2228:         break;
 2229:     case 'T':
 2230:         thread = strtoull(p, (char **)&p, 16);
 2231:         env = find_cpu(thread);
 2232: 
 2233:         if (env != NULL) {
 2234:             put_packet(s, "OK");
 2235:         } else {
 2236:             put_packet(s, "E22");
 2237:         }
 2238:         break;
 2239:     case 'q':
 2240:     case 'Q':
 2241:         /* parse any 'q' packets here */
 2242:         if (!strcmp(p,"qemu.sstepbits")) {
 2243:             /* Query Breakpoint bit definitions */
 2244:             snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
 2245:                      SSTEP_ENABLE,
 2246:                      SSTEP_NOIRQ,
 2247:                      SSTEP_NOTIMER);
 2248:             put_packet(s, buf);
 2249:             break;
 2250:         } else if (strncmp(p,"qemu.sstep",10) == 0) {
 2251:             /* Display or change the sstep_flags */
 2252:             p += 10;
 2253:             if (*p != '=') {
 2254:                 /* Display current setting */
 2255:                 snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
 2256:                 put_packet(s, buf);
 2257:                 break;
 2258:             }
 2259:             p++;
 2260:             type = strtoul(p, (char **)&p, 16);
 2261:             sstep_flags = type;
 2262:             put_packet(s, "OK");
 2263:             break;
 2264:         } else if (strcmp(p,"C") == 0) {
 2265:             /* "Current thread" remains vague in the spec, so always return
 2266:              *  the first CPU (gdb returns the first thread). */
 2267:             put_packet(s, "QC1");
 2268:             break;
 2269:         } else if (strcmp(p,"fThreadInfo") == 0) {
 2270:             s->query_cpu = first_cpu;
 2271:             goto report_cpuinfo;
 2272:         } else if (strcmp(p,"sThreadInfo") == 0) {
 2273:         report_cpuinfo:
 2274:             if (s->query_cpu) {
 2275:                 snprintf(buf, sizeof(buf), "m%x", gdb_id(s->query_cpu));
 2276:                 put_packet(s, buf);
 2277:                 s->query_cpu = s->query_cpu->next_cpu;
 2278:             } else
 2279:                 put_packet(s, "l");
 2280:             break;
 2281:         } else if (strncmp(p,"ThreadExtraInfo,", 16) == 0) {
 2282:             thread = strtoull(p+16, (char **)&p, 16);
 2283:             env = find_cpu(thread);
 2284:             if (env != NULL) {
 2285:                 cpu_synchronize_state(env);
 2286:                 len = snprintf((char *)mem_buf, sizeof(mem_buf),
 2287:                                "CPU#%d [%s]", env->cpu_index,
 2288:                                env->halted ? "halted " : "running");
 2289:                 memtohex(buf, mem_buf, len);
 2290:                 put_packet(s, buf);
 2291:             }
 2292:             break;
 2293:         }
 2294: #ifdef CONFIG_USER_ONLY
 2295:         else if (strncmp(p, "Offsets", 7) == 0) {
 2296:             TaskState *ts = s->c_cpu->opaque;
 2297: 
 2298:             snprintf(buf, sizeof(buf),
 2299:                      "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
 2300:                      ";Bss=" TARGET_ABI_FMT_lx,
 2301:                      ts->info->code_offset,
 2302:                      ts->info->data_offset,
 2303:                      ts->info->data_offset);
 2304:             put_packet(s, buf);
 2305:             break;
 2306:         }
 2307: #else /* !CONFIG_USER_ONLY */
 2308:         else if (strncmp(p, "Rcmd,", 5) == 0) {
 2309:             int len = strlen(p + 5);
 2310: 
 2311:             if ((len % 2) != 0) {
 2312:                 put_packet(s, "E01");
 2313:                 break;
 2314:             }
 2315:             hextomem(mem_buf, p + 5, len);
 2316:             len = len / 2;
 2317:             mem_buf[len++] = 0;
 2318:             qemu_chr_be_write(s->mon_chr, mem_buf, len);
 2319:             put_packet(s, "OK");
 2320:             break;
 2321:         }
 2322: #endif /* !CONFIG_USER_ONLY */
 2323:         if (strncmp(p, "Supported", 9) == 0) {
 2324:             snprintf(buf, sizeof(buf), "PacketSize=%x", MAX_PACKET_LENGTH);
 2325: #ifdef GDB_CORE_XML
 2326:             pstrcat(buf, sizeof(buf), ";qXfer:features:read+");
 2327: #endif
 2328:             put_packet(s, buf);
 2329:             break;
 2330:         }
 2331: #ifdef GDB_CORE_XML
 2332:         if (strncmp(p, "Xfer:features:read:", 19) == 0) {
 2333:             const char *xml;
 2334:             target_ulong total_len;
 2335: 
 2336:             gdb_has_xml = 1;
 2337:             p += 19;
 2338:             xml = get_feature_xml(p, &p);
 2339:             if (!xml) {
 2340:                 snprintf(buf, sizeof(buf), "E00");
 2341:                 put_packet(s, buf);
 2342:                 break;
 2343:             }
 2344: 
 2345:             if (*p == ':')
 2346:                 p++;
 2347:             addr = strtoul(p, (char **)&p, 16);
 2348:             if (*p == ',')
 2349:                 p++;
 2350:             len = strtoul(p, (char **)&p, 16);
 2351: 
 2352:             total_len = strlen(xml);
 2353:             if (addr > total_len) {
 2354:                 snprintf(buf, sizeof(buf), "E00");
 2355:                 put_packet(s, buf);
 2356:                 break;
 2357:             }
 2358:             if (len > (MAX_PACKET_LENGTH - 5) / 2)
 2359:                 len = (MAX_PACKET_LENGTH - 5) / 2;
 2360:             if (len < total_len - addr) {
 2361:                 buf[0] = 'm';
 2362:                 len = memtox(buf + 1, xml + addr, len);
 2363:             } else {
 2364:                 buf[0] = 'l';
 2365:                 len = memtox(buf + 1, xml + addr, total_len - addr);
 2366:             }
 2367:             put_packet_binary(s, buf, len + 1);
 2368:             break;
 2369:         }
 2370: #endif
 2371:         /* Unrecognised 'q' command.  */
 2372:         goto unknown_command;
 2373: 
 2374:     default:
 2375:     unknown_command:
 2376:         /* put empty packet */
 2377:         buf[0] = '\0';
 2378:         put_packet(s, buf);
 2379:         break;
 2380:     }
 2381:     return RS_IDLE;
 2382: }
 2383: 
 2384: void gdb_set_stop_cpu(CPUState *env)
 2385: {
 2386:     gdbserver_state->c_cpu = env;
 2387:     gdbserver_state->g_cpu = env;
 2388: }
 2389: 
 2390: #ifndef CONFIG_USER_ONLY
 2391: static void gdb_vm_state_change(void *opaque, int running, RunState state)
 2392: {
 2393:     GDBState *s = gdbserver_state;
 2394:     CPUState *env = s->c_cpu;
 2395:     char buf[256];
 2396:     const char *type;
 2397:     int ret;
 2398: 
 2399:     if (running || s->state == RS_INACTIVE || s->state == RS_SYSCALL) {
 2400:         return;
 2401:     }
 2402:     switch (state) {
 2403:     case RUN_STATE_DEBUG:
 2404:         if (env->watchpoint_hit) {
 2405:             switch (env->watchpoint_hit->flags & BP_MEM_ACCESS) {
 2406:             case BP_MEM_READ:
 2407:                 type = "r";
 2408:                 break;
 2409:             case BP_MEM_ACCESS:
 2410:                 type = "a";
 2411:                 break;
 2412:             default:
 2413:                 type = "";
 2414:                 break;
 2415:             }
 2416:             snprintf(buf, sizeof(buf),
 2417:                      "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
 2418:                      GDB_SIGNAL_TRAP, gdb_id(env), type,
 2419:                      env->watchpoint_hit->vaddr);
 2420:             env->watchpoint_hit = NULL;
 2421:             goto send_packet;
 2422:         }
 2423:         tb_flush(env);
 2424:         ret = GDB_SIGNAL_TRAP;
 2425:         break;
 2426:     case RUN_STATE_PAUSED:
 2427:         ret = GDB_SIGNAL_INT;
 2428:         break;
 2429:     case RUN_STATE_SHUTDOWN:
 2430:         ret = GDB_SIGNAL_QUIT;
 2431:         break;
 2432:     case RUN_STATE_IO_ERROR:
 2433:         ret = GDB_SIGNAL_IO;
 2434:         break;
 2435:     case RUN_STATE_WATCHDOG:
 2436:         ret = GDB_SIGNAL_ALRM;
 2437:         break;
 2438:     case RUN_STATE_INTERNAL_ERROR:
 2439:         ret = GDB_SIGNAL_ABRT;
 2440:         break;
 2441:     case RUN_STATE_SAVE_VM:
 2442:     case RUN_STATE_RESTORE_VM:
 2443:         return;
 2444:     case RUN_STATE_FINISH_MIGRATE:
 2445:         ret = GDB_SIGNAL_XCPU;
 2446:         break;
 2447:     default:
 2448:         ret = GDB_SIGNAL_UNKNOWN;
 2449:         break;
 2450:     }
 2451:     snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, gdb_id(env));
 2452: 
 2453: send_packet:
 2454:     put_packet(s, buf);
 2455: 
 2456:     /* disable single step if it was enabled */
 2457:     cpu_single_step(env, 0);
 2458: }
 2459: #endif
 2460: 
 2461: /* Send a gdb syscall request.
 2462:    This accepts limited printf-style format specifiers, specifically:
 2463:     %x  - target_ulong argument printed in hex.
 2464:     %lx - 64-bit argument printed in hex.
 2465:     %s  - string pointer (target_ulong) and length (int) pair.  */
 2466: void gdb_do_syscall(gdb_syscall_complete_cb cb, const char *fmt, ...)
 2467: {
 2468:     va_list va;
 2469:     char buf[256];
 2470:     char *p;
 2471:     target_ulong addr;
 2472:     uint64_t i64;
 2473:     GDBState *s;
 2474: 
 2475:     s = gdbserver_state;
 2476:     if (!s)
 2477:         return;
 2478:     gdb_current_syscall_cb = cb;
 2479:     s->state = RS_SYSCALL;
 2480: #ifndef CONFIG_USER_ONLY
 2481:     vm_stop(RUN_STATE_DEBUG);
 2482: #endif
 2483:     s->state = RS_IDLE;
 2484:     va_start(va, fmt);
 2485:     p = buf;
 2486:     *(p++) = 'F';
 2487:     while (*fmt) {
 2488:         if (*fmt == '%') {
 2489:             fmt++;
 2490:             switch (*fmt++) {
 2491:             case 'x':
 2492:                 addr = va_arg(va, target_ulong);
 2493:                 p += snprintf(p, &buf[sizeof(buf)] - p, TARGET_FMT_lx, addr);
 2494:                 break;
 2495:             case 'l':
 2496:                 if (*(fmt++) != 'x')
 2497:                     goto bad_format;
 2498:                 i64 = va_arg(va, uint64_t);
 2499:                 p += snprintf(p, &buf[sizeof(buf)] - p, "%" PRIx64, i64);
 2500:                 break;
 2501:             case 's':
 2502:                 addr = va_arg(va, target_ulong);
 2503:                 p += snprintf(p, &buf[sizeof(buf)] - p, TARGET_FMT_lx "/%x",
 2504:                               addr, va_arg(va, int));
 2505:                 break;
 2506:             default:
 2507:             bad_format:
 2508:                 fprintf(stderr, "gdbstub: Bad syscall format string '%s'\n",
 2509:                         fmt - 1);
 2510:                 break;
 2511:             }
 2512:         } else {
 2513:             *(p++) = *(fmt++);
 2514:         }
 2515:     }
 2516:     *p = 0;
 2517:     va_end(va);
 2518:     put_packet(s, buf);
 2519: #ifdef CONFIG_USER_ONLY
 2520:     gdb_handlesig(s->c_cpu, 0);
 2521: #else
 2522:     cpu_exit(s->c_cpu);
 2523: #endif
 2524: }
 2525: 
 2526: static void gdb_read_byte(GDBState *s, int ch)
 2527: {
 2528:     int i, csum;
 2529:     uint8_t reply;
 2530: 
 2531: #ifndef CONFIG_USER_ONLY
 2532:     if (s->last_packet_len) {
 2533:         /* Waiting for a response to the last packet.  If we see the start
 2534:            of a new command then abandon the previous response.  */
 2535:         if (ch == '-') {
 2536: #ifdef DEBUG_GDB
 2537:             printf("Got NACK, retransmitting\n");
 2538: #endif
 2539:             put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
 2540:         }
 2541: #ifdef DEBUG_GDB
 2542:         else if (ch == '+')
 2543:             printf("Got ACK\n");
 2544:         else
 2545:             printf("Got '%c' when expecting ACK/NACK\n", ch);
 2546: #endif
 2547:         if (ch == '+' || ch == '$')
 2548:             s->last_packet_len = 0;
 2549:         if (ch != '$')
 2550:             return;
 2551:     }
 2552:     if (runstate_is_running()) {
 2553:         /* when the CPU is running, we cannot do anything except stop
 2554:            it when receiving a char */
 2555:         vm_stop(RUN_STATE_PAUSED);
 2556:     } else
 2557: #endif
 2558:     {
 2559:         switch(s->state) {
 2560:         case RS_IDLE:
 2561:             if (ch == '$') {
 2562:                 s->line_buf_index = 0;
 2563:                 s->state = RS_GETLINE;
 2564:             }
 2565:             break;
 2566:         case RS_GETLINE:
 2567:             if (ch == '#') {
 2568:             s->state = RS_CHKSUM1;
 2569:             } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
 2570:                 s->state = RS_IDLE;
 2571:             } else {
 2572:             s->line_buf[s->line_buf_index++] = ch;
 2573:             }
 2574:             break;
 2575:         case RS_CHKSUM1:
 2576:             s->line_buf[s->line_buf_index] = '\0';
 2577:             s->line_csum = fromhex(ch) << 4;
 2578:             s->state = RS_CHKSUM2;
 2579:             break;
 2580:         case RS_CHKSUM2:
 2581:             s->line_csum |= fromhex(ch);
 2582:             csum = 0;
 2583:             for(i = 0; i < s->line_buf_index; i++) {
 2584:                 csum += s->line_buf[i];
 2585:             }
 2586:             if (s->line_csum != (csum & 0xff)) {
 2587:                 reply = '-';
 2588:                 put_buffer(s, &reply, 1);
 2589:                 s->state = RS_IDLE;
 2590:             } else {
 2591:                 reply = '+';
 2592:                 put_buffer(s, &reply, 1);
 2593:                 s->state = gdb_handle_packet(s, s->line_buf);
 2594:             }
 2595:             break;
 2596:         default:
 2597:             abort();
 2598:         }
 2599:     }
 2600: }
 2601: 
 2602: /* Tell the remote gdb that the process has exited.  */
 2603: void gdb_exit(CPUState *env, int code)
 2604: {
 2605:   GDBState *s;
 2606:   char buf[4];
 2607: 
 2608:   s = gdbserver_state;
 2609:   if (!s) {
 2610:       return;
 2611:   }
 2612: #ifdef CONFIG_USER_ONLY
 2613:   if (gdbserver_fd < 0 || s->fd < 0) {
 2614:       return;
 2615:   }
 2616: #endif
 2617: 
 2618:   snprintf(buf, sizeof(buf), "W%02x", (uint8_t)code);
 2619:   put_packet(s, buf);
 2620: 
 2621: #ifndef CONFIG_USER_ONLY
 2622:   if (s->chr) {
 2623:       qemu_chr_delete(s->chr);
 2624:   }
 2625: #endif
 2626: }
 2627: 
 2628: #ifdef CONFIG_USER_ONLY
 2629: int
 2630: gdb_queuesig (void)
 2631: {
 2632:     GDBState *s;
 2633: 
 2634:     s = gdbserver_state;
 2635: 
 2636:     if (gdbserver_fd < 0 || s->fd < 0)
 2637:         return 0;
 2638:     else
 2639:         return 1;
 2640: }
 2641: 
 2642: int
 2643: gdb_handlesig (CPUState *env, int sig)
 2644: {
 2645:   GDBState *s;
 2646:   char buf[256];
 2647:   int n;
 2648: 
 2649:   s = gdbserver_state;
 2650:   if (gdbserver_fd < 0 || s->fd < 0)
 2651:     return sig;
 2652: 
 2653:   /* disable single step if it was enabled */
 2654:   cpu_single_step(env, 0);
 2655:   tb_flush(env);
 2656: 
 2657:   if (sig != 0)
 2658:     {
 2659:       snprintf(buf, sizeof(buf), "S%02x", target_signal_to_gdb (sig));
 2660:       put_packet(s, buf);
 2661:     }
 2662:   /* put_packet() might have detected that the peer terminated the 
 2663:      connection.  */
 2664:   if (s->fd < 0)
 2665:       return sig;
 2666: 
 2667:   sig = 0;
 2668:   s->state = RS_IDLE;
 2669:   s->running_state = 0;
 2670:   while (s->running_state == 0) {
 2671:       n = read (s->fd, buf, 256);
 2672:       if (n > 0)
 2673:         {
 2674:           int i;
 2675: 
 2676:           for (i = 0; i < n; i++)
 2677:             gdb_read_byte (s, buf[i]);
 2678:         }
 2679:       else if (n == 0 || errno != EAGAIN)
 2680:         {
 2681:           /* XXX: Connection closed.  Should probably wait for annother
 2682:              connection before continuing.  */
 2683:           return sig;
 2684:         }
 2685:   }
 2686:   sig = s->signal;
 2687:   s->signal = 0;
 2688:   return sig;
 2689: }
 2690: 
 2691: /* Tell the remote gdb that the process has exited due to SIG.  */
 2692: void gdb_signalled(CPUState *env, int sig)
 2693: {
 2694:   GDBState *s;
 2695:   char buf[4];
 2696: 
 2697:   s = gdbserver_state;
 2698:   if (gdbserver_fd < 0 || s->fd < 0)
 2699:     return;
 2700: 
 2701:   snprintf(buf, sizeof(buf), "X%02x", target_signal_to_gdb (sig));
 2702:   put_packet(s, buf);
 2703: }
 2704: 
 2705: static void gdb_accept(void)
 2706: {
 2707:     GDBState *s;
 2708:     struct sockaddr_in sockaddr;
 2709:     socklen_t len;
 2710:     int val, fd;
 2711: 
 2712:     for(;;) {
 2713:         len = sizeof(sockaddr);
 2714:         fd = accept(gdbserver_fd, (struct sockaddr *)&sockaddr, &len);
 2715:         if (fd < 0 && errno != EINTR) {
 2716:             perror("accept");
 2717:             return;
 2718:         } else if (fd >= 0) {
 2719: #ifndef _WIN32
 2720:             fcntl(fd, F_SETFD, FD_CLOEXEC);
 2721: #endif
 2722:             break;
 2723:         }
 2724:     }
 2725: 
 2726:     /* set short latency */
 2727:     val = 1;
 2728:     setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, (char *)&val, sizeof(val));
 2729: 
 2730:     s = g_malloc0(sizeof(GDBState));
 2731:     s->c_cpu = first_cpu;
 2732:     s->g_cpu = first_cpu;
 2733:     s->fd = fd;
 2734:     gdb_has_xml = 0;
 2735: 
 2736:     gdbserver_state = s;
 2737: 
 2738:     fcntl(fd, F_SETFL, O_NONBLOCK);
 2739: }
 2740: 
 2741: static int gdbserver_open(int port)
 2742: {
 2743:     struct sockaddr_in sockaddr;
 2744:     int fd, val, ret;
 2745: 
 2746:     fd = socket(PF_INET, SOCK_STREAM, 0);
 2747:     if (fd < 0) {
 2748:         perror("socket");
 2749:         return -1;
 2750:     }
 2751: #ifndef _WIN32
 2752:     fcntl(fd, F_SETFD, FD_CLOEXEC);
 2753: #endif
 2754: 
 2755:     /* allow fast reuse */
 2756:     val = 1;
 2757:     setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)&val, sizeof(val));
 2758: 
 2759:     sockaddr.sin_family = AF_INET;
 2760:     sockaddr.sin_port = htons(port);
 2761:     sockaddr.sin_addr.s_addr = 0;
 2762:     ret = bind(fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr));
 2763:     if (ret < 0) {
 2764:         perror("bind");
 2765:         return -1;
 2766:     }
 2767:     ret = listen(fd, 0);
 2768:     if (ret < 0) {
 2769:         perror("listen");
 2770:         return -1;
 2771:     }
 2772:     return fd;
 2773: }
 2774: 
 2775: int gdbserver_start(int port)
 2776: {
 2777:     gdbserver_fd = gdbserver_open(port);
 2778:     if (gdbserver_fd < 0)
 2779:         return -1;
 2780:     /* accept connections */
 2781:     gdb_accept();
 2782:     return 0;
 2783: }
 2784: 
 2785: /* Disable gdb stub for child processes.  */
 2786: void gdbserver_fork(CPUState *env)
 2787: {
 2788:     GDBState *s = gdbserver_state;
 2789:     if (gdbserver_fd < 0 || s->fd < 0)
 2790:       return;
 2791:     close(s->fd);
 2792:     s->fd = -1;
 2793:     cpu_breakpoint_remove_all(env, BP_GDB);
 2794:     cpu_watchpoint_remove_all(env, BP_GDB);
 2795: }
 2796: #else
 2797: static int gdb_chr_can_receive(void *opaque)
 2798: {
 2799:   /* We can handle an arbitrarily large amount of data.
 2800:    Pick the maximum packet size, which is as good as anything.  */
 2801:   return MAX_PACKET_LENGTH;
 2802: }
 2803: 
 2804: static void gdb_chr_receive(void *opaque, const uint8_t *buf, int size)
 2805: {
 2806:     int i;
 2807: 
 2808:     for (i = 0; i < size; i++) {
 2809:         gdb_read_byte(gdbserver_state, buf[i]);
 2810:     }
 2811: }
 2812: 
 2813: static void gdb_chr_event(void *opaque, int event)
 2814: {
 2815:     switch (event) {
 2816:     case CHR_EVENT_OPENED:
 2817:         vm_stop(RUN_STATE_PAUSED);
 2818:         gdb_has_xml = 0;
 2819:         break;
 2820:     default:
 2821:         break;
 2822:     }
 2823: }
 2824: 
 2825: static void gdb_monitor_output(GDBState *s, const char *msg, int len)
 2826: {
 2827:     char buf[MAX_PACKET_LENGTH];
 2828: 
 2829:     buf[0] = 'O';
 2830:     if (len > (MAX_PACKET_LENGTH/2) - 1)
 2831:         len = (MAX_PACKET_LENGTH/2) - 1;
 2832:     memtohex(buf + 1, (uint8_t *)msg, len);
 2833:     put_packet(s, buf);
 2834: }
 2835: 
 2836: static int gdb_monitor_write(CharDriverState *chr, const uint8_t *buf, int len)
 2837: {
 2838:     const char *p = (const char *)buf;
 2839:     int max_sz;
 2840: 
 2841:     max_sz = (sizeof(gdbserver_state->last_packet) - 2) / 2;
 2842:     for (;;) {
 2843:         if (len <= max_sz) {
 2844:             gdb_monitor_output(gdbserver_state, p, len);
 2845:             break;
 2846:         }
 2847:         gdb_monitor_output(gdbserver_state, p, max_sz);
 2848:         p += max_sz;
 2849:         len -= max_sz;
 2850:     }
 2851:     return len;
 2852: }
 2853: 
 2854: #ifndef _WIN32
 2855: static void gdb_sigterm_handler(int signal)
 2856: {
 2857:     if (runstate_is_running()) {
 2858:         vm_stop(RUN_STATE_PAUSED);
 2859:     }
 2860: }
 2861: #endif
 2862: 
 2863: int gdbserver_start(const char *device)
 2864: {
 2865:     GDBState *s;
 2866:     char gdbstub_device_name[128];
 2867:     CharDriverState *chr = NULL;
 2868:     CharDriverState *mon_chr;
 2869: 
 2870:     if (!device)
 2871:         return -1;
 2872:     if (strcmp(device, "none") != 0) {
 2873:         if (strstart(device, "tcp:", NULL)) {
 2874:             /* enforce required TCP attributes */
 2875:             snprintf(gdbstub_device_name, sizeof(gdbstub_device_name),
 2876:                      "%s,nowait,nodelay,server", device);
 2877:             device = gdbstub_device_name;
 2878:         }
 2879: #ifndef _WIN32
 2880:         else if (strcmp(device, "stdio") == 0) {
 2881:             struct sigaction act;
 2882: 
 2883:             memset(&act, 0, sizeof(act));
 2884:             act.sa_handler = gdb_sigterm_handler;
 2885:             sigaction(SIGINT, &act, NULL);
 2886:         }
 2887: #endif
 2888:         chr = qemu_chr_new("gdb", device, NULL);
 2889:         if (!chr)
 2890:             return -1;
 2891: 
 2892:         qemu_chr_add_handlers(chr, gdb_chr_can_receive, gdb_chr_receive,
 2893:                               gdb_chr_event, NULL);
 2894:     }
 2895: 
 2896:     s = gdbserver_state;
 2897:     if (!s) {
 2898:         s = g_malloc0(sizeof(GDBState));
 2899:         gdbserver_state = s;
 2900: 
 2901:         qemu_add_vm_change_state_handler(gdb_vm_state_change, NULL);
 2902: 
 2903:         /* Initialize a monitor terminal for gdb */
 2904:         mon_chr = g_malloc0(sizeof(*mon_chr));
 2905:         mon_chr->chr_write = gdb_monitor_write;
 2906:         monitor_init(mon_chr, 0);
 2907:     } else {
 2908:         if (s->chr)
 2909:             qemu_chr_delete(s->chr);
 2910:         mon_chr = s->mon_chr;
 2911:         memset(s, 0, sizeof(GDBState));
 2912:     }
 2913:     s->c_cpu = first_cpu;
 2914:     s->g_cpu = first_cpu;
 2915:     s->chr = chr;
 2916:     s->state = chr ? RS_IDLE : RS_INACTIVE;
 2917:     s->mon_chr = mon_chr;
 2918: 
 2919:     return 0;
 2920: }
 2921: #endif

unix.superglobalmegacorp.com